分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2022-05-27 20:27:50 2022-05-27 20:30:01 131 秒

魔盾分数

6.75

危险的

文件详细信息

文件名 PUBG.exe
文件大小 3207168 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a96e8c56336127c3ad8d85cd7a4f957c
SHA1 6d35e9b77ef11509b9c7122dd54cbe36a505429e
SHA256 15c84ae81df1e81002b1a7f7e2176714ec586aaa061ba782571247ce4ed6ac26
SHA512 84595649fc05d6667cac5dfa5596314820a6043c1e6bfda34d24792e1f71353815fda97965d35ddb2a9a6802359e6526a8e616d54740b57407544ff6a893feb5
CRC32 A06514DB
Ssdeep 49152:BV0AuQ5jTC0BPg2Fnh+e+CsSxS4TfsbX9TUMG1g+tkcvzM7elWCP5xmNaqV:BS2jTI2d+tSTY9TXG1g+tuUZP5x0aqV
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00918b7d
声明校验值 0x00317374
实际校验值 0x00317374
最低操作系统版本要求 4.0
编译时间 2022-05-24 23:55:44
载入哈希 3d5746282fb25bcf4b16f5c61fb7e19a
图标
图标精确哈希值 0bd4e697ffbaa3cbc6c7be89f1d871ef
图标相似性哈希值 ffacbbea78bb6df272b1b5f888a2336d

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x003bd000 0x00155000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8.00
.sedata 0x003be000 0x0015c000 0x0015c000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.03
.idata 0x0051a000 0x00001000 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_NOT_PAGED|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.51
.rsrc 0x0051b000 0x0005b000 0x0005b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.18
.sedata 0x00576000 0x00001000 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.98

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x005719b0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 3.53 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x005719b0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 3.53 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x005719b0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 3.53 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x005719b0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 3.53 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x005719b0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 3.53 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x005719b0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 3.53 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x005719b0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 3.53 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_ICON 0x005719b0 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 3.53 dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
RT_GROUP_ICON 0x00575c64 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00575c64 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00575c64 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_MANIFEST 0x00575c78 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x91a325 midiStreamOut
库: WS2_32.dll:
0x91a331 WSAAsyncSelect
库: RASAPI32.dll:
0x91a33d RasHangUpA
库: KERNEL32.dll:
0x91a349 VirtualFree
库: USER32.dll:
库: GDI32.dll:
0x91a361 GetViewportExtEx
库: WINSPOOL.DRV:
0x91a36d OpenPrinterA
库: ADVAPI32.dll:
0x91a379 RegOpenKeyExA
库: SHELL32.dll:
0x91a385 ShellExecuteA
库: ole32.dll:
0x91a391 CLSIDFromString
库: OLEAUT32.dll:
0x91a39d LoadTypeLib
库: COMCTL32.dll:
0x91a3a9 None
库: WININET.dll:
库: comdlg32.dll:
0x91a3c1 ChooseColorA
库: MSVCRT.dll:
0x91a3cd strncpy
库: IPHLPAPI.DLL:
0x91a3d9 GetInterfaceInfo
库: PSAPI.DLL:
0x91a3e5 GetMappedFileNameW

.text
.sedata
.idata
.rsrc
.sedata
/N#,j
ua.yyU
N<a0W[^-Nrc
4<mF>
没有防病毒引擎扫描信息!

进程树


PUBG.exe, PID: 2564, 上一级进程 PID: 2256

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.99.238.89 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 104.99.238.89 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 31.171 seconds )

  • 13.368 VirusTotal
  • 11.108 Suricata
  • 2.559 NetworkAnalysis
  • 2.183 Static
  • 0.801 TargetInfo
  • 0.761 BehaviorAnalysis
  • 0.331 peid
  • 0.037 AnalysisInfo
  • 0.013 Strings
  • 0.008 config_decoder
  • 0.002 Memory

Signatures ( 1.732 seconds )

  • 1.405 md_url_bl
  • 0.04 api_spamming
  • 0.033 kovter_behavior
  • 0.032 stealth_timeout
  • 0.03 antiemu_wine_func
  • 0.029 stealth_decoy_document
  • 0.028 infostealer_browser_password
  • 0.02 antiav_detectreg
  • 0.009 infostealer_ftp
  • 0.009 md_domain_bl
  • 0.007 antiav_detectfile
  • 0.006 infostealer_im
  • 0.005 anomaly_persistence_autorun
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_bitcoin
  • 0.004 mimics_filetime
  • 0.004 antianalysis_detectreg
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 reads_self
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 bootkit
  • 0.002 stealth_file
  • 0.002 injection_createremotethread
  • 0.002 antivm_generic_disk
  • 0.002 virus
  • 0.002 browser_security
  • 0.001 hawkeye_behavior
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 betabot_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 hancitor_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.553 seconds )

  • 0.485 ReportHTMLSummary
  • 0.068 Malheur
Task ID 692569
Mongo ID 6290c4797e769a0b43022110
Cuckoo release 1.4-Maldun