比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2023-01-27 16:04:40 2023-01-27 16:06:54 134 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 Apex自瞄方框.exe
文件大小 2088960 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4488289b0f0e5c20fdf2ab040b97dde2
SHA1 499e0ad7ea584f71dc1bc093980f23a2bef1270c
SHA256 e20db1d26d825f515e54c0dc250da8ff4af05625edc64da66d63e22181b2d5ce
SHA512 f9884e6e5aa4dc88c52781d23931acf0afda13fe8ed1271e931577c55f9b61442adb07c7c2e873f9de3a4884e59738b531cde2f9271a6f9721399212b1a634a3
CRC32 B03A3FE2
Ssdeep 24576:81b2Xh3BXV4WBsZJ1zXsRxPOJzjurq2uXlz7hdUnKwYVUh3oXBrniGq7pztiG:8opBXzsZoRUJfgUVz7Mn0a3oXB0
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
14.215.158.24 中国
183.3.226.29 中国
183.47.115.67 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
jq.qq.com 未知 A 14.215.158.24
qm.qq.com 未知 A 183.3.226.29
p.qpic.cn 未知 A 183.47.106.162
A 183.47.106.183
A 183.47.106.161
A 113.96.18.116
A 183.47.115.123
A 183.47.115.67
A 183.47.115.49
A 183.47.115.115
A 183.47.106.249
A 183.47.115.21

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00646000
声明校验值 0x00000000
实际校验值 0x00209694
最低操作系统版本要求 4.0
编译时间 2023-01-28 00:46:56
载入哈希 39701e41a754182dcd19e2d445f572b5
图标
图标精确哈希值 d7e420b5cfe844249ec8c6ee23f97827
图标相似性哈希值 378390ec80f3ec9e1a8077914195245d

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000c242e 0x000c3000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.65
.rdata 0x000c4000 0x000f0866 0x000f1000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.94
.data 0x001b5000 0x0006b4ca 0x00023000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.97
.rsrc 0x00221000 0x00022670 0x00023000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.41
.awang 0x00244000 0x00000064 0x00001000 IMAGE_SCN_MEM_EXECUTE 0.13
.awang 0x00245000 0x000000c8 0x00001000 IMAGE_SCN_MEM_EXECUTE 0.08
.awang 0x00246000 0x000000c8 0x00001000 IMAGE_SCN_MEM_EXECUTE 0.20

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00221eb8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00221eb8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x00221eb8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x002223a8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x002223a8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x002223a8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x002223a8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x00223c1c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_ICON 0x00241028 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.86 GLS_BINARY_LSB_FIRST
RT_MENU 0x0024149c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x0024149c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002426e4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0024312c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00243178 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00243178 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00243178 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00243288 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00243288 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00243288 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x0024329c 0x00000204 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.43 data
RT_MANIFEST 0x002434a0 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x4c4654 midiStreamOut
0x4c465c waveOutWrite
0x4c4660 waveOutPause
0x4c4664 waveOutReset
0x4c4668 waveOutClose
0x4c466c waveOutGetNumDevs
0x4c4670 waveOutOpen
0x4c4678 midiStreamOpen
0x4c467c midiStreamProperty
0x4c4680 midiStreamStop
0x4c4684 midiOutReset
0x4c4688 midiStreamClose
0x4c468c midiStreamRestart
0x4c4694 waveOutRestart
库: WS2_32.dll:
0x4c46b0 WSACleanup
0x4c46b4 inet_ntoa
0x4c46b8 closesocket
0x4c46bc getpeername
0x4c46c0 accept
0x4c46c4 ntohl
0x4c46c8 WSAAsyncSelect
0x4c46cc recvfrom
0x4c46d0 ioctlsocket
0x4c46d4 recv
库: KERNEL32.dll:
0x4c417c GetSystemDirectoryA
0x4c4180 SetLastError
0x4c4188 GetVersion
0x4c418c CreateMutexA
0x4c4190 ReleaseMutex
0x4c4194 SuspendThread
0x4c41a0 TerminateProcess
0x4c41a4 GetSystemInfo
0x4c41ac lstrcmpiA
0x4c41b0 HeapSize
0x4c41b4 RaiseException
0x4c41b8 GetLocalTime
0x4c41bc GetSystemTime
0x4c41c0 RtlUnwind
0x4c41c4 GetStartupInfoA
0x4c41c8 GetOEMCP
0x4c41cc GetCPInfo
0x4c41d0 GetProcessVersion
0x4c41d4 SetErrorMode
0x4c41d8 GlobalFlags
0x4c41dc GetCurrentThread
0x4c41e0 GetFileTime
0x4c41e4 TlsGetValue
0x4c41e8 LocalReAlloc
0x4c41ec TlsSetValue
0x4c41f0 TlsFree
0x4c41f4 GlobalHandle
0x4c41f8 TlsAlloc
0x4c41fc LocalAlloc
0x4c4200 lstrcmpA
0x4c4204 GlobalGetAtomNameA
0x4c4208 GlobalAddAtomA
0x4c420c GlobalFindAtomA
0x4c4210 GlobalDeleteAtom
0x4c4214 SetEndOfFile
0x4c4218 UnlockFile
0x4c421c LockFile
0x4c4220 FlushFileBuffers
0x4c4224 DuplicateHandle
0x4c4228 lstrcpynA
0x4c4234 LocalFree
0x4c4238 GetCurrentProcess
0x4c423c GetFileSize
0x4c4240 SetFilePointer
0x4c4248 Process32First
0x4c424c Process32Next
0x4c4250 VirtualAlloc
0x4c4254 IsBadReadPtr
0x4c4258 VirtualFree
0x4c425c VirtualProtect
0x4c4260 TerminateThread
0x4c4264 CreateSemaphoreA
0x4c4268 ResumeThread
0x4c426c ReleaseSemaphore
0x4c4278 GetProfileStringA
0x4c427c WriteFile
0x4c4284 CreateFileA
0x4c4288 SetEvent
0x4c428c FindResourceA
0x4c4290 LoadResource
0x4c4294 LockResource
0x4c4298 ReadFile
0x4c429c RemoveDirectoryA
0x4c42a0 GetModuleFileNameA
0x4c42a4 WideCharToMultiByte
0x4c42a8 MultiByteToWideChar
0x4c42ac GetCurrentThreadId
0x4c42b0 ExitProcess
0x4c42b4 GlobalSize
0x4c42b8 GlobalFree
0x4c42c4 InterlockedExchange
0x4c42c8 lstrcatA
0x4c42cc lstrlenA
0x4c42d0 WinExec
0x4c42d4 lstrcpyA
0x4c42d8 FindNextFileA
0x4c42dc GlobalReAlloc
0x4c42e0 HeapFree
0x4c42e4 HeapReAlloc
0x4c42e8 GetProcessHeap
0x4c42ec HeapAlloc
0x4c42f0 GetFullPathNameA
0x4c42f4 FreeLibrary
0x4c42f8 LoadLibraryA
0x4c42fc GetLastError
0x4c4300 GetVersionExA
0x4c4308 CreateThread
0x4c430c CreateEventA
0x4c4310 Sleep
0x4c4314 GlobalAlloc
0x4c4318 GlobalLock
0x4c431c GlobalUnlock
0x4c4320 GetTempPathA
0x4c4324 FindFirstFileA
0x4c4328 FindClose
0x4c432c GetFileAttributesA
0x4c4330 DeleteFileA
0x4c4340 GetModuleHandleA
0x4c4344 GetProcAddress
0x4c4348 MulDiv
0x4c434c GetCommandLineA
0x4c4350 GetTickCount
0x4c4354 CreateProcessA
0x4c4358 WaitForSingleObject
0x4c435c CloseHandle
0x4c4360 GetACP
0x4c4378 SetHandleCount
0x4c437c GetStdHandle
0x4c4380 GetFileType
0x4c4388 HeapDestroy
0x4c438c HeapCreate
0x4c4394 LCMapStringA
0x4c4398 LCMapStringW
0x4c439c IsBadWritePtr
0x4c43a4 GetStringTypeA
0x4c43a8 GetStringTypeW
0x4c43ac CompareStringA
0x4c43b0 CompareStringW
0x4c43b4 IsBadCodePtr
0x4c43b8 SetStdHandle
库: USER32.dll:
0x4c43e0 GetActiveWindow
0x4c43e4 GetWindow
0x4c43ec SetFocus
0x4c43f0 IsIconic
0x4c43f4 PeekMessageA
0x4c43f8 SetMenu
0x4c43fc GetMenu
0x4c4400 DeleteMenu
0x4c4404 GetSystemMenu
0x4c4408 DefWindowProcA
0x4c440c GetClassInfoA
0x4c4410 IsZoomed
0x4c4414 PostQuitMessage
0x4c441c SetWindowRgn
0x4c4420 GetMessagePos
0x4c4424 ScreenToClient
0x4c4428 GetSysColorBrush
0x4c442c ClientToScreen
0x4c4430 EnableMenuItem
0x4c4434 GetSubMenu
0x4c4438 GetDlgCtrlID
0x4c4440 CreateMenu
0x4c4444 ModifyMenuA
0x4c4448 AppendMenuA
0x4c444c DrawIconEx
0x4c445c SetRectEmpty
0x4c4460 DispatchMessageA
0x4c4464 GetMessageA
0x4c4468 WindowFromPoint
0x4c446c DrawFocusRect
0x4c4470 DrawEdge
0x4c4474 DrawFrameControl
0x4c4478 UnregisterClassA
0x4c447c TranslateMessage
0x4c4480 LoadIconA
0x4c4488 CopyRect
0x4c448c LoadBitmapA
0x4c4490 WinHelpA
0x4c4494 KillTimer
0x4c4498 SetTimer
0x4c449c ReleaseCapture
0x4c44a0 GetCapture
0x4c44a4 SetCapture
0x4c44a8 GetScrollRange
0x4c44ac SetScrollRange
0x4c44b0 SetScrollPos
0x4c44b4 SetRect
0x4c44b8 InflateRect
0x4c44bc IntersectRect
0x4c44c0 DestroyIcon
0x4c44c4 PtInRect
0x4c44c8 LoadStringA
0x4c44cc GetKeyState
0x4c44d4 GetMenuState
0x4c44d8 SetMenuItemBitmaps
0x4c44dc CheckMenuItem
0x4c44e0 OffsetRect
0x4c44e4 IsWindowVisible
0x4c44e8 EnableWindow
0x4c44ec RedrawWindow
0x4c44f0 GetWindowLongA
0x4c44f4 SetWindowLongA
0x4c44f8 GetSysColor
0x4c44fc SetActiveWindow
0x4c4500 SetCursorPos
0x4c4504 LoadCursorA
0x4c4508 SetCursor
0x4c450c GetDC
0x4c4510 FillRect
0x4c4514 IsRectEmpty
0x4c4518 ReleaseDC
0x4c451c IsChild
0x4c4520 DestroyMenu
0x4c4524 SetForegroundWindow
0x4c4528 GetWindowRect
0x4c452c EqualRect
0x4c4530 UpdateWindow
0x4c4534 ValidateRect
0x4c4538 InvalidateRect
0x4c453c GetClientRect
0x4c4540 GetFocus
0x4c4544 GetParent
0x4c4548 GetTopWindow
0x4c454c PostMessageA
0x4c4550 IsWindow
0x4c4554 SetParent
0x4c4558 DestroyCursor
0x4c455c SendMessageA
0x4c4560 SetWindowPos
0x4c4564 MessageBoxA
0x4c4568 GetCursorPos
0x4c456c GetSystemMetrics
0x4c4570 EmptyClipboard
0x4c4574 SetClipboardData
0x4c4578 OpenClipboard
0x4c457c GetClipboardData
0x4c4580 CloseClipboard
0x4c4584 wsprintfA
0x4c4588 WaitForInputIdle
0x4c4590 GetPropA
0x4c4594 DefWindowProcW
0x4c4598 SetPropA
0x4c459c MoveWindow
0x4c45a0 CreateWindowExA
0x4c45a4 RegisterClassA
0x4c45a8 GetDesktopWindow
0x4c45ac GetClassNameA
0x4c45b0 GetDlgItem
0x4c45b4 GetWindowTextA
0x4c45b8 GetForegroundWindow
0x4c45bc IsWindowEnabled
0x4c45c0 ShowWindow
0x4c45c8 LoadImageA
0x4c45d0 CreatePopupMenu
0x4c45d8 CharUpperA
0x4c45dc GetWindowDC
0x4c45e0 BeginPaint
0x4c45e4 EndPaint
0x4c45e8 TabbedTextOutA
0x4c45ec DrawTextA
0x4c45f0 GrayStringA
0x4c45f4 DestroyWindow
0x4c45fc EndDialog
0x4c4600 GetNextDlgTabItem
0x4c4604 GetWindowPlacement
0x4c460c GetLastActivePopup
0x4c4610 GetMessageTime
0x4c4614 RemovePropA
0x4c4618 CallWindowProcA
0x4c461c UnhookWindowsHookEx
0x4c4620 GetClassLongA
0x4c4624 CallNextHookEx
0x4c4628 SetWindowsHookExA
0x4c462c GetMenuItemID
0x4c4630 GetMenuItemCount
0x4c4634 GetScrollPos
0x4c4638 AdjustWindowRectEx
0x4c463c MapWindowPoints
0x4c4640 SendDlgItemMessageA
0x4c4644 ScrollWindowEx
0x4c4648 IsDialogMessageA
0x4c464c SetWindowTextA
库: GDI32.dll:
0x4c402c ExtSelectClipRgn
0x4c4030 LineTo
0x4c4034 MoveToEx
0x4c4038 ExcludeClipRect
0x4c403c GetClipBox
0x4c4040 BitBlt
0x4c4044 CreateCompatibleDC
0x4c4048 Ellipse
0x4c404c Rectangle
0x4c4050 LPtoDP
0x4c4054 DPtoLP
0x4c4058 GetCurrentObject
0x4c405c RoundRect
0x4c4064 GetDeviceCaps
0x4c4068 GetWindowExtEx
0x4c406c RealizePalette
0x4c4070 SelectPalette
0x4c4074 StretchBlt
0x4c4078 CreatePalette
0x4c4080 CreateDIBitmap
0x4c4084 DeleteObject
0x4c4088 SelectClipRgn
0x4c408c CreatePolygonRgn
0x4c4090 GetClipRgn
0x4c4094 SetStretchBltMode
0x4c409c SetBkColor
0x4c40a0 ScaleWindowExtEx
0x4c40a4 SetWindowExtEx
0x4c40a8 SetWindowOrgEx
0x4c40ac ScaleViewportExtEx
0x4c40b0 SetViewportExtEx
0x4c40b4 OffsetViewportOrgEx
0x4c40b8 SetViewportOrgEx
0x4c40bc SetMapMode
0x4c40c0 SetTextColor
0x4c40c4 SetROP2
0x4c40c8 SetPolyFillMode
0x4c40cc GetViewportExtEx
0x4c40d0 PtVisible
0x4c40d4 RectVisible
0x4c40d8 TextOutA
0x4c40dc ExtTextOutA
0x4c40e0 Escape
0x4c40e4 GetTextMetricsA
0x4c40e8 StartPage
0x4c40ec StartDocA
0x4c40f0 DeleteDC
0x4c40f4 EndDoc
0x4c40f8 EndPage
0x4c40fc CreateFontIndirectA
0x4c4100 GetStockObject
0x4c4104 CreateSolidBrush
0x4c4108 FillRgn
0x4c410c CreateRectRgn
0x4c4110 CombineRgn
0x4c4114 PatBlt
0x4c4118 CreatePen
0x4c411c GetObjectA
0x4c4120 SelectObject
0x4c4124 CreateBitmap
0x4c4128 SetBkMode
0x4c412c RestoreDC
0x4c4130 SaveDC
0x4c4134 CreateDCA
0x4c413c GetPolyFillMode
0x4c4140 GetStretchBltMode
0x4c4144 GetROP2
0x4c4148 GetViewportOrgEx
0x4c414c GetBkMode
0x4c4150 GetTextColor
0x4c4154 CreateRoundRectRgn
0x4c4158 CreateEllipticRgn
0x4c415c PathToRegion
0x4c4160 EndPath
0x4c4164 BeginPath
0x4c4168 GetDIBits
0x4c416c GetBkColor
0x4c4170 GetWindowOrgEx
库: WINSPOOL.DRV:
0x4c46a0 OpenPrinterA
0x4c46a4 DocumentPropertiesA
0x4c46a8 ClosePrinter
库: ADVAPI32.dll:
0x4c4000 RegQueryValueExA
0x4c4004 RegOpenKeyExA
0x4c4008 RegSetValueExA
0x4c400c RegQueryValueA
0x4c4010 RegCreateKeyExA
0x4c4014 RegOpenKeyA
0x4c4018 RegCloseKey
库: SHELL32.dll:
0x4c43d0 Shell_NotifyIconA
0x4c43d8 ShellExecuteA
库: ole32.dll:
0x4c46f0 CLSIDFromString
0x4c46f4 OleUninitialize
0x4c46f8 OleInitialize
库: OLEAUT32.dll:
0x4c43c0 LoadTypeLib
0x4c43c4 RegisterTypeLib
0x4c43c8 UnRegisterTypeLib
库: COMCTL32.dll:
0x4c4020 None
0x4c4024 ImageList_Destroy
库: comdlg32.dll:
0x4c46dc ChooseColorA
0x4c46e0 GetFileTitleA
0x4c46e4 GetSaveFileNameA
0x4c46e8 GetOpenFileNameA
.text
`.rdata
@.data
.rsrc
@.awang
.awang
.awang
Ph ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
RPh ~]
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
8`}<j
T$th
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
没有防病毒引擎扫描信息!

进程树

Apex____________.exe, PID: 2640, 上一级进程 PID: 2300
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
14.215.158.24 中国
183.3.226.29 中国
183.47.115.67 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 14.215.158.24 jq.qq.com 443
192.168.122.201 49164 183.3.226.29 qm.qq.com 80
192.168.122.201 49165 183.3.226.29 qm.qq.com 443
192.168.122.201 49166 183.47.115.67 p.qpic.cn 443
192.168.122.201 49167 183.47.115.67 p.qpic.cn 443
192.168.122.201 49162 23.215.102.154 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
jq.qq.com 未知 A 14.215.158.24
qm.qq.com 未知 A 183.3.226.29
p.qpic.cn 未知 A 183.47.106.162
A 183.47.106.183
A 183.47.106.161
A 113.96.18.116
A 183.47.115.123
A 183.47.115.67
A 183.47.115.49
A 183.47.115.115
A 183.47.106.249
A 183.47.115.21

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 14.215.158.24 jq.qq.com 443
192.168.122.201 49164 183.3.226.29 qm.qq.com 80
192.168.122.201 49165 183.3.226.29 qm.qq.com 443
192.168.122.201 49166 183.47.115.67 p.qpic.cn 443
192.168.122.201 49167 183.47.115.67 p.qpic.cn 443
192.168.122.201 49162 23.215.102.154 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://qm.qq.com/cgi-bin/qm/qr?k=qRqrj51RAQpEfB6pXUQZRR1uQcU3AA78&authKey=909NLTBUx6DbRGE9z3GfjPaTMyeEjQnLlQ%2FVshKGGyAgWFOJa5o79p%2BUTobm6edd&noverify=0&group_code=537071796 
GET /cgi-bin/qm/qr?k=qRqrj51RAQpEfB6pXUQZRR1uQcU3AA78&authKey=909NLTBUx6DbRGE9z3GfjPaTMyeEjQnLlQ%2FVshKGGyAgWFOJa5o79p%2BUTobm6edd&noverify=0&group_code=537071796 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: qm.qq.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2023-01-27 16:05:08.421287+0800 192.168.122.201 49166 183.47.115.67 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.qpic.cn 6a:21:05:46:7c:12:cd:99:99:07:87:12:79:81:4f:68:31:0a:b8:5f
2023-01-27 16:05:07.448828+0800 192.168.122.201 49163 14.215.158.24 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jq.qq.com ee:58:ad:0b:bb:a2:32:bd:0f:78:d1:fa:ef:e8:fe:10:c5:45:ad:6d
2023-01-27 16:05:08.545948+0800 192.168.122.201 49167 183.47.115.67 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=Guangdong, L=Shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.qpic.cn 6a:21:05:46:7c:12:cd:99:99:07:87:12:79:81:4f:68:31:0a:b8:5f
2023-01-27 16:05:07.874298+0800 192.168.122.201 49165 183.3.226.29 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=qqweb.qq.com 32:2e:a4:b5:15:0a:38:34:57:90:8c:b6:27:0c:a2:33:b8:7b:16:9e

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 29.613 seconds )

  • 12.908 NetworkAnalysis
  • 10.715 Suricata
  • 2.079 VirusTotal
  • 1.581 Static
  • 1.077 BehaviorAnalysis
  • 0.974 TargetInfo
  • 0.25 peid
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.005 config_decoder
  • 0.002 Memory

Signatures ( 15.976 seconds )

  • 13.426 network_http
  • 1.37 md_url_bl
  • 0.368 antiav_detectreg
  • 0.13 infostealer_ftp
  • 0.076 antianalysis_detectreg
  • 0.073 infostealer_im
  • 0.051 api_spamming
  • 0.041 stealth_decoy_document
  • 0.041 stealth_timeout
  • 0.041 infostealer_mail
  • 0.031 antivm_generic_scsi
  • 0.019 kibex_behavior
  • 0.019 darkcomet_regkeys
  • 0.018 antivm_parallels_keys
  • 0.018 antivm_xen_keys
  • 0.018 geodo_banking_trojan
  • 0.016 recon_fingerprint
  • 0.013 betabot_behavior
  • 0.012 antivm_generic_diskreg
  • 0.011 md_domain_bl
  • 0.01 antisandbox_productid
  • 0.008 antivm_generic_services
  • 0.008 antiav_detectfile
  • 0.007 anormaly_invoke_kills
  • 0.007 antivm_vbox_acpi
  • 0.007 packer_armadillo_regkey
  • 0.006 bypass_firewall
  • 0.006 antivm_generic_system
  • 0.006 antivm_xen_keys
  • 0.006 antivm_hyperv_keys
  • 0.006 antivm_vbox_keys
  • 0.006 antivm_vmware_keys
  • 0.006 antivm_vpc_keys
  • 0.006 maldun_anomaly_invoke_vb_vba
  • 0.005 mimics_filetime
  • 0.005 anomaly_persistence_autorun
  • 0.005 antivm_generic_bios
  • 0.005 antivm_generic_cpu
  • 0.005 infostealer_bitcoin
  • 0.005 recon_programs
  • 0.004 reads_self
  • 0.004 antivm_generic_disk
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 bootkit
  • 0.003 stealth_file
  • 0.003 virus
  • 0.003 antivm_vbox_files
  • 0.002 tinba_behavior
  • 0.002 hancitor_behavior
  • 0.002 disables_browser_warn
  • 0.002 network_cnc_http
  • 0.002 network_torgateway
  • 0.001 antiemu_wine_func
  • 0.001 network_tor
  • 0.001 antivm_vbox_libs
  • 0.001 rat_nanocore
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 injection_createremotethread
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 infostealer_browser_password
  • 0.001 antidbg_windows
  • 0.001 cerber_behavior
  • 0.001 kovter_behavior
  • 0.001 antidbg_devices
  • 0.001 antiemu_wine_reg
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.565 seconds )

  • 0.543 ReportHTMLSummary
  • 0.022 Malheur
Task ID 717087
Mongo ID 63d386617e769a7a57f3e145
Cuckoo release 1.4-Maldun