恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2022-07-05 19:12:12	2022-07-05 19:12:40	28 秒

魔盾分数

0.35

正常的

文件详细信息

文件名	SSJJ2_yra.exe
文件大小	1936896 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	04057ec511c7840cebdf03c673c355ef
SHA1	0ce5029685b16d2445343f8be35ef06d66bb7051
SHA256	1de487e7fa1dc4eda62058c7785dd77783039b10e9aaebc969e06e9158da961a
SHA512	0acb864acccdf40359635ade519fb83c7013d684b7d18483462912539dd100af3a3f1f7c3311ed91613a735925df76bc49df3d4b39c138740c41c02362bb8949
CRC32	E9C0B35E
Ssdeep	24576:t0csfmKiTWKmNDOYTXjW4CEKal5hW9FO5hFwsn1tb39JWtIobX89uOaDimT1F58m:ezmxTWzNDPCEKEQIvufRoGpOnyr
Yara	登录查看Yara规则
	找不到该样本提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x140000000
入口地址	0x140044a1c
声明校验值	0x00000000
实际校验值	0x001e6ccb
最低操作系统版本要求	6.0
PDB路径	C:\Users\Administrator\Desktop\SSJJ2_yra\x64\Release\SSJJ2_yra.pdb
编译时间	2022-07-02 10:07:59
载入哈希	dd982281d12b73306840c882d5e377c8
图标
图标精确哈希值	0881e94364797a03522f36859aa4b655
图标相似性哈希值	bdf14967c53716e48083889eda64a29a

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00044758	0x00044800	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.50
.rdata	0x00046000	0x0018c64a	0x0018c800	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.06
.data	0x001d3000	0x00001078	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.86
.pdata	0x001d5000	0x00002d54	0x00002e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.73
.rsrc	0x001d8000	0x000044b0	0x00004600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.18
.reloc	0x001dd000	0x000000f0	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	2.98

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x001d80f0	0x00004228	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.07	dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4294962919, next used block 4294962919
RT_GROUP_ICON	0x001dc318	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	1.92	MS Windows icon resource - 1 icon, 64x64
RT_MANIFEST	0x001dc330	0x0000017d	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.91	XML 1.0 document text

导入

库: d3d11.dll:

• 0x1400465d8 D3D11CreateDeviceAndSwapChain

库: KERNEL32.dll:

• 0x140046068 GetCurrentDirectoryA

• 0x140046070 OpenProcess

• 0x140046078 CreateToolhelp32Snapshot

• 0x140046080 GetTickCount64

• 0x140046088 CreateFileA

• 0x140046090 LoadLibraryA

• 0x140046098 GetVersionExA

• 0x1400460a0 DeleteFileA

• 0x1400460a8 Process32Next

• 0x1400460b0 CloseHandle

• 0x1400460b8 GetSystemInfo

• 0x1400460c0 GetProcAddress

• 0x1400460c8 GetCurrentProcessId

• 0x1400460d0 WideCharToMultiByte

• 0x1400460d8 MultiByteToWideChar

• 0x1400460e0 GlobalAlloc

• 0x1400460e8 GlobalFree

• 0x1400460f0 GlobalLock

• 0x1400460f8 GlobalUnlock

• 0x140046100 QueryPerformanceFrequency

• 0x140046108 QueryPerformanceCounter

• 0x140046110 Sleep

• 0x140046118 OutputDebugStringW

• 0x140046120 EnterCriticalSection

• 0x140046128 LeaveCriticalSection

• 0x140046130 InitializeCriticalSectionAndSpinCount

• 0x140046138 SetEvent

• 0x140046140 ResetEvent

• 0x140046148 WaitForSingleObjectEx

• 0x140046150 CreateEventW

• 0x140046158 GetModuleHandleW

• 0x140046160 RtlCaptureContext

• 0x140046168 RtlLookupFunctionEntry

• 0x140046170 RtlVirtualUnwind

• 0x140046178 UnhandledExceptionFilter

• 0x140046180 SetUnhandledExceptionFilter

• 0x140046188 GetCurrentProcess

• 0x140046190 TerminateProcess

• 0x140046198 IsProcessorFeaturePresent

• 0x1400461a0 GetStartupInfoW

• 0x1400461a8 GetCurrentThreadId

• 0x1400461b0 GetSystemTimeAsFileTime

• 0x1400461b8 InitializeSListHead

• 0x1400461c0 DeviceIoControl

• 0x1400461c8 InitializeCriticalSectionEx

• 0x1400461d0 GetLastError

• 0x1400461d8 DeleteCriticalSection

• 0x1400461e0 GetModuleHandleA

• 0x1400461e8 Process32First

• 0x1400461f0 WriteFile

• 0x1400461f8 IsDebuggerPresent

库: USER32.dll:

• 0x140046228 GetKeyState

• 0x140046230 ReleaseCapture

• 0x140046238 SetCursorPos

• 0x140046240 GetCursorPos

• 0x140046248 OpenClipboard

• 0x140046250 CloseClipboard

• 0x140046258 EmptyClipboard

• 0x140046260 GetClipboardData

• 0x140046268 SetClipboardData

• 0x140046270 ScreenToClient

• 0x140046278 GetCapture

• 0x140046280 ClientToScreen

• 0x140046288 SetCursor

• 0x140046290 UnregisterClassA

• 0x140046298 UpdateWindow

• 0x1400462a0 RegisterClassExA

• 0x1400462a8 GetWindowRect

• 0x1400462b0 SetWindowPos

• 0x1400462b8 MoveWindow

• 0x1400462c0 GetClientRect

• 0x1400462c8 wsprintfA

• 0x1400462d0 MessageBoxA

• 0x1400462d8 mouse_event

• 0x1400462e0 GetAsyncKeyState

• 0x1400462e8 FindWindowA

• 0x1400462f0 SetWindowLongPtrA

• 0x1400462f8 PostQuitMessage

• 0x140046300 PeekMessageA

• 0x140046308 TranslateMessage

• 0x140046310 SetLayeredWindowAttributes

• 0x140046318 CreateWindowExA

• 0x140046320 DefWindowProcA

• 0x140046328 ShowWindow

• 0x140046330 DestroyWindow

• 0x140046338 LoadCursorA

• 0x140046340 DispatchMessageA

• 0x140046348 SetCapture

库: GDI32.dll:

• 0x140046038 CreateRectRgn

库: ADVAPI32.dll:

• 0x140046000 OpenSCManagerA

• 0x140046008 CloseServiceHandle

• 0x140046010 StartServiceA

• 0x140046018 CreateServiceA

库: MSVCP140.dll:

• 0x140046208 ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A

• 0x140046210 ?_Xlength_error@std@@YAXPEBD@Z

• 0x140046218 ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ

库: dwmapi.dll:

• 0x1400465e8 DwmEnableBlurBehindWindow

• 0x1400465f0 DwmExtendFrameIntoClientArea

库: IMM32.dll:

• 0x140046048 ImmGetContext

• 0x140046050 ImmReleaseContext

• 0x140046058 ImmSetCompositionWindow

库: D3DCOMPILER_43.dll:

• 0x140046028 D3DCompile

库: XINPUT1_3.dll:

• 0x1400463d8 None

• 0x1400463e0 None

库: VCRUNTIME140_1.dll:

• 0x1400463c8 __CxxFrameHandler4

库: VCRUNTIME140.dll:

• 0x140046358 _CxxThrowException

• 0x140046360 __current_exception_context

• 0x140046368 __current_exception

• 0x140046370 __C_specific_handler

• 0x140046378 memset

• 0x140046380 memmove

• 0x140046388 strstr

• 0x140046390 __std_exception_copy

• 0x140046398 __std_exception_destroy

• 0x1400463a0 __std_terminate

• 0x1400463a8 memcpy

• 0x1400463b0 memchr

• 0x1400463b8 memcmp

库: api-ms-win-crt-heap-l1-1-0.dll:

• 0x140046400 malloc

• 0x140046408 free

• 0x140046410 _callnewh

• 0x140046418 _set_new_mode

库: api-ms-win-crt-runtime-l1-1-0.dll:

• 0x1400464a8 _c_exit

• 0x1400464b0 _initialize_onexit_table

• 0x1400464b8 _register_onexit_function

• 0x1400464c0 _configure_narrow_argv

• 0x1400464c8 _exit

• 0x1400464d0 exit

• 0x1400464d8 _initterm_e

• 0x1400464e0 _initterm

• 0x1400464e8 _register_thread_local_exe_atexit_callback

• 0x1400464f0 _get_narrow_winmain_command_line

• 0x1400464f8 _crt_atexit

• 0x140046500 _cexit

• 0x140046508 _set_app_type

• 0x140046510 _initialize_narrow_environment

• 0x140046518 terminate

• 0x140046520 _invalid_parameter_noinfo_noreturn

• 0x140046528 _seh_filter_exe

库: api-ms-win-crt-stdio-l1-1-0.dll:

• 0x140046538 ftell

• 0x140046540 __stdio_common_vfprintf

• 0x140046548 __acrt_iob_func

• 0x140046550 fflush

• 0x140046558 fclose

• 0x140046560 fwrite

• 0x140046568 _wfopen

• 0x140046570 __stdio_common_vsprintf

• 0x140046578 __stdio_common_vsscanf

• 0x140046580 __p__commode

• 0x140046588 _set_fmode

• 0x140046590 fseek

• 0x140046598 fread

库: api-ms-win-crt-string-l1-1-0.dll:

• 0x1400465a8 strncpy

• 0x1400465b0 _stricmp

• 0x1400465b8 strcmp

库: api-ms-win-crt-utility-l1-1-0.dll:

• 0x1400465c8 qsort

库: api-ms-win-crt-convert-l1-1-0.dll:

• 0x1400463f0 atof

库: api-ms-win-crt-math-l1-1-0.dll:

• 0x140046438 powf

• 0x140046440 sinf

• 0x140046448 sqrt

• 0x140046450 acosf

• 0x140046458 atan2f

• 0x140046460 pow

• 0x140046468 __setusermatherr

• 0x140046470 sqrtf

• 0x140046478 ceilf

• 0x140046480 fmodf

• 0x140046488 cosf

• 0x140046490 floorf

• 0x140046498 logf

库: api-ms-win-crt-locale-l1-1-0.dll:

• 0x140046428 _configthreadlocale

.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc

没有防病毒引擎扫描信息!

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	23.223.57.169	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	23.223.57.169	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 15.089 seconds )

10.718 Suricata
1.343 Static
1.186 VirusTotal
0.947 NetworkAnalysis
0.573 TargetInfo
0.292 peid
0.011 Strings
0.01 AnalysisInfo
0.005 config_decoder
0.002 BehaviorAnalysis
0.002 Memory

Signatures ( 1.451 seconds )

1.37 md_url_bl
0.014 md_domain_bl
0.011 antiav_detectreg
0.005 anomaly_persistence_autorun
0.005 infostealer_ftp
0.004 antiav_detectfile
0.004 geodo_banking_trojan
0.004 ransomware_extensions
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_im
0.003 network_http
0.002 tinba_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 infostealer_mail
0.001 rat_nanocore
0.001 betabot_behavior
0.001 cerber_behavior
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop
0.001 network_cnc_http
0.001 rat_spynet

Reporting ( 0.462 seconds )

0.462 ReportHTMLSummary


Task ID	698076
Mongo ID	62c41cbe7e769a0d6c18e981
Cuckoo release	1.4-Maldun