分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-3 | 2019-01-12 21:23:51 | 2019-01-12 21:26:21 | 150 秒 |
魔盾分数
0.05
正常的
文件详细信息
| 文件名 | downloader.exe |
|---|---|
| 文件大小 | 20480 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | fb0d5c7a8fb1712e2f781445c97b242c |
| SHA1 | 8e3d7e224e6fd03e4eee95fc609741967f51409f |
| SHA256 | eedc7199d0acf74753850d1e36436e8037b5da05dffed0e3f37f751b4496eaa7 |
| SHA512 | 3b43c15cd1734088ea1a741ec7dc687568ee80aeb3bdc3d617b610454e0bbc240db24a84fc1f3005ac75bf26a8b59490a0cd2caf3218ca6f36a9c33dea4bb484 |
| CRC32 | 69284DE0 |
| Ssdeep | 384:fsEKhTqE/cWTlA6VPVM6e2PKso/RebMBfAC2JCptYcF6/VQ03K:5KhTlvA18edR0mtYcF6/VQ6K |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00405912 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000080d6 |
| 最低操作系统版本要求 | 4.0 |
| PDB路径 | C:\Users\dongt\Desktop\PUBG\downloader\downloader\downloader\obj\Release\downloader.pdb |
| 编译时间 | 2045-06-27 11:18:41 |
| 载入哈希 | f34d5f2d4577ed6d9ceec516c1f5a744 |
版本信息
| Translation | |
|---|---|
| LegalCopyright | |
| Assembly Version | |
| InternalName | |
| FileVersion | |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x00003918 | 0x00003a00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.72 |
| .rsrc | 0x00006000 | 0x00001024 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.76 |
| .reloc | 0x00008000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.08 |
导入
库: mscoree.dll:
• 0x402000 _CorExeMain
装载信息
| 名称 | downloader |
|---|---|
| 版本 | 1.0.0.0 |
装载参考
| 名称 | 版本 |
|---|---|
| mscorlib | 4.0.0.0 |
| System.Windows.Forms | 4.0.0.0 |
| System | 4.0.0.0 |
| System.Management | 4.0.0.0 |
| System.Core | 4.0.0.0 |
| Newtonsoft.Json | 12.0.0.0 |
| System.Web | 4.0.0.0 |
| Microsoft.CSharp | 4.0.0.0 |
| System.Drawing | 4.0.0.0 |
自定义属性
| 类型 | 名称 | 值 |
|---|---|---|
| Assembly | [mscorlib]System.Reflection.AssemblyTitleAttribute | download |
| Assembly | [mscorlib]System.Reflection.AssemblyProductAttribute | download |
| Assembly | [mscorlib]System.Reflection.AssemblyCopyrightAttribute | Copyright \xc2\xa9 20 |
| Assembly | [mscorlib]System.Runtime.InteropServices.GuidAttribute | a31c9547-1962-49bf-8268-3f85b9d4f8 |
| Assembly | [mscorlib]System.Reflection.AssemblyFileVersionAttribute | 1.0.0 |
类型参考
| 装载 | 类型名称 |
|---|---|
| Microsoft.CSharp | Microsoft.CSharp.RuntimeBinder.Binder |
| Microsoft.CSharp | Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo |
| Microsoft.CSharp | Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfoFlags |
| Microsoft.CSharp | Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags |
| Newtonsoft.Json | Newtonsoft.Json.JsonConvert |
| System | System.CodeDom.Compiler.GeneratedCodeAttribute |
| System | System.ComponentModel.EditorBrowsableAttribute |
| System | System.ComponentModel.EditorBrowsableState |
| System | System.ComponentModel.IContainer |
| System | System.Configuration.ApplicationSettingsBase |
| System | System.Configuration.SettingsBase |
| System | System.Diagnostics.Process |
| System | System.Diagnostics.ProcessStartInfo |
| System | System.Net.HttpStatusCode |
| System | System.Net.HttpWebRequest |
| System | System.Net.HttpWebResponse |
| System | System.Net.WebClient |
| System | System.Net.WebRequest |
| System | System.Net.WebResponse |
| System.Core | System.Linq.Expressions.ExpressionType |
| System.Core | System.Runtime.CompilerServices.CallSite |
| System.Core | System.Runtime.CompilerServices.CallSiteBinder |
| System.Core | System.Runtime.CompilerServices.CallSite`1 |
| System.Core | System.Runtime.CompilerServices.DynamicAttribute |
| System.Drawing | System.Drawing.Font |
| System.Drawing | System.Drawing.FontStyle |
| System.Drawing | System.Drawing.GraphicsUnit |
| System.Drawing | System.Drawing.Point |
| System.Drawing | System.Drawing.Size |
| System.Drawing | System.Drawing.SizeF |
| System.Management | System.Management.ManagementBaseObject |
| System.Management | System.Management.ManagementObject |
| System.Management | System.Management.ManagementObjectCollection |
| System.Management | System.Management.ManagementObjectCollection/ManagementObjectEnumerator |
| System.Management | System.Management.ManagementObjectSearcher |
| System.Web | System.Web.HttpUtility |
| System.Windows.Forms | System.Windows.Forms.Application |
| System.Windows.Forms | System.Windows.Forms.AutoScaleMode |
| System.Windows.Forms | System.Windows.Forms.Button |
| System.Windows.Forms | System.Windows.Forms.ButtonBase |
| System.Windows.Forms | System.Windows.Forms.ContainerControl |
| System.Windows.Forms | System.Windows.Forms.Control |
| System.Windows.Forms | System.Windows.Forms.Control/ControlCollection |
| System.Windows.Forms | System.Windows.Forms.DialogResult |
| System.Windows.Forms | System.Windows.Forms.Form |
| System.Windows.Forms | System.Windows.Forms.Label |
| System.Windows.Forms | System.Windows.Forms.MessageBox |
| System.Windows.Forms | System.Windows.Forms.MessageBoxButtons |
| System.Windows.Forms | System.Windows.Forms.TextBox |
| mscorlib | System.Action`3 |
| mscorlib | System.Action`4 |
| mscorlib | System.Collections.Generic.IEnumerable`1 |
| mscorlib | System.Collections.Generic.IEnumerator`1 |
| mscorlib | System.Collections.IEnumerator |
| mscorlib | System.Console |
| mscorlib | System.Diagnostics.DebuggableAttribute |
| mscorlib | System.Diagnostics.DebuggableAttribute/DebuggingModes |
| mscorlib | System.Diagnostics.DebuggerNonUserCodeAttribute |
| mscorlib | System.EventArgs |
| mscorlib | System.EventHandler |
| mscorlib | System.Exception |
| mscorlib | System.Func`3 |
| mscorlib | System.Func`4 |
| mscorlib | System.Func`5 |
| mscorlib | System.Func`7 |
| mscorlib | System.Globalization.CultureInfo |
| mscorlib | System.IDisposable |
| mscorlib | System.IO.Directory |
| mscorlib | System.IO.File |
| mscorlib | System.IO.FileAccess |
| mscorlib | System.IO.FileMode |
| mscorlib | System.IO.FileOptions |
| mscorlib | System.IO.FileShare |
| mscorlib | System.IO.Path |
| mscorlib | System.IO.Stream |
| mscorlib | System.IO.StreamReader |
| mscorlib | System.IO.TextReader |
| mscorlib | System.Int32 |
| mscorlib | System.IntPtr |
| mscorlib | System.Object |
| mscorlib | System.Reflection.Assembly |
| mscorlib | System.Reflection.AssemblyCompanyAttribute |
| mscorlib | System.Reflection.AssemblyConfigurationAttribute |
| mscorlib | System.Reflection.AssemblyCopyrightAttribute |
| mscorlib | System.Reflection.AssemblyDescriptionAttribute |
| mscorlib | System.Reflection.AssemblyFileVersionAttribute |
| mscorlib | System.Reflection.AssemblyProductAttribute |
| mscorlib | System.Reflection.AssemblyTitleAttribute |
| mscorlib | System.Reflection.AssemblyTrademarkAttribute |
| mscorlib | System.Resources.ResourceManager |
| mscorlib | System.Runtime.CompilerServices.CompilationRelaxationsAttribute |
| mscorlib | System.Runtime.CompilerServices.CompilerGeneratedAttribute |
| mscorlib | System.Runtime.CompilerServices.RuntimeCompatibilityAttribute |
| mscorlib | System.Runtime.InteropServices.ComVisibleAttribute |
| mscorlib | System.Runtime.InteropServices.GuidAttribute |
| mscorlib | System.Runtime.Versioning.TargetFrameworkAttribute |
| mscorlib | System.RuntimeTypeHandle |
| mscorlib | System.STAThreadAttribute |
| mscorlib | System.String |
| mscorlib | System.Type |
| mscorlib | System.UInt32 |
.text
`.rsrc
@.reloc
v4.0.30319
#Strings
#GUID
#Blob
<>p__10
<>p__20
<>p__0
<>p__11
<>p__21
<>p__1
IEnumerable`1
CallSite`1
IEnumerator`1
label1
Form1
<>p__12
<>p__22
UInt32
<>p__2
<>p__13
<>p__23
<>p__3
Func`3
Action`3
<>p__14
<>p__24
<>p__4
Func`4
Action`4
<>p__15
<>p__5
Func`5
<>p__16
<>p__6
<>p__17
<>p__7
Func`7
<>o__18
<>p__18
<>p__8
<>p__19
<>p__9
<Module>
CTLCODE
CTL_CODE
SizeF
DOWNLOADER_VERSION
System.IO
System.Web
mscorlib
System.Collections.Generic
set_Enabled
bytesreturned
overlapped
Synchronized
get_card_uuid
get_machine_uuid
ReadToEnd
Method
TbCard
device
defaultInstance
get_StatusCode
HttpStatusCode
get_ExitCode
set_AutoScaleMode
FileMode
ctlcode
UrlEncode
get_Message
Invoke
IDisposable
RuntimeTypeHandle
CloseHandle
GetTypeFromHandle
CreateFile
read_card_from_file
write_card_to_file
Console
FontStyle
set_Name
set_FileName
GetProcessesByName
filename
WriteLine
Combine
DeviceType
ExpressionType
FileShare
System.Core
get_Culture
set_Culture
resourceCulture
ButtonBase
ApplicationSettingsBase
HttpWebResponse
GetResponse
get_json_response
Close
Dispose
Create
template
EditorBrowsableState
CallSite
DynamicAttribute
STAThreadAttribute
CompilerGeneratedAttribute
GuidAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyTitleAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
value
downloader.exe
set_Size
set_AutoSize
outbufferSize
set_ClientSize
inbuffersize
System.Runtime.Versioning
sharing
ToString
disposing
System.Drawing
get_Length
add_Click
BtnLogin_Click
Label
System.ComponentModel
kernel32.dll
DeviceIoControl
ContainerControl
GetResponseStream
Program
get_Item
System
resourceMan
is_game_open
BtnLogin
login
Application
set_Location
UnaryOperation
BinaryOperation
System.Configuration
System.Globalization
System.Reflection
ControlCollection
ManagementObjectCollection
Function
Exception
Newtonsoft.Json
Button
CultureInfo
CSharpArgumentInfo
set_StartInfo
ProcessStartInfo
Microsoft.CSharp
InvokeMember
StreamReader
TextReader
downloader
sender
Microsoft.CSharp.RuntimeBinder
CallSiteBinder
inbuffer
outbuffer
get_ResourceManager
ManagementObjectSearcher
EventHandler
System.CodeDom.Compiler
IContainer
set_UseVisualStyleBackColor
IEnumerator
ManagementObjectEnumerator
GetEnumerator
.ctor
.cctor
IntPtr
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
downloader.Form1.resources
downloader.Properties.Resources.resources
DebuggingModes
downloader.Properties
EnableVisualStyles
ReadLines
SecurityAttributes
CSharpArgumentInfoFlags
CSharpBinderFlags
Settings
EventArgs
get_Controls
System.Windows.Forms
set_AutoScaleDimensions
System.Linq.Expressions
System.Collections
FileOptions
options
MessageBoxButtons
get_Chars
FileAccess
access
Process
set_Arguments
components
Format
ManagementBaseObject
DeserializeObject
ManagementObject
System.Net
Target
op_Explicit
GraphicsUnit
WaitForExit
get_Default
SetCompatibleTextRenderingDefault
DialogResult
WebClient
System.Management
InitializeComponent
get_Current
Point
set_Font
Start
JsonConvert
HttpWebRequest
get_unbind_request
get_validate_request
SuspendLayout
ResumeLayout
PerformLayout
MoveNext
get_Text
set_Text
WriteAllText
set_TabIndex
GetIndex
MessageBox
TextBox
ToCharArray
get_Assembly
GetCurrentDirectory
op_Equality
op_Inequality
HttpUtility
downloader
2018
$a31c9547-1962-49bf-8268-3f85b9d4f815
1.0.0.0
15.0.0.0
15.9.0.0
C:\Users\dongt\Desktop\PUBG\downloader\downloader\downloader\obj\Release\downloader.pdb
_CorExeMain
mscoree.dll
VS_VERSION_INFO
VarFileInfo
Translation
StringFileInfo
000004b0
Comments
CompanyName
FileDescription
downloader
FileVersion
1.0.0.0
InternalName
downloader.exe
LegalCopyright
2018
LegalTrademarks
OriginalFilename
downloader.exe
ProductName
downloader
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 20.248 seconds )
- 15.502 Suricata
- 1.629 VirusTotal
- 1.143 Static
- 0.609 static_dotnet
- 0.441 peid
- 0.425 TargetInfo
- 0.356 NetworkAnalysis
- 0.124 AnalysisInfo
- 0.011 Strings
- 0.005 Memory
- 0.003 BehaviorAnalysis
Signatures ( 0.48 seconds )
- 0.327 md_bad_drop
- 0.021 md_url_bl
- 0.02 md_domain_bl
- 0.018 antiav_detectreg
- 0.011 anomaly_persistence_autorun
- 0.008 antiav_detectfile
- 0.007 infostealer_ftp
- 0.007 ransomware_extensions
- 0.007 ransomware_files
- 0.005 infostealer_bitcoin
- 0.005 infostealer_im
- 0.004 tinba_behavior
- 0.003 rat_nanocore
- 0.003 cerber_behavior
- 0.003 antivm_vbox_files
- 0.003 disables_browser_warn
- 0.003 infostealer_mail
- 0.002 geodo_banking_trojan
- 0.002 browser_security
- 0.002 modify_proxy
- 0.001 network_tor
- 0.001 anomaly_persistence_bootexecute
- 0.001 betabot_behavior
- 0.001 ursnif_behavior
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_uac_prompt
- 0.001 stealth_modify_security_center_warnings
Reporting ( 1.065 seconds )
- 0.866 ReportHTMLSummary
- 0.199 Malheur
| Task ID | 229027 |
|---|---|
| Mongo ID | 5c39eb192f8f2e7430ba2eac |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号