分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-05-27 19:21:45 2022-05-27 19:22:15 30 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 IDM_6.4x_Crack_v18.1_Ali.Dbg.exe
文件大小 76288 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 dcdc109069b6e0d80d776c143fecde3f
SHA1 761589c94ba8c2fd57d3ae9666a0fdc0d1b72eb5
SHA256 fe44f050ab9ea33f87acef449ed57157a331a19956207d6243522676c894e284
SHA512 85365775caa1f85c585b4979519357421ec0239d900513c0aadf28d9d238f6548164c3573141b3e272a6d4376129204a7ceba9b2c4b31c8fbdfd13cb814b73b9
CRC32 5884956F
Ssdeep 768:Jfs8N18U/TZklIrB/zkHsXaH61xxpBf/0y1gGAT/ZHgf4sMM34zCT1Ty:lrf9kY7kyaE8DzjCf4sMM0CFy
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004089c4
声明校验值 0x00000000
实际校验值 0x00020ac1
最低操作系统版本要求 4.0
编译时间 1992-06-20 06:22:17
载入哈希 7c265657d3ecc03a74c48e306ea89869

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
CODE 0x00001000 0x00007c8c 0x00007e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.36
DATA 0x00009000 0x0000047c 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.78
BSS 0x0000a000 0x00000691 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.idata 0x0000b000 0x00000a3a 0x00000c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.18
.tls 0x0000c000 0x00000008 0x00000000 IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rdata 0x0000d000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 0.20
.reloc 0x0000e000 0x00000718 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 6.27
.rsrc 0x0000f000 0x00008c00 0x00008c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ 6.12

导入

库: kernel32.dll:
0x40b100 VirtualFree
0x40b104 VirtualAlloc
0x40b108 LocalFree
0x40b10c LocalAlloc
0x40b110 GetVersion
0x40b114 GetCurrentThreadId
0x40b118 WideCharToMultiByte
0x40b11c MultiByteToWideChar
0x40b120 GetThreadLocale
0x40b124 GetStartupInfoA
0x40b128 GetModuleFileNameA
0x40b12c GetLocaleInfoA
0x40b130 GetCommandLineA
0x40b134 FreeLibrary
0x40b138 ExitProcess
0x40b13c CreateThread
0x40b140 WriteFile
0x40b148 RtlUnwind
0x40b14c RaiseException
0x40b150 GetStdHandle
库: user32.dll:
0x40b158 GetKeyboardType
0x40b15c MessageBoxA
0x40b160 CharNextA
库: advapi32.dll:
0x40b168 RegQueryValueExA
0x40b16c RegOpenKeyExA
0x40b170 RegCloseKey
库: oleaut32.dll:
0x40b178 SysFreeString
0x40b17c SysReAllocStringLen
0x40b180 SysAllocStringLen
库: kernel32.dll:
0x40b188 TlsSetValue
0x40b18c TlsGetValue
0x40b190 LocalAlloc
0x40b194 GetModuleHandleA
库: advapi32.dll:
0x40b19c RegSetValueExW
0x40b1a0 RegQueryValueExW
0x40b1a4 RegQueryValueExA
0x40b1a8 RegOpenKeyExW
0x40b1ac RegOpenKeyExA
0x40b1b0 RegCloseKey
库: kernel32.dll:
0x40b1b8 WriteFile
0x40b1bc WinExec
0x40b1c0 WaitForSingleObject
0x40b1c4 UnmapViewOfFile
0x40b1c8 Sleep
0x40b1cc SizeofResource
0x40b1d0 SetLastError
0x40b1d4 SetFilePointer
0x40b1d8 OutputDebugStringA
0x40b1dc MapViewOfFile
0x40b1e0 LockResource
0x40b1e4 LoadResource
0x40b1e8 GetTickCount
0x40b1ec GetTempPathW
0x40b1f0 GetLastError
0x40b1f4 GetFileSize
0x40b1f8 GetFileAttributesW
0x40b1fc FreeResource
0x40b200 FormatMessageA
0x40b204 FindResourceA
0x40b208 ExitProcess
0x40b20c DeleteFileW
0x40b210 CreateProcessW
0x40b214 CreateMutexA
0x40b218 CreateFileMappingW
0x40b21c CreateFileW
0x40b220 CreateFileA
0x40b224 CloseHandle
库: gdi32.dll:
0x40b22c SetTextColor
0x40b230 SetBkColor
库: user32.dll:
0x40b238 wvsprintfA
0x40b23c WaitForInputIdle
0x40b240 TrackPopupMenu
0x40b244 ShowWindow
0x40b248 SetWindowTextA
0x40b24c SetForegroundWindow
0x40b250 SetFocus
0x40b254 SetDlgItemTextW
0x40b258 SetDlgItemTextA
0x40b25c SetCursor
0x40b260 SendMessageA
0x40b264 PostQuitMessage
0x40b268 MessageBoxA
0x40b26c LoadCursorA
0x40b270 IsDlgButtonChecked
0x40b274 GetDlgItem
0x40b278 GetCursorPos
0x40b27c FindWindowExA
0x40b280 FindWindowA
0x40b284 EndDialog
0x40b288 EnableWindow
0x40b28c DialogBoxParamA
0x40b290 DestroyMenu
0x40b294 CreatePopupMenu
0x40b298 CheckDlgButton
0x40b29c AppendMenuA
库: shell32.dll:
0x40b2a4 ShellExecuteExA
库: shell32.dll:
0x40b2ac IsUserAnAdmin
0x40b2b0 ShellExecuteW
0x40b2b4 ShellExecuteA

`DATA
.idata
.rdata
P.reloc
P.rsrc
Uh,#@
SOFTWARE\Borland\Delphi\RTL
FPUMaskValue
Uhq3@
Uhu@@
UhOB@
Uh=E@
UhuE@
UhEH@
Uh}H@
IDMan.exe
\Internet Download Manager\
Please install IDM before crack!
IDM is running, please exit IDM!
Please restart system to complete IDM installation!?
Options : -silent -updatechecker -noupdate -noreg -nobak -speedup -restore -delete
For apply, exit IDM then open it!
UhNO@
Uh\S@
RegEdit_RegEdit
regedit.exe
SysTreeView32
IDM Crack
Please run as administrator!
Or run crack inside IDM files.
Uh!Y@
BINRES
BINRES
ZYXWVUTSRQPONMLKJIHGFEDCBAzyxwvutsrqponmlkjihgfedcba0123456789
nopqrstuvwxyzabcdefghijklmNOPQRSTUVWXYZABCDEFGHIJKLM5678901234
UhI]@
Uhee@
UhGe@
Error:
-silent
IDM 6.4x Crack
shutdown.exe -r -f -t 0
UhMj@
IDMREG
Uh}k@
BATCLEN
CLEAN
Uh@n@
t-h|n@
IDMBAK
CRKRST
Uh%q@
t"hhq@
IDMSPD
IDMSPD
UhBt@
SELFDEL
Uh2u@
taskkill.exe /IM IDMan.exe /F
-updatechecker
-noupdate
-restore
Restore Crack done.
-speedup
-nobak
-noreg
IDM Patched.
Nothing patched!
IDM Crack Error!
-delete
Wait...
IDM Patched
Not Patched
Crack
Finish
Open IDM
Enable IDM
Disable IDM
Restore Crack
IDM LicensedTo
IDM RegEdit
Uninstall IDM
IDM Utility
IDM Password Decryptor
IDM Backup Manager
Apply changes
Reset changes
IDM Speed Booster
IDM Tools
IDM 6.4x Crack
April 14, 2022
Restore done.
Crack
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Download Manager
HKEY_CURRENT_USER\SOFTWARE\DownloadManager
https://www.internetdownloadmanager.com/register/new_faq/functions7.html
Apply SpeedUP
Reset SpeedUP
Extensions
SOFTWARE\DownloadManager
Disable IDM Automatically Download
Extensions_
Reg.exe delete "HKCU\SOFTWARE\DownloadManager" /v "Extensions" /f
Reg.exe delete "HKCU\SOFTWARE\DownloadManager" /v "Extensions_" /f
Enable IDM Automatically Download
Checking
Update
IDM 6.4x Crack
-help
-help
UNSIGNER
-silent
Please close the another.
Error
Runtime error at 00000000
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
user32.dll
GetKeyboardType
MessageBoxA
CharNextA
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
oleaut32.dll
SysFreeString
SysReAllocStringLen
SysAllocStringLen
kernel32.dll
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
advapi32.dll
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCloseKey
kernel32.dll
WriteFile
WinExec
WaitForSingleObject
UnmapViewOfFile
Sleep
SizeofResource
SetLastError
SetFilePointer
OutputDebugStringA
MapViewOfFile
LockResource
LoadResource
GetTickCount
GetTempPathW
GetLastError
GetFileSize
GetFileAttributesW
FreeResource
FormatMessageA
FindResourceA
ExitProcess
DeleteFileW
CreateProcessW
CreateMutexA
CreateFileMappingW
CreateFileW
CreateFileA
CloseHandle
gdi32.dll
SetTextColor
SetBkColor
user32.dll
wvsprintfA
WaitForInputIdle
TrackPopupMenu
ShowWindow
SetWindowTextA
SetForegroundWindow
SetFocus
SetDlgItemTextW
SetDlgItemTextA
SetCursor
SendMessageA
PostQuitMessage
MessageBoxA
LoadCursorA
IsDlgButtonChecked
GetDlgItem
GetCursorPos
FindWindowExA
FindWindowA
EndDialog
EnableWindow
DialogBoxParamA
DestroyMenu
CreatePopupMenu
CheckDlgButton
AppendMenuA
shell32.dll
ShellExecuteExA
shell32.dll
IsUserAnAdmin
ShellExecuteW
ShellExecuteA
SHGetSpecialFolderPathW
?H?P?V?[?}?
.text
`.data
.rdata
@.bss
.idata
.rsrc
ZHYu%j
v h/A@
Error allocating memory
Error reading file
Could not open file for reading
File is too large to handle
File is too small to contain PE headers
File does not contain a valid DOS header
NT header is out of bounds
PE file header is missing a NT signature
Unsupported PE format
No certificate found in file
Invalid certificate position
%s.unsing
Could not open file for writing
Error writing file
%s.bak
%s.%3.3d
Could not rename temp file
PE file unsigned successfully
Usage: unsigntool.exe [-b][-c][-t][-f] <file>
-b Do not create a .bak backup file
-c Do not update the PE checksum in the header
-t Update the link time stamp in the header
-f Remove the certificate table forcefully
Unsigntool 0.8 - Remove digital signature from PE files
Copyright (C) 2010 - 2014 Pasi Ruokola
CloseHandle
CreateFileA
ExitProcess
GetFileSize
GetFileTime
GetSystemTimeAsFileTime
GlobalAlloc
GlobalFree
MoveFileA
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
SetUnhandledExceptionFilter
WriteFile
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_onexit
_setmode
atexit
printf
signal
sprintf
KERNEL32.dll
msvcrt.dll
PatchTemplate
UTypes
System
SysInit
TlHelp32
KWindows
*ShellAPI
3Messages
</assembly>
ERROR
ERROR
-f -b "
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\
chrome.exe
ERROR
firefox.exe
IEXPLORE.EXE
safari.exe
waterfox.exe
maxthon.exe
dragon.exe
IDMan.exe
IDMan.exe~~
IDMGrHlp.exe
IDMGrHlp.exe~~
\UPDT.vbs
wscript.exe "
" /browser:"
" /crkver:"
IDM_REG.vbs
wscript.exe "
BATCLEN.bat
cmd.exe /C "
IDMRegClean.reg
reg.exe import
IDM_BAK.vbs
wscript.exe "
" /idmdir:"
CRK_RESTORE.vbs
wscript.exe "
" /idmdir:"
IDM_SPPEDUP.vbs
wscript.exe "
" /SpeedUP:1
IDM_SPPEDUP.vbs
wscript.exe "
" /SpeedUP:0
SELFDEL.vbs
wscript.exe "
" /crkpath:"
DisplayIcon
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
ExePath
SOFTWARE\DownloadManager
IDMan.exe~~
Extensions
SOFTWARE\DownloadManager
FTTX://VILL.EV
/select,
explorer.exe
http://www.softpedia.com/get/PORTABLE-SOFTWARE/System/Backup-and-Recovery/Portable-IDM-Backup-Manager.shtml
http://www.softpedia.com/get/PORTABLE-SOFTWARE/Security/Password-Managers---Generators/IDM-Password-Decryptor-Portable.shtml
FTTX://GET.EY/RvLTE
Uninstall.exe
Extensions_
SOFTWARE\DownloadManager
Extensions
ERROR
Enabled
Software\Microsoft\Windows Script Host\Settings
UnSigner.exe
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
Pasi Ruokola
FileDescription
PE file signature removal tool
FileVersion
InternalName
unsigntool
LegalCopyright
2010 - 2014 Pasi Ruokola
OriginalFilename
unsigntool.exe
ProductName
Unsigntool
ProductVersion
VarFileInfo
Translation
Lucida Console
&Crack
&Update
&Close
Disable
Enable
IDM Update Checker:
没有防病毒引擎扫描信息!

进程树


IDM_6.4x_Crack_v18.1_Ali.Dbg.exe, PID: 2428, 上一级进程 PID: 2224

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 172.232.44.32 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 172.232.44.32 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 28.385 seconds )

  • 13.671 VirusTotal
  • 10.995 Suricata
  • 1.753 NetworkAnalysis
  • 1.101 Static
  • 0.456 peid
  • 0.299 TargetInfo
  • 0.075 BehaviorAnalysis
  • 0.022 Strings
  • 0.011 AnalysisInfo
  • 0.002 Memory

Signatures ( 1.448 seconds )

  • 1.333 md_url_bl
  • 0.02 antiav_detectreg
  • 0.008 infostealer_ftp
  • 0.008 md_domain_bl
  • 0.006 anomaly_persistence_autorun
  • 0.006 antiav_detectfile
  • 0.006 antianalysis_detectreg
  • 0.005 infostealer_im
  • 0.004 api_spamming
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 tinba_behavior
  • 0.003 stealth_decoy_document
  • 0.003 stealth_timeout
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.559 seconds )

  • 0.477 ReportHTMLSummary
  • 0.082 Malheur
Task ID 692553
Mongo ID 6290b493dc327b07f50dc667
Cuckoo release 1.4-Maldun