分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-2 2024-11-30 20:32:00 2024-11-30 20:32:33 33 秒

魔盾分数

3.75

可疑的

文件详细信息

文件名 ttsEdge_52pj.exe
文件大小 833536 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 beb6faafbbad73a4a21bef38a333015c
SHA1 ddd70146fc1882f63703db1671036a23dcda595b
SHA256 4f65965961995f3244079b22e9b3ab109c2c26803f7bccf91e6e6f444c959181
SHA512 9636194cf7853fa49b181d5973d1d57c1bd55e8656e3c40d39a686ad810aa14e44f503351b75b1e183eb6472124457db1b7d66492a9895aa4b8d82b025173aab
CRC32 07DD32CD
Ssdeep 12288:D+/ZmJJ/4ZfNPvM2/BFwsNGjV5XyQsZhy8PxlnK8Vyinuagt/yYpTRP7+ZqKD9x3:umPOFwj5zotK8VyiueYxFGDOC
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00410876
声明校验值 0x00000000
实际校验值 0x000cf5ca
最低操作系统版本要求 6.0
编译时间 2023-04-16 18:09:33
载入哈希 a2f59d3024e924bf1ac77501e2dcffbb
图标
图标精确哈希值 47564e927dd64eeeec112cecbc23e4b5
图标相似性哈希值 95141d64730e3a73380f0de2df070a05

版本信息

LegalCopyright
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000135e1 0x00013600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.02
.rdata 0x00015000 0x000a8a64 0x000a8c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.84
.data 0x000be000 0x00000bf0 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.92
.rsrc 0x000bf000 0x0000ab98 0x0000ac00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.80
.reloc 0x000ca000 0x00003bc8 0x00003c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.67

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x000bf150 0x0000a566 LANG_ENGLISH SUBLANG_ENGLISH_US 7.84 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_GROUP_ICON 0x000c96b8 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 1.52 MS Windows icon resource - 1 icon, 256x256
RT_VERSION 0x000c96d0 0x00000234 LANG_ENGLISH SUBLANG_ENGLISH_US 3.27 data
RT_MANIFEST 0x000c9908 0x00000289 LANG_ENGLISH SUBLANG_ENGLISH_US 5.06 XML 1.0 document text

导入

库: Qt5Multimedia.dll:
库: Qt5Widgets.dll:
0x41564c ??1QAction@@UAE@XZ
0x415658 ??1QMenu@@UAE@XZ
0x4156f8 ??1QFrame@@UAE@XZ
0x4157f4 ??1QSpinBox@@UAE@XZ
0x4158a8 ??1QSlider@@UAE@XZ
0x4159e0 ??1QMenuBar@@UAE@XZ
0x415a74 ??1QLabel@@UAE@XZ
0x415c58 ??1QWidget@@UAE@XZ
库: Qt5Gui.dll:
0x4153c0 ??1QBrush@@QAE@XZ
0x4153f8 ??0QCursor@@QAE@XZ
0x4153fc ??1QCursor@@QAE@XZ
0x415404 ??0QIcon@@QAE@XZ
0x415408 ??1QIcon@@QAE@XZ
0x415448 ??1QFont@@QAE@XZ
0x415468 ??1QPainter@@QAE@XZ
0x41547c ??1QMovie@@UAE@XZ
库: Qt5Core.dll:
0x415090 ??1QProcess@@UAE@XZ
0x4150a8 ??0QString@@QAE@XZ
0x4150ac ??0QSize@@QAE@HH@Z
0x4150dc ??1QString@@QAE@XZ
0x415214 ??1QDir@@QAE@XZ
0x415250 ??1QFile@@UAE@XZ
0x415260 ??1QThread@@UAE@XZ
0x415280 ??1QUrl@@QAE@XZ
0x415284 ??0QVariant@@QAE@XZ
0x4152a4 ??1QTimer@@UAE@XZ
0x4152c0 ??1QRegExp@@QAE@XZ
0x4152c8 ??0QRegExp@@QAE@XZ
0x415304 ??1QObject@@UAE@XZ
0x415354 ??1QVariant@@QAE@XZ
0x415388 ?qBadAlloc@@YAXXZ
库: KERNEL32.dll:
0x415000 WideCharToMultiByte
0x415014 SetEvent
0x415018 ResetEvent
0x415020 CreateEventW
0x415024 GetModuleHandleW
0x415028 GetProcAddress
0x415034 GetCurrentProcess
0x415038 TerminateProcess
0x415040 IsDebuggerPresent
0x415044 GetStartupInfoW
0x41504c GetCurrentProcessId
0x415050 GetCurrentThreadId
0x415058 InitializeSListHead
0x41505c GetCommandLineW
0x415060 LocalFree
0x415064 CloseHandle
库: VCRUNTIME140.dll:
0x415c74 memcpy
0x415c78 _CxxThrowException
0x415c7c __CxxFrameHandler3
0x415c88 memset
0x415c8c __std_terminate
库: api-ms-win-crt-runtime-l1-1-0.dll:
0x415cb8 _set_app_type
0x415cbc terminate
0x415cc4 _initterm
0x415cc8 _initterm_e
0x415ccc _cexit
0x415cd0 _exit
0x415cd4 _c_exit
0x415cdc _crt_atexit
0x415ce4 _controlfp_s
0x415cec _seh_filter_exe
0x415cf8 exit
库: api-ms-win-crt-heap-l1-1-0.dll:
0x415c94 _callnewh
0x415c98 _set_new_mode
0x415c9c free
0x415ca0 malloc
库: api-ms-win-crt-math-l1-1-0.dll:
0x415cb0 __setusermatherr
库: api-ms-win-crt-stdio-l1-1-0.dll:
0x415d00 __p__commode
0x415d04 _set_fmode
库: api-ms-win-crt-locale-l1-1-0.dll:
0x415ca8 _configthreadlocale
库: SHELL32.dll:
0x415c68 CommandLineToArgvW

.text
`.rdata
@.data
.rsrc
@.reloc
verticalLayout
textBrowser
UpdateLog
</span></p></body></html>
ZanShang
label
label_2
<html><head/><body><p><img src=":/images/weixin.jpg" width="400"/></p></body></html>
About
</span></p></body></html>
MainWindow
QTabBar::tab:selected { background-color: #fff; }
centralwidget
verticalLayout_4
tabWidget
audio
horizontalLayout_2
widget
about
widget_2
updateLogTab
horizontalLayout_3
widget_4
ZanzhuTab
verticalLayout_3
widget_5
menubar
statusbar
EdgeTTS by Manson V
color:green;
server/ttsEdge_server_Manson.exe
taskkill /f /im ttsEdge_server_Manson.exe
voice
rates
volumes
write_media
write_subtitles
ttsMain
verticalLayout_2
horizontalLayout
localeSelect
voicesSelect
tryPlay
resultBtn
label_3
rateBox
label_4
volumeBox
label_5
spinBox
label_6
color:red;
textEdit
border:5px solid #fff;
playButton
jinduTiao
</p></body></html>
</p></body></html>
gender
fileName
output.mp3
MoreVoices
1checkSelect()
SELECT count(*) as num FROM sqlite_master WHERE type="table" AND name = '%1';
voices
);
SELECT count(*) as num FROM %1;
SELECT * FROM %1;
locale
DELETE FROM %1;
UPDATE sqlite_sequence SET seq = 0 WHERE name = '%1';
INSERT INTO %1 (gender,locale,name) VALUES('%2','%3','%4');
http://127.0.0.1:5000/
getVoices
ttsCommunicate
audioCombined
audio/
background:#fff;border-radius:5px;
:/loading/images/loading/loading.gif
QLabel#tips{font-size: 15px;color: #333333;}
cancelBtn
QPushButton#cancelBtn{background-color: #edeef6;border-radius: 4px;font-size: 14px;color: #333333;}QPushButton#cancelBtn::hover{background:#dcdeea}
:/images/ico.png
Microsoft YaHei
application/x-www-form-urlencoded
application/json;charset=utf-8;refere=cpp
data.db
QSQLITE
af-ZA
am-ET
ar-AE
ar-BH
ar-DZ
ar-EG
ar-IQ
ar-JO
ar-KW
ar-LB
ar-LY
ar-MA
ar-OM
ar-QA
ar-SA
ar-SY
ar-TN
ar-YE
az-AZ
bg-BG
bn-BD
bn-IN
bs-BA
ca-ES
cs-CZ
cy-GB
da-DK
de-AT
de-CH
de-DE
el-GR
en-AU
en-CA
en-GB
en-HK
en-IE
en-IN
en-KE
en-NG
en-NZ
en-PH
en-SG
en-TZ
en-US
en-ZA
es-AR
es-BO
es-CL
es-CO
es-CR
es-CU
es-DO
es-EC
es-ES
es-GQ
es-GT
es-HN
es-MX
es-NI
es-PA
es-PE
es-PR
es-PY
es-SV
es-US
es-UY
es-VE
et-EE
fa-IR
fi-FI
fil-PH
fr-BE
fr-CA
fr-CH
fr-FR
ga-IE
gl-ES
gu-IN
he-IL
hi-IN
hr-HR
hu-HU
id-ID
is-IS
it-IT
ja-JP
jv-ID
ka-GE
kk-KZ
km-KH
kn-IN
ko-KR
lo-LA
lt-LT
lv-LV
mk-MK
ml-IN
mn-MN
mr-IN
ms-MY
mt-MT
my-MM
nb-NO
ne-NP
nl-BE
nl-NL
pl-PL
ps-AF
pt-BR
pt-PT
ro-RO
ru-RU
si-LK
sk-SK
sl-SI
so-SO
sq-AL
sr-RS
su-ID
sv-SE
sw-KE
sw-TZ
ta-IN
ta-LK
ta-MY
ta-SG
te-IN
th-TH
tr-TR
uk-UA
ur-IN
ur-PK
uz-UZ
vi-VN
zh-CN
zh-CN-liaoning
zh-CN-shaanxi
zh-HK
zh-TW
zu-ZA
zh-CN-liaoning-XiaobeiNeural
zh-CN-YunyangNeural
zh-CN-YunxiaNeural
zh-CN-YunxiNeural
zh-CN-YunjianNeural
zh-CN-XiaoyiNeural
zh-CN-XiaoxiaoNeural
Female
;_:`s
iTXtXML:com.adobe.xmp
没有防病毒引擎扫描信息!

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49158 23.62.46.117 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49158 23.62.46.117 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 17.249 seconds )

  • 13.745 Suricata
  • 1.544 Static
  • 0.949 NetworkAnalysis
  • 0.473 TargetInfo
  • 0.447 peid
  • 0.055 Strings
  • 0.03 AnalysisInfo
  • 0.002 BehaviorAnalysis
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 1.623 seconds )

  • 1.492 proprietary_url_bl
  • 0.013 antiav_detectreg
  • 0.01 proprietary_domain_bl
  • 0.009 geodo_banking_trojan
  • 0.006 antiav_detectfile
  • 0.006 disables_browser_warn
  • 0.005 anomaly_persistence_autorun
  • 0.005 antianalysis_detectreg
  • 0.005 antivm_vbox_files
  • 0.005 infostealer_ftp
  • 0.004 tinba_behavior
  • 0.004 browser_security
  • 0.004 modify_proxy
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 bot_drive
  • 0.003 bot_drive2
  • 0.003 infostealer_im
  • 0.003 network_http
  • 0.002 antivm_parallels_keys
  • 0.002 banker_zeus_mutex
  • 0.002 browser_addon
  • 0.002 disables_system_restore
  • 0.002 proprietary_bad_drop
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kazybot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vmware_mutexes
  • 0.001 antivm_xen_keys
  • 0.001 bot_athenahttp
  • 0.001 disables_windows_defender
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_mismatch_mime_extension
  • 0.001 network_cnc_http

Reporting ( 0.568 seconds )

  • 0.518 ReportHTMLSummary
  • 0.05 Malheur
Task ID 764197
Mongo ID 674b06007e769a640442eafd
Cuckoo release 1.4-Maldun