比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-09-24 17:51:03 2022-09-24 17:51:38 35 秒

魔盾分数

3.375

可疑的

文件详细信息

文件名 SBS.dll
文件大小 249856 字节
文件类型 PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 6427efe6450974b225c1ad169c72dfc5
SHA1 82065c824b4fab1dc3740609cd3a3c3f4b2663d2
SHA256 37894621c9d7c82262d3e6ed760c0647e4a087b5bb2e8afeb1d2c53974a56016
SHA512 c890968a91e16ffceac5df2623cf1defcf44be25c1508141bc13cb9f608f1fed5cae713665e9eb6ab8e1e674e0a6411de987afbb656356afdc80f98c39a89d75
CRC32 F252823B
Ssdeep 6144:lRfgIFL9dWg6Kd8yDvnCrapaWHZY38FhJSdLltAk9u:lR4yLWE/DvneaVHasFhJcLp
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0043e64a
声明校验值 0x0004c587
实际校验值 0x000493b6
最低操作系统版本要求 4.0
编译时间 2018-11-09 22:31:50
载入哈希 dae02f32a21e03ce65412f6e56942daa

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00002000 0x0003c650 0x0003c800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.16
.reloc 0x00040000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10
.rsrc 0x00042000 0x000003ec 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.25

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x00042058 0x00000392 LANG_NEUTRAL SUBLANG_NEUTRAL 3.42 data

导入

库: mscoree.dll:
0x402000 _CorDllMain

装载信息

名称 SBS
版本 4.4.68.16860

装载参考

名称 版本
mscorlib 4.0.0.0
System.Windows.Forms 4.0.0.0
System 4.0.0.0
System.Web.Services 4.0.0.0
System.Drawing 4.0.0.0
System.Xml 4.0.0.0
System.Core 4.0.0.0
System.Management 4.0.0.0
System.Web 4.0.0.0
SBZipUtil 4.4.68.16860

自定义属性

类型 名称
Assembly [mscorlib]System.Reflection.AssemblyDescriptionAttribute S
Assembly [mscorlib]System.Reflection.AssemblyCompanyAttribute Screaming B
Assembly [mscorlib]System.Reflection.AssemblyTitleAttribute S
Assembly [mscorlib]System.Reflection.AssemblyProductAttribute S
Assembly [mscorlib]System.Resources.NeutralResourcesLanguageAttribute
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute 2005-2018 \xc2\xa9 Screaming Bee Inc. All rights reserve
Assembly [mscorlib]System.Reflection.AssemblyTrademarkAttribute Screaming Bee In

类型参考

装载 类型名称
SBZipUtil A.PT
SBZipUtil A.VT
System System.CodeDom.Compiler.GeneratedCodeAttribute
System System.Collections.Specialized.NameObjectCollectionBase
System System.Collections.Specialized.NameValueCollection
System System.ComponentModel.AsyncCompletedEventArgs
System System.ComponentModel.CancelEventArgs
System System.ComponentModel.CancelEventHandler
System System.ComponentModel.ComponentResourceManager
System System.ComponentModel.Container
System System.ComponentModel.DesignerCategoryAttribute
System System.ComponentModel.EditorBrowsableAttribute
System System.ComponentModel.EditorBrowsableState
System System.ComponentModel.IContainer
System System.ComponentModel.ISupportInitialize
System System.Diagnostics.Process
System System.Diagnostics.ProcessModule
System System.Diagnostics.ProcessStartInfo
System System.IO.Compression.CompressionMode
System System.IO.Compression.DeflateStream
System System.Net.CredentialCache
System System.Net.Dns
System System.Net.EndPoint
System System.Net.ICredentials
System System.Net.IPAddress
System System.Net.IPEndPoint
System System.Net.IPHostEntry
System System.Net.IWebProxy
System System.Net.Sockets.AddressFamily
System System.Net.Sockets.ProtocolType
System System.Net.Sockets.Socket
System System.Net.Sockets.SocketFlags
System System.Net.Sockets.SocketType
System System.Net.WebHeaderCollection
System System.Net.WebRequest
System System.Net.WebResponse
System System.Uri
System.Core System.Linq.Enumerable
System.Core System.Security.Cryptography.AesCryptoServiceProvider
System.Drawing System.Drawing.Bitmap
System.Drawing System.Drawing.Color
System.Drawing System.Drawing.Icon
System.Drawing System.Drawing.Image
System.Drawing System.Drawing.SystemColors
System.Management System.Management.ConnectionOptions
System.Management System.Management.ImpersonationLevel
System.Management System.Management.ManagementBaseObject
System.Management System.Management.ManagementClass
System.Management System.Management.ManagementNamedValueCollection
System.Management System.Management.ManagementObject
System.Management System.Management.ManagementObjectCollection
System.Management System.Management.ManagementObjectCollection/ManagementObjectEnumerator
System.Management System.Management.ManagementObjectSearcher
System.Management System.Management.ManagementOptions
System.Management System.Management.ManagementPath
System.Management System.Management.ManagementScope
System.Management System.Management.ObjectGetOptions
System.Management System.Management.ObjectQuery
System.Management System.Management.PropertyData
System.Management System.Management.PropertyDataCollection
System.Web System.Web.HttpUtility
System.Web.Services System.Web.Services.Description.SoapBindingUse
System.Web.Services System.Web.Services.Protocols.HttpWebClientProtocol
System.Web.Services System.Web.Services.Protocols.InvokeCompletedEventArgs
System.Web.Services System.Web.Services.Protocols.SoapDocumentMethodAttribute
System.Web.Services System.Web.Services.Protocols.SoapHttpClientProtocol
System.Web.Services System.Web.Services.Protocols.SoapParameterStyle
System.Web.Services System.Web.Services.Protocols.WebClientProtocol
System.Web.Services System.Web.Services.WebServiceBindingAttribute
System.Windows.Forms System.Windows.Forms.Application
System.Windows.Forms System.Windows.Forms.AutoScaleMode
System.Windows.Forms System.Windows.Forms.BorderStyle
System.Windows.Forms System.Windows.Forms.Button
System.Windows.Forms System.Windows.Forms.ButtonBase
System.Windows.Forms System.Windows.Forms.CheckBox
System.Windows.Forms System.Windows.Forms.Clipboard
System.Windows.Forms System.Windows.Forms.ContainerControl
System.Windows.Forms System.Windows.Forms.Control
System.Windows.Forms System.Windows.Forms.Control/ControlCollection
System.Windows.Forms System.Windows.Forms.DialogResult
System.Windows.Forms System.Windows.Forms.FlatStyle
System.Windows.Forms System.Windows.Forms.Form
System.Windows.Forms System.Windows.Forms.FormBorderStyle
System.Windows.Forms System.Windows.Forms.GroupBox
System.Windows.Forms System.Windows.Forms.IButtonControl
System.Windows.Forms System.Windows.Forms.IWin32Window
System.Windows.Forms System.Windows.Forms.Label
System.Windows.Forms System.Windows.Forms.LinkBehavior
System.Windows.Forms System.Windows.Forms.LinkLabel
System.Windows.Forms System.Windows.Forms.LinkLabelLinkClickedEventArgs
System.Windows.Forms System.Windows.Forms.LinkLabelLinkClickedEventHandler
System.Windows.Forms System.Windows.Forms.MessageBox
System.Windows.Forms System.Windows.Forms.MessageBoxButtons
System.Windows.Forms System.Windows.Forms.MessageBoxDefaultButton
System.Windows.Forms System.Windows.Forms.MessageBoxIcon
System.Windows.Forms System.Windows.Forms.PictureBox
System.Windows.Forms System.Windows.Forms.RadioButton
System.Windows.Forms System.Windows.Forms.SizeGripStyle
System.Windows.Forms System.Windows.Forms.TextBox
System.Windows.Forms System.Windows.Forms.TextBoxBase
System.Xml System.Xml.XmlAttributeCollection
System.Xml System.Xml.XmlDocument
System.Xml System.Xml.XmlElement
System.Xml System.Xml.XmlNamedNodeMap
System.Xml System.Xml.XmlNode
System.Xml System.Xml.XmlNodeList
System.Xml System.Xml.XmlNodeType
System.Xml System.Xml.XmlReader
System.Xml System.Xml.XmlTextReader
mscorlib Microsoft.Win32.Registry
mscorlib Microsoft.Win32.RegistryKey
mscorlib Microsoft.Win32.RegistryKeyPermissionCheck
mscorlib Microsoft.Win32.RegistryValueKind
mscorlib System.AppDomain
mscorlib System.Array
mscorlib System.AsyncCallback
mscorlib System.Attribute
mscorlib System.BitConverter
mscorlib System.Boolean
mscorlib System.Byte
mscorlib System.Char
mscorlib System.Collections.ArrayList
mscorlib System.Collections.BitArray
mscorlib System.Collections.Generic.IEnumerable`1
mscorlib System.Collections.Hashtable
mscorlib System.Collections.IEnumerator
mscorlib System.Convert
mscorlib System.DateTime
mscorlib System.Delegate
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
mscorlib System.Diagnostics.DebuggerStepThroughAttribute
mscorlib System.Double
mscorlib System.Enum
mscorlib System.Environment
mscorlib System.Environment/SpecialFolder
mscorlib System.EventArgs
mscorlib System.EventHandler
mscorlib System.Exception
mscorlib System.Globalization.CultureInfo
mscorlib System.Globalization.DateTimeFormatInfo
mscorlib System.Globalization.NumberFormatInfo
mscorlib System.Globalization.NumberStyles
mscorlib System.IAsyncResult
mscorlib System.IDisposable
mscorlib System.IFormatProvider
mscorlib System.IO.Directory
mscorlib System.IO.DirectoryInfo
mscorlib System.IO.File
mscorlib System.IO.FileAccess
mscorlib System.IO.FileMode
mscorlib System.IO.FileStream
mscorlib System.IO.IsolatedStorage.IsolatedStorageFile
mscorlib System.IO.IsolatedStorage.IsolatedStorageFileStream
mscorlib System.IO.IsolatedStorage.IsolatedStorageScope
mscorlib System.IO.MemoryStream
mscorlib System.IO.Path
mscorlib System.IO.SeekOrigin
mscorlib System.IO.Stream
mscorlib System.IO.StreamReader
mscorlib System.IO.StreamWriter
mscorlib System.IO.TextReader
mscorlib System.IO.TextWriter
mscorlib System.Int32
mscorlib System.Int64
mscorlib System.IntPtr
mscorlib System.MulticastDelegate
mscorlib System.Object
mscorlib System.OperatingSystem
mscorlib System.PlatformID
mscorlib System.Reflection.Assembly
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyConfigurationAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyKeyNameAttribute
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.ResolveEventArgs
mscorlib System.ResolveEventHandler
mscorlib System.Resources.NeutralResourcesLanguageAttribute
mscorlib System.Resources.ResourceManager
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Runtime.CompilerServices.RuntimeHelpers
mscorlib System.Runtime.CompilerServices.SuppressIldasmAttribute
mscorlib System.Runtime.InteropServices.Marshal
mscorlib System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
mscorlib System.Runtime.Serialization.IFormatter
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib System.RuntimeFieldHandle
mscorlib System.RuntimeTypeHandle
mscorlib System.Security.AccessControl.RegistryRights
mscorlib System.Security.Cryptography.AsymmetricAlgorithm
mscorlib System.Security.Cryptography.CryptoStream
mscorlib System.Security.Cryptography.CryptoStreamMode
mscorlib System.Security.Cryptography.CspParameters
mscorlib System.Security.Cryptography.CspProviderFlags
mscorlib System.Security.Cryptography.DESCryptoServiceProvider
mscorlib System.Security.Cryptography.HashAlgorithm
mscorlib System.Security.Cryptography.ICryptoTransform
mscorlib System.Security.Cryptography.MD5CryptoServiceProvider
mscorlib System.Security.Cryptography.RSACryptoServiceProvider
mscorlib System.Security.Cryptography.RijndaelManaged
mscorlib System.Security.Cryptography.SHA1CryptoServiceProvider
mscorlib System.Security.Cryptography.SymmetricAlgorithm
mscorlib System.Security.Cryptography.X509Certificates.X509Certificate
mscorlib System.Security.HostProtectionException
mscorlib System.String
mscorlib System.StringComparison
mscorlib System.Text.Encoding
mscorlib System.Text.StringBuilder
mscorlib System.Text.UTF8Encoding
mscorlib System.Text.UnicodeEncoding
mscorlib System.Threading.Interlocked
mscorlib System.Threading.Monitor
mscorlib System.Threading.SendOrPostCallback
mscorlib System.Threading.Thread
mscorlib System.TimeSpan
mscorlib System.Type
mscorlib System.UInt16
mscorlib System.UInt32
mscorlib System.UInt64
mscorlib System.ValueType
mscorlib System.Version
mscorlib System.Void
.text
`.reloc
B.rsrc
%&XT*
%&XT*
%&XT*
%&&8}
<ZYl#
%& ?
%& h
<ZYl#
%&&(P
%&&% B<
%&Q% \<
%&Q q<
没有防病毒引擎扫描信息!

进程树

rundll32.exe, PID: 2596, 上一级进程 PID: 2204
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.192.228.78 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.192.228.78 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 18.376 seconds )

  • 13.802 Suricata
  • 1.102 Static
  • 1.064 VirusTotal
  • 0.961 NetworkAnalysis
  • 0.575 static_dotnet
  • 0.366 peid
  • 0.329 TargetInfo
  • 0.14 BehaviorAnalysis
  • 0.02 AnalysisInfo
  • 0.013 Strings
  • 0.004 Memory

Signatures ( 1.733 seconds )

  • 1.602 md_url_bl
  • 0.021 antiav_detectreg
  • 0.01 md_domain_bl
  • 0.009 infostealer_ftp
  • 0.006 anomaly_persistence_autorun
  • 0.006 antiav_detectfile
  • 0.005 api_spamming
  • 0.005 antianalysis_detectreg
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_im
  • 0.004 stealth_decoy_document
  • 0.004 stealth_timeout
  • 0.004 infostealer_bitcoin
  • 0.004 network_http
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antivm_vbox_files
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.002 md_bad_drop
  • 0.001 antiemu_wine_func
  • 0.001 mimics_filetime
  • 0.001 betabot_behavior
  • 0.001 reads_self
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 infostealer_browser_password
  • 0.001 cerber_behavior
  • 0.001 kovter_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.513 seconds )

  • 0.512 ReportHTMLSummary
  • 0.001 Malheur
Task ID 710621
Mongo ID 632ed3457e769a059de15a24
Cuckoo release 1.4-Maldun