分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2022-05-27 22:40:19 | 2022-05-27 22:42:32 | 133 秒 |
文件名 | 3333.exe |
---|---|
文件大小 | 5475134 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | fddde184ff5ecf9dd184ec3600c6ad8b |
SHA1 | b3e5218b6be2ac5317e655a118676a626a9ce881 |
SHA256 | e0a54d150f3955d62cfdb6e5fafb3c5d673db898df5f31ad6b9e48b6911de06d |
SHA512 | f9083a7e1feac24e2c1b58bfd3f76662504bbb582a69e39bc5782e7729057cff63aa215a0698937bf8d9b316abab7d307fd72d9f6e9cde4418398ad3c1b16b43 |
CRC32 | B59B2F04 |
Ssdeep | 98304:ObJxxmmIjcbcT5Ec7O47yH8GoVRPzBn6mnZqlsneHeYnbW/5f3cL51g:ONPmmPcT5Ecq47tGMlxaVN624 |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 113.240.96.105 | 中国 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0041ec40 |
声明校验值 | 0x00000000 |
实际校验值 | 0x00548569 |
最低操作系统版本要求 | 5.1 |
PDB路径 | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
编译时间 | 2020-12-02 02:00:55 |
载入哈希 | fcf1390e9ce472c7270447fc5c61a0c1 |
图标 | |
图标精确哈希值 | 8d9da329386d64d6b86a12bd2f986399 |
图标相似性哈希值 | 9043363bfee17e0d508057b9ae7189e9 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000310ea | 0x00031200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.71 |
.rdata | 0x00033000 | 0x0000a612 | 0x0000a800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.22 |
.data | 0x0003e000 | 0x00023728 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.71 |
.didat | 0x00062000 | 0x00000188 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.30 |
.rsrc | 0x00063000 | 0x0000e000 | 0x0000d600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.82 |
.reloc | 0x00071000 | 0x00002268 | 0x00002400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.55 |
偏移量 | 0x0004ca00 |
大小 | 0x004ec13e |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
PNG | 0x0006418c | 0x000015a9 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.80 | PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced |
PNG | 0x0006418c | 0x000015a9 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.80 | PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced |
RT_ICON | 0x0006aea8 | 0x00003d71 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.95 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
RT_ICON | 0x0006aea8 | 0x00003d71 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.95 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
RT_ICON | 0x0006aea8 | 0x00003d71 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.95 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
RT_ICON | 0x0006aea8 | 0x00003d71 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.95 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
RT_ICON | 0x0006aea8 | 0x00003d71 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.95 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
RT_ICON | 0x0006aea8 | 0x00003d71 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.95 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
RT_ICON | 0x0006aea8 | 0x00003d71 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.95 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced |
RT_DIALOG | 0x0006f324 | 0x000001e6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.85 | data |
RT_DIALOG | 0x0006f324 | 0x000001e6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.85 | data |
RT_DIALOG | 0x0006f324 | 0x000001e6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.85 | data |
RT_DIALOG | 0x0006f324 | 0x000001e6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.85 | data |
RT_DIALOG | 0x0006f324 | 0x000001e6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.85 | data |
RT_DIALOG | 0x0006f324 | 0x000001e6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.85 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_STRING | 0x0006fc3c | 0x00000078 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.43 | data |
RT_GROUP_ICON | 0x0006fcb4 | 0x00000068 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.72 | MS Windows icon resource - 7 icons, 16x16 |
RT_MANIFEST | 0x0006fd1c | 0x00000753 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | XML 1.0 document, ASCII text, with CRLF line terminators |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 113.240.96.105 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 50585 | 113.240.96.105 officecdn.microsoft.com | 443 |
192.168.122.201 | 50587 | 113.240.96.105 officecdn.microsoft.com | 443 |
192.168.122.201 | 50588 | 113.240.96.105 officecdn.microsoft.com | 443 |
192.168.122.201 | 50584 | 192.168.122.1 | 53 |
192.168.122.201 | 49160 | 23.223.198.226 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 50585 | 113.240.96.105 officecdn.microsoft.com | 443 |
192.168.122.201 | 50587 | 113.240.96.105 officecdn.microsoft.com | 443 |
192.168.122.201 | 50588 | 113.240.96.105 officecdn.microsoft.com | 443 |
192.168.122.201 | 50584 | 192.168.122.1 | 53 |
192.168.122.201 | 49160 | 23.223.198.226 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2022-05-27 22:41:11.526555+0800 | 192.168.122.201 | 50585 | 113.240.96.105 | 443 | TLS 1.2 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=officecdn.microsoft.com | 8d:2d:67:1e:a1:57:41:9b:de:1c:c3:0e:4d:b7:d0:a8:70:68:99:c2 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 692587 |
---|---|
Mongo ID | 6290e38d7e769a0b42021f09 |
Cuckoo release | 1.4-Maldun |