比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-09-24 20:18:11 2022-09-24 20:20:31 140 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 sun java version 5.0.exe
文件大小 16433280 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a3c725416dda678a967032db070f0718
SHA1 67164f87b50a6e75cff9b941f18cd662317db436
SHA256 b60ee5985c7b0c72ff752dfbca2ada0debcb7ee88f72ce16b6cc78cc7e67b879
SHA512 be386dc8844995f19c359c29ba490446db418c9f6e037c78f0b39e2856e51a811f177198ea9276668b6513fc9566b8ff69e684d093f207bd28bbbd73e5171da4
CRC32 CE6CE4AB
Ssdeep 393216:uuMkqE5u+rkip/YWDYiSqCuPD4l6Qfg7QQdAr4rh:NMkPJrpYXiSpuPD4ledlt
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004189fc
声明校验值 0x00fb1d5e
实际校验值 0x00fb1d5e
最低操作系统版本要求 4.0
编译时间 2004-02-05 00:43:10
载入哈希 73e98760f4aa967c6600848826ef44b1
图标
图标精确哈希值 fcbcfdcf647e677fa8cf852162062ab0
图标相似性哈希值 8724951dc1936ac7d8b2e508a33cb6bc

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Sat Aug 27 09:51:56 2005
证书链 Certificate Chain 1
发行给 Class 3 Public Primary Certification Authority
发行人 Class 3 Public Primary Certification Authority
有效期 Wed Aug 02 075959 2028
SHA1 哈希 742c3192e607e424eb4549542be1bbc53e6174e2
证书链 Certificate Chain 2
发行给 VeriSign Class 3 Code Signing 2004 CA
发行人 Class 3 Public Primary Certification Authority
有效期 Thu Jul 16 075959 2009
SHA1 哈希 826b2d0ff5d618969f5f473e0f209a4794016450
证书链 Certificate Chain 3
发行给 Sun Microsystems, Inc.
发行人 VeriSign Class 3 Code Signing 2004 CA
有效期 Sat Jul 15 075959 2006
SHA1 哈希 64485b7bca9fee1ed987ed01cd516679521582bb
证书链 Timestamp Chain 1
发行给 Thawte Timestamping CA
发行人 Thawte Timestamping CA
有效期 Fri Jan 01 075959 2021
SHA1 哈希 be36a4562fb2ee05dbb3d32323adf445084ed656
证书链 Timestamp Chain 2
发行给 VeriSign Time Stamping Services CA
发行人 Thawte Timestamping CA
有效期 Wed Dec 04 075959 2013
SHA1 哈希 f46ac0c6efbb8c6a14f55f09e2d37df4c0de012d
证书链 Timestamp Chain 3
发行给 VeriSign Time Stamping Services Signer
发行人 VeriSign Time Stamping Services CA
有效期 Thu Dec 04 075959 2008
SHA1 哈希 817e78267300cb0fe5d631357851db366123a690

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0002132e 0x00022000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.49
.rdata 0x00023000 0x00003de8 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.19
.data 0x00027000 0x00009218 0x00005000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.12
.rsrc 0x00031000 0x0000a2e0 0x0000b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.24

覆盖

偏移量 0x00037000
大小 0x00f75080

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
GIF 0x00033640 0x00007aea LANG_ENGLISH SUBLANG_ENGLISH_US 7.97 GIF image data, version 89a, 219 x 373
RT_CURSOR 0x000334f0 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 Hitachi SH big-endian COFF object, not stripped
RT_ICON 0x00032628 0x000008a8 LANG_ENGLISH SUBLANG_ENGLISH_US 6.76 data
RT_ICON 0x00032628 0x000008a8 LANG_ENGLISH SUBLANG_ENGLISH_US 6.76 data
RT_ICON 0x00032628 0x000008a8 LANG_ENGLISH SUBLANG_ENGLISH_US 6.76 data
RT_ICON 0x00032628 0x000008a8 LANG_ENGLISH SUBLANG_ENGLISH_US 6.76 data
RT_DIALOG 0x00033110 0x000000f2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.31 data
RT_DIALOG 0x00033110 0x000000f2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.31 data
RT_DIALOG 0x00033110 0x000000f2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.31 data
RT_DIALOG 0x00033110 0x000000f2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.31 data
RT_DIALOG 0x00033110 0x000000f2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.31 data
RT_STRING 0x0003b210 0x000000cc LANG_ENGLISH SUBLANG_ENGLISH_US 2.77 data
RT_STRING 0x0003b210 0x000000cc LANG_ENGLISH SUBLANG_ENGLISH_US 2.77 data
RT_STRING 0x0003b210 0x000000cc LANG_ENGLISH SUBLANG_ENGLISH_US 2.77 data
RT_GROUP_CURSOR 0x00033628 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.02 MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00032ed0 0x0000003e LANG_ENGLISH SUBLANG_ENGLISH_US 2.65 MS Windows icon resource - 4 icons, 16x16, 16 colors
RT_VERSION 0x00031710 0x000005a0 LANG_ENGLISH SUBLANG_ENGLISH_US 2.87 data
RT_MANIFEST 0x00031470 0x0000029a LANG_NEUTRAL SUBLANG_NEUTRAL 4.88 XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: VERSION.dll:
0x4233fc VerLanguageNameA
0x423400 GetFileVersionInfoA
0x423408 VerQueryValueA
库: SHELL32.dll:
0x4232dc SHBrowseForFolderA
0x4232e0 SHGetMalloc
库: COMCTL32.dll:
0x42304c None
库: KERNEL32.dll:
0x4230a4 WideCharToMultiByte
0x4230a8 DeleteFileA
0x4230ac lstrlenW
0x4230b0 WriteFile
0x4230c0 CreateEventA
0x4230c4 Sleep
0x4230c8 lstrcatA
0x4230cc CompareStringA
0x4230d0 CompareStringW
0x4230d4 GetVersionExA
0x4230d8 SetFilePointer
0x4230dc SetFileAttributesA
0x4230e0 SetFileTime
0x4230ec FreeLibrary
0x4230f0 GetProcAddress
0x4230f4 LoadLibraryA
0x4230f8 LockResource
0x4230fc LoadResource
0x423100 SizeofResource
0x423104 FindResourceA
0x423108 CreateProcessA
0x423110 GlobalHandle
0x42311c WaitForSingleObject
0x423120 GetSystemInfo
0x423124 GetModuleFileNameA
0x423128 IsValidCodePage
0x42312c GetVersion
0x423130 FlushFileBuffers
0x423134 LocalFree
0x423138 FormatMessageA
0x42313c GetDiskFreeSpaceA
0x423140 _lclose
0x423144 OpenFile
0x423148 GetDriveTypeA
0x42314c lstrcpynA
0x423150 CreateDirectoryA
0x423154 GetFileAttributesA
0x423158 RemoveDirectoryA
0x42315c GetExitCodeProcess
0x423160 GetCurrentProcess
0x423164 GetCurrentThread
0x423168 GetLocaleInfoA
0x42316c CreateFileA
0x423178 GetOEMCP
0x42317c GetACP
0x423180 GetCPInfo
0x423188 GetLastError
0x42318c VirtualAlloc
0x423190 VirtualFree
0x423194 HeapCreate
0x423198 HeapDestroy
0x4231a8 TlsGetValue
0x4231ac TlsAlloc
0x4231b0 TlsSetValue
0x4231b4 GetCurrentThreadId
0x4231b8 HeapSize
0x4231bc HeapReAlloc
0x4231c8 GetCommandLineA
0x4231cc GetStartupInfoA
0x4231d0 GetModuleHandleA
0x4231d4 TerminateProcess
0x4231d8 ExitProcess
0x4231dc RaiseException
0x4231e0 HeapFree
0x4231e4 HeapAlloc
0x4231e8 RtlUnwind
0x4231f4 ResetEvent
0x4231f8 SetEvent
0x4231fc SearchPathA
0x423200 FindFirstFileA
0x423204 GetFileType
0x423208 VirtualProtect
0x42320c VirtualQuery
0x423210 FindClose
0x423214 GetStringTypeA
0x423218 GetStringTypeW
0x42321c IsBadReadPtr
0x423220 IsBadCodePtr
0x423224 LCMapStringA
0x423228 LCMapStringW
0x42322c SetStdHandle
0x423230 GetFileSize
0x423234 GlobalAlloc
0x423238 CloseHandle
0x42323c GlobalLock
0x423240 ReadFile
0x423244 GlobalUnlock
0x423248 GlobalFree
0x42324c SetLastError
0x423250 CopyFileA
0x423260 MultiByteToWideChar
0x423264 CreateThread
0x423268 GetExitCodeThread
0x42326c GetTickCount
0x423270 lstrcmpiA
0x423274 lstrcmpA
0x423280 GetTempPathA
0x423284 SetErrorMode
0x42328c GetTempFileNameA
0x423294 lstrcpyA
0x42329c CreateFileMappingA
0x4232a0 MapViewOfFile
0x4232a4 UnmapViewOfFile
0x4232a8 IsBadWritePtr
0x4232ac lstrlenA
0x4232b0 SetHandleCount
0x4232b4 GetStdHandle
库: USER32.dll:
0x4232f0 GetWindowTextA
0x4232f4 MoveWindow
0x4232f8 GetWindowPlacement
0x4232fc DrawIcon
0x423300 DestroyIcon
0x423304 GetDlgCtrlID
0x423308 SetWindowTextA
0x42330c FillRect
0x423310 GetSysColor
0x423314 GetSysColorBrush
0x423318 IsDialogMessageA
0x42331c GetParent
0x423320 EnableWindow
0x423324 GetDlgItemTextA
0x423328 SetCursor
0x42332c UpdateWindow
0x423330 GetClassInfoA
0x423334 wvsprintfA
0x423338 LoadStringA
0x42333c SendMessageA
0x423340 GetWindowRect
0x423344 GetSystemMetrics
0x423348 FindWindowA
0x42334c IntersectRect
0x423350 SubtractRect
0x423354 CharPrevA
0x423358 DestroyWindow
0x42335c CreateDialogParamA
0x423360 CharNextA
0x423364 MessageBoxA
0x423368 WaitForInputIdle
0x42336c GetWindowLongA
0x423370 BeginPaint
0x423374 EndPaint
0x423378 SetWindowLongA
0x42337c GetClientRect
0x423380 ClientToScreen
0x423384 SetWindowPos
0x423388 GetWindowDC
0x42338c EndDialog
0x423390 GetDlgItem
0x423394 ShowWindow
0x423398 DialogBoxParamA
0x42339c GetDesktopWindow
0x4233a0 wsprintfA
0x4233a8 PeekMessageA
0x4233ac DefWindowProcA
0x4233b0 PostMessageA
0x4233b4 KillTimer
0x4233b8 PostQuitMessage
0x4233bc SetTimer
0x4233c0 LoadIconA
0x4233c4 LoadCursorA
0x4233c8 RegisterClassA
0x4233cc CreateWindowExA
0x4233d0 GetMessageA
0x4233d4 TranslateMessage
0x4233d8 DispatchMessageA
0x4233dc GetDC
0x4233e0 ReleaseDC
0x4233e4 ExitWindowsEx
0x4233e8 SendDlgItemMessageA
0x4233ec IsWindow
0x4233f0 CharLowerBuffA
0x4233f4 SetRect
库: GDI32.dll:
0x423054 SetBkMode
0x423058 SetTextColor
0x42305c GetObjectA
0x423060 CreateFontIndirectA
0x423064 CreateSolidBrush
0x423068 CreateCompatibleDC
0x42306c SelectObject
0x423070 BitBlt
0x423074 GetTextExtentPointA
0x423078 DeleteObject
0x42307c GetStockObject
0x423084 CreatePalette
0x423088 GetDeviceCaps
0x42308c SelectPalette
0x423090 RealizePalette
0x423094 CreateDIBitmap
0x423098 DeleteDC
库: ADVAPI32.dll:
0x423000 RegQueryValueA
0x423004 RegOpenKeyA
0x423008 RegDeleteValueA
0x42300c RegOpenKeyExA
0x423010 RegQueryValueExA
0x423014 RegCloseKey
0x423018 RegCreateKeyExA
0x42301c RegEnumValueA
0x423020 RegDeleteKeyA
0x42302c OpenProcessToken
0x423030 FreeSid
0x423034 EqualSid
0x42303c GetTokenInformation
0x423040 OpenThreadToken
0x423044 RegSetValueExA
库: ole32.dll:
0x423410 CoTaskMemFree
0x423414 CoCreateGuid
0x423418 CreateItemMoniker
0x42341c StringFromCLSID
0x423420 StgIsStorageFile
0x423424 StgOpenStorage
0x423428 CoCreateInstance
0x42342c CoUninitialize
0x423430 CoInitialize
库: OLEAUT32.dll:
0x4232bc VariantChangeType
0x4232c0 SysAllocString
0x4232c4 SysAllocStringLen
0x4232c8 SysStringLen
0x4232cc SysReAllocStringLen
0x4232d0 SysFreeString
0x4232d4 VariantClear
.text
`.rdata
@.data
.rsrc
t%SWVVVVVVh
Flj2j
SSSSh0u
SSSSh0u
PhxrB
SPhHtB
jdWh<tB
LYu,j
1t#Hj
PhHtB
SShxuB
SShpuB
SShhuB
wt#hXuB
SShPuB
tUSh\vB
tFHt9-
Ph0yB
Ph(yB
VVWhxxB
VVWhlxB
t=VVWhPxB
Wh,xB
PShTyB
Hu-h uB
?hX{B
8hT{B
PhL{B
PhD{B
Sh`uB
Ph`uB
QPh(|B
Phl|B
PShTyB
PShL}B
Sh@}B
Whl|B
u<hX}B
Ph0yB
F \6B
F H6B
F H6B
;5X6B
95X6B
F \6B
F \6B
F \6B
F \6B
F H6B
tHf=#
F \6B
F H6B
A H6B
F \6B
F \6B
A H6B
j$VPj
Ph(qB
j$SPj
j0SPj
PVVhX~B
+Ft=0u
SVWUj
YYF;5
没有防病毒引擎扫描信息!

进程树

sun java version 5.0.exe, PID: 2696, 上一级进程 PID: 2344
msiexec.exe, PID: 2864, 上一级进程 PID: 2696
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 23.223.199.151 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 23.223.199.151 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 27.943 seconds )

  • 12.744 Suricata
  • 7.702 Static
  • 3.69 TargetInfo
  • 1.189 VirusTotal
  • 1.162 NetworkAnalysis
  • 1.046 BehaviorAnalysis
  • 0.348 peid
  • 0.033 config_decoder
  • 0.014 Strings
  • 0.011 AnalysisInfo
  • 0.004 Memory

Signatures ( 2.228 seconds )

  • 1.603 md_url_bl
  • 0.065 antiav_detectreg
  • 0.055 api_spamming
  • 0.043 stealth_timeout
  • 0.041 stealth_decoy_document
  • 0.027 infostealer_ftp
  • 0.02 mimics_filetime
  • 0.019 antiav_detectfile
  • 0.017 infostealer_browser
  • 0.017 virus
  • 0.016 infostealer_im
  • 0.015 bootkit
  • 0.015 antivm_generic_disk
  • 0.014 stealth_file
  • 0.013 antianalysis_detectreg
  • 0.013 infostealer_bitcoin
  • 0.011 md_domain_bl
  • 0.01 antivm_generic_scsi
  • 0.009 antivm_generic_services
  • 0.009 infostealer_mail
  • 0.008 infostealer_browser_password
  • 0.008 antivm_vbox_files
  • 0.008 geodo_banking_trojan
  • 0.007 ipc_namedpipe
  • 0.007 anormaly_invoke_kills
  • 0.007 hancitor_behavior
  • 0.006 anomaly_persistence_autorun
  • 0.006 ransomware_extensions
  • 0.006 ransomware_files
  • 0.005 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.005 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.005 maldun_anomaly_massive_file_ops
  • 0.005 shifu_behavior
  • 0.004 ransomware_message
  • 0.004 sets_autoconfig_url
  • 0.004 betabot_behavior
  • 0.004 kibex_behavior
  • 0.004 kovter_behavior
  • 0.004 securityxploded_modules
  • 0.004 network_http
  • 0.003 antiemu_wine_func
  • 0.003 antidbg_windows
  • 0.003 antidbg_devices
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_xen_keys
  • 0.003 disables_browser_warn
  • 0.002 tinba_behavior
  • 0.002 hawkeye_behavior
  • 0.002 network_tor
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 disables_spdy
  • 0.002 injection_createremotethread
  • 0.002 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.002 disables_wfp
  • 0.002 antivm_generic_diskreg
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 darkcomet_regkeys
  • 0.002 rat_pcclient
  • 0.001 maldun_anomaly_terminated_process
  • 0.001 antiav_avast_libs
  • 0.001 office_dl_write_exe
  • 0.001 office_write_exe
  • 0.001 dridex_behavior
  • 0.001 rat_luminosity
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 bypass_firewall
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_files
  • 0.001 antivm_vpc_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 disables_system_restore
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.601 seconds )

  • 0.594 ReportHTMLSummary
  • 0.007 Malheur
Task ID 710637
Mongo ID 632ef6367e769a059ee15ab8
Cuckoo release 1.4-Maldun