比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-07-05 18:09:10 2022-07-05 18:11:18 128 秒

魔盾分数

0.05

正常的

文件详细信息

文件名 a.exe
文件大小 40960 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6903a6794bb5288eb603be324852d567
SHA1 e257965350a24e160251bf6911fc306aa638ab81
SHA256 5fc44347df41cdfa67f23241127eddb348e810f59c6c3a05ac2aa1bd2e876f8a
SHA512 0f23a1824b0688f04a4f648a95b10946ed5db540fba7e20e092a0daab63d2e5db9b5e19b3cb143101dc430b1e629fc055369189f1f78574d237dd8e71db69137
CRC32 DA6E7AF6
Ssdeep 384:GZ7otTBgJhPcSc/nF521Swj+JU6ROXqPCcD2Ug3m9/RZO2fL1DP+oyOxl1JpyDKh:GZ7ot6Jal520wjaOXqKji3x/lLcKh
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0040542e
声明校验值 0x00000000
实际校验值 0x0000fd5f
最低操作系统版本要求 4.0
编译时间 2022-03-25 09:16:04
载入哈希 6ec9234c58df46da3cfc2e9d6af19f62
图标
图标精确哈希值 52835ed82cfbf0e401ddc0c5cab42f0c
图标相似性哈希值 3b5d3c7d207e37dceeedd301e35e2e58

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000049e5 0x00005000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.00
.rdata 0x00006000 0x00001794 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.32
.data 0x00008000 0x00000454 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.55
.rsrc 0x00009000 0x000008d0 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1.60

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00009588 0x000002e8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.94 data
RT_MENU 0x00009568 0x0000001a LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.08 data
RT_DIALOG 0x00009290 0x0000005e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.20 data
RT_DIALOG 0x00009290 0x0000005e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.20 data
RT_STRING 0x00009888 0x00000044 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.00 data
RT_GROUP_ICON 0x00009870 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.16 MS Windows icon resource - 1 icon, 32x32, 16 colors
RT_VERSION 0x000092f0 0x00000274 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.09 data

导入

库: MFC42.DLL:
0x40604c None
0x406050 None
0x406054 None
0x406058 None
0x40605c None
0x406060 None
0x406064 None
0x406068 None
0x40606c None
0x406070 None
0x406074 None
0x406078 None
0x40607c None
0x406080 None
0x406084 None
0x406088 None
0x40608c None
0x406090 None
0x406094 None
0x406098 None
0x40609c None
0x4060a0 None
0x4060a4 None
0x4060a8 None
0x4060ac None
0x4060b0 None
0x4060b4 None
0x4060b8 None
0x4060bc None
0x4060c0 None
0x4060c4 None
0x4060c8 None
0x4060cc None
0x4060d0 None
0x4060d4 None
0x4060d8 None
0x4060dc None
0x4060e0 None
0x4060e4 None
0x4060e8 None
0x4060ec None
0x4060f0 None
0x4060f4 None
0x4060f8 None
0x4060fc None
0x406100 None
0x406104 None
0x406108 None
0x40610c None
0x406110 None
0x406114 None
0x406118 None
0x40611c None
0x406120 None
0x406124 None
0x406128 None
0x40612c None
0x406130 None
0x406134 None
0x406138 None
0x40613c None
0x406140 None
0x406144 None
0x406148 None
0x40614c None
0x406150 None
0x406154 None
0x406158 None
0x40615c None
0x406160 None
0x406164 None
0x406168 None
0x40616c None
0x406170 None
0x406174 None
0x406178 None
0x40617c None
0x406180 None
0x406184 None
0x406188 None
0x40618c None
0x406190 None
0x406194 None
0x406198 None
0x40619c None
0x4061a0 None
0x4061a4 None
0x4061a8 None
0x4061ac None
0x4061b0 None
0x4061b4 None
0x4061b8 None
0x4061bc None
0x4061c0 None
0x4061c4 None
0x4061c8 None
0x4061cc None
0x4061d0 None
0x4061d4 None
0x4061d8 None
0x4061dc None
0x4061e0 None
0x4061e4 None
0x4061e8 None
0x4061ec None
0x4061f0 None
0x4061f4 None
0x4061f8 None
0x4061fc None
0x406200 None
0x406204 None
0x406208 None
0x40620c None
0x406210 None
0x406214 None
0x406218 None
0x40621c None
0x406220 None
0x406224 None
0x406228 None
0x40622c None
0x406230 None
0x406234 None
0x406238 None
0x40623c None
0x406240 None
0x406244 None
0x406248 None
0x40624c None
0x406250 None
0x406254 None
0x406258 None
0x40625c None
0x406260 None
0x406264 None
0x406268 None
0x40626c None
0x406270 None
0x406274 None
0x406278 None
0x40627c None
0x406280 None
0x406284 None
0x406288 None
0x40628c None
0x406290 None
0x406294 None
0x406298 None
0x40629c None
0x4062a0 None
0x4062a4 None
0x4062a8 None
0x4062ac None
0x4062b0 None
0x4062b4 None
0x4062b8 None
0x4062bc None
0x4062c0 None
0x4062c4 None
0x4062c8 None
0x4062cc None
0x4062d0 None
0x4062d4 None
0x4062d8 None
0x4062dc None
0x4062e0 None
0x4062e4 None
0x4062e8 None
0x4062ec None
0x4062f0 None
0x4062f4 None
库: MSVCRT.dll:
0x4062fc __setusermatherr
0x406300 _adjust_fdiv
0x406304 __p__commode
0x406308 __p__fmode
0x40630c __set_app_type
0x406310 _except_handler3
0x406314 _controlfp
0x406318 __getmainargs
0x40631c _acmdln
0x406320 exit
0x406324 _XcptFilter
0x406328 _exit
0x40632c _onexit
0x406330 __dllonexit
0x406334 time
0x406338 atoi
0x40633c atol
0x406340 _mbscmp
0x406344 wcscmp
0x406348 malloc
0x40634c calloc
0x406350 strncpy
0x406354 strstr
0x406358 strtol
0x40635c free
0x406360 __CxxFrameHandler
0x406364 _setmbcp
0x406368 _initterm
库: KERNEL32.dll:
0x406000 GetProcAddress
0x406004 FreeLibrary
0x406008 CloseHandle
0x40600c GetLastError
0x406010 CreateFileA
0x406014 CreateEventA
0x406018 LocalFree
0x40601c FormatMessageW
0x406020 GetOverlappedResult
0x406024 WaitForSingleObject
0x406028 WriteFile
0x40602c CancelIo
0x406030 ReadFile
0x406034 ResetEvent
0x406038 Sleep
0x40603c GetModuleHandleA
0x406040 GetStartupInfoA
0x406044 LoadLibraryA
库: USER32.dll:
0x40638c PostMessageA
0x406390 MessageBeep
0x406394 EnableWindow
0x406398 IsIconic
0x40639c GetSystemMetrics
0x4063a0 GetClientRect
0x4063a4 DrawIcon
0x4063a8 LoadIconA
0x4063ac SendMessageA
库: WSOCK32.dll:
0x4063b4 shutdown
0x4063b8 setsockopt
0x4063bc WSAGetLastError
库: SETUPAPI.dll:
.text
`.rdata
@.data
.rsrc
MFC42.DLL
__CxxFrameHandler
strtol
strstr
strncpy
calloc
malloc
wcscmp
_mbscmp
MSVCRT.dll
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
GetProcAddress
LoadLibraryA
FreeLibrary
CloseHandle
GetLastError
CreateFileA
CreateEventA
LocalFree
FormatMessageW
GetOverlappedResult
WaitForSingleObject
WriteFile
CancelIo
ReadFile
ResetEvent
Sleep
GetModuleHandleA
GetStartupInfoA
KERNEL32.dll
SendMessageA
EnableWindow
LoadIconA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
MessageBeep
PostMessageA
USER32.dll
WSOCK32.dll
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SETUPAPI.dll
_setmbcp
endend
%Y%m%d%H%M
%013ld
YfirEV
HVwpAn
114.55.112.66
HidD_SetNumInputBuffers
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetPreparsedData
HidD_GetIndexedString
HidD_GetFeature
HidD_SetFeature
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetAttributes
hid.dll
Keyboard
Mouse
HIDClass
CreateFile
WriteFile
GetOverlappedResult
success
error
%H%M%S
%Y%m%d
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
CompanyName
FileDescription
FileVersion
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
PrivateBuild
ProductName
ProductVersion
SpecialBuild
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树

a.exe, PID: 2584, 上一级进程 PID: 2236
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.220.167.49 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.220.167.49 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 13.668 seconds )

  • 10.355 Suricata
  • 1.244 NetworkAnalysis
  • 1.033 VirusTotal
  • 0.389 Static
  • 0.302 peid
  • 0.242 TargetInfo
  • 0.085 BehaviorAnalysis
  • 0.013 AnalysisInfo
  • 0.003 Strings
  • 0.002 Memory

Signatures ( 1.375 seconds )

  • 1.277 md_url_bl
  • 0.018 antiav_detectreg
  • 0.008 md_domain_bl
  • 0.007 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_im
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 api_spamming
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 stealth_decoy_document
  • 0.002 stealth_timeout
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.482 seconds )

  • 0.481 ReportHTMLSummary
  • 0.001 Malheur
Task ID 698063
Mongo ID 62c40e5f7e769a0d6d18ea7b
Cuckoo release 1.4-Maldun