分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2022-06-17 17:49:04 | 2022-06-17 17:51:15 | 131 秒 |
魔盾分数
1.4
正常的
文件详细信息
| 文件名 | 王者点券随心充.exe |
|---|---|
| 文件大小 | 2101248 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 1b08b5e2f5e396c1018a950a9b5946fa |
| SHA1 | 914406bd44d8a6a0c0156422a45775fdc5bfd398 |
| SHA256 | 53472b0f460a793a40f630cd7df7d3c679c7f8a7d5ca9c4dd43d4186d76c9828 |
| SHA512 | a5334a286028e373e7f8d4b3eb761b76ae22572ca3bf022faaaf4e000e22aa164dfbdc47517b0ad4c310b2819f44102bb7ffb3af2acead62f1b65800e30c4c9e |
| CRC32 | 69823F32 |
| Ssdeep | 24576:6CcXagmF+2MOJa4PAbgCXqa1R5YIlyyuEU0IVvR0Llf44tp2/7RGVxNz3f8K:6pmra4Waa18IlyBRulf4qp2zEXNzf8K |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00478c25 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00201b7b |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2022-06-17 17:47:28 |
| 载入哈希 | 407fee26b723a68b453d13695c50eb53 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00096c7e | 0x00097000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.63 |
| .rdata | 0x00098000 | 0x0013629a | 0x00137000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.45 |
| .data | 0x001cf000 | 0x0004f72a | 0x0001c000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.36 |
| .rsrc | 0x0021f000 | 0x000156b4 | 0x00016000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.88 |
导入
库: WINMM.dll:
• 0x49861c midiStreamOut
• 0x498620 midiOutPrepareHeader
• 0x498624 waveOutWrite
• 0x498628 waveOutPause
• 0x49862c waveOutReset
• 0x498630 waveOutClose
• 0x498634 waveOutGetNumDevs
• 0x498638 waveOutOpen
• 0x49863c midiOutUnprepareHeader
• 0x498640 midiStreamOpen
• 0x498644 midiStreamProperty
• 0x498648 midiStreamStop
• 0x49864c midiOutReset
• 0x498650 midiStreamClose
• 0x498654 midiStreamRestart
• 0x498658 waveOutUnprepareHeader
• 0x49865c waveOutRestart
• 0x498660 waveOutPrepareHeader
库: WS2_32.dll:
• 0x498678 WSACleanup
• 0x49867c inet_ntoa
• 0x498680 closesocket
• 0x498684 getpeername
• 0x498688 accept
• 0x49868c ntohl
• 0x498690 WSAAsyncSelect
• 0x498694 recvfrom
• 0x498698 ioctlsocket
• 0x49869c recv
库: KERNEL32.dll:
• 0x498170 SetFilePointer
• 0x498174 GetFileSize
• 0x498178 GetCurrentProcess
• 0x49817c TerminateProcess
• 0x498180 SetLastError
• 0x498184 GetTimeZoneInformation
• 0x498188 GetVersion
• 0x49818c CreateMutexA
• 0x498190 ReleaseMutex
• 0x498194 TerminateThread
• 0x498198 SuspendThread
• 0x49819c RaiseException
• 0x4981a0 GetLocalTime
• 0x4981a4 GetSystemTime
• 0x4981a8 RtlUnwind
• 0x4981ac GetStartupInfoA
• 0x4981b0 GetOEMCP
• 0x4981b4 GetCPInfo
• 0x4981b8 GetProcessVersion
• 0x4981bc SetErrorMode
• 0x4981c0 GlobalFlags
• 0x4981c4 GetCurrentThread
• 0x4981c8 GetFileTime
• 0x4981cc TlsGetValue
• 0x4981d0 LocalReAlloc
• 0x4981d4 TlsSetValue
• 0x4981d8 TlsFree
• 0x4981dc GlobalHandle
• 0x4981e0 TlsAlloc
• 0x4981e4 LocalAlloc
• 0x4981e8 lstrcmpA
• 0x4981ec GlobalGetAtomNameA
• 0x4981f0 GlobalAddAtomA
• 0x4981f4 GlobalFindAtomA
• 0x4981f8 GlobalDeleteAtom
• 0x4981fc lstrcmpiA
• 0x498200 SetEndOfFile
• 0x498204 UnlockFile
• 0x498208 LockFile
• 0x49820c FlushFileBuffers
• 0x498210 DuplicateHandle
• 0x498214 lstrcpynA
• 0x498218 FileTimeToLocalFileTime
• 0x49821c FileTimeToSystemTime
• 0x498220 LocalFree
• 0x498224 InterlockedDecrement
• 0x498228 InterlockedIncrement
• 0x49822c VirtualAlloc
• 0x498230 IsBadReadPtr
• 0x498234 VirtualFree
• 0x498238 VirtualProtect
• 0x49823c CreateSemaphoreA
• 0x498240 ResumeThread
• 0x498244 ReleaseSemaphore
• 0x498248 EnterCriticalSection
• 0x49824c LeaveCriticalSection
• 0x498250 GetProfileStringA
• 0x498254 WriteFile
• 0x498258 WaitForMultipleObjects
• 0x49825c CreateFileA
• 0x498260 SetEvent
• 0x498264 FindResourceA
• 0x498268 LoadResource
• 0x49826c LockResource
• 0x498270 ReadFile
• 0x498274 GetModuleFileNameA
• 0x498278 WideCharToMultiByte
• 0x49827c MultiByteToWideChar
• 0x498280 GetCurrentThreadId
• 0x498284 ExitProcess
• 0x498288 GlobalSize
• 0x49828c GlobalFree
• 0x498290 DeleteCriticalSection
• 0x498294 InitializeCriticalSection
• 0x498298 lstrcatA
• 0x49829c lstrlenA
• 0x4982a0 WinExec
• 0x4982a4 lstrcpyA
• 0x4982a8 FindNextFileA
• 0x4982ac InterlockedExchange
• 0x4982b0 GlobalReAlloc
• 0x4982b4 HeapFree
• 0x4982b8 HeapReAlloc
• 0x4982bc GetProcessHeap
• 0x4982c0 HeapAlloc
• 0x4982c4 GetFullPathNameA
• 0x4982c8 FreeLibrary
• 0x4982cc LoadLibraryA
• 0x4982d0 GetLastError
• 0x4982d4 GetVersionExA
• 0x4982d8 WritePrivateProfileStringA
• 0x4982dc CreateThread
• 0x4982e0 CreateEventA
• 0x4982e4 Sleep
• 0x4982e8 GlobalAlloc
• 0x4982ec GlobalLock
• 0x4982f0 GlobalUnlock
• 0x4982f4 FindFirstFileA
• 0x4982f8 FindClose
• 0x4982fc GetFileAttributesA
• 0x498300 GetCurrentDirectoryA
• 0x498304 SetCurrentDirectoryA
• 0x498308 GetVolumeInformationA
• 0x49830c GetModuleHandleA
• 0x498310 GetProcAddress
• 0x498314 MulDiv
• 0x498318 GetCommandLineA
• 0x49831c GetTickCount
• 0x498320 WaitForSingleObject
• 0x498324 CloseHandle
• 0x498328 HeapSize
• 0x49832c GetACP
• 0x498330 UnhandledExceptionFilter
• 0x498334 FreeEnvironmentStringsA
• 0x498338 FreeEnvironmentStringsW
• 0x49833c GetEnvironmentStrings
• 0x498340 GetEnvironmentStringsW
• 0x498344 SetHandleCount
• 0x498348 GetStdHandle
• 0x49834c GetFileType
• 0x498350 GetEnvironmentVariableA
• 0x498354 HeapDestroy
• 0x498358 HeapCreate
• 0x49835c SetEnvironmentVariableA
• 0x498360 LCMapStringA
• 0x498364 LCMapStringW
• 0x498368 IsBadWritePtr
• 0x49836c SetUnhandledExceptionFilter
• 0x498370 GetStringTypeA
• 0x498374 GetStringTypeW
• 0x498378 CompareStringA
• 0x49837c CompareStringW
• 0x498380 IsBadCodePtr
• 0x498384 SetStdHandle
库: USER32.dll:
• 0x4983a8 IsIconic
• 0x4983ac SetFocus
• 0x4983b0 GetActiveWindow
• 0x4983b4 GetWindow
• 0x4983b8 DestroyAcceleratorTable
• 0x4983bc SetWindowRgn
• 0x4983c0 GetMessagePos
• 0x4983c4 ScreenToClient
• 0x4983c8 PeekMessageA
• 0x4983cc SetMenu
• 0x4983d0 GetMenu
• 0x4983d4 DeleteMenu
• 0x4983d8 GetSystemMenu
• 0x4983dc DefWindowProcA
• 0x4983e0 GetClassInfoA
• 0x4983e4 ChildWindowFromPointEx
• 0x4983e8 CopyRect
• 0x4983ec LoadBitmapA
• 0x4983f0 WinHelpA
• 0x4983f4 GetSysColorBrush
• 0x4983f8 SystemParametersInfoA
• 0x4983fc LoadImageA
• 0x498400 EnumDisplaySettingsA
• 0x498404 ClientToScreen
• 0x498408 EnableMenuItem
• 0x49840c GetSubMenu
• 0x498410 GetDlgCtrlID
• 0x498414 CreateAcceleratorTableA
• 0x498418 CreateMenu
• 0x49841c ModifyMenuA
• 0x498420 AppendMenuA
• 0x498424 DrawIconEx
• 0x498428 CreateIconFromResource
• 0x49842c CreateIconFromResourceEx
• 0x498430 RegisterClipboardFormatA
• 0x498434 SetRectEmpty
• 0x498438 DispatchMessageA
• 0x49843c GetMessageA
• 0x498440 WindowFromPoint
• 0x498444 DrawFocusRect
• 0x498448 DrawEdge
• 0x49844c DrawFrameControl
• 0x498450 KillTimer
• 0x498454 SetTimer
• 0x498458 ReleaseCapture
• 0x49845c GetCapture
• 0x498460 SetCapture
• 0x498464 GetScrollRange
• 0x498468 SetScrollRange
• 0x49846c SetScrollPos
• 0x498470 SetRect
• 0x498474 InflateRect
• 0x498478 IntersectRect
• 0x49847c DestroyIcon
• 0x498480 LoadStringA
• 0x498484 GetMenuCheckMarkDimensions
• 0x498488 GetMenuState
• 0x49848c SetMenuItemBitmaps
• 0x498490 IsZoomed
• 0x498494 OffsetRect
• 0x498498 IsWindowVisible
• 0x49849c EnableWindow
• 0x4984a0 RedrawWindow
• 0x4984a4 GetWindowLongA
• 0x4984a8 SetWindowLongA
• 0x4984ac GetSysColor
• 0x4984b0 SetActiveWindow
• 0x4984b4 SetCursorPos
• 0x4984b8 LoadCursorA
• 0x4984bc SetCursor
• 0x4984c0 GetDC
• 0x4984c4 FillRect
• 0x4984c8 IsRectEmpty
• 0x4984cc ReleaseDC
• 0x4984d0 IsChild
• 0x4984d4 DestroyMenu
• 0x4984d8 SetForegroundWindow
• 0x4984dc GetWindowRect
• 0x4984e0 EqualRect
• 0x4984e4 UpdateWindow
• 0x4984e8 ValidateRect
• 0x4984ec InvalidateRect
• 0x4984f0 GetClientRect
• 0x4984f4 GetFocus
• 0x4984f8 GetParent
• 0x4984fc GetTopWindow
• 0x498500 PostMessageA
• 0x498504 IsWindow
• 0x498508 SetParent
• 0x49850c DestroyCursor
• 0x498510 SendMessageA
• 0x498514 SetWindowPos
• 0x498518 MessageBoxA
• 0x49851c GetCursorPos
• 0x498520 GetSystemMetrics
• 0x498524 EmptyClipboard
• 0x498528 SetClipboardData
• 0x49852c OpenClipboard
• 0x498530 GetClipboardData
• 0x498534 CloseClipboard
• 0x498538 wsprintfA
• 0x49853c PostQuitMessage
• 0x498540 CopyAcceleratorTableA
• 0x498544 TranslateMessage
• 0x498548 LoadIconA
• 0x49854c SetPropA
• 0x498550 CreateWindowExA
• 0x498554 RegisterClassA
• 0x498558 GetPropA
• 0x49855c DefWindowProcW
• 0x498560 MoveWindow
• 0x498564 GetDesktopWindow
• 0x498568 GetClassNameA
• 0x49856c GetDlgItem
• 0x498570 FindWindowExA
• 0x498574 GetWindowTextA
• 0x498578 GetKeyState
• 0x49857c TranslateAcceleratorA
• 0x498580 IsWindowEnabled
• 0x498584 PtInRect
• 0x498588 ShowWindow
• 0x49858c UnregisterClassA
• 0x498590 CreatePopupMenu
• 0x498594 GetWindowTextLengthA
• 0x498598 CharUpperA
• 0x49859c GetWindowDC
• 0x4985a0 BeginPaint
• 0x4985a4 EndPaint
• 0x4985a8 TabbedTextOutA
• 0x4985ac DrawTextA
• 0x4985b0 GrayStringA
• 0x4985b4 DestroyWindow
• 0x4985b8 CreateDialogIndirectParamA
• 0x4985bc EndDialog
• 0x4985c0 GetNextDlgTabItem
• 0x4985c4 GetWindowPlacement
• 0x4985c8 RegisterWindowMessageA
• 0x4985cc GetForegroundWindow
• 0x4985d0 GetLastActivePopup
• 0x4985d4 GetMessageTime
• 0x4985d8 RemovePropA
• 0x4985dc CallWindowProcA
• 0x4985e0 UnhookWindowsHookEx
• 0x4985e4 GetClassLongA
• 0x4985e8 CallNextHookEx
• 0x4985ec SetWindowsHookExA
• 0x4985f0 GetMenuItemID
• 0x4985f4 GetMenuItemCount
• 0x4985f8 GetScrollPos
• 0x4985fc AdjustWindowRectEx
• 0x498600 MapWindowPoints
• 0x498604 SendDlgItemMessageA
• 0x498608 ScrollWindowEx
• 0x49860c IsDialogMessageA
• 0x498610 SetWindowTextA
• 0x498614 CheckMenuItem
库: GDI32.dll:
• 0x498024 TextOutA
• 0x498028 RectVisible
• 0x49802c PtVisible
• 0x498030 GetViewportExtEx
• 0x498034 ExtSelectClipRgn
• 0x498038 LineTo
• 0x49803c MoveToEx
• 0x498040 ExcludeClipRect
• 0x498044 Ellipse
• 0x498048 Rectangle
• 0x49804c LPtoDP
• 0x498050 DPtoLP
• 0x498054 GetCurrentObject
• 0x498058 RoundRect
• 0x49805c GetTextExtentPoint32A
• 0x498060 GetDeviceCaps
• 0x498064 BeginPath
• 0x498068 ExtTextOutA
• 0x49806c GetViewportOrgEx
• 0x498070 GetWindowExtEx
• 0x498074 GetDIBits
• 0x498078 RealizePalette
• 0x49807c SelectPalette
• 0x498080 StretchBlt
• 0x498084 CreatePalette
• 0x498088 GetSystemPaletteEntries
• 0x49808c CreateDIBitmap
• 0x498090 DeleteObject
• 0x498094 SelectClipRgn
• 0x498098 CreatePolygonRgn
• 0x49809c GetClipRgn
• 0x4980a0 SetStretchBltMode
• 0x4980a4 CreateRectRgnIndirect
• 0x4980a8 SetBkColor
• 0x4980ac GetClipBox
• 0x4980b0 ScaleWindowExtEx
• 0x4980b4 SetWindowExtEx
• 0x4980b8 SetWindowOrgEx
• 0x4980bc ScaleViewportExtEx
• 0x4980c0 SetViewportExtEx
• 0x4980c4 OffsetViewportOrgEx
• 0x4980c8 SetViewportOrgEx
• 0x4980cc SetMapMode
• 0x4980d0 SetTextColor
• 0x4980d4 SetROP2
• 0x4980d8 Escape
• 0x4980dc GetTextMetricsA
• 0x4980e0 CreateCompatibleDC
• 0x4980e4 BitBlt
• 0x4980e8 StartPage
• 0x4980ec StartDocA
• 0x4980f0 DeleteDC
• 0x4980f4 EndDoc
• 0x4980f8 EndPage
• 0x4980fc CreateFontIndirectA
• 0x498100 GetStockObject
• 0x498104 CreateSolidBrush
• 0x498108 FillRgn
• 0x49810c CreateRectRgn
• 0x498110 CombineRgn
• 0x498114 PatBlt
• 0x498118 CreatePen
• 0x49811c GetObjectA
• 0x498120 SelectObject
• 0x498124 CreateBitmap
• 0x498128 SetPolyFillMode
• 0x49812c SetBkMode
• 0x498130 RestoreDC
• 0x498134 SaveDC
• 0x498138 CreateDCA
• 0x49813c CreateCompatibleBitmap
• 0x498140 GetPolyFillMode
• 0x498144 GetStretchBltMode
• 0x498148 GetROP2
• 0x49814c GetBkColor
• 0x498150 GetBkMode
• 0x498154 GetTextColor
• 0x498158 EndPath
• 0x49815c CreateEllipticRgn
• 0x498160 GetWindowOrgEx
• 0x498164 CreateRoundRectRgn
• 0x498168 PathToRegion
库: ADVAPI32.dll:
• 0x498000 RegOpenKeyExA
• 0x498004 RegSetValueExA
• 0x498008 RegQueryValueA
• 0x49800c RegCreateKeyExA
• 0x498010 RegCloseKey
库: comdlg32.dll:
• 0x4986a4 ChooseColorA
• 0x4986a8 GetFileTitleA
• 0x4986ac GetSaveFileNameA
• 0x4986b0 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
8`}<j
T$Hh\,]
T$th
T$|hp,]
D$|hl,]
D$@Sj
L$8h
D$8Rj
l$<VWj
D$,RVhd-]
tEh(.]
PWhx.]
|$$h /]
t*h\/]
T$$Rh()\
l$lh$7]
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
D$0h
T$,Qj
NpRQj
t$<Vj
T$<h
D$(hF
D$(h
T$Dhb
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.202.34.153 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 63246 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.202.34.153 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 63246 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 19.714 seconds )
- 11.261 Suricata
- 5.547 Static
- 1.751 NetworkAnalysis
- 0.613 TargetInfo
- 0.354 peid
- 0.158 BehaviorAnalysis
- 0.011 AnalysisInfo
- 0.011 Strings
- 0.005 config_decoder
- 0.003 Memory
Signatures ( 1.473 seconds )
- 1.334 md_url_bl
- 0.016 antiav_detectreg
- 0.009 api_spamming
- 0.009 md_domain_bl
- 0.007 stealth_timeout
- 0.007 antiav_detectfile
- 0.007 infostealer_ftp
- 0.006 stealth_decoy_document
- 0.005 anomaly_persistence_autorun
- 0.005 kovter_behavior
- 0.005 geodo_banking_trojan
- 0.005 infostealer_bitcoin
- 0.004 antiemu_wine_func
- 0.004 infostealer_browser_password
- 0.004 infostealer_im
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 antianalysis_detectreg
- 0.003 antivm_vbox_files
- 0.003 infostealer_mail
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 rat_nanocore
- 0.002 browser_security
- 0.002 disables_browser_warn
- 0.002 md_bad_drop
- 0.001 network_tor
- 0.001 mimics_filetime
- 0.001 maldun_anomaly_massive_file_ops
- 0.001 betabot_behavior
- 0.001 reads_self
- 0.001 kibex_behavior
- 0.001 antidbg_windows
- 0.001 cerber_behavior
- 0.001 antidbg_devices
- 0.001 antivm_parallels_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 modify_proxy
- 0.001 maldun_malicious_drop_executable_file_to_temp_folder
- 0.001 network_cnc_http
Reporting ( 0.539 seconds )
- 0.531 ReportHTMLSummary
- 0.008 Malheur
| Task ID | 695506 |
|---|---|
| Mongo ID | 62ac4ed6dc327be694b10142 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号