分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-11-29 21:01:43 | 2024-11-29 21:03:59 | 136 秒 |
文件名 | zlibwapi.dll |
---|---|
文件大小 | 2695680 字节 |
文件类型 | PE32+ executable (DLL) (GUI) x86-64, for MS Windows |
MD5 | 6ea53e6d9a22f4f0ea323d3d2d92b22f |
SHA1 | 59f7ab418ec9f5b36c0fcdf322b57218883e80a0 |
SHA256 | ef71b85a1f14fb7f1f18f139a0221662b3272553b069e28b6464644e573d9184 |
SHA512 | 2dc02832131616eb3228ed784080e430a1c09506fc725267326600aa374e635a4946267429ec7e2744eab49df8cde1793d82546b26c8d56339c7ce2cc356f96c |
CRC32 | 2680B133 |
Ssdeep | 49152:/u7audLrzRxW2QohRWgAMU6vJ80IryOozBtxHoUAL4D+2kacdwdRM8Cd:G7FdnzRxWvmRWgAR6vJlIryJzxAL4/kR |
Yara | 登录查看Yara规则 |
找不到该样本 提交漏报 |
无主机纪录.
无域名信息.
初始地址 | 0x180000000 |
---|---|
入口地址 | 0x18026ab91 |
声明校验值 | 0x00000000 |
实际校验值 | 0x00296dde |
最低操作系统版本要求 | 6.0 |
编译时间 | 2024-11-21 16:39:39 |
载入哈希 | 4381c342fee81a47370d28a74d167901 |
导出DLL库名称 | zlibwapi.dll |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
ac8fef6db2a6d9e8fdba27541e05617a6897d71e | Wed May 10 00:06:00 2023 | WinVerifyTrust returned error 0x80096010 |
证书链 | Certificate Chain 1 |
发行给 | GlobalSign |
发行人 | GlobalSign |
有效期 | Sun Mar 18 180000 2029 |
SHA1 哈希 | d69b561148f01c77c54578c10926df5b856976ad |
证书链 | Certificate Chain 2 |
发行给 | GlobalSign Code Signing Root R45 |
发行人 | GlobalSign |
有效期 | Sun Mar 18 080000 2029 |
SHA1 哈希 | 4c5d80d2cd06b1a493c49b2e9bed4a57c2f873e5 |
证书链 | Certificate Chain 3 |
发行给 | GlobalSign GCC R45 CodeSigning CA 2020 |
发行人 | GlobalSign Code Signing Root R45 |
有效期 | Sun Jul 28 080000 2030 |
SHA1 哈希 | 7a2146edb29e2ead64afbe7cead0b6085d437a32 |
证书链 | Certificate Chain 4 |
发行给 | Duality Software LLC |
发行人 | GlobalSign GCC R45 CodeSigning CA 2020 |
有效期 | Sun Mar 08 205105 2026 |
SHA1 哈希 | 42b6e74f513292fccc13d85b9d24ab885d961b81 |
证书链 | Timestamp Chain 1 |
发行给 | DigiCert Assured ID Root CA |
发行人 | DigiCert Assured ID Root CA |
有效期 | Mon Nov 10 080000 2031 |
SHA1 哈希 | 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
证书链 | Timestamp Chain 2 |
发行给 | DigiCert Trusted Root G4 |
发行人 | DigiCert Assured ID Root CA |
有效期 | Mon Nov 10 075959 2031 |
SHA1 哈希 | a99d5b79e9f1cda59cdab6373169d5353f5874c6 |
证书链 | Timestamp Chain 3 |
发行给 | DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA |
发行人 | DigiCert Trusted Root G4 |
有效期 | Mon Mar 23 075959 2037 |
SHA1 哈希 | b6c8af834d4e53b673c76872aa8c950c7c54df5f |
证书链 | Timestamp Chain 4 |
发行给 | DigiCert Timestamp 2022 - 2 |
发行人 | DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA |
有效期 | Tue Nov 22 075959 2033 |
SHA1 哈希 | f387224d8633829235a994bcbd8f96e9fe1c7c73 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0003becd | 0x0003c000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.24 |
.rdata | 0x0003d000 | 0x0000bacc | 0x0000bc00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.37 |
.data | 0x00049000 | 0x000022f0 | 0x00000c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.98 |
.pdata | 0x0004c000 | 0x000019ec | 0x00001a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.92 |
.00cfg | 0x0004e000 | 0x00000038 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.50 |
.gxfg | 0x0004f000 | 0x000015e0 | 0x00001600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.14 |
.retplne | 0x00051000 | 0x0000009c | 0x00000200 | 1.19 | |
_RDATA | 0x00052000 | 0x000001f4 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.17 |
.(t% | 0x00053000 | 0x001b2fd9 | 0x001b3000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.92 |
.(`) | 0x00206000 | 0x00000608 | 0x00000800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.14 |
.$3* | 0x00207000 | 0x0008ba2c | 0x0008bc00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.79 |
.reloc | 0x00293000 | 0x00000f2c | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.38 |
偏移量 | 0x0028c600 |
大小 | 0x00005c00 |
序列 | 地址 | 名称 |
---|---|---|
1 | 0x18000d588 | adler32 |
140 | 0x18000fa37 | adler32_combine |
2 | 0x18000d589 | compress |
39 | 0x18000e254 | compress2 |
46 | 0x18000e517 | compressBound |
3 | 0x18000d58a | crc32 |
142 | 0x18000fa38 | crc32_combine |
4 | 0x18000d58b | deflate |
47 | 0x18000e5a4 | deflateBound |
5 | 0x18000d61a | deflateCopy |
6 | 0x18000d6a7 | deflateEnd |
7 | 0x18000d6a8 | deflateInit2_ |
8 | 0x18000d737 | deflateInit_ |
9 | 0x18000d7c6 | deflateParams |
52 | 0x18000e74f | deflatePending |
51 | 0x18000e74e | deflatePrime |
10 | 0x18000d853 | deflateReset |
164 | 0x18000ffc7 | deflateResetKeep |
11 | 0x18000d8e0 | deflateSetDictionary |
144 | 0x18000fa39 | deflateSetHeader |
145 | 0x18000fac6 | deflateTune |
110 | 0x18000f38e | fill_win32_filefunc |
111 | 0x18000f38f | fill_win32_filefunc64 |
112 | 0x18000f390 | fill_win32_filefunc64A |
113 | 0x18000f41d | fill_win32_filefunc64W |
38 | 0x18000e253 | get_crc_table |
146 | 0x18000fac7 | gzbuffer |
48 | 0x18000e631 | gzclearerr |
12 | 0x18000d96f | gzclose |
147 | 0x18000fb56 | gzclose_r |
148 | 0x18000fbe3 | gzclose_w |
149 | 0x18000fbe4 | gzdirect |
13 | 0x18000d970 | gzdopen |
34 | 0x18000e137 | gzeof |
14 | 0x18000d9fd | gzerror |
15 | 0x18000da8c | gzflush |
30 | 0x18000e017 | gzgetc |
161 | 0x18000ff37 | gzgetc_ |
41 | 0x18000e36e | gzgets |
150 | 0x18000fc71 | gzoffset |
16 | 0x18000da8d | gzopen |
165 | 0x180010056 | gzopen_w |
28 | 0x18000df89 | gzprintf |
29 | 0x18000e016 | gzputc |
40 | 0x18000e2e1 | gzputs |
17 | 0x18000da8e | gzread |
32 | 0x18000e0a7 | gzrewind |
31 | 0x18000e0a6 | gzseek |
35 | 0x18000e138 | gzsetparams |
33 | 0x18000e136 | gztell |
49 | 0x18000e6be | gzungetc |
18 | 0x18000db1b | gzwrite |
19 | 0x18000db1c | inflate |
44 | 0x18000e489 | inflateBack |
45 | 0x18000e516 | inflateBackEnd |
43 | 0x18000e3fc | inflateBackInit_ |
42 | 0x18000e36f | inflateCopy |
20 | 0x18000dba9 | inflateEnd |
156 | 0x18000fc72 | inflateGetHeader |
21 | 0x18000dbaa | inflateInit2_ |
22 | 0x18000dc37 | inflateInit_ |
157 | 0x18000fcff | inflateMark |
158 | 0x18000fd8c | inflatePrime |
23 | 0x18000dcc4 | inflateReset |
159 | 0x18000fe1b | inflateReset2 |
163 | 0x18000ff38 | inflateResetKeep |
24 | 0x18000dd53 | inflateSetDictionary |
25 | 0x18000dde0 | inflateSync |
37 | 0x18000e1c6 | inflateSyncPoint |
160 | 0x18000feaa | inflateUndermine |
26 | 0x18000de6d | uncompress |
62 | 0x18000e7dd | unzClose |
72 | 0x18000ebc5 | unzCloseCurrentFile |
64 | 0x18000e86d | unzGetCurrentFileInfo |
124 | 0x18000f5c9 | unzGetCurrentFileInfo64 |
125 | 0x18000f5ca | unzGetCurrentFileZStreamPos64 |
100 | 0x18000f272 | unzGetFilePos |
127 | 0x18000f6e4 | unzGetFilePos64 |
73 | 0x18000ebc6 | unzGetGlobalComment |
63 | 0x18000e7de | unzGetGlobalInfo |
122 | 0x18000f53a | unzGetGlobalInfo64 |
76 | 0x18000ece1 | unzGetLocalExtrafield |
101 | 0x18000f2ff | unzGoToFilePos |
128 | 0x18000f6e5 | unzGoToFilePos64 |
65 | 0x18000e8fc | unzGoToFirstFile |
66 | 0x18000e98b | unzGoToNextFile |
75 | 0x18000ec54 | unzLocateFile |
61 | 0x18000e750 | unzOpen |
77 | 0x18000ed6e | unzOpen2 |
121 | 0x18000f539 | unzOpen2_64 |
120 | 0x18000f4aa | unzOpen64 |
67 | 0x18000ea1a | unzOpenCurrentFile |
78 | 0x18000ed6f | unzOpenCurrentFile2 |
69 | 0x18000eaaa | unzOpenCurrentFile3 |
79 | 0x18000ed70 | unzOpenCurrentFilePassword |
68 | 0x18000ea1b | unzReadCurrentFile |
74 | 0x18000ebc7 | unzStringFileNameCompare |
71 | 0x18000ebc4 | unzeof |
70 | 0x18000eb37 | unztell |
126 | 0x18000f657 | unztell64 |
36 | 0x18000e139 | zError |
84 | 0x18000f037 | zipClose |
83 | 0x18000efa8 | zipCloseFileInZip |
87 | 0x18000f155 | zipCloseFileInZipRaw |
136 | 0x18000fa36 | zipCloseFileInZipRaw64 |
80 | 0x18000edfd | zipOpen |
88 | 0x18000f156 | zipOpen2 |
131 | 0x18000f801 | zipOpen2_64 |
130 | 0x18000f772 | zipOpen64 |
81 | 0x18000ee8c | zipOpenNewFileInZip |
86 | 0x18000f0c6 | zipOpenNewFileInZip2 |
133 | 0x18000f91b | zipOpenNewFileInZip2_64 |
89 | 0x18000f1e3 | zipOpenNewFileInZip3 |
134 | 0x18000f91c | zipOpenNewFileInZip3_64 |
135 | 0x18000f9a9 | zipOpenNewFileInZip4_64 |
132 | 0x18000f88e | zipOpenNewFileInZip64 |
82 | 0x18000ef1b | zipWriteInFileInZip |
50 | 0x18000e74d | zlibCompileFlags |
27 | 0x18000defc | zlibVersion |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 84.53.172.40 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
无域名信息.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 84.53.172.40 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 764031 |
---|---|
Mongo ID | 6749bbeb7e769a640142f352 |
Cuckoo release | 1.4-Maldun |