分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-18 13:35:11 | 2024-04-18 13:37:21 | 130 秒 |
文件名 | SpaceSniffer_磁盘清理.exe |
---|---|
文件大小 | 849920 字节 |
文件类型 | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
MD5 | c0500ff614eb785dec51883039c3df9c |
SHA1 | 5d1dc8a359e4f4a00d935a5d9539b5f49d530b19 |
SHA256 | 00833c999d803b4a1c6320998ac1cceaf2ee128da50881e1dbc738ff3fee7938 |
SHA512 | a25a6c2b7646dec4d1ecd028c3ad36c1e8d520beea1ac440c4af9631956a3e69e533be0d76c1289195510ff25ad8b56b91e567f8f132e8b68c2ca74f7a3f90c8 |
CRC32 | DD4780A6 |
Ssdeep | 24576:s9CGLypHmqUFFfaRSYtsHiwBM/tJzktFKeQr5v3Br:sYGDzfaMksHiX/bkfK9r55 |
Yara | 登录查看Yara规则 |
找不到该样本 提交漏报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x006c8090 |
声明校验值 | 0x00000000 |
实际校验值 | 0x000d2669 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2009-12-17 06:12:32 |
载入哈希 | fa7b16add81f1f67fab9c82982a0b353 |
图标 | |
图标精确哈希值 | 5c5bbef8d8c56bea2988225bf200fa63 |
图标相似性哈希值 | 8ce6c3e1fcab8f0b0b2aa98877e65c86 |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
[u'UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser'] |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x00200000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
UPX1 | 0x00201000 | 0x000c8000 | 0x000c7400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.79 |
.rsrc | 0x002c9000 | 0x00008000 | 0x00008000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.45 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
RT_DIALOG | 0x0024e2e0 | 0x00000052 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.71 | data |
RT_DIALOG | 0x0024e2e0 | 0x00000052 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.71 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
RT_GROUP_ICON | 0x002d0728 | 0x00000076 | LANG_ITALIAN | SUBLANG_ITALIAN | 2.86 | MS Windows icon resource - 8 icons, 16x16 |
RT_VERSION | 0x002d07a4 | 0x0000031c | LANG_CHINESE | SUBLANG_NEUTRAL | 3.42 | data |
RT_MANIFEST | 0x002d0ac4 | 0x00000245 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.95 | XML 1.0 document, ASCII text, with CRLF line terminators |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 23.223.198.226 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
无域名信息.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 23.223.198.226 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 744082 |
---|---|
Mongo ID | 6620b1bd7e769a7c1b16eafb |
Cuckoo release | 1.4-Maldun |