比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2021-07-29 10:39:16 2021-07-29 10:41:21 125 秒

魔盾分数

6.104

危险的

文件详细信息

文件名 调试器.exe
文件大小 937984 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 94ee583938c763b6a666bcfb7dbb6f6d
SHA1 46842af35c86939b09cfa35523fdd3b187e14d4b
SHA256 89db940dd8264105dd0f84f4d3db8c068235d9ee27747cd8e956980c9bcf996f
SHA512 e9661c35911ce3a8efa72b21a352cfa663a0af594eeed578f56b070d56a7a7cfc1d76719fdcc0e5213bf50d21aaca2ee0b627e91414ede39fa3b1079c51e7fbb
CRC32 4EC8669A
Ssdeep 12288:bWWWK5suqU6NWRwDF5zHLfOg1LLOE65FV+Xx:bW7NvN0wDrzrfDLLOE6rV+Xx
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
23.223.199.177 美国
43.248.201.209 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
w30255.e2.luyouxia.net 未知 CNAME e2.luyouxia.net
A 43.248.201.209
acroipm.adobe.com A 23.223.199.177
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.223.198.226

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00472711
声明校验值 0x00000000
实际校验值 0x000f473a
最低操作系统版本要求 4.0
编译时间 2021-07-29 09:39:27
载入哈希 8049f5567aa339003f0a7e57c37ef2b2
图标
图标精确哈希值 7e8d0dbe5de19f74f384ae459c5abecf
图标相似性哈希值 439e81c5165936c3ea55d4df339c6380

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00091b02 0x00092000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x00093000 0x0003942e 0x0003a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.19
.data 0x000cd000 0x0004028a 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.11
.rsrc 0x0010e000 0x00005b68 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.78

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x0010ec78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0010ec78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0010ec78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x0010f168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0010f168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0010f168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0010f168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x001109dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00111340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00111340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00111340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00111340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x00111340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_MENU 0x001119b4 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x001119b4 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00112bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00113644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00113690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00113690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00113690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x001136f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x001136f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x001136f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x0011370c 0x0000028c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.73 DOS executable (COM)
RT_MANIFEST 0x00113998 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x493630 midiStreamOut
0x493638 waveOutWrite
0x49363c waveOutPause
0x493640 waveOutReset
0x493644 waveOutClose
0x493648 waveOutGetNumDevs
0x49364c waveOutOpen
0x493654 midiStreamOpen
0x493658 midiStreamProperty
0x49365c midiStreamStop
0x493660 midiOutReset
0x493664 midiStreamClose
0x493668 midiStreamRestart
库: WS2_32.dll:
0x493688 WSAAsyncSelect
0x49368c closesocket
0x493690 WSACleanup
0x493694 inet_ntoa
0x493698 recvfrom
0x49369c ioctlsocket
0x4936a0 recv
0x4936a4 accept
0x4936a8 getpeername
库: KERNEL32.dll:
0x493180 SetLastError
0x493188 GetVersion
0x493190 GetACP
0x493194 HeapSize
0x493198 GetSystemDirectoryA
0x49319c RaiseException
0x4931a0 GetLocalTime
0x4931a4 GetSystemTime
0x4931a8 RtlUnwind
0x4931ac GetStartupInfoA
0x4931b0 GetOEMCP
0x4931b4 GetCPInfo
0x4931b8 GetProcessVersion
0x4931bc SetErrorMode
0x4931c0 GlobalFlags
0x4931c4 GetCurrentThread
0x4931c8 GetFileTime
0x4931cc TlsGetValue
0x4931d0 LocalReAlloc
0x4931d4 TlsSetValue
0x4931d8 TlsFree
0x4931dc GlobalHandle
0x4931e0 TlsAlloc
0x4931e4 LocalAlloc
0x4931e8 lstrcmpA
0x4931ec GlobalGetAtomNameA
0x4931f0 GlobalAddAtomA
0x4931f4 GlobalFindAtomA
0x4931f8 GlobalDeleteAtom
0x4931fc lstrcmpiA
0x493200 SetEndOfFile
0x493204 UnlockFile
0x493208 LockFile
0x49320c FlushFileBuffers
0x493210 DuplicateHandle
0x493214 lstrcpynA
0x493220 LocalFree
0x493230 TerminateProcess
0x493234 GetCurrentProcess
0x493238 GetFileSize
0x49323c SetFilePointer
0x493244 Process32First
0x493248 Process32Next
0x49324c CreateSemaphoreA
0x493250 ResumeThread
0x493254 ReleaseSemaphore
0x493260 GetProfileStringA
0x493264 WriteFile
0x49326c CreateFileA
0x493270 SetEvent
0x493274 FindResourceA
0x493278 LoadResource
0x49327c LockResource
0x493280 ReadFile
0x493284 GetModuleFileNameA
0x493288 WideCharToMultiByte
0x49328c MultiByteToWideChar
0x493290 GetCurrentThreadId
0x493294 ExitProcess
0x493298 GlobalSize
0x49329c GlobalFree
0x4932a4 InterlockedExchange
0x4932ac lstrcatA
0x4932b0 lstrlenA
0x4932b4 WinExec
0x4932b8 lstrcpyA
0x4932bc FindNextFileA
0x4932c0 GlobalReAlloc
0x4932c4 HeapFree
0x4932c8 HeapReAlloc
0x4932cc GetProcessHeap
0x4932d0 HeapAlloc
0x4932d4 GetFullPathNameA
0x4932d8 FreeLibrary
0x4932dc LoadLibraryA
0x4932e0 GetLastError
0x4932e4 GetVersionExA
0x4932ec CreateThread
0x4932f0 CreateEventA
0x4932f4 Sleep
0x4932f8 GlobalAlloc
0x4932fc GlobalLock
0x493300 GlobalUnlock
0x493304 GetTempPathA
0x493308 FindFirstFileA
0x49330c FindClose
0x493310 GetFileAttributesA
0x49331c GetModuleHandleA
0x493320 GetProcAddress
0x493324 MulDiv
0x493328 GetCommandLineA
0x49332c GetTickCount
0x493330 CreateProcessA
0x493334 WaitForSingleObject
0x493338 CloseHandle
0x49334c SetHandleCount
0x493350 GetStdHandle
0x493354 GetFileType
0x49335c HeapDestroy
0x493360 HeapCreate
0x493364 VirtualFree
0x49336c LCMapStringA
0x493370 LCMapStringW
0x493374 VirtualAlloc
0x493378 IsBadWritePtr
0x493380 GetStringTypeA
0x493384 GetStringTypeW
0x493388 CompareStringA
0x49338c CompareStringW
0x493390 IsBadReadPtr
0x493394 IsBadCodePtr
0x493398 SetStdHandle
库: USER32.dll:
0x4933c0 GetMenu
0x4933c4 SetMenu
0x4933c8 PeekMessageA
0x4933cc GetSysColorBrush
0x4933d4 GetKeyState
0x4933dc IsWindowEnabled
0x4933e0 ShowWindow
0x4933e8 LoadImageA
0x4933f0 ClientToScreen
0x4933f4 EnableMenuItem
0x4933f8 GetSubMenu
0x4933fc GetDlgCtrlID
0x493404 CreateMenu
0x493408 ModifyMenuA
0x49340c AppendMenuA
0x493410 CreatePopupMenu
0x493414 DrawIconEx
0x493424 SetRectEmpty
0x493428 IsIconic
0x49342c SetFocus
0x493430 GetActiveWindow
0x493434 GetWindow
0x49343c SetWindowRgn
0x493440 GetMessagePos
0x493444 ScreenToClient
0x49344c DispatchMessageA
0x493450 LoadBitmapA
0x493454 WinHelpA
0x493458 KillTimer
0x49345c SetTimer
0x493460 ReleaseCapture
0x493464 GetCapture
0x493468 SetCapture
0x49346c LoadStringA
0x493470 GetScrollRange
0x493474 SetScrollRange
0x493478 SetScrollPos
0x49347c SetRect
0x493480 InflateRect
0x493484 IntersectRect
0x493488 DestroyIcon
0x49348c PtInRect
0x493490 DeleteMenu
0x493494 IsWindowVisible
0x493498 EnableWindow
0x49349c RedrawWindow
0x4934a0 GetWindowLongA
0x4934a4 SetWindowLongA
0x4934a8 GetSysColor
0x4934ac SetActiveWindow
0x4934b0 SetCursorPos
0x4934b4 LoadCursorA
0x4934b8 SetCursor
0x4934bc GetDC
0x4934c0 FillRect
0x4934c4 IsRectEmpty
0x4934c8 ReleaseDC
0x4934cc IsChild
0x4934d0 DestroyMenu
0x4934d4 SetForegroundWindow
0x4934d8 GetWindowRect
0x4934dc EqualRect
0x4934e0 UpdateWindow
0x4934e4 ValidateRect
0x4934e8 InvalidateRect
0x4934ec GetClientRect
0x4934f0 GetFocus
0x4934f4 GetParent
0x4934f8 GetTopWindow
0x4934fc PostMessageA
0x493500 IsWindow
0x493504 SetParent
0x493508 DestroyCursor
0x49350c SendMessageA
0x493510 SetWindowPos
0x493514 MessageBoxA
0x493518 GetCursorPos
0x49351c GetSystemMetrics
0x493520 EmptyClipboard
0x493524 SetClipboardData
0x493528 OpenClipboard
0x49352c GetClipboardData
0x493530 CloseClipboard
0x493534 wsprintfA
0x493538 WaitForInputIdle
0x49353c GetSystemMenu
0x493540 GetMessageA
0x493544 WindowFromPoint
0x493548 DrawFocusRect
0x49354c DrawEdge
0x493550 TranslateMessage
0x493554 LoadIconA
0x493558 GetDesktopWindow
0x49355c GetClassNameA
0x493560 GetDlgItem
0x493564 GetWindowTextA
0x493568 GetForegroundWindow
0x49356c DefWindowProcA
0x493570 GetClassInfoA
0x493574 IsZoomed
0x493578 OffsetRect
0x49357c PostQuitMessage
0x493580 CopyRect
0x493584 UnregisterClassA
0x493588 DrawFrameControl
0x493590 CharUpperA
0x493594 GetWindowDC
0x493598 BeginPaint
0x49359c EndPaint
0x4935a0 TabbedTextOutA
0x4935a4 DrawTextA
0x4935a8 GrayStringA
0x4935ac DestroyWindow
0x4935b4 EndDialog
0x4935b8 GetNextDlgTabItem
0x4935bc GetWindowPlacement
0x4935c4 GetLastActivePopup
0x4935c8 GetMessageTime
0x4935cc RemovePropA
0x4935d0 CallWindowProcA
0x4935d4 GetPropA
0x4935d8 UnhookWindowsHookEx
0x4935dc SetPropA
0x4935e0 GetClassLongA
0x4935e4 CallNextHookEx
0x4935e8 SetWindowsHookExA
0x4935ec CreateWindowExA
0x4935f0 GetMenuItemID
0x4935f4 GetMenuItemCount
0x4935f8 RegisterClassA
0x4935fc GetScrollPos
0x493600 AdjustWindowRectEx
0x493604 MapWindowPoints
0x493608 SendDlgItemMessageA
0x49360c ScrollWindowEx
0x493610 IsDialogMessageA
0x493614 SetWindowTextA
0x493618 MoveWindow
0x49361c CheckMenuItem
0x493620 SetMenuItemBitmaps
0x493624 GetMenuState
库: GDI32.dll:
0x493034 ExtSelectClipRgn
0x493038 LineTo
0x49303c MoveToEx
0x493040 CreateBitmap
0x493044 SelectObject
0x493048 GetObjectA
0x49304c CreatePen
0x493050 PatBlt
0x493054 CombineRgn
0x493058 CreateRectRgn
0x49305c FillRgn
0x493060 CreateSolidBrush
0x493064 GetStockObject
0x493068 CreateFontIndirectA
0x49306c EndPage
0x493070 EndDoc
0x493074 DeleteDC
0x493078 StartDocA
0x49307c StartPage
0x493080 BitBlt
0x493084 Ellipse
0x493088 Rectangle
0x49308c LPtoDP
0x493090 DPtoLP
0x493094 GetCurrentObject
0x493098 RoundRect
0x4930a0 GetDeviceCaps
0x4930a4 ExcludeClipRect
0x4930a8 GetClipBox
0x4930ac ScaleWindowExtEx
0x4930b0 SetWindowExtEx
0x4930b4 SetWindowOrgEx
0x4930b8 ScaleViewportExtEx
0x4930bc SetViewportExtEx
0x4930c0 OffsetViewportOrgEx
0x4930c4 SetViewportOrgEx
0x4930c8 GetViewportExtEx
0x4930cc PtVisible
0x4930d0 RectVisible
0x4930d4 TextOutA
0x4930d8 ExtTextOutA
0x4930dc Escape
0x4930e0 GetTextMetricsA
0x4930e4 CreateDCA
0x4930ec GetPolyFillMode
0x4930f0 GetStretchBltMode
0x4930f4 GetROP2
0x4930f8 GetBkColor
0x4930fc GetBkMode
0x493100 GetTextColor
0x493104 CreateRoundRectRgn
0x493108 CreateEllipticRgn
0x49310c PathToRegion
0x493110 EndPath
0x493114 BeginPath
0x493118 GetWindowOrgEx
0x49311c GetViewportOrgEx
0x493120 GetWindowExtEx
0x493124 GetDIBits
0x493128 SetMapMode
0x49312c SetTextColor
0x493130 SetROP2
0x493134 SetPolyFillMode
0x493138 SetBkMode
0x49313c RestoreDC
0x493140 SaveDC
0x493144 RealizePalette
0x493148 SelectPalette
0x49314c StretchBlt
0x493150 CreatePalette
0x493158 CreateDIBitmap
0x49315c DeleteObject
0x493160 SelectClipRgn
0x493164 CreatePolygonRgn
0x493168 SetStretchBltMode
0x493170 CreateCompatibleDC
0x493174 GetClipRgn
0x493178 SetBkColor
库: WINSPOOL.DRV:
0x493678 OpenPrinterA
0x49367c DocumentPropertiesA
0x493680 ClosePrinter
库: ADVAPI32.dll:
0x493000 RegOpenKeyExA
0x493004 RegSetValueExA
0x493008 RegQueryValueA
0x49300c RegCreateKeyExA
0x493010 RegCloseKey
库: SHELL32.dll:
0x4933b0 ShellExecuteA
0x4933b4 Shell_NotifyIconA
库: ole32.dll:
0x4936c8 CLSIDFromString
0x4936cc OleUninitialize
0x4936d0 OleInitialize
库: OLEAUT32.dll:
0x4933a0 LoadTypeLib
0x4933a4 RegisterTypeLib
0x4933a8 UnRegisterTypeLib
库: COMCTL32.dll:
0x493020 None
0x493024 ImageList_Destroy
0x493028 ImageList_Read
0x49302c ImageList_Duplicate
库: comdlg32.dll:
0x4936b0 ChooseFontA
0x4936b4 ChooseColorA
0x4936b8 GetFileTitleA
0x4936bc GetSaveFileNameA
0x4936c0 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
3houK
8`}<j
T$hVj
DRQPj
T$|Vj
T$th
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
jjjjh
没有防病毒引擎扫描信息!

进程树

_________.exe, PID: 2492, 上一级进程 PID: 2160
csrss2.exe, PID: 2588, 上一级进程 PID: 2492
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
23.223.199.177 美国
43.248.201.209 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49162 23.223.199.177 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
w30255.e2.luyouxia.net 未知 CNAME e2.luyouxia.net
A 43.248.201.209
acroipm.adobe.com A 23.223.199.177
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.223.198.226

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49162 23.223.199.177 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 26.795 seconds )

  • 12.159 Suricata
  • 11.969 NetworkAnalysis
  • 1.013 Static
  • 0.887 BehaviorAnalysis
  • 0.424 TargetInfo
  • 0.315 peid
  • 0.013 Strings
  • 0.011 AnalysisInfo
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 2.016 seconds )

  • 1.511 md_url_bl
  • 0.073 api_spamming
  • 0.066 stealth_decoy_document
  • 0.062 stealth_timeout
  • 0.028 andromeda_behavior
  • 0.026 antisandbox_sleep
  • 0.025 vawtrak_behavior
  • 0.025 antiav_detectreg
  • 0.022 antivm_vmware_events
  • 0.019 betabot_behavior
  • 0.018 cryptowall_behavior
  • 0.015 md_domain_bl
  • 0.014 Locky_behavior
  • 0.011 anomaly_persistence_autorun
  • 0.01 infostealer_ftp
  • 0.006 kovter_behavior
  • 0.006 antiav_detectfile
  • 0.005 antiemu_wine_func
  • 0.005 infostealer_browser_password
  • 0.005 antianalysis_detectreg
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_im
  • 0.004 network_torgateway
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antidbg_windows
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antivm_generic_scsi
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 antivm_vbox_libs
  • 0.001 rat_nanocore
  • 0.001 dridex_behavior
  • 0.001 antivm_generic_services
  • 0.001 kibex_behavior
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.696 seconds )

  • 0.664 ReportHTMLSummary
  • 0.032 Malheur
Task ID 647489
Mongo ID 6102157d7e769a0edea0059f
Cuckoo release 1.4-Maldun