比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-10-08 20:52:16 2020-10-08 20:54:22 126 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 卡秒.exe
文件大小 2748416 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5b0009f9abc6bff0106aa0b91df193c0
SHA1 a1c2f001c2273b70e2b8950ff6d186ffd6129767
SHA256 2402c5ebf7a7c238606dfd4b333e29d0c0b7610b727d4c9231cdd1faa5ebc105
SHA512 5626e9f08d81b6a481e6d2dc4ae1d62054a4ae2b8e46fceda2ed177f5159ce106f4de9eaef0f7db6c9ec8de8e310a88c1dc0af8aa14379f5811349acf059cdaa
CRC32 8A810EB1
Ssdeep 49152:4X+AloIUZcbtoCXvEMqJv9vWhAyGWv4uA7:+NoIUZcCC/EMqJcG0u
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.kxdao.net A 23.225.36.162
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.215.101.24
A 23.215.101.19

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0048ef16
声明校验值 0x00000000
实际校验值 0x002a1e79
最低操作系统版本要求 4.0
编译时间 2020-10-08 20:47:46
载入哈希 15a7cef55c0d51e9281a35171fcba93b
图标
图标精确哈希值 cac260ed3e2bbb5f21e054ceff15707e
图标相似性哈希值 30731a0650c60844961e0b729b6e2699

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000aea6a 0x000af000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x000b0000 0x001b697c 0x001b7000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.00
.data 0x00267000 0x00060d6a 0x0001c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.29
.rsrc 0x002c8000 0x0001bc64 0x0001c000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 3.63

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x002c8dc8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x002c8dc8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x002c8dc8 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x002c92b8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x002c92b8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x002c92b8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x002c92b8 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x002cab2c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_ICON 0x002e1628 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.14 GLS_BINARY_LSB_FIRST
RT_MENU 0x002e1a9c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x002e1a9c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x002e2ce4 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x002e372c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x002e3778 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x002e3778 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x002e3778 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x002e3844 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x002e3844 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x002e3844 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x002e3858 0x0000023c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.84 data
RT_MANIFEST 0x002e3a94 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x4b0618 midiStreamOut
0x4b0620 midiStreamProperty
0x4b0628 waveOutOpen
0x4b062c waveOutGetNumDevs
0x4b0630 waveOutClose
0x4b0634 waveOutReset
0x4b0638 waveOutPause
0x4b063c waveOutWrite
0x4b0648 timeGetTime
0x4b064c midiStreamStop
0x4b0650 midiOutReset
0x4b0654 midiStreamClose
0x4b0658 midiStreamRestart
0x4b065c midiStreamOpen
0x4b0660 waveOutRestart
库: WS2_32.dll:
0x4b0678 recvfrom
0x4b067c recv
0x4b0680 getpeername
0x4b0684 accept
0x4b0688 ntohl
0x4b068c inet_ntoa
0x4b0690 WSACleanup
0x4b0694 closesocket
0x4b0698 WSAAsyncSelect
0x4b069c ioctlsocket
库: KERNEL32.dll:
0x4b0170 GetCurrentProcess
0x4b0174 TerminateProcess
0x4b0178 MultiByteToWideChar
0x4b017c SetLastError
0x4b0180 GetVersion
0x4b0184 WideCharToMultiByte
0x4b0188 CreateMutexA
0x4b018c ReleaseMutex
0x4b0190 SuspendThread
0x4b0194 GetACP
0x4b0198 HeapSize
0x4b019c GetLocalTime
0x4b01a0 GetSystemTime
0x4b01a4 RaiseException
0x4b01a8 RtlUnwind
0x4b01ac GetStartupInfoA
0x4b01b0 GetOEMCP
0x4b01b4 GetCPInfo
0x4b01b8 GetProcessVersion
0x4b01bc SetErrorMode
0x4b01c0 GlobalFlags
0x4b01c4 GetCurrentThread
0x4b01c8 GetFileTime
0x4b01cc TlsGetValue
0x4b01d0 LocalReAlloc
0x4b01d4 TlsSetValue
0x4b01d8 TlsFree
0x4b01dc GlobalHandle
0x4b01e0 TlsAlloc
0x4b01e4 LocalAlloc
0x4b01e8 lstrcmpA
0x4b01ec GlobalGetAtomNameA
0x4b01f0 GlobalAddAtomA
0x4b01f4 GlobalFindAtomA
0x4b01f8 GlobalDeleteAtom
0x4b01fc lstrcmpiA
0x4b0200 SetEndOfFile
0x4b0204 UnlockFile
0x4b0208 LockFile
0x4b020c FlushFileBuffers
0x4b0210 DuplicateHandle
0x4b0214 lstrcpynA
0x4b0220 LocalFree
0x4b022c GetFileSize
0x4b0230 SetFilePointer
0x4b0234 GetSystemDirectoryA
0x4b0238 TerminateThread
0x4b023c CreateSemaphoreA
0x4b0240 ResumeThread
0x4b0244 ReleaseSemaphore
0x4b0250 GetProfileStringA
0x4b0254 WriteFile
0x4b025c CreateFileA
0x4b0260 SetEvent
0x4b0264 FindResourceA
0x4b0268 LoadResource
0x4b026c LockResource
0x4b0270 ReadFile
0x4b0274 GetModuleFileNameA
0x4b0278 GetCurrentThreadId
0x4b027c ExitProcess
0x4b0280 GlobalSize
0x4b0284 GlobalFree
0x4b0290 lstrcatA
0x4b0294 lstrlenA
0x4b0298 WinExec
0x4b029c lstrcpyA
0x4b02a0 FindNextFileA
0x4b02a4 GlobalReAlloc
0x4b02a8 HeapFree
0x4b02ac HeapReAlloc
0x4b02b0 GetProcessHeap
0x4b02b4 InterlockedExchange
0x4b02b8 HeapAlloc
0x4b02bc GetFullPathNameA
0x4b02c0 FreeLibrary
0x4b02c4 LoadLibraryA
0x4b02c8 GetLastError
0x4b02cc GetVersionExA
0x4b02d4 CreateThread
0x4b02d8 CreateEventA
0x4b02dc Sleep
0x4b02e0 OutputDebugStringA
0x4b02e4 GlobalAlloc
0x4b02e8 GlobalLock
0x4b02ec GlobalUnlock
0x4b02f0 FindFirstFileA
0x4b02f4 FindClose
0x4b02f8 GetFileAttributesA
0x4b0304 GetModuleHandleA
0x4b0308 GetProcAddress
0x4b030c MulDiv
0x4b0310 GetCommandLineA
0x4b0314 GetTickCount
0x4b0318 WaitForSingleObject
0x4b031c CloseHandle
0x4b0334 SetHandleCount
0x4b0338 GetStdHandle
0x4b033c GetFileType
0x4b0344 HeapDestroy
0x4b0348 HeapCreate
0x4b034c VirtualFree
0x4b0354 LCMapStringA
0x4b0358 LCMapStringW
0x4b035c VirtualAlloc
0x4b0360 IsBadWritePtr
0x4b0368 GetStringTypeA
0x4b036c GetStringTypeW
0x4b0370 CompareStringA
0x4b0374 CompareStringW
0x4b0378 IsBadReadPtr
0x4b037c IsBadCodePtr
0x4b0380 SetStdHandle
库: USER32.dll:
0x4b03a8 SetMenu
0x4b03ac PeekMessageA
0x4b03b0 IsIconic
0x4b03b4 SetFocus
0x4b03b8 GetActiveWindow
0x4b03bc GetWindow
0x4b03c0 GetMenu
0x4b03c4 DeleteMenu
0x4b03c8 GetSystemMenu
0x4b03cc DefWindowProcA
0x4b03d0 GetClassInfoA
0x4b03d4 IsZoomed
0x4b03d8 PostQuitMessage
0x4b03e0 GetKeyState
0x4b03e8 IsWindowEnabled
0x4b03ec ShowWindow
0x4b03f4 GetMenuState
0x4b03f8 SetMenuItemBitmaps
0x4b03fc CheckMenuItem
0x4b0400 GetDlgCtrlID
0x4b0408 CreateMenu
0x4b040c ModifyMenuA
0x4b0410 AppendMenuA
0x4b0414 CreatePopupMenu
0x4b0418 LoadStringA
0x4b041c GetSysColorBrush
0x4b0420 DrawIconEx
0x4b0430 SetRectEmpty
0x4b0434 DispatchMessageA
0x4b0438 WindowFromPoint
0x4b043c DrawFocusRect
0x4b0440 DrawEdge
0x4b0448 SetWindowRgn
0x4b044c GetMessagePos
0x4b0450 ScreenToClient
0x4b0458 CopyRect
0x4b045c LoadBitmapA
0x4b0460 WinHelpA
0x4b0464 KillTimer
0x4b0468 SetTimer
0x4b046c ReleaseCapture
0x4b0470 GetCapture
0x4b0474 SetCapture
0x4b0478 GetScrollRange
0x4b047c SetScrollRange
0x4b0480 SetScrollPos
0x4b0484 SetRect
0x4b0488 MoveWindow
0x4b048c SetWindowTextA
0x4b0490 IsDialogMessageA
0x4b0498 InflateRect
0x4b049c IntersectRect
0x4b04a0 DestroyIcon
0x4b04a4 PtInRect
0x4b04a8 OffsetRect
0x4b04ac IsWindowVisible
0x4b04b0 EnableWindow
0x4b04b4 RedrawWindow
0x4b04b8 GetWindowLongA
0x4b04bc SetWindowLongA
0x4b04c0 GetSysColor
0x4b04c4 SetActiveWindow
0x4b04c8 SetCursorPos
0x4b04cc LoadCursorA
0x4b04d0 SetCursor
0x4b04d4 GetDC
0x4b04d8 FillRect
0x4b04dc IsRectEmpty
0x4b04e0 ReleaseDC
0x4b04e4 IsChild
0x4b04e8 DestroyMenu
0x4b04ec SetForegroundWindow
0x4b04f0 GetWindowRect
0x4b04f4 EqualRect
0x4b04f8 UpdateWindow
0x4b04fc ValidateRect
0x4b0500 InvalidateRect
0x4b0504 GetClientRect
0x4b0508 GetFocus
0x4b050c GetParent
0x4b0510 GetTopWindow
0x4b0514 PostMessageA
0x4b0518 IsWindow
0x4b051c SetParent
0x4b0520 DestroyCursor
0x4b0524 SendMessageA
0x4b0528 SetWindowPos
0x4b052c MessageBoxA
0x4b0530 GetCursorPos
0x4b0534 GetSystemMetrics
0x4b0538 EmptyClipboard
0x4b053c SetClipboardData
0x4b0540 OpenClipboard
0x4b0544 GetClipboardData
0x4b0548 CloseClipboard
0x4b054c wsprintfA
0x4b0550 LoadImageA
0x4b0558 DrawFrameControl
0x4b055c TranslateMessage
0x4b0560 LoadIconA
0x4b0564 DrawTextA
0x4b0568 GetDesktopWindow
0x4b056c GetClassNameA
0x4b0570 UnregisterClassA
0x4b0574 GetDlgItem
0x4b0578 FindWindowExA
0x4b057c GetWindowTextA
0x4b0580 GetForegroundWindow
0x4b0584 ClientToScreen
0x4b0588 EnableMenuItem
0x4b058c ScrollWindowEx
0x4b0590 GetSubMenu
0x4b0594 GetMessageA
0x4b059c CharUpperA
0x4b05a0 GetWindowDC
0x4b05a4 BeginPaint
0x4b05a8 EndPaint
0x4b05ac TabbedTextOutA
0x4b05b0 GrayStringA
0x4b05b4 DestroyWindow
0x4b05bc EndDialog
0x4b05c0 GetNextDlgTabItem
0x4b05c4 GetWindowPlacement
0x4b05cc GetLastActivePopup
0x4b05d0 GetMessageTime
0x4b05d4 RemovePropA
0x4b05d8 CallWindowProcA
0x4b05dc GetPropA
0x4b05e0 UnhookWindowsHookEx
0x4b05e4 SetPropA
0x4b05e8 GetClassLongA
0x4b05ec CallNextHookEx
0x4b05f0 SetWindowsHookExA
0x4b05f4 CreateWindowExA
0x4b05f8 GetMenuItemID
0x4b05fc GetMenuItemCount
0x4b0600 RegisterClassA
0x4b0604 GetScrollPos
0x4b0608 AdjustWindowRectEx
0x4b060c MapWindowPoints
0x4b0610 SendDlgItemMessageA
库: GDI32.dll:
0x4b0024 ExtSelectClipRgn
0x4b0028 LineTo
0x4b002c MoveToEx
0x4b0030 ExcludeClipRect
0x4b0034 GetClipBox
0x4b0038 ScaleWindowExtEx
0x4b003c SetWindowExtEx
0x4b0040 SetWindowOrgEx
0x4b0044 ScaleViewportExtEx
0x4b0048 SetViewportExtEx
0x4b004c OffsetViewportOrgEx
0x4b0050 SetViewportOrgEx
0x4b0054 SetMapMode
0x4b0058 SetROP2
0x4b005c SetPolyFillMode
0x4b0060 CreateCompatibleDC
0x4b0064 Ellipse
0x4b0068 Rectangle
0x4b006c LPtoDP
0x4b0070 DPtoLP
0x4b0074 RoundRect
0x4b007c GetDeviceCaps
0x4b0080 GetViewportOrgEx
0x4b0084 GetWindowExtEx
0x4b0088 GetDIBits
0x4b008c RealizePalette
0x4b0090 SelectPalette
0x4b0094 StretchBlt
0x4b0098 CreatePalette
0x4b00a0 CreateDIBitmap
0x4b00a4 DeleteObject
0x4b00a8 CreatePolygonRgn
0x4b00ac GetClipRgn
0x4b00b0 SetStretchBltMode
0x4b00b8 SetBkColor
0x4b00bc TextOutA
0x4b00c0 SetTextColor
0x4b00c4 SetBkMode
0x4b00c8 RestoreDC
0x4b00cc SaveDC
0x4b00d0 GetViewportExtEx
0x4b00d4 PtVisible
0x4b00d8 RectVisible
0x4b00dc ExtTextOutA
0x4b00e0 Escape
0x4b00e4 GetTextMetricsA
0x4b00e8 BitBlt
0x4b00ec StartPage
0x4b00f0 StartDocA
0x4b00f4 DeleteDC
0x4b00f8 EndDoc
0x4b00fc EndPage
0x4b0100 CreateFontIndirectA
0x4b0104 GetStockObject
0x4b0108 CreateSolidBrush
0x4b010c FillRgn
0x4b0110 CreateRectRgn
0x4b0114 CombineRgn
0x4b0118 PatBlt
0x4b011c CreatePen
0x4b0120 GetObjectA
0x4b0124 SelectObject
0x4b0128 CreateBitmap
0x4b012c CreateDCA
0x4b0134 GetPolyFillMode
0x4b0138 GetStretchBltMode
0x4b013c GetROP2
0x4b0140 GetBkColor
0x4b0144 GetBkMode
0x4b0148 GetTextColor
0x4b014c CreateRoundRectRgn
0x4b0150 CreateEllipticRgn
0x4b0154 PathToRegion
0x4b0158 EndPath
0x4b015c BeginPath
0x4b0160 GetCurrentObject
0x4b0164 SelectClipRgn
0x4b0168 GetWindowOrgEx
库: WINSPOOL.DRV:
0x4b0668 OpenPrinterA
0x4b066c ClosePrinter
0x4b0670 DocumentPropertiesA
库: ADVAPI32.dll:
0x4b0000 RegOpenKeyExA
0x4b0004 RegSetValueExA
0x4b0008 RegQueryValueA
0x4b000c RegCreateKeyExA
0x4b0010 RegCloseKey
库: SHELL32.dll:
0x4b039c Shell_NotifyIconA
0x4b03a0 ShellExecuteA
库: ole32.dll:
0x4b06b8 CLSIDFromString
0x4b06bc OleUninitialize
0x4b06c0 OleInitialize
库: OLEAUT32.dll:
0x4b038c LoadTypeLib
0x4b0390 RegisterTypeLib
0x4b0394 UnRegisterTypeLib
库: COMCTL32.dll:
0x4b0018 None
0x4b001c ImageList_Destroy
库: comdlg32.dll:
0x4b06a4 ChooseColorA
0x4b06a8 GetFileTitleA
0x4b06ac GetOpenFileNameA
0x4b06b0 GetSaveFileNameA
.text
`.rdata
@.data
.rsrc
Phh)h
Phh)h
VMProtect begin
SEBEGN
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
VMProtect begin
SEENDP
VMProtect end
VWPhL
VWPh|
VWQPh(
8`}<j
T$hVj
D$<(0e
T$th
|$`Vj
F<$4e
|$|Vj
T$\Vj
F<,4e
D$`h3e
D$@Sj
L$8h
jjjjh
没有防病毒引擎扫描信息!

进程树

______.exe, PID: 2324, 上一级进程 PID: 2168
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 23.215.101.24 acroipm.adobe.com 80
192.168.122.201 49160 23.225.36.162 www.kxdao.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.kxdao.net A 23.225.36.162
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.215.101.24
A 23.215.101.19

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 23.215.101.24 acroipm.adobe.com 80
192.168.122.201 49160 23.225.36.162 www.kxdao.net 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-10-08 20:52:35.863201+0800 192.168.122.201 49160 23.225.36.162 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=www.kxdao.net ff:47:80:67:36:bc:7a:06:aa:75:ec:0c:f2:6d:54:7e:87:45:3a:f0

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 82.682 seconds )

  • 64.101 BehaviorAnalysis
  • 10.702 Suricata
  • 3.585 VirusTotal
  • 1.901 Static
  • 1.393 NetworkAnalysis
  • 0.656 TargetInfo
  • 0.315 peid
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.006 config_decoder
  • 0.002 Memory

Signatures ( 29.01 seconds )

  • 4.356 api_spamming
  • 3.931 injection_createremotethread
  • 3.576 process_interest
  • 3.151 stealth_timeout
  • 2.846 stealth_decoy_document
  • 2.554 injection_runpe
  • 2.45 vawtrak_behavior
  • 1.712 process_needed
  • 1.26 md_url_bl
  • 0.482 mimics_filetime
  • 0.436 reads_self
  • 0.426 hancitor_behavior
  • 0.391 virus
  • 0.372 antivm_generic_disk
  • 0.362 stealth_file
  • 0.319 bootkit
  • 0.178 injection_explorer
  • 0.045 antiav_detectreg
  • 0.015 infostealer_ftp
  • 0.013 antianalysis_detectreg
  • 0.012 md_domain_bl
  • 0.009 infostealer_im
  • 0.007 geodo_banking_trojan
  • 0.006 anomaly_persistence_autorun
  • 0.006 antiav_detectfile
  • 0.005 infostealer_mail
  • 0.004 antiemu_wine_func
  • 0.004 infostealer_browser_password
  • 0.004 kovter_behavior
  • 0.004 antivm_vbox_files
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antivm_vbox_libs
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_xen_keys
  • 0.003 infostealer_bitcoin
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antivm_generic_services
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 exec_crash
  • 0.002 antidbg_windows
  • 0.002 anormaly_invoke_kills
  • 0.002 antivm_generic_diskreg
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 antivm_vmware_libs
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_generic_system
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint

Reporting ( 0.51 seconds )

  • 0.506 ReportHTMLSummary
  • 0.004 Malheur
Task ID 579796
Mongo ID 5f7f0d317e769a02027c1a12
Cuckoo release 1.4-Maldun