分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-04-22 02:36:08 2021-04-22 02:36:45 37 秒

魔盾分数

8.6

危险的

文件详细信息

文件名 v.scr
文件大小 8309694 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4b3d5e99a5c47c94913a63bc1763435d
SHA1 38bd44426a7a50390c8e48bc34ae2e6d2db43a8e
SHA256 43ec543169ad98d9c589fb2549baeadd7572d2d5d4068577e6cb59a66c83ef8a
SHA512 e60b8cfafca83fdebd6ebfe126015b645467ceba66e458d0da5f1572401db95d035fc3b43f0de6c1a0c6fa52a681f7d670c17c4a84212f26fda5a6da99e96961
CRC32 0BA527BB
Ssdeep 196608:+rLtTqpFyI9HfpOL2a+9VLZNOQ0LktNp/HNB:+rLtepl9ILSPL70mNp/
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.211.14.171
A 23.211.14.185

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00403f30
声明校验值 0x0005f2a6
实际校验值 0x007f01a8
最低操作系统版本要求 4.0
编译时间 2007-08-28 15:47:29
载入哈希 48a0a61ec4b260ec6f6002695c989edc
图标
图标精确哈希值 ac26fd424ef8ca89ab26e8834d7c5ee7
图标相似性哈希值 3ab4bf03e78eb73bf1a017b63fe92ac6

版本信息

Translation
LegalCopyright
InternalName
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00050688 0x00051000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.11
.data 0x00052000 0x00002f64 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x00055000 0x000010bc 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.55

覆盖

偏移量 0x00055000
大小 0x00797bbe

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00055414 0x00000ca8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.82 data
RT_GROUP_ICON 0x00055400 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.32 MS Windows icon resource - 1 icon, 32x32
RT_VERSION 0x000550f0 0x00000310 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.67 data

导入

库: MSVBVM60.DLL:
0x401000 __vbaVarSub
0x401004 __vbaStrI2
0x401008 _CIcos
0x40100c _adj_fptan
0x401010 __vbaVarMove
0x401014 __vbaStrI4
0x401018 __vbaFreeVar
0x40101c __vbaLenBstr
0x401020 __vbaStrVarMove
0x401024 None
0x401028 __vbaVarIdiv
0x40102c __vbaFreeVarList
0x401030 __vbaEnd
0x401034 _adj_fdiv_m64
0x401038 __vbaPut4
0x40103c __vbaVarIndexStore
0x401040 __vbaFreeObjList
0x401044 __vbaGetFxStr4
0x401048 None
0x40104c __vbaStrErrVarCopy
0x401050 _adj_fprem1
0x401054 __vbaRecAnsiToUni
0x401058 __vbaResume
0x40105c __vbaStrCat
0x401060 __vbaLsetFixstr
0x401064 __vbaRecDestruct
0x401068 __vbaSetSystemError
0x401070 __vbaLenVar
0x401074 _adj_fdiv_m32
0x401078 __vbaAryDestruct
0x40107c None
0x401080 __vbaBoolStr
0x401084 __vbaForEachCollObj
0x401088 None
0x40108c __vbaExitProc
0x401090 __vbaFileCloseAll
0x401094 None
0x401098 __vbaOnError
0x40109c __vbaObjSet
0x4010a0 None
0x4010a4 None
0x4010a8 _adj_fdiv_m16i
0x4010ac __vbaObjSetAddref
0x4010b0 _adj_fdivr_m16i
0x4010b4 None
0x4010b8 __vbaVarIndexLoad
0x4010bc __vbaBoolVarNull
0x4010c0 _CIsin
0x4010c4 None
0x4010c8 None
0x4010cc __vbaErase
0x4010d4 __vbaVarCmpGt
0x4010d8 __vbaChkstk
0x4010dc None
0x4010e0 __vbaFileClose
0x4010e4 EVENT_SINK_AddRef
0x4010e8 None
0x4010ec None
0x4010f0 __vbaVarAbs
0x4010f4 __vbaExitEachColl
0x4010f8 None
0x4010fc __vbaStrCmp
0x401100 __vbaGet4
0x401104 __vbaAryConstruct2
0x401108 __vbaPutOwner3
0x40110c __vbaVarTstEq
0x401110 __vbaR4Str
0x401114 DllFunctionCall
0x401118 None
0x40111c __vbaVarOr
0x401120 __vbaStrR4
0x401124 _adj_fpatan
0x40112c __vbaLateIdCallLd
0x401130 __vbaR8Cy
0x401134 __vbaRedim
0x401138 __vbaRecUniToAnsi
0x40113c EVENT_SINK_Release
0x401140 __vbaNew
0x401144 _CIsqrt
0x401148 __vbaObjIs
0x40114c __vbaRedimVar
0x401150 __vbaVarAnd
0x401158 __vbaVarMul
0x40115c __vbaExceptHandler
0x401160 __vbaStrToUnicode
0x401164 None
0x401168 _adj_fprem
0x40116c _adj_fdivr_m64
0x401170 __vbaVarDiv
0x401174 None
0x401178 None
0x40117c None
0x401180 __vbaFPException
0x401184 __vbaInStrVar
0x401188 None
0x40118c __vbaGetOwner3
0x401190 __vbaUbound
0x401194 __vbaStrVarVal
0x401198 __vbaR4ForNextCheck
0x40119c __vbaGetOwner4
0x4011a0 __vbaVarCat
0x4011a4 __vbaLsetFixstrFree
0x4011a8 None
0x4011ac None
0x4011b0 None
0x4011b4 _CIlog
0x4011b8 __vbaFileOpen
0x4011bc None
0x4011c0 None
0x4011c4 __vbaNew2
0x4011c8 __vbaInStr
0x4011cc __vbaR8Str
0x4011d0 _adj_fdiv_m32i
0x4011d4 _adj_fdivr_m32i
0x4011d8 __vbaStrCopy
0x4011dc __vbaI4Str
0x4011e0 __vbaFreeStrList
0x4011e4 None
0x4011e8 _adj_fdivr_m32
0x4011ec __vbaPowerR8
0x4011f0 _adj_fdiv_r
0x4011f4 None
0x4011f8 None
0x4011fc None
0x401200 None
0x401204 __vbaVarTstNe
0x401208 __vbaI4Var
0x40120c __vbaVarCmpEq
0x401210 __vbaFpCy
0x401214 __vbaVarAdd
0x401218 __vbaAryLock
0x40121c __vbaVarDup
0x401220 __vbaStrToAnsi
0x401224 __vbaVerifyVarObj
0x401228 __vbaFpI2
0x40122c __vbaVarMod
0x401230 __vbaFpI4
0x401234 None
0x401238 __vbaVarCopy
0x40123c None
0x401244 __vbaR8IntI2
0x401248 _CIatan
0x40124c __vbaCastObj
0x401250 __vbaStrMove
0x401254 None
0x401258 __vbaR8IntI4
0x40125c None
0x401260 __vbaPutFxStr4
0x401264 _allmul
0x401268 __vbaLenVarB
0x40126c _CItan
0x401270 __vbaFPInt
0x401274 __vbaAryUnlock
0x401278 _CIexp
0x40127c __vbaMidStmtBstr
0x401280 None
0x401284 __vbaFreeObj
0x401288 __vbaFreeStr
0x40128c __vbaI4ErrVar
0x401290 None

.text
`.data
.rsrc
MSVBVM60.DLL
VB5!6&vb6chs.dll
ApssmPlayer
FrmPb
FrmPreview
FrmSet
FrmInfo
basDeclare
basFontEffect
basIJL
basPublicSubs
basSubMain
basTransition
basLoadOtherImage
basQueryPower
basGdiPlus
ModIsAdmin
IJL151.dll
ijlInit
ijlFree
ijlRead
Kernel32
RemoveDirectoryA
DeleteFileA
SystemParametersInfoA
user32
SendMessageA
SetWindowPos
GetWindowRect
FindWindowExA
shell32.dll
ShellExecuteA
GetWindowLongA
SetWindowLongA
SetParent
GetShortPathNameA
QueryPerformanceCounter
QueryPerformanceFrequency
LblTime
gdi32
StretchBlt
BitBlt
CreateCompatibleDC
CreateDIBSection
LoadImageA
SelectObject
D:\VB6\VB6.OLB
DeleteObject
GetObjectA
DeleteDC
GetDIBits
msimg32.dll
AlphaBlend
GetPixel
Class
msvfw32.dll
DrawDibDraw
DrawDibOpen
DrawDibClose
DrawDibRealize
SetTextCharacterExtra
DrawTextA
Timer1
CreateFontA
ole32
CreateStreamOnHGlobal
olepro32
OleLoadPicture
CLSIDFromString
GlobalAlloc
GlobalLock
GlobalUnlock
RtlMoveMemory
advapi32.dll
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegCloseKey
SHGetPathFromIDListA
Shell32
SHGetSpecialFolderLocation
GetVersionExA
PMask
LblTip
PicSource
PicTmp
PicDst
LblCaption
ShowCursor
password.cpl
VerifyScreenSavePwd
SetRect
powrprof.dll
IsPwrSuspendAllowed
IsPwrHibernateAllowed
Powrprof
SetSuspendState
kernel32.dll
SetSystemPowerState
CheckFontName
C:\WINDOWS.0\system32\MSVBVM60.DLL\3
VBRUN
GetClientRect
GetTempPathA
GetLongPathNameA
GetSystemDirectoryA
GetModuleFileNameA
PwdChangePasswordA
user32.dll
GetLastInputInfo
GetTickCount
7LblTitle
LblType
LblAuthor
LblCopyright
Frame3
Frame1
TxtTime
Label4
Label5
LblOrderURL
ChkCaption
FraReg
LblSetting
ChkEnableFontEffect
LblTrialPeriod
LblVersion
Label2
ChkIgnoreMouseEvents
LblEmail
ChkIgnoreMouseMove
LblWebsite
ChkMuteSound
ChkEnableTransition
ChkPhotoRandom
HScrollTransitionSpeed
ChkShadow
ChkFitScreen
FraSetting
FraAbout
StyleList
FraPhotoSetting
FontList
FraMusicSetting
TxtHeadlineInterval
Frame4
Label3
Label1
Frame2
TxtRegCode
Label6
OptMusicOrder
RegDeleteKeyA
SHBrowseForFolderA
_A_DeInit@0
ole32.dll
CoTaskMemFree
CmdUnInstall_Click
gdiplus
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
oleaut32.dll
OleCreatePictureIndirect
Gmitad.dll
_A_Init@4
_A_GetFileType@8
_A_Load@12
_A_GIH@4
_A_GI@4
_A_GB@4
_A_Unload@4
GDI32.DLL
CreateDIBitmap
GetActivePwrScheme
ReadPwrScheme
GetSystemPowerStatus
CallNtPowerInformation
StretchDIBits
__vbaRecAnsiToUni
VBA6.DLL
__vbaEnd
__vbaVerifyVarObj
__vbaBoolVarNull
__vbaAryDestruct
__vbaErase
__vbaRedim
__vbaStrToUnicode
__vbaStrToAnsi
__vbaVarDup
__vbaAryUnlock
__vbaAryLock
__vbaLateIdCallLd
__vbaStrVarVal
__vbaVarSub
__vbaVarAbs
__vbaVarCmpGt
__vbaVarOr
__vbaVarCopy
__vbaVarCmpEq
__vbaVarAnd
__vbaR8Str
__vbaVarTstEq
__vbaExitProc
__vbaResume
__vbaVarTstNe
__vbaVarCat
__vbaInStr
__vbaFreeObjList
__vbaStrVarMove
__vbaI4ErrVar
__vbaUbound
__vbaFreeStr
__vbaStrErrVarCopy
3__vbaStrI2
__vbaFreeVarList
__vbaVarAdd
__vbaStrCopy
__vbaI4Var
__vbaVarIndexLoad
__vbaFreeStrList
__vbaStrI4
__vbaStrCat
__vbaStrMove
__vbaCastObj
__vbaR8IntI2
__vbaFreeVar
__vbaNew2
__vbaVarIndexStore
__vbaRedimVar
__vbaVarMove
__vbaI4Str
__vbaStrCmp
__vbaR4Str
__vbaFpI4
__vbaFreeObj
__vbaNew
__vbaObjSetAddref
__vbaObjSet
__vbaLenBstr
__vbaSetSystemError
__vbaHresultCheckObj
__vbaOnError
SetStretchBltMode
neQ>f:y(
>f:y(
*N>f:y(
e>f:y(
QHr,g
__vbaPutOwner3
__vbaGetOwner4
__vbaRecDestruct
__vbaRecDestructAnsi
__vbaRecUniToAnsi
__vbaFileCloseAll
__vbaFileClose
__vbaPutFxStr4
__vbaStrR4
__vbaPut4
__vbaFileOpen
__vbaLsetFixstr
__vbaFpI2
__vbaMidStmtBstr
__vbaLsetFixstrFree
ImgLogo
>f:y/
__vbaR8IntI4
__vbaFPInt
__vbaLenVarB
__vbaGetOwner3
>f:y
GetCurrentProcess
GetCurrentThread
Advapi32
OpenProcessToken
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
IsValidSid
EqualSid
FreeSid
CloseHandle
__vbaFixstrConstruct
__vbaNextEachCollObj
__vbaExitEachColl
__vbaForEachCollObj
__vbaInStrVar
__vbaR8Cy
__vbaAryConstruct2
__vbaGetFxStr4
__vbaBoolStr
__vbaGet4
__vbaLenVar
__vbaFpCy
__vbaPowerR8
__vbaVarIdiv
__vbaVarMod
__vbaVarDiv
__vbaVarMul
__vbaR4ForNextCheck
__vbaObjIs
FrmPreview
Form1
Timer1
PicDst
FrmPb
Form1
Timer1
PicDst
LblTip
PicSource
LblCaption
LblCaption
PicTmp
PMask
FrmSet
RQQRQQRQQRQQWTRRQQCBBKJIRQQZVSRQQRQQRQQRQQRQQ
jlk^YW^YWKJIRQQWTR;:9976976976976976976;:9^YWhifyyzyyzyyzhifjlk
!(%&(%&+();:9fedhifqssyyzqssyyz
Form1
Frame1
FraSetting
Frame3
HScrollTransitionSpeed
ChkEnableTransition
StyleList
Label6
Frame4
ChkIgnoreMouseMove
ChkIgnoreMouseEvents
FraPhotoSetting
ChkCaption
ChkFitScreen
TxtTime
ChkPhotoRandom
Label1
FraMusicSetting
ChkMuteSound
OptMusicOrder
OptMusicOrder
OptMusicOrder
Frame2
ChkShadow
ChkEnableFontEffect
TxtHeadlineInterval
FontList
Label1
FraReg
TxtRegCode
LblTime
Label5
LblCaption
Label4
LblCaption
Label3
LblTrialPeriod
Label2
LblVersion
FraAbout
LblOrderURL
LblSetting
LblType
LblSetting
LblWebsite
LblEmail
Email
LblAuthor
LblTitle
Title
LblSetting
LblSetting
Email
LblSetting
LblCopyright
LblCaption
LblCaption
LblCaption
LblCaption
LblCaption
LblCaption
LblCaption
FrmInfo
RQQRQQRQQRQQWTRRQQCBBKJIRQQZVSRQQRQQRQQRQQRQQ
jlk^YW^YWKJIRQQWTR;:9976976976976976976;:9^YWhifyyzyyzyyzhifjlk
!(%&(%&+();:9fedhifqssyyzqssyyz
Form1
Frame1
LblTitle
ImgLogo
GIF89ap
LblCopyright
LblSetting
LblSetting
Email
LblSetting
LblAuthor
LblEmail
Email
LblWebsite
LblCaption
LblCaption
LblCaption
LblCaption
mstext
Qh$"E
PhT E
QhT E
HScrollTransitionSpeed
ChkEnableTransition
StyleList
Label6
Frame4
ChkIgnoreMouseMove
edocger
muneripxe
~Apssm
~Apssm1
password.cpl
Software\Msspa\
RunAs
mailto:
8x3p7BeabcdfghijklmnoqrstuvwyzACDEFGHIJKLMNOPQRSTUVWXYZ 1246590-.#/\!@$<>&*()[]{}';:,?=+~`^|%_
#32770
{7BF80980-BF32-101A-8BBB-00AA00300CAB}
SOFTWARE\Msspa\
IJL151.dll
EnableLUA
FRMPB
FRMPREVIEW
Assistant_for_Apssm_Player.exe
~ps_khc~.txt
check
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
ThunderRT6Main
Assistant_for_Apssm_Player.exe
rundll32.exe
desk.cpl,InstallScreenSaver
~TMPVIEW
SCRSAVE
Software\Microsoft\Windows\CurrentVersion\UnInstall\
DisplayName
UninstallString
没有防病毒引擎扫描信息!

进程树


v.scr, PID: 2560, 上一级进程 PID: 2188

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.211.14.171 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.211.14.171
A 23.211.14.185

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.211.14.171 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 22.957 seconds )

  • 11.223 Suricata
  • 4.696 TargetInfo
  • 3.166 Static
  • 1.767 VirusTotal
  • 1.471 NetworkAnalysis
  • 0.323 peid
  • 0.273 BehaviorAnalysis
  • 0.015 config_decoder
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory

Signatures ( 1.559 seconds )

  • 1.308 md_url_bl
  • 0.034 antiav_detectreg
  • 0.029 md_domain_bl
  • 0.021 ransomware_extensions
  • 0.015 api_spamming
  • 0.013 infostealer_ftp
  • 0.011 stealth_decoy_document
  • 0.011 stealth_timeout
  • 0.008 infostealer_im
  • 0.007 reads_self
  • 0.007 antianalysis_detectreg
  • 0.006 antiav_detectfile
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_mail
  • 0.004 infostealer_browser
  • 0.004 mimics_filetime
  • 0.004 stealth_file
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_files
  • 0.003 bootkit
  • 0.003 antivm_generic_scsi
  • 0.003 infostealer_browser_password
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antiemu_wine_func
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 antivm_generic_disk
  • 0.002 virus
  • 0.002 kovter_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 antivm_vbox_libs
  • 0.001 rat_nanocore
  • 0.001 antivm_generic_services
  • 0.001 ipc_namedpipe
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antidbg_windows
  • 0.001 anormaly_invoke_kills
  • 0.001 cerber_behavior
  • 0.001 hancitor_behavior
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint

Reporting ( 0.484 seconds )

  • 0.48 ReportHTMLSummary
  • 0.004 Malheur
Task ID 631884
Mongo ID 608070dd7e769a0f7049464c
Cuckoo release 1.4-Maldun