分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-10-13 17:08:34 2024-10-13 17:10:48 134 秒

魔盾分数

9.2

危险的

文件详细信息

文件名 QQ绑定查询.exe
文件大小 1130496 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 69b4ce9ad44451f0384da3a91df1567e
SHA1 47ea8a0b030fb01d417235be20a40b4b40041467
SHA256 10d9022c61d26804dc5e5e182834a2ce7fd029c3c53dd14b7aedc1fecb09905e
SHA512 d66592801e466c45432dd0b7aa595db1ae5d3f61a740331f210aac024dddb5bfa8824b7ec42d34865df84e9e875a602283740303dd8a72bef6839a9367c63217
CRC32 0419CA77
Ssdeep 24576:G5TLC728qKgjfa+UqFZTXeMgdyaVn+jI7Ojmf3:G9LCEfaLm6eoR7OW3
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004ac916
声明校验值 0x00000000
实际校验值 0x001231a2
最低操作系统版本要求 4.0
编译时间 2022-10-30 21:56:04
载入哈希 9f553196233b50977e9db69ee42866bc

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000d2cfa 0x000d3000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.53
.rdata 0x000d4000 0x00020510 0x00021000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.51
.data 0x000f5000 0x00068f2a 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.14
.rsrc 0x0015e000 0x00006d68 0x00007000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.61

导入

库: WINMM.dll:
0x4d46f0 midiStreamOut
0x4d46f8 midiStreamOpen
0x4d4700 waveOutOpen
0x4d4704 waveOutGetNumDevs
0x4d4708 waveOutClose
0x4d470c waveOutReset
0x4d4710 waveOutPause
0x4d4714 waveOutWrite
0x4d4720 midiStreamStop
0x4d4724 midiOutReset
0x4d4728 midiStreamClose
0x4d472c midiStreamRestart
0x4d4730 midiStreamProperty
0x4d4734 waveOutRestart
库: WS2_32.dll:
0x4d474c WSACleanup
0x4d4750 inet_ntoa
0x4d4754 closesocket
0x4d4758 WSAAsyncSelect
0x4d475c recv
0x4d4760 recvfrom
0x4d4764 getpeername
0x4d4768 accept
0x4d476c ntohl
0x4d4770 ioctlsocket
库: KERNEL32.dll:
0x4d41c0 CreateMutexA
0x4d41c4 ReleaseMutex
0x4d41c8 TerminateThread
0x4d41cc SuspendThread
0x4d41d0 HeapSize
0x4d41d4 GetLocalTime
0x4d41d8 GetSystemTime
0x4d41dc RtlUnwind
0x4d41e0 GetStartupInfoA
0x4d41e4 GetOEMCP
0x4d41e8 GetCPInfo
0x4d41ec GetProcessVersion
0x4d41f0 SetErrorMode
0x4d41f4 GetProfileIntA
0x4d41f8 GlobalFlags
0x4d41fc GetCurrentThread
0x4d4200 GetFileTime
0x4d4204 TlsGetValue
0x4d4208 LocalReAlloc
0x4d420c TlsSetValue
0x4d4210 TlsFree
0x4d4214 GlobalHandle
0x4d4218 TlsAlloc
0x4d421c LocalAlloc
0x4d4220 lstrcmpA
0x4d4224 GlobalGetAtomNameA
0x4d4228 GlobalAddAtomA
0x4d422c GlobalFindAtomA
0x4d4230 GlobalDeleteAtom
0x4d4234 lstrcmpiA
0x4d4238 SetEndOfFile
0x4d423c UnlockFile
0x4d4240 LockFile
0x4d4244 FlushFileBuffers
0x4d4248 DuplicateHandle
0x4d424c lstrcpynA
0x4d4258 FormatMessageA
0x4d425c LocalFree
0x4d4268 GetVersion
0x4d4270 SetLastError
0x4d4274 TerminateProcess
0x4d4278 GetCurrentProcess
0x4d427c GetFileSize
0x4d4280 SetFilePointer
0x4d4288 Process32First
0x4d428c Process32Next
0x4d4290 CreateSemaphoreA
0x4d4294 ResumeThread
0x4d4298 ReleaseSemaphore
0x4d42a4 GetProfileStringA
0x4d42a8 WriteFile
0x4d42b0 CreateFileA
0x4d42b4 SetEvent
0x4d42b8 FindResourceA
0x4d42bc LoadResource
0x4d42c0 LockResource
0x4d42c4 ReadFile
0x4d42c8 lstrlenW
0x4d42cc GetModuleFileNameA
0x4d42d0 GetCurrentThreadId
0x4d42d4 ExitProcess
0x4d42d8 GlobalSize
0x4d42dc GlobalFree
0x4d42e8 lstrcatA
0x4d42ec lstrlenA
0x4d42f0 WinExec
0x4d42f4 lstrcpyA
0x4d42f8 FindNextFileA
0x4d42fc GlobalReAlloc
0x4d4300 HeapFree
0x4d4304 HeapReAlloc
0x4d4308 InterlockedExchange
0x4d430c GetProcessHeap
0x4d4310 HeapAlloc
0x4d4314 GetUserDefaultLCID
0x4d4318 MultiByteToWideChar
0x4d431c WideCharToMultiByte
0x4d4320 GetFullPathNameA
0x4d4324 FreeLibrary
0x4d4328 LoadLibraryA
0x4d432c GetLastError
0x4d4330 GetVersionExA
0x4d4338 CreateThread
0x4d433c CreateEventA
0x4d4340 Sleep
0x4d4344 OutputDebugStringA
0x4d4348 GlobalAlloc
0x4d434c GlobalLock
0x4d4350 GlobalUnlock
0x4d4354 FindFirstFileA
0x4d4358 FindClose
0x4d435c GetFileAttributesA
0x4d4360 CopyFileA
0x4d436c GetModuleHandleA
0x4d4370 GetProcAddress
0x4d4374 MulDiv
0x4d4378 GetCommandLineA
0x4d437c GetTickCount
0x4d4380 WaitForSingleObject
0x4d4384 CloseHandle
0x4d4388 GetACP
0x4d438c SetStdHandle
0x4d4390 GetFileType
0x4d43a8 SetHandleCount
0x4d43ac GetStdHandle
0x4d43b4 HeapDestroy
0x4d43b8 HeapCreate
0x4d43bc VirtualFree
0x4d43c4 LCMapStringA
0x4d43c8 LCMapStringW
0x4d43cc VirtualAlloc
0x4d43d0 IsBadWritePtr
0x4d43d8 GetStringTypeA
0x4d43dc GetStringTypeW
0x4d43e0 CompareStringA
0x4d43e4 CompareStringW
0x4d43e8 IsBadReadPtr
0x4d43ec IsBadCodePtr
0x4d43f0 RaiseException
库: USER32.dll:
0x4d4430 GetSystemMenu
0x4d4434 DeleteMenu
0x4d4438 GetMenu
0x4d443c SetMenu
0x4d4440 PeekMessageA
0x4d4444 IsIconic
0x4d4448 DefWindowProcA
0x4d444c GetClassInfoA
0x4d4450 IsZoomed
0x4d4454 PostQuitMessage
0x4d445c GetKeyState
0x4d4464 IsWindowEnabled
0x4d4468 ShowWindow
0x4d4470 LoadImageA
0x4d4478 GetSysColorBrush
0x4d447c CreatePopupMenu
0x4d4480 DrawIconEx
0x4d4490 SetRectEmpty
0x4d4494 DispatchMessageA
0x4d4498 GetMessageA
0x4d449c WindowFromPoint
0x4d44a0 DrawFocusRect
0x4d44a4 DrawEdge
0x4d44a8 DrawFrameControl
0x4d44ac TranslateMessage
0x4d44b0 LoadIconA
0x4d44b4 TabbedTextOutA
0x4d44b8 DrawTextA
0x4d44bc GrayStringA
0x4d44c0 ClipCursor
0x4d44c4 GetCursor
0x4d44cc SetWindowTextW
0x4d44d0 CreateWindowExW
0x4d44d4 SetFocus
0x4d44d8 GetActiveWindow
0x4d44dc GetWindow
0x4d44e4 SetWindowRgn
0x4d44e8 GetMessagePos
0x4d44ec ScreenToClient
0x4d44f4 CopyRect
0x4d44f8 LoadBitmapA
0x4d44fc WinHelpA
0x4d4500 KillTimer
0x4d4504 SetTimer
0x4d4508 ReleaseCapture
0x4d450c GetCapture
0x4d4510 SetCapture
0x4d4514 GetScrollRange
0x4d4518 SetScrollRange
0x4d451c SetScrollPos
0x4d4520 ClientToScreen
0x4d4524 wvsprintfA
0x4d452c GetMenuState
0x4d4530 SetRect
0x4d4534 InflateRect
0x4d4538 IntersectRect
0x4d453c DestroyIcon
0x4d4540 PtInRect
0x4d4544 OffsetRect
0x4d4548 IsWindowVisible
0x4d454c EnableWindow
0x4d4550 RedrawWindow
0x4d4554 GetWindowLongA
0x4d4558 SetWindowLongA
0x4d455c GetSysColor
0x4d4560 SetActiveWindow
0x4d4564 SetCursorPos
0x4d4568 LoadCursorA
0x4d456c SetCursor
0x4d4570 GetDC
0x4d4574 FillRect
0x4d4578 InvertRect
0x4d457c IsRectEmpty
0x4d4580 ReleaseDC
0x4d4584 IsChild
0x4d4588 DestroyMenu
0x4d458c SetForegroundWindow
0x4d4590 GetWindowRect
0x4d4594 EqualRect
0x4d4598 UpdateWindow
0x4d459c ValidateRect
0x4d45a0 InvalidateRect
0x4d45a4 GetClientRect
0x4d45a8 GetFocus
0x4d45ac GetParent
0x4d45b0 GetTopWindow
0x4d45b4 PostMessageA
0x4d45b8 IsWindow
0x4d45bc SetParent
0x4d45c0 DestroyCursor
0x4d45c4 SendMessageA
0x4d45c8 SetWindowPos
0x4d45cc MessageBeep
0x4d45d0 MessageBoxA
0x4d45d4 GetCursorPos
0x4d45d8 GetSystemMetrics
0x4d45e0 EmptyClipboard
0x4d45e4 SetClipboardData
0x4d45e8 OpenClipboard
0x4d45ec GetClipboardData
0x4d45f0 CloseClipboard
0x4d45f4 wsprintfA
0x4d45f8 EnableMenuItem
0x4d45fc GetSubMenu
0x4d4600 SetWindowLongW
0x4d4604 DefWindowProcW
0x4d4608 SendMessageW
0x4d460c GetWindowTextW
0x4d4610 GetDoubleClickTime
0x4d4614 FrameRect
0x4d4618 DrawTextW
0x4d461c GetDesktopWindow
0x4d4620 GetClassNameA
0x4d4624 GetDlgItem
0x4d4628 GetWindowTextA
0x4d462c GetForegroundWindow
0x4d4630 UnregisterClassA
0x4d4634 GetDlgCtrlID
0x4d463c CreateMenu
0x4d4640 ModifyMenuA
0x4d4644 LoadStringA
0x4d4648 AppendMenuA
0x4d464c CallWindowProcW
0x4d4654 CharUpperA
0x4d4658 GetWindowDC
0x4d465c BeginPaint
0x4d4660 EndPaint
0x4d4664 DestroyWindow
0x4d466c EndDialog
0x4d4670 GetNextDlgTabItem
0x4d4674 GetWindowPlacement
0x4d467c GetLastActivePopup
0x4d4680 GetMessageTime
0x4d4684 RemovePropA
0x4d4688 CallWindowProcA
0x4d468c GetPropA
0x4d4690 UnhookWindowsHookEx
0x4d4694 SetPropA
0x4d4698 GetClassLongA
0x4d469c CallNextHookEx
0x4d46a0 SetWindowsHookExA
0x4d46a4 CreateWindowExA
0x4d46a8 GetMenuItemID
0x4d46ac GetMenuItemCount
0x4d46b0 RegisterClassA
0x4d46b4 GetScrollPos
0x4d46b8 ShowScrollBar
0x4d46bc SetScrollInfo
0x4d46c0 GetScrollInfo
0x4d46c4 ScrollWindow
0x4d46c8 AdjustWindowRectEx
0x4d46cc MapWindowPoints
0x4d46d0 SendDlgItemMessageA
0x4d46d4 ScrollWindowEx
0x4d46d8 IsDialogMessageA
0x4d46dc SetWindowTextA
0x4d46e0 MoveWindow
0x4d46e4 CheckMenuItem
0x4d46e8 SetMenuItemBitmaps
库: GDI32.dll:
0x4d4044 ExcludeClipRect
0x4d4048 GetClipBox
0x4d404c ScaleWindowExtEx
0x4d4050 SetWindowExtEx
0x4d4054 OffsetWindowOrgEx
0x4d4058 CreateFontIndirectA
0x4d405c GetStockObject
0x4d4060 GetObjectA
0x4d4064 EndPage
0x4d4068 EndDoc
0x4d406c DeleteDC
0x4d4070 StartDocA
0x4d4074 StartPage
0x4d4078 BitBlt
0x4d407c GetPixel
0x4d4080 CreateCompatibleDC
0x4d4084 Ellipse
0x4d4088 Rectangle
0x4d408c LPtoDP
0x4d4090 DPtoLP
0x4d4094 GetCurrentObject
0x4d4098 RoundRect
0x4d40a0 SelectClipRgn
0x4d40a4 CreatePolygonRgn
0x4d40a8 SetStretchBltMode
0x4d40b0 SetBkColor
0x4d40b4 PtVisible
0x4d40b8 RectVisible
0x4d40bc GetTextMetricsA
0x4d40c0 TextOutA
0x4d40c4 ExtTextOutA
0x4d40c8 Escape
0x4d40cc AbortDoc
0x4d40d0 CreateFontA
0x4d40d4 SetBrushOrgEx
0x4d40dc GetTextMetricsW
0x4d40e0 SetBitmapBits
0x4d40e4 GetBitmapBits
0x4d40e8 MoveToEx
0x4d40ec LineTo
0x4d40f0 SetWindowOrgEx
0x4d40f4 ScaleViewportExtEx
0x4d40f8 SetViewportExtEx
0x4d40fc OffsetViewportOrgEx
0x4d4100 SetViewportOrgEx
0x4d4104 SetMapMode
0x4d4108 SetTextColor
0x4d410c SetROP2
0x4d4110 SetPolyFillMode
0x4d4114 SetBkMode
0x4d4118 RestoreDC
0x4d411c SaveDC
0x4d4120 ExtSelectClipRgn
0x4d4124 GetViewportExtEx
0x4d4128 CopyMetaFileA
0x4d412c CreateSolidBrush
0x4d4130 FillRgn
0x4d4134 CreateRectRgn
0x4d4138 CombineRgn
0x4d413c PatBlt
0x4d4140 CreatePen
0x4d4144 SelectObject
0x4d4148 CreatePatternBrush
0x4d414c CreateBitmap
0x4d4150 CreateBrushIndirect
0x4d4154 CreateDCA
0x4d415c GetPolyFillMode
0x4d4160 GetStretchBltMode
0x4d4164 GetROP2
0x4d4168 GetBkColor
0x4d416c GetBkMode
0x4d4170 GetTextColor
0x4d4174 CreateRoundRectRgn
0x4d4178 CreateEllipticRgn
0x4d417c PathToRegion
0x4d4180 EndPath
0x4d4184 BeginPath
0x4d4188 GetWindowOrgEx
0x4d418c GetViewportOrgEx
0x4d4190 GetWindowExtEx
0x4d4194 GetDIBits
0x4d4198 RealizePalette
0x4d419c SelectPalette
0x4d41a0 StretchBlt
0x4d41a4 CreatePalette
0x4d41ac CreateDIBitmap
0x4d41b0 GetDeviceCaps
0x4d41b4 GetClipRgn
0x4d41b8 DeleteObject
库: WINSPOOL.DRV:
0x4d473c OpenPrinterA
0x4d4740 DocumentPropertiesA
0x4d4744 ClosePrinter
库: ADVAPI32.dll:
0x4d4000 RegQueryValueExA
0x4d4004 RegOpenKeyExA
0x4d4008 RegSetValueExA
0x4d400c RegQueryValueA
0x4d4010 RegCreateKeyExA
0x4d4014 RegCloseKey
库: SHELL32.dll:
0x4d4424 Shell_NotifyIconA
0x4d4428 ShellExecuteA
库: ole32.dll:
0x4d4790 CoTaskMemAlloc
0x4d4794 OleDuplicateData
0x4d4798 RevokeDragDrop
0x4d47a0 DoDragDrop
0x4d47a4 OleGetClipboard
0x4d47ac OleFlushClipboard
0x4d47b0 CoTaskMemFree
0x4d47b4 OleRun
0x4d47b8 CoCreateInstance
0x4d47c0 CLSIDFromString
0x4d47c4 OleUninitialize
0x4d47c8 OleInitialize
0x4d47cc ReleaseStgMedium
0x4d47d0 CLSIDFromProgID
0x4d47d4 OleSetClipboard
库: OLEAUT32.dll:
0x4d43f8 VarDateFromStr
0x4d43fc UnRegisterTypeLib
0x4d4400 LoadTypeLib
0x4d4404 LHashValOfNameSys
0x4d4408 RegisterTypeLib
0x4d440c SysAllocString
0x4d4410 VariantInit
0x4d4414 VariantCopyInd
0x4d4418 VariantChangeType
0x4d441c VariantClear
库: COMCTL32.dll:
0x4d401c ImageList_AddMasked
0x4d4020 ImageList_Draw
0x4d4028 ImageList_GetIcon
0x4d402c None
0x4d4030 ImageList_Destroy
0x4d4034 ImageList_Create
0x4d4038 ImageList_Read
0x4d403c ImageList_Duplicate
库: comdlg32.dll:
0x4d4778 GetFileTitleA
0x4d477c ChooseColorA
0x4d4780 GetSaveFileNameA
0x4d4784 GetOpenFileNameA
0x4d4788 PrintDlgA

.text
`.rdata
@.data
.rsrc
3h$uM
3h^uM
3h$vM
3h$vM
RhX9N
PhX9N
RhX9N
8`}<j
T$hVj
DRQPj
T$|Vj
T$th
|$LVj
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
jjjjh
没有防病毒引擎扫描信息!

进程树


QQ____________.exe, PID: 2532, 上一级进程 PID: 2188

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 184.28.50.155 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 184.28.50.155 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 19.006 seconds )

  • 12.026 Suricata
  • 4.693 Static
  • 0.95 NetworkAnalysis
  • 0.77 TargetInfo
  • 0.44 peid
  • 0.1 BehaviorAnalysis
  • 0.012 Strings
  • 0.01 AnalysisInfo
  • 0.003 Memory
  • 0.002 config_decoder

Signatures ( 1.622 seconds )

  • 1.484 proprietary_url_bl
  • 0.027 antiav_detectreg
  • 0.011 infostealer_ftp
  • 0.01 proprietary_domain_bl
  • 0.007 geodo_banking_trojan
  • 0.006 anomaly_persistence_autorun
  • 0.006 antiav_detectfile
  • 0.006 infostealer_im
  • 0.005 api_spamming
  • 0.005 antianalysis_detectreg
  • 0.004 stealth_decoy_document
  • 0.004 stealth_timeout
  • 0.004 infostealer_bitcoin
  • 0.004 network_http
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antidbg_windows
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 cerber_behavior
  • 0.001 bypass_firewall
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_mismatch_mime_extension
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.618 seconds )

  • 0.578 ReportHTMLSummary
  • 0.04 Malheur
Task ID 757292
Mongo ID 670b8eb7dc327bd37d037492
Cuckoo release 1.4-Maldun