比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-04-18 13:12:19 2024-04-18 13:13:20 61 秒

魔盾分数

4.325

可疑的

文件详细信息

文件名 CSZP2.exe
文件大小 8371904 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 b90a58f4f5e93327b1b5ae8033bbf878
SHA1 025de833377fc0c2f77013481da4bd2a1b3c12dc
SHA256 8615a562b523b8c450050f66c225ba9a1a90c440e7b1169de830bdc4b68f5ea4
SHA512 1868eb77c496b2a657f30bd0100bfdb7023600a0057f48a8249418501b7fc77e21f93987d584957be1d256aaf171d5a05f4f64797adf8fc68f792fc30ae8bf33
CRC32 5109169E
Ssdeep 196608:bhKyDGXCfdICteEroxzlxZV3Gu5D4S267y7j8ZEGPt6gsCS3GHVt:1NdInErot14S2DzqfsmHVt
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x14000c540
声明校验值 0x008023dd
实际校验值 0x008023dd
最低操作系统版本要求 5.2
编译时间 2024-04-18 13:09:11
载入哈希 f4f2e2b03fe5666a721620fcea3aea9b
图标
图标精确哈希值 99f8909119f22355b3423d4cad169539
图标相似性哈希值 c5a2ab820da81f9db77abd76bbd9764e

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0002afb0 0x0002b000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.50
.rdata 0x0002c000 0x00012f36 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.83
.data 0x0003f000 0x000033b8 0x00000e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.83
.pdata 0x00043000 0x0000231c 0x00002400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.38
_RDATA 0x00046000 0x000001f4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.71
.rsrc 0x00047000 0x0000f41c 0x0000f600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.55
.reloc 0x00057000 0x00000758 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.25

覆盖

偏移量 0x00051600
大小 0x007aa8c0

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00055a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00055a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00055a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00055a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00055a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00055a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_ICON 0x00055a3c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 6.39 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x00055ea4 0x00000068 LANG_NEUTRAL SUBLANG_NEUTRAL 2.72 MS Windows icon resource - 7 icons, 48x48
RT_MANIFEST 0x00055f0c 0x0000050d LANG_NEUTRAL SUBLANG_NEUTRAL 5.26 XML 1.0 document, ASCII text

导入

库: USER32.dll:
0x14002c398 CreateWindowExW
0x14002c3a0 PostMessageW
0x14002c3a8 GetMessageW
0x14002c3b0 MessageBoxW
0x14002c3b8 MessageBoxA
0x14002c3c0 SystemParametersInfoW
0x14002c3c8 DestroyIcon
0x14002c3d0 SetWindowLongPtrW
0x14002c3d8 GetWindowLongPtrW
0x14002c3e0 GetClientRect
0x14002c3e8 InvalidateRect
0x14002c3f0 ReleaseDC
0x14002c3f8 GetDC
0x14002c400 DrawTextW
0x14002c408 GetDialogBaseUnits
0x14002c410 EndDialog
0x14002c418 DialogBoxIndirectParamW
0x14002c420 MoveWindow
0x14002c428 SendMessageW
库: COMCTL32.dll:
0x14002c028 None
库: KERNEL32.dll:
0x14002c058 IsValidCodePage
0x14002c060 GetStringTypeW
0x14002c068 GetFileAttributesExW
0x14002c070 HeapReAlloc
0x14002c078 FlushFileBuffers
0x14002c080 GetCurrentDirectoryW
0x14002c088 GetACP
0x14002c090 GetOEMCP
0x14002c098 GetModuleHandleW
0x14002c0a0 MulDiv
0x14002c0a8 GetLastError
0x14002c0b0 SetDllDirectoryW
0x14002c0b8 CreateFileW
0x14002c0c8 CloseHandle
0x14002c0d0 GetModuleFileNameW
0x14002c0d8 CreateSymbolicLinkW
0x14002c0e0 GetCPInfo
0x14002c0e8 GetCommandLineW
0x14002c0f0 GetEnvironmentVariableW
0x14002c0f8 SetEnvironmentVariableW
0x14002c108 CreateDirectoryW
0x14002c110 GetTempPathW
0x14002c118 WaitForSingleObject
0x14002c120 Sleep
0x14002c128 GetExitCodeProcess
0x14002c130 CreateProcessW
0x14002c138 GetStartupInfoW
0x14002c140 FreeLibrary
0x14002c148 LoadLibraryExW
0x14002c150 SetConsoleCtrlHandler
0x14002c158 FindClose
0x14002c160 FindFirstFileExW
0x14002c168 GetCurrentProcess
0x14002c170 LocalFree
0x14002c178 FormatMessageW
0x14002c180 MultiByteToWideChar
0x14002c188 WideCharToMultiByte
0x14002c190 GetEnvironmentStringsW
0x14002c198 FreeEnvironmentStringsW
0x14002c1a0 GetProcessHeap
0x14002c1a8 GetTimeZoneInformation
0x14002c1b0 HeapSize
0x14002c1b8 WriteConsoleW
0x14002c1c0 SetEndOfFile
0x14002c1c8 GetProcAddress
0x14002c1d0 GetSystemTimeAsFileTime
0x14002c1d8 RtlCaptureContext
0x14002c1e0 RtlLookupFunctionEntry
0x14002c1e8 RtlVirtualUnwind
0x14002c1f0 UnhandledExceptionFilter
0x14002c200 TerminateProcess
0x14002c210 QueryPerformanceCounter
0x14002c218 GetCurrentProcessId
0x14002c220 GetCurrentThreadId
0x14002c228 InitializeSListHead
0x14002c230 IsDebuggerPresent
0x14002c238 RtlUnwindEx
0x14002c240 SetLastError
0x14002c248 EnterCriticalSection
0x14002c250 LeaveCriticalSection
0x14002c258 DeleteCriticalSection
0x14002c268 TlsAlloc
0x14002c270 TlsGetValue
0x14002c278 TlsSetValue
0x14002c280 TlsFree
0x14002c288 EncodePointer
0x14002c290 RaiseException
0x14002c298 RtlPcToFileHeader
0x14002c2a0 GetCommandLineA
0x14002c2a8 GetDriveTypeW
0x14002c2b8 GetFileType
0x14002c2c0 PeekNamedPipe
0x14002c2d0 FileTimeToSystemTime
0x14002c2d8 GetFullPathNameW
0x14002c2e0 RemoveDirectoryW
0x14002c2e8 FindNextFileW
0x14002c2f0 SetStdHandle
0x14002c2f8 DeleteFileW
0x14002c300 ReadFile
0x14002c308 GetStdHandle
0x14002c310 WriteFile
0x14002c318 ExitProcess
0x14002c320 GetModuleHandleExW
0x14002c328 HeapFree
0x14002c330 GetConsoleMode
0x14002c338 ReadConsoleW
0x14002c340 SetFilePointerEx
0x14002c348 GetConsoleOutputCP
0x14002c350 GetFileSizeEx
0x14002c358 HeapAlloc
0x14002c360 FlsAlloc
0x14002c368 FlsGetValue
0x14002c370 FlsSetValue
0x14002c378 FlsFree
0x14002c380 CompareStringW
0x14002c388 LCMapStringW
库: ADVAPI32.dll:
0x14002c000 OpenProcessToken
0x14002c008 GetTokenInformation
0x14002c018 ConvertSidToStringSidW
库: GDI32.dll:
0x14002c038 SelectObject
0x14002c040 DeleteObject
0x14002c048 CreateFontIndirectW
.text
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
D$ P%
没有防病毒引擎扫描信息!

进程树

CSZP2.exe, PID: 2576, 上一级进程 PID: 2256
CSZP2.exe, PID: 2596, 上一级进程 PID: 2576
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 72.246.244.51 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 72.246.244.51 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 33.415 seconds )

  • 10.981 Suricata
  • 9.658 VirusTotal
  • 5.11 BehaviorAnalysis
  • 3.458 Static
  • 2.054 NetworkAnalysis
  • 1.774 TargetInfo
  • 0.339 peid
  • 0.015 config_decoder
  • 0.012 AnalysisInfo
  • 0.012 Strings
  • 0.002 Memory

Signatures ( 4.29 seconds )

  • 1.385 proprietary_url_bl
  • 0.243 api_spamming
  • 0.238 reads_self
  • 0.191 mimics_filetime
  • 0.19 stealth_timeout
  • 0.163 stealth_decoy_document
  • 0.162 virus
  • 0.153 bootkit
  • 0.143 stealth_file
  • 0.136 antivm_generic_disk
  • 0.104 proprietary_anomaly_massive_file_ops
  • 0.097 proprietary_malicious_write_executeable_under_temp_to_regrun
  • 0.087 proprietary_anomaly_write_exe_and_obsfucate_extension
  • 0.068 antiav_detectfile
  • 0.066 ransomware_extensions
  • 0.058 proprietary_anomaly_write_exe_and_dll_under_winroot_run
  • 0.054 hancitor_behavior
  • 0.049 infostealer_bitcoin
  • 0.044 infostealer_browser
  • 0.042 rat_luminosity
  • 0.039 ipc_namedpipe
  • 0.038 ransomware_files
  • 0.035 proprietary_anomaly_terminated_process
  • 0.035 ransomware_message
  • 0.035 sets_autoconfig_url
  • 0.033 securityxploded_modules
  • 0.03 infostealer_ftp
  • 0.03 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.027 antivm_vbox_files
  • 0.022 infostealer_im
  • 0.02 disables_wfp
  • 0.019 disables_spdy
  • 0.019 antiav_detectreg
  • 0.018 infostealer_browser_password
  • 0.015 TrickBotTaskDelete
  • 0.013 office_dl_write_exe
  • 0.013 infostealer_mail
  • 0.012 antidbg_devices
  • 0.011 office_write_exe
  • 0.011 deletes_self
  • 0.01 removes_zoneid_ads
  • 0.01 anomaly_persistence_autorun
  • 0.01 rat_pcclient
  • 0.009 network_tor
  • 0.008 proprietary_domain_bl
  • 0.007 rat_nanocore
  • 0.007 betabot_behavior
  • 0.006 geodo_banking_trojan
  • 0.005 tinba_behavior
  • 0.005 kazybot_behavior
  • 0.005 kibex_behavior
  • 0.005 antivm_vmware_files
  • 0.005 codelux_behavior
  • 0.004 hawkeye_behavior
  • 0.004 antianalysis_detectreg
  • 0.004 network_http
  • 0.003 sniffer_winpcap
  • 0.003 stealth_web_history
  • 0.002 shifu_behavior
  • 0.002 cerber_behavior
  • 0.002 antianalysis_detectfile
  • 0.002 antivm_vpc_files
  • 0.002 banker_cridex
  • 0.002 disables_browser_warn
  • 0.002 malicous_targeted_flame
  • 0.002 proprietary_bad_drop
  • 0.002 network_tor_service
  • 0.001 spreading_autoruninf
  • 0.001 modifies_hostfile
  • 0.001 antisandbox_fortinet_files
  • 0.001 antisandbox_sunbelt_files
  • 0.001 antisandbox_threattrack_files
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bitcoin_opencl
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 network_cnc_http
  • 0.001 ransomware_radamant

Reporting ( 0.601 seconds )

  • 0.52 ReportHTMLSummary
  • 0.081 Malheur
Task ID 744081
Mongo ID 6620ac2d7e769a7c1a16e84a
Cuckoo release 1.4-Maldun