分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2023-01-26 17:51:51 | 2023-01-26 17:54:07 | 136 秒 |
文件名 | tpbsn_流年v1.7.exe |
---|---|
文件大小 | 13807616 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | e50959cd1963da9df7c70cd1dbc8c60e |
SHA1 | b7e2354894ab57f36b1e7e61e3e7cc8319bf2b57 |
SHA256 | bb8991eb767a855dbec4c71efcf036579c4dd198a0a1fd30f8d640c24cce5b66 |
SHA512 | 0b286e4ff10960a196d69a758d129c405e017cd18289d73be78a4175f270fb9083fa07dce2040f77935ca4c51f516b54749b72c055ff2e5730f99e575e3764f1 |
CRC32 | 2BC4912E |
Ssdeep | 393216:h6WuMGKNNZrMS7FddAUddfdbBiZBT6+TcK9:KwIS5dJdbG0+Tf |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x01af9000 |
声明校验值 | 0x00000000 |
实际校验值 | 0x00d30d57 |
最低操作系统版本要求 | 5.1 |
编译时间 | 2023-01-26 15:34:55 |
载入哈希 | 61ce38e5d36d99cc2cf4a351f11b14bc |
图标 | |
图标精确哈希值 | a1f81410577ce8c61b1ce6413784894c |
图标相似性哈希值 | 316e9129c0b32720e1a76bee63be8dfe |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
lnln | 0x00001000 | 0x000db4da | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
lnln | 0x000dd000 | 0x005c547a | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
lnln | 0x006a3000 | 0x00084aeb | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
lnln | 0x00728000 | 0x0033327c | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
lnln | 0x00a5c000 | 0x00000a70 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.23 |
lnln | 0x00a5d000 | 0x00af1990 | 0x00af2000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.99 |
lnln | 0x0154f000 | 0x00001e2a | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.77 |
lnln | 0x01551000 | 0x001a7004 | 0x001a8000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.76 |
lnln | 0x016f9000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.84 |
lnln | 0x016fa000 | 0x00089720 | 0x0008a000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.81 |
lnln | 0x01784000 | 0x00001e2a | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.47 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x0178461c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.50 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294967295, next used block 4294967295 |
RT_ICON | 0x0178461c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.50 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294967295, next used block 4294967295 |
RT_ICON | 0x0178461c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.50 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294967295, next used block 4294967295 |
RT_GROUP_ICON | 0x017856ec | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x017856ec | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x017856ec | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x01785700 | 0x00000270 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.79 | data |
RT_MANIFEST | 0x01785970 | 0x000004ba | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.20 | XML 1.0 document, ASCII text, with CRLF line terminators |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49157 | 23.62.236.162 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
无域名信息.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49157 | 23.62.236.162 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 717062 |
---|---|
Mongo ID | 63d24e057e769a7a57f3e0ea |
Cuckoo release | 1.4-Maldun |