分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-07-01 20:55:23 2022-07-01 20:57:35 132 秒

魔盾分数

1.75

正常的

文件详细信息

文件名 ROOT免费版.exe
文件大小 1404928 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 ebe6cfb0d265a7e425a4bb84c17df633
SHA1 31bc7e38d15d713cae358c1d40dd79565b6cd2f3
SHA256 7552aa3bddca49f2fc324953cd79227da21fd7e969f65ba4ad678bb6c1b58fe4
SHA512 e3607f4cc0347e39c2a77352e18b3a8f486a89662db954dc4bbc013709dbf2c2a2cf22f9f6143d5a182cf5b4e9b90f24f585b3315ab0d10edb3c1a2a33a47df0
CRC32 8866A197
Ssdeep 24576:uJf4qJ89L+TSJNRBf4ujNHEgfyz2cJzC6yYBlAJV3emgjmY4:EaSSD4uSnz/Blq3TgQ
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0048cd09
声明校验值 0x00000000
实际校验值 0x00160127
最低操作系统版本要求 4.0
编译时间 2022-07-01 20:00:04
载入哈希 231440c11b542500389559836205422a

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000aabae 0x000ab000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.62
.rdata 0x000ac000 0x000844e2 0x00085000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.39
.data 0x00131000 0x0004354a 0x0001c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.00
.rsrc 0x00175000 0x0000910c 0x0000a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.81

导入

库: WINMM.dll:
0x4ac624 midiStreamOut
0x4ac62c waveOutWrite
0x4ac630 waveOutPause
0x4ac634 waveOutReset
0x4ac638 waveOutClose
0x4ac63c waveOutGetNumDevs
0x4ac640 waveOutOpen
0x4ac648 midiStreamOpen
0x4ac64c midiStreamProperty
0x4ac650 midiStreamStop
0x4ac654 midiOutReset
0x4ac658 midiStreamClose
0x4ac65c midiStreamRestart
库: WS2_32.dll:
0x4ac67c WSACleanup
0x4ac680 closesocket
0x4ac684 getpeername
0x4ac688 accept
0x4ac68c WSAAsyncSelect
0x4ac690 recvfrom
0x4ac694 ioctlsocket
0x4ac698 inet_ntoa
0x4ac69c recv
库: KERNEL32.dll:
0x4ac17c GetFileSize
0x4ac180 TerminateProcess
0x4ac184 SetLastError
0x4ac18c GetVersion
0x4ac198 SetFilePointer
0x4ac1a0 lstrcmpiA
0x4ac1ac GetACP
0x4ac1b0 HeapSize
0x4ac1b4 RaiseException
0x4ac1b8 GetLocalTime
0x4ac1bc GetSystemTime
0x4ac1c0 RtlUnwind
0x4ac1c4 GetStartupInfoA
0x4ac1c8 GetOEMCP
0x4ac1cc GetCPInfo
0x4ac1d0 GetProcessVersion
0x4ac1d4 SetErrorMode
0x4ac1d8 GlobalFlags
0x4ac1dc GetCurrentThread
0x4ac1e0 GetFileTime
0x4ac1e4 TlsGetValue
0x4ac1e8 LocalReAlloc
0x4ac1ec TlsSetValue
0x4ac1f0 TlsFree
0x4ac1f4 GlobalHandle
0x4ac1f8 TlsAlloc
0x4ac1fc LocalAlloc
0x4ac200 lstrcmpA
0x4ac204 GlobalGetAtomNameA
0x4ac208 GlobalAddAtomA
0x4ac20c GlobalFindAtomA
0x4ac210 GlobalDeleteAtom
0x4ac214 SetEndOfFile
0x4ac218 UnlockFile
0x4ac21c LockFile
0x4ac220 FlushFileBuffers
0x4ac224 DuplicateHandle
0x4ac228 lstrcpynA
0x4ac234 LocalFree
0x4ac238 GetCurrentProcess
0x4ac240 GetSystemDirectoryA
0x4ac244 CreateSemaphoreA
0x4ac248 ResumeThread
0x4ac24c ReleaseSemaphore
0x4ac258 GetProfileStringA
0x4ac25c WriteFile
0x4ac264 CreateFileA
0x4ac268 SetEvent
0x4ac26c FindResourceA
0x4ac270 LoadResource
0x4ac274 LockResource
0x4ac278 ReadFile
0x4ac27c RemoveDirectoryA
0x4ac280 GetModuleFileNameA
0x4ac284 WideCharToMultiByte
0x4ac288 MultiByteToWideChar
0x4ac28c GetCurrentThreadId
0x4ac290 ExitProcess
0x4ac294 GlobalSize
0x4ac298 GlobalFree
0x4ac29c InterlockedExchange
0x4ac2a8 lstrcatA
0x4ac2ac lstrlenA
0x4ac2b0 WinExec
0x4ac2b4 lstrcpyA
0x4ac2b8 FindNextFileA
0x4ac2bc GlobalReAlloc
0x4ac2c0 HeapFree
0x4ac2c4 HeapReAlloc
0x4ac2c8 GetProcessHeap
0x4ac2cc HeapAlloc
0x4ac2d0 GetFullPathNameA
0x4ac2d4 FreeLibrary
0x4ac2d8 LoadLibraryA
0x4ac2dc GetLastError
0x4ac2e0 GetVersionExA
0x4ac2e8 CreateThread
0x4ac2ec CreateEventA
0x4ac2f0 Sleep
0x4ac2f4 GlobalAlloc
0x4ac2f8 GlobalLock
0x4ac2fc GlobalUnlock
0x4ac300 GetTempPathA
0x4ac304 FindFirstFileA
0x4ac308 FindClose
0x4ac30c SetFileAttributesA
0x4ac310 GetFileAttributesA
0x4ac314 DeleteFileA
0x4ac320 GetModuleHandleA
0x4ac324 GetProcAddress
0x4ac328 MulDiv
0x4ac32c GetCommandLineA
0x4ac330 GetTickCount
0x4ac334 WaitForSingleObject
0x4ac338 CloseHandle
0x4ac348 SetHandleCount
0x4ac34c GetStdHandle
0x4ac350 GetFileType
0x4ac358 HeapDestroy
0x4ac35c HeapCreate
0x4ac360 VirtualFree
0x4ac368 LCMapStringA
0x4ac36c LCMapStringW
0x4ac370 VirtualAlloc
0x4ac374 IsBadWritePtr
0x4ac37c GetStringTypeA
0x4ac380 GetStringTypeW
0x4ac384 CompareStringA
0x4ac388 CompareStringW
0x4ac38c IsBadReadPtr
0x4ac390 IsBadCodePtr
0x4ac394 SetStdHandle
0x4ac398 GetSystemInfo
库: USER32.dll:
0x4ac3c0 SetFocus
0x4ac3c4 IsIconic
0x4ac3c8 PeekMessageA
0x4ac3cc SetMenu
0x4ac3d0 GetMenu
0x4ac3d4 GetActiveWindow
0x4ac3d8 GetWindow
0x4ac3e0 SetWindowRgn
0x4ac3e4 GetMessagePos
0x4ac3e8 GetSysColorBrush
0x4ac3f0 GetKeyState
0x4ac3f8 IsWindowEnabled
0x4ac3fc ShowWindow
0x4ac404 LoadImageA
0x4ac40c ClientToScreen
0x4ac410 EnableMenuItem
0x4ac414 GetSubMenu
0x4ac418 GetDlgCtrlID
0x4ac420 CreateMenu
0x4ac424 ModifyMenuA
0x4ac428 AppendMenuA
0x4ac42c CreatePopupMenu
0x4ac43c SetRectEmpty
0x4ac440 DispatchMessageA
0x4ac444 ScreenToClient
0x4ac448 GetMessageA
0x4ac44c CopyRect
0x4ac450 LoadBitmapA
0x4ac454 WinHelpA
0x4ac458 KillTimer
0x4ac45c SetTimer
0x4ac460 ReleaseCapture
0x4ac464 GetCapture
0x4ac468 SetCapture
0x4ac46c GetScrollRange
0x4ac470 SetScrollRange
0x4ac474 LoadStringA
0x4ac47c GetMenuState
0x4ac480 SetScrollPos
0x4ac484 SetRect
0x4ac488 InflateRect
0x4ac48c IntersectRect
0x4ac490 DestroyIcon
0x4ac494 OffsetRect
0x4ac498 IsWindowVisible
0x4ac49c EnableWindow
0x4ac4a0 RedrawWindow
0x4ac4a4 GetWindowLongA
0x4ac4a8 SetWindowLongA
0x4ac4ac GetSysColor
0x4ac4b0 SetActiveWindow
0x4ac4b4 SetCursorPos
0x4ac4b8 LoadCursorA
0x4ac4bc SetCursor
0x4ac4c0 GetDC
0x4ac4c4 FillRect
0x4ac4c8 IsRectEmpty
0x4ac4cc ReleaseDC
0x4ac4d0 IsChild
0x4ac4d4 DestroyMenu
0x4ac4d8 SetForegroundWindow
0x4ac4dc GetWindowRect
0x4ac4e0 EqualRect
0x4ac4e4 UpdateWindow
0x4ac4e8 ValidateRect
0x4ac4ec InvalidateRect
0x4ac4f0 GetClientRect
0x4ac4f4 GetFocus
0x4ac4f8 GetParent
0x4ac4fc GetTopWindow
0x4ac500 PostMessageA
0x4ac504 IsWindow
0x4ac508 SetParent
0x4ac50c DestroyCursor
0x4ac510 SendMessageA
0x4ac514 SetWindowPos
0x4ac518 MessageBoxA
0x4ac51c GetCursorPos
0x4ac520 GetSystemMetrics
0x4ac524 EmptyClipboard
0x4ac528 SetClipboardData
0x4ac52c OpenClipboard
0x4ac530 GetClipboardData
0x4ac534 CloseClipboard
0x4ac538 wsprintfA
0x4ac53c WindowFromPoint
0x4ac540 DrawFocusRect
0x4ac544 DrawEdge
0x4ac548 DrawFrameControl
0x4ac54c TranslateMessage
0x4ac550 LoadIconA
0x4ac554 GetForegroundWindow
0x4ac558 GetDesktopWindow
0x4ac55c GetClassNameA
0x4ac560 GetDlgItem
0x4ac564 GetWindowTextA
0x4ac568 DefWindowProcA
0x4ac56c GetClassInfoA
0x4ac570 IsZoomed
0x4ac574 PtInRect
0x4ac578 PostQuitMessage
0x4ac580 UnregisterClassA
0x4ac584 DrawIconEx
0x4ac58c CharUpperA
0x4ac590 GetWindowDC
0x4ac594 BeginPaint
0x4ac598 EndPaint
0x4ac59c TabbedTextOutA
0x4ac5a0 DrawTextA
0x4ac5a4 GrayStringA
0x4ac5a8 DestroyWindow
0x4ac5b0 EndDialog
0x4ac5b4 GetNextDlgTabItem
0x4ac5b8 GetWindowPlacement
0x4ac5c0 GetLastActivePopup
0x4ac5c4 GetMessageTime
0x4ac5c8 RemovePropA
0x4ac5cc CallWindowProcA
0x4ac5d0 GetPropA
0x4ac5d4 UnhookWindowsHookEx
0x4ac5d8 SetPropA
0x4ac5dc GetClassLongA
0x4ac5e0 CallNextHookEx
0x4ac5e4 SetWindowsHookExA
0x4ac5e8 CreateWindowExA
0x4ac5ec GetMenuItemID
0x4ac5f0 GetMenuItemCount
0x4ac5f4 RegisterClassA
0x4ac5f8 GetScrollPos
0x4ac5fc AdjustWindowRectEx
0x4ac600 MapWindowPoints
0x4ac604 SendDlgItemMessageA
0x4ac608 ScrollWindowEx
0x4ac60c IsDialogMessageA
0x4ac610 SetWindowTextA
0x4ac614 MoveWindow
0x4ac618 CheckMenuItem
0x4ac61c SetMenuItemBitmaps
库: GDI32.dll:
0x4ac030 GetViewportExtEx
0x4ac034 ExtSelectClipRgn
0x4ac038 LineTo
0x4ac03c MoveToEx
0x4ac040 CreateRectRgn
0x4ac044 FillRgn
0x4ac048 CreateSolidBrush
0x4ac04c GetStockObject
0x4ac050 CreateFontIndirectA
0x4ac054 EndPage
0x4ac058 EndDoc
0x4ac05c DeleteDC
0x4ac060 StartDocA
0x4ac064 StartPage
0x4ac068 BitBlt
0x4ac06c CreateCompatibleDC
0x4ac070 Ellipse
0x4ac074 Rectangle
0x4ac078 PtVisible
0x4ac07c DPtoLP
0x4ac080 GetCurrentObject
0x4ac084 RoundRect
0x4ac08c GetDeviceCaps
0x4ac090 CreatePolygonRgn
0x4ac094 GetClipRgn
0x4ac098 SetStretchBltMode
0x4ac0a0 SetBkColor
0x4ac0a4 ExcludeClipRect
0x4ac0a8 GetClipBox
0x4ac0ac ScaleWindowExtEx
0x4ac0b0 SetWindowExtEx
0x4ac0b4 SetWindowOrgEx
0x4ac0b8 ScaleViewportExtEx
0x4ac0bc SetViewportExtEx
0x4ac0c0 OffsetViewportOrgEx
0x4ac0c4 SetViewportOrgEx
0x4ac0c8 SetMapMode
0x4ac0cc SetTextColor
0x4ac0d0 RectVisible
0x4ac0d4 TextOutA
0x4ac0d8 ExtTextOutA
0x4ac0dc Escape
0x4ac0e0 GetTextMetricsA
0x4ac0e4 CombineRgn
0x4ac0e8 PatBlt
0x4ac0ec CreatePen
0x4ac0f0 GetObjectA
0x4ac0f4 SelectObject
0x4ac0f8 CreateBitmap
0x4ac0fc CreateDCA
0x4ac104 GetPolyFillMode
0x4ac108 GetStretchBltMode
0x4ac10c GetROP2
0x4ac110 GetBkColor
0x4ac114 GetBkMode
0x4ac118 GetTextColor
0x4ac11c CreateRoundRectRgn
0x4ac120 CreateEllipticRgn
0x4ac124 PathToRegion
0x4ac128 EndPath
0x4ac12c BeginPath
0x4ac130 SetROP2
0x4ac134 SetPolyFillMode
0x4ac138 SetBkMode
0x4ac13c RestoreDC
0x4ac140 SaveDC
0x4ac144 GetWindowOrgEx
0x4ac148 GetViewportOrgEx
0x4ac14c GetWindowExtEx
0x4ac150 SelectClipRgn
0x4ac154 RealizePalette
0x4ac158 SelectPalette
0x4ac15c StretchBlt
0x4ac160 CreatePalette
0x4ac168 CreateDIBitmap
0x4ac16c LPtoDP
0x4ac170 GetDIBits
0x4ac174 DeleteObject
库: WINSPOOL.DRV:
0x4ac66c OpenPrinterA
0x4ac670 DocumentPropertiesA
0x4ac674 ClosePrinter
库: ADVAPI32.dll:
0x4ac000 RegQueryValueExA
0x4ac004 RegOpenKeyExA
0x4ac008 RegSetValueExA
0x4ac00c RegCreateKeyA
0x4ac010 RegQueryValueA
0x4ac014 RegCreateKeyExA
0x4ac018 RegOpenKeyA
0x4ac01c RegCloseKey
库: SHELL32.dll:
0x4ac3b4 ShellExecuteA
0x4ac3b8 Shell_NotifyIconA
库: ole32.dll:
0x4ac6b8 CLSIDFromString
0x4ac6bc OleUninitialize
0x4ac6c0 OleInitialize
库: OLEAUT32.dll:
0x4ac3a0 LoadTypeLib
0x4ac3a4 RegisterTypeLib
0x4ac3a8 UnRegisterTypeLib
库: COMCTL32.dll:
0x4ac024 None
0x4ac028 ImageList_Destroy
库: comdlg32.dll:
0x4ac6a4 ChooseColorA
0x4ac6a8 GetFileTitleA
0x4ac6ac GetSaveFileNameA
0x4ac6b0 GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
3h')Q
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
8`}<j
没有防病毒引擎扫描信息!

进程树


ROOT_________.exe, PID: 2644, 上一级进程 PID: 2300

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 42.99.140.178 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 42.99.140.178 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 23.268 seconds )

  • 10.788 Suricata
  • 4.733 Static
  • 4.34 VirusTotal
  • 2.151 NetworkAnalysis
  • 0.615 peid
  • 0.54 TargetInfo
  • 0.049 AnalysisInfo
  • 0.035 BehaviorAnalysis
  • 0.011 Strings
  • 0.004 config_decoder
  • 0.002 Memory

Signatures ( 1.418 seconds )

  • 1.334 md_url_bl
  • 0.011 antiav_detectreg
  • 0.009 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_im
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 network_http
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 antiemu_wine_func
  • 0.001 stealth_decoy_document
  • 0.001 rat_nanocore
  • 0.001 api_spamming
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 infostealer_browser_password
  • 0.001 cerber_behavior
  • 0.001 kovter_behavior
  • 0.001 stealth_timeout
  • 0.001 antivm_parallels_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.588 seconds )

  • 0.543 ReportHTMLSummary
  • 0.045 Malheur
Task ID 697700
Mongo ID 62beef64dc327b609e2803e2
Cuckoo release 1.4-Maldun