分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp03-1 | 2018-07-20 21:58:48 | 2018-07-20 22:01:16 | 148 秒 |
魔盾分数
1.35
正常的
文件详细信息
| 文件名 | [JJS].exe |
|---|---|
| 文件大小 | 3764224 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | e72c5454308b1ed6bbcdadcbe8a2c756 |
| SHA1 | b6ebf18450f1531a88c32168ba7660b25f1bd188 |
| SHA256 | e3d4878131f45f86164f0102d70c536eeba3e2f0de7ed8553165b15cb8c83a15 |
| SHA512 | df2f9540ff8e62980b4c9659c69a1b3650ef8cc6e5643418c029bb1b3532b2f6ecb172f90301c164a8e2bf6e0808a9814a5ef61e55c61f8753b621c1fdbb0260 |
| CRC32 | 9A3F3741 |
| Ssdeep | 98304:+N/9c8Sz4dH4gt1qjDC4zpbo2fR5GwXMMOsXsvY1RKtziV43EXIeDaKa6eqzxVyn:+168U47SE2/GwXZzKl3OSgCS4W |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x008253d0 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0039aedc |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2018-07-20 21:41:32 |
| 载入哈希 | ee17fba9b660218d822a78ed044014d7 |
| 图标 |  |
| 图标精确哈希值 | 452103e1f79bc7636f37556730eb872c |
| 图标相似性哈希值 | 1620876eeaaf5d13274022881c83d12d |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PEiD 规则
| [u'UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser'] |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| UPX0 | 0x00001000 | 0x0009f000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| UPX1 | 0x000a0000 | 0x00386000 | 0x00385600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.79 |
| .rsrc | 0x00426000 | 0x00012000 | 0x00011600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.55 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x0040f6e8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.09 | data |
| TEXTINCLUDE | 0x0040f6e8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.09 | data |
| TEXTINCLUDE | 0x0040f6e8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.09 | data |
| WAVE | 0x0040f83c | 0x00001448 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.70 | data |
| RT_CURSOR | 0x00411208 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.98 | data |
| RT_CURSOR | 0x00411208 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.98 | data |
| RT_CURSOR | 0x00411208 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.98 | data |
| RT_CURSOR | 0x00411208 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.98 | data |
| RT_CURSOR | 0x00411208 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.98 | data |
| RT_CURSOR | 0x00411208 | 0x00000134 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.98 | data |
| RT_BITMAP | 0x0041133c | 0x0000016c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.21 | data |
| RT_ICON | 0x004266c8 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.58 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x004266c8 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.58 | dBase III DBT, version number 0, next free block index 40 |
| RT_ICON | 0x004266c8 | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.58 | dBase III DBT, version number 0, next free block index 40 |
| RT_DIALOG | 0x00422bfc | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.93 | data |
| RT_DIALOG | 0x00422bfc | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.93 | data |
| RT_DIALOG | 0x00422bfc | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.93 | data |
| RT_DIALOG | 0x00422bfc | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.93 | data |
| RT_DIALOG | 0x00422bfc | 0x000000b2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.93 | data |
| RT_GROUP_CURSOR | 0x00422d00 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.03 | data |
| RT_GROUP_CURSOR | 0x00422d00 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.03 | data |
| RT_GROUP_CURSOR | 0x00422d00 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.03 | data |
| RT_GROUP_CURSOR | 0x00422d00 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.03 | data |
| RT_GROUP_CURSOR | 0x00422d00 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.03 | data |
| RT_GROUP_ICON | 0x00436ef4 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.16 | MS Windows icon resource - 1 icon, 128x128 |
| RT_VERSION | 0x00436f0c | 0x00000218 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.41 | data |
导入
库: KERNEL32.DLL:
• 0x837250 LoadLibraryA
• 0x837254 GetProcAddress
• 0x837258 VirtualProtect
• 0x83725c VirtualAlloc
• 0x837260 VirtualFree
• 0x837264 ExitProcess
库: ADVAPI32.dll:
• 0x83726c RegCloseKey
库: AVIFIL32.dll:
• 0x837274 AVIStreamInfoA
库: COMCTL32.dll:
• 0x83727c None
库: comdlg32.dll:
• 0x837284 ChooseColorA
库: GDI32.dll:
• 0x83728c DPtoLP
库: MSVFW32.dll:
• 0x837294 DrawDibDraw
库: ole32.dll:
• 0x83729c OleInitialize
库: OLEAUT32.dll:
• 0x8372a4 RegisterTypeLib
库: SHELL32.dll:
• 0x8372ac ShellExecuteA
库: USER32.dll:
• 0x8372b4 GetDC
库: WINMM.dll:
• 0x8372bc PlaySoundA
库: WINSPOOL.DRV:
• 0x8372c4 ClosePrinter
库: WS2_32.dll:
• 0x8372cc accept
.rsrc
!)RO]
.tmfm
ILAl=
oIxjH9/
$q6O$20Wz
? rkpKL
Z%}_i
Q=tsb
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 25.802 seconds )
- 11.21 VirusTotal
- 7.189 Suricata
- 3.679 TargetInfo
- 2.435 Static
- 0.401 AnalysisInfo
- 0.371 peid
- 0.237 BehaviorAnalysis
- 0.231 NetworkAnalysis
- 0.03 Debug
- 0.01 Strings
- 0.006 config_decoder
- 0.003 Memory
Signatures ( 0.363 seconds )
- 0.167 md_bad_drop
- 0.022 antiav_detectreg
- 0.022 md_url_bl
- 0.012 md_domain_bl
- 0.01 stealth_timeout
- 0.009 infostealer_ftp
- 0.008 antiemu_wine_func
- 0.008 ransomware_files
- 0.007 api_spamming
- 0.007 decoy_document
- 0.007 ransomware_extensions
- 0.006 persistence_autorun
- 0.006 kovter_behavior
- 0.006 antiav_detectfile
- 0.006 infostealer_im
- 0.005 infostealer_browser_password
- 0.005 antianalysis_detectreg
- 0.004 infostealer_bitcoin
- 0.004 infostealer_mail
- 0.003 antidbg_windows
- 0.003 antivm_vbox_files
- 0.003 disables_browser_warn
- 0.002 rat_nanocore
- 0.002 tinba_behavior
- 0.002 antivm_vbox_libs
- 0.002 cerber_behavior
- 0.002 geodo_banking_trojan
- 0.002 browser_security
- 0.001 antiav_avast_libs
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 exec_crash
- 0.001 antivm_generic_disk
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 modify_proxy
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 office_security
- 0.001 ransomware_radamant
- 0.001 rat_pcclient
- 0.001 rat_spynet
- 0.001 recon_fingerprint
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
Reporting ( 0.942 seconds )
- 0.503 ReportHTMLSummary
- 0.439 Malheur
| Task ID | 171275 |
|---|---|
| Mongo ID | 5b51eb4ea093ef56fdea53e8 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号