分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-11-30 20:27:07 | 2024-11-30 20:27:47 | 40 秒 |
文件名 | msvcrt.dll |
---|---|
文件大小 | 1829376 字节 |
文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
MD5 | 155306ee830baca940531a548728bb39 |
SHA1 | 59fd3bb39fd92cf2807ce38768c98ae174d59424 |
SHA256 | c313bcc98f7366ce9f450d0a5d699b417d09a49e267587e88b0b961569a42e69 |
SHA512 | 4561336ef1ef381728325d472df64a39ea94457de6f9da0bef19f1ee23c2577c8be38308ec28914b8c300da0817ad9b03e3a8c0ec63463eb22cb24519493c459 |
CRC32 | DA10DB56 |
Ssdeep | 49152:KQqyk2i4D7nFlUvVEQseyzFU7a3S7EQJi//9Y6wp1B9z:KQNk2ig7FlAEQseyz81Ji//9Y6wp |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x10000000 |
---|---|
入口地址 | 0x101249fb |
声明校验值 | 0x00000000 |
实际校验值 | 0x001c7edf |
最低操作系统版本要求 | 5.1 |
PDB路径 | C:\Work\HITCTF\2024\SNAKE\DLL\msvcrt\Release\msvcrt.pdb |
编译时间 | 2024-10-30 17:18:20 |
载入哈希 | 1808929d0e07bf4b4789dbed7094a700 |
导出DLL库名称 | msvcrt.dll |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0014e8a5 | 0x0014ea00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.56 |
.rdata | 0x00150000 | 0x0004aa66 | 0x0004ac00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.52 |
.data | 0x0019b000 | 0x0000afb0 | 0x00005000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.89 |
.tls | 0x001a6000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.02 |
.rsrc | 0x001a7000 | 0x00003168 | 0x00003200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.31 |
.reloc | 0x001ab000 | 0x0001ca24 | 0x0001cc00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.49 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_CURSOR | 0x001a9018 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.23 | data |
RT_BITMAP | 0x001a9340 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001a9340 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_DIALOG | 0x001a9250 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.38 | data |
RT_DIALOG | 0x001a9250 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.38 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_STRING | 0x001a9d98 | 0x000001a8 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.05 | data |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x001a9150 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_VERSION | 0x001a7a20 | 0x000002d0 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.64 | data |
RT_MANIFEST | 0x001a9f40 | 0x00000224 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.04 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
序列 | 地址 | 名称 |
---|---|---|
1 | 0x10007820 | _abort |
2 | 0x10007830 | _abs |
3 | 0x10007830 | _acos |
4 | 0x10007830 | _asctime |
5 | 0x10007830 | _asin |
6 | 0x10007830 | _atan |
7 | 0x10007830 | _atan2 |
8 | 0x10007830 | _atexit |
9 | 0x10007830 | _atof |
10 | 0x10007830 | _atoi |
11 | 0x10007830 | _atol |
12 | 0x10007830 | _bsearch |
13 | 0x10007830 | _calloc |
14 | 0x10007830 | _ceil |
15 | 0x10007830 | _clearerr |
16 | 0x10007840 | _clock |
17 | 0x10007830 | _cos |
18 | 0x10007830 | _cosh |
19 | 0x10007830 | _ctime |
20 | 0x10007830 | _difftime |
21 | 0x10007830 | _div |
22 | 0x10007830 | _exp |
23 | 0x10007830 | _fabs |
24 | 0x10007830 | _fclose |
25 | 0x10007830 | _feof |
26 | 0x10007830 | _ferror |
27 | 0x10007830 | _fflush |
28 | 0x10007830 | _fgetc |
29 | 0x10007830 | _fgetpos |
30 | 0x10007830 | _fgets |
31 | 0x10007830 | _fgetwc |
32 | 0x10007830 | _fgetws |
33 | 0x10007830 | _floor |
34 | 0x10007830 | _fmod |
35 | 0x10007830 | _fopen |
36 | 0x10007830 | _fprintf |
37 | 0x10007830 | _fputc |
38 | 0x10007830 | _fputs |
39 | 0x10007830 | _fputwc |
40 | 0x10007830 | _fputws |
41 | 0x10007830 | _fread |
42 | 0x10007830 | _free |
43 | 0x10007830 | _freopen |
44 | 0x10007830 | _frexp |
45 | 0x10007830 | _fscanf |
46 | 0x10007830 | _fseek |
47 | 0x10007830 | _fsetpos |
48 | 0x10007830 | _ftell |
49 | 0x10007830 | _fwprintf |
50 | 0x10007830 | _fwrite |
51 | 0x10007830 | _fwscanf |
52 | 0x10007830 | _getc |
53 | 0x10007850 | _getchar |
54 | 0x10007830 | _getenv |
55 | 0x10007830 | _gets |
56 | 0x10007830 | _getwc |
57 | 0x10007830 | _getwchar |
58 | 0x10007830 | _gmtime |
59 | 0x10007830 | _is |
60 | 0x10007830 | _isalnum |
61 | 0x10007830 | _isalpha |
62 | 0x10007830 | _iscntrl |
63 | 0x10007830 | _isdigit |
64 | 0x10007830 | _isgraph |
65 | 0x10007830 | _isleadbyte |
66 | 0x10007830 | _islower |
67 | 0x10007830 | _isprint |
68 | 0x10007830 | _ispunct |
69 | 0x10007830 | _isspace |
70 | 0x10007830 | _isupper |
71 | 0x10007830 | _iswalnum |
72 | 0x10007830 | _iswalpha |
73 | 0x10007830 | _iswascii |
74 | 0x10007830 | _iswcntrl |
75 | 0x10007830 | _iswctype |
76 | 0x10007830 | _iswdigit |
77 | 0x10007830 | _iswgraph |
78 | 0x10007830 | _iswlower |
79 | 0x10007830 | _iswprint |
80 | 0x10007830 | _iswpunct |
81 | 0x10007830 | _iswspace |
82 | 0x10007830 | _iswupper |
83 | 0x10007830 | _iswxdigit |
84 | 0x10007830 | _isxdigit |
85 | 0x10007810 | _kbhit |
86 | 0x10007830 | _labs |
87 | 0x10007830 | _ldiv |
88 | 0x10007860 | _localeconv |
89 | 0x10007830 | _localtime |
90 | 0x10007830 | _log |
91 | 0x10007830 | _log10 |
92 | 0x10007830 | _longjmp |
93 | 0x10007830 | _malloc |
94 | 0x10007830 | _mblen |
95 | 0x10007830 | _mbstowcs |
96 | 0x10007830 | _mbtowc |
97 | 0x10007830 | _memchr |
98 | 0x10007830 | _memcmp |
99 | 0x10007830 | _memcpy |
100 | 0x10007830 | _memmove |
101 | 0x10007830 | _memset |
102 | 0x10007830 | _mktime |
103 | 0x10007830 | _modf |
104 | 0x10007830 | _perror |
105 | 0x10007830 | _pow |
106 | 0x10007830 | _printf |
107 | 0x10007830 | _putc |
108 | 0x10007830 | _putchar |
109 | 0x10007830 | _puts |
110 | 0x10007830 | _putwc |
111 | 0x10007830 | _putwchar |
112 | 0x10007830 | _qsort |
113 | 0x10007830 | _raise |
114 | 0x10007820 | _rand |
115 | 0x10007830 | _realloc |
116 | 0x10007830 | _remove |
117 | 0x10007830 | _rename |
118 | 0x10007830 | _rewind |
119 | 0x10007830 | _scanf |
120 | 0x10007830 | _setbuf |
121 | 0x10007830 | _setlocale |
122 | 0x10007830 | _setvbuf |
123 | 0x10007830 | _signal |
124 | 0x10007830 | _sin |
125 | 0x10007830 | _sinh |
126 | 0x10007830 | _sprintf |
127 | 0x10007830 | _sqrt |
128 | 0x10007830 | _srand |
129 | 0x10007830 | _sscanf |
130 | 0x10007830 | _strcat |
131 | 0x10007830 | _strchr |
132 | 0x10007830 | _strcmp |
133 | 0x10007830 | _strcoll |
134 | 0x10007830 | _strcpy |
135 | 0x10007830 | _strcspn |
136 | 0x10007830 | _strftime |
137 | 0x10007830 | _strlen |
138 | 0x10007830 | _strncat |
139 | 0x10007830 | _strncmp |
140 | 0x10007830 | _strncpy |
141 | 0x10007830 | _strpbrk |
142 | 0x10007830 | _strrchr |
143 | 0x10007830 | _strspn |
144 | 0x10007830 | _strstr |
145 | 0x10007830 | _strtod |
146 | 0x10007830 | _strtok |
147 | 0x10007830 | _strtol |
148 | 0x10007830 | _strtoul |
149 | 0x10007830 | _strxfrm |
150 | 0x10007830 | _swscanf |
151 | 0x10007830 | _system |
152 | 0x10007830 | _tan |
153 | 0x10007830 | _tanh |
154 | 0x10007830 | _time |
155 | 0x10007830 | _tmpfile |
156 | 0x10007830 | _tmpnam |
157 | 0x10007830 | _towlower |
158 | 0x10007830 | _towupper |
159 | 0x10007830 | _ungetc |
160 | 0x10007830 | _ungetwc |
161 | 0x10007830 | _vfprintf |
162 | 0x10007830 | _vfwprintf |
163 | 0x10007830 | _wcscat |
164 | 0x10007830 | _wcschr |
165 | 0x10007830 | _wcscmp |
166 | 0x10007830 | _wcscoll |
167 | 0x10007830 | _wcscpy |
168 | 0x10007830 | _wcscspn |
169 | 0x10007830 | _wcsftime |
170 | 0x10007830 | _wcslen |
171 | 0x10007830 | _wcsncat |
172 | 0x10007830 | _wcsncmp |
173 | 0x10007830 | _wcsncpy |
174 | 0x10007830 | _wcspbrk |
175 | 0x10007830 | _wcsrchr |
176 | 0x10007830 | _wcsspn |
177 | 0x10007830 | _wcsstr |
178 | 0x10007830 | _wcstod |
179 | 0x10007830 | _wcstol |
180 | 0x10007830 | _wcstombs |
181 | 0x10007830 | _wcstoul |
182 | 0x10007830 | _wcsxfrm |
183 | 0x10007830 | _wctomb |
184 | 0x10007830 | _wprintf |
185 | 0x10007830 | _wscanf |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 23.56.4.24 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
无域名信息.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 23.56.4.24 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 764194 |
---|---|
Mongo ID | 674b04e57e769a640342e446 |
Cuckoo release | 1.4-Maldun |