分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-11-29 23:21:31 2024-11-29 23:23:47 136 秒

魔盾分数

2.2

可疑的

文件详细信息

文件名 ACE-PBC-Game64.dll
文件大小 8787864 字节
文件类型 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5 44246104ab5d027186d6d803f10a4de4
SHA1 ca2f5607aeb7b26453a2995e5dd568cec62478a5
SHA256 f3263fe6a480c1398d77021280cfa7f663048dbaf497bbc40ab326bd5e6169b7
SHA512 235dfdf80fc7ab1c1ced672b323052cd435799e2cf974901230b49386f0556495d45e775f5325a034cf4eb5fb31238bc4e7cd673ce5bdd7a4eb2c4948d53b2d3
CRC32 2554F48D
Ssdeep 196608:dlRW9hJ6kfe1vJYZbZ1Gf1C1k91vXDbHHTIZS9kCN1OGuW6khAkvepI6mmA/+qJN:dlRW9hJ6kfe1vJYZbZ1Gf1C1k91vXDbN
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x180000000
入口地址 0x180184f44
声明校验值 0x00864bb3
实际校验值 0x00864bb3
最低操作系统版本要求 6.0
PDB路径 D:\landun\workspace\CommonComponent\LOL-GameRpcs\1.compile_source\output\pub\ACE-PBC-Game64.pdb
编译时间 2024-11-12 10:11:14
载入哈希 d7c5757453ae044655c8598f99d8461b
导出DLL库名称 \x3667\x3645\x38\x366745\x37\x39\x31\x31\x35\x35\x34\x31\x31\x31

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Fri Nov 22 10:56:59 2024
证书链 Certificate Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Certificate Chain 2
发行给 DigiCert Trusted Root G4
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 075959 2031
SHA1 哈希 a99d5b79e9f1cda59cdab6373169d5353f5874c6
证书链 Certificate Chain 3
发行给 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
发行人 DigiCert Trusted Root G4
有效期 Tue Apr 29 075959 2036
SHA1 哈希 7b0f360b775f76c94a12ca48445aa2d2a875701c
证书链 Certificate Chain 4
发行给 Tencent Technology (Shenzhen) Company Limited
发行人 DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
有效期 Sat Oct 18 075959 2025
SHA1 哈希 617c4edb4f205fca0e5c07b9c52aa8d695fd122c
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert Trusted Root G4
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 075959 2031
SHA1 哈希 a99d5b79e9f1cda59cdab6373169d5353f5874c6
证书链 Timestamp Chain 3
发行给 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
发行人 DigiCert Trusted Root G4
有效期 Mon Mar 23 075959 2037
SHA1 哈希 b6c8af834d4e53b673c76872aa8c950c7c54df5f
证书链 Timestamp Chain 4
发行给 DigiCert Timestamp 2024
发行人 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
有效期 Mon Nov 26 075959 2035
SHA1 哈希 dbd385ee62dbd23e7be4f67148508724d5865b45

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x002fd590 0x002fd600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.60
.rdata 0x002ff000 0x000dab6a 0x000dac00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.56
.data 0x003da000 0x00011d24 0x00009a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.92
.pdata 0x003ec000 0x00022c08 0x00022e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.33
.rsrc 0x0040f000 0x00000578 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.97
.reloc 0x00410000 0x00007b54 0x00007c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.44
.tvm0 0x00418000 0x00452000 0x00452000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.77

导入

库: WS2_32.dll:
0x1802ff7b8 shutdown
0x1802ff7c0 getnameinfo
0x1802ff7c8 send
0x1802ff7d0 ntohl
0x1802ff7d8 gethostname
0x1802ff7e0 ioctlsocket
0x1802ff7e8 sendto
0x1802ff7f0 recvfrom
0x1802ff7f8 freeaddrinfo
0x1802ff800 getaddrinfo
0x1802ff808 listen
0x1802ff810 htonl
0x1802ff818 accept
0x1802ff820 select
0x1802ff828 __WSAFDIsSet
0x1802ff830 WSACleanup
0x1802ff838 WSAStartup
0x1802ff840 WSAIoctl
0x1802ff848 WSASetLastError
0x1802ff850 socket
0x1802ff858 setsockopt
0x1802ff860 ntohs
0x1802ff868 htons
0x1802ff870 getsockopt
0x1802ff878 getsockname
0x1802ff880 getpeername
0x1802ff888 connect
0x1802ff890 bind
0x1802ff898 recv
0x1802ff8a0 WSAGetLastError
0x1802ff8a8 closesocket
0x1802ff8b0 WSAWaitForMultipleEvents
0x1802ff8b8 WSAResetEvent
0x1802ff8c0 WSACloseEvent
0x1802ff8c8 WSACreateEvent
0x1802ff8d0 WSAEventSelect
0x1802ff8d8 WSAEnumNetworkEvents
库: CRYPT32.dll:
0x1802ff090 CertOpenStore
0x1802ff0a0 CertOpenSystemStoreA
0x1802ff0a8 CertGetIntendedKeyUsage
0x1802ff0b0 CertGetEnhancedKeyUsage
0x1802ff0c8 CertCloseStore
库: USER32.dll:
0x1802ff680 GetProcessWindowStation
0x1802ff688 IsWindow
0x1802ff698 MessageBoxW
0x1802ff6a0 GetWindowTextA
0x1802ff6a8 GetWindowLongPtrA
0x1802ff6b0 GetClassLongA
0x1802ff6b8 EnumThreadWindows
0x1802ff6c0 GetClassNameA
0x1802ff6c8 GetWindowThreadProcessId
0x1802ff6d0 TrackMouseEvent
0x1802ff6d8 CallWindowProcA
0x1802ff6e0 GetActiveWindow
0x1802ff6e8 IsWindowUnicode
0x1802ff6f0 SetWindowLongPtrA
0x1802ff6f8 SetWindowLongPtrW
0x1802ff700 GetCursorInfo
0x1802ff708 IsWindowVisible
0x1802ff710 EnumWindows
库: WLDAP32.dll:
0x1802ff720 None
0x1802ff728 None
0x1802ff730 None
0x1802ff738 None
0x1802ff740 None
0x1802ff748 None
0x1802ff750 None
0x1802ff758 None
0x1802ff760 None
0x1802ff768 None
0x1802ff770 None
0x1802ff778 None
0x1802ff780 None
0x1802ff788 None
0x1802ff790 None
0x1802ff798 None
0x1802ff7a0 None
0x1802ff7a8 None
库: KERNEL32.dll:
0x1802ff0d8 FindClose
0x1802ff0e0 GetFullPathNameW
0x1802ff0e8 GetCurrentDirectoryW
0x1802ff0f0 SetEndOfFile
0x1802ff0f8 SetStdHandle
0x1802ff100 GetFileAttributesExW
0x1802ff108 SetConsoleCtrlHandler
0x1802ff110 GetTimeZoneInformation
0x1802ff118 GetFileSizeEx
0x1802ff120 FindNextFileW
0x1802ff128 IsValidCodePage
0x1802ff130 GetACP
0x1802ff138 GetOEMCP
0x1802ff140 GetCommandLineW
0x1802ff148 GetEnvironmentStringsW
0x1802ff150 FindFirstFileExW
0x1802ff158 FlushFileBuffers
0x1802ff160 EnumSystemLocalesW
0x1802ff168 GetUserDefaultLCID
0x1802ff170 IsValidLocale
0x1802ff178 GetTimeFormatW
0x1802ff180 GetDateFormatW
0x1802ff188 GetConsoleCP
0x1802ff190 ReadConsoleW
0x1802ff198 ExitProcess
0x1802ff1a0 SetFilePointerEx
0x1802ff1a8 FileTimeToSystemTime
0x1802ff1c0 GetDriveTypeW
0x1802ff1c8 CreateFileW
0x1802ff1d0 ExitThread
0x1802ff1d8 WriteConsoleW
0x1802ff1e0 GetModuleHandleExW
0x1802ff1e8 RtlUnwindEx
0x1802ff1f0 RtlPcToFileHeader
0x1802ff1f8 LoadLibraryW
0x1802ff200 UnregisterWaitEx
0x1802ff208 QueryDepthSList
0x1802ff210 InterlockedFlushSList
0x1802ff220 InterlockedPopEntrySList
0x1802ff228 ReleaseSemaphore
0x1802ff230 VirtualFree
0x1802ff238 VirtualProtect
0x1802ff240 VirtualAlloc
0x1802ff248 GetVersionExW
0x1802ff250 LoadLibraryExW
0x1802ff258 FreeLibraryAndExitThread
0x1802ff260 GetThreadTimes
0x1802ff268 UnregisterWait
0x1802ff278 Sleep
0x1802ff280 GetCurrentProcessId
0x1802ff288 GetModuleHandleA
0x1802ff290 GetProcAddress
0x1802ff298 VerSetConditionMask
0x1802ff2a0 QueryDosDeviceW
0x1802ff2b0 VerifyVersionInfoW
0x1802ff2b8 MultiByteToWideChar
0x1802ff2c0 WideCharToMultiByte
0x1802ff2c8 GetStdHandle
0x1802ff2d0 WriteFile
0x1802ff2d8 FreeEnvironmentStringsW
0x1802ff2e0 GetCurrentProcess
0x1802ff2e8 GetCurrentThreadId
0x1802ff2f0 GetConsoleMode
0x1802ff2f8 DecodePointer
0x1802ff300 RaiseException
0x1802ff308 HeapAlloc
0x1802ff310 HeapReAlloc
0x1802ff318 HeapFree
0x1802ff320 HeapSize
0x1802ff328 GetProcessHeap
0x1802ff338 DeleteCriticalSection
0x1802ff340 GetTickCount
0x1802ff348 GetModuleFileNameW
0x1802ff350 GetModuleHandleW
0x1802ff358 CreateToolhelp32Snapshot
0x1802ff360 Module32First
0x1802ff368 Module32Next
0x1802ff370 LoadLibraryA
0x1802ff388 CreateFileA
0x1802ff390 ReadFile
0x1802ff398 CloseHandle
0x1802ff3a0 GetCommandLineA
0x1802ff3a8 CreateMutexA
0x1802ff3b0 CreateThread
0x1802ff3b8 ReadProcessMemory
0x1802ff3c0 WriteProcessMemory
0x1802ff3c8 OpenThread
0x1802ff3d0 Thread32First
0x1802ff3d8 Thread32Next
0x1802ff3e0 RtlCaptureContext
0x1802ff3e8 RtlLookupFunctionEntry
0x1802ff3f0 RtlVirtualUnwind
0x1802ff3f8 VirtualLock
0x1802ff400 VirtualUnlock
0x1802ff408 K32EnumProcessModulesEx
0x1802ff410 K32GetModuleFileNameExW
0x1802ff418 K32GetModuleInformation
0x1802ff420 LeaveCriticalSection
0x1802ff430 TryEnterCriticalSection
0x1802ff438 QueryPerformanceCounter
0x1802ff448 ReleaseMutex
0x1802ff450 WaitForSingleObject
0x1802ff458 SuspendThread
0x1802ff460 ResumeThread
0x1802ff468 TerminateThread
0x1802ff470 EnterCriticalSection
0x1802ff478 SleepEx
0x1802ff480 GetSystemDirectoryA
0x1802ff488 SetLastError
0x1802ff490 FormatMessageW
0x1802ff498 MoveFileExA
0x1802ff4a0 WaitForSingleObjectEx
0x1802ff4a8 CompareFileTime
0x1802ff4b0 GetSystemTimeAsFileTime
0x1802ff4b8 GetEnvironmentVariableA
0x1802ff4c0 GetFileType
0x1802ff4c8 PeekNamedPipe
0x1802ff4d0 WaitForMultipleObjects
0x1802ff4d8 VerifyVersionInfoA
0x1802ff4e0 SetThreadAffinityMask
0x1802ff4e8 GetProcessAffinityMask
0x1802ff4f0 GetNumaHighestNodeNumber
0x1802ff4f8 DeleteTimerQueueTimer
0x1802ff500 SetEnvironmentVariableW
0x1802ff508 DeleteFileW
0x1802ff510 GetSystemTime
0x1802ff518 SystemTimeToFileTime
0x1802ff520 GetEnvironmentVariableW
0x1802ff528 ReadConsoleA
0x1802ff530 SetConsoleMode
0x1802ff538 SwitchToFiber
0x1802ff540 DeleteFiber
0x1802ff548 CreateFiber
0x1802ff550 FindFirstFileW
0x1802ff558 ConvertFiberToThread
0x1802ff560 ConvertThreadToFiber
0x1802ff568 RtlUnwind
0x1802ff570 GetLastError
0x1802ff578 FreeLibrary
0x1802ff580 ChangeTimerQueueTimer
0x1802ff588 CreateTimerQueueTimer
0x1802ff598 DuplicateHandle
0x1802ff5a0 SwitchToThread
0x1802ff5a8 GetCurrentThread
0x1802ff5b0 EncodePointer
0x1802ff5b8 CreateEventW
0x1802ff5c0 TlsAlloc
0x1802ff5c8 TlsGetValue
0x1802ff5d0 TlsSetValue
0x1802ff5d8 TlsFree
0x1802ff5e0 GetCPInfo
0x1802ff5e8 CompareStringW
0x1802ff5f0 LCMapStringW
0x1802ff5f8 GetLocaleInfoW
0x1802ff600 GetStringTypeW
0x1802ff608 SetEvent
0x1802ff610 ResetEvent
0x1802ff618 UnhandledExceptionFilter
0x1802ff628 TerminateProcess
0x1802ff638 IsDebuggerPresent
0x1802ff640 GetStartupInfoW
0x1802ff648 InitializeSListHead
0x1802ff650 OutputDebugStringW
0x1802ff658 CreateTimerQueue
0x1802ff660 SignalObjectAndWait
0x1802ff668 SetThreadPriority
0x1802ff670 GetThreadPriority
库: ADVAPI32.dll:
0x1802ff000 CryptExportKey
0x1802ff008 RegisterEventSourceW
0x1802ff010 ReportEventW
0x1802ff018 CryptAcquireContextW
0x1802ff020 CryptEnumProvidersW
0x1802ff028 CryptSignHashW
0x1802ff030 CryptDestroyHash
0x1802ff038 CryptCreateHash
0x1802ff040 CryptDecrypt
0x1802ff048 DeregisterEventSource
0x1802ff050 CryptGetUserKey
0x1802ff058 CryptGetProvParam
0x1802ff060 CryptSetHashParam
0x1802ff068 CryptDestroyKey
0x1802ff070 CryptReleaseContext
库: bcrypt.dll:
0x1802ff8e8 BCryptGenRandom

导出

序列 地址 名称
1 0x1800c4cb0 CreateObject
.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
B.tvm0
SHA256 block transform for x86_64, CRYPTOGAMS by <appro@openssl.org>
rc4(8x,int)
rc4(8x,char)
rc4(16x,int)
RC4 for x86_64, CRYPTOGAMS by <appro@openssl.org>
*p[[[[[[[[[[[[[[[[
Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)
AES for Intel AES-NI, CRYPTOGAMS by <appro@openssl.org>
AES-NI GCM module for x86_64, CRYPTOGAMS by <appro@openssl.org>
GHASH for x86_64, CRYPTOGAMS by <appro@openssl.org>
AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by <appro@openssl.org>
SHA1 block transform for x86_64, CRYPTOGAMS by <appro@openssl.org>
SHA1 multi-block transform for x86_64, CRYPTOGAMS by <appro@openssl.org>
没有防病毒引擎扫描信息!

进程树


rundll32.exe, PID: 2596, 上一级进程 PID: 2192

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.206.188.203 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.206.188.203 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 34.984 seconds )

  • 18.647 Static
  • 12.916 Suricata
  • 2.008 TargetInfo
  • 0.948 NetworkAnalysis
  • 0.382 peid
  • 0.037 BehaviorAnalysis
  • 0.021 config_decoder
  • 0.012 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 1.532 seconds )

  • 1.441 proprietary_url_bl
  • 0.012 antiav_detectreg
  • 0.009 proprietary_domain_bl
  • 0.006 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_im
  • 0.004 network_http
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antianalysis_detectreg
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 api_spamming
  • 0.002 antivm_vbox_files
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.002 proprietary_bad_drop
  • 0.001 stealth_decoy_document
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 stealth_timeout
  • 0.001 antivm_parallels_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_mismatch_mime_extension
  • 0.001 proprietary_anomaly_obfuscate_extension
  • 0.001 network_cnc_http

Reporting ( 0.581 seconds )

  • 0.531 ReportHTMLSummary
  • 0.05 Malheur
Task ID 764058
Mongo ID 6749dcb5dc327b16b9726290
Cuckoo release 1.4-Maldun