比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-04-26 09:00:34 2024-04-26 09:01:13 39 秒

魔盾分数

9.875

危险的

文件详细信息

文件名 ProcessGovernor.exe
文件大小 1291160 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 9f69590ea0c52f140406bcfb7106a4c0
SHA1 d03d36c9d42f8fcb404057a02bae2932ccb11f41
SHA256 b92fc4d600cb21ad91af944616e7a0bb2ce79a782c822303e6661db5353290a1
SHA512 8a9490c6034c6a5d970dc313840be8c856efd234345902cd8e5c2d0669130cea5d20a2884b250f1dd528780bc28fc760e4fb96846294ed985924d6683a6c1f88
CRC32 227C2923
Ssdeep 24576:y3MJYI4mj337UXuX6D2VUugC+1w4iBzo8ug:y3MJYIXD7BX6D2/gCU0t
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x14009546c
声明校验值 0x00144d42
实际校验值 0x00144d42
最低操作系统版本要求 6.0
PDB路径 c:\pl\output\ProcessGovernor.pdb
编译时间 2024-04-17 22:23:40
载入哈希 f43d794eb38694fa05c8366f0853d4e2

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Wed Apr 17 22:26:35 2024
WinVerifyTrust returned error 0x80096010
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert Trusted Root G4
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 075959 2031
SHA1 哈希 a99d5b79e9f1cda59cdab6373169d5353f5874c6
证书链 Certificate Chain 3
发行给 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
发行人 DigiCert Trusted Root G4
有效期 Tue Apr 29 075959 2036
SHA1 哈希 7b0f360b775f76c94a12ca48445aa2d2a875701c
证书链 Certificate Chain 4
发行给 Bitsum LLC
发行人 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
有效期 Sun Mar 09 075959 2025
SHA1 哈希 d711d20586f0e0c654a9b0d3aa5ec9bc4295b5dc
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert Trusted Root G4
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 075959 2031
SHA1 哈希 a99d5b79e9f1cda59cdab6373169d5353f5874c6
证书链 Timestamp Chain 3
发行给 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
发行人 DigiCert Trusted Root G4
有效期 Mon Mar 23 075959 2037
SHA1 哈希 b6c8af834d4e53b673c76872aa8c950c7c54df5f
证书链 Timestamp Chain 4
发行给 DigiCert Timestamp 2023
发行人 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
有效期 Sat Oct 14 075959 2034
SHA1 哈希 66f02b32c2c2c90f825dceaa8ac9c64f199ccf40

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000c7a9e 0x000c7c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.43
.rdata 0x000c9000 0x00029da2 0x00029e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.09
.data 0x000f3000 0x000095ec 0x00005800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.05
.pdata 0x000fd000 0x00007770 0x00007800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.89
_RDATA 0x00105000 0x000001f4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.21
.rsrc 0x00106000 0x000387d0 0x00038800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.40
.reloc 0x0013f000 0x000010b8 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.32

导入

库: KERNEL32.dll:
0x1400c9158 GetDateFormatEx
0x1400c9160 OpenEventW
0x1400c9168 GetVersionExW
0x1400c9170 ReleaseMutex
0x1400c9178 OpenProcess
0x1400c9180 CreateEventW
0x1400c9188 Sleep
0x1400c9190 GetTickCount64
0x1400c9198 SetEvent
0x1400c91a0 FileTimeToSystemTime
0x1400c91a8 GetCurrentThread
0x1400c91b0 TerminateThread
0x1400c91b8 DeleteFileW
0x1400c91c0 LoadLibraryW
0x1400c91c8 CreateThread
0x1400c91d0 ResetEvent
0x1400c91d8 FileTimeToLocalFileTime
0x1400c91e0 GetCurrentDirectoryW
0x1400c91e8 SetThreadPriorityBoost
0x1400c91f0 GetProcAddress
0x1400c91f8 GetFileSize
0x1400c9200 ExitProcess
0x1400c9208 GetComputerNameW
0x1400c9210 GetCurrentProcessId
0x1400c9218 CreateProcessW
0x1400c9220 SetThreadExecutionState
0x1400c9228 GetModuleHandleW
0x1400c9230 FreeLibrary
0x1400c9238 GetSystemTime
0x1400c9240 GetTickCount
0x1400c9248 GetProcessTimes
0x1400c9258 GlobalMemoryStatusEx
0x1400c9278 SetEndOfFile
0x1400c9280 SetFilePointer
0x1400c9290 SetThreadPriority
0x1400c92a0 WaitForMultipleObjects
0x1400c92a8 GetProcessAffinityMask
0x1400c92b0 GetTimeFormatEx
0x1400c92b8 WriteFile
0x1400c92c0 SetProcessAffinityMask
0x1400c92c8 GetCurrentProcess
0x1400c92d0 GetCommandLineW
0x1400c92d8 SetPriorityClass
0x1400c92e0 ReadFile
0x1400c92e8 CreateDirectoryW
0x1400c92f0 SetProcessPriorityBoost
0x1400c92f8 LeaveCriticalSection
0x1400c9300 EnterCriticalSection
0x1400c9308 GetSystemInfo
0x1400c9310 CloseHandle
0x1400c9318 MultiByteToWideChar
0x1400c9320 GetFileAttributesW
0x1400c9330 GetFileTime
0x1400c9338 GetSystemTimeAsFileTime
0x1400c9340 GetProcessHeap
0x1400c9348 DeleteCriticalSection
0x1400c9350 HeapDestroy
0x1400c9358 DecodePointer
0x1400c9360 HeapAlloc
0x1400c9368 FindResourceW
0x1400c9370 LoadResource
0x1400c9378 FindResourceExW
0x1400c9380 CreateMutexW
0x1400c9388 HeapReAlloc
0x1400c9390 LockResource
0x1400c93a0 GetActiveProcessorCount
0x1400c93a8 CreateToolhelp32Snapshot
0x1400c93b0 Thread32First
0x1400c93b8 Thread32Next
0x1400c93c0 OpenThread
0x1400c93c8 SetThreadGroupAffinity
0x1400c93d0 FormatMessageW
0x1400c93d8 GetProcessGroupAffinity
0x1400c93e0 LocalFree
0x1400c93e8 WideCharToMultiByte
0x1400c93f0 VerifyVersionInfoW
0x1400c93f8 GetLastError
0x1400c9400 GetPriorityClass
0x1400c9408 SetProcessWorkingSetSize
0x1400c9410 TerminateProcess
0x1400c9420 GetHandleInformation
0x1400c9428 GetUserDefaultUILanguage
0x1400c9430 GetModuleFileNameW
0x1400c9438 GetStartupInfoW
0x1400c9440 ProcessIdToSessionId
0x1400c9448 SetLastError
0x1400c9458 MoveFileW
0x1400c9460 GetSystemDirectoryW
0x1400c9468 GlobalAlloc
0x1400c9470 GlobalLock
0x1400c9478 GlobalUnlock
0x1400c9480 GetProcessPriorityBoost
0x1400c9488 ResumeThread
0x1400c9490 GetLocalTime
0x1400c9498 OpenMutexW
0x1400c94a0 K32GetModuleBaseNameW
0x1400c94a8 GetDateFormatW
0x1400c94b0 GetTimeFormatW
0x1400c94b8 GetCurrentThreadId
0x1400c94c0 SuspendThread
0x1400c94c8 GetExitCodeThread
0x1400c94d0 MoveFileExW
0x1400c94d8 FlushFileBuffers
0x1400c94e0 FindNextFileW
0x1400c94e8 LocalAlloc
0x1400c94f0 MulDiv
0x1400c94f8 LocalLock
0x1400c9500 LocalUnlock
0x1400c9508 ReleaseSRWLockExclusive
0x1400c9510 AcquireSRWLockExclusive
0x1400c9520 WaitForSingleObjectEx
0x1400c9528 LoadLibraryExW
0x1400c9530 GetStringTypeW
0x1400c9538 EncodePointer
0x1400c9540 QueryPerformanceCounter
0x1400c9548 WakeAllConditionVariable
0x1400c9558 CompareStringEx
0x1400c9560 GetCPInfo
0x1400c9568 LCMapStringEx
0x1400c9570 IsDebuggerPresent
0x1400c9578 OutputDebugStringW
0x1400c9580 RaiseException
0x1400c9588 RtlCaptureContext
0x1400c9590 RtlLookupFunctionEntry
0x1400c9598 RtlVirtualUnwind
0x1400c95a0 UnhandledExceptionFilter
0x1400c95b0 InitializeSListHead
0x1400c95b8 RtlUnwindEx
0x1400c95c0 RtlPcToFileHeader
0x1400c95c8 TlsAlloc
0x1400c95d0 TlsGetValue
0x1400c95d8 TlsSetValue
0x1400c95e0 TlsFree
0x1400c95e8 ExitThread
0x1400c95f0 FreeLibraryAndExitThread
0x1400c95f8 GetModuleHandleExW
0x1400c9600 GetStdHandle
0x1400c9608 GetCommandLineA
0x1400c9610 GetFileType
0x1400c9618 FlsAlloc
0x1400c9620 FlsGetValue
0x1400c9628 FlsSetValue
0x1400c9630 FlsFree
0x1400c9638 CompareStringW
0x1400c9640 LCMapStringW
0x1400c9648 GetLocaleInfoW
0x1400c9650 IsValidLocale
0x1400c9658 GetUserDefaultLCID
0x1400c9660 EnumSystemLocalesW
0x1400c9668 GetFileSizeEx
0x1400c9670 SetFilePointerEx
0x1400c9678 GetTimeZoneInformation
0x1400c9680 FindClose
0x1400c9688 FindFirstFileExW
0x1400c9690 IsValidCodePage
0x1400c9698 GetACP
0x1400c96a0 GetOEMCP
0x1400c96a8 GetEnvironmentStringsW
0x1400c96b0 FreeEnvironmentStringsW
0x1400c96b8 SetEnvironmentVariableW
0x1400c96c0 SetStdHandle
0x1400c96c8 GetConsoleOutputCP
0x1400c96d0 GetConsoleMode
0x1400c96d8 WriteConsoleW
0x1400c96e0 HeapSize
0x1400c96e8 CreateFileW
0x1400c96f0 WaitForSingleObject
0x1400c9700 HeapFree
0x1400c9708 SizeofResource
0x1400c9710 VerSetConditionMask
0x1400c9718 GetLocaleInfoEx
库: USER32.dll:
0x1400c9790 SetRect
0x1400c9798 GetActiveWindow
0x1400c97a0 GetLastActivePopup
0x1400c97a8 MessageBeep
0x1400c97b0 BeginPaint
0x1400c97b8 DrawIcon
0x1400c97c0 EndPaint
0x1400c97c8 GetSysColor
0x1400c97d0 GetDialogBaseUnits
0x1400c97d8 SystemParametersInfoW
0x1400c97e0 DrawTextW
0x1400c97e8 LoadIconW
0x1400c97f0 DestroyIcon
0x1400c97f8 FillRect
0x1400c9800 IsWindow
0x1400c9808 GetClassNameW
0x1400c9810 EnableMenuItem
0x1400c9818 GetSystemMenu
0x1400c9820 SetFocus
0x1400c9828 SetWindowPos
0x1400c9830 SetForegroundWindow
0x1400c9838 GetWindowRect
0x1400c9840 MoveWindow
0x1400c9848 SetTimer
0x1400c9850 KillTimer
0x1400c9858 WinHelpW
0x1400c9860 RedrawWindow
0x1400c9868 GetAsyncKeyState
0x1400c9870 PeekMessageW
0x1400c9878 IsDialogMessageW
0x1400c9880 TranslateMessage
0x1400c9888 DispatchMessageW
0x1400c9890 WaitMessage
0x1400c9898 PostQuitMessage
0x1400c98a0 DestroyWindow
0x1400c98a8 EnumWindows
0x1400c98b0 IsWindowVisible
0x1400c98b8 GetWindow
0x1400c98c0 SendMessageW
0x1400c98c8 GetSystemMetrics
0x1400c98d0 GetClientRect
0x1400c98d8 LoadStringW
0x1400c98e0 wvsprintfW
0x1400c98e8 GetWindowLongPtrW
0x1400c98f0 SetWindowLongPtrW
0x1400c98f8 SetWindowTextW
0x1400c9900 CloseClipboard
0x1400c9908 SetClipboardData
0x1400c9910 EmptyClipboard
0x1400c9918 OpenClipboard
0x1400c9920 EnableWindow
0x1400c9928 GetWindowTextW
0x1400c9930 CheckDlgButton
0x1400c9940 MessageBoxW
0x1400c9948 GetDlgItem
0x1400c9950 GetParent
0x1400c9958 PostMessageW
0x1400c9960 GetForegroundWindow
0x1400c9968 GetWindowThreadProcessId
0x1400c9970 GetLastInputInfo
库: ADVAPI32.dll:
0x1400c9000 DuplicateTokenEx
0x1400c9008 EnumServicesStatusExW
0x1400c9010 StartServiceW
0x1400c9018 QueryServiceStatus
0x1400c9020 QueryServiceConfigW
0x1400c9028 CloseServiceHandle
0x1400c9030 OpenServiceW
0x1400c9038 GetUserNameW
0x1400c9050 OpenProcessToken
0x1400c9058 LookupPrivilegeValueW
0x1400c9060 AdjustTokenPrivileges
0x1400c9068 RegOpenKeyExW
0x1400c9070 RegCreateKeyExW
0x1400c9078 RegDeleteValueW
0x1400c9080 RegCloseKey
0x1400c9088 RegQueryValueExW
0x1400c9090 RegSetValueExW
0x1400c9098 GetTokenInformation
0x1400c90a0 ControlService
0x1400c90a8 ConvertStringSidToSidW
0x1400c90b0 SetTokenInformation
0x1400c90b8 GetLengthSid
0x1400c90c0 CreateProcessAsUserW
0x1400c90c8 LookupAccountSidW
0x1400c90d0 GetSidSubAuthorityCount
0x1400c90d8 GetSidSubAuthority
0x1400c90e0 RegDeleteKeyW
0x1400c90e8 RegQueryInfoKeyW
0x1400c90f0 RegEnumKeyExW
0x1400c90f8 OpenSCManagerW
库: SHELL32.dll:
0x1400c9758 ShellExecuteExW
0x1400c9760 SHGetSpecialFolderPathW
0x1400c9768 ShellExecuteW
0x1400c9770 SHCreateDirectoryExW
库: OLEAUT32.dll:
0x1400c9728 SysFreeString
0x1400c9730 VariantClear
库: WTSAPI32.dll:
0x1400c9980 WTSFreeMemory
库: SHLWAPI.dll:
0x1400c9780 SHDeleteKeyW
库: pdh.dll:
0x1400c99c0 PdhCloseQuery
0x1400c99c8 PdhCollectQueryData
0x1400c99d0 PdhAddEnglishCounterW
0x1400c99e0 PdhRemoveCounter
0x1400c99e8 PdhOpenQueryW
库: dbghelp.dll:
0x1400c9998 MiniDumpWriteDump
库: RPCRT4.dll:
0x1400c9740 UuidCreate
0x1400c9748 UuidFromStringW
库: GDI32.dll:
0x1400c9108 SetTextColor
0x1400c9110 SetBkColor
0x1400c9118 SelectObject
0x1400c9120 DeleteDC
0x1400c9128 CreateFontIndirectW
0x1400c9130 CreateDCW
0x1400c9138 CreateSolidBrush
0x1400c9140 DeleteObject
0x1400c9148 GetTextExtentPoint32W
库: ole32.dll:
0x1400c99a8 StringFromGUID2
0x1400c99b0 IIDFromString
.text
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
D$(Hc
D$(Hc
L$HH=
L$PH=
L$XH=
L$`H=
L$hH=
uL@85
没有防病毒引擎扫描信息!

进程树

ProcessGovernor.exe, PID: 2604, 上一级进程 PID: 2244
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.206.229.72 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.206.229.72 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 29.122 seconds )

  • 11.811 Suricata
  • 10.108 NetworkAnalysis
  • 3.756 Static
  • 2.373 AnalysisInfo
  • 0.526 TargetInfo
  • 0.437 peid
  • 0.083 BehaviorAnalysis
  • 0.014 Memory
  • 0.011 Strings
  • 0.003 config_decoder

Signatures ( 1.626 seconds )

  • 1.404 proprietary_url_bl
  • 0.116 ransomware_extensions
  • 0.019 antiav_detectreg
  • 0.012 proprietary_domain_bl
  • 0.008 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_im
  • 0.004 api_spamming
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_files
  • 0.003 stealth_decoy_document
  • 0.003 stealth_timeout
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.584 seconds )

  • 0.575 ReportHTMLSummary
  • 0.009 Malheur
Task ID 744324
Mongo ID 662afd1fdc327b93ae415aa3
Cuckoo release 1.4-Maldun