分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2022-05-27 20:27:50 | 2022-05-27 20:30:01 | 131 秒 |
文件名 | PUBG.exe |
---|---|
文件大小 | 3207168 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | a96e8c56336127c3ad8d85cd7a4f957c |
SHA1 | 6d35e9b77ef11509b9c7122dd54cbe36a505429e |
SHA256 | 15c84ae81df1e81002b1a7f7e2176714ec586aaa061ba782571247ce4ed6ac26 |
SHA512 | 84595649fc05d6667cac5dfa5596314820a6043c1e6bfda34d24792e1f71353815fda97965d35ddb2a9a6802359e6526a8e616d54740b57407544ff6a893feb5 |
CRC32 | A06514DB |
Ssdeep | 49152:BV0AuQ5jTC0BPg2Fnh+e+CsSxS4TfsbX9TUMG1g+tkcvzM7elWCP5xmNaqV:BS2jTI2d+tSTY9TXG1g+tuUZP5x0aqV |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00918b7d |
声明校验值 | 0x00317374 |
实际校验值 | 0x00317374 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2022-05-24 23:55:44 |
载入哈希 | 3d5746282fb25bcf4b16f5c61fb7e19a |
图标 | |
图标精确哈希值 | 0bd4e697ffbaa3cbc6c7be89f1d871ef |
图标相似性哈希值 | ffacbbea78bb6df272b1b5f888a2336d |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x003bd000 | 0x00155000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 8.00 |
.sedata | 0x003be000 | 0x0015c000 | 0x0015c000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.03 |
.idata | 0x0051a000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.51 |
.rsrc | 0x0051b000 | 0x0005b000 | 0x0005b000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.18 |
.sedata | 0x00576000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.98 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x005719b0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.53 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x005719b0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.53 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x005719b0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.53 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x005719b0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.53 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x005719b0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.53 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x005719b0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.53 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x005719b0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.53 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x005719b0 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.53 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 |
RT_GROUP_ICON | 0x00575c64 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00575c64 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00575c64 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_MANIFEST | 0x00575c78 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 104.99.238.89 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
无域名信息.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 104.99.238.89 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 692569 |
---|---|
Mongo ID | 6290c4797e769a0b43022110 |
Cuckoo release | 1.4-Maldun |