分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-06-18 18:35:12 2021-06-18 18:35:39 27 秒

魔盾分数

2.4

可疑的

文件详细信息

文件名 PDExplorer.exe
文件大小 2041344 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d8e9e189587f669a110c0296994e8661
SHA1 7cd846cd05d79fcaee572b228cb222758c8c8070
SHA256 cfa5303760322a9993a696f3f04584eaf15753bf6e4ee2617ed61dabc8409e8f
SHA512 f6896ccf538ffae51fe772614dffcb0a84022a1388419513693f67744d32fb7e0e54d96c2e23ea9b1db6e3ff86ba7180cd55d045ec57503cb6a8dc777c428d20
CRC32 E89B198A
Ssdeep 49152:kWe8EKZIEHKYuwcvkcfaoAfK4d8uUfovEVrjVS:RVlGwEkcKfKI8o44
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0049c8a4
声明校验值 0x001f663a
实际校验值 0x001f663a
最低操作系统版本要求 5.0
PDB路径 s:\Visual Studio 2008\PDExplorer\PDExplorer\Release\PDExplorer.pdb
编译时间 2009-03-07 21:24:25
载入哈希 39b87924796ddc581d7c38311ed1d50d
图标
图标精确哈希值 e1f3bafdfab8888c5b744aeae536fd9e
图标相似性哈希值 32b16b84ff8f1ffae3d44e8ba53fd283

版本信息

LegalCopyright
InternalName
FileVersion
License
URL
ProductName
FileDescription
Build Date
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0017f6d3 0x0017f800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.33
.rdata 0x00181000 0x000582aa 0x00058400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.17
.data 0x001da000 0x00009284 0x00005000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.73
.rsrc 0x001e4000 0x00015414 0x00015600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.83

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_CURSOR 0x001e6ff4 0x000000b4 LANG_RUSSIAN SUBLANG_RUSSIAN 2.58 data
RT_BITMAP 0x001e8658 0x00000144 LANG_RUSSIAN SUBLANG_RUSSIAN 2.88 data
RT_BITMAP 0x001e8658 0x00000144 LANG_RUSSIAN SUBLANG_RUSSIAN 2.88 data
RT_BITMAP 0x001e8658 0x00000144 LANG_RUSSIAN SUBLANG_RUSSIAN 2.88 data
RT_BITMAP 0x001e8658 0x00000144 LANG_RUSSIAN SUBLANG_RUSSIAN 2.88 data
RT_BITMAP 0x001e8658 0x00000144 LANG_RUSSIAN SUBLANG_RUSSIAN 2.88 data
RT_BITMAP 0x001e8658 0x00000144 LANG_RUSSIAN SUBLANG_RUSSIAN 2.88 data
RT_BITMAP 0x001e8658 0x00000144 LANG_RUSSIAN SUBLANG_RUSSIAN 2.88 data
RT_BITMAP 0x001e8658 0x00000144 LANG_RUSSIAN SUBLANG_RUSSIAN 2.88 data
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_ICON 0x001ede6c 0x00000128 LANG_RUSSIAN SUBLANG_RUSSIAN 2.69 GLS_BINARY_LSB_FIRST
RT_MENU 0x001f0178 0x0000008a LANG_RUSSIAN SUBLANG_RUSSIAN 3.01 data
RT_MENU 0x001f0178 0x0000008a LANG_RUSSIAN SUBLANG_RUSSIAN 3.01 data
RT_MENU 0x001f0178 0x0000008a LANG_RUSSIAN SUBLANG_RUSSIAN 3.01 data
RT_MENU 0x001f0178 0x0000008a LANG_RUSSIAN SUBLANG_RUSSIAN 3.01 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_DIALOG 0x001f1494 0x00000034 LANG_RUSSIAN SUBLANG_RUSSIAN 2.42 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_STRING 0x001f8968 0x00000042 LANG_RUSSIAN SUBLANG_RUSSIAN 1.96 data
RT_ACCELERATOR 0x001f8c1c 0x00000018 LANG_RUSSIAN SUBLANG_RUSSIAN 2.18 data
RT_ACCELERATOR 0x001f8c1c 0x00000018 LANG_RUSSIAN SUBLANG_RUSSIAN 2.18 data
RT_ACCELERATOR 0x001f8c1c 0x00000018 LANG_RUSSIAN SUBLANG_RUSSIAN 2.18 data
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x001f8d80 0x00000014 LANG_RUSSIAN SUBLANG_RUSSIAN 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_ICON 0x001f8e18 0x00000022 LANG_RUSSIAN SUBLANG_RUSSIAN 2.56 MS Windows icon resource - 2 icons, 32x32, 16 colors
RT_GROUP_ICON 0x001f8e18 0x00000022 LANG_RUSSIAN SUBLANG_RUSSIAN 2.56 MS Windows icon resource - 2 icons, 32x32, 16 colors
RT_VERSION 0x001f8e3c 0x000003b4 LANG_RUSSIAN SUBLANG_RUSSIAN 3.54 data
RT_MANIFEST 0x001f91f0 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US 4.80 ASCII text, with CRLF line terminators
None 0x001f93fc 0x00000016 LANG_RUSSIAN SUBLANG_RUSSIAN 3.23 data
None 0x001f93fc 0x00000016 LANG_RUSSIAN SUBLANG_RUSSIAN 3.23 data
None 0x001f93fc 0x00000016 LANG_RUSSIAN SUBLANG_RUSSIAN 3.23 data
None 0x001f93fc 0x00000016 LANG_RUSSIAN SUBLANG_RUSSIAN 3.23 data
None 0x001f93fc 0x00000016 LANG_RUSSIAN SUBLANG_RUSSIAN 3.23 data
None 0x001f93fc 0x00000016 LANG_RUSSIAN SUBLANG_RUSSIAN 3.23 data

导入

库: swedll32.dll:
0x581850 _swe_day_of_week@8
0x581854 _swe_close@0
0x581858 _swe_calc_ut@24
0x58185c _swe_revjul@28
0x581860 _swe_julday@24
0x581864 _swe_houses@36
0x581868 _swe_house_pos@36
0x58186c _swe_cotrans@16
库: tre4.dll:
0x58187c None
0x581880 None
0x581884 None
库: PSAPI.DLL:
库: WININET.dll:
库: sqlite3.dll:
0x581838 sqlite3_get_table
0x58183c sqlite3_free
0x581840 sqlite3_free_table
0x581844 sqlite3_close
0x581848 sqlite3_open
库: KERNEL32.dll:
0x5811b8 TerminateProcess
0x5811c4 IsDebuggerPresent
0x5811c8 GetDriveTypeA
0x5811cc CreateDirectoryA
0x5811d4 HeapFree
0x5811d8 VirtualAlloc
0x5811dc GetSystemInfo
0x5811e0 VirtualQuery
0x5811e4 HeapAlloc
0x5811e8 GetCommandLineA
0x5811ec GetStartupInfoA
0x5811f0 RtlUnwind
0x5811f4 RaiseException
0x5811f8 FindResourceExA
0x5811fc ExitProcess
0x581200 SetStdHandle
0x581204 GetFileType
0x581208 HeapSize
0x58120c GetACP
0x581210 IsValidCodePage
0x581214 LCMapStringA
0x581218 LCMapStringW
0x581220 HeapCreate
0x581224 VirtualFree
0x581228 SetHandleCount
0x58122c GetStdHandle
0x581230 GetConsoleCP
0x581234 GetConsoleMode
0x581238 GetStringTypeA
0x58123c GetStringTypeW
0x581258 GetUserDefaultLCID
0x58125c EnumSystemLocalesA
0x581260 IsValidLocale
0x581264 WriteConsoleA
0x581268 GetConsoleOutputCP
0x58126c WriteConsoleW
0x581270 GetLocaleInfoW
0x581274 CompareStringW
0x58127c SetErrorMode
0x581280 GetFileSizeEx
0x581290 GetOEMCP
0x581294 GetCPInfo
0x581298 GlobalFlags
0x58129c TlsFree
0x5812a4 LocalReAlloc
0x5812a8 TlsSetValue
0x5812ac TlsAlloc
0x5812b4 GlobalHandle
0x5812b8 TlsGetValue
0x5812bc LocalAlloc
0x5812c4 GetModuleHandleW
0x5812cc GetProfileIntA
0x5812d0 VirtualProtect
0x5812d4 CreateFileA
0x5812d8 GetShortPathNameA
0x5812e0 DuplicateHandle
0x5812e4 GetFileSize
0x5812e8 SetEndOfFile
0x5812ec UnlockFile
0x5812f0 LockFile
0x5812f4 FlushFileBuffers
0x5812f8 SetFilePointer
0x5812fc WriteFile
0x581300 ReadFile
0x581304 lstrcmpiA
0x581308 GetThreadLocale
0x58130c GetStringTypeExA
0x581310 MoveFileA
0x581314 GetDiskFreeSpaceA
0x581318 GetFullPathNameA
0x58131c GetTempFileNameA
0x581320 GetFileTime
0x581324 SetFileTime
0x581328 GetFileAttributesA
0x58132c GetTickCount
0x581330 GetCurrentThread
0x58133c FindFirstFileA
0x581348 FindNextFileA
0x58134c FindClose
0x581350 CloseHandle
0x581364 GetModuleFileNameW
0x581368 GetCurrentProcessId
0x58136c GetModuleFileNameA
0x581370 GetCurrentThreadId
0x581374 GlobalGetAtomNameA
0x581378 GlobalAddAtomA
0x58137c GlobalFindAtomA
0x581380 GlobalDeleteAtom
0x581384 CompareStringA
0x581388 lstrcmpW
0x58138c GetModuleHandleA
0x581390 FreeResource
0x581394 SetLastError
0x581398 CopyFileA
0x58139c lstrlenW
0x5813a0 GetVersionExA
0x5813a4 GetProcAddress
0x5813a8 FreeLibrary
0x5813ac LoadLibraryA
0x5813b0 GlobalReAlloc
0x5813b4 GlobalFree
0x5813b8 Sleep
0x5813bc GetNumberFormatA
0x5813c0 GetLocaleInfoA
0x5813c4 GlobalSize
0x5813c8 lstrcmpA
0x5813cc GlobalAlloc
0x5813d0 GetLastError
0x5813d4 InterlockedExchange
0x5813d8 MultiByteToWideChar
0x5813dc lstrlenA
0x5813e8 GlobalUnlock
0x5813ec GlobalLock
0x5813f4 GetCurrentProcess
0x5813f8 LocalFree
0x5813fc FormatMessageA
0x581400 DeleteFileA
0x581404 MulDiv
0x581408 FindResourceA
0x58140c LoadResource
0x581410 LockResource
0x581414 SizeofResource
0x581418 WideCharToMultiByte
0x58141c CreateFileW
0x581420 HeapReAlloc
0x581424 GetProcessHeap
库: USER32.dll:
0x5814b4 SetCursorPos
0x5814b8 DestroyCursor
0x5814bc IsZoomed
0x5814c0 ShowOwnedPopups
0x5814c4 PostQuitMessage
0x5814cc MapDialogRect
0x5814d4 DestroyIcon
0x5814d8 CharUpperA
0x5814dc GetAsyncKeyState
0x5814e0 GetMenuItemInfoA
0x5814e4 LockWindowUpdate
0x5814e8 UnregisterClassA
0x5814ec PostThreadMessageA
0x5814f0 CharNextA
0x5814f8 InvalidateRgn
0x5814fc GetNextDlgGroupItem
0x581500 WindowFromPoint
0x581504 KillTimer
0x581508 SetTimer
0x58150c SetRect
0x581510 SetMenuItemBitmaps
0x581518 ModifyMenuA
0x58151c EnableMenuItem
0x581520 CheckMenuItem
0x581528 LoadIconA
0x58152c SendDlgItemMessageA
0x581530 WinHelpA
0x581534 GetCapture
0x581538 SetWindowsHookExA
0x58153c CallNextHookEx
0x581540 GetClassNameA
0x581544 SetPropA
0x581548 GetPropA
0x58154c RemovePropA
0x581554 GetWindowTextA
0x581558 GetForegroundWindow
0x58155c GetLastActivePopup
0x581560 GetTopWindow
0x581564 UnhookWindowsHookEx
0x581568 GetMessageTime
0x58156c MapWindowPoints
0x581570 TrackPopupMenu
0x581574 SetMenu
0x581578 GetScrollPos
0x58157c SetForegroundWindow
0x581580 PostMessageA
0x581584 CreateWindowExA
0x581588 GetClassInfoExA
0x58158c GetClassInfoA
0x581590 RegisterClassA
0x581594 AdjustWindowRectEx
0x581598 DeferWindowPos
0x58159c SetScrollInfo
0x5815a0 GetDlgCtrlID
0x5815a4 DefWindowProcA
0x5815a8 CallWindowProcA
0x5815ac GetMenu
0x5815b0 SetWindowPos
0x5815b4 IsIconic
0x5815b8 DrawMenuBar
0x5815bc GetWindowDC
0x5815c4 DestroyWindow
0x5815c8 GetDlgItem
0x5815cc IsWindowEnabled
0x5815d0 EndDialog
0x5815d4 GetMenuStringA
0x5815d8 GetSubMenu
0x5815dc SetFocus
0x5815e0 EndPaint
0x5815e4 BeginPaint
0x5815e8 MessageBeep
0x5815ec DrawEdge
0x5815f0 IntersectRect
0x5815f4 SubtractRect
0x5815f8 EqualRect
0x5815fc GetActiveWindow
0x581600 GetDesktopWindow
0x581604 PeekMessageA
0x581608 GetMessageA
0x58160c TranslateMessage
0x581610 DispatchMessageA
0x581614 GetUpdateRect
0x581618 ScrollDC
0x58161c SetCursor
0x581620 SetScrollRange
0x581624 GetMessagePos
0x581628 SetScrollPos
0x581630 MessageBoxA
0x581634 GetSystemMetrics
0x581638 SetParent
0x58163c SetActiveWindow
0x581640 IsWindowVisible
0x581644 ValidateRect
0x581648 GetDC
0x58164c AppendMenuA
0x581650 CreatePopupMenu
0x581654 LoadBitmapA
0x581658 GetMenuItemCount
0x58165c InsertMenuA
0x581660 DeleteMenu
0x581664 CloseClipboard
0x581668 GetClipboardData
0x58166c EmptyClipboard
0x581670 OpenClipboard
0x581674 SetClipboardData
0x581678 LoadImageA
0x58167c GrayStringA
0x581680 DrawTextExA
0x581684 DrawTextA
0x581688 TabbedTextOutA
0x58168c WindowFromDC
0x581690 SetRectEmpty
0x581698 DrawFocusRect
0x58169c GetNextDlgTabItem
0x5816a0 SetWindowLongA
0x5816a4 ScreenToClient
0x5816a8 InvalidateRect
0x5816ac UpdateWindow
0x5816b0 LoadMenuA
0x5816b4 LoadAcceleratorsA
0x5816b8 DestroyMenu
0x5816bc IsWindow
0x5816c0 wsprintfA
0x5816c4 ReleaseDC
0x5816c8 GetDCEx
0x5816cc ReleaseCapture
0x5816d0 RedrawWindow
0x5816d4 SetCapture
0x5816d8 GetWindow
0x5816dc GetClassLongA
0x5816e0 FillRect
0x5816e4 GetWindowLongA
0x5816e8 ClientToScreen
0x5816ec GetParent
0x5816f0 GetClientRect
0x5816f4 IsRectEmpty
0x5816f8 EndDeferWindowPos
0x5816fc DefMDIChildProcA
0x581700 DefFrameProcA
0x581704 GetSystemMenu
0x581708 UnpackDDElParam
0x58170c ReuseDDElParam
0x581710 InsertMenuItemA
0x581714 BeginDeferWindowPos
0x581718 LoadCursorA
0x58171c BringWindowToTop
0x581724 ShowWindow
0x581728 MoveWindow
0x58172c SetWindowTextA
0x581730 GetWindowPlacement
0x581734 IsDialogMessageA
0x581738 GetSysColorBrush
0x58173c GetKeyState
0x581740 GetCursorPos
0x581744 PtInRect
0x581748 GetWindowRect
0x58174c OffsetRect
0x581750 CopyRect
0x581754 EnableWindow
0x58175c GetSysColor
0x581760 InflateRect
0x581764 SendMessageA
0x581768 IsChild
0x58176c GetFocus
0x581770 GetMenuState
0x581774 SetDlgItemTextA
0x581778 GetMenuItemID
库: GDI32.dll:
0x58104c DPtoLP
0x581050 PtVisible
0x581054 RectVisible
0x581058 TextOutA
0x58105c Escape
0x581060 StretchBlt
0x581064 GetTextExtentPointA
0x581068 CreateFontA
0x58106c Polygon
0x581070 CreatePolygonRgn
0x581074 FillRgn
0x581078 CreatePatternBrush
0x58107c Arc
0x581080 Ellipse
0x581084 GetBkColor
0x581088 CopyMetaFileA
0x58108c SaveDC
0x581090 RestoreDC
0x581094 SetBkColor
0x581098 SetBkMode
0x58109c SetTextColor
0x5810a0 RealizePalette
0x5810a4 SetMapMode
0x5810a8 GetClipBox
0x5810ac ExcludeClipRect
0x5810b0 IntersectClipRect
0x5810b4 LineTo
0x5810b8 MoveToEx
0x5810bc GetViewportExtEx
0x5810c0 SelectClipRgn
0x5810c4 GetMapMode
0x5810c8 GetPixel
0x5810cc StartDocA
0x5810d0 SetViewportOrgEx
0x5810d4 OffsetViewportOrgEx
0x5810d8 ScaleViewportExtEx
0x5810dc SetWindowOrgEx
0x5810e0 ScaleWindowExtEx
0x5810e4 ExtSelectClipRgn
0x5810e8 CreateBitmap
0x5810ec ExtCreatePen
0x5810f4 SetRectRgn
0x5810f8 CombineRgn
0x5810fc GetTextMetricsA
0x581100 GetCharWidthA
0x581104 StartPage
0x581108 EndPage
0x58110c SetAbortProc
0x581110 AbortDoc
0x581114 EndDoc
0x581118 GetRgnBox
0x58111c EnumFontFamiliesExA
0x581120 SetArcDirection
0x581124 GetWindowExtEx
0x581128 GetDIBits
0x581130 SetViewportExtEx
0x581134 SetWindowExtEx
0x581138 CreateDCA
0x58113c LPtoDP
0x581140 CreateSolidBrush
0x581144 SelectObject
0x581148 CreateDIBSection
0x58114c DeleteDC
0x581150 PatBlt
0x581154 BitBlt
0x58115c GetTextColor
0x581160 ExtTextOutA
0x581164 CreateFontIndirectA
0x581168 GetObjectA
0x58116c GetDeviceCaps
0x581170 EnumFontFamiliesA
0x581174 StretchDIBits
0x581178 CreateCompatibleDC
0x58117c CreateRectRgn
0x581180 CreateDIBitmap
0x581184 GetStockObject
0x581188 CreatePen
0x58118c SetDIBColorTable
0x581190 DeleteObject
0x581194 GetCurrentObject
0x581198 StrokeAndFillPath
0x58119c EndPath
0x5811a4 AbortPath
0x5811a8 AngleArc
0x5811ac BeginPath
0x5811b0 SelectPalette
库: COMDLG32.dll:
0x581044 GetFileTitleA
库: WINSPOOL.DRV:
0x581788 DocumentPropertiesA
0x58178c OpenPrinterA
0x581790 ClosePrinter
0x581794 GetJobA
库: ADVAPI32.dll:
0x581000 RegDeleteKeyA
0x581004 RegCreateKeyA
0x581008 GetFileSecurityA
0x58100c SetFileSecurityA
0x581010 RegQueryValueA
0x581014 RegOpenKeyA
0x581018 RegEnumKeyA
0x58101c RegCloseKey
0x581020 RegDeleteValueA
0x581024 RegSetValueExA
0x581028 RegQueryValueExA
0x58102c RegOpenKeyExA
0x581030 RegCreateKeyExA
0x581034 RegSetValueA
库: SHELL32.dll:
0x581474 ShellExecuteA
0x581478 DragFinish
0x58147c DragQueryFileA
0x581480 ExtractIconA
0x581484 SHGetFileInfoA
0x581488 DragAcceptFiles
库: COMCTL32.dll:
库: SHLWAPI.dll:
0x581490 PathFindExtensionA
0x581498 PathFindFileNameA
0x58149c PathRemoveFileSpecW
0x5814a0 PathStripToRootA
0x5814a4 PathFindExtensionW
0x5814a8 PathIsUNCA
库: oledlg.dll:
0x581830 None
库: ole32.dll:
0x5817e4 OleUninitialize
0x5817e8 OleDuplicateData
0x5817ec CoRevokeClassObject
0x5817f0 ReleaseStgMedium
0x5817f4 CoTaskMemFree
0x5817f8 CoGetClassObject
0x5817fc OleGetClipboard
0x581800 OleFlushClipboard
0x581808 RevokeDragDrop
0x581810 CoInitializeEx
0x581814 CoCreateInstance
0x581818 CoUninitialize
0x58181c CLSIDFromString
0x581820 CLSIDFromProgID
0x581824 CoTaskMemAlloc
0x581828 OleInitialize
库: OLEAUT32.dll:
0x58142c VariantCopy
0x581430 SysAllocStringLen
0x581434 VariantInit
0x58143c SysStringLen
0x581440 VarDateFromStr
0x581444 VariantClear
0x581448 VariantChangeType
0x58144c SafeArrayDestroy
0x581450 SysFreeString
0x581458 VarCyFromStr
0x581460 SysAllocString
库: gdiplus.dll:
0x58179c GdipSaveImageToFile
0x5817a0 GdiplusShutdown
0x5817ac GdipDisposeImage
0x5817b8 GdiplusStartup
0x5817bc GdipAlloc
0x5817c0 GdipFree
0x5817c4 GdipCloneImage

.text
`.rdata
@.data
.rsrc
w=h\#Z
t=hp#Z
w=h\#Z
t=hp#Z
w=h\#Z
w=h\#Z
t=hp#Z
w=h\#Z
t=hp#Z
w=h\#Z
w=h\#Z
t=hp#Z
t=hp#Z
w=h\#Z
w=h\#Z
t=hp#Z
w=h\#Z
t=hp#Z
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.218.94.155 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.218.94.155 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 16.826 seconds )

  • 10.684 Suricata
  • 2.421 VirusTotal
  • 1.769 Static
  • 0.956 NetworkAnalysis
  • 0.658 TargetInfo
  • 0.307 peid
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.005 config_decoder
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 1.498 seconds )

  • 1.402 md_url_bl
  • 0.02 antiav_detectreg
  • 0.011 md_domain_bl
  • 0.007 ransomware_files
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.003 antianalysis_detectreg
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.002 network_torgateway
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 rat_pcclient
  • 0.001 rat_spynet

Reporting ( 0.501 seconds )

  • 0.491 ReportHTMLSummary
  • 0.01 Malheur
Task ID 641010
Mongo ID 60cc77177e769a1c5870dd55
Cuckoo release 1.4-Maldun