分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2021-11-11 17:37:50 | 2021-11-11 17:39:57 | 127 秒 |
魔盾分数
0.75
正常的
文件详细信息
| 文件名 | 古韵Steam多账号管理.exe |
|---|---|
| 文件大小 | 428062 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | a186f1aafe734216e1999309fd3869cf |
| SHA1 | 0d8f6c04e53ae6faeaa5b2730bdaf8a3ebe1e16f |
| SHA256 | 6f87331e5ab54a985cbd3179c9d3ac9328419dcbe6246782cb13e0677ffc3b69 |
| SHA512 | 80db8bebb65af71dd322b92b242509127065e2d363522d848c6aca8a348245dd9f4351c69861811886fedee30690c753ad451a5fa21e5e0f4202effa1d72ee4b |
| CRC32 | B98790D4 |
| Ssdeep | 6144:jEGGDQuDhkOaJfV1QKSnzzsdQeaL8o/OIsFzGyPocLmULssmmkItIcwjVNjrYPr:hGDQu+bV13SnzoW8AOIsF3w83tIxnQr |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0057d92e |
| 声明校验值 | 0x0006c1a6 |
| 实际校验值 | 0x0006c1a6 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2021-11-10 21:16:05 |
| 载入哈希 | a6c57dd70b0006d206f2abd755d6ec26 |
| 图标 |  |
| 图标精确哈希值 | 4876b3f84a26a3f196bf2566a92f7d6c |
| 图标相似性哈希值 | 35119f86f6fec211a5e0ede051ccfeda |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PEiD 规则
| [u'NsPack 2.9 -> North Star'] |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .panda0 | 0x00001000 | 0x00177000 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .panda1 | 0x00178000 | 0x00069000 | 0x0006841e | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.96 |
| .panda2 | 0x001e1000 | 0x00001266 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x0016bdc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| TEXTINCLUDE | 0x0016bdc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| TEXTINCLUDE | 0x0016bdc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| WAVE | 0x0016bf14 | 0x00001448 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_CURSOR | 0x0016d8e0 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_CURSOR | 0x0016d8e0 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_CURSOR | 0x0016d8e0 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_CURSOR | 0x0016d8e0 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_CURSOR | 0x0016d8e0 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_CURSOR | 0x0016d8e0 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_BITMAP | 0x0016f1d4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_ICON | 0x001792c0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.93 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
| RT_ICON | 0x001792c0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.93 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
| RT_ICON | 0x001792c0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.93 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
| RT_MENU | 0x0017395c | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_MENU | 0x0017395c | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_DIALOG | 0x00174ba4 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_STRING | 0x001755ec | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_GROUP_CURSOR | 0x00175660 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_GROUP_CURSOR | 0x00175660 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_GROUP_CURSOR | 0x00175660 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_GROUP_CURSOR | 0x00175660 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_GROUP_CURSOR | 0x00175660 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_GROUP_ICON | 0x001756ac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_GROUP_ICON | 0x001756ac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_GROUP_ICON | 0x001756ac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_VERSION | 0x00178db8 | 0x0000024c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.44 | data |
| RT_MANIFEST | 0x00179004 | 0x000002b9 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.02 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库: KERNEL32.DLL:
• 0x57d594 LoadLibraryA
• 0x57d598 GetProcAddress
• 0x57d59c VirtualProtect
• 0x57d5a0 VirtualAlloc
• 0x57d5a4 VirtualFree
• 0x57d5a8 ExitProcess
库: MSVFW32.DLL:
• 0x57d5b0 DrawDibDraw
库: AVIFIL32.DLL:
• 0x57d5b8 AVIStreamGetFrame
库: WINMM.DLL:
• 0x57d5c0 midiStreamStop
库: WS2_32.DLL:
• 0x57d5c8 ntohl
库: USER32.DLL:
• 0x57d5d0 GetSysColorBrush
库: GDI32.DLL:
• 0x57d5d8 RoundRect
库: WINSPOOL.DRV:
• 0x57d5e0 OpenPrinterA
库: COMDLG32.DLL:
• 0x57d5e8 ChooseColorA
库: ADVAPI32.DLL:
• 0x57d5f0 RegQueryValueExA
库: SHELL32.DLL:
• 0x57d5f8 SHGetSpecialFolderPathA
库: OLE32.DLL:
• 0x57d600 OleInitialize
库: OLEAUT32.DLL:
• 0x57d608 RegisterTypeLib
库: COMCTL32.DLL:
• 0x57d610 ImageList_SetBkColor
.panda0
.panda1
.panda2
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security></trustInfo></assembly>
&*-;%),
'+.,'+-
'+.*'+.
&*-| $(
&*-J%),
9?CF9?C
9?Cv9?C
9?C&9?C
9?C(9?C
9?Co9?C
9?C79?C
9?Ce9?C
9?C79?C
9?C(9?C
KERNEL32.DLL
MSVFW32.DLL
AVIFIL32.DLL
WINMM.DLL
WS2_32.DLL
USER32.DLL
GDI32.DLL
WINSPOOL.DRV
COMDLG32.DLL
ADVAPI32.DLL
SHELL32.DLL
OLE32.DLL
OLEAUT32.DLL
COMCTL32.DLL
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
DrawDibDraw
AVIStreamGetFrame
midiStreamStop
GetSysColorBrush
RoundRect
OpenPrinterA
ChooseColorA
RegQueryValueExA
SHGetSpecialFolderPathA
OleInitialize
ImageList_SetBkColor
U.X-.]_
v;A|&
U|b47
D?;{b
vd!_^
Vu++-As
IEXT_IDB_STATEIMAGES
IEXT2_IDC_HORZLINEMOVECURSOR
IEXT2_IDC_VERTLINEMOVECURSOR
DEFAULT_ICON
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.3.0.0
FileDescription
ProductName
ProductVersion
1.3.0.0
CompanyName
LegalCopyright
guyunsq.com
Comments
guyunsq.com
VarFileInfo
Translation
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 96.16.122.56 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 96.16.122.56 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 14.425 seconds )
- 11.233 Suricata
- 1.282 NetworkAnalysis
- 0.819 Static
- 0.374 peid
- 0.343 BehaviorAnalysis
- 0.331 TargetInfo
- 0.027 AnalysisInfo
- 0.011 Strings
- 0.004 Memory
- 0.001 config_decoder
Signatures ( 1.536 seconds )
- 1.34 md_url_bl
- 0.02 antiav_detectreg
- 0.019 api_spamming
- 0.014 stealth_decoy_document
- 0.014 stealth_timeout
- 0.009 md_domain_bl
- 0.008 antivm_vbox_libs
- 0.008 infostealer_ftp
- 0.006 antiemu_wine_func
- 0.006 kovter_behavior
- 0.006 antiav_detectfile
- 0.005 anomaly_persistence_autorun
- 0.005 infostealer_browser_password
- 0.005 antidbg_windows
- 0.005 infostealer_im
- 0.004 exec_crash
- 0.004 antianalysis_detectreg
- 0.004 geodo_banking_trojan
- 0.004 infostealer_bitcoin
- 0.004 ransomware_files
- 0.003 antisandbox_sunbelt_libs
- 0.003 antivm_vbox_files
- 0.003 infostealer_mail
- 0.003 network_http
- 0.003 ransomware_extensions
- 0.002 tinba_behavior
- 0.002 rat_nanocore
- 0.002 antiav_avast_libs
- 0.002 antivm_vmware_libs
- 0.002 maldun_anomaly_massive_file_ops
- 0.002 antisandbox_sboxie_libs
- 0.002 antiav_bitdefender_libs
- 0.002 disables_browser_warn
- 0.001 antivm_vbox_window
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 cerber_behavior
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 network_cnc_http
Reporting ( 0.568 seconds )
- 0.529 ReportHTMLSummary
- 0.039 Malheur
| Task ID | 664279 |
|---|---|
| Mongo ID | 618ce50a7e769a7a56d6ab67 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号