分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2023-06-07 17:07:51 | 2023-06-07 17:10:03 | 132 秒 |
文件名 | 1d7ed4ba35a8.exe |
---|---|
文件大小 | 1561088 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 8279a4c9bc0a6ea591c1d3617b586105 |
SHA1 | 8754c1f8931004e7fcda6b4abd67597ed3c8e408 |
SHA256 | 8a9190077efd08480ebc24a6934169084a52db72e97207162b842da4cf213528 |
SHA512 | dbed473db4b4c7d7d2066260cd792d24dc13935b21e6945f7ebcf4cb9ff1d1b388734e87f46579fc61319cce8cff3acb21d04ad42e97a7bad40f97c0d2b5b060 |
CRC32 | ED00A4FF |
Ssdeep | 24576:SnsJ39LyjbJkQFMhmC+6GD93mo8QfTFuKiUR5Z3FkN:SnsHyjtk2MYC5GDxXZj3FkN |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 174.128.246.100 | 美国 | |
否 | 31.13.80.37 | 爱尔兰 |
域名 | 安全评级 | 响应 |
---|---|---|
xred.mooo.com | 未知 | NXDOMAIN |
freedns.afraid.org | 未知 | A 174.128.246.100 |
docs.google.com | 未知 | A 31.13.80.37 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0049ab80 |
声明校验值 | 0x00000000 |
实际校验值 | 0x0018a07a |
最低操作系统版本要求 | 4.0 |
编译时间 | 1992-06-20 06:22:17 |
载入哈希 | 332f7ce65ead0adfb3d35147033aabe9 |
图标 | |
图标精确哈希值 | 869876cfca470804247b9c78321738f4 |
图标相似性哈希值 | 1a3cddf9ad5983aac5ea931ba98f7ccd |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
CODE | 0x00001000 | 0x00099bec | 0x00099c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.57 |
DATA | 0x0009b000 | 0x00002e54 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.85 |
BSS | 0x0009e000 | 0x000011e5 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.idata | 0x000a0000 | 0x00002a42 | 0x00002c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.92 |
.tls | 0x000a3000 | 0x00000010 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rdata | 0x000a4000 | 0x00000039 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.78 |
.reloc | 0x000a5000 | 0x0000a980 | 0x0000aa00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 6.67 |
.rsrc | 0x000b0000 | 0x000d2930 | 0x000d2a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 6.82 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_CURSOR | 0x000b1500 | 0x00000134 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.92 | data |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_BITMAP | 0x000b2868 | 0x000000e8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.85 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000b39f8 | 0x000010a8 | LANG_TURKISH | SUBLANG_DEFAULT | 2.52 | dBase IV DBT of @.DBF, block length 8192, next free block index 40 |
RT_ICON | 0x000b39f8 | 0x000010a8 | LANG_TURKISH | SUBLANG_DEFAULT | 2.52 | dBase IV DBT of @.DBF, block length 8192, next free block index 40 |
RT_DIALOG | 0x000b4aa0 | 0x00000052 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.56 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_STRING | 0x000b8a6c | 0x00000354 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.11 | data |
RT_RCDATA | 0x0017ddb8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x0017ddb8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x0017ddb8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x0017ddb8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x0017ddb8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x0017ddb8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x0017ddb8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_RCDATA | 0x0017ddb8 | 0x000047d3 | LANG_TURKISH | SUBLANG_DEFAULT | 7.52 | Microsoft Excel 2007+ |
RT_GROUP_CURSOR | 0x00182604 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00182604 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00182604 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00182604 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00182604 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00182604 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00182604 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x00182618 | 0x00000014 | LANG_TURKISH | SUBLANG_DEFAULT | 1.78 | MS Windows icon resource - 1 icon, 32x32 |
RT_VERSION | 0x0018262c | 0x00000304 | LANG_TURKISH | SUBLANG_DEFAULT | 3.22 | data |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 174.128.246.100 | 美国 | |
否 | 31.13.80.37 | 爱尔兰 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49165 | 174.128.246.100 freedns.afraid.org | 80 |
192.168.122.201 | 49160 | 23.200.74.8 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
xred.mooo.com | 未知 | NXDOMAIN |
freedns.afraid.org | 未知 | A 174.128.246.100 |
docs.google.com | 未知 | A 31.13.80.37 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49165 | 174.128.246.100 freedns.afraid.org | 80 |
192.168.122.201 | 49160 | 23.200.74.8 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 | GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1 User-Agent: MyApp Host: freedns.afraid.org Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 721965 |
---|---|
Mongo ID | 648049c87e769a4ec19e3955 |
Cuckoo release | 1.4-Maldun |