分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-11-29 21:34:22 2024-11-29 21:36:40 138 秒

魔盾分数

3.25

可疑的

文件详细信息

文件名 StarCraft-II-Setup.exe
文件大小 5219968 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4d10325e3ff959475a0a468431e8ef3d
SHA1 dc7ceae4c4a462f4ba0ad0f0fbdc582b395f9267
SHA256 1ce188f04ec18f0ed7546ba56d37041c3af531741bdd1dd56d6e6f983e894335
SHA512 773ab10287bea7ca12bb943afc35485de73b8fdc1487a3f8d1149a07bc69f554948f899a347758a67ef2ea74d43b1e87a75d65f253a52dca438cbb5a0581c63b
CRC32 AB77A7DF
Ssdeep 98304:S84BwyMWieDN4+F/8njOyiiqTr/wcxmYedKtC:SAEwnjOy5qwcYKE
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
223.252.234.104 未知 中国
66.40.185.57 未知 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
nydus.battle.net A 223.252.234.104
iir.blizzard.com A 66.40.185.57

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0053b686
声明校验值 0x004fb56f
实际校验值 0x004fb56f
最低操作系统版本要求 6.0
PDB路径 D:\BuildServer\bna-2\work-git\bootstrapper-repository\src\Release\Bootstrapper.pdb
编译时间 2023-08-04 09:44:13
载入哈希 79dbe573912bfd2d08a3c01a29dfeaed
图标
图标精确哈希值 63885fa63bc3bbaeb0bb7bc0605c1cab
图标相似性哈希值 fe3c32bb9357de21b3ad6b43c8d8fa06

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Fri Aug 04 09:47:19 2023
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert SHA2 Assured ID Code Signing CA
发行人 DigiCert Assured ID Root CA
有效期 Sun Oct 22 200000 2028
SHA1 哈希 92c1588e85af2201ce7915e8538b492f605b80c6
证书链 Certificate Chain 3
发行给 Blizzard Entertainment, Inc.
发行人 DigiCert SHA2 Assured ID Code Signing CA
有效期 Thu Nov 30 075959 2023
SHA1 哈希 abb752d9a81c499b8cde706c9b1298b60c65d4af
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert Trusted Root G4
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 075959 2031
SHA1 哈希 a99d5b79e9f1cda59cdab6373169d5353f5874c6
证书链 Timestamp Chain 3
发行给 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
发行人 DigiCert Trusted Root G4
有效期 Mon Mar 23 075959 2037
SHA1 哈希 b6c8af834d4e53b673c76872aa8c950c7c54df5f
证书链 Timestamp Chain 4
发行给 DigiCert Timestamp 2022 - 2
发行人 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
有效期 Tue Nov 22 075959 2033
SHA1 哈希 f387224d8633829235a994bcbd8f96e9fe1c7c73

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x002cbe2c 0x002cc000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.71
.rdata 0x002cd000 0x0011e36c 0x0011e400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.07
.data 0x003ec000 0x00076b74 0x0001a200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.11
.rsrc 0x00463000 0x000cb428 0x000cb600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.02
.reloc 0x0052f000 0x000270f0 0x00027200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.61

覆盖

偏移量 0x004f7200
大小 0x00003480

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
FONT 0x0048c12c 0x000171a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.87 TrueType font data
FONT 0x0048c12c 0x000171a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.87 TrueType font data
FONT 0x0048c12c 0x000171a8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.87 TrueType font data
JSON 0x004a5a0c 0x000001bc LANG_NEUTRAL SUBLANG_NEUTRAL 4.91 ASCII text, with very long lines, with no line terminators
JSON 0x004a5a0c 0x000001bc LANG_NEUTRAL SUBLANG_NEUTRAL 4.91 ASCII text, with very long lines, with no line terminators
JSON 0x004a5a0c 0x000001bc LANG_NEUTRAL SUBLANG_NEUTRAL 4.91 ASCII text, with very long lines, with no line terminators
JSON 0x004a5a0c 0x000001bc LANG_NEUTRAL SUBLANG_NEUTRAL 4.91 ASCII text, with very long lines, with no line terminators
JSON 0x004a5a0c 0x000001bc LANG_NEUTRAL SUBLANG_NEUTRAL 4.91 ASCII text, with very long lines, with no line terminators
JSON 0x004a5a0c 0x000001bc LANG_NEUTRAL SUBLANG_NEUTRAL 4.91 ASCII text, with very long lines, with no line terminators
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
PNG 0x004c8b60 0x0000ee42 LANG_NEUTRAL SUBLANG_NEUTRAL 7.99 PNG image data, 220 x 449, 8-bit colormap, non-interlaced
STRINGS 0x004d79a4 0x00004a85 LANG_NEUTRAL SUBLANG_NEUTRAL 6.28 data
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_ICON 0x0052d67c 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 5.35 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x0052dae4 0x000000a0 LANG_NEUTRAL SUBLANG_NEUTRAL 2.96 MS Windows icon resource - 11 icons, 48x48, 16 colors
RT_VERSION 0x0052db84 0x00000354 LANG_NEUTRAL SUBLANG_NEUTRAL 3.40 data
RT_MANIFEST 0x0052ded8 0x00000550 LANG_ENGLISH SUBLANG_ENGLISH_US 5.23 ASCII text, with CRLF line terminators

导入

库: UIAutomationCore.DLL:
库: MSIMG32.dll:
0x6cd4f4 AlphaBlend
库: RPCRT4.dll:
0x6cd510 UuidToStringA
0x6cd514 RpcStringFreeA
0x6cd518 UuidCreate
库: WS2_32.dll:
0x6cd684 bind
0x6cd688 socket
0x6cd68c freeaddrinfo
0x6cd690 getaddrinfo
0x6cd694 WSASetLastError
0x6cd698 htons
0x6cd69c WSACleanup
0x6cd6a0 WSAStartup
0x6cd6a4 connect
0x6cd6a8 htonl
0x6cd6ac WSAGetLastError
0x6cd6b0 gethostname
0x6cd6b4 closesocket
0x6cd6b8 shutdown
0x6cd6bc ntohl
0x6cd6c0 getpeername
0x6cd6c4 getsockname
0x6cd6c8 getsockopt
0x6cd6cc ntohs
0x6cd6d0 setsockopt
0x6cd6d4 WSAIoctl
0x6cd6d8 recvfrom
0x6cd6dc sendto
0x6cd6e0 accept
0x6cd6e4 listen
0x6cd6e8 __WSAFDIsSet
0x6cd6ec select
0x6cd6f0 ioctlsocket
0x6cd6f4 send
0x6cd6f8 recv
库: VERSION.dll:
0x6cd62c VerQueryValueW
0x6cd630 GetFileVersionInfoW
库: KERNEL32.dll:
0x6cd170 GetThreadPriority
0x6cd194 UnregisterWait
0x6cd198 GetThreadTimes
0x6cd1a0 GetModuleFileNameW
0x6cd1a4 GetModuleHandleA
0x6cd1a8 LoadLibraryExW
0x6cd1ac VirtualAlloc
0x6cd1b0 VirtualProtect
0x6cd1b4 VirtualFree
0x6cd1b8 ReleaseSemaphore
0x6cd1c8 QueryDepthSList
0x6cd1cc UnregisterWaitEx
0x6cd1d0 WaitForSingleObject
0x6cd1d4 RtlUnwind
0x6cd1d8 ExitProcess
0x6cd1dc GetModuleHandleExW
0x6cd1e0 GetStdHandle
0x6cd1e4 GetFileType
0x6cd1e8 GetModuleFileNameA
0x6cd1ec WriteConsoleW
0x6cd1f0 ExitThread
0x6cd1f4 ResumeThread
0x6cd1f8 WriteFile
0x6cd1fc GetACP
0x6cd204 HeapReAlloc
0x6cd208 FlushFileBuffers
0x6cd20c GetConsoleCP
0x6cd210 GetConsoleMode
0x6cd214 OutputDebugStringA
0x6cd218 GetDateFormatW
0x6cd21c GetTimeFormatW
0x6cd220 IsValidLocale
0x6cd224 GetUserDefaultLCID
0x6cd228 EnumSystemLocalesW
0x6cd22c ReadFile
0x6cd230 ReadConsoleW
0x6cd234 SetFilePointerEx
0x6cd23c FindClose
0x6cd240 FindFirstFileExW
0x6cd244 FindNextFileW
0x6cd248 IsValidCodePage
0x6cd24c CreateThread
0x6cd250 GetCommandLineA
0x6cd254 GetCommandLineW
0x6cd264 SetStdHandle
0x6cd268 HeapSize
0x6cd26c CreateFileW
0x6cd270 SetEndOfFile
0x6cd274 GetTickCount64
0x6cd278 SleepEx
0x6cd27c PeekNamedPipe
0x6cd288 FormatMessageA
0x6cd28c VerSetConditionMask
0x6cd290 GetSystemDirectoryA
0x6cd294 LoadLibraryA
0x6cd298 VerifyVersionInfoA
0x6cd29c CreateFileA
0x6cd2a0 GetFileSizeEx
0x6cd2b4 CreateDirectoryW
0x6cd2b8 DeleteFileW
0x6cd2bc FindFirstFileW
0x6cd2c0 GetDiskFreeSpaceExW
0x6cd2c4 GetFileAttributesW
0x6cd2d0 GetFileTime
0x6cd2d4 GetFullPathNameW
0x6cd2d8 RemoveDirectoryW
0x6cd2dc SetFileAttributesW
0x6cd2e0 SetFileTime
0x6cd2e4 DeviceIoControl
0x6cd2e8 MoveFileExW
0x6cd2ec AreFileApisANSI
0x6cd2f0 OpenEventA
0x6cd2f4 SetWaitableTimer
0x6cd2f8 GetSystemInfo
0x6cd300 DeactivateActCtx
0x6cd304 ActivateActCtx
0x6cd308 CreateActCtxW
0x6cd318 GetDriveTypeW
0x6cd31c lstrlenW
0x6cd320 VirtualUnlock
0x6cd324 ReleaseMutex
0x6cd328 CreateMutexA
0x6cd32c GlobalFree
0x6cd330 GetExitCodeProcess
0x6cd334 OpenThread
0x6cd338 CreateFiber
0x6cd33c VirtualQuery
0x6cd340 MoveFileW
0x6cd348 CreateFiberEx
0x6cd34c WaitNamedPipeW
0x6cd350 SetFileValidData
0x6cd354 IsBadReadPtr
0x6cd358 GlobalMemoryStatus
0x6cd35c Module32NextW
0x6cd360 VerifyVersionInfoW
0x6cd364 SignalObjectAndWait
0x6cd368 CreateTimerQueue
0x6cd36c OutputDebugStringW
0x6cd370 TerminateProcess
0x6cd378 GetStartupInfoW
0x6cd384 IsDebuggerPresent
0x6cd388 InitializeSListHead
0x6cd38c GetCurrentProcessId
0x6cd390 ResetEvent
0x6cd394 GetStringTypeW
0x6cd398 GetLocaleInfoW
0x6cd39c LCMapStringW
0x6cd3a0 CompareStringW
0x6cd3a4 GetCPInfo
0x6cd3a8 SetThreadPriority
0x6cd3ac MultiByteToWideChar
0x6cd3b4 TlsFree
0x6cd3b8 TlsSetValue
0x6cd3bc TlsGetValue
0x6cd3c0 TlsAlloc
0x6cd3c4 CreateEventW
0x6cd3cc SetLastError
0x6cd3d0 EncodePointer
0x6cd3d4 GetExitCodeThread
0x6cd3d8 SwitchToThread
0x6cd3dc Sleep
0x6cd3e4 DuplicateHandle
0x6cd3e8 GetCurrentThreadId
0x6cd400 WideCharToMultiByte
0x6cd404 GetCurrentThread
0x6cd408 GetCurrentProcess
0x6cd40c LocalFree
0x6cd410 OpenProcess
0x6cd414 GetVersionExW
0x6cd418 LocalAlloc
0x6cd41c FindResourceW
0x6cd420 LoadResource
0x6cd424 LockResource
0x6cd428 SizeofResource
0x6cd42c CreateEventA
0x6cd430 GetProcessHeap
0x6cd434 HeapAlloc
0x6cd438 CloseHandle
0x6cd43c SetEvent
0x6cd444 GetComputerNameW
0x6cd448 lstrcpynA
0x6cd44c GetFileSize
0x6cd450 GetThreadContext
0x6cd454 GetLocalTime
0x6cd458 HeapFree
0x6cd460 GetTickCount
0x6cd464 FreeLibrary
0x6cd468 GetModuleHandleW
0x6cd470 GetProcAddress
0x6cd474 DecodePointer
0x6cd478 LoadLibraryW
0x6cd47c RaiseException
0x6cd480 GetLastError
0x6cd48c ReadConsoleA
0x6cd490 SetConsoleMode
0x6cd494 GetOEMCP
0x6cd498 Module32FirstW
0x6cd49c Process32Next
0x6cd4a0 DeleteFileA
0x6cd4a8 GetTempPathA
0x6cd4b0 SwitchToFiber
0x6cd4b4 SuspendThread
0x6cd4b8 IsBadStringPtrA
0x6cd4bc Thread32First
0x6cd4c4 SetFilePointer
0x6cd4c8 Thread32Next
0x6cd4cc GetProcessId
0x6cd4d0 DeleteFiber
0x6cd4dc Process32First
0x6cd4e0 IsBadWritePtr
0x6cd4e4 RtlCaptureContext
0x6cd4e8 GetShortPathNameW
0x6cd4ec GetDiskFreeSpaceW
库: USER32.dll:
0x6cd560 GetDesktopWindow
0x6cd564 MessageBoxA
0x6cd568 GetDC
0x6cd56c DrawTextW
0x6cd570 GetWindowLongW
0x6cd574 DefWindowProcW
0x6cd578 AdjustWindowRectEx
0x6cd57c GetWindowRect
0x6cd580 DestroyWindow
0x6cd584 SetWindowPos
0x6cd588 MessageBoxW
0x6cd58c CreateWindowExW
0x6cd590 SendMessageW
0x6cd594 GetSystemMetrics
0x6cd598 SetWindowTextW
0x6cd59c RegisterClassExW
0x6cd5a0 ShowWindow
0x6cd5a4 DispatchMessageW
0x6cd5a8 SetTimer
0x6cd5ac PeekMessageW
0x6cd5b0 TrackMouseEvent
0x6cd5b4 TranslateMessage
0x6cd5b8 LoadIconW
0x6cd5bc LoadCursorW
0x6cd5c0 SetCapture
0x6cd5c4 GetWindowDC
0x6cd5c8 SetWindowLongW
0x6cd5cc UpdateLayeredWindow
0x6cd5d0 PostQuitMessage
0x6cd5d4 ReleaseCapture
0x6cd5d8 InvalidateRect
0x6cd5dc IsIconic
0x6cd5e0 ReleaseDC
0x6cd5e4 GetCursorPos
0x6cd5e8 BeginPaint
0x6cd5ec EndPaint
0x6cd5f0 GetKeyState
0x6cd5f8 ClientToScreen
0x6cd5fc PostMessageW
0x6cd600 GetForegroundWindow
0x6cd604 GetActiveWindow
0x6cd608 GetShellWindow
0x6cd610 CharLowerA
0x6cd614 SetFocus
0x6cd618 MoveWindow
0x6cd61c ScreenToClient
库: GDI32.dll:
0x6cd124 CreateDIBSection
0x6cd128 GetObjectW
0x6cd12c DeleteObject
0x6cd134 EnumFontFamiliesExW
0x6cd138 CreateFontW
0x6cd13c GetStockObject
0x6cd140 SetBkColor
0x6cd144 RoundRect
0x6cd148 SelectObject
0x6cd14c GetLayout
0x6cd150 SetLayout
0x6cd154 DeleteDC
0x6cd158 SetTextColor
0x6cd15c SetBkMode
0x6cd160 SetMapMode
0x6cd164 SetTextAlign
0x6cd168 CreateCompatibleDC
库: ADVAPI32.dll:
0x6cd000 GetTokenInformation
0x6cd004 RegDeleteValueA
0x6cd008 OpenServiceW
0x6cd00c QueryServiceConfigW
0x6cd010 OpenProcessToken
0x6cd014 RegSetValueExA
0x6cd018 RegCreateKeyExA
0x6cd01c CryptEnumProvidersA
0x6cd020 CryptSignHashA
0x6cd024 CryptDecrypt
0x6cd028 CryptExportKey
0x6cd02c CryptGetUserKey
0x6cd030 CryptGetProvParam
0x6cd034 CryptSetHashParam
0x6cd03c ReportEventA
0x6cd048 RegGetValueW
0x6cd04c RegSetValueExW
0x6cd050 SetEntriesInAclW
0x6cd060 GetFileSecurityW
0x6cd064 MapGenericMask
0x6cd06c RegQueryValueExW
0x6cd07c GetUserNameW
0x6cd080 DuplicateTokenEx
0x6cd084 OpenSCManagerW
0x6cd088 RegQueryValueExA
0x6cd08c CloseServiceHandle
0x6cd094 RegCloseKey
0x6cd098 RegOpenKeyExA
0x6cd09c OpenThreadToken
0x6cd0a0 DuplicateToken
0x6cd0a4 CryptEncrypt
0x6cd0a8 CryptImportKey
0x6cd0ac CryptDestroyKey
0x6cd0b0 CryptDestroyHash
0x6cd0b4 CryptHashData
0x6cd0b8 CryptCreateHash
0x6cd0bc CryptGenRandom
0x6cd0c0 CryptGetHashParam
0x6cd0c4 CryptReleaseContext
0x6cd0cc AccessCheck
库: SHELL32.dll:
0x6cd520 SHGetFolderPathW
0x6cd524 ShellExecuteExA
0x6cd528 SHGetMalloc
0x6cd530 SHBrowseForFolderW
0x6cd534 ShellExecuteExW
0x6cd538 CommandLineToArgvW
0x6cd53c FindExecutableA
库: ole32.dll:
0x6cd700 CoTaskMemFree
0x6cd704 CoCreateInstance
库: WINTRUST.dll:
0x6cd67c WinVerifyTrust
库: WININET.dll:
0x6cd64c HttpSendRequestA
0x6cd650 InternetCloseHandle
0x6cd658 InternetOpenA
0x6cd65c InternetReadFileExA
0x6cd660 InternetSetCookieW
0x6cd664 InternetSetOptionA
0x6cd668 InternetCrackUrlA
0x6cd66c HttpOpenRequestA
0x6cd670 HttpQueryInfoA
0x6cd674 InternetConnectA
库: WINHTTP.dll:
0x6cd638 WinHttpCloseHandle
0x6cd644 WinHttpOpen
库: OLEAUT32.dll:
0x6cd4fc VariantClear
0x6cd500 SysAllocString
0x6cd508 SafeArrayPutElement

.text
`.rdata
@.data
.rsrc
@.reloc
QQh`Ix
VhlFs
PhtFs
FDWPhp x
j0WPj
D0(T+x
D0(T+x
D8(T+x
D8(T+x
jPhP,x
tYht.x
PhP/x
9w tUj
(Qhx-x
VhT0x
XPhH1x
Ght*x
Ph8tx
jqh(7x
Vh$Cx
|PhPCx
WhDDx
%h(Ex
没有防病毒引擎扫描信息!

进程树


StarCraft-II-Setup.exe, PID: 2572, 上一级进程 PID: 2196

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
223.252.234.104 未知 中国
66.40.185.57 未知 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 66.40.185.57 iir.blizzard.com 3724
192.168.122.201 49164 66.40.185.57 iir.blizzard.com 3724
192.168.122.201 49160 84.53.172.40 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
nydus.battle.net A 223.252.234.104
iir.blizzard.com A 66.40.185.57

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 66.40.185.57 iir.blizzard.com 3724
192.168.122.201 49164 66.40.185.57 iir.blizzard.com 3724
192.168.122.201 49160 84.53.172.40 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://iir.blizzard.com:3724/submit/BNET_APP
POST /submit/BNET_APP HTTP/1.1
Host: iir.blizzard.com:3724
User-Agent: Bootstrapper/1.18.10.3141
Accept: */*
Content-Type: text/plain
irrh-x-proto-message-type: BNET.BI.SessionGenerate
ir-exchange: BIAPI
Content-Length: 57

\x08\xff\x92\x8a\xf0\xe7\xfc\xe3\x8c
\x10\xf0\x83\xa4\xde\xd6\xd4\x87\x03\x1a$02AC69EC-A9EF-4687-8468-3D589E31CCCB
URL专业沙箱检测 -> http://iir.blizzard.com:3724/submit/BNET_APP
POST /submit/BNET_APP HTTP/1.1
Host: iir.blizzard.com:3724
User-Agent: Bootstrapper/1.18.10.3141
Accept: */*
Content-Type: text/plain
irrh-x-proto-message-type: BNET.BI.BootstrapperSession
ir-exchange: BIAPI
Content-Length: 81

\x08\xff\x92\x8a\xf0\xe7\xfc\xe3\x8c
\x10\xf0\x83\xa4\xde\xd6\xd4\x87\x03\x1a\x0bsetup-start"$02AC69EC-A9EF-4687-8468-3D589E31CCCB*\x02s22\x008\xc5\x18@\x00

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 34.377 seconds )

  • 13.468 NetworkAnalysis
  • 11.814 Suricata
  • 6.905 Static
  • 1.524 TargetInfo
  • 0.508 peid
  • 0.119 BehaviorAnalysis
  • 0.014 config_decoder
  • 0.012 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 37.136 seconds )

  • 35.577 network_http
  • 1.434 proprietary_url_bl
  • 0.018 antiav_detectreg
  • 0.012 proprietary_domain_bl
  • 0.008 infostealer_ftp
  • 0.007 api_spamming
  • 0.006 antiav_detectfile
  • 0.005 stealth_decoy_document
  • 0.005 anomaly_persistence_autorun
  • 0.005 stealth_timeout
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 stealth_network
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 proprietary_ip_reputation
  • 0.002 network_torgateway
  • 0.001 antiemu_wine_func
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_disk
  • 0.001 infostealer_browser_password
  • 0.001 cerber_behavior
  • 0.001 kovter_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_mismatch_mime_extension
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.734 seconds )

  • 0.669 ReportHTMLSummary
  • 0.065 Malheur
Task ID 764036
Mongo ID 6749c3cd7e769a640342dca7
Cuckoo release 1.4-Maldun