分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-11-30 02:45:43 2024-11-30 02:46:21 38 秒

魔盾分数

2.7

可疑的

文件详细信息

文件名 QRCodeWin32.dll
文件大小 81920 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 03f20b0089d6b7d010ad66d73aa3bc5a
SHA1 d7535ba3524a4442bd6021e9838518fed8ae8120
SHA256 20c5ebfa8f1159afa4f4ab7aab97fa97206e1f596813fff722bb7ea560391b1a
SHA512 8b37a058432f484e1e87097833d23d12cdef30195e097f51c7bd77c0b5427d7f83a9ebc0eefdf089c3e064aa35a31f8a7924aef5af61b119d2217046c980ff06
CRC32 0EB876E8
Ssdeep 1536:7v8ohMb9vM93tNJgTBLoHums9PoT8DOS+Np:7v8QMaqbms9PoT8yBj
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x10000000
入口地址 0x1000531c
声明校验值 0x00000000
实际校验值 0x00021311
最低操作系统版本要求 4.0
编译时间 2009-06-12 01:30:33
载入哈希 112fe0150667df0be145bdaea1e8030f
导出DLL库名称 QRCodeWin32.dll

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

PEiD 规则

[u'Armadillo v1.xx - v2.xx']

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00008af2 0x00009000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x0000a000 0x000010a0 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.36
.data 0x0000c000 0x000104bc 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.64
SBlock 0x0001d000 0x0000001f 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.08
.rsrc 0x0001e000 0x00000418 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1.08
.reloc 0x0001f000 0x0000160a 0x00002000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 3.92

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x0001e060 0x000003b8 LANG_ENGLISH SUBLANG_ENGLISH_US 3.39 COM executable for DOS

导入

库: KERNEL32.dll:
0x1000a07c GlobalFree
0x1000a080 GlobalSize
0x1000a084 DeleteFileA
0x1000a088 CreateFileA
0x1000a08c WriteFile
0x1000a090 CloseHandle
0x1000a094 GlobalAlloc
0x1000a098 GetSystemTime
0x1000a09c lstrcpyA
0x1000a0a0 lstrcatA
0x1000a0a4 lstrlenA
0x1000a0a8 GetCommandLineA
0x1000a0ac GetVersion
0x1000a0b0 HeapFree
0x1000a0b4 HeapAlloc
0x1000a0b8 GetProcAddress
0x1000a0bc GetModuleHandleA
0x1000a0c0 ExitProcess
0x1000a0c4 TerminateProcess
0x1000a0c8 GetCurrentProcess
0x1000a0cc GetCurrentThreadId
0x1000a0d0 TlsSetValue
0x1000a0d4 TlsAlloc
0x1000a0d8 TlsFree
0x1000a0dc TlsGetValue
0x1000a0e0 SetHandleCount
0x1000a0e4 GetStdHandle
0x1000a0e8 GetFileType
0x1000a0ec GetStartupInfoA
0x1000a0f0 DeleteCriticalSection
0x1000a0f4 GetModuleFileNameA
0x1000a100 WideCharToMultiByte
0x1000a104 GetEnvironmentStrings
0x1000a108 GetEnvironmentStringsW
0x1000a10c HeapDestroy
0x1000a110 HeapCreate
0x1000a114 VirtualFree
0x1000a11c EnterCriticalSection
0x1000a120 LeaveCriticalSection
0x1000a124 VirtualAlloc
0x1000a128 HeapReAlloc
0x1000a12c InterlockedDecrement
0x1000a130 InterlockedIncrement
0x1000a134 GetCPInfo
0x1000a138 GetACP
0x1000a13c GetOEMCP
0x1000a140 LoadLibraryA
0x1000a144 MultiByteToWideChar
0x1000a148 GetStringTypeA
0x1000a14c GetStringTypeW
0x1000a150 LCMapStringA
0x1000a154 LCMapStringW
0x1000a158 RtlUnwind
库: USER32.dll:
0x1000a160 GetDesktopWindow
0x1000a164 OpenClipboard
0x1000a168 EmptyClipboard
0x1000a16c SetClipboardData
0x1000a170 CloseClipboard
0x1000a174 GetDC
0x1000a178 ReleaseDC
0x1000a17c MessageBoxA
0x1000a180 FillRect
库: GDI32.dll:
0x1000a018 CreateCompatibleDC
0x1000a01c CreateCompatibleBitmap
0x1000a020 DeleteDC
0x1000a024 CreateMetaFileA
0x1000a028 CloseMetaFile
0x1000a02c GetMetaFileBitsEx
0x1000a030 DeleteMetaFile
0x1000a034 CreateEnhMetaFileA
0x1000a038 SetWindowExtEx
0x1000a03c SetWindowOrgEx
0x1000a040 CloseEnhMetaFile
0x1000a044 GetDIBits
0x1000a048 SetMapMode
0x1000a04c CreateFontIndirectA
0x1000a050 SelectObject
0x1000a054 LineTo
0x1000a058 MoveToEx
0x1000a05c ExtTextOutA
0x1000a060 SetTextColor
0x1000a064 SetTextAlign
0x1000a068 SetBkColor
0x1000a06c DeleteObject
0x1000a070 GetDeviceCaps
0x1000a074 CreateSolidBrush
库: ADVAPI32.dll:
0x1000a000 RegQueryValueExA
0x1000a004 RegOpenKeyExA
0x1000a008 RegSetValueExA
0x1000a00c RegCreateKeyExA
0x1000a010 RegCloseKey

导出

序列 地址 名称
13 0x10004b50 QRAppearance
4 0x10004b00 QRConfigure
1 0x10004620 QRCopyToClipboard
12 0x10004eb0 QRGetActualRC
11 0x10004c90 QRGetActualSize
14 0x10004ff0 QRGetPatternData
10 0x100040c0 QRRender
3 0x10004880 QRSaveAsBMP
2 0x100046d0 QRSaveAsWMF
5 0x10004bb0 QRSetBackColor
6 0x10004c20 QRSetBarColor
7 0x10004a30 QRSetDefault
8 0x10004ae0 QRSetMessage
9 0x10004aa0 QRSetSize
.text
`.rdata
@.data
SBlock
.rsrc
@.reloc
|(f=(
|9f=(
SVWUj
GAIsProcessorFeaturePresent
KERNEL32
e+000
runtime error
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
lstrlenA
lstrcatA
lstrcpyA
GetSystemTime
GlobalAlloc
CloseHandle
WriteFile
CreateFileA
DeleteFileA
GlobalSize
GlobalFree
KERNEL32.dll
FillRect
MessageBoxA
ReleaseDC
GetDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetDesktopWindow
USER32.dll
LineTo
MoveToEx
ExtTextOutA
SetTextColor
SetTextAlign
SetBkColor
DeleteObject
GetDeviceCaps
CreateSolidBrush
SelectObject
CreateFontIndirectA
SetMapMode
GetDIBits
CloseEnhMetaFile
SetWindowOrgEx
SetWindowExtEx
CreateEnhMetaFileA
DeleteMetaFile
GetMetaFileBitsEx
CloseMetaFile
CreateMetaFileA
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
GDI32.dll
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
ADVAPI32.dll
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
RtlUnwind
QRCodeWin32.dll
QRAppearance
QRConfigure
QRCopyToClipboard
QRGetActualRC
QRGetActualSize
QRGetPatternData
QRRender
QRSaveAsBMP
QRSaveAsWMF
QRSetBackColor
QRSetBarColor
QRSetDefault
QRSetMessage
QRSetSize
MW6 QRCode Win32 DLL trial version expired, please buy the full version
Message
MW6 Demo
MW6 DEMO
System Data\Speaker DL
>6?P?a?~?
$5(54585@5D5
<`=d=
VS_VERSION_INFO
StringFileInfo
040904b0
Comments
QRCode Win32 DLL
CompanyName
MW6 Technologies, Inc.
FileDescription
QRCode Win32 DLL
FileVersion
4, 0, 0, 1
InternalName
QRCode Win32 DLL
LegalCopyright
MW6 Technologies, Inc.
LegalTrademarks
OriginalFilename
QRCode Win32 DLL
PrivateBuild
ProductName
QRCode Win32 DLL
ProductVersion
4, 0, 0, 1
SpecialBuild
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树


rundll32.exe, PID: 2600, 上一级进程 PID: 2256

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.192.228.78 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.192.228.78 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 18.62 seconds )

  • 15.206 Suricata
  • 1.176 NetworkAnalysis
  • 0.932 Static
  • 0.704 peid
  • 0.401 TargetInfo
  • 0.132 Memory
  • 0.035 BehaviorAnalysis
  • 0.023 AnalysisInfo
  • 0.01 Strings
  • 0.001 config_decoder

Signatures ( 1.833 seconds )

  • 1.681 proprietary_url_bl
  • 0.031 proprietary_domain_bl
  • 0.013 antiav_detectreg
  • 0.009 ransomware_extensions
  • 0.009 ransomware_files
  • 0.008 geodo_banking_trojan
  • 0.008 network_http
  • 0.006 anomaly_persistence_autorun
  • 0.006 antiav_detectfile
  • 0.006 infostealer_ftp
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.003 antianalysis_detectreg
  • 0.003 disables_browser_warn
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antivm_vbox_files
  • 0.002 banker_zeus_mutex
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 infostealer_mail
  • 0.002 proprietary_bad_drop
  • 0.002 network_cnc_http
  • 0.001 stealth_decoy_document
  • 0.001 api_spamming
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 cerber_behavior
  • 0.001 stealth_timeout
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_athenahttp
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 disables_system_restore
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_mismatch_mime_extension
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.579 seconds )

  • 0.573 ReportHTMLSummary
  • 0.006 Malheur
Task ID 764072
Mongo ID 674a0c1a7e769a640142f471
Cuckoo release 1.4-Maldun