分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-12-01 03:09:38 2024-12-01 03:10:22 44 秒

魔盾分数

6.025

危险的

文件详细信息

文件名 boot.exe
文件大小 48640 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 fede2c1b01dac4a9438aeabd21f78b62
SHA1 a3450149f491b07bff5061041a75ef6afe98f43f
SHA256 491e03232085c95ade4c6df10da3c016664240ec2bc67af92653287157fe4899
SHA512 0a1aece7d8eee8be1b971c1c4000d6c21e7040bf4baadd82c826cf155ca365523b00536eea2e1c84cde704b718719b0c353d61cdce3fefe5a236636ad94e2b6c
CRC32 13977A30
Ssdeep 768:MbWUuFvEOD+PzVui+10Rgg+LBvEgs/v5SVF7yjmDB5kc4529w:FGy+Pfv+LJExv0yjmDB5k5yw
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00402088
声明校验值 0x0000dd50
实际校验值 0x0000dd50
最低操作系统版本要求 5.0
编译时间 2023-08-15 10:02:53
载入哈希 ae823b0982311dc67b1bede1a2c2b2d4

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000071e4 0x00007200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x00009000 0x0000224c 0x00002400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.43
.data 0x0000c000 0x000017fc 0x00000e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.29
.rsrc 0x0000e000 0x00000634 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.51
.reloc 0x0000f000 0x00000d82 0x00000e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 4.49

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_MANIFEST 0x0000e058 0x000005dc LANG_ENGLISH SUBLANG_ENGLISH_US 5.28 ASCII text, with very long lines, with CRLF line terminators

导入

库: KERNEL32.dll:
0x409028 MapViewOfFile
0x40902c UnmapViewOfFile
0x409030 GetCurrentProcess
0x409034 WaitForSingleObject
0x409038 SetEvent
0x40903c CreateRemoteThread
0x409040 ReadProcessMemory
0x409044 LocalFree
0x409048 CreateEventW
0x40904c DuplicateHandle
0x409050 WriteProcessMemory
0x409054 CloseHandle
0x409058 LocalSize
0x409060 GetLastError
0x409064 lstrlenW
0x409068 CreateFileW
0x40906c ReadFile
0x409070 FormatMessageW
0x409074 CreateFileMappingW
0x409078 CreateMutexW
0x40907c HeapSize
0x409080 GetCommandLineA
0x409084 GetStartupInfoA
0x409088 TerminateProcess
0x409094 IsDebuggerPresent
0x409098 GetCPInfo
0x4090a4 GetACP
0x4090a8 GetOEMCP
0x4090ac IsValidCodePage
0x4090b0 GetModuleHandleW
0x4090b4 GetProcAddress
0x4090b8 TlsGetValue
0x4090bc TlsAlloc
0x4090c0 TlsSetValue
0x4090c4 TlsFree
0x4090c8 SetLastError
0x4090cc GetCurrentThreadId
0x4090d0 Sleep
0x4090d4 ExitProcess
0x4090d8 WriteFile
0x4090dc GetStdHandle
0x4090e0 GetModuleFileNameA
0x4090f0 WideCharToMultiByte
0x4090f8 SetHandleCount
0x4090fc GetFileType
0x409104 HeapCreate
0x409108 VirtualFree
0x40910c HeapFree
0x409114 GetTickCount
0x409118 GetCurrentProcessId
0x409120 LCMapStringA
0x409124 MultiByteToWideChar
0x409128 LCMapStringW
0x40912c GetStringTypeA
0x409130 GetStringTypeW
0x40913c GetLocaleInfoA
0x409140 LoadLibraryA
0x409148 HeapAlloc
0x40914c VirtualAlloc
0x409150 HeapReAlloc
0x409154 RtlUnwind
库: USER32.dll:
0x409164 MessageBoxW
0x409168 WaitForInputIdle
库: ADVAPI32.dll:
0x409000 RegOpenKeyExW
0x409004 RegQueryValueExW
0x409008 CryptHashData
0x40900c CryptDestroyHash
0x409010 CryptCreateHash
0x409014 CryptReleaseContext
0x40901c CryptGetHashParam
0x409020 RegCloseKey
库: SHELL32.dll:
0x40915c ShellExecuteExW

.text
`.rdata
@.data
.rsrc
@.reloc
YQPVh
uBh{B@
URPQQhXl@
SVWUj
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
runtime error
Microsoft Visual C++ Runtime Library
<program name unknown>
Program:
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
0123456789abcdef
4c9e112e20469bf580befeda0ced90bd
Nckg0Y0
0k01YWeW0~0W0_0
\U0Y0N0~0Y0
bk01YWeW0~0W0_0
k01YWeW0~0W0_0[
k01YWeW0~0W0_0[
Pk01YWeW0~0W0_0
Rk01YWeW0~0W0_0
k01YWeW0~0W0_0
0k01YWeW0~0W0_0
CreateMutexW
FormatMessageW
ReadFile
CreateFileW
lstrlenW
GetLastError
GetCurrentDirectoryW
LocalSize
CloseHandle
LocalFree
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
WaitForSingleObject
SetEvent
CreateRemoteThread
ReadProcessMemory
CreateFileMappingW
CreateEventW
DuplicateHandle
WriteProcessMemory
KERNEL32.dll
MessageBoxW
WaitForInputIdle
USER32.dll
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ShellExecuteExW
SHELL32.dll
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
</asmv3:application></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
?K?X?
KERNEL32.DLL
mscoree.dll
path: [
BSPDL_062
SNSKdl.exe
BSPDL_062_MONITOR
BSPDL_062_MONITORQUIT
BSPDL_062_MEMFILE
BSPDL_062_MONITORSYNC
BSPDL_062_MONITORSYNC2
DataPath
<current dir>
exe: [
<unknown application>
没有防病毒引擎扫描信息!

进程树


boot.exe, PID: 2560, 上一级进程 PID: 2200

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.67.33.135 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.67.33.135 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 16.731 seconds )

  • 14.064 Suricata
  • 1.072 NetworkAnalysis
  • 0.557 Static
  • 0.479 TargetInfo
  • 0.453 peid
  • 0.076 BehaviorAnalysis
  • 0.012 AnalysisInfo
  • 0.012 Strings
  • 0.006 Memory

Signatures ( 1.489 seconds )

  • 1.361 proprietary_url_bl
  • 0.022 proprietary_domain_bl
  • 0.019 antiav_detectreg
  • 0.008 antiav_detectfile
  • 0.008 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 infostealer_im
  • 0.004 api_spamming
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 stealth_decoy_document
  • 0.003 rat_nanocore
  • 0.003 stealth_timeout
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 kibex_behavior
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 network_tor
  • 0.001 betabot_behavior
  • 0.001 kazybot_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_mismatch_mime_extension
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.589 seconds )

  • 0.58 ReportHTMLSummary
  • 0.009 Malheur
Task ID 764229
Mongo ID 674b633b7e769a640442ed22
Cuckoo release 1.4-Maldun