分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-04-21 17:42:06 | 2019-04-21 17:44:25 | 139 秒 |
文件名 | 小咖过实名验证.exe |
---|---|
文件大小 | 536200 字节 |
文件类型 | PE32 executable (console) Intel 80386, for MS Windows |
MD5 | e7532e18702e49d2f299fac8bfb105e1 |
SHA1 | dea455814c2c8a30cfd0aaa8aa652c6f2e16b87b |
SHA256 | 024a6bb660605e10345ea9d96e1ffc227fd7c293a16a009bca49c7dd522368f9 |
SHA512 | e91bf8ce30d0aaa100059f593fa5d27c302c01ef4bffab50f8c6aea25a587ffd1b3954c0398a068267ecddb3b545cb41fd54b66802aff27455f4e55cf6ceb238 |
CRC32 | F3DC78AC |
Ssdeep | 12288:cHBhNwfdcaOgfeXVM29R7w7CwlGk7Zl6mfX:5dlkVMB7lGk7j6mP |
Yara | 登录查看Yara规则 |
样本下载 提交漏报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x005b3b90 |
声明校验值 | 0x00090244 |
实际校验值 | 0x00090244 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2019-04-21 17:16:44 |
载入哈希 | a6ae79bd1da5f27167c8b68ae13b7019 |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
4578a676090fe6d9306d1dd9b67a1aa17f810abc | Sun Apr 21 17:19:25 2019 | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. |
证书链 | Certificate Chain 1 |
发行给 | |
发行人 | |
有效期 | Wed Jan 01 000000 2025 |
SHA1 哈希 | ca0e4c35fbec225c5eab16b0e853d1d23206884d |
证书链 | Timestamp Chain 1 |
发行给 | Thawte Timestamping CA |
发行人 | Thawte Timestamping CA |
有效期 | Fri Jan 01 075959 2021 |
SHA1 哈希 | be36a4562fb2ee05dbb3d32323adf445084ed656 |
证书链 | Timestamp Chain 2 |
发行给 | Symantec Time Stamping Services CA - G2 |
发行人 | Thawte Timestamping CA |
有效期 | Thu Dec 31 075959 2020 |
SHA1 哈希 | 6c07453ffdda08b83707c09b82fb3d15f35336b1 |
证书链 | Timestamp Chain 3 |
发行给 | Symantec Time Stamping Services Signer - G4 |
发行人 | Symantec Time Stamping Services CA - G2 |
有效期 | Wed Dec 30 075959 2020 |
SHA1 哈希 | 65439929b67973eb192d6ff243e6767adf0834e4 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0009798e | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
.rdata | 0x00099000 | 0x0003ef5c | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
.data | 0x000d8000 | 0x0005f9ca | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rsrc | 0x00138000 | 0x000087c0 | 0x00005000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.81 |
.vmp0 | 0x00141000 | 0x0000302c | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
.vmp1 | 0x00145000 | 0x0007ade6 | 0x0007b000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.93 |
.reloc | 0x001c0000 | 0x00000030 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.10 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_BITMAP | 0x0013e8e4 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_MENU | 0x0013ea34 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_MENU | 0x0013ea34 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0013fc7c | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x001406c4 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x00140710 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x00140710 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x00140710 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
无主机纪录.
无TCP连接纪录.
无UDP连接纪录.
无域名信息.
无TCP连接纪录.
无UDP连接纪录.
未发现HTTP请求.
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 280638 |
---|---|
Mongo ID | 5cbc3b982f8f2e0443a9c67e |
Cuckoo release | 1.4-Maldun |