恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2022-07-05 11:48:41	2022-07-05 11:50:57	136 秒

魔盾分数

5.7

可疑的

文件详细信息

文件名	一键授权上号(万能授权).exe
文件大小	1050632 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	7fb10288181d83b4ceca44970007b999
SHA1	85f9f3046be9f5204ae12503d85e90b09863203c
SHA256	6f008d5d1a5596c8b8898683d112c7bab69c576c45b2db5fd26289263109f921
SHA512	5d0caaac8954d23e5b3f7661ffcf1b38f0f7633ce7997cb447e4d8843942f04609e9cbc67c437199e226edd4a4eff76b12f82b06b3d668092d131e4a32ef274f
CRC32	1C6B19C9
Ssdeep	24576:UjPr3axYEJpohIb9j3blC6ciDUZFXvQxN4ba:i3axYOohIbeB/Xda
Yara	登录查看Yara规则
	找不到该样本提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00403deb
声明校验值	0x00000000
实际校验值	0x00100cb9
最低操作系统版本要求	4.0
编译时间	2011-04-17 02:03:04
载入哈希	139262072859eedce61da25d8a649d5d

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.CODE	0x00001000	0x00130000	0x00002e00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	7.22
.bss	0x00131000	0x32c00000	0x00000000	IMAGE_SCN_MEM_LOCKED	0.00
.xfnlpr	0x32d31000	0x000fc000	0x000fba5c	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	7.94
.idata	0x32e2d000	0x00002000	0x00001832	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.83
.rsrc	0x32e2f000	0x00001000	0x00000008	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	2.00

导入

库: SHELL32.dll:

• 0x3322df5a DragAcceptFiles

• 0x3322df5e Shell_NotifyIconA

• 0x3322df62 DragFinish

• 0x3322df66 DragQueryFileA

库: KERNEL32.dll:

• 0x3322d833 lstrcmpiA

• 0x3322d837 GetCurrentProcess

• 0x3322d83b GetProfileStringA

• 0x3322d83f GetVolumeInformationA

• 0x3322d843 GetEnvironmentStrings

• 0x3322d847 LeaveCriticalSection

• 0x3322d84b GetStartupInfoA

• 0x3322d84f Beep

• 0x3322d853 CreateEventA

• 0x3322d857 WinExec

• 0x3322d85b FindNextFileA

• 0x3322d85f lstrcmpA

• 0x3322d863 TlsAlloc

• 0x3322d867 CompareStringW

• 0x3322d86b GetProcessHeap

• 0x3322d86f WritePrivateProfileStringA

• 0x3322d873 CreateSemaphoreA

• 0x3322d877 TlsFree

• 0x3322d87b InterlockedIncrement

• 0x3322d87f SetErrorMode

• 0x3322d883 FreeLibrary

• 0x3322d887 LocalReAlloc

• 0x3322d88b ReleaseMutex

• 0x3322d88f MulDiv

• 0x3322d893 GlobalAlloc

• 0x3322d897 VirtualFree

• 0x3322d89b lstrcatA

• 0x3322d89f LoadLibraryExA

• 0x3322d8a3 TerminateProcess

• 0x3322d8a7 lstrcpyA

• 0x3322d8ab InterlockedExchange

• 0x3322d8af GlobalHandle

• 0x3322d8b3 GetWindowsDirectoryA

• 0x3322d8b7 ReleaseSemaphore

• 0x3322d8bb SetHandleCount

• 0x3322d8bf ExpandEnvironmentStringsA

• 0x3322d8c3 GlobalFlags

• 0x3322d8c7 LockFile

• 0x3322d8cb UnhandledExceptionFilter

• 0x3322d8cf LocalFree

• 0x3322d8d3 GlobalAddAtomA

• 0x3322d8d7 GetFileAttributesA

• 0x3322d8db LocalAlloc

• 0x3322d8df IsBadReadPtr

• 0x3322d8e3 UnlockFile

• 0x3322d8e7 FileTimeToSystemTime

• 0x3322d8eb EnterCriticalSection

• 0x3322d8ef GetACP

• 0x3322d8f3 InitializeCriticalSection

• 0x3322d8f7 DeleteCriticalSection

• 0x3322d8fb HeapReAlloc

• 0x3322d8ff FindClose

• 0x3322d903 GlobalFindAtomA

• 0x3322d907 SetEvent

• 0x3322d90b FreeEnvironmentStringsW

• 0x3322d90f lstrlenW

• 0x3322d913 GetFullPathNameA

• 0x3322d917 FreeEnvironmentStringsA

• 0x3322d91b DuplicateHandle

• 0x3322d91f TerminateThread

• 0x3322d923 GetEnvironmentStringsW

• 0x3322d927 GlobalUnlock

• 0x3322d92b Sleep

• 0x3322d92f GetCommandLineA

• 0x3322d933 GetLocalTime

• 0x3322d937 LoadResource

• 0x3322d93b GetStringTypeW

• 0x3322d93f GlobalFree

• 0x3322d943 lstrcpynA

• 0x3322d947 lstrlenA

• 0x3322d94b SetUnhandledExceptionFilter

• 0x3322d94f SetEndOfFile

• 0x3322d953 LoadLibraryA

• 0x3322d957 GetProcAddress

• 0x3322d95b ExitProcess

库: WS2_32.DLL:

• 0x3322def9 getpeername

• 0x3322defd WSAAsyncSelect

• 0x3322df01 WSACleanup

• 0x3322df05 ntohl

• 0x3322df09 recvfrom

• 0x3322df0d inet_ntoa

• 0x3322df11 ioctlsocket

库: WINMM.DLL:

• 0x3322e13d waveOutClose

• 0x3322e141 midiStreamClose

• 0x3322e145 midiStreamStop

• 0x3322e149 midiStreamOut

• 0x3322e14d waveOutPause

• 0x3322e151 midiOutUnprepareHeader

• 0x3322e155 waveOutRestart

• 0x3322e159 waveOutGetNumDevs

• 0x3322e15d waveOutPrepareHeader

• 0x3322e161 midiStreamProperty

• 0x3322e165 midiOutReset

库: USER32.dll:

• 0x3322d1c5 TranslateAcceleratorA

• 0x3322d1c9 BeginPaint

• 0x3322d1cd EnableMenuItem

• 0x3322d1d1 TranslateMessage

• 0x3322d1d5 GetWindowLongA

• 0x3322d1d9 GetMessagePos

• 0x3322d1dd GetClassNameA

• 0x3322d1e1 SetForegroundWindow

• 0x3322d1e5 DefWindowProcA

• 0x3322d1e9 GetSysColorBrush

• 0x3322d1ed DeleteMenu

• 0x3322d1f1 GetWindowDC

• 0x3322d1f5 IsZoomed

• 0x3322d1f9 GetCapture

• 0x3322d1fd GetMenuCheckMarkDimensions

• 0x3322d201 EnableWindow

• 0x3322d205 GetScrollPos

• 0x3322d209 DrawEdge

• 0x3322d20d SetCursor

• 0x3322d211 GetDesktopWindow

• 0x3322d215 RegisterHotKey

• 0x3322d219 IsRectEmpty

• 0x3322d21d PostMessageA

• 0x3322d221 IsChild

• 0x3322d225 GetActiveWindow

• 0x3322d229 PeekMessageA

• 0x3322d22d SendDlgItemMessageA

• 0x3322d231 LoadStringA

• 0x3322d235 IntersectRect

• 0x3322d239 GetSystemMenu

• 0x3322d23d DrawIconEx

• 0x3322d241 IsIconic

• 0x3322d245 GetWindow

• 0x3322d249 GetSystemMetrics

• 0x3322d24d SetMenuItemBitmaps

• 0x3322d251 EndPaint

• 0x3322d255 GetMenuState

• 0x3322d259 SetCapture

• 0x3322d25d WaitForInputIdle

• 0x3322d261 DrawTextA

• 0x3322d265 SetClipboardData

• 0x3322d269 CopyIcon

• 0x3322d26d GetForegroundWindow

• 0x3322d271 EnumDisplaySettingsA

• 0x3322d275 SetRect

• 0x3322d279 TabbedTextOutA

• 0x3322d27d LoadImageA

• 0x3322d281 EmptyClipboard

• 0x3322d285 CreateAcceleratorTableA

• 0x3322d289 PtInRect

• 0x3322d28d GetPropA

• 0x3322d291 CloseClipboard

• 0x3322d295 LoadCursorA

• 0x3322d299 GetDC

• 0x3322d29d RedrawWindow

• 0x3322d2a1 InvalidateRect

• 0x3322d2a5 GetFocus

• 0x3322d2a9 SetWindowPos

• 0x3322d2ad SendMessageA

• 0x3322d2b1 GetClassInfoA

• 0x3322d2b5 GetCursorPos

• 0x3322d2b9 KillTimer

• 0x3322d2bd RegisterClipboardFormatA

• 0x3322d2c1 LoadIconA

• 0x3322d2c5 DrawFocusRect

• 0x3322d2c9 EqualRect

• 0x3322d2cd DrawFrameControl

• 0x3322d2d1 LoadBitmapA

• 0x3322d2d5 CreateMenu

• 0x3322d2d9 OpenClipboard

• 0x3322d2dd IsWindowVisible

• 0x3322d2e1 CallWindowProcA

• 0x3322d2e5 SetScrollPos

• 0x3322d2e9 CopyRect

• 0x3322d2ed UnregisterHotKey

• 0x3322d2f1 PostQuitMessage

• 0x3322d2f5 InflateRect

• 0x3322d2f9 CreatePopupMenu

• 0x3322d2fd SetWindowRgn

• 0x3322d301 OffsetRect

• 0x3322d305 GetWindowRect

• 0x3322d309 GetMenuItemID

库: ole32.dll:

• 0x3322e0b9 CLSIDFromString

• 0x3322e0bd OleInitialize

• 0x3322e0c1 CoCreateInstance

• 0x3322e0c5 OleUninitialize

• 0x3322e0c9 CLSIDFromProgID

库: OLEAUT32.dll:

• 0x3322de69 SafeArrayGetUBound

• 0x3322de6d VariantInit

• 0x3322de71 SafeArrayGetElement

• 0x3322de75 SafeArrayCreate

• 0x3322de79 SysAllocString

• 0x3322de7d VariantChangeType

• 0x3322de81 LHashValOfNameSys

• 0x3322de85 SafeArrayGetDim

• 0x3322de89 RegisterTypeLib

• 0x3322de8d VariantCopyInd

• 0x3322de91 VariantClear

库: GDI32.DLL:

• 0x3322e2db GetROP2

• 0x3322e2df GetTextExtentPoint32A

• 0x3322e2e3 CreateFontA

• 0x3322e2e7 BitBlt

• 0x3322e2eb GetPolyFillMode

• 0x3322e2ef FillRgn

• 0x3322e2f3 CreateDCA

• 0x3322e2f7 DeleteObject

• 0x3322e2fb ExtTextOutA

• 0x3322e2ff GetSystemPaletteEntries

• 0x3322e303 SetViewportOrgEx

• 0x3322e307 MoveToEx

• 0x3322e30b SetWindowExtEx

• 0x3322e30f DeleteDC

• 0x3322e313 OffsetViewportOrgEx

• 0x3322e317 BeginPath

• 0x3322e31b GetViewportOrgEx

• 0x3322e31f Rectangle

• 0x3322e323 LineTo

• 0x3322e327 GetObjectA

• 0x3322e32b CreateEllipticRgn

• 0x3322e32f GetClipBox

• 0x3322e333 GetTextColor

• 0x3322e337 SetStretchBltMode

• 0x3322e33b CreateCompatibleDC

• 0x3322e33f ScaleWindowExtEx

• 0x3322e343 SetBkColor

• 0x3322e347 GetStockObject

• 0x3322e34b SelectClipRgn

• 0x3322e34f GetWindowExtEx

• 0x3322e353 GetBkMode

• 0x3322e357 RectVisible

• 0x3322e35b CreateDIBitmap

• 0x3322e35f GetTextMetricsA

• 0x3322e363 CreateRectRgn

• 0x3322e367 SelectObject

• 0x3322e36b CreatePalette

• 0x3322e36f PtVisible

• 0x3322e373 ExcludeClipRect

• 0x3322e377 EndDoc

• 0x3322e37b SetMapMode

• 0x3322e37f GetStretchBltMode

• 0x3322e383 GetViewportExtEx

• 0x3322e387 CreatePolygonRgn

• 0x3322e38b SetWindowOrgEx

库: ADVAPI32.DLL:

• 0x3322e256 RegSetValueExA

• 0x3322e25a RegQueryValueExA

• 0x3322e25e RegOpenKeyExA

• 0x3322e262 RegQueryValueA

• 0x3322e266 RegCreateKeyExA

库: COMCTL32.DLL:

• 0x3322dfc2 None

• 0x3322dfc6 ImageList_BeginDrag

• 0x3322dfca ImageList_DragEnter

• 0x3322dfce ImageList_GetImageCount

• 0x3322dfd2 ImageList_EndDrag

• 0x3322dfd6 ImageList_Read

• 0x3322dfda ImageList_Duplicate

• 0x3322dfde ImageList_Create

• 0x3322dfe2 ImageList_DragLeave

库: WINSPOOL.DRV:

• 0x3322e66d OpenPrinterA

• 0x3322e671 DocumentPropertiesA

• 0x3322e675 ClosePrinter

库: COMDLG32.DLL:

• 0x3322e6c1 GetOpenFileNameA

• 0x3322e6c5 GetSaveFileNameA

• 0x3322e6c9 GetFileTitleA

• 0x3322e6cd ChooseColorA

.CODE
`.bss
.xfnlpr
.idata
.rsrc
]`F u
jd5ut
S&^Pt
:0IFs
SjQI~
Y sS}
-ckM~
'.P]u
`~:>t
+vnAt
/L&vu
2>":N
< cI?

没有防病毒引擎扫描信息!

进程树

________________________________.exe id: 2592

搜索
________________________________.exe (2592)

________________________________.exe, PID: 2592, 上一级进程 PID: 2204

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49158	96.7.129.166	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49158	96.7.129.166	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 24.166 seconds )

14.284 Suricata
3.673 Static
2.634 BehaviorAnalysis
1.46 NetworkAnalysis
1.138 VirusTotal
0.551 TargetInfo
0.392 peid
0.016 Strings
0.013 AnalysisInfo
0.003 Memory
0.002 config_decoder

Signatures ( 2.339 seconds )

1.572 md_url_bl
0.256 alphacrypt_behavior
0.152 api_spamming
0.125 stealth_timeout
0.114 stealth_decoy_document
0.014 antiav_detectreg
0.01 infostealer_ftp
0.009 md_domain_bl
0.007 antiav_detectfile
0.006 anomaly_persistence_autorun
0.006 kovter_behavior
0.005 antiemu_wine_func
0.005 infostealer_browser_password
0.005 infostealer_bitcoin
0.004 geodo_banking_trojan
0.004 infostealer_im
0.004 ransomware_extensions
0.004 ransomware_files
0.003 tinba_behavior
0.003 antianalysis_detectreg
0.003 disables_browser_warn
0.003 infostealer_mail
0.003 network_http
0.002 rat_nanocore
0.002 cerber_behavior
0.002 antivm_vbox_files
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.001 betabot_behavior
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 network_cnc_http
0.001 stealth_modify_uac_prompt

Reporting ( 0.655 seconds )

0.654 ReportHTMLSummary
0.001 Malheur


Task ID	697993
Mongo ID	62c3b549dc327be9a6d525d1
Cuckoo release	1.4-Maldun