分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp02-2 | 2022-06-12 18:07:00 | 2022-06-12 18:09:18 | 138 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | 菲律宾CF中文字体1.1.exe |
|---|---|
| 文件大小 | 22638592 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | b5a1d6505d88d275af0cfce73e9257d4 |
| SHA1 | 455ad925762788d6f867471ffb23094729dd0bc5 |
| SHA256 | b4ddc6103335ffe0626d15483100ea16d51b1f3443b7a051952811d665c03333 |
| SHA512 | a9e3e16f2227fdd1397d34ee39870acf22c0d8ddd8bdf9b191ec8178aa9b073554a70ce6f66319caea8a192ffd201d1c8f534d89ca20de76b75fbfa26cbd5836 |
| CRC32 | 409F9E53 |
| Ssdeep | 393216:yBAmuJ8wMGFQNYSLWay1SX3lB+sSjXrap:yFuxP1uesF |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0046c761 |
| 声明校验值 | 0x00000000 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2022-06-12 17:59:32 |
| 载入哈希 | 5a57acfe9a5149aec812307ebc8eaed1 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0008aaae | 0x0008b000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.58 |
| .rdata | 0x0008c000 | 0x014f05c6 | 0x014f1000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.85 |
| .data | 0x0157d000 | 0x00038b08 | 0x00014000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.03 |
| .rsrc | 0x015b6000 | 0x00005b1c | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.79 |
导入
库: KERNEL32.dll:
• 0x48c170 RaiseException
• 0x48c174 RtlUnwind
• 0x48c178 GetStartupInfoA
• 0x48c17c GetOEMCP
• 0x48c180 GetCPInfo
• 0x48c184 GetProcessVersion
• 0x48c188 SetErrorMode
• 0x48c18c GlobalFlags
• 0x48c190 GetCurrentThread
• 0x48c194 GetTimeZoneInformation
• 0x48c198 GetFileTime
• 0x48c19c GetFileSize
• 0x48c1a0 TlsGetValue
• 0x48c1a4 LocalReAlloc
• 0x48c1a8 TlsSetValue
• 0x48c1ac TlsFree
• 0x48c1b0 GlobalHandle
• 0x48c1b4 TlsAlloc
• 0x48c1b8 LocalAlloc
• 0x48c1bc lstrcmpA
• 0x48c1c0 GetVersion
• 0x48c1c4 GlobalGetAtomNameA
• 0x48c1c8 GlobalAddAtomA
• 0x48c1cc GlobalFindAtomA
• 0x48c1d0 GlobalDeleteAtom
• 0x48c1d4 lstrcmpiA
• 0x48c1d8 SetEndOfFile
• 0x48c1dc UnlockFile
• 0x48c1e0 LockFile
• 0x48c1e4 FlushFileBuffers
• 0x48c1e8 SetFilePointer
• 0x48c1ec DuplicateHandle
• 0x48c1f0 lstrcpynA
• 0x48c1f4 SetLastError
• 0x48c1f8 FileTimeToLocalFileTime
• 0x48c1fc FileTimeToSystemTime
• 0x48c200 LocalFree
• 0x48c204 InterlockedDecrement
• 0x48c208 InterlockedIncrement
• 0x48c20c GetSystemTime
• 0x48c210 GetLocalTime
• 0x48c214 TerminateProcess
• 0x48c218 HeapSize
• 0x48c21c GetACP
• 0x48c220 UnhandledExceptionFilter
• 0x48c224 FreeEnvironmentStringsA
• 0x48c228 FreeEnvironmentStringsW
• 0x48c22c GetEnvironmentStrings
• 0x48c230 GetEnvironmentStringsW
• 0x48c234 SetHandleCount
• 0x48c238 GetStdHandle
• 0x48c23c GetFileType
• 0x48c240 GetEnvironmentVariableA
• 0x48c244 HeapDestroy
• 0x48c248 HeapCreate
• 0x48c24c VirtualFree
• 0x48c250 SetEnvironmentVariableA
• 0x48c254 LCMapStringA
• 0x48c258 LCMapStringW
• 0x48c25c VirtualAlloc
• 0x48c260 IsBadWritePtr
• 0x48c264 GetStringTypeA
• 0x48c268 GetStringTypeW
• 0x48c26c SetUnhandledExceptionFilter
• 0x48c270 CompareStringA
• 0x48c274 CompareStringW
• 0x48c278 IsBadReadPtr
• 0x48c27c IsBadCodePtr
• 0x48c280 SetStdHandle
• 0x48c284 GetCurrentProcess
• 0x48c288 CreateSemaphoreA
• 0x48c28c ResumeThread
• 0x48c290 ReleaseSemaphore
• 0x48c294 EnterCriticalSection
• 0x48c298 LeaveCriticalSection
• 0x48c29c GetProfileStringA
• 0x48c2a0 WriteFile
• 0x48c2a4 WaitForMultipleObjects
• 0x48c2a8 CreateFileA
• 0x48c2ac SetEvent
• 0x48c2b0 FindResourceA
• 0x48c2b4 LoadResource
• 0x48c2b8 LockResource
• 0x48c2bc ReadFile
• 0x48c2c0 GetModuleFileNameA
• 0x48c2c4 WideCharToMultiByte
• 0x48c2c8 MultiByteToWideChar
• 0x48c2cc GetCurrentThreadId
• 0x48c2d0 ExitProcess
• 0x48c2d4 GlobalSize
• 0x48c2d8 GlobalFree
• 0x48c2dc DeleteCriticalSection
• 0x48c2e0 InitializeCriticalSection
• 0x48c2e4 lstrcatA
• 0x48c2e8 lstrlenA
• 0x48c2ec WinExec
• 0x48c2f0 CloseHandle
• 0x48c2f4 lstrcpyA
• 0x48c2f8 FindNextFileA
• 0x48c2fc GlobalReAlloc
• 0x48c300 HeapFree
• 0x48c304 HeapReAlloc
• 0x48c308 GetProcessHeap
• 0x48c30c HeapAlloc
• 0x48c310 GetFullPathNameA
• 0x48c314 FreeLibrary
• 0x48c318 LoadLibraryA
• 0x48c31c GetLastError
• 0x48c320 GetVersionExA
• 0x48c324 WritePrivateProfileStringA
• 0x48c328 CreateThread
• 0x48c32c CreateEventA
• 0x48c330 Sleep
• 0x48c334 GlobalAlloc
• 0x48c338 GlobalLock
• 0x48c33c GlobalUnlock
• 0x48c340 FindFirstFileA
• 0x48c344 FindClose
• 0x48c348 GetFileAttributesA
• 0x48c34c SetCurrentDirectoryA
• 0x48c350 GetVolumeInformationA
• 0x48c354 GetModuleHandleA
• 0x48c358 GetProcAddress
• 0x48c35c MulDiv
• 0x48c360 GetCommandLineA
• 0x48c364 GetTickCount
• 0x48c368 WaitForSingleObject
库: USER32.dll:
• 0x48c398 GetForegroundWindow
• 0x48c39c LoadIconA
• 0x48c3a0 TranslateMessage
• 0x48c3a4 DrawFrameControl
• 0x48c3a8 DrawEdge
• 0x48c3ac DrawFocusRect
• 0x48c3b0 WindowFromPoint
• 0x48c3b4 GetMessageA
• 0x48c3b8 DispatchMessageA
• 0x48c3bc SetRectEmpty
• 0x48c3c0 RegisterClipboardFormatA
• 0x48c3c4 CreateIconFromResourceEx
• 0x48c3c8 CreateIconFromResource
• 0x48c3cc DrawIconEx
• 0x48c3d0 CreatePopupMenu
• 0x48c3d4 AppendMenuA
• 0x48c3d8 ModifyMenuA
• 0x48c3dc CreateMenu
• 0x48c3e0 CreateAcceleratorTableA
• 0x48c3e4 GetDlgCtrlID
• 0x48c3e8 GetSubMenu
• 0x48c3ec EnableMenuItem
• 0x48c3f0 ClientToScreen
• 0x48c3f4 EnumDisplaySettingsA
• 0x48c3f8 LoadImageA
• 0x48c3fc SystemParametersInfoA
• 0x48c400 ShowWindow
• 0x48c404 IsWindowEnabled
• 0x48c408 TranslateAcceleratorA
• 0x48c40c GetKeyState
• 0x48c410 CopyAcceleratorTableA
• 0x48c414 PostQuitMessage
• 0x48c418 IsZoomed
• 0x48c41c GetClassInfoA
• 0x48c420 DefWindowProcA
• 0x48c424 GetSystemMenu
• 0x48c428 DeleteMenu
• 0x48c42c GetMenu
• 0x48c430 SetMenu
• 0x48c434 PeekMessageA
• 0x48c438 IsIconic
• 0x48c43c SetFocus
• 0x48c440 GetActiveWindow
• 0x48c444 GetWindow
• 0x48c448 DestroyAcceleratorTable
• 0x48c44c SetWindowRgn
• 0x48c450 GetMessagePos
• 0x48c454 ScreenToClient
• 0x48c458 ChildWindowFromPointEx
• 0x48c45c CopyRect
• 0x48c460 LoadBitmapA
• 0x48c464 WinHelpA
• 0x48c468 KillTimer
• 0x48c46c SetTimer
• 0x48c470 ReleaseCapture
• 0x48c474 GetCapture
• 0x48c478 SetCapture
• 0x48c47c GetScrollRange
• 0x48c480 SetScrollRange
• 0x48c484 SetScrollPos
• 0x48c488 SetRect
• 0x48c48c InflateRect
• 0x48c490 IntersectRect
• 0x48c494 DestroyIcon
• 0x48c498 UnregisterClassA
• 0x48c49c OffsetRect
• 0x48c4a0 IsWindowVisible
• 0x48c4a4 EnableWindow
• 0x48c4a8 RedrawWindow
• 0x48c4ac GetWindowLongA
• 0x48c4b0 SetWindowLongA
• 0x48c4b4 GetSysColor
• 0x48c4b8 SetActiveWindow
• 0x48c4bc SetCursorPos
• 0x48c4c0 LoadCursorA
• 0x48c4c4 SetCursor
• 0x48c4c8 GetDC
• 0x48c4cc FillRect
• 0x48c4d0 IsRectEmpty
• 0x48c4d4 ReleaseDC
• 0x48c4d8 IsChild
• 0x48c4dc DestroyMenu
• 0x48c4e0 SetForegroundWindow
• 0x48c4e4 GetWindowRect
• 0x48c4e8 EqualRect
• 0x48c4ec UpdateWindow
• 0x48c4f0 ValidateRect
• 0x48c4f4 InvalidateRect
• 0x48c4f8 GetClientRect
• 0x48c4fc GetFocus
• 0x48c500 GetParent
• 0x48c504 GetTopWindow
• 0x48c508 PostMessageA
• 0x48c50c IsWindow
• 0x48c510 SetParent
• 0x48c514 DestroyCursor
• 0x48c518 SendMessageA
• 0x48c51c SetWindowPos
• 0x48c520 GetWindowTextA
• 0x48c524 GetWindowTextLengthA
• 0x48c528 CharUpperA
• 0x48c52c GetWindowDC
• 0x48c530 BeginPaint
• 0x48c534 EndPaint
• 0x48c538 TabbedTextOutA
• 0x48c53c DrawTextA
• 0x48c540 GrayStringA
• 0x48c544 GetDlgItem
• 0x48c548 DestroyWindow
• 0x48c54c CreateDialogIndirectParamA
• 0x48c550 EndDialog
• 0x48c554 GetNextDlgTabItem
• 0x48c558 GetWindowPlacement
• 0x48c55c RegisterWindowMessageA
• 0x48c560 GetLastActivePopup
• 0x48c564 GetMessageTime
• 0x48c568 RemovePropA
• 0x48c56c CallWindowProcA
• 0x48c570 GetPropA
• 0x48c574 UnhookWindowsHookEx
• 0x48c578 SetPropA
• 0x48c57c GetClassLongA
• 0x48c580 CallNextHookEx
• 0x48c584 SetWindowsHookExA
• 0x48c588 CreateWindowExA
• 0x48c58c GetMenuItemID
• 0x48c590 GetMenuItemCount
• 0x48c594 RegisterClassA
• 0x48c598 GetScrollPos
• 0x48c59c AdjustWindowRectEx
• 0x48c5a0 MapWindowPoints
• 0x48c5a4 SendDlgItemMessageA
• 0x48c5a8 ScrollWindowEx
• 0x48c5ac IsDialogMessageA
• 0x48c5b0 SetWindowTextA
• 0x48c5b4 MoveWindow
• 0x48c5b8 CheckMenuItem
• 0x48c5bc SetMenuItemBitmaps
• 0x48c5c0 GetMenuState
• 0x48c5c4 GetMenuCheckMarkDimensions
• 0x48c5c8 GetClassNameA
• 0x48c5cc GetDesktopWindow
• 0x48c5d0 LoadStringA
• 0x48c5d4 GetSysColorBrush
• 0x48c5d8 MessageBoxA
• 0x48c5dc GetCursorPos
• 0x48c5e0 GetSystemMetrics
• 0x48c5e4 EmptyClipboard
• 0x48c5e8 SetClipboardData
• 0x48c5ec OpenClipboard
• 0x48c5f0 GetClipboardData
• 0x48c5f4 CloseClipboard
• 0x48c5f8 wsprintfA
• 0x48c5fc PtInRect
库: GDI32.dll:
• 0x48c024 Escape
• 0x48c028 GetTextMetricsA
• 0x48c02c TextOutA
• 0x48c030 RectVisible
• 0x48c034 PtVisible
• 0x48c038 GetViewportExtEx
• 0x48c03c ExtTextOutA
• 0x48c040 ExtSelectClipRgn
• 0x48c044 SetBkColor
• 0x48c048 CreateRectRgnIndirect
• 0x48c04c SetStretchBltMode
• 0x48c050 GetClipRgn
• 0x48c054 CreatePolygonRgn
• 0x48c058 SelectClipRgn
• 0x48c05c DeleteObject
• 0x48c060 CreateDIBitmap
• 0x48c064 GetSystemPaletteEntries
• 0x48c068 CreatePalette
• 0x48c06c StretchBlt
• 0x48c070 SelectPalette
• 0x48c074 RealizePalette
• 0x48c078 GetDIBits
• 0x48c07c GetWindowExtEx
• 0x48c080 GetViewportOrgEx
• 0x48c084 GetWindowOrgEx
• 0x48c088 BeginPath
• 0x48c08c EndPath
• 0x48c090 PathToRegion
• 0x48c094 CreateEllipticRgn
• 0x48c098 CreateRoundRectRgn
• 0x48c09c GetTextColor
• 0x48c0a0 GetBkMode
• 0x48c0a4 GetBkColor
• 0x48c0a8 GetROP2
• 0x48c0ac GetStretchBltMode
• 0x48c0b0 GetPolyFillMode
• 0x48c0b4 CreateCompatibleBitmap
• 0x48c0b8 CreateDCA
• 0x48c0bc CreateBitmap
• 0x48c0c0 SetWindowOrgEx
• 0x48c0c4 ScaleViewportExtEx
• 0x48c0c8 SetViewportExtEx
• 0x48c0cc OffsetViewportOrgEx
• 0x48c0d0 SetViewportOrgEx
• 0x48c0d4 SetMapMode
• 0x48c0d8 SetTextColor
• 0x48c0dc SetROP2
• 0x48c0e0 SetPolyFillMode
• 0x48c0e4 SetBkMode
• 0x48c0e8 RestoreDC
• 0x48c0ec SaveDC
• 0x48c0f0 SelectObject
• 0x48c0f4 CreatePen
• 0x48c0f8 PatBlt
• 0x48c0fc CombineRgn
• 0x48c100 CreateRectRgn
• 0x48c104 FillRgn
• 0x48c108 CreateSolidBrush
• 0x48c10c CreateFontIndirectA
• 0x48c110 GetStockObject
• 0x48c114 GetObjectA
• 0x48c118 EndPage
• 0x48c11c EndDoc
• 0x48c120 DeleteDC
• 0x48c124 StartDocA
• 0x48c128 StartPage
• 0x48c12c BitBlt
• 0x48c130 CreateCompatibleDC
• 0x48c134 Ellipse
• 0x48c138 Rectangle
• 0x48c13c LPtoDP
• 0x48c140 DPtoLP
• 0x48c144 GetCurrentObject
• 0x48c148 RoundRect
• 0x48c14c GetTextExtentPoint32A
• 0x48c150 GetDeviceCaps
• 0x48c154 LineTo
• 0x48c158 MoveToEx
• 0x48c15c ExcludeClipRect
• 0x48c160 GetClipBox
• 0x48c164 ScaleWindowExtEx
• 0x48c168 SetWindowExtEx
库: WINMM.dll:
• 0x48c604 waveOutUnprepareHeader
• 0x48c608 waveOutPrepareHeader
• 0x48c60c waveOutWrite
• 0x48c610 waveOutPause
• 0x48c614 waveOutReset
• 0x48c618 waveOutClose
• 0x48c61c waveOutGetNumDevs
• 0x48c620 waveOutOpen
• 0x48c624 midiOutUnprepareHeader
• 0x48c628 midiStreamOpen
• 0x48c62c midiStreamProperty
• 0x48c630 midiOutPrepareHeader
• 0x48c634 midiStreamOut
• 0x48c638 midiStreamStop
• 0x48c63c midiOutReset
• 0x48c640 midiStreamClose
• 0x48c644 midiStreamRestart
库: ADVAPI32.dll:
• 0x48c000 RegOpenKeyExA
• 0x48c004 RegSetValueExA
• 0x48c008 RegCreateKeyExA
• 0x48c00c RegQueryValueA
• 0x48c010 RegCloseKey
库: SHELL32.dll:
• 0x48c380 ShellExecuteA
• 0x48c384 Shell_NotifyIconA
• 0x48c388 SHGetMalloc
• 0x48c38c SHGetPathFromIDListA
• 0x48c390 SHBrowseForFolderA
库: WS2_32.dll:
• 0x48c65c inet_ntoa
• 0x48c660 WSACleanup
• 0x48c664 accept
• 0x48c668 getpeername
• 0x48c66c recv
• 0x48c670 ioctlsocket
• 0x48c674 recvfrom
• 0x48c678 closesocket
• 0x48c67c WSAAsyncSelect
库: comdlg32.dll:
• 0x48c684 ChooseColorA
• 0x48c688 GetOpenFileNameA
• 0x48c68c GetSaveFileNameA
• 0x48c690 GetFileTitleA
.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
T$th
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
jjjjh
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49157 | 104.99.238.89 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 60917 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49157 | 104.99.238.89 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 60917 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 56.821 seconds )
- 35.99 Static
- 10.623 Suricata
- 4.591 TargetInfo
- 4.022 VirusTotal
- 0.949 NetworkAnalysis
- 0.341 peid
- 0.227 BehaviorAnalysis
- 0.053 config_decoder
- 0.012 AnalysisInfo
- 0.011 Strings
- 0.002 Memory
Signatures ( 1.45 seconds )
- 1.303 md_url_bl
- 0.018 antiav_detectreg
- 0.013 api_spamming
- 0.01 stealth_decoy_document
- 0.01 stealth_timeout
- 0.008 infostealer_ftp
- 0.008 md_domain_bl
- 0.005 anomaly_persistence_autorun
- 0.005 antiav_detectfile
- 0.005 infostealer_im
- 0.004 antivm_vbox_libs
- 0.004 antianalysis_detectreg
- 0.004 geodo_banking_trojan
- 0.004 infostealer_bitcoin
- 0.004 ransomware_files
- 0.003 antiemu_wine_func
- 0.003 infostealer_browser_password
- 0.003 kovter_behavior
- 0.003 infostealer_mail
- 0.003 network_http
- 0.003 ransomware_extensions
- 0.002 tinba_behavior
- 0.002 exec_crash
- 0.002 antivm_vbox_files
- 0.002 disables_browser_warn
- 0.001 rat_nanocore
- 0.001 antiav_avast_libs
- 0.001 antivm_vmware_libs
- 0.001 betabot_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 kibex_behavior
- 0.001 antidbg_windows
- 0.001 cerber_behavior
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 md_bad_drop
- 0.001 network_cnc_http
Reporting ( 0.536 seconds )
- 0.53 ReportHTMLSummary
- 0.006 Malheur
| Task ID | 694609 |
|---|---|
| Mongo ID | 62a5bb98dc327b836ca29efb |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号