分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-29 11:00:04 | 2024-04-29 11:02:15 | 131 秒 |
魔盾分数
7.05
危险的
文件详细信息
| 文件名 | Screenmonitor.exe |
|---|---|
| 文件大小 | 278528 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | be7fa3c0d5ae437a44fafbf501b6e2ff |
| SHA1 | 5175ce03b8ac331653a8a660628eba6069766b34 |
| SHA256 | ece2bf0dcb334eb50f2b017403950ec7dd45a71fd22b7a1a567ecd6d0f8368c0 |
| SHA512 | 0710c79dd2dc68c7075065a9a9306c88a69fca0317bb4133400d701f3d36a113cbc934be1f173077c4529788504f7e2c5d5e3e3fc42bb29e76e0631789a7d29b |
| CRC32 | AAB94023 |
| Ssdeep | 6144:l4byuJLHa3B8+PQwaueUQt/HtJk315oZmfeqlYDDhb:lGa3B8+PQwaaQtHtJk315oZmfeq2D |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00402068 |
| 声明校验值 | 0x0004af26 |
| 实际校验值 | 0x0004af26 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2018-06-05 15:22:53 |
| 载入哈希 | 8c90f4bff93841024794fea2c066a0a9 |
| 图标 |  |
| 图标精确哈希值 | 061d68c828311c686dbbc8a2adc4d06e |
| 图标相似性哈希值 | bad9079f7233bef1a1cf5f88d35f5914 |
版本信息
| Translation | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| OriginalFilename |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0003fd6c | 0x00040000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.78 |
| .data | 0x00041000 | 0x00003e58 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x00045000 | 0x00001008 | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.05 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x00045360 | 0x00000ca8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.01 | data |
| RT_GROUP_ICON | 0x0004534c | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.32 | MS Windows icon resource - 1 icon, 32x32 |
| RT_VERSION | 0x000450f0 | 0x0000025c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.37 | data |
导入
库: MSVBVM60.DLL:
• 0x401000 __vbaVarTstGt
• 0x401004 __vbaVarSub
• 0x401008 None
• 0x40100c __vbaStrI2
• 0x401010 None
• 0x401014 _CIcos
• 0x401018 _adj_fptan
• 0x40101c __vbaStrI4
• 0x401020 __vbaVarMove
• 0x401024 __vbaAryMove
• 0x401028 __vbaFreeVar
• 0x40102c __vbaLenBstr
• 0x401030 __vbaLateIdCall
• 0x401034 __vbaStrVarMove
• 0x401038 __vbaFreeVarList
• 0x40103c __vbaEnd
• 0x401040 _adj_fdiv_m64
• 0x401044 __vbaNextEachVar
• 0x401048 __vbaFreeObjList
• 0x40104c __vbaStrErrVarCopy
• 0x401050 _adj_fprem1
• 0x401054 None
• 0x401058 __vbaRecAnsiToUni
• 0x40105c __vbaStrCat
• 0x401060 __vbaVarCmpNe
• 0x401064 __vbaLsetFixstr
• 0x401068 None
• 0x40106c None
• 0x401070 __vbaSetSystemError
• 0x401074 __vbaRecDestruct
• 0x401078 __vbaLenBstrB
• 0x40107c __vbaHresultCheckObj
• 0x401080 None
• 0x401084 __vbaLenVar
• 0x401088 _adj_fdiv_m32
• 0x40108c __vbaVarTstLe
• 0x401090 None
• 0x401094 __vbaAryDestruct
• 0x401098 __vbaVarXor
• 0x40109c __vbaVarCmpGe
• 0x4010a0 __vbaLateMemSt
• 0x4010a4 __vbaVarForInit
• 0x4010a8 __vbaObjSet
• 0x4010ac __vbaOnError
• 0x4010b0 None
• 0x4010b4 None
• 0x4010b8 _adj_fdiv_m16i
• 0x4010bc __vbaObjSetAddref
• 0x4010c0 _adj_fdivr_m16i
• 0x4010c4 None
• 0x4010c8 __vbaVarIndexLoad
• 0x4010cc __vbaFpR4
• 0x4010d0 None
• 0x4010d4 __vbaFPFix
• 0x4010d8 __vbaFpR8
• 0x4010dc __vbaBoolVarNull
• 0x4010e0 __vbaVarTstLt
• 0x4010e4 _CIsin
• 0x4010e8 None
• 0x4010ec None
• 0x4010f0 __vbaVarZero
• 0x4010f4 None
• 0x4010f8 __vbaChkstk
• 0x4010fc __vbaFileClose
• 0x401100 EVENT_SINK_AddRef
• 0x401104 __vbaGenerateBoundsError
• 0x401108 __vbaStrCmp
• 0x40110c None
• 0x401110 __vbaAryConstruct2
• 0x401114 __vbaVarTstEq
• 0x401118 __vbaDateR8
• 0x40111c __vbaI2I4
• 0x401120 None
• 0x401124 __vbaObjVar
• 0x401128 DllFunctionCall
• 0x40112c __vbaVarLateMemSt
• 0x401130 __vbaVarOr
• 0x401134 __vbaFpUI1
• 0x401138 __vbaStrR4
• 0x40113c __vbaRedimPreserve
• 0x401140 _adj_fpatan
• 0x401144 __vbaR4Var
• 0x401148 __vbaLateIdCallLd
• 0x40114c __vbaRedim
• 0x401150 __vbaStrR8
• 0x401154 __vbaUI1ErrVar
• 0x401158 __vbaRecUniToAnsi
• 0x40115c EVENT_SINK_Release
• 0x401160 None
• 0x401164 __vbaUI1I2
• 0x401168 _CIsqrt
• 0x40116c __vbaVarAnd
• 0x401170 EVENT_SINK_QueryInterface
• 0x401174 __vbaUI1I4
• 0x401178 __vbaVarMul
• 0x40117c __vbaExceptHandler
• 0x401180 None
• 0x401184 __vbaPrintFile
• 0x401188 __vbaStrToUnicode
• 0x40118c _adj_fprem
• 0x401190 _adj_fdivr_m64
• 0x401194 __vbaI2Str
• 0x401198 __vbaVarDiv
• 0x40119c None
• 0x4011a0 None
• 0x4011a4 None
• 0x4011a8 __vbaVarCmpLe
• 0x4011ac __vbaFPException
• 0x4011b0 None
• 0x4011b4 __vbaInStrVar
• 0x4011b8 __vbaUbound
• 0x4011bc __vbaStrVarVal
• 0x4011c0 __vbaVarCat
• 0x4011c4 None
• 0x4011c8 __vbaDateVar
• 0x4011cc __vbaI2Var
• 0x4011d0 None
• 0x4011d4 None
• 0x4011d8 None
• 0x4011dc _CIlog
• 0x4011e0 __vbaErrorOverflow
• 0x4011e4 __vbaFileOpen
• 0x4011e8 __vbaVar2Vec
• 0x4011ec __vbaR8Str
• 0x4011f0 __vbaInStr
• 0x4011f4 __vbaNew2
• 0x4011f8 __vbaVarLateMemCallLdRf
• 0x4011fc _adj_fdiv_m32i
• 0x401200 _adj_fdivr_m32i
• 0x401204 None
• 0x401208 __vbaStrCopy
• 0x40120c __vbaI4Str
• 0x401210 __vbaVarCmpLt
• 0x401214 __vbaFreeStrList
• 0x401218 None
• 0x40121c _adj_fdivr_m32
• 0x401220 __vbaPowerR8
• 0x401224 __vbaR8Var
• 0x401228 _adj_fdiv_r
• 0x40122c None
• 0x401230 __vbaVarTstNe
• 0x401234 __vbaVarSetVar
• 0x401238 __vbaI4Var
• 0x40123c __vbaVarCmpEq
• 0x401240 None
• 0x401244 None
• 0x401248 __vbaAryLock
• 0x40124c __vbaLateMemCall
• 0x401250 __vbaVarAdd
• 0x401254 __vbaVarDup
• 0x401258 __vbaStrToAnsi
• 0x40125c None
• 0x401260 __vbaFpI2
• 0x401264 __vbaFpI4
• 0x401268 __vbaVarTstGe
• 0x40126c __vbaVarLateMemCallLd
• 0x401270 __vbaVarCopy
• 0x401274 None
• 0x401278 __vbaVarSetObjAddref
• 0x40127c __vbaLateMemCallLd
• 0x401280 __vbaRecDestructAnsi
• 0x401284 _CIatan
• 0x401288 __vbaAryCopy
• 0x40128c None
• 0x401290 __vbaStrMove
• 0x401294 __vbaI2ErrVar
• 0x401298 __vbaCastObj
• 0x40129c None
• 0x4012a0 __vbaForEachVar
• 0x4012a4 None
• 0x4012a8 None
• 0x4012ac _allmul
• 0x4012b0 __vbaVarLateMemCallSt
• 0x4012b4 __vbaLateIdSt
• 0x4012b8 None
• 0x4012bc None
• 0x4012c0 _CItan
• 0x4012c4 None
• 0x4012c8 __vbaUI1Var
• 0x4012cc None
• 0x4012d0 __vbaAryUnlock
• 0x4012d4 __vbaVarForNext
• 0x4012d8 _CIexp
• 0x4012dc __vbaFreeObj
• 0x4012e0 __vbaFreeStr
• 0x4012e4 None
• 0x4012e8 __vbaI4ErrVar
• 0x4012ec None
.text
`.data
.rsrc
MSVBVM60.DLL
Screenmonitor
Form1
Form1
Frame8
Label31
Label51
Label49
Shape2
Shape1
Label24
Frame5
Label9
Image11
Label17
Label19
Line5
Line6
Image12
Picture1
Timer1
Timer2
PubFrame
Frame15
Text5
Label1
Label16
Label15
Frame10
Combo1
Combo2
Check1
Label23
Label7
Label44
Frame11
Label29
Image7
Label27
:123456
Line2
Label34
Frame12
Label33
Image8
Line1
Label21
Label32
Frame4
Check3
Label20
Image10
Label35
Image9
333333
3333333333333333333333333333333333
Frame13
Option2
Option1
Text3
Check2
Text2
Text1
Frame1
Option3
Option4
Label40
Label52
Label8
Line4
Label12
Image1
33333333333330
{{{{{{{{{{{{{0
{{{{{{{{{{{{w
{{{{{{{{{{{{x
{{{{{{{{{{{{0
{{{{{{{{{{{{0
{{{{x
Label18
Label14
Label13
Frame14
Check9
Label2
Label42
Label6
Label5
Label4
Label3
Image2
wwwwwwwwwwwwwp
wwwwwwwwwwwwwww
wwwwwww
AboutFrame
Frame7
Label22
Image13
!!!
!!!
!!!!!
!!!!!!
!!!!!!
!!!!!
!!!
!!!
Label43
Label41
Frame9
Label10
Label11
Label39
Screenmonitor
Label38
Label37
Label36
Image14
Label30
Label28
EMAIL:amesman@163.com
Label25
http://www.crsky.com/soft/39507.html
Label26
http://blog.csdn.net/amesman
Version
V1.2.1
Image3
!!!
!!!
!!!!!
!!!!!!
!!!!!!
!!!!!
!!!
!!!
Image6
Image4
!!!
!!!
!!!!!
!!!!!!
!!!!!!
!!!!!
!!!
!!!
Image5
www3ffUUUUUU3ffDDD333"""
wwwf33
wwwDDD"""3
DDD"""3
"""333
3""""""
3ff33fwwwwww3ff
""""""
333333"""3
ReR_Un
ReRun
Uninst
Hp_Reg
userHelp
userReg
vb6chs.dll
Screenmonitor
Screenmonitor
Screenmonitor
0*bO\s
Form1
Inputbox_xinghao
Form2
Form3
Form4
SendtoMail
Form5
JiePingPic
Form6
PubBL
ZDRun
Form7
Screenmonitor
Image5
C:\Program Files\Microsoft Visual Studio\VB98\VB6.OLB
Picture1
Label21
Image6
PubFrame
AboutFrame
Check2
Text1
Option1
Option2
Option3
Option4
Image1
Text2
Text3
Check9
Image3
Image9
Version
userReg
Image8
Image7
Label25
Label26
Label23
Label24
Label27
Label28
ReR_Un
Label22
Label20
Hp_Reg
Uninst
Image11
Image10
Label18
Label36
Label12
Label13
Label10
Label11
Label16
Image14
Label14
Image13
Image12
Label15
Timer2
Label7
Combo1
userHelp
Frame13
Frame12
Frame11
Combo2
Frame10
Label52
Label51
Frame4
Text5
Frame5
Frame8
ReRun
Label49
Label1
Label3
Frame15
Check1
Label4
Label35
Label5
Frame14
Frame7
Frame9
Timer1
Label43
Label44
Label41
Label42
Check3
Frame1
Label40
Label8
Label9
Label6
Label29
Label38
Label39
Label37
Label30
Label33
Label31
Label2
Label34
Label32
Label17
Label19
Image2
Image4
shell32.dll
SHGetPathFromIDListA
Changetimes
SHBrowseForFolderA
user32
GetAsyncKeyState
Shell32
SHGetSpecialFolderLocation
LjSet
Image6_Click
Image4_Click
FsOrNot
OkToJp
YunXPlanJC
JiShiJp
Jieping
PicCapChk
MyReg
SelectFolder
UninstallMe
kernel32
RtlMoveMemory
T\Pbk
Command1
Command2
PlanDate
txtSDate
txtEDate
Command3
Frame3
Frame2
PlanTime
[Text4
lblInfo
LblPos
PtInRect
gdi32
CreateDCA
BitBlt
GetPixel
SetWindowPos
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDesktopWindow
DeleteDC
ReleaseDC
Sleep
GetCursorPos
MDown
ImageMove
PostMessageA
SetTimer
KillTimer
FindWindowA
FindWindowExA
GetDeviceCaps
GetSystemPaletteEntries
CreatePalette
GetForegroundWindow
SelectPalette
OleCreatePictureIndirect
RealizePalette
GetWindowDC
GetDC
GetWindowRect
GDIPlus
GdiplusStartup
GdiplusShutdown
olepro32.dll
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToFile
ole32
CLSIDFromString
GdipCreateBitmapFromFile
advapi32.dll
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
VBA6.DLL
__vbaRecDestruct
__vbaVarCopy
__vbaRecDestructAnsi
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaVarMul
__vbaVarAdd
__vbaFPFix
__vbaI4ErrVar
__vbaAryUnlock
__vbaNextEachVar
__vbaVarTstLt
__vbaLenVar
__vbaVarLateMemCallLdRf
__vbaVarZero
__vbaForEachVar
__vbaR8Var
__vbaI4Str
__vbaVarLateMemCallLd
__vbaVarDiv
__vbaCastObj
__vbaVarCmpLe
__vbaVarCmpGe
__vbaVarTstGe
__vbaDateVar
__vbaDateR8
__vbaLateMemCall
__vbaVarTstLe
__vbaVarTstEq
__vbaI2Str
__vbaLateMemCallLd
__vbaVarSetVar
__vbaObjVar
__vbaVarSetObjAddref
__vbaVarCat
__vbaVarCmpNe
__vbaVarAnd
__vbaBoolVarNull
__vbaStrR8
__vbaI2ErrVar
__vbaLateIdSt
__vbaFreeObjList
__vbaNew2
__vbaEnd
__vbaVarTstNe
__vbaErrorOverflow
__vbaObjSetAddref
__vbaStrI2
__vbaVarIndexLoad
__vbaStrErrVarCopy
__vbaVarMove
__vbaInStr
__vbaFileClose
__vbaInStrVar
__vbaVarSub
__vbaI4Var
__vbaStrVarMove
__vbaStrToUnicode
__vbaLsetFixstr
__vbaStrToAnsi
__vbaSetSystemError
__vbaI2I4
__vbaFpI4
__vbaFreeVarList
__vbaVarDup
__vbaFpR8
__vbaStrVarVal
__vbaStrCopy
__vbaFreeStrList
__vbaPrintFile
__vbaFileOpen
__vbaFreeVar
__vbaFreeStr
__vbaStrCat
__vbaStrMove
__vbaStrCmp
__vbaOnError
__vbaFreeObj
__vbaHresultCheckObj
__vbaObjSet
__vbaVarCmpEq
__vbaVarOr
__vbaVarLateMemCallSt
__vbaR8Str
__vbaLateMemSt
__vbaLateIdCallLd
__vbaVarLateMemSt
__vbaR4Var
__vbaLateIdCall
__vbaI2Var
__vbaUI1I2
__vbaGenerateBoundsError
Ncknx,
__vbaVarTstGt
__vbaVarCmpLt
__vbaRedimPreserve
__vbaAryCopy
__vbaUI1I4
__vbaFpI2
__vbaFpUI1
__vbaVarXor
__vbaUI1Var
__vbaPowerR8
__vbaUI1ErrVar
__vbaLenBstr
__vbaRedim
__vbaAryConstruct2
__vbaAryDestruct
__vbaAryLock
__vbaLenBstrB
__vbaUbound
__vbaVar2Vec
__vbaAryMove
__vbaVarForNext
__vbaVarForInit
__vbaStrI4
__vbaFpR4
__vbaStrR4
Form4
Form4
Command1
Command2
Frame1
Text3
Text2
Text1
Label2
Label1
Form2
Form2
Command1
Command2
Frame1
Text1
Text2
Text3
Label1
Label2
Label3
Label4
Form5
Form5
Text4
Command3
Command1
Frame1
Check2
Check1
Text3
Text2
Text1
Label8
Label6
Label5
Label4
Label3
Label2
Label1
Form6
Form6
Command3
Command2
Command1
Frame1
Frame3
txtEDate
txtSDate
PlanDate
:yyyy-mm-dd)
Label1
Label2
Frame2
Text1
PlanTime
Label5
: 08:00-14:00)
Label4
Label3
Form3
Form3
Frame1
Label8
Label6
Label5
Label4
Label3
Label2
Label1
Command2
Label7
amesman@163.com
Form7
iG{a@xU,UP?
Form1
Picture1
Line1
lblInfo
Label2
Image2
\v1.2.1\Screenmonitor.vbp
desktop.ini
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
Mysettings
Settings
JiamiFolder
Zdm#amesman%-7994@0411&haoren&&&RR1104OK
PicLj
Piccap
PicCount
ClnPic
JpjgDW
Home+Ctrl
StartDate
EndDate
PlanTime
123456
Shift
Times
scrpic
scrpic\
cmd /c del
Explorer
GetFolder
Scripting.FileSystemObject
Files
DateCreated
send\
GetDrive
SerialNumber
windir
\Screenmonitor.exe
*.jpg
http://schemas.microsoft.com/cdo/configuration/
CDO.Message
Subject
Textbody
AddAttachment
Configuration
Fields
sendusing
smtp.
smtpserver
smtpserverport
smtpusessl
smtpauthenticate
sendusername
sendpassword
smtpconnectiontimeout
Update
Enabled
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{1D5BE4B5-FA4A-452D-9CDD-5DB35105E7EB}
23:59
58,50,42,34,26,18,10,2,
60,52,44,36,28,20,12,4,
62,54,46,38,30,22,14,6,
64,56,48,40,32,24,16,8,
57,49,41,33,25,17,9,1,
59,51,43,35,27,19,11,3,
61,53,45,37,29,21,13,5,
63,55,47,39,31,23,15,7
40,8,48,16,56,24,64,32,
39,7,47,15,55,23,63,31,
38,6,46,14,54,22,62,30,
37,5,45,13,53,21,61,29,
24,25,26,27,28,29,
36,4,44,12,52,20,60,28,
35,3,43,11,51,19,59,27,
34,2,42,10,50,18,58,26,
33,1,41,9,49,17,57,25
32,1, 2, 3, 4, 5,
4, 5, 6, 7, 8, 9,
8, 9, 10,11,12,13,
12,13,14,15,16,17,
16,17,18,19,20,21,
20,21,22,23,24,25,
28,29,30,31,32,1
57,49,41,33,25,17,9,
1,58,50,42,34,26,18,
10,2,59,51,43,35,27,
19,11,3,60,52,44,36,
63,55,47,39,31,23,15,
7,62,54,46,38,30,22,
14,6,61,53,45,37,29,
21,13,5,28,20,12,4
14,17,11,24,1,5,
3,28,15,6,21,10,
23,19,12,4,26,8,
16,7,27,20,13,2,
41,52,31,37,47,55,
30,40,51,45,33,48,
44,49,39,56,34,53,
46,42,50,36,29,32
1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1
16,7,20,21,
29,12,28,17,
1,15,23,26,
5,18,31,10,
2,8,24,14,
32,27,3,9,
19,13,30,6,
22,11,4,25
14,4,13,1,2,15,11,8,3,10,6,12,5,9,0,7,
0,15,7,4,14,2,13,1,10,6,12,11,9,5,3,8,
4,1,14,8,13,6,2,11,15,12,9,7,3,10,5,0,
15,12,8,2,4,9,1,7,5,11,3,14,10,0,6,13,
15,1,8,14,6,11,3,4,9,7,2,13,12,0,5,10,
3,13,4,7,15,2,8,14,12,0,1,10,6,9,11,5,
0,14,7,11,10,4,13,1,5,8,12,6,9,3,2,15,
13,8,10,1,3,15,4,2,11,6,7,12,0,5,14,9,
10,0,9,14,6,3,15,5,1,13,12,7,11,4,2,8,
13,7,0,9,3,4,6,10,2,8,5,14,12,11,15,1,
13,6,4,9,8,15,3,0,11,1,2,12,5,10,14,7,
1,10,13,0,6,9,8,7,4,15,14,3,11,5,2,12,
7,13,14,3,0,6,9,10,1,2,8,5,11,12,4,15,
13,8,11,5,6,15,0,3,4,7,2,12,1,10,14,9,
10,6,9,0,12,11,7,13,15,1,3,14,5,2,8,4,
3,15,0,6,10,1,13,8,9,4,5,11,12,7,2,14,
2,12,4,1,7,10,11,6,8,5,3,15,13,0,14,9,
14,11,2,12,4,7,13,1,5,0,15,10,3,9,8,6,
4,2,1,11,10,13,7,8,15,9,12,5,6,3,0,14,
11,8,12,7,1,14,2,13,6,15,0,9,10,4,5,3,
12,1,10,15,9,2,6,8,0,13,3,4,14,7,5,11,
10,15,4,2,7,12,9,5,6,1,13,14,0,11,3,8,
9,14,15,5,2,8,12,3,7,0,4,10,1,13,11,6,
4,3,2,12,9,5,15,10,11,14,1,7,6,0,8,13,
4,11,2,14,15,0,8,13,3,12,9,7,5,10,6,1,
13,0,11,7,4,9,1,10,14,3,5,12,2,15,8,6,
1,4,11,13,12,3,7,14,10,15,6,8,0,5,9,2,
6,11,13,8,1,4,10,7,9,5,0,15,14,2,3,12,
13,2,8,4,6,15,11,1,10,9,3,14,5,0,12,7,
1,15,13,8,10,3,7,4,12,5,6,11,0,14,9,2,
7,11,4,1,9,12,14,2,0,6,10,13,15,3,5,8,
2,1,14,7,4,10,8,13,15,12,9,0,3,5,6,11
MySoftware
Software\Microsoft\Windows\CurrentVersion\Run
DISPLAY
Start
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.206.229.78 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.206.229.78 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 13.951 seconds )
- 11.17 Suricata
- 1.248 NetworkAnalysis
- 0.533 Static
- 0.452 TargetInfo
- 0.313 peid
- 0.21 BehaviorAnalysis
- 0.012 Strings
- 0.011 AnalysisInfo
- 0.002 Memory
Signatures ( 1.681 seconds )
- 1.476 proprietary_url_bl
- 0.036 antiav_detectreg
- 0.028 proprietary_domain_bl
- 0.014 infostealer_ftp
- 0.011 api_spamming
- 0.009 stealth_decoy_document
- 0.009 stealth_timeout
- 0.008 infostealer_im
- 0.007 antianalysis_detectreg
- 0.005 anomaly_persistence_autorun
- 0.005 antiav_detectfile
- 0.005 geodo_banking_trojan
- 0.005 infostealer_mail
- 0.005 ransomware_extensions
- 0.004 infostealer_bitcoin
- 0.004 network_http
- 0.004 ransomware_files
- 0.003 antivm_generic_scsi
- 0.003 antidbg_windows
- 0.002 tinba_behavior
- 0.002 antiemu_wine_func
- 0.002 antivm_generic_services
- 0.002 betabot_behavior
- 0.002 kibex_behavior
- 0.002 kovter_behavior
- 0.002 antivm_parallels_keys
- 0.002 antivm_vbox_files
- 0.002 antivm_xen_keys
- 0.002 disables_browser_warn
- 0.001 bootkit
- 0.001 rat_nanocore
- 0.001 mimics_filetime
- 0.001 stealth_file
- 0.001 reads_self
- 0.001 antivm_generic_disk
- 0.001 infostealer_browser_password
- 0.001 anormaly_invoke_kills
- 0.001 cerber_behavior
- 0.001 virus
- 0.001 antivm_generic_diskreg
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 darkcomet_regkeys
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 proprietary_bad_drop
- 0.001 network_cnc_http
- 0.001 recon_fingerprint
Reporting ( 0.703 seconds )
- 0.694 ReportHTMLSummary
- 0.009 Malheur
| Task ID | 744442 |
|---|---|
| Mongo ID | 662f0df77e769a05bb3db574 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号