比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-04-29 19:35:12 2024-04-29 19:36:03 51 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 G502游戏驱动.[20220628](2).exe
文件大小 9030456 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6418e6c7257e6dc5df65cd65eee6bdac
SHA1 2e8f18aa843cfc58f052473dbba761d0aadcdfc8
SHA256 5ebff6f2d62db59f27f717479c961fc243cff8e0d951be7b69c76206fc313490
SHA512 190dfcb916c5e38953058dd54d8bb22fbcac92b203e61a5e3ad3070bd62c05744f9eefd12ae744fda2bdbe9367f3294e8f88cb29b43aaee434ebe3ae982224ad
CRC32 EE1EB1DE
Ssdeep 196608:4lq+1N8VVaW61KDuoxM3o5mi/v9d0FAVDWWjCv4MKEtn3T51w:c82wjUw/vfDWvvs8Hw
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004777cc
声明校验值 0x00000000
实际校验值 0x008a2ae4
最低操作系统版本要求 5.1
PDB路径 C:\CodeBases\isdev\redist\Language Independent\i386\setup.pdb
编译时间 2015-06-08 13:19:37
载入哈希 fdcbfdff3fe99953a080ac7891a20374
图标
图标精确哈希值 a54aa5bfdd52bd505831030b49754ffc
图标相似性哈希值 42c3bd4cd26d236ee7356f21963dcbf3

版本信息

LegalCopyright
ISInternalVersion
InternalName
FileVersion
CompanyName
Internal Build Number
ProductName
ProductVersion
FileDescription
ISInternalDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000b3485 0x000b3600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x000b5000 0x00036208 0x00036400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.10
.data 0x000ec000 0x00008c38 0x00002600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.51
.rsrc 0x000f5000 0x0008460c 0x00084800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.10

覆盖

偏移量 0x00170c00
大小 0x0072bf38

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
GIF 0x000f8e54 0x0000339f LANG_ENGLISH SUBLANG_ENGLISH_US 7.90 GIF image data, version 89a, 350 x 624
GIF 0x000f8e54 0x0000339f LANG_ENGLISH SUBLANG_ENGLISH_US 7.90 GIF image data, version 89a, 350 x 624
PNG 0x000ffbe4 0x00002fc9 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 240 x 227, 8-bit/color RGBA, non-interlaced
PNG 0x000ffbe4 0x00002fc9 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 240 x 227, 8-bit/color RGBA, non-interlaced
RT_BITMAP 0x001239d0 0x00011f88 LANG_NEUTRAL SUBLANG_NEUTRAL 3.16 data
RT_BITMAP 0x001239d0 0x00011f88 LANG_NEUTRAL SUBLANG_NEUTRAL 3.16 data
RT_BITMAP 0x001239d0 0x00011f88 LANG_NEUTRAL SUBLANG_NEUTRAL 3.16 data
RT_BITMAP 0x001239d0 0x00011f88 LANG_NEUTRAL SUBLANG_NEUTRAL 3.16 data
RT_BITMAP 0x001239d0 0x00011f88 LANG_NEUTRAL SUBLANG_NEUTRAL 3.16 data
RT_BITMAP 0x001239d0 0x00011f88 LANG_NEUTRAL SUBLANG_NEUTRAL 3.16 data
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_ICON 0x001710e8 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.48 GLS_BINARY_LSB_FIRST
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_DIALOG 0x0017398c 0x00000294 LANG_NEUTRAL SUBLANG_NEUTRAL 3.18 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_STRING 0x00178640 0x00000284 LANG_ENGLISH SUBLANG_ENGLISH_US 3.05 data
RT_GROUP_ICON 0x00178a3c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.32 MS Windows icon resource - 1 icon, 32x32, 16 colors
RT_GROUP_ICON 0x00178a3c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.32 MS Windows icon resource - 1 icon, 32x32, 16 colors
RT_GROUP_ICON 0x00178a3c 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 2.32 MS Windows icon resource - 1 icon, 32x32, 16 colors
RT_VERSION 0x00178a50 0x00000414 LANG_NEUTRAL SUBLANG_NEUTRAL 3.48 data
RT_MANIFEST 0x0017948c 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US 4.91 XML 1.0 document text
RT_MANIFEST 0x0017948c 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US 4.91 XML 1.0 document text

导入

库: VERSION.dll:
0x4b5550 VerQueryValueW
0x4b5554 GetFileVersionInfoW
库: COMCTL32.dll:
0x4b507c None
库: KERNEL32.dll:
0x4b5120 LoadLibraryW
0x4b5124 GetModuleHandleW
0x4b5128 lstrcmpW
0x4b512c lstrcmpiW
0x4b5138 VerLanguageNameW
0x4b513c CompareFileTime
0x4b5140 CreateDirectoryW
0x4b5144 FindClose
0x4b5148 FindFirstFileW
0x4b514c FindNextFileW
0x4b5150 SetFileAttributesW
0x4b515c MoveFileW
0x4b5160 LocalFree
0x4b5164 FormatMessageW
0x4b5168 GetSystemInfo
0x4b516c MulDiv
0x4b5170 RaiseException
0x4b5184 LoadLibraryExW
0x4b5188 GetVersion
0x4b518c GetLocalTime
0x4b5190 IsValidLocale
0x4b5194 GetCommandLineW
0x4b5198 GetFileAttributesW
0x4b519c FlushFileBuffers
0x4b51a0 SetEndOfFile
0x4b51a4 VirtualQuery
0x4b51a8 lstrcpyA
0x4b51ac IsBadReadPtr
0x4b51b0 GetDiskFreeSpaceW
0x4b51b4 GetDriveTypeW
0x4b51b8 GetExitCodeProcess
0x4b51bc GetCurrentThread
0x4b51c0 GetLocaleInfoW
0x4b51c4 InterlockedExchange
0x4b51c8 LoadLibraryExA
0x4b51cc GetProcAddress
0x4b51d0 FreeLibrary
0x4b51d4 CompareStringA
0x4b51d8 CompareStringW
0x4b51dc lstrcatW
0x4b51e0 GetVersionExW
0x4b51ec CreateEventW
0x4b51f4 ReadConsoleW
0x4b51f8 WriteConsoleW
0x4b51fc SetStdHandle
0x4b5200 SetFilePointerEx
0x4b5204 GetConsoleMode
0x4b5208 GetTempFileNameW
0x4b5210 OutputDebugStringW
0x4b5214 EnumSystemLocalesW
0x4b5218 GetUserDefaultLCID
0x4b521c FatalAppExitA
0x4b5228 GetFileType
0x4b522c HeapReAlloc
0x4b5230 CreateSemaphoreW
0x4b5234 GetStartupInfoW
0x4b5238 TlsFree
0x4b523c TlsSetValue
0x4b5240 TlsGetValue
0x4b5244 TlsAlloc
0x4b5250 GetStringTypeW
0x4b5254 GetCPInfo
0x4b5258 GetOEMCP
0x4b525c IsValidCodePage
0x4b5260 GetCurrentThreadId
0x4b5264 HeapSize
0x4b5268 AreFileApisANSI
0x4b526c GetModuleHandleExW
0x4b5270 GetStdHandle
0x4b5274 GetACP
0x4b527c IsDebuggerPresent
0x4b5280 RtlUnwind
0x4b5284 lstrcpynA
0x4b5288 LocalAlloc
0x4b5290 SearchPathW
0x4b5294 lstrcmpA
0x4b529c ResetEvent
0x4b52a0 SetEvent
0x4b52a4 VirtualProtect
0x4b52a8 GetCurrentProcessId
0x4b52ac Process32NextW
0x4b52b0 Process32FirstW
0x4b52b8 GetDateFormatW
0x4b52bc GetTimeFormatW
0x4b52c4 FindResourceExW
0x4b52c8 GetLastError
0x4b52cc CopyFileW
0x4b52d0 GetTickCount
0x4b52d4 GetExitCodeThread
0x4b52d8 CreateThread
0x4b52dc FindResourceW
0x4b52e0 GlobalFree
0x4b52e4 GlobalUnlock
0x4b52e8 GlobalLock
0x4b52ec GlobalAlloc
0x4b52f0 SizeofResource
0x4b52f4 LockResource
0x4b52f8 LoadResource
0x4b52fc lstrcpyW
0x4b5304 SetErrorMode
0x4b5308 GetTempPathW
0x4b5310 MoveFileExW
0x4b5314 WriteProcessMemory
0x4b5318 VirtualProtectEx
0x4b531c GetSystemDirectoryW
0x4b5324 SetThreadContext
0x4b5328 GetThreadContext
0x4b532c CreateProcessW
0x4b5330 ResumeThread
0x4b5334 TerminateProcess
0x4b5338 ExitProcess
0x4b533c GetCurrentProcess
0x4b5340 Sleep
0x4b5344 WaitForSingleObject
0x4b5348 DuplicateHandle
0x4b534c RemoveDirectoryW
0x4b5350 DeleteFileW
0x4b5358 lstrlenW
0x4b535c lstrcpynW
0x4b5360 GetModuleFileNameW
0x4b5364 GetProcessHeap
0x4b5368 HeapFree
0x4b536c HeapAlloc
0x4b5370 WriteFile
0x4b5374 SetFilePointer
0x4b5378 ReadFile
0x4b537c WideCharToMultiByte
0x4b5384 SetFileTime
0x4b5388 GetFileTime
0x4b538c OpenProcess
0x4b5390 GetProcessTimes
0x4b5394 LCMapStringW
0x4b5398 DecodePointer
0x4b539c EncodePointer
0x4b53a0 MultiByteToWideChar
0x4b53a4 lstrlenA
0x4b53a8 UnmapViewOfFile
0x4b53ac MapViewOfFile
0x4b53b0 CreateFileMappingW
0x4b53b4 CloseHandle
0x4b53b8 GetFileSize
0x4b53bc CreateFileW
0x4b53c0 SetLastError
0x4b53c4 GetConsoleCP
库: USER32.dll:
0x4b544c DefWindowProcW
0x4b5450 PostMessageW
0x4b5454 DispatchMessageW
0x4b5458 PostQuitMessage
0x4b545c RegisterClassW
0x4b5460 TranslateMessage
0x4b5464 GetMessageW
0x4b5468 CharUpperW
0x4b546c KillTimer
0x4b5470 SetTimer
0x4b5474 GetDC
0x4b5478 CharPrevW
0x4b547c SendDlgItemMessageW
0x4b5480 wvsprintfW
0x4b5484 LoadImageW
0x4b5488 CreateDialogParamW
0x4b548c MoveWindow
0x4b5490 SetCursor
0x4b5494 GetWindow
0x4b5498 GetDlgItemTextW
0x4b549c SetFocus
0x4b54a0 EnableWindow
0x4b54a4 SetForegroundWindow
0x4b54a8 SetActiveWindow
0x4b54ac SetDlgItemTextW
0x4b54b0 IsDialogMessageW
0x4b54b4 FindWindowW
0x4b54b8 SubtractRect
0x4b54bc IntersectRect
0x4b54c0 SetRect
0x4b54c4 FillRect
0x4b54c8 GetSysColorBrush
0x4b54cc GetSysColor
0x4b54d0 GetWindowRect
0x4b54d4 ExitWindowsEx
0x4b54d8 GetSystemMetrics
0x4b54dc GetDlgCtrlID
0x4b54e4 DestroyWindow
0x4b54e8 IsWindow
0x4b54ec SendMessageW
0x4b54f0 MessageBoxW
0x4b54f4 CharNextW
0x4b54f8 WaitForInputIdle
0x4b54fc SetWindowLongW
0x4b5500 GetWindowLongW
0x4b5504 GetClientRect
0x4b5508 EndPaint
0x4b550c BeginPaint
0x4b5510 ReleaseDC
0x4b5514 GetWindowDC
0x4b5518 SetWindowPos
0x4b551c SetWindowTextW
0x4b5520 GetDlgItem
0x4b5524 EndDialog
0x4b552c ShowWindow
0x4b5530 GetDesktopWindow
0x4b5538 PeekMessageW
0x4b553c wsprintfW
0x4b5540 LoadIconW
0x4b5544 LoadCursorW
0x4b5548 CreateWindowExW
库: GDI32.dll:
0x4b50bc GetObjectW
0x4b50c0 SetTextColor
0x4b50c4 SetBkMode
0x4b50c8 GetDeviceCaps
0x4b50cc CreateFontW
0x4b50d0 CreateFontIndirectW
0x4b50d4 SetStretchBltMode
0x4b50d8 StretchBlt
0x4b50dc SelectObject
0x4b50e0 DeleteDC
0x4b50e4 CreateDIBitmap
0x4b50e8 CreateCompatibleDC
0x4b50ec BitBlt
0x4b50f0 DeleteObject
0x4b50f4 GetStockObject
0x4b50f8 CreatePalette
0x4b5100 RealizePalette
0x4b5104 SelectPalette
0x4b5108 GetDIBColorTable
0x4b5110 UnrealizeObject
0x4b5118 CreateSolidBrush
库: ADVAPI32.dll:
0x4b5000 RegCloseKey
0x4b5004 CryptSignHashW
0x4b5008 CryptHashData
0x4b500c CryptCreateHash
0x4b5014 RegOpenKeyW
0x4b5018 RegEnumKeyW
0x4b501c RegCreateKeyW
0x4b502c RegOpenKeyExW
0x4b5030 RegQueryValueExW
0x4b5034 RegDeleteValueW
0x4b5038 RegCreateKeyExW
0x4b503c RegEnumValueW
0x4b5040 GetTokenInformation
0x4b5044 FreeSid
0x4b5048 EqualSid
0x4b5050 OpenThreadToken
0x4b5054 OpenProcessToken
0x4b5068 RegQueryInfoKeyW
0x4b506c RegEnumKeyExW
0x4b5070 RegDeleteKeyW
0x4b5074 RegSetValueExW
库: SHELL32.dll:
0x4b5430 ShellExecuteW
0x4b5434 SHBrowseForFolderW
0x4b543c CommandLineToArgvW
0x4b5440 ShellExecuteExW
0x4b5444 SHGetMalloc
库: ole32.dll:
0x4b5560 CoCreateInstance
0x4b5564 StringFromGUID2
0x4b5568 CoCreateGuid
0x4b556c CreateItemMoniker
0x4b5574 CLSIDFromProgID
0x4b5578 CoTaskMemAlloc
0x4b557c CoTaskMemRealloc
0x4b5580 CoTaskMemFree
0x4b5584 ProgIDFromCLSID
0x4b5588 CoUninitialize
0x4b5590 CoInitialize
库: OLEAUT32.dll:
0x4b53cc LoadTypeLib
0x4b53d0 SysAllocStringLen
0x4b53d4 SysFreeString
0x4b53d8 SysReAllocStringLen
0x4b53dc SysStringLen
0x4b53e0 SysAllocString
0x4b53e4 SysStringByteLen
0x4b53ec VarBstrCat
0x4b53f0 VarBstrFromDate
0x4b53f4 VariantClear
0x4b53f8 VariantChangeType
0x4b53fc GetErrorInfo
0x4b5400 VarUI4FromStr
0x4b5408 RegisterTypeLib
0x4b540c SetErrorInfo
0x4b5410 CreateErrorInfo
库: CRYPT32.dll:
0x4b508c PFXImportCertStore
0x4b5090 CertSaveStore
0x4b5094 CertOpenStore
库: RPCRT4.dll:
0x4b5418 UuidCreate
0x4b541c UuidToStringW
0x4b5420 UuidFromStringW
0x4b5424 RpcStringFreeW
.text
`.rdata
@.data
.rsrc
D$HQj
L$4Qh
D$ Ph
F h0%
Fl+Fp=
IWVSSSSSSh
WhdWK
WhpWK
Ph4XK
PhDXK
PhhXK
PhhXK
PPPh`[K
PPPhp[K
Ph4ZK
PhPZK
PhtZK
Phd\K
Ph@]K
PhT]K
Phl]K
PhD^K
Phd^K
Ph|^K
Ph<_K
Ph(YK
Ph(YK
Ph@YK
PhTYK
Ph|YK
Ph`YK
GWPh\`K
Phd`K
PhpYK
Phh`K
PPPPh0u
QQQQh0u
ShhbK
没有防病毒引擎扫描信息!

进程树

G502____________._20220628__2_.exe, PID: 2608, 上一级进程 PID: 2268
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.33.32.227 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.33.32.227 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 26.255 seconds )

  • 11.346 Suricata
  • 5.038 VirusTotal
  • 4.075 Static
  • 2.861 NetworkAnalysis
  • 2.314 TargetInfo
  • 0.359 peid
  • 0.22 BehaviorAnalysis
  • 0.018 config_decoder
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 1.675 seconds )

  • 1.438 proprietary_url_bl
  • 0.067 malicous_targeted_flame
  • 0.02 antiav_detectreg
  • 0.011 api_spamming
  • 0.008 stealth_decoy_document
  • 0.008 stealth_timeout
  • 0.008 infostealer_ftp
  • 0.008 proprietary_domain_bl
  • 0.007 ransomware_extensions
  • 0.006 anomaly_persistence_autorun
  • 0.006 antiav_detectfile
  • 0.005 mimics_filetime
  • 0.005 reads_self
  • 0.005 infostealer_im
  • 0.005 ransomware_files
  • 0.004 infostealer_browser
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.003 bootkit
  • 0.003 stealth_file
  • 0.003 virus
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 ipc_namedpipe
  • 0.002 antivm_generic_disk
  • 0.002 infostealer_browser_password
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 antiemu_wine_func
  • 0.001 rat_nanocore
  • 0.001 proprietary_anomaly_write_exe_and_obsfucate_extension
  • 0.001 proprietary_malicious_write_executeable_under_temp_to_regrun
  • 0.001 antivm_generic_services
  • 0.001 proprietary_anomaly_massive_file_ops
  • 0.001 ransomware_message
  • 0.001 sets_autoconfig_url
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 anormaly_invoke_kills
  • 0.001 cerber_behavior
  • 0.001 kovter_behavior
  • 0.001 hancitor_behavior
  • 0.001 securityxploded_modules
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.55 seconds )

  • 0.491 ReportHTMLSummary
  • 0.059 Malheur
Task ID 744458
Mongo ID 662f864c7e769a05be3dc990
Cuckoo release 1.4-Maldun