比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-07-04 18:21:32 2022-07-04 18:23:41 129 秒

魔盾分数

2.25

可疑的

文件详细信息

文件名 8.exe
文件大小 1007616 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4d737de82c3c15df0d8eda3c88d11639
SHA1 6c33e493ed3e4b7238aea46ec5ed99635c660d46
SHA256 bf83dc91a4b356331aa8adbcb602ecf3196db6ef9f7a0cb5c8ea78f2f5f89d0a
SHA512 c57b0e8d4a101142f3a321c0063792afdb75bde6b38a02499c20cf584209342b7714c06081270c39cecacb9fc9249b44d4ab278d49c2250781c8858ebc2b419b
CRC32 234DB6F0
Ssdeep 24576:rmUO0Lx6dBImxUuVxzj9blj6/LQNELPvcsEbDP:rmUOHImWeNjJlWM2DU5
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00461ce1
声明校验值 0x00000000
实际校验值 0x00102a97
最低操作系统版本要求 4.0
编译时间 2022-07-04 18:18:26
载入哈希 fdb6d5e6e0b1a9344cf8a2df770de1e4

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0007fdba 0x00080000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x00081000 0x0005c61a 0x0005d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.49
.data 0x000de000 0x0002ab48 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.08
.rsrc 0x00109000 0x00005758 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.26

导入

库: KERNEL32.dll:
0x481170 SetEndOfFile
0x481174 UnlockFile
0x481178 LockFile
0x48117c FlushFileBuffers
0x481180 SetFilePointer
0x481184 DuplicateHandle
0x481188 lstrcpynA
0x48118c SetLastError
0x481198 LocalFree
0x4811a0 GetCurrentProcess
0x4811a4 CreateSemaphoreA
0x4811a8 ResumeThread
0x4811ac ReleaseSemaphore
0x4811b8 GetProfileStringA
0x4811bc SetStdHandle
0x4811c0 IsBadCodePtr
0x4811c4 IsBadReadPtr
0x4811c8 CompareStringW
0x4811cc CompareStringA
0x4811d4 GetStringTypeW
0x4811d8 GetStringTypeA
0x4811dc IsBadWritePtr
0x4811e0 VirtualAlloc
0x4811e4 LCMapStringW
0x4811e8 LCMapStringA
0x4811f0 VirtualFree
0x4811f4 HeapCreate
0x4811f8 HeapDestroy
0x481200 GetFileType
0x481204 GetStdHandle
0x481208 SetHandleCount
0x481220 GetACP
0x481224 HeapSize
0x481228 TerminateProcess
0x48122c GetLocalTime
0x481230 GetSystemTime
0x481238 RaiseException
0x48123c WriteFile
0x481244 CreateFileA
0x481248 SetEvent
0x48124c FindResourceA
0x481250 LoadResource
0x481254 LockResource
0x481258 ReadFile
0x48125c GetModuleFileNameA
0x481260 WideCharToMultiByte
0x481264 MultiByteToWideChar
0x481268 GetCurrentThreadId
0x48126c ExitProcess
0x481270 GlobalSize
0x481274 GlobalFree
0x481280 lstrcatA
0x481284 lstrlenA
0x481288 WinExec
0x48128c lstrcpyA
0x481290 FindNextFileA
0x481294 GlobalReAlloc
0x481298 HeapFree
0x48129c HeapReAlloc
0x4812a0 GetProcessHeap
0x4812a4 HeapAlloc
0x4812a8 GetFullPathNameA
0x4812ac FreeLibrary
0x4812b0 LoadLibraryA
0x4812b4 GetLastError
0x4812b8 GetVersionExA
0x4812c0 CreateThread
0x4812c4 CreateEventA
0x4812c8 Sleep
0x4812cc GlobalAlloc
0x4812d0 GlobalLock
0x4812d4 GlobalUnlock
0x4812d8 FindFirstFileA
0x4812dc FindClose
0x4812e0 SetFileAttributesA
0x4812e4 GetFileAttributesA
0x4812e8 RtlUnwind
0x4812ec GetStartupInfoA
0x4812f0 GetOEMCP
0x4812f4 GetCPInfo
0x4812f8 GetProcessVersion
0x4812fc SetErrorMode
0x481300 GlobalFlags
0x481304 GetCurrentThread
0x481308 GetFileTime
0x48130c GetFileSize
0x481310 TlsGetValue
0x481314 LocalReAlloc
0x481318 TlsSetValue
0x48131c TlsFree
0x481320 GlobalHandle
0x481324 TlsAlloc
0x481328 LocalAlloc
0x48132c lstrcmpA
0x481330 DeleteFileA
0x48133c GetModuleHandleA
0x481340 GetProcAddress
0x481344 MulDiv
0x481348 GetCommandLineA
0x48134c GetTickCount
0x481350 WaitForSingleObject
0x481354 CloseHandle
0x481358 lstrcmpiA
0x48135c GlobalDeleteAtom
0x481360 GetVersion
0x481364 GlobalGetAtomNameA
0x481368 GlobalAddAtomA
0x48136c GlobalFindAtomA
库: USER32.dll:
0x481394 RegisterClassA
0x481398 wsprintfA
0x48139c CloseClipboard
0x4813a0 GetClipboardData
0x4813a4 OpenClipboard
0x4813a8 SetClipboardData
0x4813ac EmptyClipboard
0x4813b0 GetSystemMetrics
0x4813b4 GetCursorPos
0x4813b8 MessageBoxA
0x4813bc SetWindowPos
0x4813c0 SendMessageA
0x4813c4 DestroyCursor
0x4813c8 SetParent
0x4813cc IsWindow
0x4813d0 PostMessageA
0x4813d4 GetTopWindow
0x4813d8 GetParent
0x4813dc GetFocus
0x4813e0 GetClientRect
0x4813e4 InvalidateRect
0x4813e8 ValidateRect
0x4813ec UpdateWindow
0x4813f0 EqualRect
0x4813f4 GetWindowRect
0x4813f8 SetForegroundWindow
0x4813fc DestroyMenu
0x481400 IsChild
0x481404 ReleaseDC
0x481408 IsRectEmpty
0x48140c FillRect
0x481410 GetDC
0x481414 SetCursor
0x481418 LoadCursorA
0x48141c SetCursorPos
0x481420 SetActiveWindow
0x481424 GetSysColor
0x481428 SetWindowLongA
0x48142c GetWindowLongA
0x481430 RedrawWindow
0x481434 EnableWindow
0x481438 IsWindowVisible
0x48143c OffsetRect
0x481440 PtInRect
0x481444 DestroyIcon
0x481448 IntersectRect
0x48144c InflateRect
0x481450 SetRect
0x481454 SetScrollPos
0x481458 SetScrollRange
0x48145c GetScrollRange
0x481460 SetCapture
0x481464 GetCapture
0x481468 ReleaseCapture
0x48146c SetTimer
0x481470 KillTimer
0x481474 GetForegroundWindow
0x481478 LoadIconA
0x48147c TranslateMessage
0x481480 DrawFrameControl
0x481484 DrawEdge
0x481488 DrawFocusRect
0x48148c WindowFromPoint
0x481490 GetMessageA
0x481494 DispatchMessageA
0x481498 SetRectEmpty
0x4814a8 DrawIconEx
0x4814ac CreatePopupMenu
0x4814b0 AppendMenuA
0x4814b4 ModifyMenuA
0x4814b8 CreateMenu
0x4814c0 GetDlgCtrlID
0x4814c4 GetSubMenu
0x4814c8 EnableMenuItem
0x4814cc ClientToScreen
0x4814d4 LoadImageA
0x4814dc ShowWindow
0x4814e0 IsWindowEnabled
0x4814e8 GetKeyState
0x4814f0 PostQuitMessage
0x4814f4 IsZoomed
0x4814f8 GetClassInfoA
0x4814fc DefWindowProcA
0x481500 GetSystemMenu
0x481504 DeleteMenu
0x481508 GetMenu
0x48150c SetMenu
0x481510 GetWindowTextA
0x481518 CharUpperA
0x48151c GetWindowDC
0x481520 BeginPaint
0x481524 EndPaint
0x481528 TabbedTextOutA
0x48152c DrawTextA
0x481530 GrayStringA
0x481534 GetDlgItem
0x481538 DestroyWindow
0x481540 EndDialog
0x481544 GetNextDlgTabItem
0x481548 GetWindowPlacement
0x481550 GetLastActivePopup
0x481554 GetMessageTime
0x481558 RemovePropA
0x48155c CallWindowProcA
0x481560 GetPropA
0x481564 UnhookWindowsHookEx
0x481568 SetPropA
0x48156c GetClassLongA
0x481570 CallNextHookEx
0x481574 SetWindowsHookExA
0x481578 CreateWindowExA
0x48157c GetMenuItemID
0x481580 GetMenuItemCount
0x481584 UnregisterClassA
0x481588 GetScrollPos
0x48158c AdjustWindowRectEx
0x481590 MapWindowPoints
0x481594 SendDlgItemMessageA
0x481598 ScrollWindowEx
0x48159c IsDialogMessageA
0x4815a0 SetWindowTextA
0x4815a4 MoveWindow
0x4815a8 CheckMenuItem
0x4815ac SetMenuItemBitmaps
0x4815b0 GetMenuState
0x4815b8 GetClassNameA
0x4815bc GetDesktopWindow
0x4815c0 LoadStringA
0x4815c4 GetSysColorBrush
0x4815c8 PeekMessageA
0x4815cc IsIconic
0x4815d0 SetFocus
0x4815d4 GetActiveWindow
0x4815d8 GetWindow
0x4815e0 SetWindowRgn
0x4815e4 GetMessagePos
0x4815e8 ScreenToClient
0x4815f0 CopyRect
0x4815f4 LoadBitmapA
0x4815f8 WinHelpA
库: GDI32.dll:
0x481024 SelectClipRgn
0x481028 DeleteObject
0x48102c CreateDIBitmap
0x481034 CreatePalette
0x481038 StretchBlt
0x48103c SelectPalette
0x481040 RealizePalette
0x481044 GetDIBits
0x481048 GetWindowExtEx
0x48104c GetViewportOrgEx
0x481050 GetWindowOrgEx
0x481054 BeginPath
0x481058 EndPath
0x48105c PathToRegion
0x481060 CreateEllipticRgn
0x481064 CreateRoundRectRgn
0x481068 GetTextColor
0x48106c GetBkMode
0x481070 GetBkColor
0x481074 GetROP2
0x481078 GetStretchBltMode
0x48107c GetPolyFillMode
0x481084 CreateDCA
0x481088 CreateBitmap
0x48108c SelectObject
0x481090 GetObjectA
0x481094 CreatePen
0x481098 PatBlt
0x48109c CombineRgn
0x4810a0 CreatePolygonRgn
0x4810a4 FillRgn
0x4810a8 CreateSolidBrush
0x4810ac GetStockObject
0x4810b0 CreateFontIndirectA
0x4810b4 EndPage
0x4810b8 EndDoc
0x4810bc DeleteDC
0x4810c0 StartDocA
0x4810c4 StartPage
0x4810c8 BitBlt
0x4810cc CreateCompatibleDC
0x4810d0 Ellipse
0x4810d4 Rectangle
0x4810d8 LPtoDP
0x4810dc DPtoLP
0x4810e0 GetCurrentObject
0x4810e4 RoundRect
0x4810ec GetDeviceCaps
0x4810f0 SaveDC
0x4810f4 RestoreDC
0x4810f8 SetBkMode
0x4810fc SetPolyFillMode
0x481100 SetROP2
0x481104 SetTextColor
0x481108 SetMapMode
0x48110c SetViewportOrgEx
0x481110 OffsetViewportOrgEx
0x481114 SetViewportExtEx
0x481118 ScaleViewportExtEx
0x48111c SetWindowOrgEx
0x481120 SetWindowExtEx
0x481124 ScaleWindowExtEx
0x481128 GetClipBox
0x48112c ExcludeClipRect
0x481130 MoveToEx
0x481134 LineTo
0x481138 GetClipRgn
0x48113c SetStretchBltMode
0x481144 SetBkColor
0x481148 CreateRectRgn
0x48114c GetTextMetricsA
0x481150 Escape
0x481154 ExtTextOutA
0x481158 TextOutA
0x48115c RectVisible
0x481160 PtVisible
0x481164 GetViewportExtEx
0x481168 ExtSelectClipRgn
库: WINMM.dll:
0x481600 midiStreamRestart
0x481604 midiStreamClose
0x481608 midiOutReset
0x48160c midiStreamStop
0x481610 midiStreamOut
0x481618 midiStreamProperty
0x48161c midiStreamOpen
0x481624 waveOutOpen
0x481628 waveOutGetNumDevs
0x48162c waveOutClose
0x481630 waveOutReset
0x481634 waveOutPause
0x481638 waveOutWrite
库: WINSPOOL.DRV:
0x481648 ClosePrinter
0x48164c DocumentPropertiesA
0x481650 OpenPrinterA
库: ADVAPI32.dll:
0x481000 RegCloseKey
0x481004 RegOpenKeyExA
0x481008 RegSetValueExA
0x48100c RegQueryValueA
0x481010 RegCreateKeyExA
库: SHELL32.dll:
0x481388 ShellExecuteA
0x48138c Shell_NotifyIconA
库: ole32.dll:
0x481694 OleInitialize
0x481698 OleUninitialize
0x48169c CLSIDFromString
库: OLEAUT32.dll:
0x481378 UnRegisterTypeLib
0x48137c RegisterTypeLib
0x481380 LoadTypeLib
库: COMCTL32.dll:
0x481018 ImageList_Destroy
0x48101c None
库: WS2_32.dll:
0x481658 recvfrom
0x48165c ioctlsocket
0x481660 recv
0x481664 getpeername
0x481668 accept
0x48166c WSAAsyncSelect
0x481670 closesocket
0x481674 inet_ntoa
0x481678 WSACleanup
库: comdlg32.dll:
0x481680 GetFileTitleA
0x481684 GetSaveFileNameA
0x481688 GetOpenFileNameA
0x48168c ChooseColorA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
SEBEGN
SEBEGN
SEBEGN
SEBEGN
SEBEGN
SEBEGN
SEBEGN
SEBEGN
SEBEGN
SEBEGN
SEBEGN
SEENDP
VMProtect begin
VMProtect end
8`}<j
T$hVj
T$th
|$`Vj
|$|Vj
T$\Vj
D$@Sj
L$8h
D$8Rj
l$<VWj
tVSh,&N
l$lhD'N
T$,h4'N
D$(h('N
D$$h 'N
Ph kN
}'h
9^xu5j
T$,Qj
T$0Pj
D$8RPj
jjjjh
没有防病毒引擎扫描信息!

进程树

8.exe, PID: 2484, 上一级进程 PID: 2172
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.192.228.89 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.192.228.89 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 16.465 seconds )

  • 10.443 Suricata
  • 3.127 Static
  • 1.084 VirusTotal
  • 0.943 NetworkAnalysis
  • 0.42 TargetInfo
  • 0.355 peid
  • 0.069 BehaviorAnalysis
  • 0.011 Strings
  • 0.009 AnalysisInfo
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 1.425 seconds )

  • 1.316 md_url_bl
  • 0.018 antiav_detectreg
  • 0.01 stealth_file
  • 0.008 md_domain_bl
  • 0.007 infostealer_ftp
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 api_spamming
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 stealth_decoy_document
  • 0.002 stealth_timeout
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.533 seconds )

  • 0.532 ReportHTMLSummary
  • 0.001 Malheur
Task ID 697919
Mongo ID 62c2bfc8dc327b97d5050ad1
Cuckoo release 1.4-Maldun