分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2023-09-23 16:18:15 2023-09-23 16:14:31 86176 秒

魔盾分数

7.15

危险的

文件详细信息

文件名 火力小助手.exe
文件大小 1068528 字节
文件类型 MS-DOS executable, MZ for MS-DOS
MD5 268fda6908c382d6e07f448ef18250d6
SHA1 f8d9d8306a3225261484799c67c34ae57d3da85f
SHA256 4f5dd0973efc745a57987d196c53a6213cdaa83874f90b3776302d038e6b3c83
SHA512 31908be818d0864a80bd72a42d2a5bd08776ff864cbbf9e2d2bcf12a330f13c04ec9ba2345c6c4655ddb9233987de26c6cd4d37a3f36536cd893f1972991c52e
CRC32 88995D26
Ssdeep 24576:g58ow1YLauQjfcV9b3/akUlG3kzNchca4Jc2V8OV6hipptp9J:gmIauQjf89zakUl8kzNcya4Jc2Khst1
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x005ce000
声明校验值 0x001073df
实际校验值 0x001073df
最低操作系统版本要求 4.0
编译时间 2023-09-23 14:55:37
载入哈希 57fb71b0021e4535258fd152adb3f05c
图标
图标精确哈希值 f74be2f2d65a3b9a58d75e2dba1df4a9
图标相似性哈希值 2e6a611c323c33c8695e2a4e8244ea94

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
0x00001000 0x001ab000 0x00000000 IMAGE_SCN_MEM_READ 0.00
0x001ac000 0x00001000 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.78
.rsrc 0x001ad000 0x00020374 0x0001d7f1 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.38
0x001ce000 0x00018000 0x000179fe IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8.00

覆盖

偏移量 0x000357fe
大小 0x000cf5f2

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x001cd220 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
TEXTINCLUDE 0x001cd220 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
TEXTINCLUDE 0x001cd220 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_CURSOR 0x001cca34 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 0.00 empty
RT_CURSOR 0x001cca34 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 0.00 empty
RT_CURSOR 0x001cca34 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 0.00 empty
RT_CURSOR 0x001cca34 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 0.00 empty
RT_CURSOR 0x001cca34 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 0.00 empty
RT_CURSOR 0x001cca34 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 0.00 empty
RT_CURSOR 0x001cca34 0x00000134 LANG_ITALIAN SUBLANG_ITALIAN 0.00 empty
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_BITMAP 0x001ca298 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.12 data
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_ICON 0x001c71dc 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.24 GLS_BINARY_LSB_FIRST
RT_MENU 0x001ca008 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.06 data
RT_MENU 0x001ca008 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.06 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_DIALOG 0x001c8eb8 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.13 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_STRING 0x001c85d8 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.89 data
RT_GROUP_CURSOR 0x001c858c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.64 data
RT_GROUP_CURSOR 0x001c858c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.64 data
RT_GROUP_CURSOR 0x001c858c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.64 data
RT_GROUP_CURSOR 0x001c858c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.64 data
RT_GROUP_CURSOR 0x001c858c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.64 data
RT_GROUP_CURSOR 0x001c858c 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.64 data
RT_GROUP_ICON 0x001c7e38 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x001c7e38 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x001c7e38 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x001c7e8c 0x000002b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.21 data
RT_MANIFEST 0x001c8180 0x000002b9 LANG_NEUTRAL SUBLANG_NEUTRAL 5.02 XML 1.0 document, ASCII text, with very long lines, with no line terminators
RT_RCDATA 0x001c847c 0x0000010e LANG_NEUTRAL SUBLANG_NEUTRAL 7.14 data

导入

库: kernel32.dll:
0x5ac064 GetModuleHandleA
库: user32.dll:
0x5ac074 UpdateWindow
库: advapi32.dll:
0x5ac084 RegQueryValueA
库: comctl32.dll:
0x5ac094 _TrackMouseEvent

.rsrc
kernel32.dll
GetModuleHandleA
user32.dll
UpdateWindow
advapi32.dll
RegQueryValueA
comctl32.dll
_TrackMouseEvent
resource.h
tvugQ5g@
xwwwqxpG
wGuxtpp
p3www
wwa4p
WZ~~or
)(,HC?K
A+259
`8M!v
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security></trustInfo></assembly>
TEXTINCLUDE
IEXT3_IDB_SCROLLBTNS
IEXT3_IDC_DRAGGING
IEXT3_IDC_HANDCUR
IEXT3_IDC_NODRAGGING
DEFAULT_ICON
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.0.0.0
FileDescription
ProductName
ProductVersion
1.0.0.0
CompanyName
LegalCopyright
Comments
(http://www.eyuyan.com)
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树


_______________.exe, PID: 2620, 上一级进程 PID: 2280

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 96.16.55.7 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 96.16.55.7 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 19.93 seconds )

  • 13.262 Suricata
  • 4.104 VirusTotal
  • 1.182 Static
  • 0.46 TargetInfo
  • 0.371 peid
  • 0.36 NetworkAnalysis
  • 0.155 BehaviorAnalysis
  • 0.02 AnalysisInfo
  • 0.012 Strings
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 1.66 seconds )

  • 1.5 md_url_bl
  • 0.022 antiav_detectreg
  • 0.01 infostealer_ftp
  • 0.01 md_domain_bl
  • 0.009 api_spamming
  • 0.007 stealth_decoy_document
  • 0.007 stealth_timeout
  • 0.006 anomaly_persistence_autorun
  • 0.006 antiav_detectfile
  • 0.006 infostealer_im
  • 0.005 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.004 network_http
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 injection_createremotethread
  • 0.002 process_interest
  • 0.002 browser_security
  • 0.001 antivm_vbox_libs
  • 0.001 bootkit
  • 0.001 antiav_avast_libs
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 betabot_behavior
  • 0.001 reads_self
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antivm_generic_disk
  • 0.001 antidbg_windows
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 virus
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.596 seconds )

  • 0.583 ReportHTMLSummary
  • 0.013 Malheur
Task ID 728070
Mongo ID 650e9e8c7e769a3979721b16
Cuckoo release 1.4-Maldun