分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-08-19 14:54:22 2022-08-19 14:56:27 125 秒

魔盾分数

1.275

正常的

文件详细信息

文件名 爱我下载器.exe
文件大小 432640 字节
文件类型 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 90b63b40fa866ddb8b3666924a67c32c
SHA1 d634261dbf36e15209b05aa2dbbade06b40093e1
SHA256 a1eca12045f6e2c4a3087a1503f140881ece6d6a59e395daaa7dc46445a9bb25
SHA512 aedbc9ccc12f69bd80e0a05e39fb7bf84bb1de121b216caa9180d0a1afa50c02eba56766e455740234f4f7fea57d29bdce5d17fa398ac1b0f52d32da28b2b039
CRC32 099A00BD
Ssdeep 12288:fdRPGXHJR6ceuMciAa4gFlCmtGjpQ4f2:mwzUelCdQ
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0044c0d6
声明校验值 0x00000000
实际校验值 0x00077616
最低操作系统版本要求 4.0
编译时间 2019-11-24 17:28:25
载入哈希 f34d5f2d4577ed6d9ceec516c1f5a744

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00002000 0x0004a0dc 0x0004a200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.88
.rsrc 0x0004e000 0x0001f2d4 0x0001f400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.13
.reloc 0x0006e000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

导入

库: mscoree.dll:
0x402000 _CorExeMain

装载信息

名称 KuwoMusic
版本 1.1.0.0

装载参考

名称 版本
mscorlib 4.0.0.0
System.Windows.Forms 4.0.0.0
System.Numerics 4.0.0.0
System 4.0.0.0
System.Drawing 4.0.0.0
System.Web 4.0.0.0
Newtonsoft.Json 12.0.0.0
System.Core 4.0.0.0

自定义属性

类型 名称
Assembly [mscorlib]System.Reflection.AssemblyFileVersionAttribute 1.1.0
Assembly [mscorlib]System.Reflection.AssemblyTitleAttribute \xe9\x85\xb7\xe6\x88\x91\xe9\x9f\xb3\xe4\xb9\x90\xe8\xa7\xa3\xe6\x9e\x90 v1
Assembly [mscorlib]System.Runtime.InteropServices.GuidAttribute 59fff746-dce1-44ed-bb66-f3398f93f3
Assembly [mscorlib]System.Reflection.AssemblyProductAttribute \xe9\x85\xb7\xe6\x88\x91\xe9\x9f\xb3\xe4\xb9\x90\xe8\xa7\xa3\xe6\x9e\x90 v1
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute Copyright \xc2\xa9 20
Assembly [mscorlib]System.Reflection.AssemblyCompanyAttribute Google \xe4\xb8\xad\xe5\x9b\xbd\xe6\x97\xa0\xe9\x99\x90\xe8\xb4\xa3\xe4\xbb\xbb\xe5\x85\xac\xe5

类型参考

装载 类型名称
Newtonsoft.Json Newtonsoft.Json.JsonConvert
System System.CodeDom.Compiler.GeneratedCodeAttribute
System System.ComponentModel.Component
System System.ComponentModel.Container
System System.ComponentModel.IContainer
System System.ComponentModel.ISupportInitialize
System System.Configuration.ApplicationSettingsBase
System System.Configuration.SettingsBase
System System.Diagnostics.DataReceivedEventArgs
System System.Diagnostics.DataReceivedEventHandler
System System.Diagnostics.Process
System System.Diagnostics.ProcessStartInfo
System System.IO.Compression.CompressionMode
System System.IO.Compression.DeflateStream
System System.Net.HttpRequestHeader
System System.Net.WebClient
System System.Net.WebHeaderCollection
System System.Net.WebUtility
System System.Text.RegularExpressions.Capture
System System.Text.RegularExpressions.Group
System System.Text.RegularExpressions.Match
System System.Text.RegularExpressions.Regex
System System.Uri
System.Core System.Linq.Enumerable
System.Drawing System.Drawing.Color
System.Drawing System.Drawing.Point
System.Drawing System.Drawing.Size
System.Drawing System.Drawing.SizeF
System.Numerics System.Numerics.BigInteger
System.Web System.Web.HttpUtility
System.Windows.Forms System.Windows.Forms.AnchorStyles
System.Windows.Forms System.Windows.Forms.Application
System.Windows.Forms System.Windows.Forms.AutoScaleMode
System.Windows.Forms System.Windows.Forms.BaseCollection
System.Windows.Forms System.Windows.Forms.Button
System.Windows.Forms System.Windows.Forms.ButtonBase
System.Windows.Forms System.Windows.Forms.Clipboard
System.Windows.Forms System.Windows.Forms.ContainerControl
System.Windows.Forms System.Windows.Forms.ContextMenuStrip
System.Windows.Forms System.Windows.Forms.Control
System.Windows.Forms System.Windows.Forms.Control/ControlCollection
System.Windows.Forms System.Windows.Forms.DataGridView
System.Windows.Forms System.Windows.Forms.DataGridViewAutoSizeColumnsMode
System.Windows.Forms System.Windows.Forms.DataGridViewBand
System.Windows.Forms System.Windows.Forms.DataGridViewCell
System.Windows.Forms System.Windows.Forms.DataGridViewCellCollection
System.Windows.Forms System.Windows.Forms.DataGridViewCellMouseEventArgs
System.Windows.Forms System.Windows.Forms.DataGridViewCellMouseEventHandler
System.Windows.Forms System.Windows.Forms.DataGridViewColumn
System.Windows.Forms System.Windows.Forms.DataGridViewColumnCollection
System.Windows.Forms System.Windows.Forms.DataGridViewColumnHeadersHeightSizeMode
System.Windows.Forms System.Windows.Forms.DataGridViewRow
System.Windows.Forms System.Windows.Forms.DataGridViewRowCollection
System.Windows.Forms System.Windows.Forms.DataGridViewRowHeaderCell
System.Windows.Forms System.Windows.Forms.DataGridViewRowStateChangedEventArgs
System.Windows.Forms System.Windows.Forms.DataGridViewRowStateChangedEventHandler
System.Windows.Forms System.Windows.Forms.DataGridViewSelectedRowCollection
System.Windows.Forms System.Windows.Forms.DataGridViewTextBoxColumn
System.Windows.Forms System.Windows.Forms.DialogResult
System.Windows.Forms System.Windows.Forms.DockStyle
System.Windows.Forms System.Windows.Forms.Form
System.Windows.Forms System.Windows.Forms.FormStartPosition
System.Windows.Forms System.Windows.Forms.Label
System.Windows.Forms System.Windows.Forms.MessageBox
System.Windows.Forms System.Windows.Forms.MessageBoxButtons
System.Windows.Forms System.Windows.Forms.MessageBoxIcon
System.Windows.Forms System.Windows.Forms.MouseButtons
System.Windows.Forms System.Windows.Forms.MouseEventArgs
System.Windows.Forms System.Windows.Forms.Orientation
System.Windows.Forms System.Windows.Forms.SplitContainer
System.Windows.Forms System.Windows.Forms.SplitterPanel
System.Windows.Forms System.Windows.Forms.StatusStrip
System.Windows.Forms System.Windows.Forms.TextBox
System.Windows.Forms System.Windows.Forms.TextBoxBase
System.Windows.Forms System.Windows.Forms.ToolStrip
System.Windows.Forms System.Windows.Forms.ToolStripDropDown
System.Windows.Forms System.Windows.Forms.ToolStripItem
System.Windows.Forms System.Windows.Forms.ToolStripItemCollection
System.Windows.Forms System.Windows.Forms.ToolStripMenuItem
System.Windows.Forms System.Windows.Forms.ToolStripStatusLabel
mscorlib System.AppDomain
mscorlib System.ArgumentOutOfRangeException
mscorlib System.Array
mscorlib System.AsyncCallback
mscorlib System.BadImageFormatException
mscorlib System.BitConverter
mscorlib System.Boolean
mscorlib System.Buffer
mscorlib System.Byte
mscorlib System.Char
mscorlib System.Collections.Generic.Dictionary`2
mscorlib System.Collections.Generic.IEnumerable`1
mscorlib System.Collections.Generic.IEnumerator`1
mscorlib System.Collections.Generic.IEqualityComparer`1
mscorlib System.Collections.Generic.List`1
mscorlib System.Collections.Generic.List`1/Enumerator
mscorlib System.Collections.IEnumerable
mscorlib System.Collections.IEnumerator
mscorlib System.Console
mscorlib System.Convert
mscorlib System.Delegate
mscorlib System.Diagnostics.DebuggerHiddenAttribute
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
mscorlib System.Diagnostics.StackFrame
mscorlib System.Diagnostics.StackTrace
mscorlib System.Enum
mscorlib System.Environment
mscorlib System.Environment/SpecialFolder
mscorlib System.EventArgs
mscorlib System.EventHandler
mscorlib System.Exception
mscorlib System.Globalization.CultureInfo
mscorlib System.IAsyncResult
mscorlib System.IDisposable
mscorlib System.IO.Directory
mscorlib System.IO.DirectoryInfo
mscorlib System.IO.EndOfStreamException
mscorlib System.IO.File
mscorlib System.IO.FileLoadException
mscorlib System.IO.MemoryStream
mscorlib System.IO.Path
mscorlib System.IO.Stream
mscorlib System.Int16
mscorlib System.Int32
mscorlib System.Int64
mscorlib System.IntPtr
mscorlib System.MulticastDelegate
mscorlib System.NotSupportedException
mscorlib System.Object
mscorlib System.Reflection.Assembly
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyConfigurationAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Reflection.AssemblyName
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Reflection.MemberInfo
mscorlib System.Reflection.MethodBase
mscorlib System.ResolveEventArgs
mscorlib System.ResolveEventHandler
mscorlib System.Resources.ResourceManager
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Runtime.CompilerServices.RuntimeHelpers
mscorlib System.Runtime.CompilerServices.SuppressIldasmAttribute
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Runtime.InteropServices.GuidAttribute
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib System.RuntimeFieldHandle
mscorlib System.RuntimeMethodHandle
mscorlib System.RuntimeTypeHandle
mscorlib System.STAThreadAttribute
mscorlib System.Single
mscorlib System.String
mscorlib System.StringComparer
mscorlib System.StringComparison
mscorlib System.Text.Encoding
mscorlib System.Text.StringBuilder
mscorlib System.Threading.Interlocked
mscorlib System.Threading.Monitor
mscorlib System.Threading.Thread
mscorlib System.Type
mscorlib System.UInt16
mscorlib System.UInt32
mscorlib System.UInt64
mscorlib System.ValueType
mscorlib System.Version
mscorlib System.Void

.text
`.rsrc
@.reloc
"-&~!
X3C~!
>ffeefefeffeYa*
ffeeffefeXa*
没有防病毒引擎扫描信息!

进程树


_______________.exe, PID: 2556, 上一级进程 PID: 2220

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 184.25.56.181 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 184.25.56.181 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 18.964 seconds )

  • 10.532 Suricata
  • 4.585 VirusTotal
  • 1.473 Static
  • 0.943 NetworkAnalysis
  • 0.42 BehaviorAnalysis
  • 0.363 static_dotnet
  • 0.325 TargetInfo
  • 0.298 peid
  • 0.013 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory

Signatures ( 1.611 seconds )

  • 1.323 md_url_bl
  • 0.038 antiav_detectreg
  • 0.024 api_spamming
  • 0.018 stealth_decoy_document
  • 0.018 stealth_timeout
  • 0.017 infostealer_ftp
  • 0.012 antiav_detectfile
  • 0.01 infostealer_im
  • 0.008 antianalysis_detectreg
  • 0.008 infostealer_bitcoin
  • 0.008 md_domain_bl
  • 0.006 antiemu_wine_func
  • 0.006 anomaly_persistence_autorun
  • 0.006 infostealer_browser_password
  • 0.006 kovter_behavior
  • 0.006 infostealer_mail
  • 0.005 antivm_vbox_files
  • 0.005 geodo_banking_trojan
  • 0.004 antivm_generic_services
  • 0.004 antivm_generic_scsi
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 mimics_filetime
  • 0.003 betabot_behavior
  • 0.003 reads_self
  • 0.003 anormaly_invoke_kills
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 bootkit
  • 0.002 rat_nanocore
  • 0.002 stealth_file
  • 0.002 maldun_anomaly_massive_file_ops
  • 0.002 kibex_behavior
  • 0.002 antivm_generic_disk
  • 0.002 antidbg_windows
  • 0.002 virus
  • 0.002 antidbg_devices
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 disables_browser_warn
  • 0.002 md_bad_drop
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 antivm_vbox_libs
  • 0.001 antiav_avast_libs
  • 0.001 injection_createremotethread
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 hancitor_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 network_cnc_http
  • 0.001 rat_pcclient
  • 0.001 recon_fingerprint

Reporting ( 0.511 seconds )

  • 0.508 ReportHTMLSummary
  • 0.003 Malheur
Task ID 704781
Mongo ID 62ff343adc327beba8e01701
Cuckoo release 1.4-Maldun