分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2024-04-25 01:29:56 | 2024-04-25 01:32:07 | 131 秒 |
魔盾分数
1.275
正常的
文件详细信息
| 文件名 | xsdzs.exe |
|---|---|
| 文件大小 | 433152 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | 7ceeb97622f3bc139ee2cd40173ed277 |
| SHA1 | 13e5fabac6d8317119b59b4036be5c18c2206256 |
| SHA256 | 54cec8c074173fd454441e11d3c20a16cb06f8f8b6424cad1e84d86bfb81a897 |
| SHA512 | db342a7a09d76035d9d7ea29f9076fb64c8d9aedbcc6255d65b7cb8c3f0b990aff8d1fb7491dec0dd1f16f6185ac26dfc484aea228845ed2bf72e224066957f4 |
| CRC32 | DD5E231E |
| Ssdeep | 12288:qacbCOrRQIYwYyE9UbvhPOPJbGVLNzR11gF:qa/OtfbEqbvhGJqJNBgF |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| dzs.hongkewangluo.com | 未知 | NXDOMAIN |
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0046b0ce |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x00078dec |
| 最低操作系统版本要求 | 4.0 |
| PDB路径 | C:\Users\Administrator\source\repos\kfyx.chen\xsdzs\obj\Debug\xsdzs.pdb |
| 编译时间 | 2053-11-14 02:18:29 |
| 载入哈希 | f34d5f2d4577ed6d9ceec516c1f5a744 |
版本信息
| Translation | |
|---|---|
| LegalCopyright | |
| Assembly Version | |
| InternalName | |
| FileVersion | |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x000690d4 | 0x00069200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.96 |
| .rsrc | 0x0006c000 | 0x00000600 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.04 |
| .reloc | 0x0006e000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.10 |
导入
库: mscoree.dll:
• 0x402000 _CorExeMain
装载信息
| 名称 | xsdzs |
|---|---|
| 版本 | 1.0.0.0 |
装载参考
| 名称 | 版本 |
|---|---|
| mscorlib | 4.0.0.0 |
| System.Windows.Forms | 4.0.0.0 |
| System | 4.0.0.0 |
| System.Drawing | 4.0.0.0 |
| PdfSharp | 1.50.5147.0 |
| HtmlAgilityPack | 1.11.46.0 |
| System.Core | 4.0.0.0 |
自定义属性
| 类型 | 名称 | 值 |
|---|---|---|
| Assembly | [mscorlib]System.Reflection.AssemblyFileVersionAttribute | 1.0.0 |
| Assembly | [mscorlib]System.Reflection.AssemblyTitleAttribute | xsd |
| Assembly | [mscorlib]System.Reflection.AssemblyProductAttribute | xsd |
| Assembly | [mscorlib]System.Reflection.AssemblyCopyrightAttribute | Copyright \xc2\xa9 20 |
| Assembly | [mscorlib]System.Runtime.InteropServices.GuidAttribute | 2468e7bc-7282-4bc1-b333-c6addd9dba |
类型参考
| 装载 | 类型名称 |
|---|---|
| HtmlAgilityPack | HtmlAgilityPack.HtmlAttribute |
| HtmlAgilityPack | HtmlAgilityPack.HtmlAttributeCollection |
| HtmlAgilityPack | HtmlAgilityPack.HtmlDocument |
| HtmlAgilityPack | HtmlAgilityPack.HtmlNode |
| HtmlAgilityPack | HtmlAgilityPack.HtmlNodeCollection |
| HtmlAgilityPack | HtmlAgilityPack.HtmlWeb |
| PdfSharp | PdfSharp.Drawing.XGraphics |
| PdfSharp | PdfSharp.Drawing.XImage |
| PdfSharp | PdfSharp.Drawing.XUnit |
| PdfSharp | PdfSharp.Pdf.PdfDocument |
| PdfSharp | PdfSharp.Pdf.PdfPage |
| System | System.CodeDom.Compiler.GeneratedCodeAttribute |
| System | System.ComponentModel.EditorBrowsableAttribute |
| System | System.ComponentModel.EditorBrowsableState |
| System | System.ComponentModel.IContainer |
| System | System.ComponentModel.ISupportInitialize |
| System | System.Configuration.ApplicationSettingsBase |
| System | System.Configuration.SettingsBase |
| System | System.IO.Compression.CompressionMode |
| System | System.IO.Compression.DeflateStream |
| System | System.Net.SecurityProtocolType |
| System | System.Net.ServicePointManager |
| System | System.Net.WebClient |
| System | System.Text.RegularExpressions.Capture |
| System | System.Text.RegularExpressions.Group |
| System | System.Text.RegularExpressions.GroupCollection |
| System | System.Text.RegularExpressions.Match |
| System | System.Text.RegularExpressions.Regex |
| System.Core | System.Linq.Enumerable |
| System.Drawing | System.Drawing.Bitmap |
| System.Drawing | System.Drawing.ContentAlignment |
| System.Drawing | System.Drawing.Font |
| System.Drawing | System.Drawing.FontStyle |
| System.Drawing | System.Drawing.Graphics |
| System.Drawing | System.Drawing.GraphicsUnit |
| System.Drawing | System.Drawing.Image |
| System.Drawing | System.Drawing.Imaging.ImageFormat |
| System.Drawing | System.Drawing.Point |
| System.Drawing | System.Drawing.Printing.PrintDocument |
| System.Drawing | System.Drawing.Printing.PrintPageEventArgs |
| System.Drawing | System.Drawing.Printing.PrintPageEventHandler |
| System.Drawing | System.Drawing.Rectangle |
| System.Drawing | System.Drawing.Size |
| System.Drawing | System.Drawing.SizeF |
| System.Windows.Forms | System.Windows.Forms.Application |
| System.Windows.Forms | System.Windows.Forms.AutoScaleMode |
| System.Windows.Forms | System.Windows.Forms.BorderStyle |
| System.Windows.Forms | System.Windows.Forms.Button |
| System.Windows.Forms | System.Windows.Forms.ButtonBase |
| System.Windows.Forms | System.Windows.Forms.ColumnStyle |
| System.Windows.Forms | System.Windows.Forms.CommonDialog |
| System.Windows.Forms | System.Windows.Forms.ContainerControl |
| System.Windows.Forms | System.Windows.Forms.Control |
| System.Windows.Forms | System.Windows.Forms.Control/ControlCollection |
| System.Windows.Forms | System.Windows.Forms.DialogResult |
| System.Windows.Forms | System.Windows.Forms.DockStyle |
| System.Windows.Forms | System.Windows.Forms.FileDialog |
| System.Windows.Forms | System.Windows.Forms.FlatStyle |
| System.Windows.Forms | System.Windows.Forms.FolderBrowserDialog |
| System.Windows.Forms | System.Windows.Forms.Form |
| System.Windows.Forms | System.Windows.Forms.FormStartPosition |
| System.Windows.Forms | System.Windows.Forms.Help |
| System.Windows.Forms | System.Windows.Forms.Label |
| System.Windows.Forms | System.Windows.Forms.MessageBox |
| System.Windows.Forms | System.Windows.Forms.MessageBoxButtons |
| System.Windows.Forms | System.Windows.Forms.MessageBoxIcon |
| System.Windows.Forms | System.Windows.Forms.MouseButtons |
| System.Windows.Forms | System.Windows.Forms.MouseEventArgs |
| System.Windows.Forms | System.Windows.Forms.Orientation |
| System.Windows.Forms | System.Windows.Forms.Padding |
| System.Windows.Forms | System.Windows.Forms.PictureBox |
| System.Windows.Forms | System.Windows.Forms.PictureBoxSizeMode |
| System.Windows.Forms | System.Windows.Forms.PrintDialog |
| System.Windows.Forms | System.Windows.Forms.ProgressBarStyle |
| System.Windows.Forms | System.Windows.Forms.RowStyle |
| System.Windows.Forms | System.Windows.Forms.SaveFileDialog |
| System.Windows.Forms | System.Windows.Forms.SizeType |
| System.Windows.Forms | System.Windows.Forms.SplitContainer |
| System.Windows.Forms | System.Windows.Forms.SplitterPanel |
| System.Windows.Forms | System.Windows.Forms.StatusStrip |
| System.Windows.Forms | System.Windows.Forms.TableLayoutColumnStyleCollection |
| System.Windows.Forms | System.Windows.Forms.TableLayoutControlCollection |
| System.Windows.Forms | System.Windows.Forms.TableLayoutPanel |
| System.Windows.Forms | System.Windows.Forms.TableLayoutRowStyleCollection |
| System.Windows.Forms | System.Windows.Forms.ToolStrip |
| System.Windows.Forms | System.Windows.Forms.ToolStripItem |
| System.Windows.Forms | System.Windows.Forms.ToolStripItemCollection |
| System.Windows.Forms | System.Windows.Forms.ToolStripProgressBar |
| System.Windows.Forms | System.Windows.Forms.ToolStripStatusLabel |
| System.Windows.Forms | System.Windows.Forms.TreeNode |
| System.Windows.Forms | System.Windows.Forms.TreeNodeCollection |
| System.Windows.Forms | System.Windows.Forms.TreeNodeMouseClickEventArgs |
| System.Windows.Forms | System.Windows.Forms.TreeNodeMouseClickEventHandler |
| System.Windows.Forms | System.Windows.Forms.TreeView |
| mscorlib | System.Action`1 |
| mscorlib | System.AppDomain |
| mscorlib | System.Byte |
| mscorlib | System.Char |
| mscorlib | System.Collections.Generic.Dictionary`2 |
| mscorlib | System.Collections.Generic.Dictionary`2/Enumerator |
| mscorlib | System.Collections.Generic.IEnumerable`1 |
| mscorlib | System.Collections.Generic.IEnumerator`1 |
| mscorlib | System.Collections.Generic.KeyValuePair`2 |
| mscorlib | System.Collections.Generic.List`1 |
| mscorlib | System.Collections.IEnumerator |
| mscorlib | System.Diagnostics.DebuggableAttribute |
| mscorlib | System.Diagnostics.DebuggableAttribute/DebuggingModes |
| mscorlib | System.Diagnostics.DebuggerHiddenAttribute |
| mscorlib | System.Diagnostics.DebuggerNonUserCodeAttribute |
| mscorlib | System.Diagnostics.DebuggerStepThroughAttribute |
| mscorlib | System.EventArgs |
| mscorlib | System.EventHandler |
| mscorlib | System.Exception |
| mscorlib | System.Func`1 |
| mscorlib | System.GC |
| mscorlib | System.Globalization.CultureInfo |
| mscorlib | System.IDisposable |
| mscorlib | System.IO.File |
| mscorlib | System.IO.MemoryStream |
| mscorlib | System.IO.Path |
| mscorlib | System.IO.Stream |
| mscorlib | System.Int32 |
| mscorlib | System.Object |
| mscorlib | System.Reflection.Assembly |
| mscorlib | System.Reflection.AssemblyCompanyAttribute |
| mscorlib | System.Reflection.AssemblyConfigurationAttribute |
| mscorlib | System.Reflection.AssemblyCopyrightAttribute |
| mscorlib | System.Reflection.AssemblyDescriptionAttribute |
| mscorlib | System.Reflection.AssemblyFileVersionAttribute |
| mscorlib | System.Reflection.AssemblyName |
| mscorlib | System.Reflection.AssemblyNameFlags |
| mscorlib | System.Reflection.AssemblyProductAttribute |
| mscorlib | System.Reflection.AssemblyTitleAttribute |
| mscorlib | System.Reflection.AssemblyTrademarkAttribute |
| mscorlib | System.ResolveEventArgs |
| mscorlib | System.ResolveEventHandler |
| mscorlib | System.Resources.ResourceManager |
| mscorlib | System.Runtime.CompilerServices.AsyncStateMachineAttribute |
| mscorlib | System.Runtime.CompilerServices.AsyncTaskMethodBuilder |
| mscorlib | System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1 |
| mscorlib | System.Runtime.CompilerServices.AsyncVoidMethodBuilder |
| mscorlib | System.Runtime.CompilerServices.CompilationRelaxationsAttribute |
| mscorlib | System.Runtime.CompilerServices.CompilerGeneratedAttribute |
| mscorlib | System.Runtime.CompilerServices.IAsyncStateMachine |
| mscorlib | System.Runtime.CompilerServices.RuntimeCompatibilityAttribute |
| mscorlib | System.Runtime.CompilerServices.TaskAwaiter |
| mscorlib | System.Runtime.CompilerServices.TaskAwaiter`1 |
| mscorlib | System.Runtime.InteropServices.ComVisibleAttribute |
| mscorlib | System.Runtime.InteropServices.GuidAttribute |
| mscorlib | System.Runtime.Versioning.TargetFrameworkAttribute |
| mscorlib | System.RuntimeTypeHandle |
| mscorlib | System.STAThreadAttribute |
| mscorlib | System.String |
| mscorlib | System.StringComparison |
| mscorlib | System.Text.Encoding |
| mscorlib | System.Threading.Interlocked |
| mscorlib | System.Threading.Monitor |
| mscorlib | System.Threading.Tasks.Task |
| mscorlib | System.Threading.Tasks.Task`1 |
| mscorlib | System.Type |
.text
`.rsrc
@.reloc
M@~Q@~c
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.223.199.177 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 57526 | 192.168.122.1 | 53 |
| 192.168.122.201 | 63246 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| dzs.hongkewangluo.com | 未知 | NXDOMAIN |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 23.223.199.177 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 57526 | 192.168.122.1 | 53 |
| 192.168.122.201 | 63246 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 31.413 seconds )
- 10.833 Suricata
- 10.676 NetworkAnalysis
- 4.173 VirusTotal
- 2.106 AnalysisInfo
- 1.694 Static
- 0.669 BehaviorAnalysis
- 0.549 TargetInfo
- 0.429 peid
- 0.27 static_dotnet
- 0.011 Strings
- 0.002 Memory
- 0.001 config_decoder
Signatures ( 1.779 seconds )
- 1.411 proprietary_url_bl
- 0.04 antiav_detectreg
- 0.031 proprietary_domain_bl
- 0.03 api_spamming
- 0.024 stealth_timeout
- 0.023 stealth_decoy_document
- 0.018 infostealer_ftp
- 0.014 antiav_detectfile
- 0.011 infostealer_im
- 0.01 infostealer_bitcoin
- 0.008 antianalysis_detectreg
- 0.007 antiemu_wine_func
- 0.007 infostealer_browser_password
- 0.007 kovter_behavior
- 0.006 anomaly_persistence_autorun
- 0.006 antivm_generic_scsi
- 0.006 antivm_vbox_files
- 0.006 infostealer_mail
- 0.005 geodo_banking_trojan
- 0.005 darkcomet_regkeys
- 0.004 mimics_filetime
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 bootkit
- 0.003 stealth_file
- 0.003 antivm_generic_services
- 0.003 proprietary_anomaly_massive_file_ops
- 0.003 betabot_behavior
- 0.003 reads_self
- 0.003 antivm_generic_disk
- 0.003 virus
- 0.003 codelux_behavior
- 0.003 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 antivm_vbox_libs
- 0.002 rat_nanocore
- 0.002 antiav_avast_libs
- 0.002 injection_createremotethread
- 0.002 antisandbox_sunbelt_libs
- 0.002 kibex_behavior
- 0.002 antidbg_windows
- 0.002 anormaly_invoke_kills
- 0.002 hancitor_behavior
- 0.002 antidbg_devices
- 0.002 antivm_parallels_keys
- 0.002 antivm_xen_keys
- 0.002 disables_browser_warn
- 0.002 malicous_targeted_flame
- 0.002 proprietary_anomaly_invoke_vb_vba
- 0.002 proprietary_bad_drop
- 0.002 network_torgateway
- 0.001 hawkeye_behavior
- 0.001 network_tor
- 0.001 dridex_behavior
- 0.001 kazybot_behavior
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 cerber_behavior
- 0.001 injection_runpe
- 0.001 antianalysis_detectfile
- 0.001 antisandbox_productid
- 0.001 antivm_generic_diskreg
- 0.001 antivm_vmware_files
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 proprietary_anomaly_commands
- 0.001 proprietary_network_blacklist
- 0.001 network_cnc_http
- 0.001 rat_pcclient
- 0.001 recon_fingerprint
Reporting ( 0.555 seconds )
- 0.499 ReportHTMLSummary
- 0.056 Malheur
| Task ID | 744297 |
|---|---|
| Mongo ID | 66294246dc327bb940838f19 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号