恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-1	2024-03-27 14:00:02	2024-03-27 14:00:35	33 秒

魔盾分数

5.25

可疑的

文件详细信息

文件名	Project1.exe
文件大小	12288 字节
文件类型	PE32 executable (console) Intel 80386, for MS Windows
MD5	b07e6912b33f9b751663005e508fa891
SHA1	57120c08a7dd929d43f801242cc4b02de051c304
SHA256	5dacbaa92c684d293b7c00d42f62bb7331c23a292ebd34b7a2295c0725d9a06b
SHA512	e2175d771b0ddaa14e7322a1a2bc1ece8013188442db186210ec0a1a125c3c856353437b327fceebea693ac86bb666c9a9b6e9952d61c2e570bea02fc28e026e
CRC32	63AA314A
Ssdeep	192:EGOk/7Sn2DHqi3mA/jOGU/SIOSygCTL7E5pz6UJoZZ8o:EGOizHv3mOjXtJgi7jz8
Yara	登录查看Yara规则
	找不到该样本提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x0040181a
声明校验值	0x00000000
实际校验值	0x0000b8e1
最低操作系统版本要求	6.0
PDB路径	C:\Users\Sam\Desktop\CCCCC\Project1\Release\Project1.pdb
编译时间	2024-03-27 13:59:14
载入哈希	73185738d15f3944026d0aa739888d0d

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00001241	0x00001400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	5.83
.rdata	0x00003000	0x00000e16	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.42
.data	0x00004000	0x00000390	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.28
.rsrc	0x00005000	0x000001e0	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.70
.reloc	0x00006000	0x0000020c	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	4.06

导入

库: KERNEL32.dll:

• 0x403000 Sleep

• 0x403004 GetLastError

• 0x403008 CreateThread

• 0x40300c ExitProcess

• 0x403010 IsDebuggerPresent

• 0x403014 InitializeSListHead

• 0x403018 GetSystemTimeAsFileTime

• 0x40301c GetCurrentThreadId

• 0x403020 GetCurrentProcessId

• 0x403024 QueryPerformanceCounter

• 0x403028 IsProcessorFeaturePresent

• 0x40302c TerminateProcess

• 0x403030 GetCurrentProcess

• 0x403034 SetUnhandledExceptionFilter

• 0x403038 UnhandledExceptionFilter

• 0x40303c GetModuleHandleW

库: USER32.dll:

• 0x403044 DispatchMessageW

• 0x403048 GetMessageW

• 0x40304c TranslateMessage

• 0x403050 MessageBoxA

• 0x403054 GetAsyncKeyState

• 0x403058 PostMessageA

• 0x40305c FindWindowExA

库: VCRUNTIME140.dll:

• 0x403064 _except_handler4_common

• 0x403068 memset

• 0x40306c __current_exception

• 0x403070 __current_exception_context

库: api-ms-win-crt-time-l1-1-0.dll:

• 0x4030f8 clock

库: api-ms-win-crt-stdio-l1-1-0.dll:

• 0x4030e4 __p__commode

• 0x4030e8 __acrt_iob_func

• 0x4030ec __stdio_common_vfprintf

• 0x4030f0 _set_fmode

库: api-ms-win-crt-runtime-l1-1-0.dll:

• 0x403090 _get_initial_narrow_environment

• 0x403094 _c_exit

• 0x403098 _initterm_e

• 0x40309c _initialize_narrow_environment

• 0x4030a0 _exit

• 0x4030a4 _cexit

• 0x4030a8 _crt_atexit

• 0x4030ac _controlfp_s

• 0x4030b0 terminate

• 0x4030b4 _configure_narrow_argv

• 0x4030b8 __p___argv

• 0x4030bc _set_app_type

• 0x4030c0 _register_onexit_function

• 0x4030c4 _initterm

• 0x4030c8 _initialize_onexit_table

• 0x4030cc _seh_filter_exe

• 0x4030d0 system

• 0x4030d4 exit

• 0x4030d8 _register_thread_local_exe_atexit_callback

• 0x4030dc __p___argc

库: api-ms-win-crt-math-l1-1-0.dll:

• 0x403088 __setusermatherr

库: api-ms-win-crt-locale-l1-1-0.dll:

• 0x403080 _configthreadlocale

库: api-ms-win-crt-heap-l1-1-0.dll:

• 0x403078 _set_new_mode

.text
`.rdata
@.data
.rsrc
@.reloc
PhL2@
QVWhl2@
u"h@C@
TelegramDesktop
Qt51512QWindow
Qt51512QWindowIcon
Chrome_WidgetWin_0
Catizen
Chrome_WidgetWin_1
Chrome Legacy Window
Chrome_RenderWidgetHostHWND
Script End.
C:\Users\Sam\Desktop\CCCCC\Project1\Release\Project1.pdb
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$voltmd
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data
.rsrc$01
.rsrc$02
Sleep
GetLastError
CreateThread
ExitProcess
KERNEL32.dll
TranslateMessage
MessageBoxA
FindWindowExA
DispatchMessageW
GetAsyncKeyState
PostMessageA
GetMessageW
USER32.dll
__current_exception
__current_exception_context
memset
_except_handler4_common
VCRUNTIME140.dll
clock
__acrt_iob_func
__stdio_common_vfprintf
system
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_set_fmode
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
>0?5?I?S?\?
74787

没有防病毒引擎扫描信息!

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.123.154.26	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.123.154.26	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	63246	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 15.843 seconds )

12.058 Suricata
2.654 NetworkAnalysis
0.552 Static
0.302 peid
0.262 TargetInfo
0.01 AnalysisInfo
0.002 BehaviorAnalysis
0.002 Memory
0.001 Strings

Signatures ( 1.69 seconds )

1.597 proprietary_url_bl
0.015 antiav_detectreg
0.008 proprietary_domain_bl
0.006 antiav_detectfile
0.006 infostealer_ftp
0.005 anomaly_persistence_autorun
0.004 antianalysis_detectreg
0.004 geodo_banking_trojan
0.004 infostealer_im
0.004 ransomware_extensions
0.004 ransomware_files
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_bitcoin
0.003 network_http
0.002 tinba_behavior
0.002 rat_nanocore
0.002 browser_security
0.002 infostealer_mail
0.001 betabot_behavior
0.001 cerber_behavior
0.001 antidbg_devices
0.001 antivm_parallels_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 modify_proxy
0.001 proprietary_malicious_drop_executable_file_to_temp_folder
0.001 proprietary_bad_drop
0.001 network_cnc_http
0.001 stealth_modify_uac_prompt

Reporting ( 0.548 seconds )

0.541 ReportHTMLSummary
0.007 Malheur


Task ID	743108
Mongo ID	6603b640dc327bb8988befef
Cuckoo release	1.4-Maldun