分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2018-07-04 00:54:22 | 2018-07-04 00:56:44 | 142 秒 |
文件名 | 乱世0704.exe |
---|---|
文件大小 | 8458240 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 7ddfeecb62925700e40f9f9ceb5aed1b |
SHA1 | e7fb372d18a38f137096e72a6b3dddbbf902b46f |
SHA256 | bff799322df6770dbdef7ffbcf7c3f9333527a36d218c256f6cc5e5bcf5deed1 |
SHA512 | a46d6285ff609d1440847a26de8849026bbd5e906d4ec7fa708acd9e3f68de17fce2fc1f228e69eabb9a43495b236adfe47f434088b079f50eaf4d1d9a8504e9 |
CRC32 | F3790AEB |
Ssdeep | 196608:FND60TK3LxBuMYNLLfU8pzs5PSglM0LNPy8DpZ+C22:XlTKqPNfc89s5PSgxLcypr22 |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0048be86 |
声明校验值 | 0x00000000 |
实际校验值 | 0x008113cc |
最低操作系统版本要求 | 4.0 |
编译时间 | 2018-07-03 19:35:34 |
载入哈希 | 2b1044c303653d8817face314fba5982 |
图标 | |
图标精确哈希值 | dbabcfb1201512b755fb8c7826c706de |
图标相似性哈希值 | 89f46faa6f05fa62730e8fee39f7f7d0 |
LegalCopyright | |
---|---|
FileVersion | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000aa5fa | 0x000ab000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.63 |
.rdata | 0x000ac000 | 0x0074278a | 0x00743000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.96 |
.data | 0x007ef000 | 0x0004330a | 0x0001c000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.98 |
.rsrc | 0x00833000 | 0x00005f10 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.30 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x00833bc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x00833bc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x00833bc0 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
RT_CURSOR | 0x008340b0 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x008340b0 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x008340b0 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x008340b0 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x008357b8 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_ICON | 0x00835d0c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.65 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4279972420, next used block 4279381824 |
RT_ICON | 0x00835d0c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.65 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4279972420, next used block 4279381824 |
RT_ICON | 0x00835d0c | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.65 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4279972420, next used block 4279381824 |
RT_MENU | 0x00836dc0 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_MENU | 0x00836dc0 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00838008 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x00838a50 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_GROUP_CURSOR | 0x00838a9c | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00838a9c | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00838a9c | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x00838ae8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00838ae8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00838ae8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x00838afc | 0x00000244 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.82 | data |
RT_MANIFEST | 0x00838d40 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
无主机纪录.
无TCP连接纪录.
无UDP连接纪录.
无域名信息.
无TCP连接纪录.
无UDP连接纪录.
未发现HTTP请求.
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
文件名 | eylogin.dll |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\eylogin.dll
|
文件大小 | 2242560 字节 |
文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
MD5 | 3bdb92b38bdc6a5702ec1454534d0951 |
SHA1 | 9276b0c8de889744fcdf34e7c81e158830b8bcbb |
SHA256 | 25ba0f3a0f6ddb0e9b0078640a8a2a2bf7e8948e0579d2080379debc8a272681 |
CRC32 | E0CFBC8C |
Ssdeep | 49152:TFaPO+wdxES1YkPLCenZ05J8bIKSQ9uiij4DoUp5Z6ZsuVxzVYyIJaczFwx:TMGLd51YkPu4cJMGBj4DhDZANxBYts |
魔盾安全分析结果 | 10.0 分析时间:2018-05-19 13:45:37 查看分析报告 |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 168166 |
---|---|
Mongo ID | 5b3baaf2bb7d5748890595f6 |
Cuckoo release | 1.4-Maldun |