比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-07-05 16:24:51 2022-07-05 16:25:25 34 秒

魔盾分数

1.55

正常的

文件详细信息

文件名 ace-Base64.dll
文件大小 6679104 字节
文件类型 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 3024c115825b86c38577cc9b3cc50714
SHA1 20e22832236f8a7c778a514ae7bc255435b5f7e5
SHA256 ccd0990c87773a1a1b5cc32f42f53c729bfcd80b500c36a318586d39b2e67d6a
SHA512 14116627b56af070f05229d39ba17049652fccb6cf58a3e33aa273cfc65d8b30ad0fdbd7018bb14baf552897e1f9508383f47cd9340acee9ca1ad5a329da80c1
CRC32 5FBEC51A
Ssdeep 196608:atzA9TJCUgHkw+uADQyLjQ3YHQBsewT/r23EM:atzAhJCUgsu3kQ3gNr23EM
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x180000000
入口地址 0x180227510
声明校验值 0x0066761e
实际校验值 0x0066761e
最低操作系统版本要求 5.2
PDB路径 D:\Landun\workspace\CommonComponent\ACE-Base\1.compile_source\bin\x64\pub\ACE-Base64.pdb
编译时间 2022-05-13 19:40:59
载入哈希 bbc4af4a2228b3ebd6a2db0ee2d8a1f9
导出DLL库名称 ACE-Base64.dll

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
f9f1bbc23949934e02d06e86107b9322988f1d07 None
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert Assured ID Code Signing CA-1
发行人 DigiCert Assured ID Root CA
有效期 Tue Feb 10 200000 2026
SHA1 哈希 409aa4a74a0cda7c0fee6bd0bb8823d16b5f1875
证书链 Certificate Chain 3
发行给 Tencent Technology(Shenzhen) Company Limited
发行人 DigiCert Assured ID Code Signing CA-1
有效期 Fri Feb 23 075959 2024
SHA1 哈希 b550768bc5f6fd1ad4943b10fe4e6edd1a8571e3

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0029557e 0x00295600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.39
.rdata 0x00297000 0x00123ca2 0x00123e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.47
.data 0x003bb000 0x0002e3e4 0x00024e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.48
.pdata 0x003ea000 0x00028c68 0x00028e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.94
.gfids 0x00413000 0x00000b68 0x00000c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.83
.tls 0x00414000 0x00000002 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.vmp0 0x00415000 0x001e51b0 0x001e5200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.45
.reloc 0x005fb000 0x00009e50 0x0000a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.47
.rsrc 0x00605000 0x000646ad 0x00064800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.54

覆盖

偏移量 0x0065bc00
大小 0x00002e40

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
AFX_DIALOG_LAYOUT 0x00605290 0x00000002 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 data
RT_BITMAP 0x00665e88 0x000032c8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.23 data
RT_BITMAP 0x00665e88 0x000032c8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.23 data
RT_BITMAP 0x00665e88 0x000032c8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.23 data
RT_BITMAP 0x00665e88 0x000032c8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.23 data
RT_BITMAP 0x00665e88 0x000032c8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.23 data
RT_BITMAP 0x00665e88 0x000032c8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.23 data
RT_DIALOG 0x00669150 0x000000a0 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.63 data
RT_VERSION 0x006691f0 0x00000340 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.53 data
RT_MANIFEST 0x00669530 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US 4.91 XML 1.0 document text

导入

库: WININET.dll:
0x180297838 InternetCloseHandle
0x180297840 InternetSetOptionA
0x180297848 InternetOpenA
0x180297850 InternetOpenUrlA
0x180297858 InternetReadFile
库: PSAPI.DLL:
0x1802976f8 GetModuleInformation
库: IPHLPAPI.DLL:
0x1802970d8 GetAdaptersAddresses
库: VERSION.dll:
0x180297818 GetFileVersionInfoW
0x180297820 GetFileVersionInfoSizeW
0x180297828 VerQueryValueW
库: WS2_32.dll:
0x180297868 WSACleanup
0x180297870 WSAStartup
0x180297878 freeaddrinfo
0x180297880 getaddrinfo
0x180297888 WSAGetLastError
0x180297890 WSASetLastError
0x180297898 send
0x1802978a0 recv
0x1802978a8 closesocket
0x1802978b0 socket
0x1802978b8 htonl
0x1802978c0 htons
0x1802978c8 sendto
0x1802978d0 WSAStringToAddressA
库: KERNEL32.dll:
0x1802970e8 GetDateFormatW
0x1802970f0 GetACP
0x1802970f8 GetTempPathW
0x180297100 CreateProcessA
0x180297108 ExitThread
0x180297110 SetConsoleCtrlHandler
0x180297118 WriteConsoleW
0x180297128 PeekNamedPipe
0x180297130 GetDriveTypeW
0x180297138 GetFileAttributesExW
0x180297140 RtlPcToFileHeader
0x180297148 RtlUnwindEx
0x180297150 UnregisterWaitEx
0x180297158 QueryDepthSList
0x180297160 InterlockedFlushSList
0x180297168 EnterCriticalSection
0x180297170 LeaveCriticalSection
0x180297180 TryEnterCriticalSection
0x180297188 DeleteCriticalSection
0x180297190 SetEvent
0x180297198 WaitForSingleObject
0x1802971a0 CloseHandle
0x1802971a8 CreateEventW
0x1802971b0 ReleaseMutex
0x1802971b8 CreateMutexW
0x1802971c0 GetProcAddress
0x1802971c8 CreateThread
0x1802971d0 TerminateThread
0x1802971d8 GetTickCount
0x1802971e0 GetModuleFileNameW
0x1802971e8 GetModuleHandleA
0x1802971f0 GetModuleHandleW
0x1802971f8 MultiByteToWideChar
0x180297200 Sleep
0x180297208 GetTickCount64
0x180297210 DecodePointer
0x180297218 HeapAlloc
0x180297220 HeapReAlloc
0x180297228 HeapFree
0x180297230 HeapSize
0x180297238 GetProcessHeap
0x180297240 GetCurrentProcessId
0x180297248 RaiseException
0x180297250 GetLastError
0x180297258 ResetEvent
0x180297260 LoadLibraryW
0x180297268 GetUserDefaultUILanguage
0x180297270 LoadLibraryA
0x180297278 GetCurrentThread
0x180297280 GetCurrentProcess
0x180297288 ExitProcess
0x180297290 TerminateProcess
0x180297298 SetLastError
0x1802972a0 MulDiv
0x1802972a8 GetFileSize
0x1802972b0 CreateFileW
0x1802972b8 GetExitCodeProcess
0x1802972c0 FindClose
0x1802972c8 GetNativeSystemInfo
0x1802972d0 GetModuleHandleExW
0x1802972d8 CreateProcessW
0x1802972e8 DeleteFileW
0x1802972f0 FindFirstFileW
0x1802972f8 QueryPerformanceCounter
0x180297300 FreeLibrary
0x180297310 LocalFree
0x180297318 GetModuleFileNameA
0x180297320 GetCommandLineW
0x180297328 MapViewOfFile
0x180297330 UnmapViewOfFile
0x180297338 CreateFileMappingW
0x180297340 OpenEventW
0x180297348 VirtualAlloc
0x180297350 VirtualFree
0x180297358 SwitchToThread
0x180297360 ReadFile
0x180297368 GetFileAttributesW
0x180297370 SetFilePointer
0x180297378 IsBadReadPtr
0x180297380 WideCharToMultiByte
0x180297388 GetSystemTimeAsFileTime
0x180297390 FindFirstFileExA
0x180297398 GetTimeFormatW
0x1802973a0 FlushInstructionCache
0x1802973a8 VirtualProtect
0x1802973b0 VirtualQuery
0x1802973b8 GetCurrentThreadId
0x1802973c0 GetThreadContext
0x1802973c8 SetThreadContext
0x1802973d0 SuspendThread
0x1802973d8 ResumeThread
0x1802973e0 LoadLibraryExA
0x1802973e8 LoadLibraryExW
0x1802973f0 GetSystemTime
0x1802973f8 SystemTimeToFileTime
0x180297400 TlsAlloc
0x180297408 TlsGetValue
0x180297410 TlsSetValue
0x180297418 TlsFree
0x180297420 GetFileType
0x180297428 GetStdHandle
0x180297430 WriteFile
0x180297438 OutputDebugStringA
0x180297440 DeleteFiber
0x180297448 FindFirstFileA
0x180297450 FindNextFileA
0x180297458 FormatMessageA
0x180297460 ConvertFiberToThread
0x180297468 GetEnvironmentVariableW
0x180297470 GetConsoleMode
0x180297478 SetConsoleMode
0x180297480 ReadConsoleA
0x180297488 ReadConsoleW
0x180297490 GetSystemInfo
0x180297498 RtlAddFunctionTable
0x1802974a0 RtlLookupFunctionEntry
0x1802974a8 CreateEventA
0x1802974b0 ReleaseSemaphore
0x1802974b8 CreateFileMappingA
0x1802974c0 OpenFileMappingA
0x1802974c8 UnhandledExceptionFilter
0x1802974d0 VerSetConditionMask
0x1802974d8 OpenMutexW
0x1802974e0 MapViewOfFileEx
0x1802974e8 VerifyVersionInfoW
0x1802974f0 CreateMutexA
0x1802974f8 OpenThread
0x180297508 CreateToolhelp32Snapshot
0x180297510 Thread32First
0x180297518 Thread32Next
0x180297528 InterlockedPopEntrySList
0x180297530 GetVersionExW
0x180297538 FreeLibraryAndExitThread
0x180297540 GetThreadTimes
0x180297548 UnregisterWait
0x180297558 SetThreadAffinityMask
0x180297560 GetProcessAffinityMask
0x180297568 GetNumaHighestNodeNumber
0x180297570 DeleteTimerQueueTimer
0x180297578 ChangeTimerQueueTimer
0x180297580 CreateTimerQueueTimer
0x180297590 GetThreadPriority
0x180297598 SetThreadPriority
0x1802975a0 SignalObjectAndWait
0x1802975a8 CreateTimerQueue
0x1802975b0 OutputDebugStringW
0x1802975b8 InitializeSListHead
0x1802975c0 GetStartupInfoW
0x1802975c8 IsDebuggerPresent
0x1802975d8 RtlVirtualUnwind
0x1802975e0 RtlCaptureContext
0x1802975e8 GetCPInfo
0x1802975f0 IsValidLocale
0x1802975f8 GetUserDefaultLCID
0x180297600 EnumSystemLocalesW
0x180297608 FlushFileBuffers
0x180297610 GetConsoleCP
0x180297618 SetFilePointerEx
0x180297620 GetCurrentDirectoryW
0x180297628 GetFullPathNameW
0x180297630 SetStdHandle
0x180297638 GetTimeZoneInformation
0x180297640 CreatePipe
0x180297648 GetLocaleInfoW
0x180297650 LCMapStringW
0x180297658 CompareStringW
0x180297660 EncodePointer
0x180297668 GetStringTypeW
0x180297678 WaitForSingleObjectEx
0x180297680 DuplicateHandle
0x180297688 FileTimeToSystemTime
0x180297690 MoveFileExW
0x180297698 IsValidCodePage
0x1802976a0 GetOEMCP
0x1802976a8 GetCommandLineA
0x1802976b0 GetEnvironmentStringsW
0x1802976b8 FreeEnvironmentStringsW
0x1802976c0 SetEnvironmentVariableA
0x1802976c8 SetEndOfFile
0x1802976d0 CreateSemaphoreA
库: USER32.dll:
0x180297750 GetProcessWindowStation
0x180297758 MessageBoxA
0x180297760 SystemParametersInfoW
0x180297768 LoadBitmapW
0x180297770 FindWindowA
0x180297778 EnumWindows
0x180297780 SetWindowLongPtrW
0x180297788 GetWindowLongPtrW
0x180297790 GetWindowRect
0x180297798 GetClientRect
0x1802977a0 SetWindowTextW
0x1802977a8 EndPaint
0x1802977b0 BeginPaint
0x1802977b8 SetForegroundWindow
0x1802977c0 DrawTextW
0x1802977c8 GetDlgItem
0x1802977d0 EndDialog
0x1802977d8 DialogBoxParamW
0x1802977e0 SetWindowPos
0x1802977e8 MoveWindow
0x1802977f0 ShowWindow
0x1802977f8 SendMessageW
0x180297800 MessageBoxW
0x180297808 GetWindowThreadProcessId
库: GDI32.dll:
0x180297070 GetDeviceCaps
0x180297078 GetObjectW
0x180297080 SetTextColor
0x180297088 StretchBlt
0x180297090 SetBkMode
0x180297098 SelectObject
0x1802970a0 BitBlt
0x1802970a8 DeleteObject
0x1802970b0 DeleteDC
0x1802970b8 CreateFontIndirectW
0x1802970c0 CreateCompatibleDC
0x1802970c8 CreateCompatibleBitmap
库: SHELL32.dll:
0x180297708 CommandLineToArgvW
0x180297710 SHGetSpecialFolderPathW
0x180297718 ShellExecuteW
库: ole32.dll:
0x1802978e0 CoCreateInstance
0x1802978e8 CoInitializeEx
库: OLEAUT32.dll:
0x1802976e0 SysAllocString
0x1802976e8 SysFreeString
库: ADVAPI32.dll:
0x180297010 CryptGenRandom
0x180297018 CryptReleaseContext
0x180297020 CryptAcquireContextW
0x180297028 ReportEventA
0x180297030 RegisterEventSourceA
0x180297038 DeregisterEventSource
0x180297040 RegQueryValueExW
0x180297048 RegOpenKeyExW
0x180297050 RegEnumKeyExW
0x180297058 RegCloseKey
库: SHLWAPI.dll:
0x180297728 PathRemoveFileSpecW
0x180297730 PathAppendW
0x180297738 PathFileExistsW

导出

序列 地址 名称
1 0x1800904d0 InitAceClient
2 0x180090550 InitAceClient2
3 0x180090570 InitAceClient3
4 0x180090600 InitAceClient4
5 0x1800906a0 NullExportFunction
.text
`.rdata
@.data
.pdata
@.gfids
@.tls
.vmp0
h.reloc
@.rsrc
L$XH=
L$8H=
L$8H=
H9=~b=
L$pH=
L$@H=
L$(H=
L$(H=
L$(H=
L$@H=
L$XH=
L$XH=
L$(H=
没有防病毒引擎扫描信息!

进程树

rundll32.exe, PID: 2620, 上一级进程 PID: 2252
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.63.74.64 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.63.74.64 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 19.341 seconds )

  • 10.37 Suricata
  • 4.49 Static
  • 1.933 TargetInfo
  • 1.11 VirusTotal
  • 1.042 NetworkAnalysis
  • 0.313 peid
  • 0.046 BehaviorAnalysis
  • 0.013 config_decoder
  • 0.012 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory

Signatures ( 1.372 seconds )

  • 1.29 md_url_bl
  • 0.011 antiav_detectreg
  • 0.008 antiav_detectfile
  • 0.008 md_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_files
  • 0.003 infostealer_im
  • 0.003 network_http
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 api_spamming
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 stealth_decoy_document
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 stealth_timeout
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.435 seconds )

  • 0.435 ReportHTMLSummary
Task ID 698039
Mongo ID 62c3f5967e769a0d6c18e939
Cuckoo release 1.4-Maldun