分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2022-09-24 15:10:15 | 2022-09-24 15:10:48 | 33 秒 |
文件名 | SecurityLaunchCLR.dll |
---|---|
文件大小 | 309760 字节 |
文件类型 | PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5 | 352f989b53cf3509d8c21f83e9900a84 |
SHA1 | cf8d0cb3700f612e31f96db5fbafb12e4d5d3cd5 |
SHA256 | 1a3998c65661e55c6b5290e7a59bfb6b4d2a59371e4eaa488ebd1cdd95f9e970 |
SHA512 | 8e0b472125c573613472f1f3a9a8a3213f0052f08d312874765eef002ee5d87be5e6c53e940cb3fe1827d61b247cba4aed371e7a128363b43976ae13903eeab8 |
CRC32 | AA4FEA21 |
Ssdeep | 6144:fj0ppLQ84fcM9xLbhNStBWy3ubxW2Gt7:7YyFrSFu |
Yara | 登录查看Yara规则 |
找不到该样本 提交漏报 |
无主机纪录.
无域名信息.
初始地址 | 0x10000000 |
---|---|
入口地址 | 0x10019e83 |
声明校验值 | 0x0004c807 |
实际校验值 | 0x0004c807 |
最低操作系统版本要求 | 6.0 |
编译时间 | 2019-02-18 17:49:50 |
载入哈希 | ab6436867c08472060c8065f660ca43d |
图标 | |
图标精确哈希值 | 9db58d4913256d2b52c5163864b9f7a7 |
图标相似性哈希值 | c3ca946d749a15ad18efd3e5d7b0d8f5 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000192a8 | 0x00019400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.39 |
.rdata | 0x0001b000 | 0x000259ec | 0x00025a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.12 |
.data | 0x00041000 | 0x00005464 | 0x00000c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.09 |
.rsrc | 0x00047000 | 0x0000a638 | 0x0000a800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.36 |
.reloc | 0x00052000 | 0x000010d4 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.51 |
.text | 0x00054000 | 0x0000000e | 0x00000200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.16 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00050f68 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.76 | GLS_BINARY_LSB_FIRST |
RT_GROUP_ICON | 0x000513d0 | 0x00000084 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.79 | MS Windows icon resource - 9 icons, 256x256 |
RT_VERSION | 0x00051454 | 0x0000005c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.26 | data |
RT_MANIFEST | 0x000514b0 | 0x0000017d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | XML 1.0 document text |
名称 | SecurityLaunchCLR |
---|---|
版本 | 1.0.6988.32095 |
名称 | 版本 |
---|---|
mscorlib | 4.0.0.0 |
类型 | 名称 | 值 |
---|---|---|
Assembly | [mscorlib]System.Reflection.AssemblyCopyrightAttribute | \xe7\x89\x88\xe6\x9d\x83\xe6\x89\x80\xe6\x9c\x89(c) 20 |
Assembly | [mscorlib]System.Reflection.AssemblyTitleAttribute | SecurityLaunchC |
Assembly | [mscorlib]System.Reflection.AssemblyProductAttribute | SecurityLaunchC |
TypeRef | [mscorlib]System.Reflection.AssemblyProductAttribute | SecurityLaunchC |
TypeRef | [mscorlib]System.Reflection.AssemblyTitleAttribute | SecurityLaunchC |
TypeRef | [mscorlib]System.Reflection.AssemblyCopyrightAttribute | \xe7\x89\x88\xe6\x9d\x83\xe6\x89\x80\xe6\x9c\x89(c) 20 |
TypeRef | [mscorlib]System.Reflection.AssemblyVersionAttribute | 1.0 |
装载 | 类型名称 |
---|---|
mscorlib | System.AppDomain |
mscorlib | System.CLSCompliantAttribute |
mscorlib | System.Collections.IEnumerator |
mscorlib | System.Collections.Stack |
mscorlib | System.Delegate |
mscorlib | System.Diagnostics.DebuggerStepThroughAttribute |
mscorlib | System.Enum |
mscorlib | System.EventArgs |
mscorlib | System.EventHandler |
mscorlib | System.Exception |
mscorlib | System.GC |
mscorlib | System.Guid |
mscorlib | System.IDisposable |
mscorlib | System.Int32 |
mscorlib | System.IntPtr |
mscorlib | System.ModuleHandle |
mscorlib | System.Object |
mscorlib | System.OutOfMemoryException |
mscorlib | System.Reflection.AssemblyCompanyAttribute |
mscorlib | System.Reflection.AssemblyConfigurationAttribute |
mscorlib | System.Reflection.AssemblyCopyrightAttribute |
mscorlib | System.Reflection.AssemblyCultureAttribute |
mscorlib | System.Reflection.AssemblyDescriptionAttribute |
mscorlib | System.Reflection.AssemblyProductAttribute |
mscorlib | System.Reflection.AssemblyTitleAttribute |
mscorlib | System.Reflection.AssemblyTrademarkAttribute |
mscorlib | System.Reflection.AssemblyVersionAttribute |
mscorlib | System.Reflection.Module |
mscorlib | System.Runtime.CompilerServices.AssemblyAttributesGoHere |
mscorlib | System.Runtime.CompilerServices.AssemblyAttributesGoHereSM |
mscorlib | System.Runtime.CompilerServices.CallConvCdecl |
mscorlib | System.Runtime.CompilerServices.CallConvStdcall |
mscorlib | System.Runtime.CompilerServices.CallConvThiscall |
mscorlib | System.Runtime.CompilerServices.CompilerMarshalOverride |
mscorlib | System.Runtime.CompilerServices.DecoratedNameAttribute |
mscorlib | System.Runtime.CompilerServices.FixedAddressValueTypeAttribute |
mscorlib | System.Runtime.CompilerServices.IsBoxed |
mscorlib | System.Runtime.CompilerServices.IsConst |
mscorlib | System.Runtime.CompilerServices.IsCopyConstructed |
mscorlib | System.Runtime.CompilerServices.IsImplicitlyDereferenced |
mscorlib | System.Runtime.CompilerServices.IsLong |
mscorlib | System.Runtime.CompilerServices.IsSignUnspecifiedByte |
mscorlib | System.Runtime.CompilerServices.IsUdtReturn |
mscorlib | System.Runtime.CompilerServices.IsVolatile |
mscorlib | System.Runtime.CompilerServices.NativeCppClassAttribute |
mscorlib | System.Runtime.CompilerServices.RuntimeHelpers |
mscorlib | System.Runtime.CompilerServices.SuppressMergeCheckAttribute |
mscorlib | System.Runtime.CompilerServices.UnsafeValueTypeAttribute |
mscorlib | System.Runtime.ConstrainedExecution.Cer |
mscorlib | System.Runtime.ConstrainedExecution.Consistency |
mscorlib | System.Runtime.ConstrainedExecution.PrePrepareMethodAttribute |
mscorlib | System.Runtime.ConstrainedExecution.ReliabilityContractAttribute |
mscorlib | System.Runtime.ExceptionServices.HandleProcessCorruptedStateExceptionsAttribute |
mscorlib | System.Runtime.InteropServices.ComVisibleAttribute |
mscorlib | System.Runtime.InteropServices.GCHandle |
mscorlib | System.Runtime.InteropServices.Marshal |
mscorlib | System.Runtime.InteropServices.MarshalAsAttribute |
mscorlib | System.Runtime.InteropServices.RuntimeEnvironment |
mscorlib | System.Runtime.InteropServices.UnmanagedType |
mscorlib | System.Runtime.Serialization.SerializationInfo |
mscorlib | System.Runtime.Serialization.StreamingContext |
mscorlib | System.Runtime.Versioning.TargetFrameworkAttribute |
mscorlib | System.RuntimeMethodHandle |
mscorlib | System.RuntimeTypeHandle |
mscorlib | System.Security.Permissions.SecurityAction |
mscorlib | System.Security.Permissions.SecurityPermissionAttribute |
mscorlib | System.Security.SecurityCriticalAttribute |
mscorlib | System.Security.SecurityRuleSet |
mscorlib | System.Security.SecurityRulesAttribute |
mscorlib | System.Security.SecuritySafeCriticalAttribute |
mscorlib | System.Security.SuppressUnmanagedCodeSecurityAttribute |
mscorlib | System.String |
mscorlib | System.Threading.Interlocked |
mscorlib | System.Threading.Monitor |
mscorlib | System.Threading.Mutex |
mscorlib | System.Threading.WaitHandle |
mscorlib | System.Type |
mscorlib | System.ValueType |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 104.88.193.211 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
无域名信息.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 104.88.193.211 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 710616 |
---|---|
Mongo ID | 632ead937e769a059de15a15 |
Cuckoo release | 1.4-Maldun |