分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-2 | 2024-03-27 12:48:08 | 2024-03-27 12:49:01 | 53 秒 |
文件名 | Mtb.exe |
---|---|
文件大小 | 11005888 字节 |
文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
MD5 | 43656b3ed226a8ef9e7ed3a11a464571 |
SHA1 | 174a2781763e0c97aa512549881f1faff602d509 |
SHA256 | b8ba66b90f6aa4e119924c87e053039454827e4ff37b638d40343b5e841cd035 |
SHA512 | e4822691f9d60553b72fba4368f2da33f7e5a71160769eb576b092537948e18129a4229b26865ccee384dd6a5e319f8baf0f51ba46518d205a577421e75d1311 |
CRC32 | 94EA8280 |
Ssdeep | 98304:1x+JSZpwyVrqYji0LhZUQ0L35dTZljaiNmePmVcyub08mcGW542:b4SZp35BXsbbTZZ7N5PibQ0ZcGW542 |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.18.38.233 | 美国 | |
否 | 152.195.38.76 | 美国 |
域名 | 安全评级 | 响应 |
---|---|---|
cacerts.digicert.com |
CNAME fp2e7a.wpc.2be4.phicdn.net CNAME fp2e7a.wpc.phicdn.net A 152.195.38.76 |
|
crt.usertrust.com |
A 104.18.38.233 CNAME crt.comodoca.com A 172.64.149.23 CNAME crt.comodoca.com.cdn.cloudflare.net |
初始地址 | 0x140000000 |
---|---|
入口地址 | 0x140542160 |
声明校验值 | 0x00a88a7c |
实际校验值 | 0x00a88af3 |
最低操作系统版本要求 | 6.0 |
PDB路径 | C:\a\2\s\Source\bin\x64\Release\Mtb.pdb |
编译时间 | 2024-03-12 01:20:39 |
载入哈希 | 6648fc8cc3ee3079e304c30561b37df0 |
图标 | |
图标精确哈希值 | ea3acda044c3277bda29814b766cb9c0 |
图标相似性哈希值 | dd3454ecd1e1067ad7aa64c1036779cd |
导出DLL库名称 | Mtb.exe |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
None | Tue Mar 12 03:14:02 2024 | WinVerifyTrust returned error 0x80096010 |
证书链 | Certificate Chain 1 |
发行给 | DigiCert Trusted Root G4 |
发行人 | DigiCert Trusted Root G4 |
有效期 | Fri Jan 15 200000 2038 |
SHA1 哈希 | ddfb16cd4931c973a2037d3fc83a4d7d775d05e4 |
证书链 | Certificate Chain 2 |
发行给 | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
发行人 | DigiCert Trusted Root G4 |
有效期 | Tue Apr 29 075959 2036 |
SHA1 哈希 | 7b0f360b775f76c94a12ca48445aa2d2a875701c |
证书链 | Certificate Chain 3 |
发行给 | Minitab, LLC |
发行人 | DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 |
有效期 | Mon Oct 21 075959 2024 |
SHA1 哈希 | 107c14d3eadeb823332181dcd9c3f7f605148713 |
证书链 | Timestamp Chain 1 |
发行给 | USERTrust RSA Certification Authority |
发行人 | AAA Certificate Services |
有效期 | Mon Jan 01 075959 2029 |
SHA1 哈希 | d89e3bd43d5d909b47a18977aa9d5ce36cee184c |
证书链 | Timestamp Chain 2 |
发行给 | Sectigo RSA Time Stamping CA |
发行人 | USERTrust RSA Certification Authority |
有效期 | Tue Jan 19 075959 2038 |
SHA1 哈希 | 02d65b95e28370c1570095fa88f923dd937fad8f |
证书链 | Timestamp Chain 3 |
发行给 | Sectigo RSA Time Stamping Signer #4 |
发行人 | Sectigo RSA Time Stamping CA |
有效期 | Thu Aug 03 075959 2034 |
SHA1 哈希 | ae62af750a0cbd47d6461f7568e2bc8ce7ca4f94 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x006d21ce | 0x006d2200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.53 |
.rdata | 0x006d4000 | 0x002e7610 | 0x002e7800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.43 |
.data | 0x009bc000 | 0x0004c440 | 0x0003ce00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.44 |
.pdata | 0x00a09000 | 0x00048da4 | 0x00048e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.42 |
.didat | 0x00a52000 | 0x00000178 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.67 |
.tls | 0x00a53000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.02 |
.rsrc | 0x00a54000 | 0x00014a98 | 0x00014c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.75 |
.reloc | 0x00a69000 | 0x00027f24 | 0x00028000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.45 |
偏移量 | 0x00a7ca00 |
大小 | 0x000025c0 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
REGISTRY | 0x00a546e0 | 0x000000ef | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.88 | ASCII text, with CRLF line terminators |
REGISTRY | 0x00a546e0 | 0x000000ef | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.88 | ASCII text, with CRLF line terminators |
REGISTRY | 0x00a546e0 | 0x000000ef | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.88 | ASCII text, with CRLF line terminators |
TYPELIB | 0x00a553ac | 0x000067d0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.34 | data |
TYPELIB | 0x00a553ac | 0x000067d0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.34 | data |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00a67b54 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.50 | GLS_BINARY_LSB_FIRST |
RT_GROUP_ICON | 0x00a67fbc | 0x00000092 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.04 | MS Windows icon resource - 10 icons, 48x48 |
RT_VERSION | 0x00a68050 | 0x00000358 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.25 | data |
RT_MANIFEST | 0x00a683a8 | 0x000006ed | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.14 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
序列 | 地址 | 名称 |
---|---|---|
1 | 0x1409bc144 | ?FLAGS_ceflog@fLI@@3HA |
2 | 0x1409f90b0 | ?FLAGS_config_modelops_domain@fLS@@3AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EA |
3 | 0x1409f9110 | ?FLAGS_dev_commands_yaml_file@fLS@@3AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EA |
4 | 0x1409f8f52 | ?FLAGS_dev_enable_output_pane_dev@fLB@@3_NA |
5 | 0x1409f8f50 | ?FLAGS_dev_enable_show_dev_tools@fLB@@3_NA |
6 | 0x1409f90d0 | ?FLAGS_dev_server_deployment@fLS@@3AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EA |
7 | 0x1409f8f00 | ?FLAGS_feature_itable_raw_html_copy@fLB@@3_NA |
8 | 0x1409f8f02 | ?FLAGS_force_local_help@fLB@@3_NA |
9 | 0x1409f8f54 | ?FLAGS_lcid@fLI@@3HA |
10 | 0x1409f9100 | ?FLAGS_lp_auth@fLS@@3AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EA |
11 | 0x1409bc154 | ?FLAGS_lp_auth_heartbeat_frequency@fLI@@3HA |
12 | 0x1409bc14c | ?FLAGS_lp_auth_offline_expiry@fLI@@3HA |
13 | 0x1409f8f04 | ?FLAGS_maxsession@fLB@@3_NA |
14 | 0x1409f8f06 | ?FLAGS_overwrite_newer@fLB@@3_NA |
15 | 0x1409f8f0c | ?FLAGS_regserver@fLB@@3_NA |
16 | 0x1409f8f08 | ?FLAGS_show_packages@fLB@@3_NA |
17 | 0x1409f8f0a | ?FLAGS_sixsigma@fLB@@3_NA |
18 | 0x1409bc140 | ?FLAGS_splash@fLB@@3_NA |
19 | 0x1409f8f0e | ?FLAGS_unregserver@fLB@@3_NA |
20 | 0x1409f90e0 | ?FLAGS_update_domain@fLS@@3AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EA |
21 | 0x1409f90f0 | ?FLAGS_xmlout@fLS@@3AEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EA |
22 | 0x1404881a0 | ?mClone@CmREMLCategoricalTerm@@QEAAPEAVImLinearModelTerm@@XZ |
23 | 0x1402a5000 | UpdateWksInfo |
24 | 0x1401439a0 | mDoesAboutBoxExist |
25 | 0x1402b85d0 | mGetFileName |
26 | 0x1403ec2b0 | mIsEditorMenuName |
27 | 0x1403eb000 | mIsMtbCommandAllowed |
28 | 0x1401439b0 | mKillAboutBox |
29 | 0x1403eb0d0 | mNowInPopupMenu |
30 | 0x1403eb0f0 | mOKToDisplayPopupMenu |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.18.38.233 | 美国 | |
否 | 152.195.38.76 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49160 | 104.18.38.233 crt.usertrust.com | 80 |
192.168.122.202 | 49159 | 152.195.38.76 cacerts.digicert.com | 80 |
192.168.122.202 | 49157 | 23.2.13.225 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 50785 | 192.168.122.1 | 53 |
192.168.122.202 | 57208 | 192.168.122.1 | 53 |
192.168.122.202 | 62960 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
cacerts.digicert.com |
CNAME fp2e7a.wpc.2be4.phicdn.net CNAME fp2e7a.wpc.phicdn.net A 152.195.38.76 |
|
crt.usertrust.com |
A 104.18.38.233 CNAME crt.comodoca.com A 172.64.149.23 CNAME crt.comodoca.com.cdn.cloudflare.net |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49160 | 104.18.38.233 crt.usertrust.com | 80 |
192.168.122.202 | 49159 | 152.195.38.76 cacerts.digicert.com | 80 |
192.168.122.202 | 49157 | 23.2.13.225 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 50785 | 192.168.122.1 | 53 |
192.168.122.202 | 57208 | 192.168.122.1 | 53 |
192.168.122.202 | 62960 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://cacerts.digicert.com/DigiCertTrustedRootG4.crt | GET /DigiCertTrustedRootG4.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: cacerts.digicert.com |
URL专业沙箱检测 -> http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt | GET /USERTrustRSAAddTrustCA.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crt.usertrust.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 743103 |
---|---|
Mongo ID | 6603a5967e769a7994a59b86 |
Cuckoo release | 1.4-Maldun |