分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2021-04-22 00:19:30 | 2021-04-22 00:21:35 | 125 秒 |
魔盾分数
3.6
可疑的
文件详细信息
| 文件名 | SDLPAL.exe |
|---|---|
| 文件大小 | 2695168 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | feed82c50bd530dc20b3616b4c53e27f |
| SHA1 | c342b7b9a420d23b8c0acd08069ce5349909eee8 |
| SHA256 | 4b9f0f7a0d02b38b24fcb3dea37cd5ea502eff91b4eacc89d272c8627e66671b |
| SHA512 | e3e6ef5d04fe2728abf517866b7a372bbe68c294df875efea1f3de3efdb7ddf2f494d2fffb6aff1fdc35041b0c6b889d8bef5c1a02edbb1a92a810ebddc5e110 |
| CRC32 | 90169727 |
| Ssdeep | 49152:iE46YYKwne5DVlv8CfJwx2hni0UkpNo8eq5LfpbNSVrNow:P4tYfne5DvvlfJwx2RiYpNo8eq5Lfpb8 |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net A 104.116.243.153 CNAME a1983.dscd.akamai.net A 104.116.243.72 |
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x005a5c61 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0029f143 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2014-08-17 09:36:14 |
| 载入哈希 | d1c09ab3829c8ccaa9e6f55c716e7ba5 |
| 图标 |  |
| 图标精确哈希值 | fce954e5cfffc89323cc41ec9dbace58 |
| 图标相似性哈希值 | cf9008ba697d9968e23be33cae1a2032 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x001cd8f2 | 0x001ce000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.33 |
| .rdata | 0x001cf000 | 0x000a2de6 | 0x000a3000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.25 |
| .data | 0x00272000 | 0x0005630a | 0x00016000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.55 |
| .rsrc | 0x002c9000 | 0x000093a4 | 0x0000a000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.45 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x002ca160 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x002ca160 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x002ca160 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| WAVE | 0x002ca2b4 | 0x00001448 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.35 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_CURSOR | 0x002cc01c | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.43 | AmigaOS bitmap font |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x002cec7c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x002cf1d0 | 0x00000a68 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.05 | dBase IV DBT of \200.DBF, blocks size 0, block length 2560, next free block index 40, next free block 64767, next used block 3204448256 |
| RT_ICON | 0x002cf1d0 | 0x00000a68 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.05 | dBase IV DBT of \200.DBF, blocks size 0, block length 2560, next free block index 40, next free block 64767, next used block 3204448256 |
| RT_ICON | 0x002cf1d0 | 0x00000a68 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.05 | dBase IV DBT of \200.DBF, blocks size 0, block length 2560, next free block index 40, next free block 64767, next used block 3204448256 |
| RT_MENU | 0x002cfc44 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x002cfc44 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x002d157c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x002d2034 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x002d20e4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x002d20e4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x002d20e4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x002d20e4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x002d20e4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x002d20e4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x002d20e4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x002d20e4 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x002d2130 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x002d2130 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x002d2130 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x002d2144 | 0x00000260 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.02 | data |
导入
库: MSVFW32.dll:
• 0x5cf3fc DrawDibDraw
库: KERNEL32.dll:
• 0x5cf1e0 HeapDestroy
• 0x5cf1e4 HeapCreate
• 0x5cf1e8 VirtualFree
• 0x5cf1ec SetEnvironmentVariableA
• 0x5cf1f0 LCMapStringA
• 0x5cf1f4 LCMapStringW
• 0x5cf1f8 VirtualAlloc
• 0x5cf1fc IsBadWritePtr
• 0x5cf200 GetEnvironmentVariableA
• 0x5cf204 GetStringTypeA
• 0x5cf208 GetStringTypeW
• 0x5cf20c SetUnhandledExceptionFilter
• 0x5cf210 CompareStringA
• 0x5cf214 CompareStringW
• 0x5cf218 IsBadReadPtr
• 0x5cf21c IsBadCodePtr
• 0x5cf220 GetStdHandle
• 0x5cf224 SetHandleCount
• 0x5cf228 GetEnvironmentStringsW
• 0x5cf22c GetEnvironmentStrings
• 0x5cf230 FreeEnvironmentStringsW
• 0x5cf234 FreeEnvironmentStringsA
• 0x5cf238 UnhandledExceptionFilter
• 0x5cf23c CloseHandle
• 0x5cf240 GetFileType
• 0x5cf244 SetStdHandle
• 0x5cf248 GetACP
• 0x5cf24c HeapSize
• 0x5cf250 TerminateProcess
• 0x5cf254 GetLocalTime
• 0x5cf258 GetSystemTime
• 0x5cf25c GetTimeZoneInformation
• 0x5cf260 RaiseException
• 0x5cf264 RtlUnwind
• 0x5cf268 GetStartupInfoA
• 0x5cf26c GetOEMCP
• 0x5cf270 GetCPInfo
• 0x5cf274 GetProcessVersion
• 0x5cf278 SetErrorMode
• 0x5cf27c GetProfileIntA
• 0x5cf280 GlobalFlags
• 0x5cf284 GetCurrentThread
• 0x5cf288 GetFileTime
• 0x5cf28c GetFileSize
• 0x5cf290 TlsGetValue
• 0x5cf294 LocalReAlloc
• 0x5cf298 TlsSetValue
• 0x5cf29c TlsFree
• 0x5cf2a0 GlobalHandle
• 0x5cf2a4 TlsAlloc
• 0x5cf2a8 LocalAlloc
• 0x5cf2ac lstrcmpA
• 0x5cf2b0 GetVersion
• 0x5cf2b4 GlobalGetAtomNameA
• 0x5cf2b8 GlobalAddAtomA
• 0x5cf2bc GlobalFindAtomA
• 0x5cf2c0 GlobalDeleteAtom
• 0x5cf2c4 lstrcmpiA
• 0x5cf2c8 SetEndOfFile
• 0x5cf2cc UnlockFile
• 0x5cf2d0 LockFile
• 0x5cf2d4 FlushFileBuffers
• 0x5cf2d8 SetFilePointer
• 0x5cf2dc WaitForSingleObject
• 0x5cf2e0 GetCurrentProcess
• 0x5cf2e4 DuplicateHandle
• 0x5cf2e8 lstrcpynA
• 0x5cf2ec SetLastError
• 0x5cf2f0 FileTimeToLocalFileTime
• 0x5cf2f4 FileTimeToSystemTime
• 0x5cf2f8 FormatMessageA
• 0x5cf2fc LocalFree
• 0x5cf300 MultiByteToWideChar
• 0x5cf304 WideCharToMultiByte
• 0x5cf308 InterlockedDecrement
• 0x5cf30c InterlockedIncrement
• 0x5cf310 CreateSemaphoreA
• 0x5cf314 ResumeThread
• 0x5cf318 ReleaseSemaphore
• 0x5cf31c EnterCriticalSection
• 0x5cf320 LeaveCriticalSection
• 0x5cf324 GetProfileStringA
• 0x5cf328 WriteFile
• 0x5cf32c ReadFile
• 0x5cf330 GetLastError
• 0x5cf334 WaitForMultipleObjects
• 0x5cf338 CreateFileA
• 0x5cf33c SetEvent
• 0x5cf340 FindResourceA
• 0x5cf344 LoadResource
• 0x5cf348 LockResource
• 0x5cf34c GetModuleFileNameA
• 0x5cf350 GetCurrentThreadId
• 0x5cf354 ExitProcess
• 0x5cf358 GlobalSize
• 0x5cf35c GlobalFree
• 0x5cf360 DeleteCriticalSection
• 0x5cf364 InitializeCriticalSection
• 0x5cf368 lstrcatA
• 0x5cf36c WinExec
• 0x5cf370 lstrcpyA
• 0x5cf374 FindNextFileA
• 0x5cf378 GlobalReAlloc
• 0x5cf37c HeapFree
• 0x5cf380 HeapReAlloc
• 0x5cf384 GetProcessHeap
• 0x5cf388 HeapAlloc
• 0x5cf38c GetFullPathNameA
• 0x5cf390 FreeLibrary
• 0x5cf394 LoadLibraryA
• 0x5cf398 lstrlenA
• 0x5cf39c lstrlenW
• 0x5cf3a0 GetVersionExA
• 0x5cf3a4 WritePrivateProfileStringA
• 0x5cf3a8 CreateThread
• 0x5cf3ac CreateEventA
• 0x5cf3b0 Sleep
• 0x5cf3b4 GlobalAlloc
• 0x5cf3b8 GlobalLock
• 0x5cf3bc GlobalUnlock
• 0x5cf3c0 FindFirstFileA
• 0x5cf3c4 FindClose
• 0x5cf3c8 GetFileAttributesA
• 0x5cf3cc CopyFileA
• 0x5cf3d0 GetCurrentDirectoryA
• 0x5cf3d4 SetCurrentDirectoryA
• 0x5cf3d8 GetVolumeInformationA
• 0x5cf3dc GetModuleHandleA
• 0x5cf3e0 GetProcAddress
• 0x5cf3e4 MulDiv
• 0x5cf3e8 GetCommandLineA
• 0x5cf3ec GetTickCount
库: USER32.dll:
• 0x5cf424 LoadStringA
• 0x5cf428 wvsprintfA
• 0x5cf42c GetDesktopWindow
• 0x5cf430 GetClassNameA
• 0x5cf434 GetMenuCheckMarkDimensions
• 0x5cf438 SetMenuItemBitmaps
• 0x5cf43c CheckMenuItem
• 0x5cf440 IsDialogMessageA
• 0x5cf444 ScrollWindowEx
• 0x5cf448 SendDlgItemMessageA
• 0x5cf44c MapWindowPoints
• 0x5cf450 AdjustWindowRectEx
• 0x5cf454 ScrollWindow
• 0x5cf458 GetScrollInfo
• 0x5cf45c SetScrollInfo
• 0x5cf460 ShowScrollBar
• 0x5cf464 GetScrollPos
• 0x5cf468 RegisterClassA
• 0x5cf46c CreateWindowExA
• 0x5cf470 GetClassLongA
• 0x5cf474 RemovePropA
• 0x5cf478 GetMessageTime
• 0x5cf47c GetLastActivePopup
• 0x5cf480 GetForegroundWindow
• 0x5cf484 RegisterWindowMessageA
• 0x5cf488 GetWindowPlacement
• 0x5cf48c EndDialog
• 0x5cf490 CreateDialogIndirectParamA
• 0x5cf494 DestroyWindow
• 0x5cf498 GetDlgItem
• 0x5cf49c EndPaint
• 0x5cf4a0 BeginPaint
• 0x5cf4a4 CharUpperA
• 0x5cf4a8 GetWindowTextLengthA
• 0x5cf4ac GetNextDlgTabItem
• 0x5cf4b0 GetDoubleClickTime
• 0x5cf4b4 ClipCursor
• 0x5cf4b8 GetWindowTextA
• 0x5cf4bc SetWindowTextA
• 0x5cf4c0 GetMenuItemCount
• 0x5cf4c4 GetMenuItemID
• 0x5cf4c8 GetMenuStringA
• 0x5cf4cc GetMenuState
• 0x5cf4d0 GetTabbedTextExtentA
• 0x5cf4d4 DrawStateA
• 0x5cf4d8 GrayStringA
• 0x5cf4dc TabbedTextOutA
• 0x5cf4e0 WindowFromDC
• 0x5cf4e4 EnumChildWindows
• 0x5cf4e8 GetWindowDC
• 0x5cf4ec UnhookWindowsHookEx
• 0x5cf4f0 CallNextHookEx
• 0x5cf4f4 SetWindowsHookExA
• 0x5cf4f8 FrameRect
• 0x5cf4fc GetPropA
• 0x5cf500 MoveWindow
• 0x5cf504 CallWindowProcA
• 0x5cf508 SetPropA
• 0x5cf50c DrawTextA
• 0x5cf510 GetCursor
• 0x5cf514 SystemParametersInfoA
• 0x5cf518 TranslateMessage
• 0x5cf51c LoadIconA
• 0x5cf520 GetSysColorBrush
• 0x5cf524 DrawFocusRect
• 0x5cf528 WindowFromPoint
• 0x5cf52c GetMessageA
• 0x5cf530 DispatchMessageA
• 0x5cf534 SetRectEmpty
• 0x5cf538 RegisterClipboardFormatA
• 0x5cf53c CreateIconFromResourceEx
• 0x5cf540 CreateIconFromResource
• 0x5cf544 DrawIconEx
• 0x5cf548 CreatePopupMenu
• 0x5cf54c AppendMenuA
• 0x5cf550 ModifyMenuA
• 0x5cf554 CreateMenu
• 0x5cf558 CreateAcceleratorTableA
• 0x5cf55c GetDlgCtrlID
• 0x5cf560 GetSubMenu
• 0x5cf564 EnableMenuItem
• 0x5cf568 ClientToScreen
• 0x5cf56c EnumDisplaySettingsA
• 0x5cf570 LoadImageA
• 0x5cf574 ShowWindow
• 0x5cf578 IsWindowEnabled
• 0x5cf57c TranslateAcceleratorA
• 0x5cf580 GetKeyState
• 0x5cf584 CopyAcceleratorTableA
• 0x5cf588 PostQuitMessage
• 0x5cf58c IsZoomed
• 0x5cf590 GetSystemMenu
• 0x5cf594 DeleteMenu
• 0x5cf598 GetClassInfoA
• 0x5cf59c DefWindowProcA
• 0x5cf5a0 GetMenu
• 0x5cf5a4 SetMenu
• 0x5cf5a8 PeekMessageA
• 0x5cf5ac IsIconic
• 0x5cf5b0 SetFocus
• 0x5cf5b4 GetActiveWindow
• 0x5cf5b8 GetWindow
• 0x5cf5bc DestroyAcceleratorTable
• 0x5cf5c0 SetWindowRgn
• 0x5cf5c4 GetMessagePos
• 0x5cf5c8 ScreenToClient
• 0x5cf5cc ChildWindowFromPointEx
• 0x5cf5d0 CopyRect
• 0x5cf5d4 LoadBitmapA
• 0x5cf5d8 WinHelpA
• 0x5cf5dc KillTimer
• 0x5cf5e0 SetTimer
• 0x5cf5e4 ReleaseCapture
• 0x5cf5e8 GetCapture
• 0x5cf5ec SetCapture
• 0x5cf5f0 GetScrollRange
• 0x5cf5f4 SetScrollRange
• 0x5cf5f8 SetScrollPos
• 0x5cf5fc InflateRect
• 0x5cf600 SetRect
• 0x5cf604 IntersectRect
• 0x5cf608 DestroyIcon
• 0x5cf60c PtInRect
• 0x5cf610 OffsetRect
• 0x5cf614 IsWindowVisible
• 0x5cf618 EnableWindow
• 0x5cf61c RedrawWindow
• 0x5cf620 GetWindowLongA
• 0x5cf624 SetWindowLongA
• 0x5cf628 GetSysColor
• 0x5cf62c SetActiveWindow
• 0x5cf630 SetCursorPos
• 0x5cf634 LoadCursorA
• 0x5cf638 SetCursor
• 0x5cf63c GetDC
• 0x5cf640 FillRect
• 0x5cf644 InvertRect
• 0x5cf648 IsRectEmpty
• 0x5cf64c ReleaseDC
• 0x5cf650 IsChild
• 0x5cf654 TrackPopupMenu
• 0x5cf658 DestroyMenu
• 0x5cf65c SetForegroundWindow
• 0x5cf660 GetWindowRect
• 0x5cf664 DrawEdge
• 0x5cf668 EqualRect
• 0x5cf66c UpdateWindow
• 0x5cf670 ValidateRect
• 0x5cf674 InvalidateRect
• 0x5cf678 GetClientRect
• 0x5cf67c GetFocus
• 0x5cf680 GetParent
• 0x5cf684 GetTopWindow
• 0x5cf688 PostMessageA
• 0x5cf68c IsWindow
• 0x5cf690 SetParent
• 0x5cf694 DestroyCursor
• 0x5cf698 SendMessageA
• 0x5cf69c SetWindowPos
• 0x5cf6a0 MessageBeep
• 0x5cf6a4 MessageBoxA
• 0x5cf6a8 GetCursorPos
• 0x5cf6ac GetSystemMetrics
• 0x5cf6b0 IsClipboardFormatAvailable
• 0x5cf6b4 EmptyClipboard
• 0x5cf6b8 SetClipboardData
• 0x5cf6bc OpenClipboard
• 0x5cf6c0 GetClipboardData
• 0x5cf6c4 CloseClipboard
• 0x5cf6c8 wsprintfA
• 0x5cf6cc DrawFrameControl
• 0x5cf6d0 UnregisterClassA
库: GDI32.dll:
• 0x5cf060 Escape
• 0x5cf064 GetTextMetricsA
• 0x5cf068 AbortDoc
• 0x5cf06c CreateFontA
• 0x5cf070 SetBrushOrgEx
• 0x5cf074 SetDIBitsToDevice
• 0x5cf078 SetPolyFillMode
• 0x5cf07c SetROP2
• 0x5cf080 SetMapMode
• 0x5cf084 SetViewportOrgEx
• 0x5cf088 OffsetViewportOrgEx
• 0x5cf08c SetViewportExtEx
• 0x5cf090 ScaleViewportExtEx
• 0x5cf094 OffsetWindowOrgEx
• 0x5cf098 SetWindowExtEx
• 0x5cf09c ScaleWindowExtEx
• 0x5cf0a0 GetClipBox
• 0x5cf0a4 ExcludeClipRect
• 0x5cf0a8 MoveToEx
• 0x5cf0ac ExtTextOutA
• 0x5cf0b0 EndPath
• 0x5cf0b4 GetTextColor
• 0x5cf0b8 CreateDIBitmap
• 0x5cf0bc ExtSelectClipRgn
• 0x5cf0c0 GetViewportExtEx
• 0x5cf0c4 CopyMetaFileA
• 0x5cf0c8 TextOutA
• 0x5cf0cc RectVisible
• 0x5cf0d0 PtVisible
• 0x5cf0d4 CreatePenIndirect
• 0x5cf0d8 RestoreDC
• 0x5cf0dc SaveDC
• 0x5cf0e0 SetWindowOrgEx
• 0x5cf0e4 SetTextColor
• 0x5cf0e8 SetBkMode
• 0x5cf0ec SetBkColor
• 0x5cf0f0 CreateRectRgnIndirect
• 0x5cf0f4 CreateDIBSection
• 0x5cf0f8 SetPixel
• 0x5cf0fc SetStretchBltMode
• 0x5cf100 GetClipRgn
• 0x5cf104 CreatePolygonRgn
• 0x5cf108 SelectClipRgn
• 0x5cf10c LineTo
• 0x5cf110 DeleteObject
• 0x5cf114 GetBkMode
• 0x5cf118 GetBkColor
• 0x5cf11c GetROP2
• 0x5cf120 GetStretchBltMode
• 0x5cf124 GetPolyFillMode
• 0x5cf128 CreateCompatibleBitmap
• 0x5cf12c CreateDCA
• 0x5cf130 CreateBrushIndirect
• 0x5cf134 CreateBitmap
• 0x5cf138 CreatePatternBrush
• 0x5cf13c SelectObject
• 0x5cf140 GetObjectA
• 0x5cf144 CreatePen
• 0x5cf148 PatBlt
• 0x5cf14c GetSystemPaletteEntries
• 0x5cf150 CreatePalette
• 0x5cf154 StretchBlt
• 0x5cf158 PathToRegion
• 0x5cf15c SelectPalette
• 0x5cf160 RealizePalette
• 0x5cf164 GetDIBits
• 0x5cf168 GetWindowExtEx
• 0x5cf16c GetViewportOrgEx
• 0x5cf170 GetWindowOrgEx
• 0x5cf174 CreateEllipticRgn
• 0x5cf178 BeginPath
• 0x5cf17c EndDoc
• 0x5cf180 FillRgn
• 0x5cf184 CreateRectRgn
• 0x5cf188 CombineRgn
• 0x5cf18c CreateSolidBrush
• 0x5cf190 GetStockObject
• 0x5cf194 CreateFontIndirectA
• 0x5cf198 EndPage
• 0x5cf19c GetDeviceCaps
• 0x5cf1a0 GetTextExtentPoint32A
• 0x5cf1a4 RoundRect
• 0x5cf1a8 GetCurrentObject
• 0x5cf1ac DPtoLP
• 0x5cf1b0 LPtoDP
• 0x5cf1b4 Rectangle
• 0x5cf1b8 Ellipse
• 0x5cf1bc SetPixelV
• 0x5cf1c0 CreateCompatibleDC
• 0x5cf1c4 GetPixel
• 0x5cf1c8 BitBlt
• 0x5cf1cc StartPage
• 0x5cf1d0 StartDocA
• 0x5cf1d4 DeleteDC
• 0x5cf1d8 CreateRoundRectRgn
库: WINMM.dll:
• 0x5cf6d8 midiStreamRestart
• 0x5cf6dc midiStreamClose
• 0x5cf6e0 midiOutReset
• 0x5cf6e4 midiStreamStop
• 0x5cf6e8 midiStreamOut
• 0x5cf6ec midiOutPrepareHeader
• 0x5cf6f0 midiStreamProperty
• 0x5cf6f4 midiStreamOpen
• 0x5cf6f8 midiOutUnprepareHeader
• 0x5cf6fc waveOutOpen
• 0x5cf700 waveOutGetNumDevs
• 0x5cf704 waveOutClose
• 0x5cf708 waveOutReset
• 0x5cf70c waveOutPause
• 0x5cf710 waveOutWrite
• 0x5cf714 waveOutPrepareHeader
• 0x5cf718 waveOutUnprepareHeader
• 0x5cf71c PlaySoundA
库: MSIMG32.dll:
• 0x5cf3f4 GradientFill
库: comdlg32.dll:
• 0x5cf75c GetFileTitleA
• 0x5cf760 PrintDlgA
• 0x5cf764 GetSaveFileNameA
• 0x5cf768 GetOpenFileNameA
• 0x5cf76c ChooseColorA
库: ADVAPI32.dll:
• 0x5cf000 RegCreateKeyExA
• 0x5cf004 RegQueryValueA
• 0x5cf008 RegSetValueExA
• 0x5cf00c RegOpenKeyExA
• 0x5cf010 RegQueryValueExA
• 0x5cf014 RegCloseKey
库: ole32.dll:
• 0x5cf774 OleDuplicateData
• 0x5cf778 RevokeDragDrop
• 0x5cf77c CoLockObjectExternal
• 0x5cf780 DoDragDrop
• 0x5cf784 OleGetClipboard
• 0x5cf788 OleIsCurrentClipboard
• 0x5cf78c OleFlushClipboard
• 0x5cf790 OleSetClipboard
• 0x5cf794 CoTaskMemFree
• 0x5cf798 ReleaseStgMedium
• 0x5cf79c OleInitialize
• 0x5cf7a0 CreateStreamOnHGlobal
• 0x5cf7a4 OleUninitialize
• 0x5cf7a8 CLSIDFromString
• 0x5cf7ac CoTaskMemAlloc
库: OLEAUT32.dll:
• 0x5cf404 VarDateFromStr
• 0x5cf408 LoadTypeLib
• 0x5cf40c RegisterTypeLib
• 0x5cf410 UnRegisterTypeLib
库: COMCTL32.dll:
• 0x5cf028 ImageList_Draw
• 0x5cf02c _TrackMouseEvent
• 0x5cf030 ImageList_GetImageCount
• 0x5cf034 ImageList_AddMasked
• 0x5cf038 ImageList_GetIcon
• 0x5cf03c ImageList_SetBkColor
• 0x5cf040 None
• 0x5cf044 ImageList_Destroy
• 0x5cf048 ImageList_Create
• 0x5cf04c ImageList_Read
• 0x5cf050 ImageList_DrawIndirect
• 0x5cf054 ImageList_Duplicate
• 0x5cf058 ImageList_GetImageInfo
库: WS2_32.dll:
• 0x5cf734 inet_ntoa
• 0x5cf738 WSACleanup
• 0x5cf73c closesocket
• 0x5cf740 WSAAsyncSelect
• 0x5cf744 accept
• 0x5cf748 getpeername
• 0x5cf74c recv
• 0x5cf750 ioctlsocket
• 0x5cf754 recvfrom
.text
`.rdata
@.data
.rsrc
3h,Z]
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 104.116.243.72 acroipm.adobe.com | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| acroipm.adobe.com |
CNAME acroipm.adobe.com.edgesuite.net A 104.116.243.153 CNAME a1983.dscd.akamai.net A 104.116.243.72 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 104.116.243.72 acroipm.adobe.com | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 17.694 seconds )
- 10.48 Suricata
- 2.017 Static
- 1.62 BehaviorAnalysis
- 1.607 VirusTotal
- 0.868 NetworkAnalysis
- 0.674 TargetInfo
- 0.4 peid
- 0.011 Strings
- 0.01 AnalysisInfo
- 0.005 config_decoder
- 0.002 Memory
Signatures ( 2.057 seconds )
- 1.283 md_url_bl
- 0.11 process_interest
- 0.106 api_spamming
- 0.099 injection_createremotethread
- 0.078 stealth_timeout
- 0.069 stealth_decoy_document
- 0.069 vawtrak_behavior
- 0.065 injection_runpe
- 0.048 process_needed
- 0.019 antiav_detectreg
- 0.013 antidbg_windows
- 0.01 md_domain_bl
- 0.008 infostealer_ftp
- 0.005 anomaly_persistence_autorun
- 0.005 antiav_detectfile
- 0.005 infostealer_im
- 0.004 antianalysis_detectreg
- 0.004 geodo_banking_trojan
- 0.004 ransomware_files
- 0.003 mimics_filetime
- 0.003 reads_self
- 0.003 infostealer_bitcoin
- 0.003 infostealer_mail
- 0.003 network_http
- 0.003 ransomware_extensions
- 0.002 tinba_behavior
- 0.002 bootkit
- 0.002 stealth_file
- 0.002 antivm_vbox_window
- 0.002 antivm_generic_disk
- 0.002 virus
- 0.002 hancitor_behavior
- 0.002 antivm_vbox_files
- 0.002 disables_browser_warn
- 0.002 network_torgateway
- 0.001 rat_nanocore
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 cerber_behavior
- 0.001 antisandbox_script_timer
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 network_cnc_http
Reporting ( 0.529 seconds )
- 0.528 ReportHTMLSummary
- 0.001 Malheur
| Task ID | 631881 |
|---|---|
| Mongo ID | 6080512f7e769a0f72493c17 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号