比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-05-15 00:37:22 2022-05-15 00:39:32 130 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 Q3118541619.exe
文件大小 831488 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 34a6e3d97d23b95fb85044f5a20c61c1
SHA1 5aa9872b4e42bc7082b86711f93f5fd7545bc5ef
SHA256 084518f1508ddcc9c7a78ee8ec38e56ab5d849db0b9bd770755dda20ec3e9359
SHA512 c84d6f6320203fc6858a2a329ab589ac949fef57318a663e817a5833f8c7737368a87cf636fc0c8fe9da74588bcbcaa8fc8fe492e30d283de95ed5afba261b69
CRC32 5AC6DB87
Ssdeep 6144:51xldOdetmcmE0UK4ayZ/mi0YQZBYsXuGIQcHq0ur+cemjSNucfB+gUcjeKWwA3W:51xfhBmE0UD3wh2GZcKFsuSB+P8dx0x0
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00465045
声明校验值 0x00000000
实际校验值 0x000cb6a5
最低操作系统版本要求 4.0
编译时间 2022-05-15 00:32:57
载入哈希 2f64fd357bfd687da20c83b887f50c6e
图标
图标精确哈希值 103be1234135016f49546172256ac69b
图标相似性哈希值 1b88b79677df33c000bd8eb4cc66430b

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0008311e 0x00084000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x00085000 0x00017ca0 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.88
.data 0x0009d000 0x0002db48 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.97
.rsrc 0x000cb000 0x0001bc84 0x0001c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.92

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x000cbdc8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x000cbdc8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x000cbdc8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x000cc2b8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000cc2b8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000cc2b8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000cc2b8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000cdb2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_ICON 0x000e4628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 3.60 GLS_BINARY_LSB_FIRST
RT_MENU 0x000e4a9c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x000e4a9c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000e5ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000e672c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x000e6778 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000e6778 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000e6778 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x000e6844 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000e6844 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000e6844 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x000e6858 0x0000025c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.25 data
RT_MANIFEST 0x000e6ab4 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: KERNEL32.dll:
0x485170 GlobalUnlock
0x485174 GlobalLock
0x485178 GlobalAlloc
0x48517c Sleep
0x485180 SetEndOfFile
0x485184 UnlockFile
0x485188 LockFile
0x48518c FlushFileBuffers
0x485190 SetFilePointer
0x485194 GetCurrentProcess
0x485198 DuplicateHandle
0x48519c lstrcpynA
0x4851a0 SetLastError
0x4851ac FindFirstFileA
0x4851b0 SetStdHandle
0x4851b4 IsBadCodePtr
0x4851b8 IsBadReadPtr
0x4851bc CompareStringW
0x4851c0 CompareStringA
0x4851c8 GetStringTypeW
0x4851cc GetStringTypeA
0x4851d0 IsBadWritePtr
0x4851d4 VirtualAlloc
0x4851d8 LCMapStringW
0x4851dc LCMapStringA
0x4851e4 VirtualFree
0x4851e8 HeapCreate
0x4851ec HeapDestroy
0x4851f4 GetFileType
0x4851f8 GetStdHandle
0x4851fc SetHandleCount
0x485214 GetACP
0x485218 HeapSize
0x48521c TerminateProcess
0x485220 GetLocalTime
0x485224 GetSystemTime
0x48522c LocalFree
0x485234 CreateSemaphoreA
0x485238 ResumeThread
0x48523c ReleaseSemaphore
0x485248 GetProfileStringA
0x48524c WriteFile
0x485254 CreateFileA
0x485258 SetEvent
0x48525c FindResourceA
0x485260 LoadResource
0x485264 LockResource
0x485268 ReadFile
0x48526c GetModuleFileNameA
0x485270 WideCharToMultiByte
0x485274 MultiByteToWideChar
0x485278 GetCurrentThreadId
0x48527c ExitProcess
0x485280 GlobalSize
0x485284 GlobalFree
0x485290 lstrcatA
0x485294 lstrlenA
0x485298 WinExec
0x48529c lstrcpyA
0x4852a0 FindNextFileA
0x4852a4 GlobalReAlloc
0x4852a8 HeapFree
0x4852ac HeapReAlloc
0x4852b0 GetProcessHeap
0x4852b4 HeapAlloc
0x4852b8 GetFullPathNameA
0x4852bc FreeLibrary
0x4852c0 LoadLibraryA
0x4852c4 GetLastError
0x4852c8 GetVersionExA
0x4852d0 CreateThread
0x4852d4 CreateEventA
0x4852d8 RaiseException
0x4852dc RtlUnwind
0x4852e0 GetStartupInfoA
0x4852e4 GetOEMCP
0x4852e8 GetCPInfo
0x4852ec GetProcessVersion
0x4852f0 SetErrorMode
0x4852f4 GlobalFlags
0x4852f8 GetCurrentThread
0x4852fc GetFileTime
0x485300 GetFileSize
0x485304 TlsGetValue
0x485308 LocalReAlloc
0x48530c TlsSetValue
0x485310 TlsFree
0x485314 GlobalHandle
0x485318 FindClose
0x48531c GetFileAttributesA
0x485320 DeleteFileA
0x485328 TlsAlloc
0x48532c LocalAlloc
0x485330 lstrcmpA
0x485334 GetVersion
0x485338 GlobalGetAtomNameA
0x48533c GlobalAddAtomA
0x485340 GlobalFindAtomA
0x485344 GlobalDeleteAtom
0x485348 lstrcmpiA
0x485350 GetModuleHandleA
0x485354 GetProcAddress
0x485358 MulDiv
0x48535c GetCommandLineA
0x485360 GetTickCount
0x485364 WaitForSingleObject
0x485368 CloseHandle
库: USER32.dll:
0x485390 OpenClipboard
0x485394 SetClipboardData
0x485398 EmptyClipboard
0x48539c GetSystemMetrics
0x4853a0 GetCursorPos
0x4853a4 MessageBoxA
0x4853a8 SetWindowPos
0x4853ac SendMessageA
0x4853b0 DestroyCursor
0x4853b4 SetParent
0x4853b8 GetClipboardData
0x4853bc PostMessageA
0x4853c0 GetTopWindow
0x4853c4 GetParent
0x4853c8 CloseClipboard
0x4853cc wsprintfA
0x4853d0 GetFocus
0x4853d4 GetClientRect
0x4853d8 InvalidateRect
0x4853dc ValidateRect
0x4853e0 UpdateWindow
0x4853e4 EqualRect
0x4853e8 GetWindowRect
0x4853ec SetForegroundWindow
0x4853f0 IsWindow
0x4853f4 RegisterClassA
0x4853f8 DestroyMenu
0x4853fc IsChild
0x485400 ReleaseDC
0x485404 IsRectEmpty
0x485408 FillRect
0x48540c GetDC
0x485410 SetCursor
0x485414 LoadCursorA
0x485418 SetCursorPos
0x48541c SetActiveWindow
0x485420 GetSysColor
0x485424 SetWindowLongA
0x485428 GetWindowLongA
0x48542c RedrawWindow
0x485430 EnableWindow
0x485434 IsWindowVisible
0x485438 OffsetRect
0x48543c PtInRect
0x485440 DestroyIcon
0x485444 IntersectRect
0x485448 InflateRect
0x48544c SetRect
0x485450 SetScrollPos
0x485454 SetScrollRange
0x485458 GetScrollRange
0x48545c SetCapture
0x485460 LoadIconA
0x485464 TranslateMessage
0x485468 DrawFrameControl
0x48546c DrawEdge
0x485470 DrawFocusRect
0x485474 WindowFromPoint
0x485478 GetMessageA
0x48547c DispatchMessageA
0x485480 SetRectEmpty
0x485490 DrawIconEx
0x485494 CreatePopupMenu
0x485498 AppendMenuA
0x48549c ModifyMenuA
0x4854a0 CreateMenu
0x4854a8 GetDlgCtrlID
0x4854ac GetSubMenu
0x4854b0 EnableMenuItem
0x4854b4 ClientToScreen
0x4854bc LoadImageA
0x4854c4 ShowWindow
0x4854c8 IsWindowEnabled
0x4854d0 GetKeyState
0x4854d8 PostQuitMessage
0x4854dc IsZoomed
0x4854e0 GetClassInfoA
0x4854e4 DefWindowProcA
0x4854e8 GetSystemMenu
0x4854ec DeleteMenu
0x4854f0 GetMenu
0x4854f4 SetMenu
0x4854f8 PeekMessageA
0x4854fc GetWindowTextA
0x485504 CharUpperA
0x485508 GetWindowDC
0x48550c BeginPaint
0x485510 EndPaint
0x485514 TabbedTextOutA
0x485518 DrawTextA
0x48551c GrayStringA
0x485520 GetDlgItem
0x485524 DestroyWindow
0x48552c EndDialog
0x485530 GetNextDlgTabItem
0x485534 GetWindowPlacement
0x48553c GetForegroundWindow
0x485540 GetLastActivePopup
0x485544 GetMessageTime
0x485548 RemovePropA
0x48554c CallWindowProcA
0x485550 GetPropA
0x485554 UnhookWindowsHookEx
0x485558 SetPropA
0x48555c GetClassLongA
0x485560 CallNextHookEx
0x485564 SetWindowsHookExA
0x485568 CreateWindowExA
0x48556c GetMenuItemID
0x485570 GetMenuItemCount
0x485574 UnregisterClassA
0x485578 GetScrollPos
0x48557c AdjustWindowRectEx
0x485580 MapWindowPoints
0x485584 SendDlgItemMessageA
0x485588 ScrollWindowEx
0x48558c IsDialogMessageA
0x485590 SetWindowTextA
0x485594 MoveWindow
0x485598 CheckMenuItem
0x48559c SetMenuItemBitmaps
0x4855a0 GetMenuState
0x4855a8 GetClassNameA
0x4855ac GetDesktopWindow
0x4855b0 LoadStringA
0x4855b4 GetSysColorBrush
0x4855b8 IsIconic
0x4855bc SetFocus
0x4855c0 GetActiveWindow
0x4855c4 GetWindow
0x4855cc SetWindowRgn
0x4855d0 GetMessagePos
0x4855d4 ScreenToClient
0x4855dc CopyRect
0x4855e0 LoadBitmapA
0x4855e4 WinHelpA
0x4855e8 KillTimer
0x4855ec SetTimer
0x4855f0 ReleaseCapture
0x4855f4 GetCapture
库: GDI32.dll:
0x485024 ScaleWindowExtEx
0x485028 SetBkColor
0x485030 SetStretchBltMode
0x485034 GetClipRgn
0x485038 CreatePolygonRgn
0x48503c SelectClipRgn
0x485040 DeleteObject
0x485044 CreateDIBitmap
0x48504c CreatePalette
0x485050 StretchBlt
0x485054 SelectPalette
0x485058 RealizePalette
0x48505c GetDIBits
0x485060 GetWindowExtEx
0x485064 GetViewportOrgEx
0x485068 GetWindowOrgEx
0x48506c BeginPath
0x485070 EndPath
0x485074 PathToRegion
0x485078 CreateEllipticRgn
0x48507c CreateRoundRectRgn
0x485080 GetTextColor
0x485084 GetBkMode
0x485088 GetBkColor
0x48508c GetROP2
0x485090 GetStretchBltMode
0x485094 GetPolyFillMode
0x48509c CreateDCA
0x4850a0 CreateBitmap
0x4850a4 SelectObject
0x4850a8 GetObjectA
0x4850ac CreatePen
0x4850b0 PatBlt
0x4850b4 CombineRgn
0x4850b8 CreateRectRgn
0x4850bc FillRgn
0x4850c0 CreateSolidBrush
0x4850c4 GetStockObject
0x4850c8 CreateFontIndirectA
0x4850cc EndPage
0x4850d0 EndDoc
0x4850d4 DeleteDC
0x4850d8 StartDocA
0x4850dc StartPage
0x4850e0 BitBlt
0x4850e4 CreateCompatibleDC
0x4850e8 Ellipse
0x4850ec Rectangle
0x4850f0 LPtoDP
0x4850f4 DPtoLP
0x4850f8 GetCurrentObject
0x4850fc RoundRect
0x485104 GetDeviceCaps
0x485108 SaveDC
0x48510c RestoreDC
0x485110 SetBkMode
0x485114 SetPolyFillMode
0x485118 SetROP2
0x48511c SetTextColor
0x485120 SetMapMode
0x485124 SetViewportOrgEx
0x485128 OffsetViewportOrgEx
0x48512c SetViewportExtEx
0x485130 ScaleViewportExtEx
0x485134 SetWindowOrgEx
0x485138 SetWindowExtEx
0x48513c GetClipBox
0x485140 ExcludeClipRect
0x485144 MoveToEx
0x485148 GetTextMetricsA
0x48514c Escape
0x485150 ExtTextOutA
0x485154 TextOutA
0x485158 RectVisible
0x48515c PtVisible
0x485160 GetViewportExtEx
0x485164 ExtSelectClipRgn
0x485168 LineTo
库: WINMM.dll:
0x4855fc midiStreamRestart
0x485600 midiStreamClose
0x485604 midiOutReset
0x485608 midiStreamStop
0x48560c midiStreamOut
0x485614 midiStreamProperty
0x485618 midiStreamOpen
0x485620 waveOutOpen
0x485624 waveOutGetNumDevs
0x485628 waveOutClose
0x48562c waveOutReset
0x485630 waveOutPause
0x485634 waveOutWrite
库: WINSPOOL.DRV:
0x485644 ClosePrinter
0x485648 DocumentPropertiesA
0x48564c OpenPrinterA
库: ADVAPI32.dll:
0x485000 RegCloseKey
0x485004 RegOpenKeyExA
0x485008 RegSetValueExA
0x48500c RegQueryValueA
0x485010 RegCreateKeyExA
库: SHELL32.dll:
0x485384 ShellExecuteA
0x485388 Shell_NotifyIconA
库: ole32.dll:
0x485690 OleInitialize
0x485694 OleUninitialize
0x485698 CLSIDFromString
库: OLEAUT32.dll:
0x485374 UnRegisterTypeLib
0x485378 RegisterTypeLib
0x48537c LoadTypeLib
库: COMCTL32.dll:
0x485018 ImageList_Destroy
0x48501c None
库: WS2_32.dll:
0x485654 ioctlsocket
0x485658 recv
0x48565c getpeername
0x485660 accept
0x485664 recvfrom
0x485668 WSAAsyncSelect
0x48566c closesocket
0x485670 inet_ntoa
0x485674 WSACleanup
库: comdlg32.dll:
0x48567c ChooseColorA
0x485680 GetSaveFileNameA
0x485684 GetOpenFileNameA
0x485688 GetFileTitleA
.text
`.rdata
@.data
.rsrc
3h}mH
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
8`}<j
T$th
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
PhH[J
}'h
9^xu5j
没有防病毒引擎扫描信息!

进程树

Q3118541619.exe, PID: 2512, 上一级进程 PID: 2248
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.223.199.177 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.223.199.177 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 17.435 seconds )

  • 11.351 Suricata
  • 3.358 VirusTotal
  • 0.953 Static
  • 0.946 NetworkAnalysis
  • 0.417 TargetInfo
  • 0.317 peid
  • 0.068 BehaviorAnalysis
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 1.479 seconds )

  • 1.377 md_url_bl
  • 0.018 antiav_detectreg
  • 0.009 md_domain_bl
  • 0.007 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 ransomware_files
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_im
  • 0.004 ransomware_extensions
  • 0.003 api_spamming
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 stealth_decoy_document
  • 0.002 stealth_timeout
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.656 seconds )

  • 0.618 ReportHTMLSummary
  • 0.038 Malheur
Task ID 690624
Mongo ID 627fdb637e769a0e2c5dbd5d
Cuckoo release 1.4-Maldun