分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2023-01-26 17:51:51 | 2023-01-26 17:54:07 | 136 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | tpbsn_流年v1.7.exe |
|---|---|
| 文件大小 | 13807616 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | e50959cd1963da9df7c70cd1dbc8c60e |
| SHA1 | b7e2354894ab57f36b1e7e61e3e7cc8319bf2b57 |
| SHA256 | bb8991eb767a855dbec4c71efcf036579c4dd198a0a1fd30f8d640c24cce5b66 |
| SHA512 | 0b286e4ff10960a196d69a758d129c405e017cd18289d73be78a4175f270fb9083fa07dce2040f77935ca4c51f516b54749b72c055ff2e5730f99e575e3764f1 |
| CRC32 | 2BC4912E |
| Ssdeep | 393216:h6WuMGKNNZrMS7FddAUddfdbBiZBT6+TcK9:KwIS5dJdbG0+Tf |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x01af9000 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00d30d57 |
| 最低操作系统版本要求 | 5.1 |
| 编译时间 | 2023-01-26 15:34:55 |
| 载入哈希 | 61ce38e5d36d99cc2cf4a351f11b14bc |
| 图标 |  |
| 图标精确哈希值 | a1f81410577ce8c61b1ce6413784894c |
| 图标相似性哈希值 | 316e9129c0b32720e1a76bee63be8dfe |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| lnln | 0x00001000 | 0x000db4da | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| lnln | 0x000dd000 | 0x005c547a | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
| lnln | 0x006a3000 | 0x00084aeb | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| lnln | 0x00728000 | 0x0033327c | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| lnln | 0x00a5c000 | 0x00000a70 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.23 |
| lnln | 0x00a5d000 | 0x00af1990 | 0x00af2000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.99 |
| lnln | 0x0154f000 | 0x00001e2a | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.77 |
| lnln | 0x01551000 | 0x001a7004 | 0x001a8000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.76 |
| lnln | 0x016f9000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.84 |
| lnln | 0x016fa000 | 0x00089720 | 0x0008a000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.81 |
| lnln | 0x01784000 | 0x00001e2a | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.47 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x0178461c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.50 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294967295, next used block 4294967295 |
| RT_ICON | 0x0178461c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.50 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294967295, next used block 4294967295 |
| RT_ICON | 0x0178461c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.50 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4294967295, next used block 4294967295 |
| RT_GROUP_ICON | 0x017856ec | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x017856ec | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x017856ec | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x01785700 | 0x00000270 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.79 | data |
| RT_MANIFEST | 0x01785970 | 0x000004ba | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.20 | XML 1.0 document, ASCII text, with CRLF line terminators |
导入
库: WINMM.dll:
• 0xe5c000 midiStreamOut
库: WS2_32.dll:
• 0xe5c008 WSAAsyncSelect
库: RASAPI32.dll:
• 0xe5c010 RasHangUpA
库: USER32.dll:
• 0xe5c024 GetMessagePos
库: GDI32.dll:
• 0xe5c02c ExtSelectClipRgn
库: WINSPOOL.DRV:
• 0xe5c034 OpenPrinterA
库: ADVAPI32.dll:
• 0xe5c03c RegQueryValueExA
库: SHELL32.dll:
• 0xe5c044 SHGetSpecialFolderPathA
库: ole32.dll:
• 0xe5c04c CLSIDFromString
库: OLEAUT32.dll:
• 0xe5c054 LoadTypeLib
库: COMCTL32.dll:
• 0xe5c05c None
库: WININET.dll:
• 0xe5c064 InternetCloseHandle
库: comdlg32.dll:
• 0xe5c06c ChooseColorA
库: KERNEL32.dll:
• 0xe5c074 GetSystemTimeAsFileTime
库: USER32.dll:
• 0xe5c07c CharUpperBuffW
库: KERNEL32.dll:
• 0xe5c084 LocalAlloc
• 0xe5c088 LocalFree
• 0xe5c08c GetModuleFileNameW
• 0xe5c090 ExitProcess
• 0xe5c094 LoadLibraryA
• 0xe5c098 GetModuleHandleA
• 0xe5c09c GetProcAddress
`lnln
@lnln
`lnln
@lnln
`lnln
`lnln
GetProcAddress
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49157 | 23.62.236.162 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49157 | 23.62.236.162 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 36.782 seconds )
- 11.252 Suricata
- 10.394 BehaviorAnalysis
- 7.864 Static
- 2.789 TargetInfo
- 2.264 VirusTotal
- 1.753 NetworkAnalysis
- 0.391 peid
- 0.047 config_decoder
- 0.015 AnalysisInfo
- 0.011 Strings
- 0.002 Memory
Signatures ( 7.839 seconds )
- 1.4 md_url_bl
- 0.81 antiav_detectfile
- 0.564 infostealer_bitcoin
- 0.469 api_spamming
- 0.391 stealth_decoy_document
- 0.385 stealth_timeout
- 0.32 antivm_vbox_files
- 0.317 ransomware_extensions
- 0.291 infostealer_ftp
- 0.221 infostealer_im
- 0.171 ransomware_files
- 0.15 antidbg_devices
- 0.132 infostealer_mail
- 0.119 rat_pcclient
- 0.11 network_tor
- 0.107 maldun_malicious_drop_executable_file_to_temp_folder
- 0.099 ransomware_file_modifications
- 0.088 mimics_filetime
- 0.083 codelux_behavior
- 0.082 stealth_file
- 0.082 reads_self
- 0.079 virus
- 0.071 kazybot_behavior
- 0.071 antivm_generic_disk
- 0.067 hancitor_behavior
- 0.066 injection_createremotethread
- 0.065 betabot_behavior
- 0.063 process_interest
- 0.06 bootkit
- 0.06 antivm_vmware_files
- 0.056 kibex_behavior
- 0.045 hawkeye_behavior
- 0.045 sniffer_winpcap
- 0.043 vawtrak_behavior
- 0.042 injection_runpe
- 0.04 antisandbox_sleep
- 0.034 geodo_banking_trojan
- 0.034 malicous_targeted_flame
- 0.031 antivm_vpc_files
- 0.031 banker_cridex
- 0.03 rat_nanocore
- 0.03 antianalysis_detectfile
- 0.03 network_tor_service
- 0.028 process_needed
- 0.027 anomaly_persistence_autorun
- 0.021 shifu_behavior
- 0.02 antiav_detectreg
- 0.019 tinba_behavior
- 0.019 antisandbox_sunbelt_files
- 0.016 spreading_autoruninf
- 0.016 bitcoin_opencl
- 0.015 stealth_web_history
- 0.013 antisandbox_fortinet_files
- 0.013 antisandbox_threattrack_files
- 0.012 antivm_vbox_devices
- 0.011 md_domain_bl
- 0.01 antidbg_windows
- 0.008 kovter_behavior
- 0.008 anomaly_persistence_ads
- 0.008 antisandbox_cuckoo_files
- 0.008 antisandbox_joe_anubis_files
- 0.007 removes_zoneid_ads
- 0.007 antiemu_wine_func
- 0.006 infostealer_browser_password
- 0.005 upatre_behavior
- 0.005 cerber_behavior
- 0.005 modifies_hostfile
- 0.005 ransomware_radamant
- 0.004 antianalysis_detectreg
- 0.004 antivm_vmware_devices
- 0.003 antivm_vbox_libs
- 0.003 deletes_self
- 0.003 network_http
- 0.002 antivm_vbox_window
- 0.002 exec_crash
- 0.002 disables_browser_warn
- 0.001 antiav_avast_libs
- 0.001 antivm_vmware_libs
- 0.001 injection_explorer
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 ransomeware_modifies_desktop_wallpaper
- 0.001 antivm_generic_scsi
- 0.001 antisandbox_script_timer
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 disables_windows_defender
- 0.001 md_bad_drop
- 0.001 network_cnc_http
- 0.001 ransomware_recyclebin
Reporting ( 0.824 seconds )
- 0.629 ReportHTMLSummary
- 0.195 Malheur
| Task ID | 717062 |
|---|---|
| Mongo ID | 63d24e057e769a7a57f3e0ea |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号