比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2023-01-27 13:33:29 2023-01-27 13:34:05 36 秒

魔盾分数

8.4375

危险的

文件详细信息

文件名 点我启动.EXE
文件大小 118784 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 9436bf5388eebc70038013f88a95103d
SHA1 938c2f92b1c7d6bbc4d1c6439f661707997ca8de
SHA256 3d6a2819c617c13c1dfc44e6f93520799bc2532b11986575c658f619b64f95d3
SHA512 a4a4b81c5d41f1d6f461556cd7cfb39a5d6378ce95f59f8438484a2c02c90b0100a40bcb2d5764be8c04fb974dfea39dba31bf201efa80641635c49b360fa6dc
CRC32 7D166416
Ssdeep 1536:Ld+ixw+o8mTEmZ4Ife32kuCO0jWWarHWQuajofDiIao9A:jwFmFIfD8O88GGofDSoA
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0040220e
声明校验值 0x00000000
实际校验值 0x0002717e
最低操作系统版本要求 4.0
编译时间 2013-05-22 17:37:01
载入哈希 dc619460317812d67c45419ce8a35def
图标
图标精确哈希值 2bb497e04ecf1483ba8d02cca3533cbe
图标相似性哈希值 ae0674589f9ffcd088049a10ec57acbd

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00010c4a 0x00011000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x00012000 0x00003836 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.40
.data 0x00016000 0x0000d44c 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.99
.rsrc 0x00024000 0x000024f0 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.58

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00025f48 0x00000568 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.07 GLS_BINARY_LSB_FIRST
RT_ICON 0x00025f48 0x00000568 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.07 GLS_BINARY_LSB_FIRST
RT_ICON 0x00025f48 0x00000568 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.07 GLS_BINARY_LSB_FIRST
RT_ICON 0x00025f48 0x00000568 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.07 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x000264b0 0x0000003e LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 MS Windows icon resource - 4 icons, 48x48

导入

库: KERNEL32.dll:
0x41206c GetStartupInfoA
0x412070 GetCommandLineA
0x412074 RtlUnwind
0x412078 RaiseException
0x41207c HeapAlloc
0x412080 HeapFree
0x412084 GetACP
0x412088 HeapSize
0x41208c HeapReAlloc
0x412090 TerminateProcess
0x4120a4 SetHandleCount
0x4120a8 GetStdHandle
0x4120ac GetFileType
0x4120b4 GetVersionExA
0x4120b8 HeapDestroy
0x4120bc HeapCreate
0x4120c0 VirtualFree
0x4120c4 LCMapStringA
0x4120c8 LCMapStringW
0x4120cc GetStringTypeA
0x4120d0 GetStringTypeW
0x4120d8 VirtualAlloc
0x4120dc IsBadWritePtr
0x4120e0 IsBadReadPtr
0x4120e4 IsBadCodePtr
0x4120e8 SetStdHandle
0x4120ec FlushFileBuffers
0x4120f0 WriteFile
0x4120f4 GetCurrentProcess
0x4120f8 GetOEMCP
0x4120fc GetCPInfo
0x412100 GlobalFlags
0x412104 GetProcessVersion
0x412108 LoadLibraryA
0x41210c FreeLibrary
0x412110 lstrcatA
0x412114 GlobalGetAtomNameA
0x412118 lstrcmpiA
0x41211c GlobalAddAtomA
0x412120 GlobalFindAtomA
0x412124 GlobalDeleteAtom
0x412128 GetCurrentThreadId
0x41212c lstrcpyA
0x412130 GetModuleFileNameA
0x412134 TlsGetValue
0x412138 LocalReAlloc
0x41213c VirtualProtectEx
0x412140 TlsSetValue
0x412144 GlobalAlloc
0x412148 GlobalReAlloc
0x41214c GlobalLock
0x412150 GlobalHandle
0x412154 GlobalUnlock
0x412158 GlobalFree
0x41215c TlsAlloc
0x412160 LocalAlloc
0x412164 GetVersion
0x412168 lstrcpynA
0x41216c GetLastError
0x412170 SetLastError
0x412174 lstrcmpA
0x412188 LocalFree
0x41218c MultiByteToWideChar
0x412190 WideCharToMultiByte
0x412194 lstrlenA
0x4121a0 CreateFileA
0x4121a4 ReadFile
0x4121a8 SetFilePointer
0x4121ac CloseHandle
0x4121b0 CreateProcessA
0x4121b4 ExitProcess
0x4121b8 OpenProcess
0x4121bc ReadProcessMemory
0x4121c0 WriteProcessMemory
0x4121c4 ResumeThread
0x4121c8 GetThreadContext
0x4121cc SuspendThread
0x4121d0 GetModuleHandleA
0x4121d4 GetProcAddress
0x4121d8 Sleep
库: USER32.dll:
0x4121e4 GetClientRect
0x4121e8 AdjustWindowRectEx
0x4121ec SetFocus
0x4121f0 GetSysColor
0x4121f4 MapWindowPoints
0x4121f8 PostMessageA
0x4121fc LoadIconA
0x412200 SetWindowTextA
0x412204 LoadCursorA
0x412208 GetSysColorBrush
0x41220c ReleaseDC
0x412210 GetDC
0x412214 GetClassNameA
0x412218 PtInRect
0x41221c ClientToScreen
0x412220 PostQuitMessage
0x412224 DestroyMenu
0x412228 TabbedTextOutA
0x41222c DrawTextA
0x412230 GrayStringA
0x412234 GetTopWindow
0x412238 CopyRect
0x41223c GetCapture
0x412240 WinHelpA
0x412244 GetClassInfoA
0x412248 RegisterClassA
0x41224c GetMenu
0x412250 GetMenuItemCount
0x412254 GetSubMenu
0x412258 GetMenuItemID
0x41225c GetDlgItem
0x412260 GetWindowTextA
0x412264 GetDlgCtrlID
0x412268 DestroyWindow
0x41226c CreateWindowExA
0x412270 GetClassLongA
0x412274 SetPropA
0x412278 GetPropA
0x41227c CallWindowProcA
0x412280 RemovePropA
0x412284 DefWindowProcA
0x412288 GetMessageTime
0x41228c GetMessagePos
0x412290 GetForegroundWindow
0x412294 SetForegroundWindow
0x412298 GetWindow
0x41229c SetWindowLongA
0x4122a0 SetWindowPos
0x4122a8 IsIconic
0x4122ac GetWindowPlacement
0x4122b0 GetWindowRect
0x4122b4 GetSystemMetrics
0x4122bc LoadBitmapA
0x4122c0 GetMenuState
0x4122c4 ModifyMenuA
0x4122c8 SetMenuItemBitmaps
0x4122cc CheckMenuItem
0x4122d0 EnableMenuItem
0x4122d4 GetFocus
0x4122d8 GetNextDlgTabItem
0x4122dc DispatchMessageA
0x4122e0 GetKeyState
0x4122e4 CallNextHookEx
0x4122e8 PeekMessageA
0x4122ec SetWindowsHookExA
0x4122f0 GetParent
0x4122f4 MessageBoxA
0x4122f8 GetLastActivePopup
0x4122fc IsWindowEnabled
0x412300 GetWindowLongA
0x412304 SendMessageA
0x412308 EnableWindow
0x41230c UnhookWindowsHookEx
0x412310 LoadStringA
库: GDI32.dll:
0x412008 RestoreDC
0x41200c SelectObject
0x412010 GetStockObject
0x412014 SetMapMode
0x412018 SetViewportOrgEx
0x41201c OffsetViewportOrgEx
0x412020 SetViewportExtEx
0x412024 ScaleViewportExtEx
0x412028 SetWindowExtEx
0x41202c ScaleWindowExtEx
0x412030 SaveDC
0x412034 PtVisible
0x412038 RectVisible
0x41203c TextOutA
0x412040 ExtTextOutA
0x412044 Escape
0x412048 DeleteDC
0x41204c DeleteObject
0x412050 GetDeviceCaps
0x412054 GetObjectA
0x412058 SetBkColor
0x41205c SetTextColor
0x412060 GetClipBox
0x412064 CreateBitmap
库: WINSPOOL.DRV:
0x41231c DocumentPropertiesA
0x412320 ClosePrinter
0x412324 OpenPrinterA
库: COMCTL32.dll:
0x412000 None
.text
`.rdata
@.data
.rsrc
D$@Pj
;|$Lt%j
SVWUj
Php0A
A=8pA
Y;5<qA
tPhl5A
F(4)A
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
CStringArray
%*.*f
CObject
CNotSupportedException
CMemoryException
CException
CArchiveException
CMapPtrToPtr
CCmdTarget
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
DISPLAY
commctrl_DragListMsg
InitCommonControlsEx
COMCTL32.DLL
combobox
CTempMenu
CMenu
CTempGdiObject
CTempDC
CGdiObject
CUserException
CResourceException
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
`h````
(null)
GAIsProcessorFeaturePresent
KERNEL32
e+000
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
VirtualProtectEx
Sleep
GetProcAddress
GetModuleHandleA
SuspendThread
GetThreadContext
ResumeThread
WriteProcessMemory
ReadProcessMemory
OpenProcess
ExitProcess
CreateProcessA
CloseHandle
SetFilePointer
ReadFile
CreateFileA
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcmpA
SetLastError
GetLastError
lstrcpynA
GetVersion
LocalAlloc
TlsAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetModuleFileNameA
lstrcpyA
GetCurrentThreadId
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
lstrcatA
FreeLibrary
LoadLibraryA
GetProcessVersion
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentProcess
WriteFile
FlushFileBuffers
GetStartupInfoA
GetCommandLineA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetACP
HeapSize
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetStdHandle
KERNEL32.dll
MessageBoxA
LoadStringA
UnhookWindowsHookEx
EnableWindow
SendMessageA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
PeekMessageA
CallNextHookEx
GetKeyState
DispatchMessageA
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetWindowPos
SetWindowLongA
GetWindow
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetDlgCtrlID
GetWindowTextA
GetDlgItem
GetMenuItemID
GetSubMenu
GetMenuItemCount
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
USER32.dll
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectA
GetDeviceCaps
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GDI32.dll
comdlg32.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
ADVAPI32.dll
SHELL32.dll
COMCTL32.dll
uPy24MPit9HN4rnSd3d3LjUyc2hpZ3VhbmcuY2N8Q3JlYXRlV2luZG93RXhBfHVzZXIzMi5kbGx8MXx8MDA0MzI1NDh8OTA5MDkwOTA5MDkwfDAwNDMxMkE3fEU5NTExMjAwMDA5MHwwMDQzRTVDOHxFQjY0OTA5MDkwOTB8MDA0M0U3MUZ8RUI2NDkwOTA5MDkw
FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Not Find File!
.?AVCObject@@
.?AVCStringArray@@
.PAVCException@@
.PAVCArchiveException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCException@@
.?AVCSimpleException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNoTrackObject@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AUCThreadData@@
.?AVCArchiveException@@
.?AVCMapPtrToPtr@@
.?AVCCmdTarget@@
.?AV_AFX_CTL3D_STATE@@
.?AVCCmdUI@@
.?AVCWnd@@
.?AVCTestCmdUI@@
.?AVCTempWnd@@
.?AVCHandleMap@@
.?AV_AFX_WIN_STATE@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVCDC@@
.?AVCGdiObject@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVtype_info@@
$$$${
$&&$$Y
&&$$*,&$'
jRhe_
d^Wuyv
A6.46
"Q;'HC?2#DT=@?
%HK>M
5LKT1
(null)
没有防病毒引擎扫描信息!

进程树

____________.EXE, PID: 2572, 上一级进程 PID: 2260
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.209.84.72 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.209.84.72 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 20.826 seconds )

  • 12.41 Suricata
  • 3.669 VirusTotal
  • 3.465 NetworkAnalysis
  • 0.506 Static
  • 0.382 peid
  • 0.298 TargetInfo
  • 0.071 BehaviorAnalysis
  • 0.012 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 1.45 seconds )

  • 1.336 md_url_bl
  • 0.02 antiav_detectreg
  • 0.009 md_domain_bl
  • 0.008 infostealer_ftp
  • 0.006 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 stealth_decoy_document
  • 0.003 api_spamming
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 stealth_timeout
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_vbox_files
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.485 seconds )

  • 0.484 ReportHTMLSummary
  • 0.001 Malheur
Task ID 717082
Mongo ID 63d362717e769a7a55f42ff9
Cuckoo release 1.4-Maldun