分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-07-05 11:48:41 2022-07-05 11:50:57 136 秒

魔盾分数

5.7

可疑的

文件详细信息

文件名 一键授权上号(万能授权).exe
文件大小 1050632 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7fb10288181d83b4ceca44970007b999
SHA1 85f9f3046be9f5204ae12503d85e90b09863203c
SHA256 6f008d5d1a5596c8b8898683d112c7bab69c576c45b2db5fd26289263109f921
SHA512 5d0caaac8954d23e5b3f7661ffcf1b38f0f7633ce7997cb447e4d8843942f04609e9cbc67c437199e226edd4a4eff76b12f82b06b3d668092d131e4a32ef274f
CRC32 1C6B19C9
Ssdeep 24576:UjPr3axYEJpohIb9j3blC6ciDUZFXvQxN4ba:i3axYOohIbeB/Xda
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00403deb
声明校验值 0x00000000
实际校验值 0x00100cb9
最低操作系统版本要求 4.0
编译时间 2011-04-17 02:03:04
载入哈希 139262072859eedce61da25d8a649d5d

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.CODE 0x00001000 0x00130000 0x00002e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.22
.bss 0x00131000 0x32c00000 0x00000000 IMAGE_SCN_MEM_LOCKED 0.00
.xfnlpr 0x32d31000 0x000fc000 0x000fba5c IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.94
.idata 0x32e2d000 0x00002000 0x00001832 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.83
.rsrc 0x32e2f000 0x00001000 0x00000008 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.00

导入

库: SHELL32.dll:
0x3322df5a DragAcceptFiles
0x3322df5e Shell_NotifyIconA
0x3322df62 DragFinish
0x3322df66 DragQueryFileA
库: KERNEL32.dll:
0x3322d833 lstrcmpiA
0x3322d837 GetCurrentProcess
0x3322d83b GetProfileStringA
0x3322d83f GetVolumeInformationA
0x3322d843 GetEnvironmentStrings
0x3322d847 LeaveCriticalSection
0x3322d84b GetStartupInfoA
0x3322d84f Beep
0x3322d853 CreateEventA
0x3322d857 WinExec
0x3322d85b FindNextFileA
0x3322d85f lstrcmpA
0x3322d863 TlsAlloc
0x3322d867 CompareStringW
0x3322d86b GetProcessHeap
0x3322d873 CreateSemaphoreA
0x3322d877 TlsFree
0x3322d87b InterlockedIncrement
0x3322d87f SetErrorMode
0x3322d883 FreeLibrary
0x3322d887 LocalReAlloc
0x3322d88b ReleaseMutex
0x3322d88f MulDiv
0x3322d893 GlobalAlloc
0x3322d897 VirtualFree
0x3322d89b lstrcatA
0x3322d89f LoadLibraryExA
0x3322d8a3 TerminateProcess
0x3322d8a7 lstrcpyA
0x3322d8ab InterlockedExchange
0x3322d8af GlobalHandle
0x3322d8b3 GetWindowsDirectoryA
0x3322d8b7 ReleaseSemaphore
0x3322d8bb SetHandleCount
0x3322d8c3 GlobalFlags
0x3322d8c7 LockFile
0x3322d8cf LocalFree
0x3322d8d3 GlobalAddAtomA
0x3322d8d7 GetFileAttributesA
0x3322d8db LocalAlloc
0x3322d8df IsBadReadPtr
0x3322d8e3 UnlockFile
0x3322d8e7 FileTimeToSystemTime
0x3322d8eb EnterCriticalSection
0x3322d8ef GetACP
0x3322d8f7 DeleteCriticalSection
0x3322d8fb HeapReAlloc
0x3322d8ff FindClose
0x3322d903 GlobalFindAtomA
0x3322d907 SetEvent
0x3322d90f lstrlenW
0x3322d913 GetFullPathNameA
0x3322d91b DuplicateHandle
0x3322d91f TerminateThread
0x3322d923 GetEnvironmentStringsW
0x3322d927 GlobalUnlock
0x3322d92b Sleep
0x3322d92f GetCommandLineA
0x3322d933 GetLocalTime
0x3322d937 LoadResource
0x3322d93b GetStringTypeW
0x3322d93f GlobalFree
0x3322d943 lstrcpynA
0x3322d947 lstrlenA
0x3322d94f SetEndOfFile
0x3322d953 LoadLibraryA
0x3322d957 GetProcAddress
0x3322d95b ExitProcess
库: WS2_32.DLL:
0x3322def9 getpeername
0x3322defd WSAAsyncSelect
0x3322df01 WSACleanup
0x3322df05 ntohl
0x3322df09 recvfrom
0x3322df0d inet_ntoa
0x3322df11 ioctlsocket
库: WINMM.DLL:
0x3322e13d waveOutClose
0x3322e141 midiStreamClose
0x3322e145 midiStreamStop
0x3322e149 midiStreamOut
0x3322e14d waveOutPause
0x3322e151 midiOutUnprepareHeader
0x3322e155 waveOutRestart
0x3322e159 waveOutGetNumDevs
0x3322e15d waveOutPrepareHeader
0x3322e161 midiStreamProperty
0x3322e165 midiOutReset
库: USER32.dll:
0x3322d1c5 TranslateAcceleratorA
0x3322d1c9 BeginPaint
0x3322d1cd EnableMenuItem
0x3322d1d1 TranslateMessage
0x3322d1d5 GetWindowLongA
0x3322d1d9 GetMessagePos
0x3322d1dd GetClassNameA
0x3322d1e1 SetForegroundWindow
0x3322d1e5 DefWindowProcA
0x3322d1e9 GetSysColorBrush
0x3322d1ed DeleteMenu
0x3322d1f1 GetWindowDC
0x3322d1f5 IsZoomed
0x3322d1f9 GetCapture
0x3322d201 EnableWindow
0x3322d205 GetScrollPos
0x3322d209 DrawEdge
0x3322d20d SetCursor
0x3322d211 GetDesktopWindow
0x3322d215 RegisterHotKey
0x3322d219 IsRectEmpty
0x3322d21d PostMessageA
0x3322d221 IsChild
0x3322d225 GetActiveWindow
0x3322d229 PeekMessageA
0x3322d22d SendDlgItemMessageA
0x3322d231 LoadStringA
0x3322d235 IntersectRect
0x3322d239 GetSystemMenu
0x3322d23d DrawIconEx
0x3322d241 IsIconic
0x3322d245 GetWindow
0x3322d249 GetSystemMetrics
0x3322d24d SetMenuItemBitmaps
0x3322d251 EndPaint
0x3322d255 GetMenuState
0x3322d259 SetCapture
0x3322d25d WaitForInputIdle
0x3322d261 DrawTextA
0x3322d265 SetClipboardData
0x3322d269 CopyIcon
0x3322d26d GetForegroundWindow
0x3322d271 EnumDisplaySettingsA
0x3322d275 SetRect
0x3322d279 TabbedTextOutA
0x3322d27d LoadImageA
0x3322d281 EmptyClipboard
0x3322d289 PtInRect
0x3322d28d GetPropA
0x3322d291 CloseClipboard
0x3322d295 LoadCursorA
0x3322d299 GetDC
0x3322d29d RedrawWindow
0x3322d2a1 InvalidateRect
0x3322d2a5 GetFocus
0x3322d2a9 SetWindowPos
0x3322d2ad SendMessageA
0x3322d2b1 GetClassInfoA
0x3322d2b5 GetCursorPos
0x3322d2b9 KillTimer
0x3322d2c1 LoadIconA
0x3322d2c5 DrawFocusRect
0x3322d2c9 EqualRect
0x3322d2cd DrawFrameControl
0x3322d2d1 LoadBitmapA
0x3322d2d5 CreateMenu
0x3322d2d9 OpenClipboard
0x3322d2dd IsWindowVisible
0x3322d2e1 CallWindowProcA
0x3322d2e5 SetScrollPos
0x3322d2e9 CopyRect
0x3322d2ed UnregisterHotKey
0x3322d2f1 PostQuitMessage
0x3322d2f5 InflateRect
0x3322d2f9 CreatePopupMenu
0x3322d2fd SetWindowRgn
0x3322d301 OffsetRect
0x3322d305 GetWindowRect
0x3322d309 GetMenuItemID
库: ole32.dll:
0x3322e0b9 CLSIDFromString
0x3322e0bd OleInitialize
0x3322e0c1 CoCreateInstance
0x3322e0c5 OleUninitialize
0x3322e0c9 CLSIDFromProgID
库: OLEAUT32.dll:
0x3322de69 SafeArrayGetUBound
0x3322de6d VariantInit
0x3322de71 SafeArrayGetElement
0x3322de75 SafeArrayCreate
0x3322de79 SysAllocString
0x3322de7d VariantChangeType
0x3322de81 LHashValOfNameSys
0x3322de85 SafeArrayGetDim
0x3322de89 RegisterTypeLib
0x3322de8d VariantCopyInd
0x3322de91 VariantClear
库: GDI32.DLL:
0x3322e2db GetROP2
0x3322e2df GetTextExtentPoint32A
0x3322e2e3 CreateFontA
0x3322e2e7 BitBlt
0x3322e2eb GetPolyFillMode
0x3322e2ef FillRgn
0x3322e2f3 CreateDCA
0x3322e2f7 DeleteObject
0x3322e2fb ExtTextOutA
0x3322e303 SetViewportOrgEx
0x3322e307 MoveToEx
0x3322e30b SetWindowExtEx
0x3322e30f DeleteDC
0x3322e313 OffsetViewportOrgEx
0x3322e317 BeginPath
0x3322e31b GetViewportOrgEx
0x3322e31f Rectangle
0x3322e323 LineTo
0x3322e327 GetObjectA
0x3322e32b CreateEllipticRgn
0x3322e32f GetClipBox
0x3322e333 GetTextColor
0x3322e337 SetStretchBltMode
0x3322e33b CreateCompatibleDC
0x3322e33f ScaleWindowExtEx
0x3322e343 SetBkColor
0x3322e347 GetStockObject
0x3322e34b SelectClipRgn
0x3322e34f GetWindowExtEx
0x3322e353 GetBkMode
0x3322e357 RectVisible
0x3322e35b CreateDIBitmap
0x3322e35f GetTextMetricsA
0x3322e363 CreateRectRgn
0x3322e367 SelectObject
0x3322e36b CreatePalette
0x3322e36f PtVisible
0x3322e373 ExcludeClipRect
0x3322e377 EndDoc
0x3322e37b SetMapMode
0x3322e37f GetStretchBltMode
0x3322e383 GetViewportExtEx
0x3322e387 CreatePolygonRgn
0x3322e38b SetWindowOrgEx
库: ADVAPI32.DLL:
0x3322e256 RegSetValueExA
0x3322e25a RegQueryValueExA
0x3322e25e RegOpenKeyExA
0x3322e262 RegQueryValueA
0x3322e266 RegCreateKeyExA
库: COMCTL32.DLL:
0x3322dfc2 None
0x3322dfc6 ImageList_BeginDrag
0x3322dfca ImageList_DragEnter
0x3322dfd2 ImageList_EndDrag
0x3322dfd6 ImageList_Read
0x3322dfda ImageList_Duplicate
0x3322dfde ImageList_Create
0x3322dfe2 ImageList_DragLeave
库: WINSPOOL.DRV:
0x3322e66d OpenPrinterA
0x3322e671 DocumentPropertiesA
0x3322e675 ClosePrinter
库: COMDLG32.DLL:
0x3322e6c1 GetOpenFileNameA
0x3322e6c5 GetSaveFileNameA
0x3322e6c9 GetFileTitleA
0x3322e6cd ChooseColorA

.CODE
`.bss
.xfnlpr
.idata
.rsrc
]`F u
jd5ut
S&^Pt
:0IFs
SjQI~
Y sS}
-ckM~
'.P]u
`~:>t
+vnAt
/L&vu
2>":N
< cI?
没有防病毒引擎扫描信息!

进程树


________________________________.exe, PID: 2592, 上一级进程 PID: 2204

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 96.7.129.166 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 96.7.129.166 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 24.166 seconds )

  • 14.284 Suricata
  • 3.673 Static
  • 2.634 BehaviorAnalysis
  • 1.46 NetworkAnalysis
  • 1.138 VirusTotal
  • 0.551 TargetInfo
  • 0.392 peid
  • 0.016 Strings
  • 0.013 AnalysisInfo
  • 0.003 Memory
  • 0.002 config_decoder

Signatures ( 2.339 seconds )

  • 1.572 md_url_bl
  • 0.256 alphacrypt_behavior
  • 0.152 api_spamming
  • 0.125 stealth_timeout
  • 0.114 stealth_decoy_document
  • 0.014 antiav_detectreg
  • 0.01 infostealer_ftp
  • 0.009 md_domain_bl
  • 0.007 antiav_detectfile
  • 0.006 anomaly_persistence_autorun
  • 0.006 kovter_behavior
  • 0.005 antiemu_wine_func
  • 0.005 infostealer_browser_password
  • 0.005 infostealer_bitcoin
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_im
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 tinba_behavior
  • 0.003 antianalysis_detectreg
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 rat_nanocore
  • 0.002 cerber_behavior
  • 0.002 antivm_vbox_files
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 betabot_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.655 seconds )

  • 0.654 ReportHTMLSummary
  • 0.001 Malheur
Task ID 697993
Mongo ID 62c3b549dc327be9a6d525d1
Cuckoo release 1.4-Maldun