比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2023-06-07 23:51:39 2023-06-07 23:53:48 129 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 ws.exe
文件大小 341504 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 08eab435d149838a6f73ec58041d334a
SHA1 c48d81f4819c4ccc61356a4098cc6621c9c8246c
SHA256 0e8a4cecd169e7add111d1559caaa48cad8d26b47957a930acf7375d1766baba
SHA512 d601761169787d103bc6b3955883e643432d7896cdfb86c55b538bf2a20e068bfbb676d3f3246cc8af0f4a161de69ff516fc591abe61b9852b463a8be7dc4db6
CRC32 DDC2E0CD
Ssdeep 6144:Lu+TSnLDfs2Uf3/RVyQH8zZRRegEcm/5MbFofndmLBq:ms2UXRBKZugELwyfndmLBq
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
141.255.164.12 瑞士

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
mine.gsbean.com 未知 A 141.255.164.12

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0040ec06
声明校验值 0x000599c7
实际校验值 0x00061958
最低操作系统版本要求 5.0
编译时间 2022-10-09 09:05:19
载入哈希 97843ffb69d38c7f82140e8b5fff11a2

版本信息

10.0.17763.1
CompanyName
10.0.17763.1 (WinBuild.160101.0800)
Microsoft? Windows? Operating System
Magnify.exe
? Microsoft Corporation. All rights reserved.
Language Pack Installer
lpksetup
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0001e68b 0x0001e800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.59
.rdata 0x00020000 0x00007296 0x00007400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.03
.data 0x00028000 0x00011534 0x0000dc00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.63
.rsrc 0x0003a000 0x00018b20 0x00018c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.47
.reloc 0x00053000 0x00006ca4 0x00006e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2.71

导入

库: KERNEL32.dll:
0x420088 HeapReAlloc
0x42008c GetCommandLineA
0x420090 GetStartupInfoA
0x420094 RtlUnwind
0x420098 Sleep
0x42009c ExitProcess
0x4200a0 RaiseException
0x4200a4 HeapSize
0x4200a8 TerminateProcess
0x4200b4 IsDebuggerPresent
0x4200b8 HeapCreate
0x4200bc GetStdHandle
0x4200cc SetHandleCount
0x4200d0 GetFileType
0x4200d8 GetTickCount
0x4200e4 GetACP
0x4200e8 IsValidCodePage
0x4200ec GetConsoleCP
0x4200f0 GetConsoleMode
0x4200f4 LCMapStringA
0x4200f8 LCMapStringW
0x4200fc GetStringTypeA
0x420100 GetStringTypeW
0x420104 SetStdHandle
0x420108 WriteConsoleA
0x42010c GetConsoleOutputCP
0x420110 WriteConsoleW
0x420114 GetOEMCP
0x420118 GetCPInfo
0x42011c GetModuleHandleW
0x420120 SetErrorMode
0x420124 CreateFileA
0x420128 GetCurrentProcess
0x42012c FlushFileBuffers
0x420130 SetFilePointer
0x420134 WriteFile
0x420138 GlobalGetAtomNameA
0x42013c GlobalFindAtomA
0x420140 lstrcmpW
0x420144 GetVersionExA
0x42014c FormatMessageA
0x420150 MultiByteToWideChar
0x420154 TlsFree
0x42015c LocalReAlloc
0x420160 TlsSetValue
0x420164 TlsAlloc
0x42016c GlobalHandle
0x420170 GlobalReAlloc
0x420178 TlsGetValue
0x420180 LocalFree
0x420184 LocalAlloc
0x420188 GlobalFlags
0x42018c GlobalFree
0x420190 GlobalUnlock
0x420198 GetModuleFileNameW
0x4201a0 GetCurrentProcessId
0x4201a4 GetLastError
0x4201a8 SetLastError
0x4201ac GlobalAddAtomA
0x4201b0 CloseHandle
0x4201b4 GlobalDeleteAtom
0x4201b8 GetCurrentThread
0x4201bc GetCurrentThreadId
0x4201c8 GetModuleFileNameA
0x4201cc GetLocaleInfoA
0x4201d0 WideCharToMultiByte
0x4201d4 CompareStringA
0x4201d8 FindResourceA
0x4201dc LoadResource
0x4201e0 LockResource
0x4201e4 SizeofResource
0x4201e8 InterlockedExchange
0x4201ec GlobalLock
0x4201f0 lstrcmpA
0x4201f4 GlobalAlloc
0x4201f8 GetModuleHandleA
0x4201fc lstrlenA
0x420200 HeapFree
0x420204 FreeLibrary
0x420208 GetProcessHeap
0x42020c HeapAlloc
0x420210 GetProcAddress
0x420214 LoadLibraryA
0x420218 IsBadReadPtr
0x42021c VirtualProtect
0x420220 VirtualFree
0x420228 VirtualAlloc
库: USER32.dll:
0x42024c GetSysColorBrush
0x420250 ShowWindow
0x420258 LoadIconA
0x42025c WinHelpA
0x420260 GetClassLongA
0x420264 SetPropA
0x420268 GetPropA
0x42026c RemovePropA
0x420270 IsWindow
0x420274 GetForegroundWindow
0x420278 GetDlgItem
0x42027c GetTopWindow
0x420280 DestroyWindow
0x420284 GetMessageTime
0x420288 GetMessagePos
0x42028c MapWindowPoints
0x420290 SetMenu
0x420294 SetForegroundWindow
0x420298 GetClientRect
0x42029c CreateWindowExA
0x4202a0 GetClassInfoExA
0x4202a4 GetClassInfoA
0x4202a8 RegisterClassA
0x4202ac AdjustWindowRectEx
0x4202b0 CopyRect
0x4202b4 DefWindowProcA
0x4202b8 CallWindowProcA
0x4202bc GetMenu
0x4202c0 SetWindowLongA
0x4202c4 SetWindowPos
0x4202cc IsIconic
0x4202d0 GetWindowPlacement
0x4202d4 GetSystemMetrics
0x4202d8 GetMenuItemID
0x4202dc GetSubMenu
0x4202e0 GetWindow
0x4202e4 GetDlgCtrlID
0x4202e8 GetWindowRect
0x4202ec GetClassNameA
0x4202f0 PtInRect
0x4202f4 GetWindowTextA
0x4202f8 SetWindowTextA
0x4202fc GetSysColor
0x420300 PostMessageA
0x420304 PostQuitMessage
0x420308 CheckMenuItem
0x42030c EnableMenuItem
0x420310 ReleaseDC
0x420314 GetDC
0x420318 GrayStringA
0x42031c DrawTextExA
0x420320 DrawTextA
0x420324 TabbedTextOutA
0x420328 UnhookWindowsHookEx
0x42032c GetMenuItemCount
0x420330 UnregisterClassA
0x420334 DestroyMenu
0x420338 GetMenuState
0x42033c ModifyMenuA
0x420340 SendMessageA
0x420344 GetParent
0x420348 GetFocus
0x42034c LoadBitmapA
0x420354 SetMenuItemBitmaps
0x420358 ValidateRect
0x42035c GetCursorPos
0x420360 PeekMessageA
0x420364 GetKeyState
0x420368 IsWindowVisible
0x42036c GetActiveWindow
0x420370 DispatchMessageA
0x420374 TranslateMessage
0x420378 GetMessageA
0x42037c CallNextHookEx
0x420380 SetWindowsHookExA
0x420384 SetCursor
0x420388 LoadCursorA
0x42038c GetCapture
0x420390 ClientToScreen
0x420398 GetWindowLongA
0x42039c GetLastActivePopup
0x4203a0 IsWindowEnabled
0x4203a4 EnableWindow
0x4203a8 MessageBoxA
库: GDI32.dll:
0x420028 DeleteDC
0x42002c GetStockObject
0x420030 GetDeviceCaps
0x420034 SelectObject
0x420038 ScaleWindowExtEx
0x42003c SetWindowExtEx
0x420040 ScaleViewportExtEx
0x420044 SetViewportExtEx
0x420048 OffsetViewportOrgEx
0x42004c CreateBitmap
0x420050 Escape
0x420054 ExtTextOutA
0x420058 TextOutA
0x42005c RectVisible
0x420060 PtVisible
0x420064 DeleteObject
0x420068 GetClipBox
0x42006c SetMapMode
0x420070 SetTextColor
0x420074 SetBkColor
0x420078 RestoreDC
0x42007c SaveDC
0x420080 SetViewportOrgEx
库: WINSPOOL.DRV:
0x4203b0 DocumentPropertiesA
0x4203b4 OpenPrinterA
0x4203b8 ClosePrinter
库: ADVAPI32.dll:
0x420000 RegSetValueExA
0x420004 RegCreateKeyExA
0x420008 RegQueryValueA
0x42000c RegOpenKeyA
0x420010 RegEnumKeyA
0x420014 RegDeleteKeyA
0x420018 RegOpenKeyExA
0x42001c RegQueryValueExA
0x420020 RegCloseKey
库: SHLWAPI.dll:
0x420240 PathFindFileNameA
0x420244 PathFindExtensionA
库: OLEAUT32.dll:
0x420230 VariantClear
0x420234 VariantChangeType
0x420238 VariantInit
.text
`.rdata
@.data
.rsrc
@.reloc
tJhH^@
tJhH^@
tJhH^@
u*hHwC
tJhH^@
YQPVh
uBh?EA
F\@$B
F\=@$B
tehv3A
SVWUj
GWhX.B
FVhX.B
CWinApp
Settings
PreviewPages
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxA
KERNEL32
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
NoDrives
RestrictRun
NoNetConnectDisconnect
NoRecentDocsHistory
NoClose
Software\Microsoft\Windows\CurrentVersion\Policies\Network
NoEntireNetwork
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
NoPlacesBar
NoBackButton
NoFileMru
ntdll.dll
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
kernel32.dll
%s%s.dll
%s (%s:%d)
Exception thrown in destructor
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
CCmdTarget
CWinThread
Software\Classes\
Software\
CObject
Delete
NoRemove
ForceRemove
CInvalidArgException
CNotSupportedException
CMemoryException
CSimpleException
CException
software
CreateActCtxW
comctl32.dll
comdlg32.dll
shell32.dll
CGdiObject
CUserException
CResourceException
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
COleException
DISPLAY
AfxWnd90s
AfxControlBar90s
AfxMDIFrame90s
AfxFrameOrView90s
AfxOleControl90s
AfxOldWndProc423
EnumDisplayDevicesA
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
InitCommonControls
InitCommonControlsEx
HtmlHelpA
hhctrl.ocx
accParent
accChildCount
accChild
accName
accValue
accDescription
accRole
accState
accHelp
accHelpTopic
accKeyboardShortcut
accFocus
accSelection
accDefaultAction
accSelect
accLocation
accNavigate
accHitTest
accDoDefaultAction
没有防病毒引擎扫描信息!

进程树

ws.exe, PID: 2636, 上一级进程 PID: 2304
Smbonalan.exe, PID: 2864, 上一级进程 PID: 2636
services.exe, PID: 424, 上一级进程 PID: 328
Smbonalan.exe, PID: 2756, 上一级进程 PID: 424
mscorsvw.exe, PID: 2792, 上一级进程 PID: 424
mscorsvw.exe, PID: 248, 上一级进程 PID: 424
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
141.255.164.12 瑞士

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49165 141.255.164.12 mine.gsbean.com 8585
192.168.122.201 49166 141.255.164.12 mine.gsbean.com 8585
192.168.122.201 49160 23.214.95.221 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
mine.gsbean.com 未知 A 141.255.164.12

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49165 141.255.164.12 mine.gsbean.com 8585
192.168.122.201 49166 141.255.164.12 mine.gsbean.com 8585
192.168.122.201 49160 23.214.95.221 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 33.119 seconds )

  • 12.634 NetworkAnalysis
  • 11.007 Suricata
  • 6.205 VirusTotal
  • 1.648 Static
  • 0.973 BehaviorAnalysis
  • 0.328 TargetInfo
  • 0.3 peid
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory
  • 0.001 config_decoder

Signatures ( 1.754 seconds )

  • 1.349 md_url_bl
  • 0.052 api_spamming
  • 0.041 stealth_timeout
  • 0.04 stealth_decoy_document
  • 0.039 antiav_detectreg
  • 0.016 dridex_behavior
  • 0.015 infostealer_ftp
  • 0.009 stealth_network
  • 0.009 dead_connect
  • 0.009 infostealer_im
  • 0.009 md_domain_bl
  • 0.008 antianalysis_detectreg
  • 0.007 mimics_filetime
  • 0.007 reads_self
  • 0.007 shifu_behavior
  • 0.007 virus
  • 0.006 stealth_file
  • 0.006 anomaly_persistence_autorun
  • 0.006 antivm_generic_disk
  • 0.006 kovter_behavior
  • 0.006 antiav_detectfile
  • 0.005 antiemu_wine_func
  • 0.005 bootkit
  • 0.005 infostealer_browser_password
  • 0.005 hancitor_behavior
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_mail
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 injection_createremotethread
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_vbox_files
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_libs
  • 0.002 antivm_generic_services
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 anormaly_invoke_kills
  • 0.002 injection_runpe
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 disables_browser_warn
  • 0.002 md_bad_drop
  • 0.002 network_torgateway
  • 0.001 hawkeye_behavior
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 injection_explorer
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 exec_crash
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 process_needed
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_diskreg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint

Reporting ( 0.537 seconds )

  • 0.526 ReportHTMLSummary
  • 0.011 Malheur
Task ID 721988
Mongo ID 6480a83cdc327b4796065014
Cuckoo release 1.4-Maldun