分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2023-06-07 22:45:31 2023-06-07 22:46:20 49 秒

魔盾分数

4.325

可疑的

文件详细信息

文件名 Ipreporter.exe
文件大小 7286062 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 63f8814e4384b7a4e3fa0d852d5e4750
SHA1 c326c1874f9883c76f5aef8065c93dd307471b26
SHA256 045e4ff9d36302ea8433bc00486ed4c38d01c4270f6dddf9b3ea860a853b9ea6
SHA512 280169bf20ebad1efdbbbe677cc79c51233aa2ed12f600f88da7306c9217ae6dee9a5f1c903b4f5bfa42e24811ceb310b7221eb37c84dc1e7aff1d977234c21d
CRC32 D126DD7B
Ssdeep 196608:5AFVh/L2V76+DXLZy7YM30LzajzaepLqSmKwsJ+xG8D:SFVtL2V76m70GzajZsSLwsJCG8
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x14000afb0
声明校验值 0x006faf16
实际校验值 0x006faf16
最低操作系统版本要求 5.2
编译时间 2022-09-04 11:52:22
载入哈希 a6cec5b1a631d592d80900ab7e1de8df
图标
图标精确哈希值 99f8909119f22355b3423d4cad169539
图标相似性哈希值 c5a2ab820da81f9db77abd76bbd9764e

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00028720 0x00028800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.48
.rdata 0x0002a000 0x00012a9e 0x00012c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.82
.data 0x0003d000 0x000103e8 0x00000e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.81
.pdata 0x0004e000 0x000020c4 0x00002200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.33
_RDATA 0x00051000 0x0000015c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.76
.rsrc 0x00052000 0x0000f49c 0x0000f600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.56
.reloc 0x00062000 0x00000758 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.24

覆盖

偏移量 0x0004e800
大小 0x006a452e

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00060a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00060a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00060a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00060a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00060a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00060a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00060a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00060ea4 0x00000068 LANG_NEUTRAL SUBLANG_NEUTRAL 2.72 MS Windows icon resource - 7 icons, 48x48
RT_MANIFEST 0x00060f0c 0x00000590 LANG_NEUTRAL SUBLANG_NEUTRAL 5.29 XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: USER32.dll:
0x14002a388 CreateWindowExW
0x14002a390 MessageBoxW
0x14002a398 MessageBoxA
0x14002a3a0 SystemParametersInfoW
0x14002a3a8 DestroyIcon
0x14002a3b0 SetWindowLongPtrW
0x14002a3b8 GetWindowLongPtrW
0x14002a3c0 GetClientRect
0x14002a3c8 InvalidateRect
0x14002a3d0 ReleaseDC
0x14002a3d8 GetDC
0x14002a3e0 DrawTextW
0x14002a3e8 GetDialogBaseUnits
0x14002a3f0 EndDialog
0x14002a3f8 DialogBoxIndirectParamW
0x14002a400 MoveWindow
0x14002a408 SendMessageW
库: COMCTL32.dll:
0x14002a028 None
库: KERNEL32.dll:
0x14002a058 IsValidCodePage
0x14002a060 GetStringTypeW
0x14002a068 GetFileAttributesExW
0x14002a070 HeapReAlloc
0x14002a078 FlushFileBuffers
0x14002a080 GetCurrentDirectoryW
0x14002a088 GetACP
0x14002a090 GetOEMCP
0x14002a098 GetModuleHandleW
0x14002a0a0 MulDiv
0x14002a0a8 GetLastError
0x14002a0b0 SetDllDirectoryW
0x14002a0b8 GetModuleFileNameW
0x14002a0c0 GetProcAddress
0x14002a0c8 GetCommandLineW
0x14002a0d0 GetEnvironmentVariableW
0x14002a0d8 GetCPInfo
0x14002a0e8 CreateDirectoryW
0x14002a0f0 GetTempPathW
0x14002a0f8 WaitForSingleObject
0x14002a100 Sleep
0x14002a108 GetExitCodeProcess
0x14002a110 CreateProcessW
0x14002a118 GetStartupInfoW
0x14002a120 FreeLibrary
0x14002a128 LoadLibraryExW
0x14002a130 SetConsoleCtrlHandler
0x14002a138 FindClose
0x14002a140 FindFirstFileExW
0x14002a148 CloseHandle
0x14002a150 GetCurrentProcess
0x14002a158 LocalFree
0x14002a160 FormatMessageW
0x14002a168 MultiByteToWideChar
0x14002a170 WideCharToMultiByte
0x14002a178 GetEnvironmentStringsW
0x14002a180 FreeEnvironmentStringsW
0x14002a188 GetProcessHeap
0x14002a190 GetTimeZoneInformation
0x14002a198 HeapSize
0x14002a1a0 WriteConsoleW
0x14002a1a8 SetEndOfFile
0x14002a1b0 SetEnvironmentVariableW
0x14002a1b8 RtlUnwindEx
0x14002a1c0 RtlCaptureContext
0x14002a1c8 RtlLookupFunctionEntry
0x14002a1d0 RtlVirtualUnwind
0x14002a1d8 UnhandledExceptionFilter
0x14002a1e8 TerminateProcess
0x14002a1f8 QueryPerformanceCounter
0x14002a200 GetCurrentProcessId
0x14002a208 GetCurrentThreadId
0x14002a210 GetSystemTimeAsFileTime
0x14002a218 InitializeSListHead
0x14002a220 IsDebuggerPresent
0x14002a228 SetLastError
0x14002a230 EnterCriticalSection
0x14002a238 LeaveCriticalSection
0x14002a240 DeleteCriticalSection
0x14002a250 TlsAlloc
0x14002a258 TlsGetValue
0x14002a260 TlsSetValue
0x14002a268 TlsFree
0x14002a270 EncodePointer
0x14002a278 RaiseException
0x14002a280 RtlPcToFileHeader
0x14002a288 GetCommandLineA
0x14002a290 CreateFileW
0x14002a298 GetDriveTypeW
0x14002a2a8 GetFileType
0x14002a2b0 PeekNamedPipe
0x14002a2c0 FileTimeToSystemTime
0x14002a2c8 GetFullPathNameW
0x14002a2d0 RemoveDirectoryW
0x14002a2d8 FindNextFileW
0x14002a2e0 SetStdHandle
0x14002a2e8 DeleteFileW
0x14002a2f0 ReadFile
0x14002a2f8 GetStdHandle
0x14002a300 WriteFile
0x14002a308 ExitProcess
0x14002a310 GetModuleHandleExW
0x14002a318 HeapFree
0x14002a320 GetConsoleMode
0x14002a328 ReadConsoleW
0x14002a330 SetFilePointerEx
0x14002a338 GetConsoleOutputCP
0x14002a340 GetFileSizeEx
0x14002a348 HeapAlloc
0x14002a350 FlsAlloc
0x14002a358 FlsGetValue
0x14002a360 FlsSetValue
0x14002a368 FlsFree
0x14002a370 CompareStringW
0x14002a378 LCMapStringW
库: ADVAPI32.dll:
0x14002a000 OpenProcessToken
0x14002a008 GetTokenInformation
0x14002a018 ConvertSidToStringSidW
库: GDI32.dll:
0x14002a038 SelectObject
0x14002a040 DeleteObject
0x14002a048 CreateFontIndirectW

.text
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
D$ P%
没有防病毒引擎扫描信息!

进程树


Ipreporter.exe, PID: 2636, 上一级进程 PID: 2256
Ipreporter.exe, PID: 3012, 上一级进程 PID: 2636

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.100.168.24 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.100.168.24 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 20.454 seconds )

  • 10.671 Suricata
  • 2.925 Static
  • 2.572 VirusTotal
  • 1.751 NetworkAnalysis
  • 1.512 TargetInfo
  • 0.664 BehaviorAnalysis
  • 0.321 peid
  • 0.013 config_decoder
  • 0.012 Strings
  • 0.011 AnalysisInfo
  • 0.002 Memory

Signatures ( 1.703 seconds )

  • 1.344 md_url_bl
  • 0.023 api_spamming
  • 0.019 antiav_detectreg
  • 0.017 stealth_timeout
  • 0.016 virus
  • 0.015 stealth_decoy_document
  • 0.015 bootkit
  • 0.014 securityxploded_modules
  • 0.013 reads_self
  • 0.012 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.012 sets_autoconfig_url
  • 0.012 ipc_namedpipe
  • 0.011 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.011 ransomware_message
  • 0.01 antiav_detectfile
  • 0.009 infostealer_browser
  • 0.009 infostealer_ftp
  • 0.008 md_domain_bl
  • 0.007 disables_spdy
  • 0.007 maldun_anomaly_massive_file_ops
  • 0.007 disables_wfp
  • 0.007 ransomware_extensions
  • 0.006 mimics_filetime
  • 0.006 anomaly_persistence_autorun
  • 0.006 infostealer_bitcoin
  • 0.006 infostealer_im
  • 0.006 ransomware_files
  • 0.005 office_dl_write_exe
  • 0.005 stealth_file
  • 0.005 antivm_generic_disk
  • 0.004 office_write_exe
  • 0.004 antianalysis_detectreg
  • 0.004 antivm_vbox_files
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_mail
  • 0.004 network_http
  • 0.003 infostealer_browser_password
  • 0.003 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.002 cerber_behavior
  • 0.002 hancitor_behavior
  • 0.002 disables_browser_warn
  • 0.001 maldun_anomaly_terminated_process
  • 0.001 network_tor
  • 0.001 rat_luminosity
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 disables_system_restore
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 rat_pcclient

Reporting ( 0.489 seconds )

  • 0.474 ReportHTMLSummary
  • 0.015 Malheur
Task ID 721986
Mongo ID 6480985e7e769a4ec49e3835
Cuckoo release 1.4-Maldun