比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2023-06-07 18:12:14 2023-06-07 18:12:49 35 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 无限制版.exe
文件大小 1167360 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1b36928978ecc2c69f74d24f71824442
SHA1 f44ec0811a96c8913a949abf05047b090f8da743
SHA256 1c8abd3656a448e334517b039c312721bb7979b2fb8f59bca1fa86fd318009e0
SHA512 9c03c3c357d6c2c633fdc67776ca3d4ceec795c14f229e86ce388872cbc5ce1a7f79fc259b04a9bfcce21be2e507cd9e2cd9c529aadaddf7a9a84f900248da79
CRC32 1FF38CCD
Ssdeep 12288:WaridkYl+ipyah8ICz03nYLQoiDaxW71I/pmW1YVeHXubwa4RdLBOsxK9scndduU:Wa9Y/saaXzUnfDY0sk6dL8s49ssdd
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004a4923
声明校验值 0x00000000
实际校验值 0x00121564
最低操作系统版本要求 4.0
编译时间 2021-06-10 20:28:05
载入哈希 fdcc17ed10a53eec85978a51bad8f337

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000c6a72 0x000c7000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x000c8000 0x0001ed78 0x0001f000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.75
.data 0x000e7000 0x000655aa 0x0001a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.10
.rsrc 0x0014d000 0x0001bc80 0x0001c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.71

导入

库: RASAPI32.dll:
0x4c8410 RasHangUpA
库: iphlpapi.dll:
0x4c8774 GetAdaptersInfo
库: WINMM.dll:
0x4c86cc waveOutWrite
0x4c86d0 midiStreamRestart
0x4c86d4 midiStreamClose
0x4c86d8 midiOutReset
0x4c86dc midiStreamStop
0x4c86e0 midiStreamOut
0x4c86e8 midiStreamProperty
0x4c86ec midiStreamOpen
0x4c86f0 waveOutPause
0x4c86f4 waveOutReset
0x4c86f8 waveOutRestart
0x4c8700 waveOutOpen
0x4c8704 waveOutClose
0x4c8708 waveOutGetNumDevs
库: WS2_32.dll:
0x4c8728 send
0x4c872c select
0x4c8730 WSACleanup
0x4c8734 WSAStartup
0x4c8738 inet_ntoa
0x4c873c closesocket
0x4c8740 WSAAsyncSelect
0x4c8744 recvfrom
0x4c8748 recv
0x4c874c ntohl
0x4c8750 ioctlsocket
0x4c8754 accept
0x4c8758 getpeername
库: KERNEL32.dll:
0x4c8198 SetFilePointer
0x4c819c GetFileSize
0x4c81a0 GetCurrentProcess
0x4c81a4 TerminateProcess
0x4c81a8 MultiByteToWideChar
0x4c81b4 GetVersion
0x4c81b8 WideCharToMultiByte
0x4c81bc CreateMutexA
0x4c81c0 ReleaseMutex
0x4c81c4 SuspendThread
0x4c81c8 TerminateThread
0x4c81cc SetLastError
0x4c81d8 CreateSemaphoreA
0x4c81dc ResumeThread
0x4c81e0 ReleaseSemaphore
0x4c81e4 InterlockedExchange
0x4c81e8 IsBadCodePtr
0x4c81ec IsBadReadPtr
0x4c81f0 CompareStringW
0x4c81f4 CompareStringA
0x4c81f8 GetStringTypeW
0x4c8204 IsBadWritePtr
0x4c8208 VirtualAlloc
0x4c820c LCMapStringW
0x4c8210 LCMapStringA
0x4c8218 VirtualFree
0x4c821c HeapCreate
0x4c8220 HeapDestroy
0x4c8228 GetStdHandle
0x4c822c SetHandleCount
0x4c8244 GetFileType
0x4c8248 SetStdHandle
0x4c824c GetACP
0x4c8250 HeapSize
0x4c8254 RaiseException
0x4c8258 GetLocalTime
0x4c825c GetSystemTime
0x4c8260 RtlUnwind
0x4c8264 GetStartupInfoA
0x4c8268 GetOEMCP
0x4c826c GetCPInfo
0x4c8270 GetProcessVersion
0x4c8274 SetErrorMode
0x4c8278 GlobalFlags
0x4c827c GetCurrentThread
0x4c8280 GetFileTime
0x4c8284 TlsGetValue
0x4c8288 LocalReAlloc
0x4c828c TlsSetValue
0x4c8290 TlsFree
0x4c8294 GlobalHandle
0x4c8298 TlsAlloc
0x4c829c LocalAlloc
0x4c82a0 lstrcmpA
0x4c82a4 GlobalGetAtomNameA
0x4c82a8 GlobalAddAtomA
0x4c82ac GlobalFindAtomA
0x4c82b0 GlobalDeleteAtom
0x4c82b4 lstrcmpiA
0x4c82b8 SetEndOfFile
0x4c82bc UnlockFile
0x4c82c0 LockFile
0x4c82c4 FlushFileBuffers
0x4c82c8 DuplicateHandle
0x4c82cc lstrcpynA
0x4c82d4 LocalFree
0x4c82e4 GetProfileStringA
0x4c82e8 WriteFile
0x4c82f0 CreateFileA
0x4c82f4 DeviceIoControl
0x4c82f8 SetEvent
0x4c82fc FindResourceA
0x4c8300 CloseHandle
0x4c8304 WaitForSingleObject
0x4c8308 GetTickCount
0x4c830c GetCommandLineA
0x4c8310 MulDiv
0x4c8314 GetProcAddress
0x4c8318 GetModuleHandleA
0x4c8324 GetFileAttributesA
0x4c8328 FindClose
0x4c832c LoadResource
0x4c8330 LockResource
0x4c8334 ReadFile
0x4c8338 lstrlenW
0x4c833c GetModuleFileNameA
0x4c8340 GetCurrentThreadId
0x4c8344 ExitProcess
0x4c8348 GlobalSize
0x4c834c GlobalFree
0x4c8358 lstrcatA
0x4c835c lstrlenA
0x4c8360 WinExec
0x4c8364 lstrcpyA
0x4c8368 FindNextFileA
0x4c836c GlobalReAlloc
0x4c8370 HeapFree
0x4c8374 HeapReAlloc
0x4c8378 GetProcessHeap
0x4c837c HeapAlloc
0x4c8380 GetUserDefaultLCID
0x4c8384 GetFullPathNameA
0x4c8388 FreeLibrary
0x4c838c LoadLibraryA
0x4c8390 GetLastError
0x4c8394 GetVersionExA
0x4c839c CreateThread
0x4c83a0 CreateEventA
0x4c83a4 Sleep
0x4c83ac GlobalAlloc
0x4c83b0 GlobalLock
0x4c83b4 GlobalUnlock
0x4c83b8 FindFirstFileA
0x4c83bc GetStringTypeA
库: USER32.dll:
0x4c842c wsprintfA
0x4c8430 EqualRect
0x4c8434 CloseClipboard
0x4c8438 GetClipboardData
0x4c843c OpenClipboard
0x4c8440 SetClipboardData
0x4c8444 EmptyClipboard
0x4c8448 GetSysColorBrush
0x4c844c LoadStringA
0x4c8450 GetWindowTextA
0x4c8454 GetDlgItem
0x4c8458 GetClassNameA
0x4c845c GetDesktopWindow
0x4c8460 SetWindowTextA
0x4c8464 LoadIconA
0x4c8468 TranslateMessage
0x4c846c DrawFrameControl
0x4c8470 DrawEdge
0x4c8474 DrawFocusRect
0x4c8478 WindowFromPoint
0x4c847c GetMessageA
0x4c8480 DispatchMessageA
0x4c8484 SetRectEmpty
0x4c8494 DrawIconEx
0x4c8498 CreatePopupMenu
0x4c849c AppendMenuA
0x4c84a0 ModifyMenuA
0x4c84a4 CreateMenu
0x4c84ac GetDlgCtrlID
0x4c84b0 GetSubMenu
0x4c84b4 EnableMenuItem
0x4c84bc GetMenuState
0x4c84c0 SetMenuItemBitmaps
0x4c84c4 CheckMenuItem
0x4c84c8 MoveWindow
0x4c84cc IsDialogMessageA
0x4c84d0 ScrollWindowEx
0x4c84d4 SendDlgItemMessageA
0x4c84d8 MapWindowPoints
0x4c84dc AdjustWindowRectEx
0x4c84e0 GetScrollPos
0x4c84e4 RegisterClassA
0x4c84e8 GetMenuItemCount
0x4c84ec GetMenuItemID
0x4c84f0 CreateWindowExA
0x4c84f4 SetWindowsHookExA
0x4c84f8 CallNextHookEx
0x4c84fc GetClassLongA
0x4c8500 SetPropA
0x4c8504 UnhookWindowsHookEx
0x4c8508 GetPropA
0x4c850c CallWindowProcA
0x4c8510 RemovePropA
0x4c8514 GetMessageTime
0x4c8518 GetLastActivePopup
0x4c851c GetForegroundWindow
0x4c8524 GetWindowPlacement
0x4c8528 GetNextDlgTabItem
0x4c852c EndDialog
0x4c8534 DestroyWindow
0x4c8538 GrayStringA
0x4c853c ClientToScreen
0x4c8544 LoadImageA
0x4c854c ShowWindow
0x4c8550 IsWindowEnabled
0x4c8558 GetKeyState
0x4c8560 PostQuitMessage
0x4c8564 IsZoomed
0x4c8568 GetClassInfoA
0x4c856c DefWindowProcA
0x4c8570 GetSystemMenu
0x4c8574 DeleteMenu
0x4c8578 GetMenu
0x4c857c SetMenu
0x4c8580 PeekMessageA
0x4c8584 IsIconic
0x4c8588 SetFocus
0x4c858c GetActiveWindow
0x4c8590 GetWindow
0x4c8598 SetWindowRgn
0x4c859c GetMessagePos
0x4c85a0 ScreenToClient
0x4c85a8 CopyRect
0x4c85ac LoadBitmapA
0x4c85b0 WinHelpA
0x4c85b4 KillTimer
0x4c85b8 SetTimer
0x4c85bc ReleaseCapture
0x4c85c0 GetCapture
0x4c85c4 SetCapture
0x4c85c8 GetScrollRange
0x4c85cc SetScrollRange
0x4c85d0 SetScrollPos
0x4c85d4 SetRect
0x4c85d8 InflateRect
0x4c85dc IntersectRect
0x4c85e0 DestroyIcon
0x4c85e4 PtInRect
0x4c85e8 OffsetRect
0x4c85ec IsWindowVisible
0x4c85f0 EnableWindow
0x4c85f4 RedrawWindow
0x4c85f8 GetWindowLongA
0x4c85fc SetWindowLongA
0x4c8600 GetSysColor
0x4c8604 SetActiveWindow
0x4c8608 SetCursorPos
0x4c860c LoadCursorA
0x4c8610 SetCursor
0x4c8614 GetDC
0x4c8618 FillRect
0x4c861c IsRectEmpty
0x4c8620 ReleaseDC
0x4c8624 IsChild
0x4c8628 DestroyMenu
0x4c862c SetForegroundWindow
0x4c8630 GetWindowRect
0x4c8634 UnregisterClassA
0x4c8638 UpdateWindow
0x4c863c ValidateRect
0x4c8640 InvalidateRect
0x4c8644 GetClientRect
0x4c8648 GetFocus
0x4c864c GetParent
0x4c8650 GetTopWindow
0x4c8654 PostMessageA
0x4c8658 IsWindow
0x4c865c SetParent
0x4c8660 DestroyCursor
0x4c8664 SendMessageA
0x4c8668 SetWindowPos
0x4c866c MessageBoxA
0x4c8670 GetCursorPos
0x4c8674 GetSystemMetrics
0x4c867c CharUpperA
0x4c8680 GetWindowDC
0x4c8684 BeginPaint
0x4c8688 EndPaint
0x4c868c TabbedTextOutA
0x4c8690 DrawTextA
库: GDI32.dll:
0x4c804c ExtSelectClipRgn
0x4c8050 LineTo
0x4c8054 MoveToEx
0x4c8058 ExcludeClipRect
0x4c805c GetClipBox
0x4c8060 ScaleWindowExtEx
0x4c8064 SetWindowExtEx
0x4c8068 SetWindowOrgEx
0x4c806c ScaleViewportExtEx
0x4c8070 SetViewportExtEx
0x4c8074 OffsetViewportOrgEx
0x4c8078 SetViewportOrgEx
0x4c807c SetBkColor
0x4c8084 GetViewportExtEx
0x4c8088 SetStretchBltMode
0x4c808c GetClipRgn
0x4c8090 CreatePolygonRgn
0x4c8094 SelectClipRgn
0x4c8098 DeleteObject
0x4c809c CreateDIBitmap
0x4c80a4 CreatePalette
0x4c80a8 StretchBlt
0x4c80ac SelectPalette
0x4c80b0 RealizePalette
0x4c80b4 GetDIBits
0x4c80b8 GetWindowExtEx
0x4c80bc GetViewportOrgEx
0x4c80c0 GetWindowOrgEx
0x4c80c4 BeginPath
0x4c80c8 EndPath
0x4c80cc PathToRegion
0x4c80d0 CreateEllipticRgn
0x4c80d4 CreateRoundRectRgn
0x4c80d8 GetTextColor
0x4c80dc GetBkMode
0x4c80e0 GetBkColor
0x4c80e4 GetROP2
0x4c80e8 GetStretchBltMode
0x4c80ec GetPolyFillMode
0x4c80f4 CreateDCA
0x4c80f8 CreateBitmap
0x4c80fc SelectObject
0x4c8100 CreatePen
0x4c8104 PatBlt
0x4c8108 CombineRgn
0x4c810c CreateRectRgn
0x4c8110 FillRgn
0x4c8114 CreateSolidBrush
0x4c8118 CreateFontIndirectA
0x4c811c GetStockObject
0x4c8120 GetObjectA
0x4c8124 EndPage
0x4c8128 EndDoc
0x4c812c DeleteDC
0x4c8130 StartDocA
0x4c8134 StartPage
0x4c8138 BitBlt
0x4c813c CreateCompatibleDC
0x4c8140 Ellipse
0x4c8144 Rectangle
0x4c8148 LPtoDP
0x4c814c DPtoLP
0x4c8150 GetCurrentObject
0x4c8154 RoundRect
0x4c815c GetDeviceCaps
0x4c8160 PtVisible
0x4c8164 RectVisible
0x4c8168 TextOutA
0x4c816c ExtTextOutA
0x4c8170 Escape
0x4c8174 GetTextMetricsA
0x4c8178 SaveDC
0x4c817c RestoreDC
0x4c8180 SetBkMode
0x4c8184 SetPolyFillMode
0x4c8188 SetROP2
0x4c818c SetTextColor
0x4c8190 SetMapMode
库: WINSPOOL.DRV:
0x4c8710 OpenPrinterA
0x4c8714 DocumentPropertiesA
0x4c8718 ClosePrinter
库: ADVAPI32.dll:
0x4c8000 RegQueryValueA
0x4c8004 RegCreateKeyA
0x4c8008 RegSetValueExA
0x4c800c RegOpenKeyExA
0x4c8010 RegQueryValueExA
0x4c8014 RegCloseKey
0x4c8018 RegCreateKeyExA
库: SHELL32.dll:
0x4c841c Shell_NotifyIconA
0x4c8420 DragQueryFileA
0x4c8424 ShellExecuteA
库: ole32.dll:
0x4c877c OleRun
0x4c8780 CoCreateInstance
0x4c8784 CLSIDFromString
0x4c8788 OleInitialize
0x4c878c RevokeDragDrop
0x4c8790 ReleaseStgMedium
0x4c8794 CLSIDFromProgID
0x4c8798 OleUninitialize
库: OLEAUT32.dll:
0x4c83c4 VariantCopyInd
0x4c83c8 VariantInit
0x4c83cc SysAllocString
0x4c83d0 SafeArrayDestroy
0x4c83d4 SafeArrayCreate
0x4c83d8 SafeArrayPutElement
0x4c83dc RegisterTypeLib
0x4c83e0 LHashValOfNameSys
0x4c83e4 LoadTypeLib
0x4c83e8 UnRegisterTypeLib
0x4c83ec SafeArrayGetElement
0x4c83f0 VariantClear
0x4c83f4 SafeArrayAccessData
0x4c83fc SafeArrayGetDim
0x4c8400 SafeArrayGetLBound
0x4c8404 SafeArrayGetUBound
0x4c8408 VariantChangeType
库: COMCTL32.dll:
0x4c8020 ImageList_Read
0x4c8024 ImageList_Duplicate
0x4c802c ImageList_Create
0x4c8030 ImageList_Destroy
0x4c8034 None
0x4c8040 ImageList_GetIcon
库: WININET.dll:
0x4c869c InternetCrackUrlA
0x4c86a0 HttpOpenRequestA
0x4c86a4 HttpSendRequestA
0x4c86a8 HttpQueryInfoA
0x4c86ac InternetReadFile
0x4c86b0 InternetConnectA
0x4c86b4 InternetSetOptionA
0x4c86b8 InternetOpenA
0x4c86bc InternetCloseHandle
库: WLDAP32.dll:
0x4c8720 None
库: comdlg32.dll:
0x4c8760 ChooseColorA
0x4c8764 GetSaveFileNameA
0x4c8768 GetOpenFileNameA
0x4c876c GetFileTitleA
.text
`.rdata
@.data
.rsrc
Rj,Qj
t$ h$rN
8`}<j
T$hVj
jjjjh
没有防病毒引擎扫描信息!

进程树

____________.exe, PID: 2564, 上一级进程 PID: 2240
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.223.199.177 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.223.199.177 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 27.957 seconds )

  • 10.684 Suricata
  • 7.959 VirusTotal
  • 4.871 NetworkAnalysis
  • 3.376 Static
  • 0.471 TargetInfo
  • 0.307 peid
  • 0.261 BehaviorAnalysis
  • 0.012 AnalysisInfo
  • 0.011 Strings
  • 0.003 config_decoder
  • 0.002 Memory

Signatures ( 1.583 seconds )

  • 1.347 md_url_bl
  • 0.043 antiav_detectreg
  • 0.016 infostealer_ftp
  • 0.014 api_spamming
  • 0.012 stealth_file
  • 0.011 stealth_decoy_document
  • 0.011 stealth_timeout
  • 0.009 antianalysis_detectreg
  • 0.009 infostealer_im
  • 0.008 md_domain_bl
  • 0.007 antiav_detectfile
  • 0.006 anomaly_persistence_autorun
  • 0.006 infostealer_mail
  • 0.005 geodo_banking_trojan
  • 0.004 antivm_generic_scsi
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 dridex_behavior
  • 0.003 antivm_generic_services
  • 0.003 antidbg_windows
  • 0.003 antivm_vbox_files
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 mimics_filetime
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 anormaly_invoke_kills
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 modify_proxy
  • 0.002 disables_browser_warn
  • 0.001 antiemu_wine_func
  • 0.001 bootkit
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 reads_self
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antivm_generic_disk
  • 0.001 infostealer_browser_password
  • 0.001 cerber_behavior
  • 0.001 virus
  • 0.001 kovter_behavior
  • 0.001 hancitor_behavior
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_diskreg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.52 seconds )

  • 0.47 ReportHTMLSummary
  • 0.05 Malheur
Task ID 721974
Mongo ID 6480584edc327b4794064e3e
Cuckoo release 1.4-Maldun