比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-08-19 11:28:31 2022-08-19 11:30:40 129 秒

魔盾分数

8.25

危险的

文件详细信息

文件名 藤原书记云授权.exe
文件大小 1212416 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 8c00eac3a9ef86cc9a16ccede7d3bae2
SHA1 d8a5990be785ee1a0da9d0281f6c2d5701bf9f82
SHA256 6c15aa0bcde0806204781acd429535fd796e1e074ca19445da7cdde06003be99
SHA512 0b506d5a7a052fb409474607e26fdc30156358c3ae1c75b8c4c3cd5500709e2e3dc41f5e3376837203e9b918f420a8c0b44b3e831023383508a32fdfe9c72f52
CRC32 E77F5E48
Ssdeep 24576:4y5h5KEl1qd0PHiF0u/PojnM+VcbsbZCi0yBY:4CKH0Pil/gjnM+VcY9Ciu
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00488ee1
声明校验值 0x00000000
实际校验值 0x00137d9d
最低操作系统版本要求 4.0
编译时间 2022-07-31 16:51:54
载入哈希 cd3930683616b59f0e260dd1ddfc368e

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000a8256 0x000a9000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x000aa000 0x0005c0a6 0x0005d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.40
.data 0x00107000 0x00049ec8 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.00
.rsrc 0x00151000 0x00008b5c 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.19

导入

库: KERNEL32.dll:
0x4aa174 GetLocalTime
0x4aa178 GetSystemTime
0x4aa180 RtlUnwind
0x4aa184 GetStartupInfoA
0x4aa188 GetOEMCP
0x4aa18c GetCPInfo
0x4aa190 GetProcessVersion
0x4aa194 SetErrorMode
0x4aa198 GlobalFlags
0x4aa19c GetCurrentThread
0x4aa1a0 GetFileTime
0x4aa1a4 RaiseException
0x4aa1a8 TlsGetValue
0x4aa1ac LocalReAlloc
0x4aa1b0 TlsSetValue
0x4aa1b4 TlsFree
0x4aa1b8 GlobalHandle
0x4aa1bc TlsAlloc
0x4aa1c0 LocalAlloc
0x4aa1c4 lstrcmpA
0x4aa1c8 GetVersion
0x4aa1cc GlobalGetAtomNameA
0x4aa1d0 GlobalAddAtomA
0x4aa1d4 GlobalFindAtomA
0x4aa1d8 GlobalDeleteAtom
0x4aa1dc lstrcmpiA
0x4aa1e0 SetEndOfFile
0x4aa1e4 UnlockFile
0x4aa1e8 LockFile
0x4aa1ec FlushFileBuffers
0x4aa1f0 SetFilePointer
0x4aa1f4 GetCurrentProcess
0x4aa1f8 DuplicateHandle
0x4aa1fc lstrcpynA
0x4aa200 SetLastError
0x4aa20c LocalFree
0x4aa218 TerminateProcess
0x4aa21c HeapSize
0x4aa220 GetACP
0x4aa238 SetHandleCount
0x4aa23c GetStdHandle
0x4aa240 GetFileType
0x4aa248 HeapDestroy
0x4aa24c HeapCreate
0x4aa250 VirtualFree
0x4aa258 LCMapStringA
0x4aa25c LCMapStringW
0x4aa260 VirtualAlloc
0x4aa264 IsBadWritePtr
0x4aa268 GetStringTypeA
0x4aa26c GetStringTypeW
0x4aa274 CompareStringA
0x4aa278 CompareStringW
0x4aa27c IsBadReadPtr
0x4aa280 IsBadCodePtr
0x4aa284 SetStdHandle
0x4aa288 SuspendThread
0x4aa28c TerminateThread
0x4aa290 ReleaseMutex
0x4aa294 CreateMutexA
0x4aa298 CreateSemaphoreA
0x4aa29c ResumeThread
0x4aa2a0 ReleaseSemaphore
0x4aa2ac GetProfileStringA
0x4aa2b0 WriteFile
0x4aa2b8 CreateFileA
0x4aa2bc SetEvent
0x4aa2c0 FindResourceA
0x4aa2c4 LoadResource
0x4aa2c8 LockResource
0x4aa2cc ReadFile
0x4aa2d0 lstrlenW
0x4aa2d4 GetModuleFileNameA
0x4aa2d8 WideCharToMultiByte
0x4aa2dc MultiByteToWideChar
0x4aa2e0 GetCurrentThreadId
0x4aa2e4 ExitProcess
0x4aa2e8 GlobalSize
0x4aa2ec GlobalFree
0x4aa2f8 lstrcatA
0x4aa2fc lstrlenA
0x4aa300 CloseHandle
0x4aa304 WinExec
0x4aa308 lstrcpyA
0x4aa30c FindNextFileA
0x4aa310 GlobalReAlloc
0x4aa314 HeapFree
0x4aa318 HeapReAlloc
0x4aa31c GetProcessHeap
0x4aa320 HeapAlloc
0x4aa324 GetUserDefaultLCID
0x4aa328 GetFullPathNameA
0x4aa32c FreeLibrary
0x4aa330 LoadLibraryA
0x4aa334 GetLastError
0x4aa338 GetVersionExA
0x4aa340 CreateThread
0x4aa344 CreateEventA
0x4aa348 Sleep
0x4aa350 GlobalAlloc
0x4aa354 GlobalLock
0x4aa358 GlobalUnlock
0x4aa35c FindFirstFileA
0x4aa360 FindClose
0x4aa364 GetFileAttributesA
0x4aa368 DeleteFileA
0x4aa374 GetModuleHandleA
0x4aa378 GetProcAddress
0x4aa37c MulDiv
0x4aa380 GetCommandLineA
0x4aa384 GetTickCount
0x4aa388 WaitForSingleObject
0x4aa38c GetFileSize
库: USER32.dll:
0x4aa3ec LoadIconA
0x4aa3f0 TranslateMessage
0x4aa3f4 DrawFrameControl
0x4aa3f8 DrawEdge
0x4aa3fc DrawFocusRect
0x4aa400 WindowFromPoint
0x4aa404 GetMessageA
0x4aa408 DispatchMessageA
0x4aa40c SetRectEmpty
0x4aa41c DrawIconEx
0x4aa420 CreatePopupMenu
0x4aa424 AppendMenuA
0x4aa428 ModifyMenuA
0x4aa42c CreateMenu
0x4aa434 GetDlgCtrlID
0x4aa438 GetSubMenu
0x4aa43c EnableMenuItem
0x4aa440 ClientToScreen
0x4aa448 LoadImageA
0x4aa450 ShowWindow
0x4aa454 IsWindowEnabled
0x4aa45c GetKeyState
0x4aa464 PostQuitMessage
0x4aa468 IsZoomed
0x4aa46c GetClassInfoA
0x4aa470 DefWindowProcA
0x4aa474 GetSystemMenu
0x4aa478 DeleteMenu
0x4aa47c GetMenu
0x4aa480 SetMenu
0x4aa484 PeekMessageA
0x4aa488 IsIconic
0x4aa48c SetFocus
0x4aa490 GetActiveWindow
0x4aa494 GetWindow
0x4aa49c SetWindowRgn
0x4aa4a0 GetMessagePos
0x4aa4a4 ScreenToClient
0x4aa4ac CopyRect
0x4aa4b0 LoadBitmapA
0x4aa4b4 WinHelpA
0x4aa4b8 KillTimer
0x4aa4bc SetTimer
0x4aa4c0 ReleaseCapture
0x4aa4c4 GetCapture
0x4aa4c8 SetCapture
0x4aa4cc GetScrollRange
0x4aa4d0 SetScrollRange
0x4aa4d4 SetScrollPos
0x4aa4d8 SetRect
0x4aa4dc InflateRect
0x4aa4e0 IntersectRect
0x4aa4e4 DestroyIcon
0x4aa4e8 PtInRect
0x4aa4ec OffsetRect
0x4aa4f0 IsWindowVisible
0x4aa4f4 EnableWindow
0x4aa4f8 UnregisterClassA
0x4aa4fc GetWindowLongA
0x4aa500 SetWindowLongA
0x4aa504 GetSysColor
0x4aa508 SetActiveWindow
0x4aa50c SetCursorPos
0x4aa510 LoadCursorA
0x4aa514 SetCursor
0x4aa518 GetDC
0x4aa51c FillRect
0x4aa520 IsRectEmpty
0x4aa524 ReleaseDC
0x4aa528 IsChild
0x4aa52c DestroyMenu
0x4aa530 SetForegroundWindow
0x4aa534 GetWindowRect
0x4aa538 EqualRect
0x4aa53c UpdateWindow
0x4aa540 ValidateRect
0x4aa544 InvalidateRect
0x4aa548 GetClientRect
0x4aa54c GetFocus
0x4aa550 GetParent
0x4aa554 GetTopWindow
0x4aa558 PostMessageA
0x4aa55c IsWindow
0x4aa560 SetParent
0x4aa564 DestroyCursor
0x4aa568 SendMessageA
0x4aa56c SetWindowPos
0x4aa570 GetWindowTextA
0x4aa578 CharUpperA
0x4aa57c GetWindowDC
0x4aa580 BeginPaint
0x4aa584 EndPaint
0x4aa588 TabbedTextOutA
0x4aa58c DrawTextA
0x4aa590 GrayStringA
0x4aa594 GetDlgItem
0x4aa598 DestroyWindow
0x4aa5a0 EndDialog
0x4aa5a4 GetNextDlgTabItem
0x4aa5a8 GetWindowPlacement
0x4aa5b0 GetForegroundWindow
0x4aa5b4 GetLastActivePopup
0x4aa5b8 GetMessageTime
0x4aa5bc RemovePropA
0x4aa5c0 CallWindowProcA
0x4aa5c4 GetPropA
0x4aa5c8 UnhookWindowsHookEx
0x4aa5cc SetPropA
0x4aa5d0 GetClassLongA
0x4aa5d4 CallNextHookEx
0x4aa5d8 SetWindowsHookExA
0x4aa5dc CreateWindowExA
0x4aa5e0 GetMenuItemID
0x4aa5e4 GetMenuItemCount
0x4aa5e8 RegisterClassA
0x4aa5ec GetScrollPos
0x4aa5f0 AdjustWindowRectEx
0x4aa5f4 MapWindowPoints
0x4aa5f8 SendDlgItemMessageA
0x4aa5fc ScrollWindowEx
0x4aa600 IsDialogMessageA
0x4aa604 SetWindowTextA
0x4aa608 MoveWindow
0x4aa60c CheckMenuItem
0x4aa610 SetMenuItemBitmaps
0x4aa614 GetMenuState
0x4aa61c GetClassNameA
0x4aa620 GetDesktopWindow
0x4aa624 LoadStringA
0x4aa628 GetSysColorBrush
0x4aa62c MessageBoxA
0x4aa630 GetCursorPos
0x4aa634 GetSystemMetrics
0x4aa638 EmptyClipboard
0x4aa63c SetClipboardData
0x4aa640 OpenClipboard
0x4aa644 GetClipboardData
0x4aa648 CloseClipboard
0x4aa64c wsprintfA
0x4aa650 RedrawWindow
库: GDI32.dll:
0x4aa028 GetTextMetricsA
0x4aa02c ExtTextOutA
0x4aa030 TextOutA
0x4aa034 RectVisible
0x4aa038 PtVisible
0x4aa03c GetViewportExtEx
0x4aa040 Escape
0x4aa044 ExtSelectClipRgn
0x4aa048 SetBkColor
0x4aa050 SetStretchBltMode
0x4aa054 GetClipRgn
0x4aa058 CreatePolygonRgn
0x4aa05c SelectClipRgn
0x4aa060 DeleteObject
0x4aa064 CreateDIBitmap
0x4aa06c CreatePalette
0x4aa070 StretchBlt
0x4aa074 SelectPalette
0x4aa078 RealizePalette
0x4aa07c GetDIBits
0x4aa080 GetWindowExtEx
0x4aa084 GetViewportOrgEx
0x4aa088 GetWindowOrgEx
0x4aa08c BeginPath
0x4aa090 EndPath
0x4aa094 PathToRegion
0x4aa098 CreateEllipticRgn
0x4aa09c CreateRoundRectRgn
0x4aa0a0 GetTextColor
0x4aa0a4 GetBkMode
0x4aa0a8 GetBkColor
0x4aa0ac GetROP2
0x4aa0b0 GetStretchBltMode
0x4aa0b4 GetPolyFillMode
0x4aa0bc CreateDCA
0x4aa0c0 CreateBitmap
0x4aa0c4 SelectObject
0x4aa0c8 CreatePen
0x4aa0cc PatBlt
0x4aa0d0 ScaleViewportExtEx
0x4aa0d4 SetViewportExtEx
0x4aa0d8 OffsetViewportOrgEx
0x4aa0dc SetViewportOrgEx
0x4aa0e0 SetMapMode
0x4aa0e4 SetTextColor
0x4aa0e8 SetROP2
0x4aa0ec SetPolyFillMode
0x4aa0f0 SetBkMode
0x4aa0f4 RestoreDC
0x4aa0f8 SaveDC
0x4aa0fc CombineRgn
0x4aa100 CreateRectRgn
0x4aa104 FillRgn
0x4aa108 CreateSolidBrush
0x4aa10c CreateFontIndirectA
0x4aa110 GetStockObject
0x4aa114 GetObjectA
0x4aa118 EndPage
0x4aa11c EndDoc
0x4aa120 DeleteDC
0x4aa124 StartDocA
0x4aa128 StartPage
0x4aa12c BitBlt
0x4aa130 CreateCompatibleDC
0x4aa134 Ellipse
0x4aa138 Rectangle
0x4aa13c LPtoDP
0x4aa140 DPtoLP
0x4aa144 GetCurrentObject
0x4aa148 RoundRect
0x4aa150 GetDeviceCaps
0x4aa154 LineTo
0x4aa158 MoveToEx
0x4aa15c ExcludeClipRect
0x4aa160 GetClipBox
0x4aa164 ScaleWindowExtEx
0x4aa168 SetWindowExtEx
0x4aa16c SetWindowOrgEx
库: WINMM.dll:
0x4aa660 waveOutWrite
0x4aa664 waveOutPause
0x4aa668 waveOutReset
0x4aa66c waveOutClose
0x4aa670 waveOutGetNumDevs
0x4aa674 waveOutOpen
0x4aa67c midiStreamOpen
0x4aa680 midiStreamProperty
0x4aa688 midiStreamOut
0x4aa68c waveOutRestart
0x4aa690 midiStreamStop
0x4aa694 midiOutReset
0x4aa698 midiStreamClose
0x4aa69c midiStreamRestart
库: WINSPOOL.DRV:
0x4aa6a4 OpenPrinterA
0x4aa6a8 DocumentPropertiesA
0x4aa6ac ClosePrinter
库: ADVAPI32.dll:
0x4aa000 RegCloseKey
0x4aa004 RegQueryValueExA
0x4aa008 RegOpenKeyExA
0x4aa00c RegSetValueExA
0x4aa010 RegQueryValueA
0x4aa014 RegCreateKeyExA
库: SHELL32.dll:
0x4aa3e0 ShellExecuteA
0x4aa3e4 Shell_NotifyIconA
库: ole32.dll:
0x4aa6f4 CLSIDFromProgID
0x4aa6f8 OleRun
0x4aa6fc CoCreateInstance
0x4aa700 CLSIDFromString
0x4aa704 OleUninitialize
0x4aa708 OleInitialize
库: OLEAUT32.dll:
0x4aa394 SafeArrayGetElement
0x4aa398 VariantCopyInd
0x4aa39c VariantInit
0x4aa3a0 SysAllocString
0x4aa3a4 SafeArrayDestroy
0x4aa3a8 SafeArrayCreate
0x4aa3ac SafeArrayPutElement
0x4aa3b0 RegisterTypeLib
0x4aa3b4 LHashValOfNameSys
0x4aa3b8 LoadTypeLib
0x4aa3bc UnRegisterTypeLib
0x4aa3c0 SafeArrayAccessData
0x4aa3c8 SafeArrayGetDim
0x4aa3cc SafeArrayGetLBound
0x4aa3d0 SafeArrayGetUBound
0x4aa3d4 VariantChangeType
0x4aa3d8 VariantClear
库: COMCTL32.dll:
0x4aa01c ImageList_Destroy
0x4aa020 None
库: WS2_32.dll:
0x4aa6b4 inet_ntoa
0x4aa6b8 WSACleanup
0x4aa6bc ntohl
0x4aa6c0 accept
0x4aa6c4 getpeername
0x4aa6c8 recv
0x4aa6cc ioctlsocket
0x4aa6d0 recvfrom
0x4aa6d4 closesocket
0x4aa6d8 WSAAsyncSelect
库: comdlg32.dll:
0x4aa6e0 ChooseColorA
0x4aa6e4 GetOpenFileNameA
0x4aa6e8 GetSaveFileNameA
0x4aa6ec GetFileTitleA
.text
`.rdata
@.data
.rsrc
VWPhL
VWPh|
VWQPh(
8`}<j
T$hVj
D$<`=O
T$th
|$TVj
D$4T=O
|$`Vj
D$$$>O
D$@Sj
L$8h
D$8Rj
jjjjh
没有防病毒引擎扫描信息!

进程树

_____________________.exe, PID: 2556, 上一级进程 PID: 2236
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.223.199.177 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.223.199.177 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 19.686 seconds )

  • 10.772 Suricata
  • 3.678 Static
  • 2.752 NetworkAnalysis
  • 1.366 VirusTotal
  • 0.45 TargetInfo
  • 0.414 peid
  • 0.228 BehaviorAnalysis
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.003 config_decoder
  • 0.002 Memory

Signatures ( 1.755 seconds )

  • 1.527 md_url_bl
  • 0.019 antiav_detectreg
  • 0.017 api_spamming
  • 0.016 stealth_decoy_document
  • 0.016 stealth_timeout
  • 0.016 md_domain_bl
  • 0.01 infostealer_ftp
  • 0.008 infostealer_im
  • 0.007 antivm_vbox_libs
  • 0.007 kovter_behavior
  • 0.007 antiav_detectfile
  • 0.007 ransomware_files
  • 0.006 antiemu_wine_func
  • 0.006 anomaly_persistence_autorun
  • 0.006 infostealer_browser_password
  • 0.006 ransomware_extensions
  • 0.004 exec_crash
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 network_http
  • 0.003 antiav_avast_libs
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 antivm_vmware_libs
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 antidbg_windows
  • 0.002 cerber_behavior
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.002 md_bad_drop
  • 0.001 rat_nanocore
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 injection_createremotethread
  • 0.001 antivm_generic_services
  • 0.001 betabot_behavior
  • 0.001 reads_self
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 injection_runpe
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 codelux_behavior
  • 0.001 darkcomet_regkeys
  • 0.001 malicous_targeted_flame
  • 0.001 network_cnc_http

Reporting ( 0.545 seconds )

  • 0.544 ReportHTMLSummary
  • 0.001 Malheur
Task ID 704739
Mongo ID 62ff0401dc327beba8e015b1
Cuckoo release 1.4-Maldun