比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-04-29 14:11:20 2024-04-29 14:13:40 140 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 cybar.exe
文件大小 14434883 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 1629d75e4e6c512549579e62e246b9cb
SHA1 83f71aa5ff08d8b8229e9eba3898b2e0b2decf0f
SHA256 b9059a37d60d6b6cd121b5a11728afd71d13559316a02200755fc37685e43354
SHA512 33d383e1221dde1a2018583fb12c635040e52edcc4c56f392383a8a4966622d81a2815cbccd34c10b528f9e684859e02e7478aaf24141700d67132ac246fe70b
CRC32 F880045A
Ssdeep 196608:rfeCp5KDB4UjjwiWfDPXDJV0XQ4Jk3tRXLdpqjebxfgS6kPJp/naodw1ndfdeA5y:qCp5KDBdjXBknHvWizan1dFegsF4Jo
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0040320c
声明校验值 0x00000000
实际校验值 0x00dcbf52
最低操作系统版本要求 4.0
编译时间 2018-01-30 11:57:45
载入哈希 3abe302b6d9a1256e6a915429af4ffd2
图标
图标精确哈希值 37773a0fea7f9490792abfbf85237f55
图标相似性哈希值 7d47921cc6ffa040bb48bf2cdaad0953

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0000628f 0x00006400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.44
.rdata 0x00008000 0x00001354 0x00001400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.24
.data 0x0000a000 0x00025518 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.05
.ndata 0x00030000 0x00008000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x00038000 0x00002d20 0x00002e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.78

覆盖

偏移量 0x0000b000
大小 0x00db9243

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00038190 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US 5.64 dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4293328940, next used block 4259774508
RT_DIALOG 0x0003a958 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_DIALOG 0x0003a958 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_DIALOG 0x0003a958 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_GROUP_ICON 0x0003a9b8 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 2.02 MS Windows icon resource - 1 icon, 48x96
RT_MANIFEST 0x0003a9d0 0x00000349 LANG_ENGLISH SUBLANG_ENGLISH_US 5.29 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: KERNEL32.dll:
0x408070 GetTempPathA
0x408074 GetFileSize
0x408078 GetModuleFileNameA
0x40807c GetCurrentProcess
0x408080 CopyFileA
0x408084 ExitProcess
0x40808c Sleep
0x408090 GetTickCount
0x408094 GetCommandLineA
0x408098 lstrlenA
0x40809c GetVersion
0x4080a0 SetErrorMode
0x4080a4 lstrcpynA
0x4080a8 GetDiskFreeSpaceA
0x4080ac GlobalUnlock
0x4080b8 GetLastError
0x4080bc CreateDirectoryA
0x4080c0 CreateProcessA
0x4080c4 RemoveDirectoryA
0x4080c8 CreateFileA
0x4080cc GetTempFileNameA
0x4080d0 ReadFile
0x4080d4 WriteFile
0x4080d8 lstrcpyA
0x4080dc MoveFileExA
0x4080e0 lstrcatA
0x4080e4 GetSystemDirectoryA
0x4080e8 GetProcAddress
0x4080ec GetExitCodeProcess
0x4080f0 WaitForSingleObject
0x4080f4 CompareFileTime
0x4080f8 SetFileAttributesA
0x4080fc GetFileAttributesA
0x408100 GetShortPathNameA
0x408104 MoveFileA
0x408108 GetFullPathNameA
0x40810c SetFileTime
0x408110 SearchPathA
0x408114 CloseHandle
0x408118 lstrcmpiA
0x40811c CreateThread
0x408120 GlobalLock
0x408124 lstrcmpA
0x408128 FindFirstFileA
0x40812c FindNextFileA
0x408130 DeleteFileA
0x408134 SetFilePointer
0x40813c FindClose
0x408140 MultiByteToWideChar
0x408144 FreeLibrary
0x408148 MulDiv
0x408150 LoadLibraryExA
0x408154 GetModuleHandleA
0x408158 GlobalAlloc
0x40815c GlobalFree
库: USER32.dll:
0x408184 ScreenToClient
0x408188 GetSystemMenu
0x40818c SetClassLongA
0x408190 IsWindowEnabled
0x408194 SetWindowPos
0x408198 GetSysColor
0x40819c GetWindowLongA
0x4081a0 SetCursor
0x4081a4 LoadCursorA
0x4081a8 CheckDlgButton
0x4081ac GetMessagePos
0x4081b0 LoadBitmapA
0x4081b4 CallWindowProcA
0x4081b8 IsWindowVisible
0x4081bc CloseClipboard
0x4081c0 SetClipboardData
0x4081c4 EmptyClipboard
0x4081c8 PostQuitMessage
0x4081cc GetWindowRect
0x4081d0 EnableMenuItem
0x4081d4 CreatePopupMenu
0x4081d8 GetSystemMetrics
0x4081dc SetDlgItemTextA
0x4081e0 GetDlgItemTextA
0x4081e4 MessageBoxIndirectA
0x4081e8 CharPrevA
0x4081ec DispatchMessageA
0x4081f0 PeekMessageA
0x4081f4 ReleaseDC
0x4081f8 EnableWindow
0x4081fc InvalidateRect
0x408200 SendMessageA
0x408204 DefWindowProcA
0x408208 BeginPaint
0x40820c GetClientRect
0x408210 FillRect
0x408214 DrawTextA
0x408218 EndDialog
0x40821c RegisterClassA
0x408224 CreateWindowExA
0x408228 GetClassInfoA
0x40822c DialogBoxParamA
0x408230 CharNextA
0x408234 ExitWindowsEx
0x408238 GetDC
0x40823c CreateDialogParamA
0x408240 SetTimer
0x408244 GetDlgItem
0x408248 SetWindowLongA
0x40824c SetForegroundWindow
0x408250 LoadImageA
0x408254 IsWindow
0x408258 SendMessageTimeoutA
0x40825c FindWindowExA
0x408260 OpenClipboard
0x408264 TrackPopupMenu
0x408268 AppendMenuA
0x40826c EndPaint
0x408270 DestroyWindow
0x408274 wsprintfA
0x408278 ShowWindow
0x40827c SetWindowTextA
库: GDI32.dll:
0x40804c SelectObject
0x408050 SetBkMode
0x408054 CreateFontIndirectA
0x408058 SetTextColor
0x40805c DeleteObject
0x408060 GetDeviceCaps
0x408064 CreateBrushIndirect
0x408068 SetBkColor
库: SHELL32.dll:
0x40816c ShellExecuteExA
0x408174 SHBrowseForFolderA
0x408178 SHGetFileInfoA
0x40817c SHFileOperationA
库: ADVAPI32.dll:
0x408004 RegCreateKeyExA
0x408008 RegOpenKeyExA
0x40800c SetFileSecurityA
0x408010 OpenProcessToken
0x408018 RegEnumValueA
0x40801c RegDeleteKeyA
0x408020 RegDeleteValueA
0x408024 RegCloseKey
0x408028 RegSetValueExA
0x40802c RegQueryValueExA
0x408030 RegEnumKeyA
库: COMCTL32.dll:
0x408038 ImageList_Create
0x40803c ImageList_AddMasked
0x408040 ImageList_Destroy
0x408044 None
库: ole32.dll:
0x408284 OleUninitialize
0x408288 OleInitialize
0x40828c CoTaskMemFree
0x408290 CoCreateInstance
.text
`.rdata
@.data
.ndata
.rsrc
v#Vh|,@
ihk;@
UXTHEME
USERENV
SETUPAPI
APPHELP
PROPSYS
DWMAPI
CRYPTBASE
OLEACC
CLBCATQ
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegCreateKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
verifying installer: %d%%
http://nsis.sf.net/NSIS_Error
Error launching installer
... %d%%
SeShutdownPrivilege
\Temp
NSIS Error
Error writing temporary file. Make sure your temp folder is valid.
%u.%u%s%s
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
SHELL32
InitiateShutdownA
RegDeleteKeyExA
ADVAPI32
GetUserDefaultUILanguage
GetDiskFreeSpaceExA
SetDefaultDllDirectories
KERNEL32
*?|<>/":
%s%s.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.03</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
~zSF7r
k >!^
n^$h4vl
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
没有防病毒引擎扫描信息!

进程树

cybar.exe, PID: 2604, 上一级进程 PID: 2276
Cybar.exe, PID: 2776, 上一级进程 PID: 2604
aafcccqfm.exe, PID: 2980, 上一级进程 PID: 2776
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 104.114.76.194 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 104.114.76.194 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 31.153 seconds )

  • 11.005 Suricata
  • 8.196 NetworkAnalysis
  • 5.365 Static
  • 3.003 TargetInfo
  • 2.914 BehaviorAnalysis
  • 0.321 peid
  • 0.308 AnalysisInfo
  • 0.028 config_decoder
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 2.37 seconds )

  • 1.433 proprietary_url_bl
  • 0.167 api_spamming
  • 0.14 stealth_decoy_document
  • 0.138 stealth_timeout
  • 0.059 bootkit
  • 0.056 antiav_detectreg
  • 0.022 kovter_behavior
  • 0.021 infostealer_ftp
  • 0.02 antiemu_wine_func
  • 0.02 dridex_behavior
  • 0.018 infostealer_browser_password
  • 0.017 mimics_filetime
  • 0.016 reads_self
  • 0.016 dead_connect
  • 0.014 virus
  • 0.014 proprietary_domain_bl
  • 0.012 stealth_file
  • 0.012 hancitor_behavior
  • 0.012 infostealer_im
  • 0.011 antianalysis_detectreg
  • 0.008 stealth_network
  • 0.007 antidbg_windows
  • 0.007 infostealer_mail
  • 0.006 antiav_servicestop
  • 0.006 anomaly_persistence_autorun
  • 0.006 antiav_detectfile
  • 0.006 ransomware_extensions
  • 0.006 ransomware_files
  • 0.005 geodo_banking_trojan
  • 0.005 disables_browser_warn
  • 0.004 shifu_behavior
  • 0.004 infostealer_bitcoin
  • 0.004 darkcomet_regkeys
  • 0.004 network_http
  • 0.003 kibex_behavior
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_vbox_files
  • 0.003 antivm_xen_keys
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 injection_createremotethread
  • 0.002 antivm_generic_services
  • 0.002 antivm_vbox_window
  • 0.002 betabot_behavior
  • 0.002 antivm_generic_disk
  • 0.002 anormaly_invoke_kills
  • 0.002 antivm_generic_diskreg
  • 0.002 antivm_parallels_keys
  • 0.002 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.002 recon_fingerprint
  • 0.001 antivm_vbox_libs
  • 0.001 proprietary_anomaly_write_exe_and_obsfucate_extension
  • 0.001 antiav_avast_libs
  • 0.001 infostealer_browser
  • 0.001 proprietary_malicious_write_executeable_under_temp_to_regrun
  • 0.001 injection_explorer
  • 0.001 sets_autoconfig_url
  • 0.001 browser_needed
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ipc_namedpipe
  • 0.001 antiav_bitdefender_libs
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 antisandbox_script_timer
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 disables_system_restore
  • 0.001 malicous_targeted_flame
  • 0.001 proprietary_anomaly_invoke_vb_vba
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.8 seconds )

  • 0.647 ReportHTMLSummary
  • 0.153 Malheur
Task ID 744446
Mongo ID 662f3aec7e769a05bb3db60d
Cuckoo release 1.4-Maldun