分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-29 11:39:24 | 2024-04-29 11:39:58 | 34 秒 |
魔盾分数
0.2
正常的
文件详细信息
| 文件名 | pycharm64.exe |
|---|---|
| 文件大小 | 951696 字节 |
| 文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | cfe592e699f8337d562b645d340fde50 |
| SHA1 | d9833abbc3210df37bebc508f75c122f3f99960e |
| SHA256 | 5cf30e2e410cce982650d1372308f0ba6d6548b9743db4e44c5186435cba5fa9 |
| SHA512 | d53569ee1bc632cde86e2310e587b5520d4337de65092934dc7cd86b0c1eee0f8558dc33320287a2e4a6438ed1eb15a360a3d8380230aada7ed47d5ab6d0074a |
| CRC32 | 69B0E112 |
| Ssdeep | 24576:M5v5PtTiAC60dYJHcyLXTh8zEMX5r3nVR7Vl:M5v5PtTiA3Hz98zvJn/ |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交漏报 |
登录查看威胁特征
运行截图
没有可用的屏幕截图访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x140000000 |
|---|---|
| 入口地址 | 0x140052b70 |
| 声明校验值 | 0x000f0f5f |
| 实际校验值 | 0x000f0f5f |
| 最低操作系统版本要求 | 6.0 |
| PDB路径 | %%%WinLauncher.pdb%%% |
| 编译时间 | 2023-09-20 19:37:00 |
| 载入哈希 | 2b36c26567e148c0bc1e87ed54d62d8a |
| 图标 |  |
| 图标精确哈希值 | ae2967330324ad3c6013c1c775ea0197 |
| 图标相似性哈希值 | f68cb971803d9459b70e82075868efdc |
| 导出DLL库名称 | WinLauncher.exe |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
微软证书验证 (Sign Tool)
| SHA1 | 时间戳 | 有效性 | 错误 |
|---|---|---|---|
| None | Wed Dec 20 00:45:53 2023 | 无 |
| 证书链 | Certificate Chain 1 |
| 发行给 | Entrust Root Certification Authority - G2 |
| 发行人 | Entrust Root Certification Authority - G2 |
| 有效期 | Sun Dec 08 015554 2030 |
| SHA1 哈希 | 8cf427fd790c3ad166068de81e57efbb932272d4 |
| 证书链 | Certificate Chain 2 |
| 发行给 | Entrust Code Signing Root Certification Authority - CSBR1 |
| 发行人 | Entrust Root Certification Authority - G2 |
| 有效期 | Fri Nov 08 001345 2030 |
| SHA1 哈希 | b337b8fdb56ecb58bf5dbcf8c22c320107535a02 |
| 证书链 | Certificate Chain 3 |
| 发行给 | Entrust Extended Validation Code Signing CA - EVCS2 |
| 发行人 | Entrust Code Signing Root Certification Authority - CSBR1 |
| 有效期 | Sun Dec 30 075900 2040 |
| SHA1 哈希 | b52063cecffafa24b57993b8efe7fb1e4d6d56bc |
| 证书链 | Certificate Chain 4 |
| 发行给 | JetBrains s.r.o. |
| 发行人 | Entrust Extended Validation Code Signing CA - EVCS2 |
| 有效期 | Sat Oct 11 203636 2025 |
| SHA1 哈希 | eaa81cd9f11dd9de125898071473d21286ed1c22 |
| 证书链 | Timestamp Chain 1 |
| 发行给 | Entrust Root Certification Authority - G2 |
| 发行人 | Entrust Root Certification Authority - G2 |
| 有效期 | Sun Dec 08 015554 2030 |
| SHA1 哈希 | 8cf427fd790c3ad166068de81e57efbb932272d4 |
| 证书链 | Timestamp Chain 2 |
| 发行给 | Entrust Code Signing Root Certification Authority - CSBR1 |
| 发行人 | Entrust Root Certification Authority - G2 |
| 有效期 | Fri Nov 08 001345 2030 |
| SHA1 哈希 | b337b8fdb56ecb58bf5dbcf8c22c320107535a02 |
| 证书链 | Timestamp Chain 3 |
| 发行给 | Entrust Time Stamping CA - TS2 |
| 发行人 | Entrust Code Signing Root Certification Authority - CSBR1 |
| 有效期 | Sun Dec 30 075900 2040 |
| SHA1 哈希 | 78491bab39cf2d94d23d219c0d1eb279b16c61db |
| 证书链 | Timestamp Chain 4 |
| 发行给 | Entrust Timestamp Authority - TSA2 |
| 发行人 | Entrust Time Stamping CA - TS2 |
| 有效期 | Mon Jan 01 080000 2029 |
| SHA1 哈希 | 291d1bf682d27fd5e49083c7f9772bb4bbfab34c |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00074920 | 0x00074a00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.44 |
| .rdata | 0x00076000 | 0x0001a0b0 | 0x0001a200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.40 |
| .data | 0x00091000 | 0x00004a88 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.08 |
| .pdata | 0x00096000 | 0x000050c4 | 0x00005200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.75 |
| _RDATA | 0x0009c000 | 0x000000fc | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.44 |
| .rsrc | 0x0009d000 | 0x0004f200 | 0x0004f200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.82 |
| .reloc | 0x000ed000 | 0x00000b20 | 0x00000c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.29 |
覆盖
| 偏移量 | 0x000e5600 |
| 大小 | 0x00002f90 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x000a7ab0 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.73 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x000a7ab0 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.73 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x000a7ab0 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.73 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x000a7ab0 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.73 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x000a7ab0 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.73 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x000a7ab0 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.73 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x000a7ab0 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.73 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x000a7ab0 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.73 | dBase III DBT, version number 0, next free block index 40 |
| RT_STRING | 0x000ea758 | 0x000013b4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.43 | data |
| RT_STRING | 0x000ea758 | 0x000013b4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.43 | data |
| RT_STRING | 0x000ea758 | 0x000013b4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.43 | data |
| RT_GROUP_ICON | 0x000e9ad8 | 0x00000076 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.93 | MS Windows icon resource - 8 icons, 16x16 |
| RT_VERSION | 0x000e9b50 | 0x0000032c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.47 | data |
| RT_MANIFEST | 0x000ebb10 | 0x000005be | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.29 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
导入
库: ADVAPI32.dll:
• 0x140076000 RevertToSelf
• 0x140076008 RegDisablePredefinedCache
• 0x140076010 RegOpenKeyExW
• 0x140076018 RegCloseKey
• 0x140076020 IsValidSid
• 0x140076028 GetLengthSid
• 0x140076030 ConvertStringSidToSidW
• 0x140076038 ConvertSidToStringSidW
• 0x140076040 EqualSid
• 0x140076048 CreateProcessAsUserW
• 0x140076050 SetThreadToken
• 0x140076058 GetTokenInformation
• 0x140076060 OpenProcessToken
• 0x140076068 DuplicateTokenEx
• 0x140076070 SetTokenInformation
• 0x140076078 LookupPrivilegeValueW
• 0x140076080 CreateRestrictedToken
• 0x140076088 AdjustTokenPrivileges
• 0x140076090 FreeSid
• 0x140076098 ImpersonateLoggedOnUser
• 0x1400760a0 GetAce
• 0x1400760a8 RegCreateKeyExW
• 0x1400760b0 RegQueryValueExW
• 0x1400760b8 SystemFunction036
• 0x1400760c0 IsValidSecurityDescriptor
• 0x1400760c8 GetSecurityDescriptorControl
• 0x1400760d0 GetSecurityDescriptorOwner
• 0x1400760d8 GetSecurityDescriptorGroup
• 0x1400760e0 GetSecurityDescriptorDacl
• 0x1400760e8 GetSecurityDescriptorSacl
• 0x1400760f0 GetNamedSecurityInfoW
• 0x1400760f8 GetSecurityInfo
• 0x140076100 SetSecurityInfo
• 0x140076108 MapGenericMask
• 0x140076110 AccessCheck
• 0x140076118 IsValidAcl
• 0x140076120 InitializeAcl
• 0x140076128 AddMandatoryAce
• 0x140076130 BuildTrusteeWithSidW
• 0x140076138 SetEntriesInAclW
库: dbghelp.dll:
• 0x1400766d8 SymGetLineFromAddr64
• 0x1400766e0 SymFromAddr
• 0x1400766e8 SymCleanup
• 0x1400766f0 SymSetOptions
• 0x1400766f8 SymGetSearchPathW
• 0x140076700 SymSetSearchPathW
• 0x140076708 SymInitialize
库: ntdll.dll:
• 0x140076718 RtlVirtualUnwind
• 0x140076720 RtlLookupFunctionEntry
• 0x140076728 RtlCaptureStackBackTrace
• 0x140076730 RtlInitUnicodeString
• 0x140076738 RtlUnwindEx
• 0x140076740 RtlPcToFileHeader
• 0x140076748 RtlCaptureContext
• 0x140076750 RtlUnwind
库: USERENV.dll:
• 0x1400766a0 CreateAppContainerProfile
• 0x1400766a8 DeriveAppContainerSidFromAppContainerName
• 0x1400766b0 GetAppContainerRegistryLocation
• 0x1400766b8 GetAppContainerFolderPath
库: WINMM.dll:
• 0x1400766c8 timeGetTime
库: KERNEL32.dll:
• 0x140076148 GetProcessHeap
• 0x140076150 GetOEMCP
• 0x140076158 IsValidCodePage
• 0x140076160 HeapSize
• 0x140076168 ReadConsoleW
• 0x140076170 HeapReAlloc
• 0x140076178 WriteConsoleW
• 0x140076180 EnumSystemLocalesW
• 0x140076188 IsValidLocale
• 0x140076190 GetLocaleInfoW
• 0x140076198 LCMapStringW
• 0x1400761a0 HeapFree
• 0x1400761a8 HeapAlloc
• 0x1400761b0 GetACP
• 0x1400761b8 GetStdHandle
• 0x1400761c0 SetStdHandle
• 0x1400761c8 ExitProcess
• 0x1400761d0 GetConsoleMode
• 0x1400761d8 GetConsoleCP
• 0x1400761e0 GetCommandLineA
• 0x1400761e8 GetStartupInfoW
• 0x1400761f0 InitializeSListHead
• 0x1400761f8 IsProcessorFeaturePresent
• 0x140076200 UnhandledExceptionFilter
• 0x140076208 WaitForSingleObjectEx
• 0x140076210 InitializeCriticalSectionAndSpinCount
• 0x140076218 GetCPInfo
• 0x140076220 GetStringTypeW
• 0x140076228 LCMapStringEx
• 0x140076230 DecodePointer
• 0x140076238 EncodePointer
• 0x140076240 GetModuleFileNameA
• 0x140076248 GetCommandLineW
• 0x140076250 ExpandEnvironmentStringsW
• 0x140076258 GetModuleFileNameW
• 0x140076260 SetEnvironmentVariableW
• 0x140076268 ExpandEnvironmentStringsA
• 0x140076270 GetEnvironmentVariableW
• 0x140076278 GetEnvironmentVariableA
• 0x140076280 WaitForSingleObject
• 0x140076288 UnmapViewOfFile
• 0x140076290 SetCurrentDirectoryA
• 0x140076298 GetLastError
• 0x1400762a0 GetFileAttributesA
• 0x1400762a8 SetEvent
• 0x1400762b0 LoadLibraryA
• 0x1400762b8 CloseHandle
• 0x1400762c0 CreateThread
• 0x1400762c8 GetCurrentDirectoryW
• 0x1400762d0 GetProcAddress
• 0x1400762d8 CreateFileMappingA
• 0x1400762e0 GetCurrentProcessId
• 0x1400762e8 FreeLibrary
• 0x1400762f0 WideCharToMultiByte
• 0x1400762f8 OpenFileMappingA
• 0x140076300 CreateEventA
• 0x140076308 MapViewOfFile
• 0x140076310 SetDllDirectoryW
• 0x140076318 CreateIoCompletionPort
• 0x140076320 CreateEventW
• 0x140076328 SetLastError
• 0x140076330 ResetEvent
• 0x140076338 GetQueuedCompletionStatus
• 0x140076340 RegisterWaitForSingleObject
• 0x140076348 UnregisterWait
• 0x140076350 TerminateJobObject
• 0x140076358 PostQueuedCompletionStatus
• 0x140076360 GetModuleHandleExW
• 0x140076368 SetInformationJobObject
• 0x140076370 GetCurrentProcess
• 0x140076378 DuplicateHandle
• 0x140076380 GetCurrentThreadId
• 0x140076388 TerminateProcess
• 0x140076390 GetUserDefaultLangID
• 0x140076398 GetUserDefaultLCID
• 0x1400763a0 GetUserDefaultLocaleName
• 0x1400763a8 EnumSystemLocalesEx
• 0x1400763b0 HeapDestroy
• 0x1400763b8 GetTickCount
• 0x1400763c0 CreateFileW
• 0x1400763c8 GetLocalTime
• 0x1400763d0 OutputDebugStringA
• 0x1400763d8 WriteFile
• 0x1400763e0 FormatMessageA
• 0x1400763e8 TryAcquireSRWLockExclusive
• 0x1400763f0 ReleaseSRWLockExclusive
• 0x1400763f8 UnregisterWaitEx
• 0x140076400 GetCurrentThread
• 0x140076408 Sleep
• 0x140076410 IsDebuggerPresent
• 0x140076418 RaiseException
• 0x140076420 GetModuleHandleW
• 0x140076428 GetThreadId
• 0x140076430 GetFileType
• 0x140076438 SetHandleInformation
• 0x140076440 SetDefaultDllDirectories
• 0x140076448 HeapSetInformation
• 0x140076450 SetThreadInformation
• 0x140076458 GetProcessMitigationPolicy
• 0x140076460 SetProcessMitigationPolicy
• 0x140076468 GetVersionExW
• 0x140076470 GetProductInfo
• 0x140076478 GetNativeSystemInfo
• 0x140076480 IsWow64Process
• 0x140076488 LocalFree
• 0x140076490 GetEnvironmentStringsW
• 0x140076498 FreeEnvironmentStringsW
• 0x1400764a0 WriteProcessMemory
• 0x1400764a8 CreateFileMappingW
• 0x1400764b0 ReadProcessMemory
• 0x1400764b8 GetCurrentProcessorNumber
• 0x1400764c0 SetThreadAffinityMask
• 0x1400764c8 VirtualFree
• 0x1400764d0 GetProcessHeaps
• 0x1400764d8 LoadLibraryExW
• 0x1400764e0 AcquireSRWLockExclusive
• 0x1400764e8 GetSystemTimeAsFileTime
• 0x1400764f0 QueryPerformanceFrequency
• 0x1400764f8 QueryPerformanceCounter
• 0x140076500 CreateNamedPipeW
• 0x140076508 CreateJobObjectW
• 0x140076510 QueryInformationJobObject
• 0x140076518 VirtualAllocEx
• 0x140076520 VirtualProtectEx
• 0x140076528 GetModuleHandleA
• 0x140076530 DeleteProcThreadAttributeList
• 0x140076538 InitializeProcThreadAttributeList
• 0x140076540 UpdateProcThreadAttribute
• 0x140076548 CreateMutexW
• 0x140076550 GetFileAttributesW
• 0x140076558 QueryDosDeviceW
• 0x140076560 GetLongPathNameW
• 0x140076568 VirtualFreeEx
• 0x140076570 GetProcessHandleCount
• 0x140076578 SetUnhandledExceptionFilter
• 0x140076580 TlsGetValue
• 0x140076588 DebugBreak
• 0x140076590 TlsAlloc
• 0x140076598 TlsFree
• 0x1400765a0 TlsSetValue
• 0x1400765a8 SetFilePointerEx
• 0x1400765b0 ReadFile
• 0x1400765b8 SetEndOfFile
• 0x1400765c0 FlushFileBuffers
• 0x1400765c8 CreateRemoteThread
• 0x1400765d0 MultiByteToWideChar
• 0x1400765d8 FindClose
• 0x1400765e0 FindNextFileW
• 0x1400765e8 FindFirstFileExW
• 0x1400765f0 DeleteCriticalSection
• 0x1400765f8 InitializeCriticalSectionEx
• 0x140076600 LeaveCriticalSection
• 0x140076608 EnterCriticalSection
库: USER32.dll:
• 0x140076630 CreateDesktopW
• 0x140076638 SetProcessWindowStation
• 0x140076640 CreateWindowStationW
• 0x140076648 GetProcessWindowStation
• 0x140076650 GetThreadDesktop
• 0x140076658 CloseWindowStation
• 0x140076660 CloseDesktop
• 0x140076668 LoadStringA
• 0x140076670 LoadStringW
• 0x140076678 MessageBoxA
• 0x140076680 AllowSetForegroundWindow
• 0x140076688 GetUserObjectInformationW
• 0x140076690 MessageBoxW
库: ole32.dll:
• 0x140076760 CoTaskMemFree
导出
| 序列 | 地址 | 名称 |
|---|---|---|
| 1 | 0x140030220 | GetHandleVerifier |
| 2 | 0x1400010c1 | IsSandboxedProcess |
.text
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
HfA;TM
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.15.196.139 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.15.196.139 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 14.759 seconds )
- 11.202 Suricata
- 1.648 NetworkAnalysis
- 1.109 Static
- 0.457 TargetInfo
- 0.315 peid
- 0.012 Strings
- 0.011 AnalysisInfo
- 0.002 Memory
- 0.002 config_decoder
- 0.001 BehaviorAnalysis
Signatures ( 1.417 seconds )
- 1.341 proprietary_url_bl
- 0.011 antiav_detectreg
- 0.008 proprietary_domain_bl
- 0.005 anomaly_persistence_autorun
- 0.005 antiav_detectfile
- 0.005 infostealer_ftp
- 0.004 geodo_banking_trojan
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 infostealer_bitcoin
- 0.003 infostealer_im
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 antianalysis_detectreg
- 0.002 antivm_vbox_files
- 0.002 disables_browser_warn
- 0.002 infostealer_mail
- 0.001 rat_nanocore
- 0.001 betabot_behavior
- 0.001 cerber_behavior
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 proprietary_bad_drop
- 0.001 network_cnc_http
- 0.001 stealth_modify_uac_prompt
Reporting ( 0.584 seconds )
- 0.576 ReportHTMLSummary
- 0.008 Malheur
| Task ID | 744445 |
|---|---|
| Mongo ID | 662f16c97e769a05be3dc95f |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号