比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-2 2022-09-24 16:15:42 2022-09-24 16:17:53 131 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 搜刮发卡网.exe
文件大小 4362240 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4d6047f994cdf2a99236fe40f0469d7e
SHA1 87968ec94f28a0671d79ab79590c96de1b9d8a9e
SHA256 54bc027fd46360184aeadffe8bd29d3d7ca384b82a138202a32494bcc10be81d
SHA512 b09ade12e52aad4f65b4b797e1757e4e6ca066db263ea8679626ec369c77a6042993997d29cbca2ea3428c9bc369da93300e260ff476a553fa67b25200cf5378
CRC32 B1DA2513
Ssdeep 98304:LrE0PUCpY0nGB35ZrSOFAlxyPGNazegO4Gwo77E5XR:XSonGBOOelxyeNaah4Gfk
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
180.111.199.110 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
q1.qlogo.cn 未知 CNAME q.qlogo.cn
A 180.111.199.93
A 180.111.198.52
A 180.111.199.110
A 180.111.198.158
A 180.111.199.109
A 180.111.199.184
A 180.111.199.95
A 180.111.198.41
A 180.111.198.106
A 180.111.198.198

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004e11ee
声明校验值 0x0042e9c6
实际校验值 0x0042e9c6
最低操作系统版本要求 4.0
编译时间 2022-09-24 16:08:44
载入哈希 d868d553f7158bf853cb1a515c10e1ab
图标
图标精确哈希值 7e8d0dbe5de19f74f384ae459c5abecf
图标相似性哈希值 439e81c5165936c3ea55d4df339c6380

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00106666 0x00107000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.53
.rdata 0x00108000 0x002f982c 0x002fa000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.80
.data 0x00402000 0x00068faa 0x00023000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.63
.rsrc 0x0046b000 0x00003e6c 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.26

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x0046b7a8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0046b7a8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0046b7a8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
WAVE 0x0046b8fc 0x00001448 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.35 RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
RT_CURSOR 0x0046d2c8 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0046d2c8 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0046d2c8 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0046d2c8 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0046d2c8 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x0046d2c8 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_BITMAP 0x0046d568 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0046d568 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x0046decc 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x0046decc 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x0046decc 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x0046decc 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x0046decc 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_DIALOG 0x0046e6d4 0x000000e2 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.39 data
RT_DIALOG 0x0046e6d4 0x000000e2 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.39 data
RT_DIALOG 0x0046e6d4 0x000000e2 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.39 data
RT_STRING 0x0046e7b8 0x000001c4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.11 data
RT_GROUP_CURSOR 0x0046e9cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0046e9cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0046e9cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0046e9cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0046e9cc 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x0046e9f0 0x00000030 LANG_NEUTRAL SUBLANG_NEUTRAL 2.37 MS Windows icon resource - 3 icons, 16x16, 16 colors
RT_VERSION 0x0046ea20 0x0000027c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.58 data
RT_MANIFEST 0x0046ec9c 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: SHLWAPI.dll:
0x5084d4 PathFileExistsW
库: WINMM.dll:
0x508784 midiStreamStop
0x508788 midiStreamRestart
0x50878c midiOutReset
0x508790 midiStreamClose
0x508794 midiStreamOut
0x50879c midiStreamProperty
0x5087a0 midiStreamOpen
0x5087a8 waveOutOpen
0x5087ac waveOutGetNumDevs
0x5087b0 waveOutClose
0x5087b4 waveOutReset
0x5087b8 waveOutPause
0x5087bc waveOutWrite
0x5087c8 PlaySoundA
0x5087cc waveOutRestart
库: WS2_32.dll:
0x5087ec closesocket
0x5087f0 WSACleanup
0x5087f4 inet_ntoa
0x5087f8 ntohl
0x5087fc WSAAsyncSelect
0x508800 accept
0x508804 getpeername
0x508808 recv
0x50880c ioctlsocket
0x508810 recvfrom
库: VERSION.dll:
0x508770 VerLanguageNameA
0x508774 VerQueryValueA
0x508778 GetFileVersionInfoA
库: MSVFW32.dll:
0x508444 DrawDibDraw
库: AVIFIL32.dll:
0x508030 AVIStreamInfoA
0x508034 AVIStreamGetFrame
库: KERNEL32.dll:
0x5081ec LocalFree
0x5081f0 FormatMessageA
0x5081fc lstrcpynA
0x508200 DuplicateHandle
0x508204 FlushFileBuffers
0x508208 LockFile
0x50820c UnlockFile
0x508210 SetEndOfFile
0x508214 GetThreadLocale
0x508218 lstrcmpiA
0x50821c GlobalDeleteAtom
0x508220 GlobalFindAtomA
0x508224 GlobalAddAtomA
0x508228 GlobalGetAtomNameA
0x50822c lstrcmpA
0x508230 LocalAlloc
0x508234 TlsAlloc
0x508238 GlobalHandle
0x50823c TlsFree
0x508240 TlsSetValue
0x508244 LocalReAlloc
0x508248 TlsGetValue
0x50824c GetFileTime
0x508250 GetCurrentThread
0x508254 GlobalFlags
0x508258 SetErrorMode
0x50825c GetProcessVersion
0x508260 GetCPInfo
0x508264 GetOEMCP
0x508268 GetStartupInfoA
0x50826c RtlUnwind
0x508270 GetSystemTime
0x508274 GetLocalTime
0x508278 RaiseException
0x50827c HeapSize
0x508280 GetACP
0x508298 SetHandleCount
0x50829c GetStdHandle
0x5082a0 GetFileType
0x5082a8 HeapDestroy
0x5082ac HeapCreate
0x5082b0 VirtualFree
0x5082b8 LCMapStringA
0x5082bc LCMapStringW
0x5082c0 VirtualAlloc
0x5082c4 IsBadWritePtr
0x5082cc GetStringTypeA
0x5082d0 GetStringTypeW
0x5082d4 CompareStringA
0x5082d8 CompareStringW
0x5082dc IsBadReadPtr
0x5082e0 IsBadCodePtr
0x5082e4 SetStdHandle
0x5082e8 SuspendThread
0x5082ec ReleaseMutex
0x5082f0 CreateMutexA
0x5082f4 TerminateThread
0x5082f8 GetTempFileNameA
0x5082fc GetVersion
0x508304 SetLastError
0x508308 GetSystemDirectoryA
0x508314 Process32First
0x508318 Process32Next
0x50831c GetModuleHandleW
0x508320 GetTempPathW
0x508324 CreateFileW
0x508328 SetFilePointer
0x50832c GetFileSize
0x508330 GetCurrentProcess
0x508334 TerminateProcess
0x508338 LoadLibraryW
0x50833c DeleteFileW
0x508340 CreateSemaphoreA
0x508344 ResumeThread
0x508348 ReleaseSemaphore
0x508354 GetProfileStringA
0x508358 WriteFile
0x508360 CreateFileA
0x508364 SetEvent
0x508368 FindResourceA
0x50836c LoadResource
0x508370 LockResource
0x508374 ReadFile
0x508378 lstrlenW
0x50837c GetModuleFileNameA
0x508380 GetCurrentThreadId
0x508384 ExitProcess
0x508388 GlobalSize
0x50838c GlobalFree
0x508398 lstrcatA
0x50839c lstrlenA
0x5083a0 WinExec
0x5083a4 lstrcpyA
0x5083a8 FindNextFileA
0x5083ac GlobalReAlloc
0x5083b0 HeapFree
0x5083b4 HeapReAlloc
0x5083b8 GetProcessHeap
0x5083bc HeapAlloc
0x5083c0 GetUserDefaultLCID
0x5083c4 MultiByteToWideChar
0x5083c8 WideCharToMultiByte
0x5083cc GetFullPathNameA
0x5083d0 FreeLibrary
0x5083d4 LoadLibraryA
0x5083d8 GetLastError
0x5083dc GetVersionExA
0x5083e4 CreateThread
0x5083e8 CreateEventA
0x5083ec Sleep
0x5083f0 GlobalAlloc
0x5083f4 GlobalLock
0x5083f8 GlobalUnlock
0x5083fc GetTempPathA
0x508400 FindFirstFileA
0x508404 FindClose
0x508408 SetFileAttributesA
0x50840c GetFileAttributesA
0x508410 DeleteFileA
0x50841c GetModuleHandleA
0x508420 GetProcAddress
0x508424 MulDiv
0x508428 GetCommandLineA
0x50842c GetTickCount
0x508430 WaitForSingleObject
0x508434 CloseHandle
0x508438 InterlockedExchange
库: USER32.dll:
0x5084dc GetNextDlgGroupItem
0x5084e0 GetSysColorBrush
0x5084e4 LoadStringA
0x5084e8 MapDialogRect
0x5084f0 CharNextA
0x5084f8 GetMenuState
0x5084fc SetMenuItemBitmaps
0x508500 CheckMenuItem
0x508504 MoveWindow
0x508508 SetWindowTextA
0x50850c IsDialogMessageA
0x508510 ScrollWindowEx
0x508514 SendDlgItemMessageA
0x508518 MapWindowPoints
0x50851c AdjustWindowRectEx
0x508520 GetScrollPos
0x508524 RegisterClassA
0x508528 GetMenuItemCount
0x50852c GetMenuItemID
0x508530 SetWindowsHookExA
0x508534 CallNextHookEx
0x508538 GetClassLongA
0x50853c SetPropA
0x508540 UnhookWindowsHookEx
0x508544 GetPropA
0x508548 RemovePropA
0x50854c GetMessageTime
0x508550 GetLastActivePopup
0x508558 GetWindowPlacement
0x50855c EndDialog
0x508564 DestroyWindow
0x508568 GrayStringA
0x50856c DrawTextA
0x508570 TabbedTextOutA
0x508574 EndPaint
0x508578 BeginPaint
0x50857c GetWindowDC
0x508580 CharUpperA
0x508588 GetForegroundWindow
0x50858c GetNextDlgTabItem
0x508590 GetWindowTextA
0x508594 UnregisterClassA
0x508598 GetDlgItem
0x50859c GetClassNameA
0x5085a0 GetDesktopWindow
0x5085a4 UnregisterHotKey
0x5085a8 RegisterHotKey
0x5085ac CreateWindowExA
0x5085b0 CallWindowProcA
0x5085b4 MessageBoxW
0x5085b8 LoadIconA
0x5085bc TranslateMessage
0x5085c0 DrawFrameControl
0x5085c4 DrawEdge
0x5085c8 DrawFocusRect
0x5085cc WindowFromPoint
0x5085d0 GetMessageA
0x5085d4 DispatchMessageA
0x5085e4 DrawIconEx
0x5085e8 CreatePopupMenu
0x5085ec AppendMenuA
0x5085f0 ModifyMenuA
0x5085f4 CreateMenu
0x5085fc GetDlgCtrlID
0x508600 GetSubMenu
0x508604 EnableMenuItem
0x508608 ClientToScreen
0x508610 LoadImageA
0x508618 ShowWindow
0x50861c IsWindowEnabled
0x508624 GetKeyState
0x50862c PostQuitMessage
0x508630 IsZoomed
0x508634 GetClassInfoA
0x508638 DefWindowProcA
0x50863c GetSystemMenu
0x508640 DeleteMenu
0x508644 GetMenu
0x508648 SetMenu
0x50864c PeekMessageA
0x508650 IsIconic
0x508654 SetFocus
0x508658 GetActiveWindow
0x50865c GetWindow
0x508664 SetWindowRgn
0x508668 GetMessagePos
0x50866c ScreenToClient
0x508674 LoadBitmapA
0x508678 WinHelpA
0x50867c KillTimer
0x508680 SetTimer
0x508684 ReleaseCapture
0x508688 GetCapture
0x50868c SetCapture
0x508690 GetScrollRange
0x508694 SetScrollRange
0x508698 SetScrollPos
0x50869c SetRect
0x5086a0 InflateRect
0x5086a4 IntersectRect
0x5086a8 DestroyIcon
0x5086ac PtInRect
0x5086b0 OffsetRect
0x5086b4 IsWindowVisible
0x5086b8 EnableWindow
0x5086bc RedrawWindow
0x5086c0 GetWindowLongA
0x5086c4 SetWindowLongA
0x5086c8 GetSysColor
0x5086cc SetActiveWindow
0x5086d0 SetCursorPos
0x5086d4 LoadCursorA
0x5086d8 SetCursor
0x5086dc GetDC
0x5086e0 FillRect
0x5086e4 IsRectEmpty
0x5086e8 ReleaseDC
0x5086ec IsChild
0x5086f0 TrackPopupMenu
0x5086f4 DestroyMenu
0x5086f8 SetForegroundWindow
0x5086fc GetWindowRect
0x508700 EqualRect
0x508704 UpdateWindow
0x508708 ValidateRect
0x50870c InvalidateRect
0x508710 GetClientRect
0x508714 GetFocus
0x508718 GetParent
0x50871c GetTopWindow
0x508720 PostMessageA
0x508724 IsWindow
0x508728 SetParent
0x50872c DestroyCursor
0x508730 SendMessageA
0x508734 SetWindowPos
0x508738 MessageBeep
0x50873c MessageBoxA
0x508740 GetCursorPos
0x508744 GetSystemMetrics
0x508748 EmptyClipboard
0x50874c SetClipboardData
0x508750 OpenClipboard
0x508754 GetClipboardData
0x508758 CloseClipboard
0x50875c wsprintfA
0x508760 PostThreadMessageA
0x508764 SetRectEmpty
0x508768 CopyRect
库: GDI32.dll:
0x50806c GetStretchBltMode
0x508070 GetPolyFillMode
0x508074 GetROP2
0x50807c CreateDCA
0x508080 CreateBrushIndirect
0x508084 GetBkColor
0x508088 CreateHatchBrush
0x50808c SetTextColor
0x508090 StretchDIBits
0x508094 SetDIBitsToDevice
0x508098 SaveDC
0x50809c RestoreDC
0x5080a0 SetPolyFillMode
0x5080a4 SetROP2
0x5080a8 SetMapMode
0x5080ac SetViewportOrgEx
0x5080b0 OffsetViewportOrgEx
0x5080b4 SetViewportExtEx
0x5080b8 ScaleViewportExtEx
0x5080bc CreateBitmap
0x5080c0 SetWindowExtEx
0x5080c4 ScaleWindowExtEx
0x5080c8 GetClipBox
0x5080cc ExcludeClipRect
0x5080d0 MoveToEx
0x5080d4 LineTo
0x5080d8 CreatePatternBrush
0x5080dc ExtSelectClipRgn
0x5080e0 GetViewportExtEx
0x5080e4 PtVisible
0x5080e8 RectVisible
0x5080ec ExtTextOutA
0x5080f0 Escape
0x5080f4 GetTextMetricsA
0x5080f8 GetMapMode
0x508100 CreateFontA
0x508104 SetBkColor
0x50810c CreateDIBSection
0x508110 SetPixel
0x508114 ExtCreateRegion
0x508118 SetStretchBltMode
0x50811c GetClipRgn
0x508120 CreatePolygonRgn
0x508124 SelectClipRgn
0x508128 DeleteObject
0x50812c CreateDIBitmap
0x508134 CreatePalette
0x508138 StretchBlt
0x50813c SelectPalette
0x508140 RealizePalette
0x508144 GetDIBits
0x508148 GetWindowExtEx
0x50814c GetViewportOrgEx
0x508150 GetWindowOrgEx
0x508154 BeginPath
0x508158 SelectObject
0x50815c CreatePen
0x508160 PatBlt
0x508164 CombineRgn
0x508168 CreateRectRgn
0x50816c FillRgn
0x508170 CreateSolidBrush
0x508174 CreateFontIndirectA
0x508178 GetStockObject
0x50817c GetObjectA
0x508180 EndPage
0x508184 EndDoc
0x508188 DeleteDC
0x50818c StartDocA
0x508190 StartPage
0x508194 BitBlt
0x508198 GetPixel
0x50819c CreateCompatibleDC
0x5081a0 SetBkMode
0x5081a4 TextOutA
0x5081a8 Ellipse
0x5081ac Rectangle
0x5081b0 LPtoDP
0x5081b4 DPtoLP
0x5081b8 GetCurrentObject
0x5081bc RoundRect
0x5081c4 SetWindowOrgEx
0x5081c8 GetDeviceCaps
0x5081cc EndPath
0x5081d0 PathToRegion
0x5081d4 CreateEllipticRgn
0x5081d8 CreateRoundRectRgn
0x5081dc GetTextColor
0x5081e0 GetBkMode
库: WINSPOOL.DRV:
0x5087d4 ClosePrinter
0x5087d8 DocumentPropertiesA
0x5087dc OpenPrinterA
库: comdlg32.dll:
0x508818 GetFileTitleA
0x50881c GetSaveFileNameA
0x508820 GetOpenFileNameA
0x508824 ChooseFontA
0x508828 ChooseColorA
库: ADVAPI32.dll:
0x508000 RegCreateKeyExA
0x508004 CryptGetHashParam
0x50800c CryptCreateHash
0x508010 CryptHashData
0x508014 CryptDestroyHash
0x508018 CryptReleaseContext
0x50801c RegQueryValueA
0x508020 RegSetValueExA
0x508024 RegOpenKeyExA
0x508028 RegCloseKey
库: SHELL32.dll:
0x5084bc DragQueryFileA
0x5084c0 DragFinish
0x5084c4 DragAcceptFiles
0x5084c8 Shell_NotifyIconA
0x5084cc ShellExecuteA
库: ole32.dll:
0x508830 CoRevokeClassObject
0x508848 OleFlushClipboard
0x508850 CoGetClassObject
0x508854 CoTaskMemFree
0x508858 CoTaskMemAlloc
0x50885c CLSIDFromProgID
0x508860 ReleaseStgMedium
0x508864 RevokeDragDrop
0x508868 RegisterDragDrop
0x50886c OleInitialize
0x508870 OleUninitialize
0x508874 CLSIDFromString
0x508878 CoCreateInstance
0x50887c OleRun
库: OLEAUT32.dll:
0x50844c VariantInit
0x508450 VariantCopyInd
0x508454 SafeArrayGetElement
0x508458 SafeArrayAccessData
0x508460 SafeArrayGetDim
0x508464 SysAllocString
0x508468 SafeArrayGetUBound
0x50846c VariantChangeType
0x508470 VariantClear
0x508474 VariantCopy
0x508478 SafeArrayDestroy
0x50847c SafeArrayCreate
0x508480 SafeArrayPutElement
0x508484 RegisterTypeLib
0x508488 LHashValOfNameSys
0x508490 SysStringLen
0x508494 LoadTypeLib
0x508498 SafeArrayGetLBound
0x5084a0 UnRegisterTypeLib
0x5084a4 SysFreeString
0x5084b0 SysAllocStringLen
库: COMCTL32.dll:
0x50803c _TrackMouseEvent
0x508040 None
0x508044 ImageList_EndDrag
0x508048 ImageList_Add
0x50804c ImageList_BeginDrag
0x508050 ImageList_Create
0x508054 ImageList_Destroy
0x508058 ImageList_DragEnter
0x50805c ImageList_DragLeave
0x508060 ImageList_DragMove
库: oledlg.dll:
0x508884 None
库: WLDAP32.dll:
0x5087e4 None
])zx[/zRichy[/z
.text
`.rdata
@.data
.rsrc
3ha^R
3hw_R
3hObR
3hTbR
3h$dR
3hTbR
3hw_R
3h$dR
3htJr
3htJr
3htJr
3htJr
VWPh
没有防病毒引擎扫描信息!

进程树

_______________.exe, PID: 2588, 上一级进程 PID: 2304
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
180.111.199.110 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49161 180.111.199.110 q1.qlogo.cn 443
192.168.122.202 49159 23.192.228.89 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53
192.168.122.202 62960 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
q1.qlogo.cn 未知 CNAME q.qlogo.cn
A 180.111.199.93
A 180.111.198.52
A 180.111.199.110
A 180.111.198.158
A 180.111.199.109
A 180.111.199.184
A 180.111.199.95
A 180.111.198.41
A 180.111.198.106
A 180.111.198.198

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49161 180.111.199.110 q1.qlogo.cn 443
192.168.122.202 49159 23.192.228.89 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53
192.168.122.202 62960 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2022-09-24 16:16:08.052318+0800 192.168.122.202 49161 180.111.199.110 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.qpic.cn 6a:21:05:46:7c:12:cd:99:99:07:87:12:79:81:4f:68:31:0a:b8:5f

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 30.209 seconds )

  • 11.787 Suricata
  • 11.474 NetworkAnalysis
  • 3.211 Static
  • 1.375 TargetInfo
  • 1.161 VirusTotal
  • 0.816 BehaviorAnalysis
  • 0.343 peid
  • 0.019 AnalysisInfo
  • 0.012 Strings
  • 0.009 config_decoder
  • 0.002 Memory

Signatures ( 1.83 seconds )

  • 1.445 md_url_bl
  • 0.055 antiav_detectreg
  • 0.044 api_spamming
  • 0.038 stealth_decoy_document
  • 0.036 stealth_timeout
  • 0.021 infostealer_ftp
  • 0.012 infostealer_im
  • 0.011 antianalysis_detectreg
  • 0.011 md_domain_bl
  • 0.009 antivm_generic_scsi
  • 0.008 antidbg_windows
  • 0.007 antivm_generic_services
  • 0.007 antiav_detectfile
  • 0.007 infostealer_mail
  • 0.006 anomaly_persistence_autorun
  • 0.006 geodo_banking_trojan
  • 0.005 anormaly_invoke_kills
  • 0.005 kovter_behavior
  • 0.004 antiemu_wine_func
  • 0.004 antivm_vbox_libs
  • 0.004 infostealer_browser_password
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 tinba_behavior
  • 0.003 betabot_behavior
  • 0.003 kibex_behavior
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_vbox_files
  • 0.003 antivm_xen_keys
  • 0.003 darkcomet_regkeys
  • 0.003 network_http
  • 0.002 rat_nanocore
  • 0.002 mimics_filetime
  • 0.002 reads_self
  • 0.002 shifu_behavior
  • 0.002 exec_crash
  • 0.002 antivm_generic_disk
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 network_tor
  • 0.001 bootkit
  • 0.001 antiav_avast_libs
  • 0.001 stealth_file
  • 0.001 antivm_vmware_libs
  • 0.001 injection_createremotethread
  • 0.001 antivm_vbox_window
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 antisandbox_script_timer
  • 0.001 virus
  • 0.001 hancitor_behavior
  • 0.001 bypass_firewall
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.608 seconds )

  • 0.604 ReportHTMLSummary
  • 0.004 Malheur
Task ID 710619
Mongo ID 632ebd5f7e769a059ee15a73
Cuckoo release 1.4-Maldun