魔盾安全分析报告

分析类型 开始时间 结束时间 持续时间 分析引擎版本
FILE 2022-07-05 19:12:12 2022-07-05 19:12:40 28 秒 1.4-Maldun
虚拟机机器名 标签 虚拟机管理 开机时间 关机时间
win7-sp1-x64-shaapp03-1 win7-sp1-x64-shaapp03-1 KVM 2022-07-05 19:12:12 2022-07-05 19:12:41
魔盾分数

0.35

正常的

文件详细信息

文件名 SSJJ2_yra.exe
文件大小 1936896 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
CRC32 E9C0B35E
MD5 04057ec511c7840cebdf03c673c355ef
SHA1 0ce5029685b16d2445343f8be35ef06d66bb7051
SHA256 1de487e7fa1dc4eda62058c7785dd77783039b10e9aaebc969e06e9158da961a
SHA512 0acb864acccdf40359635ade519fb83c7013d684b7d18483462912539dd100af3a3f1f7c3311ed91613a735925df76bc49df3d4b39c138740c41c02362bb8949
Ssdeep 24576:t0csfmKiTWKmNDOYTXjW4CEKal5hW9FO5hFwsn1tb39JWtIobX89uOaDimT1F58m:ezmxTWzNDPCEKEQIvufRoGpOnyr
PEiD 无匹配
Yara
  • CRC32_poly_Constant (Look for CRC32 [poly])
  • CRC32_table (Look for CRC32 table)
  • with_urls (Detected the presence of an or several urls)
  • IsPE64 (Detected a 64bit PE sample)
  • IsWindowsGUI (Detected a Windows GUI sample)
  • HasDebugData (Detected Debug Data)
  • HasRichSignature (Detected Rich Signature)
  • DebuggerTiming__PerformanceCounter ()
  • DebuggerTiming__Ticks (Detected timing ticks function)
  • anti_dbg (Detected self protection if being debugged)
  • disable_dep (Bypass DEP)
  • keylogger (Detected keylogger function)
  • win_files_operation (Affect private profile)
VirusTotal VirusTotal查询失败

特征

魔盾安全Yara规则检测结果 - 安全告警
Warning: Bypass DEP

运行截图

无运行截图

网络分析

TCP连接

IP地址 端口
23.223.57.169 80

UDP连接

IP地址 端口
192.168.122.1 53

HTTP请求

URL HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

静态分析

PE 信息

初始地址 0x140000000
入口地址 0x140044a1c
声明校验值 0x00000000
实际校验值 0x001e6ccb
最低操作系统版本要求 6.0
PDB路径 C:\Users\Administrator\Desktop\SSJJ2_yra\x64\Release\SSJJ2_yra.pdb
编译时间 2022-07-02 10:07:59
载入哈希 dd982281d12b73306840c882d5e377c8
图标
图标精确哈希值 0881e94364797a03522f36859aa4b655
图标相似性哈希值 bdf14967c53716e48083889eda64a29a

PE数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00044758 0x00044800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.50
.rdata 0x00046000 0x0018c64a 0x0018c800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.06
.data 0x001d3000 0x00001078 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.86
.pdata 0x001d5000 0x00002d54 0x00002e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.73
.rsrc 0x001d8000 0x000044b0 0x00004600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.18
.reloc 0x001dd000 0x000000f0 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 2.98

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x001d80f0 0x00004228 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.07 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4294962919, next used block 4294962919
RT_GROUP_ICON 0x001dc318 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 1.92 MS Windows icon resource - 1 icon, 64x64
RT_MANIFEST 0x001dc330 0x0000017d LANG_ENGLISH SUBLANG_ENGLISH_US 4.91 XML 1.0 document text

导入

库 d3d11.dll:
0x1400465d8 - D3D11CreateDeviceAndSwapChain
库 KERNEL32.dll:
0x140046068 - GetCurrentDirectoryA
0x140046070 - OpenProcess
0x140046078 - CreateToolhelp32Snapshot
0x140046080 - GetTickCount64
0x140046088 - CreateFileA
0x140046090 - LoadLibraryA
0x140046098 - GetVersionExA
0x1400460a0 - DeleteFileA
0x1400460a8 - Process32Next
0x1400460b0 - CloseHandle
0x1400460b8 - GetSystemInfo
0x1400460c0 - GetProcAddress
0x1400460c8 - GetCurrentProcessId
0x1400460d0 - WideCharToMultiByte
0x1400460d8 - MultiByteToWideChar
0x1400460e0 - GlobalAlloc
0x1400460e8 - GlobalFree
0x1400460f0 - GlobalLock
0x1400460f8 - GlobalUnlock
0x140046100 - QueryPerformanceFrequency
0x140046108 - QueryPerformanceCounter
0x140046110 - Sleep
0x140046118 - OutputDebugStringW
0x140046120 - EnterCriticalSection
0x140046128 - LeaveCriticalSection
0x140046130 - InitializeCriticalSectionAndSpinCount
0x140046138 - SetEvent
0x140046140 - ResetEvent
0x140046148 - WaitForSingleObjectEx
0x140046150 - CreateEventW
0x140046158 - GetModuleHandleW
0x140046160 - RtlCaptureContext
0x140046168 - RtlLookupFunctionEntry
0x140046170 - RtlVirtualUnwind
0x140046178 - UnhandledExceptionFilter
0x140046180 - SetUnhandledExceptionFilter
0x140046188 - GetCurrentProcess
0x140046190 - TerminateProcess
0x140046198 - IsProcessorFeaturePresent
0x1400461a0 - GetStartupInfoW
0x1400461a8 - GetCurrentThreadId
0x1400461b0 - GetSystemTimeAsFileTime
0x1400461b8 - InitializeSListHead
0x1400461c0 - DeviceIoControl
0x1400461c8 - InitializeCriticalSectionEx
0x1400461d0 - GetLastError
0x1400461d8 - DeleteCriticalSection
0x1400461e0 - GetModuleHandleA
0x1400461e8 - Process32First
0x1400461f0 - WriteFile
0x1400461f8 - IsDebuggerPresent
库 USER32.dll:
0x140046228 - GetKeyState
0x140046230 - ReleaseCapture
0x140046238 - SetCursorPos
0x140046240 - GetCursorPos
0x140046248 - OpenClipboard
0x140046250 - CloseClipboard
0x140046258 - EmptyClipboard
0x140046260 - GetClipboardData
0x140046268 - SetClipboardData
0x140046270 - ScreenToClient
0x140046278 - GetCapture
0x140046280 - ClientToScreen
0x140046288 - SetCursor
0x140046290 - UnregisterClassA
0x140046298 - UpdateWindow
0x1400462a0 - RegisterClassExA
0x1400462a8 - GetWindowRect
0x1400462b0 - SetWindowPos
0x1400462b8 - MoveWindow
0x1400462c0 - GetClientRect
0x1400462c8 - wsprintfA
0x1400462d0 - MessageBoxA
0x1400462d8 - mouse_event
0x1400462e0 - GetAsyncKeyState
0x1400462e8 - FindWindowA
0x1400462f0 - SetWindowLongPtrA
0x1400462f8 - PostQuitMessage
0x140046300 - PeekMessageA
0x140046308 - TranslateMessage
0x140046310 - SetLayeredWindowAttributes
0x140046318 - CreateWindowExA
0x140046320 - DefWindowProcA
0x140046328 - ShowWindow
0x140046330 - DestroyWindow
0x140046338 - LoadCursorA
0x140046340 - DispatchMessageA
0x140046348 - SetCapture
库 GDI32.dll:
0x140046038 - CreateRectRgn
库 ADVAPI32.dll:
0x140046000 - OpenSCManagerA
0x140046008 - CloseServiceHandle
0x140046010 - StartServiceA
0x140046018 - CreateServiceA
库 MSVCP140.dll:
0x140046208 - ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
0x140046210 - ?_Xlength_error@std@@YAXPEBD@Z
0x140046218 - ?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
库 dwmapi.dll:
0x1400465e8 - DwmEnableBlurBehindWindow
0x1400465f0 - DwmExtendFrameIntoClientArea
库 IMM32.dll:
0x140046048 - ImmGetContext
0x140046050 - ImmReleaseContext
0x140046058 - ImmSetCompositionWindow
库 D3DCOMPILER_43.dll:
0x140046028 - D3DCompile
库 XINPUT1_3.dll:
0x1400463d8 - None
0x1400463e0 - None
库 VCRUNTIME140_1.dll:
0x1400463c8 - __CxxFrameHandler4
库 VCRUNTIME140.dll:
0x140046358 - _CxxThrowException
0x140046360 - __current_exception_context
0x140046368 - __current_exception
0x140046370 - __C_specific_handler
0x140046378 - memset
0x140046380 - memmove
0x140046388 - strstr
0x140046390 - __std_exception_copy
0x140046398 - __std_exception_destroy
0x1400463a0 - __std_terminate
0x1400463a8 - memcpy
0x1400463b0 - memchr
0x1400463b8 - memcmp
库 api-ms-win-crt-heap-l1-1-0.dll:
0x140046400 - malloc
0x140046408 - free
0x140046410 - _callnewh
0x140046418 - _set_new_mode
库 api-ms-win-crt-runtime-l1-1-0.dll:
0x1400464a8 - _c_exit
0x1400464b0 - _initialize_onexit_table
0x1400464b8 - _register_onexit_function
0x1400464c0 - _configure_narrow_argv
0x1400464c8 - _exit
0x1400464d0 - exit
0x1400464d8 - _initterm_e
0x1400464e0 - _initterm
0x1400464e8 - _register_thread_local_exe_atexit_callback
0x1400464f0 - _get_narrow_winmain_command_line
0x1400464f8 - _crt_atexit
0x140046500 - _cexit
0x140046508 - _set_app_type
0x140046510 - _initialize_narrow_environment
0x140046518 - terminate
0x140046520 - _invalid_parameter_noinfo_noreturn
0x140046528 - _seh_filter_exe
库 api-ms-win-crt-stdio-l1-1-0.dll:
0x140046538 - ftell
0x140046540 - __stdio_common_vfprintf
0x140046548 - __acrt_iob_func
0x140046550 - fflush
0x140046558 - fclose
0x140046560 - fwrite
0x140046568 - _wfopen
0x140046570 - __stdio_common_vsprintf
0x140046578 - __stdio_common_vsscanf
0x140046580 - __p__commode
0x140046588 - _set_fmode
0x140046590 - fseek
0x140046598 - fread
库 api-ms-win-crt-string-l1-1-0.dll:
0x1400465a8 - strncpy
0x1400465b0 - _stricmp
0x1400465b8 - strcmp
库 api-ms-win-crt-utility-l1-1-0.dll:
0x1400465c8 - qsort
库 api-ms-win-crt-convert-l1-1-0.dll:
0x1400463f0 - atof
库 api-ms-win-crt-math-l1-1-0.dll:
0x140046438 - powf
0x140046440 - sinf
0x140046448 - sqrt
0x140046450 - acosf
0x140046458 - atan2f
0x140046460 - pow
0x140046468 - __setusermatherr
0x140046470 - sqrtf
0x140046478 - ceilf
0x140046480 - fmodf
0x140046488 - cosf
0x140046490 - floorf
0x140046498 - logf
库 api-ms-win-crt-locale-l1-1-0.dll:
0x140046428 - _configthreadlocale

投放文件

无信息

行为分析

互斥量(Mutexes) 无信息
执行的命令 无信息
创建的服务 无信息
启动的服务 无信息

进程

无信息
访问的文件 无信息
读取的文件 无信息
修改的文件 无信息
删除的文件 无信息
注册表键 无信息
读取的注册表键 无信息
修改的注册表键 无信息
删除的注册表键 无信息
API解析 无信息