分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-10-13 20:33:14 2024-10-13 20:35:25 131 秒

魔盾分数

7.25

危险的

文件详细信息

文件名 自用传奇端口修改工具.exe
文件大小 892928 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 176f0fe0b0b176bd9523d197d73b7746
SHA1 46792b49d6c1e56c270fab5cb4aa8a24fb5df2d7
SHA256 244f4a8a088b767ac542f92cf53c712f51bd062fa52af3871ed5392ef180cc11
SHA512 12dbe04a0d0b450b83c27a9b7a991e5bdfaa52977e1ea7e403e11e965976b82345cdf242534ed6a88d6d9bf8b79fe1ebc2b8a47be6c5c4dfc79d98c2637b199c
CRC32 2702C13B
Ssdeep 12288:QOBe9u6yRX9KR9kq4697p0w0deJ5gcVhbCguUPq3GubOZm40c:q9u6yRXQRyqP990KVhQXGTA40c
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00481d41
声明校验值 0x00000000
实际校验值 0x000df74e
最低操作系统版本要求 4.0
编译时间 2024-10-13 20:07:23
载入哈希 c97a99b3f33179366f89e3556c5c7765

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000a197e 0x000a2000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.59
.rdata 0x000a3000 0x0001828e 0x00019000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.35
.data 0x000bc000 0x00046f2a 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.01
.rsrc 0x00103000 0x00005b1c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.78

导入

库: KERNEL32.dll:
0x4a3170 GetLocalTime
0x4a3174 GetSystemTime
0x4a317c RtlUnwind
0x4a3180 GetStartupInfoA
0x4a3184 GetOEMCP
0x4a3188 GetCPInfo
0x4a318c GetProcessVersion
0x4a3190 SetErrorMode
0x4a3194 GlobalFlags
0x4a3198 GetCurrentThread
0x4a319c GetFileTime
0x4a31a0 GetFileSize
0x4a31a4 TlsGetValue
0x4a31a8 LocalReAlloc
0x4a31ac TlsFree
0x4a31b0 GlobalHandle
0x4a31b4 TlsAlloc
0x4a31b8 LocalAlloc
0x4a31bc lstrcmpA
0x4a31c0 GetVersion
0x4a31c4 GlobalGetAtomNameA
0x4a31c8 GlobalAddAtomA
0x4a31cc GlobalFindAtomA
0x4a31d0 GlobalDeleteAtom
0x4a31d4 lstrcmpiA
0x4a31d8 SetEndOfFile
0x4a31dc UnlockFile
0x4a31e0 LockFile
0x4a31e4 FlushFileBuffers
0x4a31e8 SetFilePointer
0x4a31ec GetCurrentProcess
0x4a31f0 DuplicateHandle
0x4a31f4 lstrcpynA
0x4a31f8 SetLastError
0x4a3204 LocalFree
0x4a3210 RaiseException
0x4a3214 TerminateProcess
0x4a3218 HeapSize
0x4a321c GetACP
0x4a3234 SetHandleCount
0x4a3238 GetStdHandle
0x4a323c GetFileType
0x4a3244 HeapDestroy
0x4a3248 HeapCreate
0x4a324c VirtualFree
0x4a3254 LCMapStringA
0x4a3258 LCMapStringW
0x4a325c VirtualAlloc
0x4a3260 IsBadWritePtr
0x4a3264 GetStringTypeA
0x4a3268 GetStringTypeW
0x4a3270 CompareStringA
0x4a3274 CompareStringW
0x4a3278 IsBadReadPtr
0x4a327c IsBadCodePtr
0x4a3280 SetStdHandle
0x4a3284 SuspendThread
0x4a3288 TerminateThread
0x4a328c ReleaseMutex
0x4a3290 CreateMutexA
0x4a3294 CreateSemaphoreA
0x4a3298 ResumeThread
0x4a329c ReleaseSemaphore
0x4a32a8 GetProfileStringA
0x4a32ac WriteFile
0x4a32b4 CreateFileA
0x4a32b8 SetEvent
0x4a32bc FindResourceA
0x4a32c0 LoadResource
0x4a32c4 LockResource
0x4a32c8 ReadFile
0x4a32cc GetModuleFileNameA
0x4a32d0 WideCharToMultiByte
0x4a32d4 MultiByteToWideChar
0x4a32d8 GetCurrentThreadId
0x4a32dc ExitProcess
0x4a32e0 GlobalSize
0x4a32e4 GlobalFree
0x4a32f0 lstrcatA
0x4a32f4 lstrlenA
0x4a32f8 CloseHandle
0x4a32fc WinExec
0x4a3300 lstrcpyA
0x4a3304 FindNextFileA
0x4a3308 GlobalReAlloc
0x4a330c HeapFree
0x4a3310 HeapReAlloc
0x4a3314 GetProcessHeap
0x4a3318 HeapAlloc
0x4a331c GetFullPathNameA
0x4a3320 FreeLibrary
0x4a3324 LoadLibraryA
0x4a3328 GetLastError
0x4a332c GetVersionExA
0x4a3334 CreateThread
0x4a3338 CreateEventA
0x4a333c Sleep
0x4a3340 GlobalAlloc
0x4a3344 GlobalLock
0x4a3348 GlobalUnlock
0x4a334c FindFirstFileA
0x4a3350 FindClose
0x4a3354 GetFileAttributesA
0x4a3360 GetModuleHandleA
0x4a3364 GetProcAddress
0x4a3368 MulDiv
0x4a336c GetCommandLineA
0x4a3370 GetTickCount
0x4a3374 WaitForSingleObject
0x4a3378 TlsSetValue
库: USER32.dll:
0x4a33a0 LoadIconA
0x4a33a4 TranslateMessage
0x4a33a8 DrawFrameControl
0x4a33ac DrawEdge
0x4a33b0 DrawFocusRect
0x4a33b4 WindowFromPoint
0x4a33b8 GetMessageA
0x4a33bc DispatchMessageA
0x4a33c0 SetRectEmpty
0x4a33d0 DrawIconEx
0x4a33d4 CreatePopupMenu
0x4a33d8 AppendMenuA
0x4a33dc ModifyMenuA
0x4a33e0 CreateMenu
0x4a33e8 GetDlgCtrlID
0x4a33ec GetSubMenu
0x4a33f0 EnableMenuItem
0x4a33f4 ClientToScreen
0x4a33fc LoadImageA
0x4a3404 ShowWindow
0x4a3408 IsWindowEnabled
0x4a3410 GetKeyState
0x4a3418 PostQuitMessage
0x4a341c IsZoomed
0x4a3420 GetClassInfoA
0x4a3424 DefWindowProcA
0x4a3428 GetSystemMenu
0x4a342c DeleteMenu
0x4a3430 GetMenu
0x4a3434 SetMenu
0x4a3438 PeekMessageA
0x4a343c IsIconic
0x4a3440 SetFocus
0x4a3444 GetActiveWindow
0x4a3448 GetWindow
0x4a3450 SetWindowRgn
0x4a3454 GetMessagePos
0x4a3458 ScreenToClient
0x4a3460 CopyRect
0x4a3464 LoadBitmapA
0x4a3468 WinHelpA
0x4a346c KillTimer
0x4a3470 SetTimer
0x4a3474 ReleaseCapture
0x4a3478 GetCapture
0x4a347c SetCapture
0x4a3480 GetScrollRange
0x4a3484 SetScrollRange
0x4a3488 SetScrollPos
0x4a348c SetRect
0x4a3490 InflateRect
0x4a3494 IntersectRect
0x4a3498 DestroyIcon
0x4a349c PtInRect
0x4a34a0 OffsetRect
0x4a34a4 IsWindowVisible
0x4a34a8 EnableWindow
0x4a34ac UnregisterClassA
0x4a34b0 GetWindowLongA
0x4a34b4 SetWindowLongA
0x4a34b8 GetSysColor
0x4a34bc SetActiveWindow
0x4a34c0 SetCursorPos
0x4a34c4 LoadCursorA
0x4a34c8 SetCursor
0x4a34cc GetDC
0x4a34d0 FillRect
0x4a34d4 IsRectEmpty
0x4a34d8 ReleaseDC
0x4a34dc IsChild
0x4a34e0 DestroyMenu
0x4a34e4 SetForegroundWindow
0x4a34e8 GetWindowRect
0x4a34ec EqualRect
0x4a34f0 UpdateWindow
0x4a34f4 ValidateRect
0x4a34f8 InvalidateRect
0x4a34fc GetClientRect
0x4a3500 GetFocus
0x4a3504 GetParent
0x4a3508 GetTopWindow
0x4a350c PostMessageA
0x4a3510 IsWindow
0x4a3514 SetParent
0x4a3518 DestroyCursor
0x4a351c SendMessageA
0x4a3520 SetWindowPos
0x4a3524 MessageBoxA
0x4a3528 GetCursorPos
0x4a352c GetSystemMetrics
0x4a3530 GetWindowTextA
0x4a3538 CharUpperA
0x4a353c GetWindowDC
0x4a3540 BeginPaint
0x4a3544 EndPaint
0x4a3548 TabbedTextOutA
0x4a354c DrawTextA
0x4a3550 GrayStringA
0x4a3554 GetDlgItem
0x4a3558 DestroyWindow
0x4a3560 EndDialog
0x4a3564 GetNextDlgTabItem
0x4a3568 GetWindowPlacement
0x4a3570 GetForegroundWindow
0x4a3574 GetLastActivePopup
0x4a3578 GetMessageTime
0x4a357c RemovePropA
0x4a3580 CallWindowProcA
0x4a3584 GetPropA
0x4a3588 UnhookWindowsHookEx
0x4a358c SetPropA
0x4a3590 GetClassLongA
0x4a3594 CallNextHookEx
0x4a3598 SetWindowsHookExA
0x4a359c CreateWindowExA
0x4a35a0 GetMenuItemID
0x4a35a4 GetMenuItemCount
0x4a35a8 RegisterClassA
0x4a35ac GetScrollPos
0x4a35b0 AdjustWindowRectEx
0x4a35b4 MapWindowPoints
0x4a35b8 SendDlgItemMessageA
0x4a35bc ScrollWindowEx
0x4a35c0 IsDialogMessageA
0x4a35c4 SetWindowTextA
0x4a35c8 MoveWindow
0x4a35cc CheckMenuItem
0x4a35d0 SetMenuItemBitmaps
0x4a35d4 GetMenuState
0x4a35dc GetClassNameA
0x4a35e0 GetDesktopWindow
0x4a35e4 LoadStringA
0x4a35e8 GetSysColorBrush
0x4a35ec EmptyClipboard
0x4a35f0 SetClipboardData
0x4a35f4 OpenClipboard
0x4a35f8 GetClipboardData
0x4a35fc CloseClipboard
0x4a3600 wsprintfA
0x4a3604 RedrawWindow
库: GDI32.dll:
0x4a3024 GetTextMetricsA
0x4a3028 ExtTextOutA
0x4a302c TextOutA
0x4a3030 RectVisible
0x4a3034 PtVisible
0x4a3038 GetViewportExtEx
0x4a303c Escape
0x4a3040 ExtSelectClipRgn
0x4a3044 SetBkColor
0x4a304c SetStretchBltMode
0x4a3050 GetClipRgn
0x4a3054 CreatePolygonRgn
0x4a3058 SelectClipRgn
0x4a305c DeleteObject
0x4a3060 CreateDIBitmap
0x4a3068 CreatePalette
0x4a306c StretchBlt
0x4a3070 SelectPalette
0x4a3074 RealizePalette
0x4a3078 GetDIBits
0x4a307c GetWindowExtEx
0x4a3080 GetViewportOrgEx
0x4a3084 GetWindowOrgEx
0x4a3088 BeginPath
0x4a308c EndPath
0x4a3090 PathToRegion
0x4a3094 CreateEllipticRgn
0x4a3098 CreateRoundRectRgn
0x4a309c GetTextColor
0x4a30a0 GetBkMode
0x4a30a4 GetBkColor
0x4a30a8 GetROP2
0x4a30ac GetStretchBltMode
0x4a30b0 GetPolyFillMode
0x4a30b8 CreateDCA
0x4a30bc CreateBitmap
0x4a30c0 SelectObject
0x4a30c4 GetObjectA
0x4a30c8 CreatePen
0x4a30cc SetViewportOrgEx
0x4a30d0 SetMapMode
0x4a30d4 SetTextColor
0x4a30d8 SetROP2
0x4a30dc SetPolyFillMode
0x4a30e0 SetBkMode
0x4a30e4 RestoreDC
0x4a30e8 SaveDC
0x4a30ec PatBlt
0x4a30f0 CombineRgn
0x4a30f4 CreateRectRgn
0x4a30f8 FillRgn
0x4a30fc CreateSolidBrush
0x4a3100 GetStockObject
0x4a3104 CreateFontIndirectA
0x4a3108 EndPage
0x4a310c EndDoc
0x4a3110 DeleteDC
0x4a3114 StartDocA
0x4a3118 StartPage
0x4a311c BitBlt
0x4a3120 CreateCompatibleDC
0x4a3124 Ellipse
0x4a3128 Rectangle
0x4a312c LPtoDP
0x4a3130 DPtoLP
0x4a3134 GetCurrentObject
0x4a3138 RoundRect
0x4a3140 GetDeviceCaps
0x4a3144 LineTo
0x4a3148 MoveToEx
0x4a314c ExcludeClipRect
0x4a3150 GetClipBox
0x4a3154 ScaleWindowExtEx
0x4a3158 SetWindowExtEx
0x4a315c SetWindowOrgEx
0x4a3160 ScaleViewportExtEx
0x4a3164 SetViewportExtEx
0x4a3168 OffsetViewportOrgEx
库: WINMM.dll:
0x4a3614 waveOutWrite
0x4a3618 waveOutPause
0x4a361c waveOutReset
0x4a3620 waveOutClose
0x4a3624 waveOutGetNumDevs
0x4a3628 waveOutOpen
0x4a3630 midiStreamOpen
0x4a3634 midiStreamProperty
0x4a363c midiStreamOut
0x4a3640 waveOutRestart
0x4a3644 midiStreamStop
0x4a3648 midiOutReset
0x4a364c midiStreamClose
0x4a3650 midiStreamRestart
库: WINSPOOL.DRV:
0x4a3658 DocumentPropertiesA
0x4a365c OpenPrinterA
0x4a3660 ClosePrinter
库: ADVAPI32.dll:
0x4a3000 RegQueryValueA
0x4a3004 RegOpenKeyExA
0x4a3008 RegSetValueExA
0x4a300c RegCloseKey
0x4a3010 RegCreateKeyExA
库: SHELL32.dll:
0x4a3390 ShellExecuteA
0x4a3394 Shell_NotifyIconA
0x4a3398 DragQueryFileA
库: ole32.dll:
0x4a36b0 CLSIDFromString
0x4a36b4 OleUninitialize
0x4a36b8 CoCreateInstance
0x4a36bc OleInitialize
0x4a36c0 RegisterDragDrop
0x4a36c4 RevokeDragDrop
0x4a36c8 ReleaseStgMedium
库: OLEAUT32.dll:
0x4a3380 UnRegisterTypeLib
0x4a3384 RegisterTypeLib
0x4a3388 LoadTypeLib
库: COMCTL32.dll:
0x4a3018 ImageList_Destroy
0x4a301c None
库: WS2_32.dll:
0x4a3670 WSAAsyncSelect
0x4a3674 WSACleanup
0x4a3678 ntohl
0x4a367c accept
0x4a3680 getpeername
0x4a3684 recv
0x4a3688 inet_ntoa
0x4a368c closesocket
0x4a3690 recvfrom
0x4a3694 ioctlsocket
库: WLDAP32.dll:
0x4a3668 None
库: comdlg32.dll:
0x4a369c ChooseColorA
0x4a36a0 GetOpenFileNameA
0x4a36a4 GetSaveFileNameA
0x4a36a8 GetFileTitleA

.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
DRQPj
T$|Vj
T$th
|$LVj
|$`Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
jjjjh
没有防病毒引擎扫描信息!

进程树


______________________________.exe, PID: 2480, 上一级进程 PID: 2180

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.124.1.144 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.124.1.144 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 17.947 seconds )

  • 12.104 Suricata
  • 3.852 Static
  • 0.951 NetworkAnalysis
  • 0.513 TargetInfo
  • 0.411 peid
  • 0.084 BehaviorAnalysis
  • 0.016 AnalysisInfo
  • 0.012 Strings
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 1.637 seconds )

  • 1.463 proprietary_url_bl
  • 0.027 antiav_detectreg
  • 0.01 proprietary_domain_bl
  • 0.009 infostealer_ftp
  • 0.008 antianalysis_detectreg
  • 0.007 antiav_detectfile
  • 0.007 infostealer_im
  • 0.006 stealth_decoy_document
  • 0.006 api_spamming
  • 0.006 anomaly_persistence_autorun
  • 0.006 stealth_timeout
  • 0.006 infostealer_bitcoin
  • 0.005 antidbg_windows
  • 0.005 geodo_banking_trojan
  • 0.004 infostealer_mail
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 tinba_behavior
  • 0.003 browser_security
  • 0.003 disables_browser_warn
  • 0.003 network_http
  • 0.002 rat_nanocore
  • 0.002 antivm_vbox_files
  • 0.002 bot_drive
  • 0.002 bot_drive2
  • 0.002 modify_proxy
  • 0.002 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.002 proprietary_bad_drop
  • 0.001 antiemu_wine_func
  • 0.001 network_tor
  • 0.001 antivm_vbox_libs
  • 0.001 dridex_behavior
  • 0.001 antivm_vbox_window
  • 0.001 betabot_behavior
  • 0.001 ursnif_behavior
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 infostealer_browser_password
  • 0.001 cerber_behavior
  • 0.001 kovter_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 malicous_targeted_flame
  • 0.001 proprietary_anomaly_mismatch_mime_extension
  • 0.001 network_cnc_http

Reporting ( 0.631 seconds )

  • 0.571 ReportHTMLSummary
  • 0.06 Malheur
Task ID 757297
Mongo ID 670bbea9dc327bd37d0374aa
Cuckoo release 1.4-Maldun