恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2023-06-07 19:16:07	2023-06-07 19:18:18	131 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	new.exe
文件大小	7909376 字节
文件类型	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5	5108d8fc42b484b9937fe879eeb5d293
SHA1	7eba63a3e006b203c967ed4265c781aa849a2551
SHA256	77eac3291d2d424026be860871be19893b1970a9a47ccf3d3dd396bc9c63d270
SHA512	238857545038c690af7b8556b8b64994cef745e35364a69bee9cc7968f2544eb508e75c3ae5d982bb4ae9e56bc3c977c35a83803f5c1f354c80ee1ce76483b3b
CRC32	B73B69D1
Ssdeep	49152:k2Ymzd3hQgIvI6ml8x42hyHRUOE/uLfu9jkfZeSxjPFfS7tVd7xbtEveku+jNbYH:kUd3hQgIvVk36rzd
Yara	登录查看Yara规则
	找不到该样本提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	121.40.115.108	中国
是	154.92.14.6	Seychelles

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.01happy.com	未知	A 121.40.115.108

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00469fc0
声明校验值	0x0079915b
实际校验值	0x00794b31
最低操作系统版本要求	6.1
编译时间	1970-01-01 08:00:00
载入哈希	4035d2883e01d64f3e7a9dccb1d63af5

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000ba325	0x000ba400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.92
.rdata	0x000bc000	0x005c9db8	0x005c9e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.29
.data	0x00686000	0x00061cd0	0x00018c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.49
/4	0x006e8000	0x00000119	0x00000200	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	4.83
/19	0x006e9000	0x00020c8b	0x00020e00	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	8.00
/32	0x0070a000	0x00006980	0x00006a00	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	7.93
/46	0x00711000	0x00000030	0x00000200	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	0.86
/65	0x00712000	0x000385c8	0x00038600	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	8.00
/78	0x0074b000	0x0001d6a0	0x0001d800	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	7.99
/90	0x00769000	0x0000b0ec	0x0000b200	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	7.81
.idata	0x00775000	0x00000476	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.53
.reloc	0x00776000	0x00007c2a	0x00007e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.43
.symtab	0x0077e000	0x0001a58a	0x0001a600	IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.16
.rsrc	0x00799000	0x000424b9	0x00042600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.21

导入

库: kernel32.dll:

• 0xa86020 WriteFile

• 0xa86028 WriteConsoleW

• 0xa86030 WaitForMultipleObjects

• 0xa86038 WaitForSingleObject

• 0xa86040 VirtualQuery

• 0xa86048 VirtualFree

• 0xa86050 VirtualAlloc

• 0xa86058 SwitchToThread

• 0xa86060 SuspendThread

• 0xa86068 Sleep

• 0xa86070 SetWaitableTimer

• 0xa86078 SetUnhandledExceptionFilter

• 0xa86080 SetProcessPriorityBoost

• 0xa86088 SetEvent

• 0xa86090 SetErrorMode

• 0xa86098 SetConsoleCtrlHandler

• 0xa860a0 ResumeThread

• 0xa860a8 PostQueuedCompletionStatus

• 0xa860b0 LoadLibraryA

• 0xa860b8 LoadLibraryW

• 0xa860c0 SetThreadContext

• 0xa860c8 GetThreadContext

• 0xa860d0 GetSystemInfo

• 0xa860d8 GetSystemDirectoryA

• 0xa860e0 GetStdHandle

• 0xa860e8 GetQueuedCompletionStatusEx

• 0xa860f0 GetProcessAffinityMask

• 0xa860f8 GetProcAddress

• 0xa86100 GetEnvironmentStringsW

• 0xa86108 GetConsoleMode

• 0xa86110 FreeEnvironmentStringsW

• 0xa86118 ExitProcess

• 0xa86120 DuplicateHandle

• 0xa86128 CreateWaitableTimerExW

• 0xa86130 CreateThread

• 0xa86138 CreateIoCompletionPort

• 0xa86140 CreateEventA

• 0xa86148 CloseHandle

• 0xa86150 AddVectoredExceptionHandler

.text
`.rdata
@.data
B.idata
.reloc
B.symtab
B.rsrc
D$0H=
D$8H=
Hc5All

没有防病毒引擎扫描信息!

进程树

new.exe id: 2608
- wqfwq.exe id: 2840

new.exe, PID: 2608, 上一级进程 PID: 2248

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

wqfwq.exe, PID: 2840, 上一级进程 PID: 2608

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	121.40.115.108	中国
是	154.92.14.6	Seychelles

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.99.238.48	80
192.168.122.201	49162	121.40.115.108 www.01happy.com	80
192.168.122.201	49163	154.92.14.6	8000

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	57526	192.168.122.1	53
192.168.122.201	63246	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.01happy.com	未知	A 121.40.115.108

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.99.238.48	80
192.168.122.201	49162	121.40.115.108 www.01happy.com	80
192.168.122.201	49163	154.92.14.6	8000

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	57526	192.168.122.1	53
192.168.122.201	63246	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://www.01happy.com/demo/accept.php	POST /demo/accept.php HTTP/1.1 Host: www.01happy.com User-Agent: Go-http-client/1.1 Content-Length: 8 Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip name=cjb

URI

HTTP数据

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip

GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://www.01happy.com/demo/accept.php

POST /demo/accept.php HTTP/1.1
Host: www.01happy.com
User-Agent: Go-http-client/1.1
Content-Length: 8
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

name=cjb

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2023-06-07 19:16:33.085456+0800	192.168.122.201	49162	121.40.115.108	80	TCP	2024897	ET USER_AGENTS Go HTTP Client User-Agent	Misc activity

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 46.27 seconds )

16.243 Static
12.947 NetworkAnalysis
10.869 Suricata
2.725 VirusTotal
1.721 TargetInfo
1.391 BehaviorAnalysis
0.326 peid
0.023 config_decoder
0.012 Strings
0.011 AnalysisInfo
0.002 Memory

Signatures ( 12.351 seconds )

10.199 network_http
1.524 md_url_bl
0.087 api_spamming
0.068 stealth_timeout
0.06 stealth_decoy_document
0.048 process_interest
0.046 injection_createremotethread
0.032 injection_runpe
0.03 vawtrak_behavior
0.027 antiav_detectreg
0.022 process_needed
0.011 mimics_filetime
0.011 infostealer_ftp
0.011 md_domain_bl
0.01 reads_self
0.009 stealth_file
0.009 anomaly_persistence_autorun
0.009 antivm_generic_disk
0.009 virus
0.008 bootkit
0.006 kovter_behavior
0.006 hancitor_behavior
0.006 antiav_detectfile
0.006 antianalysis_detectreg
0.006 infostealer_im
0.005 antiemu_wine_func
0.005 infostealer_browser_password
0.004 shifu_behavior
0.004 geodo_banking_trojan
0.004 infostealer_bitcoin
0.004 infostealer_mail
0.004 ransomware_extensions
0.004 ransomware_files
0.003 maldun_anomaly_massive_file_ops
0.003 antivm_generic_services
0.003 antivm_generic_scsi
0.003 disables_browser_warn
0.003 network_torgateway
0.002 tinba_behavior
0.002 antivm_vbox_libs
0.002 anomaly_persistence_bootexecute
0.002 anomaly_reset_winsock
0.002 antisandbox_sleep
0.002 anormaly_invoke_kills
0.002 antivm_vbox_files
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.001 rat_nanocore
0.001 betabot_behavior
0.001 creates_largekey
0.001 antisandbox_sunbelt_libs
0.001 kibex_behavior
0.001 exec_crash
0.001 creates_nullvalue
0.001 nymaim_behavior
0.001 cerber_behavior
0.001 antivm_generic_diskreg
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 darkcomet_regkeys
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 network_cnc_http
0.001 recon_fingerprint
0.001 stealth_modify_uac_prompt

Reporting ( 0.545 seconds )

0.497 ReportHTMLSummary
0.048 Malheur


Task ID	721976
Mongo ID	648067c4dc327b4796064fb6
Cuckoo release	1.4-Maldun