分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-2 | 2024-04-18 13:36:32 | 2024-04-18 13:38:44 | 132 秒 |
魔盾分数
2.05
可疑的
文件详细信息
| 文件名 | SpaceSniffer_磁盘清理.exe |
|---|---|
| 文件大小 | 849920 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed |
| MD5 | c0500ff614eb785dec51883039c3df9c |
| SHA1 | 5d1dc8a359e4f4a00d935a5d9539b5f49d530b19 |
| SHA256 | 00833c999d803b4a1c6320998ac1cceaf2ee128da50881e1dbc738ff3fee7938 |
| SHA512 | a25a6c2b7646dec4d1ecd028c3ad36c1e8d520beea1ac440c4af9631956a3e69e533be0d76c1289195510ff25ad8b56b91e567f8f132e8b68c2ca74f7a3f90c8 |
| CRC32 | DD4780A6 |
| Ssdeep | 24576:s9CGLypHmqUFFfaRSYtsHiwBM/tJzktFKeQr5v3Br:sYGDzfaMksHiX/bkfK9r55 |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x006c8090 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000d2669 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2009-12-17 06:12:32 |
| 载入哈希 | fa7b16add81f1f67fab9c82982a0b353 |
| 图标 |  |
| 图标精确哈希值 | 5c5bbef8d8c56bea2988225bf200fa63 |
| 图标相似性哈希值 | 8ce6c3e1fcab8f0b0b2aa98877e65c86 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PEiD 规则
| [u'UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser'] |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x00200000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| UPX1 | 0x00201000 | 0x000c8000 | 0x000c7400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.79 |
| .rsrc | 0x002c9000 | 0x00008000 | 0x00008000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.45 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
| RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
| RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
| RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
| RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
| RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
| RT_CURSOR | 0x0024667c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.16 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_BITMAP | 0x002479e4 | 0x000000e8 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.84 | data |
| RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
| RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
| RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
| RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
| RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
| RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
| RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
| RT_ICON | 0x002ce17c | 0x000025a8 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.82 | data |
| RT_DIALOG | 0x0024e2e0 | 0x00000052 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.71 | data |
| RT_DIALOG | 0x0024e2e0 | 0x00000052 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.71 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_STRING | 0x0024f8f4 | 0x0000014c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.08 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_RCDATA | 0x002c48a0 | 0x00000498 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.92 | data |
| RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
| RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
| RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
| RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
| RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
| RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
| RT_GROUP_CURSOR | 0x002c4db0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.88 | data |
| RT_GROUP_ICON | 0x002d0728 | 0x00000076 | LANG_ITALIAN | SUBLANG_ITALIAN | 2.86 | MS Windows icon resource - 8 icons, 16x16 |
| RT_VERSION | 0x002d07a4 | 0x0000031c | LANG_CHINESE | SUBLANG_NEUTRAL | 3.42 | data |
| RT_MANIFEST | 0x002d0ac4 | 0x00000245 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.95 | XML 1.0 document, ASCII text, with CRLF line terminators |
导入
库: KERNEL32.DLL:
• 0x6d0e10 LoadLibraryA
• 0x6d0e14 GetProcAddress
• 0x6d0e18 VirtualProtect
• 0x6d0e1c VirtualAlloc
• 0x6d0e20 VirtualFree
• 0x6d0e24 ExitProcess
库: ADVAPI32.DLL:
• 0x6d0e2c RegCloseKey
库: COMCTL32.DLL:
• 0x6d0e34 None
库: COMDLG32.DLL:
• 0x6d0e3c ChooseColorA
库: GDI32.DLL:
• 0x6d0e44 BitBlt
库: MSIMG32.DLL:
• 0x6d0e4c GradientFill
库: OLE32.DLL:
• 0x6d0e54 CoInitialize
库: OLEAUT32.DLL:
• 0x6d0e5c VariantInit
库: SHELL32.DLL:
• 0x6d0e64 SHGetMalloc
库: USER32.DLL:
• 0x6d0e6c GetDC
库: VERSION.DLL:
• 0x6d0e74 VerQueryValueA
库: WINMM.DLL:
• 0x6d0e7c timeGetTime
.rsrc
!h,6T
ADS *
xMScT
r32::T*32
C_source
[About *
hVc]t
ge::TPaintBox32
tOOleVariant
oZlE6
}H~6j
^<R5j
. J-N<
]mj&+
xception &
tOXT+$
TF``/
2 Mike Lischke
s3v9e
Boolean
ayou_
TEllipsisPosiwR.S
]lNF
#Outer4
Linesk#%eb
raw@te
T|@(+XPC
p+87F
o % t
!-}gj
VCOMBg9
/BUTTON
erDescriptor
EInvalidGraphic
DVg6I
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49158 | 23.223.198.226 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 50785 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49158 | 23.223.198.226 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 50785 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 28.903 seconds )
- 14.394 VirusTotal
- 11.17 Suricata
- 1.052 NetworkAnalysis
- 1.001 Static
- 0.519 BehaviorAnalysis
- 0.421 TargetInfo
- 0.315 peid
- 0.015 AnalysisInfo
- 0.012 Strings
- 0.002 Memory
- 0.002 config_decoder
Signatures ( 1.603 seconds )
- 1.358 proprietary_url_bl
- 0.033 api_spamming
- 0.027 antiav_detectreg
- 0.026 stealth_decoy_document
- 0.026 stealth_timeout
- 0.009 infostealer_ftp
- 0.009 proprietary_domain_bl
- 0.007 antiemu_wine_func
- 0.007 kovter_behavior
- 0.006 infostealer_browser_password
- 0.005 mimics_filetime
- 0.005 anomaly_persistence_autorun
- 0.005 antiav_detectfile
- 0.005 geodo_banking_trojan
- 0.005 infostealer_im
- 0.004 antidbg_windows
- 0.004 antianalysis_detectreg
- 0.004 infostealer_bitcoin
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 bootkit
- 0.003 stealth_file
- 0.003 reads_self
- 0.003 antivm_generic_disk
- 0.003 virus
- 0.003 antivm_vbox_files
- 0.003 infostealer_mail
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 disables_browser_warn
- 0.001 rat_nanocore
- 0.001 dridex_behavior
- 0.001 antivm_generic_services
- 0.001 antivm_vbox_window
- 0.001 betabot_behavior
- 0.001 ransomeware_modifies_desktop_wallpaper
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 cerber_behavior
- 0.001 hancitor_behavior
- 0.001 antianalysis_detectfile
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 proprietary_bad_drop
- 0.001 network_cnc_http
Reporting ( 0.543 seconds )
- 0.486 ReportHTMLSummary
- 0.057 Malheur
| Task ID | 744083 |
|---|---|
| Mongo ID | 6620b2117e769a7c1916e78c |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号