分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2023-01-27 00:52:01 2023-01-27 00:52:47 46 秒

魔盾分数

2.825

可疑的

文件详细信息

文件名 SogouComMgr.exe
文件大小 1580696 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a332b5b017a9cc154b430329cad0aabd
SHA1 987f58f7c54ec12ebe78941cb74b69b8d592ca8f
SHA256 17b533c1a29dc1f4a8e2d6f3a7156c46289b2b325caf39c81dfb93ea3e5c9d64
SHA512 1bc17bc7aef447c073111345923257259e2310cbe2f8ee43fb3592db211125ec4d41948d28bb459f6000c22ef61b5581211b5ded44a3a37181bff47434259a6a
CRC32 AB671F1B
Ssdeep 24576:Kx2yoD5Qi9TvbWzvdLLwXIelZnwmqvqTFoUI2N1ZSpTFPl/0B1j0f:RyEDkR89n5pTFoUsTF9/U1j0f
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004a8bc3
声明校验值 0x0018a1ee
实际校验值 0x0018a1ee
最低操作系统版本要求 6.0
PDB路径 E:\data\landun\workspace\p-8e18b00276fd470e835a1e79d9eeecd4\src\bin\sogoupdb\sogouinput\SogouComMgr.pdb
编译时间 2023-01-16 22:16:19
载入哈希 233d466bc5c784385e6e4b1957d22ce9

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Mon Jan 16 22:33:47 2023
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert SHA2 Assured ID Code Signing CA
发行人 DigiCert Assured ID Root CA
有效期 Sun Oct 22 200000 2028
SHA1 哈希 92c1588e85af2201ce7915e8538b492f605b80c6
证书链 Certificate Chain 3
发行给 Beijing Sogou Technology Development Co., Ltd.
发行人 DigiCert SHA2 Assured ID Code Signing CA
有效期 Thu Aug 22 075959 2024
SHA1 哈希 652b97b5eb244e074fdf9d640a52e94447ed42f1
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert Trusted Root G4
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 075959 2031
SHA1 哈希 a99d5b79e9f1cda59cdab6373169d5353f5874c6
证书链 Timestamp Chain 3
发行给 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
发行人 DigiCert Trusted Root G4
有效期 Mon Mar 23 075959 2037
SHA1 哈希 b6c8af834d4e53b673c76872aa8c950c7c54df5f
证书链 Timestamp Chain 4
发行给 DigiCert Timestamp 2022 - 2
发行人 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
有效期 Tue Nov 22 075959 2033
SHA1 哈希 f387224d8633829235a994bcbd8f96e9fe1c7c73

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000fe0cf 0x000fe200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.56
.rdata 0x00100000 0x0004289c 0x00042a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.29
.data 0x00143000 0x0001c618 0x00006e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.62
.rsrc 0x00160000 0x00029170 0x00029200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.49
.reloc 0x0018a000 0x0000e994 0x0000ea00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.68

导入

库: WININET.dll:
0x5004f8 InternetCloseHandle
0x5004fc HttpQueryInfoW
0x500500 InternetOpenW
0x500504 InternetSetOptionW
0x500508 InternetReadFile
0x500510 InternetConnectA
0x500514 HttpSendRequestExW
0x500518 HttpEndRequestW
0x50051c InternetCrackUrlA
0x500520 InternetWriteFile
0x500524 HttpOpenRequestA
0x500528 InternetOpenUrlW
库: KERNEL32.dll:
0x5000e0 ReleaseSemaphore
0x5000e8 GetExitCodeProcess
0x5000ec GetTickCount
0x5000f0 DebugBreak
0x5000f4 GetCurrentProcessId
0x5000fc DecodePointer
0x500100 RaiseException
0x500104 CloseHandle
0x50010c Sleep
0x500110 WaitForSingleObject
0x500118 GetModuleFileNameW
0x50011c FindNextFileW
0x500120 FindFirstFileW
0x500128 TerminateThread
0x50012c GlobalFree
0x500130 GlobalAlloc
0x500134 WideCharToMultiByte
0x500138 MultiByteToWideChar
0x50013c CreateSemaphoreW
0x500140 FindClose
0x500144 GetTempPathW
0x500148 DeleteFileW
0x50014c UnmapViewOfFile
0x500150 GetTempFileNameW
0x500154 MoveFileW
0x500158 ReadFile
0x50015c HeapFree
0x500160 WriteFile
0x500164 SetFilePointer
0x500168 SetEndOfFile
0x50016c GetProcessHeap
0x500170 GetFileSize
0x500174 HeapAlloc
0x500178 SetFileAttributesW
0x50017c GetLastError
0x500180 CreateTimerQueue
0x500184 UnregisterWaitEx
0x500188 CreateFileW
0x50018c QueryDepthSList
0x500194 VirtualProtect
0x500198 GetModuleHandleA
0x50019c GetThreadTimes
0x5001a0 UnregisterWait
0x5001c4 GetThreadPriority
0x5001c8 SetThreadPriority
0x5001cc SwitchToThread
0x5001d0 SignalObjectAndWait
0x5001d4 WriteConsoleW
0x5001d8 HeapSize
0x5001e8 GetCommandLineA
0x5001ec FindFirstFileExW
0x5001f4 GetOEMCP
0x5001f8 IsValidCodePage
0x5001fc SetStdHandle
0x500200 ReadConsoleW
0x500204 SetFilePointerEx
0x500208 GetConsoleMode
0x50020c GetConsoleCP
0x500210 HeapReAlloc
0x500214 GetACP
0x500218 GetStdHandle
0x50021c ExitProcess
0x500220 GetFileAttributesW
0x500224 OutputDebugStringW
0x50022c GlobalLock
0x500234 GlobalUnlock
0x500238 GetVersionExW
0x50023c GlobalHandle
0x500240 GetCommandLineW
0x500248 TlsSetValue
0x50024c TlsGetValue
0x500250 TlsAlloc
0x500254 TlsFree
0x500258 GetProcAddress
0x50025c FreeLibrary
0x500260 SetLastError
0x500264 GetCurrentProcess
0x500268 GetCurrentThreadId
0x50026c DuplicateHandle
0x500270 ExitThread
0x500274 CreateEventW
0x500278 FormatMessageW
0x50027c CreateThread
0x500280 LocalFree
0x500284 GetSystemDirectoryW
0x500288 LoadLibraryW
0x50028c GetModuleHandleW
0x500290 OpenMutexW
0x500294 LoadLibraryExW
0x500298 RemoveDirectoryW
0x5002a0 MoveFileExW
0x5002a4 CreateDirectoryW
0x5002a8 GetProcessId
0x5002ac CreateProcessW
0x5002b0 CopyFileW
0x5002b4 GetFileTime
0x5002b8 OpenFileMappingW
0x5002bc CreateFileMappingW
0x5002c0 MapViewOfFile
0x5002c4 OpenEventW
0x5002c8 lstrlenW
0x5002cc lstrlenA
0x5002d0 LocalAlloc
0x5002d4 lstrcpyW
0x5002d8 CreateMutexW
0x5002dc ReleaseMutex
0x5002e0 FlushFileBuffers
0x5002e4 VirtualFree
0x5002e8 VirtualAlloc
0x5002ec SetEvent
0x5002f0 TerminateProcess
0x5002f4 lstrcatW
0x5002f8 GetLocalTime
0x5002fc VirtualQuery
0x500300 IsDebuggerPresent
0x500310 TransactNamedPipe
0x50031c WaitNamedPipeW
0x500320 ResetEvent
0x50032c GetStartupInfoW
0x500334 InitializeSListHead
0x50033c EncodePointer
0x500340 CompareStringW
0x500344 LCMapStringW
0x500348 GetStringTypeW
0x50034c GetCPInfo
0x500350 RtlUnwind
0x50035c ResumeThread
0x500364 GetModuleHandleExW
0x50036c GetFileType
0x500370 GetCurrentThread
0x500374 GetFullPathNameW
0x500378 GetDriveTypeW
库: USER32.dll:
0x5003c8 SendMessageW
0x5003cc MessageBoxW
0x5003d0 IsWindowVisible
0x5003d4 GetMessageW
0x5003d8 DestroyWindow
0x5003dc MoveWindow
0x5003e0 GetWindowRect
0x5003e4 LoadCursorW
0x5003e8 RegisterClassExW
0x5003ec CreateWindowExW
0x5003f0 DefWindowProcW
0x5003f4 EnableWindow
0x5003f8 GetCursorPos
0x500400 PostQuitMessage
0x500404 IsWindow
0x500408 DispatchMessageW
0x50040c TranslateMessage
0x500410 LoadIconW
0x500414 ScreenToClient
0x500418 FindWindowW
0x500420 SetWindowPos
0x500424 wsprintfW
0x500428 EndPaint
0x50042c BeginPaint
0x500430 ReleaseDC
0x500434 IsIconic
0x500438 SetForegroundWindow
0x50043c GetParent
0x500440 KillTimer
0x500444 AppendMenuW
0x500448 SetCursor
0x50044c SetCapture
0x500450 SetPropW
0x500454 DestroyMenu
0x500458 IsWindowEnabled
0x50045c TrackMouseEvent
0x500460 SetMenuItemInfoW
0x500464 ClientToScreen
0x500468 TrackPopupMenu
0x50046c GetWindowPlacement
0x500470 NotifyWinEvent
0x500474 CreatePopupMenu
0x500478 GetSystemMetrics
0x50047c GetPropW
0x500480 GetDC
0x500484 InsertMenuItemW
0x500488 CallWindowProcW
0x50048c GetKeyState
0x500490 PtInRect
0x500494 GetDesktopWindow
0x500498 DrawTextW
0x50049c UpdateLayeredWindow
0x5004a0 GetFocus
0x5004a4 IntersectRect
0x5004a8 GetMonitorInfoW
0x5004ac MonitorFromPoint
0x5004b0 SubtractRect
0x5004b4 SetRectEmpty
0x5004b8 CharNextW
0x5004bc wvsprintfW
0x5004c0 LoadStringW
0x5004c4 GetWindowTextW
0x5004c8 GetWindowLongW
0x5004cc PostMessageW
0x5004d0 SetWindowLongW
0x5004d4 GetClientRect
0x5004d8 SetTimer
0x5004dc ShowWindow
0x5004e0 ReleaseCapture
库: ADVAPI32.dll:
0x500004 CryptDecrypt
0x500008 CryptSetKeyParam
0x50000c CryptDestroyKey
0x500010 CryptEncrypt
0x500014 CryptImportKey
0x500018 CryptReleaseContext
0x50001c RegDeleteValueW
0x500024 RegOpenKeyW
0x500028 RegCloseKey
0x50002c RegOpenKeyExW
0x500030 RegQueryValueExW
0x500034 GetTokenInformation
0x500038 LookupAccountSidW
0x50003c OpenProcessToken
0x500040 RegDeleteKeyW
0x500044 RegSetValueExW
0x500048 RegCreateKeyExW
0x50004c LookupAccountNameW
0x500050 AddAccessAllowedAce
0x500054 GetLengthSid
0x500060 SetSecurityInfo
0x500064 InitializeAcl
0x50006c GetFileSecurityW
0x500070 AddAce
0x500080 SetEntriesInAclW
0x500088 EqualSid
0x50008c GetAce
0x500090 GetAclInformation
0x500094 SetFileSecurityW
库: ole32.dll:
0x500534 OleCreate
0x500538 CoInitialize
0x50053c CoUninitialize
0x500540 CoCreateInstance
库: OLEAUT32.dll:
0x500394 SysAllocString
0x500398 VariantClear
0x50039c VariantInit
0x5003a0 SysFreeString
库: IMM32.dll:
0x5000d8 ImmDisableIME
库: VERSION.dll:
0x5004e8 VerQueryValueW
0x5004ec GetFileVersionInfoW
库: PSAPI.DLL:
库: MSIMG32.dll:
0x500380 AlphaBlend
库: OLEACC.dll:
0x500388 LresultFromObject
库: SHELL32.dll:
0x5003b0 ShellExecuteW
0x5003b4 SHGetFolderPathW
0x5003b8 ShellExecuteExW
0x5003bc SHFileOperationW
0x5003c0 SHChangeNotify
库: GDI32.dll:
0x5000a4 DeleteObject
0x5000a8 GetObjectW
0x5000ac CreateDIBSection
0x5000b4 SetBkMode
0x5000b8 SetTextColor
0x5000bc CreateCompatibleDC
0x5000c0 SelectObject
0x5000c4 BitBlt
0x5000c8 CreateFontIndirectW
0x5000cc GetFontData
0x5000d0 DeleteDC

.text
`.rdata
@.data
.rsrc
@.reloc
PhDhR
Ph0hR
PhthR
PhXhR
Ph@iR
Ph0iR
PhliR
PhTiR
Ph$jR
PhXjR
Ph<jR
PhljR
Ph,kR
PhhkR
PhHkR
PhTlR
Ph8lR
PhplR
Ph<mR
Ph mR
PhhmR
PhXmR
PhxmR
Ph8nR
PhXnR
PhdoR
PhDoR
PhTpR
Ph$pR
Ph|pR
PhPqR
Ph$qR
PhtqR
PhPrR
Ph(sR
Ph`sR
Ph@sR
Ph,tR
PhhtR
Ph$uR
PhhuR
Ph4vR
PhhvR
PhLvR
Ph0wR
PhXwR
PhDwR
PhtwR
Ph<xR
Ph`xR
PhtyR
Ph<yR
PhTzR
Ph4{R
Phl{R
Ph$|R
Ph\|R
Ph@|R
Phx|R
Php}R
Ph<}R
Ph(~R
PhT~R
Phl]T
SVj(j
F$ ;T
P$hLZR
没有防病毒引擎扫描信息!

进程树


SogouComMgr.exe, PID: 2560, 上一级进程 PID: 2236

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.215.102.154 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.215.102.154 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 23.724 seconds )

  • 11.979 Suricata
  • 6.022 Static
  • 2.313 VirusTotal
  • 2.255 NetworkAnalysis
  • 0.7 TargetInfo
  • 0.317 peid
  • 0.102 BehaviorAnalysis
  • 0.016 AnalysisInfo
  • 0.013 Strings
  • 0.005 config_decoder
  • 0.002 Memory

Signatures ( 1.513 seconds )

  • 1.375 md_url_bl
  • 0.019 antiav_detectreg
  • 0.009 infostealer_ftp
  • 0.007 antiav_detectfile
  • 0.007 md_domain_bl
  • 0.006 api_spamming
  • 0.006 infostealer_bitcoin
  • 0.005 anomaly_persistence_autorun
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_im
  • 0.004 stealth_decoy_document
  • 0.004 stealth_timeout
  • 0.004 infostealer_mail
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antianalysis_detectreg
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 mimics_filetime
  • 0.002 antivm_generic_disk
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.001 antiemu_wine_func
  • 0.001 bootkit
  • 0.001 rat_nanocore
  • 0.001 stealth_file
  • 0.001 betabot_behavior
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 infostealer_browser_password
  • 0.001 cerber_behavior
  • 0.001 virus
  • 0.001 kovter_behavior
  • 0.001 hancitor_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bitcoin_opencl
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.524 seconds )

  • 0.523 ReportHTMLSummary
  • 0.001 Malheur
Task ID 717075
Mongo ID 63d2b00adc327bb844324ad0
Cuckoo release 1.4-Maldun