分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp02-2 | 2024-04-26 09:46:23 | 2024-04-26 09:47:20 | 57 秒 |
文件名 | svhsrv.exe |
---|---|
文件大小 | 22863944 字节 |
文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
MD5 | c420499d5dab3d4a579882336f402cf3 |
SHA1 | 203d2eb246dcee24cfa548bffc5fd1bd36fbd36f |
SHA256 | ad5fc62f58647c624fb8ea1d458fa6a4a5e6e58d9c24ef2d7391c39fa6673e72 |
SHA512 | c24b481ac27a3e5383d811d5476cd09729adfa2a3ab18a812978046f1f0c532353ecfe8f82e2cda55943d41143be1e2757bdad0c434455323b81d4e089a5efb6 |
CRC32 | FDC6A093 |
Ssdeep | 196608:e49y4CyQCawjDbuCk6JS1ZbE8bLqRADZlBE9l:e4A4CyQCawjXXk6YZbz2yDZml |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 152.195.38.76 | 美国 |
域名 | 安全评级 | 响应 |
---|---|---|
cacerts.digicert.com |
CNAME fp2e7a.wpc.2be4.phicdn.net CNAME fp2e7a.wpc.phicdn.net A 152.195.38.76 |
初始地址 | 0x140000000 |
---|---|
入口地址 | 0x140fc4ebc |
声明校验值 | 0x015ddda5 |
最低操作系统版本要求 | 6.0 |
PDB路径 | C:\home\3eye\client_msvc2019_64\whscon_whstbh_vs2010_release_x64.pdb |
编译时间 | 2022-06-09 11:21:33 |
载入哈希 | 2f311084a3dd8bdff79ed5332b4c8cb6 |
导出DLL库名称 | \x31\x31\x31\x39\x31\x31\x39\x31\x31\x31\x31\x39\x31\x39\x31\x31\x35\x34\x34\x34\x39\x31\x31\x31\x31\x39\x31\x31\x39\x31\x35\x35\x34\x31\x31\x31 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
None | Thu Jun 09 11:25:20 2022 | WinVerifyTrust returned error 0x80096005 / |
证书链 | Certificate Chain 1 |
发行给 | DigiCert Assured ID Root CA |
发行人 | DigiCert Assured ID Root CA |
有效期 | Mon Nov 10 080000 2031 |
SHA1 哈希 | 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
证书链 | Certificate Chain 2 |
发行给 | DigiCert SHA2 Assured ID Code Signing CA |
发行人 | DigiCert Assured ID Root CA |
有效期 | Sun Oct 22 200000 2028 |
SHA1 哈希 | 92c1588e85af2201ce7915e8538b492f605b80c6 |
证书链 | Certificate Chain 3 |
发行给 | Zhenjiang Super Network Control Network Technology Co., Ltd. |
发行人 | DigiCert SHA2 Assured ID Code Signing CA |
有效期 | Wed May 01 075959 2024 |
SHA1 哈希 | dfec0fadae1991b90f34337f80d435f892f0f057 |
证书链 | Timestamp Chain 1 |
发行给 | DigiCert Trusted Root G4 |
发行人 | DigiCert Trusted Root G4 |
有效期 | Fri Jan 15 200000 2038 |
SHA1 哈希 | ddfb16cd4931c973a2037d3fc83a4d7d775d05e4 |
证书链 | Timestamp Chain 2 |
发行给 | DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA |
发行人 | DigiCert Trusted Root G4 |
有效期 | Mon Mar 23 075959 2037 |
SHA1 哈希 | b6c8af834d4e53b673c76872aa8c950c7c54df5f |
证书链 | Timestamp Chain 3 |
发行给 | DigiCert Timestamp 2022 - 2 |
发行人 | DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA |
有效期 | Tue Mar 15 075959 2033 |
SHA1 哈希 | 8508f386515cb3d3077db6b4b7c07f1b4a5e41de |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x01158b2c | 0x01158c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.62 |
.rodata | 0x0115a000 | 0x00000f60 | 0x00001000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 4.25 |
.rdata | 0x0115b000 | 0x003b22a8 | 0x003b2400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.31 |
.data | 0x0150e000 | 0x00275510 | 0x0002d600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.38 |
.pdata | 0x01784000 | 0x0007cc74 | 0x0007ce00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.75 |
.qtmetad | 0x01801000 | 0x00000040 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 1.13 |
_RDATA | 0x01802000 | 0x00000030 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.18 |
.rsrc | 0x01803000 | 0x00000620 | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.76 |
.reloc | 0x01804000 | 0x0001467c | 0x00014800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.49 |
序列 | 地址 | 名称 |
---|---|---|
1 | 0x1402baf70 | FreeUPNPUrls |
2 | 0x1402bafc0 | GetUPNPUrls |
3 | 0x1402bb370 | UPNPIGD_IsConnected |
4 | 0x1402b8340 | UPNP_AddPortMapping |
5 | 0x1402b8550 | UPNP_DeletePortMapping |
6 | 0x1402b86c0 | UPNP_GetConnectionTypeInfo |
7 | 0x1402b87f0 | UPNP_GetExternalIPAddress |
8 | 0x1402b8930 | UPNP_GetGenericPortMappingEntry |
9 | 0x1402bb3f0 | UPNP_GetIGDFromUrl |
10 | 0x1402b8c50 | UPNP_GetLinkLayerMaxBitRates |
11 | 0x1402b8df0 | UPNP_GetPortMappingNumberOfEntries |
12 | 0x1402b8f10 | UPNP_GetSpecificPortMappingEntry |
13 | 0x1402b9100 | UPNP_GetStatusInfo |
14 | 0x1402b9300 | UPNP_GetTotalBytesReceived |
15 | 0x1402b93c0 | UPNP_GetTotalBytesSent |
16 | 0x1402b9480 | UPNP_GetTotalPacketsReceived |
17 | 0x1402b9540 | UPNP_GetTotalPacketsSent |
18 | 0x1402bb4e0 | UPNP_GetValidIGD |
19 | 0x1402bb740 | freeUPNPDevlist |
20 | 0x1402bacb0 | miniwget |
21 | 0x1402bad50 | miniwget_getaddr |
22 | 0x1402bb770 | parserootdesc |
23 | 0x14049f680 | qt_plugin_instance |
24 | 0x14049f780 | qt_plugin_query_metadata |
25 | 0x1402b8230 | strupnperror |
26 | 0x1402bbc70 | upnpDiscover |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 152.195.38.76 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49159 | 152.195.38.76 cacerts.digicert.com | 80 |
192.168.122.202 | 49157 | 23.33.33.178 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 60917 | 192.168.122.1 | 53 |
192.168.122.202 | 63030 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
cacerts.digicert.com |
CNAME fp2e7a.wpc.2be4.phicdn.net CNAME fp2e7a.wpc.phicdn.net A 152.195.38.76 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49159 | 152.195.38.76 cacerts.digicert.com | 80 |
192.168.122.202 | 49157 | 23.33.33.178 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 60917 | 192.168.122.1 | 53 |
192.168.122.202 | 63030 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://cacerts.digicert.com/DigiCertTrustedRootG4.crt | GET /DigiCertTrustedRootG4.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: cacerts.digicert.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 744329 |
---|---|
Mongo ID | 662b0814dc327b93ae415aad |
Cuckoo release | 1.4-Maldun |