比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-06-18 18:38:51 2021-06-18 18:40:56 125 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 蠕虫专清工具.com
文件大小 17920 字节
文件类型 PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 ab42b45571f9c6e7d92aede417486680
SHA1 4e73ad5aa37b771fdb4334c99cc3155519087502
SHA256 e617f03cf1f77d357fb10da2b07b265b96d04135f9d4cfbfb4b5f96a1945e543
SHA512 f625f160cccbc4dbf601ca0e15fa0849ff8c9374f3f24f4fd57f9fe23e664db34abf1d547b7c44f8c70bc9b6377e0860f979c2e6aa93ab0f84b7fd124736754c
CRC32 A4934099
Ssdeep 384:0j8Ul5XOABiOhBDNp8acrZrFL8wckjvnfdj/tkzYcExbb8PZ:vUnOH4BCrXfdjVwYcExu
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00404f26
声明校验值 0x00000000
实际校验值 0x000145c9
最低操作系统版本要求 4.0
PDB路径 C:\Users\cdj68\Source\Repos\EncryptSynaptics\obj\Release\EncryptSynaptics.pdb
编译时间 2043-06-18 23:23:22
载入哈希 f34d5f2d4577ed6d9ceec516c1f5a744

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00002000 0x00002f2c 0x00003000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 5.76
.rsrc 0x00006000 0x000010fc 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.56
.reloc 0x00008000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.08

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x00006090 0x0000035c LANG_NEUTRAL SUBLANG_NEUTRAL 3.27 data
RT_MANIFEST 0x000063fc 0x00000cfa LANG_NEUTRAL SUBLANG_NEUTRAL 5.89 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

导入

库: mscoree.dll:
0x402000 _CorExeMain

装载信息

名称 EncryptSynaptics
版本 1.0.0.0

装载参考

名称 版本
mscorlib 4.0.0.0
System.Core 4.0.0.0
System 4.0.0.0
Microsoft.VisualBasic 10.0.0.0

类型参考

装载 类型名称
Microsoft.VisualBasic Microsoft.VisualBasic.FileIO.FileSystem
Microsoft.VisualBasic Microsoft.VisualBasic.FileIO.RecycleOption
Microsoft.VisualBasic Microsoft.VisualBasic.FileIO.UIOption
System System.Diagnostics.FileVersionInfo
System System.Diagnostics.Process
System System.Diagnostics.ProcessModule
System.Core System.Linq.Enumerable
System.Core System.Runtime.CompilerServices.ExtensionAttribute
mscorlib Microsoft.Win32.Registry
mscorlib Microsoft.Win32.RegistryKey
mscorlib System.Byte
mscorlib System.Char
mscorlib System.Collections.Generic.Dictionary`2
mscorlib System.Collections.Generic.Dictionary`2/ValueCollection
mscorlib System.Collections.Generic.IEnumerable`1
mscorlib System.Collections.Generic.IEnumerator`1
mscorlib System.Collections.Generic.List`1
mscorlib System.Collections.Generic.List`1/Enumerator
mscorlib System.Collections.IEnumerable
mscorlib System.Collections.IEnumerator
mscorlib System.Console
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Diagnostics.DebuggerHiddenAttribute
mscorlib System.Enum
mscorlib System.Environment
mscorlib System.Environment/SpecialFolder
mscorlib System.Exception
mscorlib System.Func`2
mscorlib System.IDisposable
mscorlib System.IO.Directory
mscorlib System.IO.DirectoryInfo
mscorlib System.IO.DriveInfo
mscorlib System.IO.File
mscorlib System.IO.FileAttributes
mscorlib System.IO.FileInfo
mscorlib System.IO.FileSystemInfo
mscorlib System.IO.PathTooLongException
mscorlib System.IntPtr
mscorlib System.NotSupportedException
mscorlib System.NullReferenceException
mscorlib System.Object
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyConfigurationAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Runtime.InteropServices.GuidAttribute
mscorlib System.Runtime.InteropServices.Marshal
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib System.Security.Principal.WindowsBuiltInRole
mscorlib System.Security.Principal.WindowsIdentity
mscorlib System.Security.Principal.WindowsPrincipal
mscorlib System.String
mscorlib System.Threading.Thread
mscorlib System.Type
mscorlib System.ValueType
.text
`.rsrc
@.reloc
v4.0.30319
#Strings
#GUID
#Blob
<EnumerateFiles>d__30
<>9__30_0
<EnumerateFiles>b__30_0
<>9__0_0
<Main>b__0_0
IEnumerable`1
IEnumerator`1
List`1
<>m__Finally1
Microsoft.Win32
ToInt32
<dicFRNLookup>5__2
Func`2
Dictionary`2
<>7__wrap2
<>m__Finally2
ReadInt64
ToInt64
<Module>
MFT_ENUM_DATA
FSCTL_ENUM_USN_DATA
GENERIC_READ
FILE_SHARE_READ
FILE_OPEN_BY_FILE_ID
USN_RECORD
FILE_SHARE_WRITE
INVALID_HANDLE_VALUE
OBJ_CASE_INSENSITIVE
UNICODE_STRING
OPEN_EXISTING
m_hCJ
IO_STATUS_BLOCK
FILE_OPEN
FILE_NAME_IINFORMATION
ParentFRN
lParentFSN
System.IO
Microsoft.VisualBasic.FileIO
FILE_FLAG_BACKUP_SEMANTICS
FILE_READ_ATTRIBUTES
OBJECT_ATTRIBUTES
FILE_OPEN_FOR_BACKUP_INTENT
resourceData
mscorlib
System.Collections.Generic
Microsoft.VisualBasic
get_ManagedThreadId
<>l__initialThreadId
langId
SecurityId
get_CurrentThread
lpBytesReturned
lpOverlapped
TrimEnd
hDevice
SecurityQualityOfService
LoadResource
SizeofResource
LockResource
dwIoControlCode
dwShareMode
FSNode
get_Message
IEnumerable
IDisposable
FileHandle
CloseHandle
NtCreateFile
hTemplateFile
DeleteFile
hFile
NtQueryInformationFile
bIsFile
IsInRole
WindowsBuiltInRole
Console
get_MainModule
ProcessModule
module
get_Name
get_FileName
lpFileName
sFileName
fileName
get_FullName
get_ProcessName
ObjectName
OpenVolume
ReadLine
WriteLine
ValueType
GetType
Where
System.Core
PtrToStructure
Close
System.IDisposable.Dispose
<>1__state
Delete
Write
CompilerGeneratedAttribute
GuidAttribute
DebuggableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
DebuggerHiddenAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
DeleteValue
TryGetValue
drive
EncryptSynaptics.exe
AllocationSize
m_BufferSize
nInBufferSize
nOutBufferSize
SizeOf
HasFlag
System.Threading
System.Runtime.Versioning
String
GetFolderPath
get_Length
EaLength
RecordLength
FileNameLength
MaximumLength
EndsWith
StartsWith
PtrToStringUni
IoStatusBlock
AllocHGlobal
FreeHGlobal
Marshal
System.Security.Principal
WindowsPrincipal
kernel32.dll
ntdll.dll
DeviceIoControl
Program
FileSystem
DriveInfoExtension
MajorVersion
MinorVersion
FileInformation
System.Reflection
ValueCollection
SetCursorPosition
dwCreationDisposition
UIOption
RecycleOption
NotSupportedException
NullReferenceException
PathTooLongException
get_FileDescription
Reason
HighUsn
LowUsn
SourceInfo
resourceInfo
FileInfo
DriveInfo
FileSystemInfo
FileVersionInfo
GetVersionInfo
DirectoryInfo
Sleep
TimeStamp
get_CursorTop
Cleanup
System.Linq
ParentFileReferenceNumber
StartFileReferenceNumber
SpecialFolder
m_Buffer
EaBuffer
lpInBuffer
lpOutBuffer
MFTScanner
CurrentUser
m_DriveLetter
<>3__szDriveLetter
IEnumerator
System.Collections.Generic.IEnumerable<System.String>.GetEnumerator
System.Collections.IEnumerable.GetEnumerator
IsAdministrator
.ctor
.cctor
SecurityDescriptor
IntPtr
FileAttribs
EncryptSynaptics
System.Diagnostics
NativeMethods
System.Runtime.InteropServices
System.Runtime.CompilerServices
DebuggingModes
EnumerateDirectories
EnumerateFiles
GetProcesses
dwFlagsAndAttributes
FileAttributes
ObjectAttributes
lpSecurityAttributes
WriteAllBytes
get_Values
flags
<>4__this
Contains
System.Collections
CreateOptions
FileInformationClass
SharedAccess
dwDesiredAccess
Process
Exists
Status
Concat
Format
lpObject
System.Collections.IEnumerator.Reset
FileNameOffset
get_WindowHeight
Environment
System.Collections.Generic.IEnumerator<System.String>.Current
System.Collections.IEnumerator.Current
System.Collections.Generic.IEnumerator<System.String>.get_Current
System.Collections.IEnumerator.get_Current
GetCurrent
<>2__current
get_Root
MoveNext
FindResourceEx
LoadLibraryEx
OpenSubKey
RegistryKey
FreeLibrary
get_Directory
RootDirectory
Registry
op_Equality
op_Inequality
WindowsIdentity
IsNullOrEmpty
EncryptSynaptics
2019
$8e7c1632-e358-403b-9ffd-fdbaa0cb9dfd
1.0.0.0
.NET Framework 4
C:\Users\cdj68\Source\Repos\EncryptSynaptics\obj\Release\EncryptSynaptics.pdb
_CorExeMain
mscoree.dll
</assembly>
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
EncryptSynaptics
FileVersion
1.0.0.0
InternalName
EncryptSynaptics.exe
LegalCopyright
2019
LegalTrademarks
OriginalFilename
EncryptSynaptics.exe
ProductName
EncryptSynaptics
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20200404
DrWeb 未发现病毒 20200405
MicroWorld-eScan 未发现病毒 20200406
FireEye 未发现病毒 20200316
CAT-QuickHeal 未发现病毒 20200405
Qihoo-360 Generic/HEUR/QVM03.0.5E1D.Malware.Gen 20200406
ALYac 未发现病毒 20200405
Malwarebytes 未发现病毒 20200406
VIPRE 未发现病毒 20200406
AegisLab Trojan.Win32.Generic.4!c 20200405
K7AntiVirus 未发现病毒 20200405
BitDefender 未发现病毒 20200405
K7GW 未发现病毒 20200405
Cybereason 未发现病毒 20190616
TrendMicro 未发现病毒 20200405
BitDefenderTheta Gen:NN.ZemsilF.34104.bm0@aeTTmGi 20200325
Cyren 未发现病毒 20200405
TotalDefense 未发现病毒 20200405
APEX Malicious 20200404
Paloalto 未发现病毒 20200406
ClamAV 未发现病毒 20200405
Kaspersky 未发现病毒 20200405
Alibaba 未发现病毒 20190527
NANO-Antivirus 未发现病毒 20200405
ViRobot 未发现病毒 20200405
Tencent 未发现病毒 20200406
Ad-Aware 未发现病毒 20200405
Sophos 未发现病毒 20200405
Comodo 未发现病毒 20200405
F-Secure 未发现病毒 20200405
Baidu 未发现病毒 20190318
Zillya 未发现病毒 20200403
Invincea 未发现病毒 20200219
McAfee-GW-Edition 未发现病毒 20200405
Trapmine 未发现病毒 20200123
CMC 未发现病毒 20190321
Emsisoft 未发现病毒 20200405
SentinelOne DFI - Malicious PE 20200220
F-Prot 未发现病毒 20200406
Jiangmin 未发现病毒 20200405
Webroot 未发现病毒 20200406
Avira 未发现病毒 20200405
MAX 未发现病毒 20200406
Antiy-AVL 未发现病毒 20200406
Kingsoft 未发现病毒 20200406
Microsoft 未发现病毒 20200406
Endgame 未发现病毒 20200226
Arcabit 未发现病毒 20200405
SUPERAntiSpyware 未发现病毒 20200404
ZoneAlarm 未发现病毒 20200405
Avast-Mobile 未发现病毒 20200405
GData 未发现病毒 20200405
AhnLab-V3 未发现病毒 20200405
Acronis 未发现病毒 20200315
McAfee 未发现病毒 20200406
TACHYON 未发现病毒 20200406
VBA32 未发现病毒 20200404
Panda 未发现病毒 20200405
Zoner 未发现病毒 20200405
ESET-NOD32 未发现病毒 20200405
TrendMicro-HouseCall 未发现病毒 20200406
Rising 未发现病毒 20200406
Yandex 未发现病毒 20200404
Ikarus 未发现病毒 20200405
eGambit 未发现病毒 20200406
Fortinet 未发现病毒 20200406
AVG Win32:Malware-gen 20200405
Avast Win32:Malware-gen 20200405
CrowdStrike win/malicious_confidence_60% (W) 20190702
MaxSecure 未发现病毒 20200404

进程树

__________________.com, PID: 2456, 上一级进程 PID: 2160
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.218.94.163 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.218.94.163 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 15.085 seconds )

  • 10.881 Suricata
  • 1.077 BehaviorAnalysis
  • 1.068 NetworkAnalysis
  • 0.841 Static
  • 0.503 static_dotnet
  • 0.314 peid
  • 0.266 TargetInfo
  • 0.12 VirusTotal
  • 0.01 AnalysisInfo
  • 0.003 Strings
  • 0.002 Memory

Signatures ( 1.98 seconds )

  • 1.349 md_url_bl
  • 0.088 antiav_detectfile
  • 0.059 api_spamming
  • 0.059 infostealer_bitcoin
  • 0.053 stealth_decoy_document
  • 0.048 stealth_timeout
  • 0.036 antivm_vbox_files
  • 0.036 infostealer_ftp
  • 0.025 infostealer_im
  • 0.02 antiav_detectreg
  • 0.016 antidbg_devices
  • 0.015 infostealer_mail
  • 0.012 network_tor
  • 0.011 md_domain_bl
  • 0.01 rat_pcclient
  • 0.008 betabot_behavior
  • 0.007 kazybot_behavior
  • 0.007 geodo_banking_trojan
  • 0.006 anomaly_persistence_autorun
  • 0.006 kibex_behavior
  • 0.006 antivm_vmware_files
  • 0.006 codelux_behavior
  • 0.005 hawkeye_behavior
  • 0.005 antivm_generic_disk
  • 0.004 bootkit
  • 0.004 sniffer_winpcap
  • 0.004 antianalysis_detectreg
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antianalysis_detectfile
  • 0.003 antivm_vpc_files
  • 0.003 banker_cridex
  • 0.003 malicous_targeted_flame
  • 0.003 network_http
  • 0.003 network_tor_service
  • 0.002 tinba_behavior
  • 0.002 antiemu_wine_func
  • 0.002 mimics_filetime
  • 0.002 injection_createremotethread
  • 0.002 reads_self
  • 0.002 shifu_behavior
  • 0.002 infostealer_browser_password
  • 0.002 virus
  • 0.002 kovter_behavior
  • 0.002 antisandbox_sunbelt_files
  • 0.002 disables_browser_warn
  • 0.002 md_bad_drop
  • 0.002 network_torgateway
  • 0.001 antivm_vbox_libs
  • 0.001 rat_nanocore
  • 0.001 stealth_file
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 antivm_generic_services
  • 0.001 antivm_generic_scsi
  • 0.001 anormaly_invoke_kills
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 hancitor_behavior
  • 0.001 spreading_autoruninf
  • 0.001 antisandbox_fortinet_files
  • 0.001 antisandbox_threattrack_files
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_vbox_devices
  • 0.001 antivm_xen_keys
  • 0.001 bitcoin_opencl
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 network_cnc_http

Reporting ( 0.596 seconds )

  • 0.587 ReportHTMLSummary
  • 0.009 Malheur
Task ID 641011
Mongo ID 60cc78517e769a1c5a7130c1
Cuckoo release 1.4-Maldun