恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2024-04-26 09:46:12	2024-04-26 09:48:23	131 秒

魔盾分数

0.35

正常的

文件详细信息

文件名	winsharedutils64.dll
文件大小	115200 字节
文件类型	PE32+ executable (DLL) (console) x86-64, for MS Windows
MD5	e378c5e23a8066f0fb9971c59eed51d5
SHA1	fcc390772ae140da49587bc082f53b3bb343f533
SHA256	0128b8b83d9ac20b194b6319987968b2b64b239c7308db7bbe25b56872eddcaa
SHA512	36c88cd2654b2895e8240764345a03fbc8bbca5d491820aa76ca9bc9dd8125763bee523a146aa1fd6da1e488d781a5b40c5b6d8ee692b222e24ab03b550f9523
CRC32	97B1D6EC
Ssdeep	3072:E3cC5UIdAurYS+/Or0OPwOVSo2iRnSVrWfr24Ru:E3cC/dAusS90OPrV+iRnsWtR
Yara	登录查看Yara规则
	找不到该样本提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x180000000
入口地址	0x180008ba4
声明校验值	0x00000000
实际校验值	0x0002b583
最低操作系统版本要求	6.0
编译时间	2024-04-26 07:40:22
载入哈希	d404dd21218d9e6c6b73f277e6c778ff
导出DLL库名称	\x31\x31\x31\x31\x31\x39\x31\x31\x31\x31\x31\x31\x31\x31\x35\x35\x34\x31\x31\x31

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00011fd8	0x00012000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.35
.rdata	0x00013000	0x00007a36	0x00007c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.79
.data	0x0001b000	0x000010c0	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.04
.pdata	0x0001d000	0x00001434	0x00001600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.70
.rsrc	0x0001f000	0x000001e0	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.72
.reloc	0x00020000	0x00000250	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	3.87

导入

库: dwmapi.dll:

• 0x1800133b8 DwmSetWindowAttribute

库: KERNEL32.dll:

• 0x180013090 GlobalLock

• 0x180013098 GetLastError

• 0x1800130a0 InitializeCriticalSectionEx

• 0x1800130a8 DeleteCriticalSection

• 0x1800130b0 GetModuleFileNameW

• 0x1800130b8 MulDiv

• 0x1800130c0 WriteFile

• 0x1800130c8 CreatePipe

• 0x1800130d0 WakeAllConditionVariable

• 0x1800130d8 AcquireSRWLockExclusive

• 0x1800130e0 ReleaseSRWLockExclusive

• 0x1800130e8 RtlCaptureContext

• 0x1800130f0 RtlLookupFunctionEntry

• 0x1800130f8 RtlVirtualUnwind

• 0x180013100 UnhandledExceptionFilter

• 0x180013108 SetUnhandledExceptionFilter

• 0x180013110 GetCurrentProcess

• 0x180013118 TerminateProcess

• 0x180013120 IsProcessorFeaturePresent

• 0x180013128 IsDebuggerPresent

• 0x180013130 GlobalUnlock

• 0x180013138 QueryPerformanceCounter

• 0x180013140 GetCurrentProcessId

• 0x180013148 GetCurrentThreadId

• 0x180013150 GetSystemTimeAsFileTime

• 0x180013158 InitializeSListHead

• 0x180013160 CreateSemaphoreW

• 0x180013168 TryAcquireSRWLockExclusive

• 0x180013170 GlobalSize

• 0x180013178 GlobalAlloc

• 0x180013180 Sleep

• 0x180013188 WaitForSingleObject

• 0x180013190 LoadLibraryW

• 0x180013198 GetProcAddress

• 0x1800131a0 CompareStringOrdinal

• 0x1800131a8 GetModuleHandleW

• 0x1800131b0 EncodePointer

• 0x1800131b8 SleepConditionVariableSRW

• 0x1800131c0 MultiByteToWideChar

• 0x1800131c8 EnterCriticalSection

• 0x1800131d0 GetModuleHandleExW

• 0x1800131d8 ReleaseSemaphore

• 0x1800131e0 IsWow64Process

• 0x1800131e8 GetNativeSystemInfo

• 0x1800131f0 OpenProcess

• 0x1800131f8 GetExitCodeProcess

• 0x180013200 CloseHandle

• 0x180013208 ExitProcess

• 0x180013210 FreeLibrary

• 0x180013218 LeaveCriticalSection

• 0x180013220 LocalFree

• 0x180013228 OutputDebugStringW

• 0x180013230 RaiseException

• 0x180013238 RtlUnwindEx

• 0x180013240 InterlockedFlushSList

• 0x180013248 VirtualQuery

库: USER32.dll:

• 0x1800132a0 IsWindow

• 0x1800132a8 ShowWindow

• 0x1800132b0 GetWindowPlacement

• 0x1800132b8 SetWindowPlacement

• 0x1800132c0 ChangeWindowMessageFilter

• 0x1800132c8 DestroyWindow

• 0x1800132d0 PostQuitMessage

• 0x1800132d8 RegisterWindowMessageW

• 0x1800132e0 GetIconInfo

• 0x1800132e8 DrawIconEx

• 0x1800132f0 SetRectEmpty

• 0x1800132f8 ReleaseDC

• 0x180013300 GetDC

• 0x180013308 EmptyClipboard

• 0x180013310 GetClipboardData

• 0x180013318 SetClipboardData

• 0x180013320 CloseClipboard

• 0x180013328 OpenClipboard

• 0x180013330 CreateWindowExW

• 0x180013338 RegisterClassW

• 0x180013340 DefWindowProcW

• 0x180013348 DispatchMessageW

• 0x180013350 TranslateMessage

• 0x180013358 GetMessageW

• 0x180013360 GetWindowThreadProcessId

• 0x180013368 EnumWindows

• 0x180013370 SetWindowLongW

• 0x180013378 GetWindowLongW

• 0x180013380 IsWindowEnabled

• 0x180013388 IsWindowVisible

库: GDI32.dll:

• 0x180013048 SelectObject

• 0x180013050 GetBitmapBits

• 0x180013058 DeleteObject

• 0x180013060 DeleteDC

• 0x180013068 CreateCompatibleDC

• 0x180013070 CreateCompatibleBitmap

• 0x180013078 GetDeviceCaps

• 0x180013080 GetObjectW

库: SHELL32.dll:

• 0x180013280 ExtractIconExW

库: ole32.dll:

• 0x180013520 OleSetContainedObject

• 0x180013528 OleCreate

• 0x180013530 CoTaskMemFree

• 0x180013538 CoInitialize

• 0x180013540 CoCreateInstance

• 0x180013548 CoUninitialize

• 0x180013550 OleLockRunning

库: OLEAUT32.dll:

• 0x180013258 SysAllocString

• 0x180013260 SysFreeString

• 0x180013268 VariantInit

• 0x180013270 VariantClear

库: ADVAPI32.dll:

• 0x180013000 RegQueryValueExW

• 0x180013008 RegOpenKeyExW

• 0x180013010 RegDeleteValueW

• 0x180013018 RegCreateKeyExW

• 0x180013020 RegQueryValueExA

• 0x180013028 RegOpenKeyExA

• 0x180013030 RegCloseKey

• 0x180013038 RegSetValueExW

库: VERSION.dll:

• 0x180013398 GetFileVersionInfoW

• 0x1800133a0 VerQueryValueW

• 0x1800133a8 GetFileVersionInfoSizeW

库: SHLWAPI.dll:

• 0x180013290 PathFindFileNameW

库: msvcrt.dll:

• 0x1800133c8 log10

• 0x1800133d0 ceil

• 0x1800133d8 _fileno

• 0x1800133e0 fflush

• 0x1800133e8 _isatty

• 0x1800133f0 ___lc_codepage_func

• 0x1800133f8 _msize

• 0x180013400 __getmainargs

• 0x180013408 __CppXcptFilter

• 0x180013410 wctomb_s

• 0x180013418 strtol

• 0x180013420 strnlen

• 0x180013428 wcsnlen

• 0x180013430 tolower

• 0x180013438 __pctype_func

• 0x180013440 _iob

• 0x180013448 _unlock

• 0x180013450 _lock

• 0x180013458 ?terminate@@YAXXZ

• 0x180013460 _errno

• 0x180013468 abort

• 0x180013470 _initterm_e

• 0x180013478 _initterm

• 0x180013480 _callnewh

• 0x180013488 realloc

• 0x180013490 malloc

• 0x180013498 free

• 0x1800134a0 strcpy_s

• 0x1800134a8 wcscpy_s

• 0x1800134b0 pow

• 0x1800134b8 _beginthreadex

• 0x1800134c0 _local_unwind

• 0x1800134c8 __DestructExceptionObject

• 0x1800134d0 _amsg_exit

• 0x1800134d8 __C_specific_handler

• 0x1800134e0 memcpy

• 0x1800134e8 _CxxThrowException

• 0x1800134f0 memset

• 0x1800134f8 __CxxFrameHandler3

• 0x180013500 _clearfp

• 0x180013508 memmove

• 0x180013510 strrchr

导出

序列	地址	名称
1	0x180003560	GetLnkTargetPath
2	0x180003d30	GetProcessMute
3	0x1800010e0	Is64bit
4	0x180004d30	SAPI_List
5	0x180004e70	SAPI_Speak
6	0x180003f50	SetProcessMute
7	0x180002d60	WriteMemoryCallback
8	0x180002e00	WriteMemoryToQueue
9	0x180001800	_SetTheme
10	0x180002ec0	c_free
11	0x1800033a0	clipboard_get
12	0x180003490	clipboard_set
13	0x180007e60	endmaglistener
14	0x180007850	extracticon2data
15	0x180002ed0	free_all
16	0x180002ee0	freestringlist
17	0x180002f40	freewstringlist
18	0x180001160	getpidhwndfirst
19	0x180005d20	html_navigate
20	0x180005d30	html_new
21	0x180005fb0	html_release
22	0x180005fc0	html_resize
23	0x1800019a0	isDark
24	0x180001190	letfullscreen
25	0x180003b40	levenshtein_distance
26	0x180003b60	levenshtein_ratio
27	0x180002fa0	lockedqueuecreate
28	0x180003050	lockedqueueempty
29	0x1800030b0	lockedqueuefree
30	0x180003110	lockedqueueget
31	0x1800032b0	lockedqueuepush
32	0x180005590	mecab_end
33	0x1800055b0	mecab_init
34	0x1800058b0	mecab_parse
35	0x180002350	otsu_binary
36	0x180001280	pid_running
37	0x180001c10	queryversion
38	0x1800012d0	recoverwindow
39	0x180001360	showintab
40	0x180001650	startdarklistener
41	0x180007e90	startmaglistener

.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
RtlGetVersion
Software\Microsoft\Windows\CurrentVersion\Themes\Personalize
AppsUseLightTheme
Unknown exception
bad array new length
vector too long
string too long
deque<T> too long
mecab_new
fugashi
mecab_destroy
mecab_sparse_tonode
The image width and height must be positive numbers.
bad allocation
device or resource busy
invalid argument
no such process
not enough memory
operation not permitted
resource deadlock would occur
resource unavailable try again
generic
success
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
cross device link
destination address required
directory not empty
executable format error
file exists
file too large
filename too long
function not supported
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
interrupted
invalid seek
io error
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no lock available
no message available
no message
no protocol option
no space on device
no stream resources
no such device or address
no such device
no such file or directory
not a directory
not a socket
not a stream
not connected
not supported
operation canceled
operation in progress
operation not supported
operation would block
owner dead
permission denied
protocol error
protocol not supported
read only file system
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many files open
too many links
too many symbolic link levels
value too large
wrong protocol type
unknown error
GetCurrentPackageId
GetSystemTimePreciseAsFileTime
GetTempPath2W
bad exception
`h````
(null)
CorExitProcess
fputc
fwrite
NAN(SNAN)
nan(snan)
NAN(IND)
nan(ind)
e+000
localeconv
AddDllDirectory
1#INF
1#QNAN
1#SNAN
1#IND
.text$di
.text$mn
.text$mn$00
.text$x
.text$yd
.idata$5
.00cfg
.CRT$XCA
.CRT$XCC
.CRT$XCL
.CRT$XCU
.CRT$XCZ
.CRT$XIA
.CRT$XIC
.CRT$XIZ
.CRT$XLA
.CRT$XLZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$T
.rdata$r
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.tls$
.tls$ZZZ
.xdata
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.data$rs
.pdata
.rsrc$01
.rsrc$02
winsharedutils64.dll
GetLnkTargetPath
GetProcessMute
Is64bit
SAPI_List
SAPI_Speak
SetProcessMute
WriteMemoryCallback
WriteMemoryToQueue
_SetTheme
c_free
clipboard_get
clipboard_set
endmaglistener
extracticon2data
free_all
freestringlist
freewstringlist
getpidhwndfirst
html_navigate
html_new
html_release
html_resize
isDark
letfullscreen
levenshtein_distance
levenshtein_ratio
lockedqueuecreate
lockedqueueempty
lockedqueuefree
lockedqueueget
lockedqueuepush
mecab_end
mecab_init
mecab_parse
otsu_binary
pid_running
queryversion
recoverwindow
showintab
startdarklistener
startmaglistener
DwmSetWindowAttribute
dwmapi.dll
CloseHandle
GetExitCodeProcess
OpenProcess
GetNativeSystemInfo
IsWow64Process
ReleaseSemaphore
CreateSemaphoreW
GetModuleHandleW
CompareStringOrdinal
GetProcAddress
LoadLibraryW
WaitForSingleObject
Sleep
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameW
MulDiv
WriteFile
CreatePipe
KERNEL32.dll
IsWindow
ShowWindow
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsWindowEnabled
GetWindowLongW
SetWindowLongW
EnumWindows
GetWindowThreadProcessId
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
GetDC
ReleaseDC
SetRectEmpty
DrawIconEx
GetIconInfo
RegisterWindowMessageW
PostQuitMessage
DestroyWindow
ChangeWindowMessageFilter
USER32.dll
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetBitmapBits
SelectObject
GetObjectW
GDI32.dll
ExtractIconExW
SHELL32.dll
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
OleCreate
OleSetContainedObject
OleLockRunning
ole32.dll
OLEAUT32.dll
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
ADVAPI32.dll
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
VERSION.dll
PathFindFileNameW
SHLWAPI.dll
memset
_CxxThrowException
memmove
memcpy
__C_specific_handler
_amsg_exit
msvcrt.dll
__DestructExceptionObject
_local_unwind
_beginthreadex
wcscpy_s
strcpy_s
malloc
realloc
_callnewh
_initterm
_initterm_e
abort
_errno
?terminate@@YAXXZ
_lock
_unlock
__pctype_func
tolower
wcsnlen
strnlen
strtol
wctomb_s
__CppXcptFilter
__getmainargs
_msize
___lc_codepage_func
_isatty
fflush
_fileno
log10
_clearfp
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TryAcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
LocalFree
OutputDebugStringW
RaiseException
RtlUnwindEx
VirtualQuery
InterlockedFlushSList
EncodePointer
ExitProcess
FreeLibrary
GetModuleHandleExW
MultiByteToWideChar
__CxxFrameHandler3
strrchr
.?AVbad_array_new_length@std@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVruntime_error@std@@
.?AVsystem_error@std@@
.?AV_System_error@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AV_com_error@@
.?AVbad_exception@std@@
.?AUIUnknown@@
.?AUIStorage@@
.?AUIWindowForBindingUI@@
.?AUIHttpSecurity@@
.?AUIOleClientSite@@
.?AUIOleWindow@@
.?AUIOleInPlaceSite@@
.?AUIServiceProvider@@
.?AUIDocHostUIHandler@@
.?AVMWebBrowser@@
.?AVtype_info@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
ImmersiveColorSet
LunaDarkListener
ntdll.dll
uxtheme.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Voices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech_OneCore\Voices
SOFTWARE\Microsoft\Internet Explorer
svcVersion
Version
SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
FEATURE_BROWSER_EMULATION
MagpieScalingChanged
MagpieWatcher
kernel32.dll
(null)
mscoree.dll
advapi32
kernel32
ymsvcrt.dll

没有防病毒引擎扫描信息!

进程树

rundll32.exe id: 2528

搜索
rundll32.exe (2528)

rundll32.exe, PID: 2528, 上一级进程 PID: 2172

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	23.213.161.8	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	23.213.161.8	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 14.707 seconds )

11.795 Suricata
1.345 NetworkAnalysis
0.966 Static
0.292 peid
0.266 TargetInfo
0.021 BehaviorAnalysis
0.01 AnalysisInfo
0.01 Strings
0.002 Memory

Signatures ( 1.384 seconds )

1.305 proprietary_url_bl
0.012 antiav_detectreg
0.008 proprietary_domain_bl
0.005 anomaly_persistence_autorun
0.005 antiav_detectfile
0.005 infostealer_ftp
0.004 geodo_banking_trojan
0.004 ransomware_extensions
0.004 ransomware_files
0.003 disables_browser_warn
0.003 infostealer_bitcoin
0.003 infostealer_im
0.003 network_http
0.002 tinba_behavior
0.002 rat_nanocore
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 infostealer_mail
0.001 api_spamming
0.001 betabot_behavior
0.001 cerber_behavior
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 proprietary_malicious_drop_executable_file_to_temp_folder
0.001 proprietary_bad_drop
0.001 network_cnc_http

Reporting ( 0.483 seconds )

0.475 ReportHTMLSummary
0.008 Malheur


Task ID	744328
Mongo ID	662b0821dc327b93ab415c7e
Cuckoo release	1.4-Maldun