比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-03-27 15:29:33 2024-03-27 15:30:33 60 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 f3b55cfccf1ed01a02ca6541a8052d613783f9ff7e164d07977d8d2adcee842e.exe
文件大小 14295136 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 64b4c77442fb505686b6d40dd846e0d5
SHA1 66bb66045ffcba88e34a1dac27b337ec23342e77
SHA256 f3b55cfccf1ed01a02ca6541a8052d613783f9ff7e164d07977d8d2adcee842e
SHA512 7817b67876584fb764d0ceb1ce4d810fa763451dc88c635bdcce7e3ff9c0a2fba322a2be7aad5c86130da1636bb5d46230f56f517a58c5a80e753e78c5841a20
CRC32 8E14A50E
Ssdeep 393216:kWfA20pksOFMMSQUOyUxSWUWLTYxb1m62X:Xz0zLMSZnojLTsQX
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00592554
声明校验值 0x00000000
最低操作系统版本要求 6.0
PDB路径 C:\JobRelease\win\Release\stubs\x86\ExternalUi.pdb
编译时间 2021-12-17 19:28:24
载入哈希 836688c7d21e39394af41ce9a8c2d728

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFileName
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0020ca5f 0x0020cc00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.42
.rdata 0x0020e000 0x00084070 0x00084200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.60
.data 0x00293000 0x000088f0 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.88
.rsrc 0x0029c000 0x00027e4c 0x00028000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.35
.reloc 0x002c4000 0x000252c8 0x00025400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.51

覆盖

偏移量 0x002e92c8
大小 0x00ab8d98

导入

库: KERNEL32.dll:
0x60e000 CreateFileW
0x60e004 CloseHandle
0x60e008 WriteFile
0x60e00c DeleteFileW
0x60e010 HeapDestroy
0x60e014 HeapSize
0x60e018 HeapReAlloc
0x60e01c HeapFree
0x60e020 HeapAlloc
0x60e024 GetProcessHeap
0x60e028 SizeofResource
0x60e02c LockResource
0x60e030 LoadResource
0x60e034 FindResourceW
0x60e038 FindResourceExW
0x60e03c RemoveDirectoryW
0x60e040 GetTempPathW
0x60e044 GetTempFileNameW
0x60e048 CreateDirectoryW
0x60e04c MoveFileW
0x60e050 GetLastError
0x60e05c GetModuleFileNameW
0x60e068 GetCurrentThreadId
0x60e06c RaiseException
0x60e070 SetLastError
0x60e074 GlobalUnlock
0x60e078 GlobalLock
0x60e07c GlobalAlloc
0x60e080 MulDiv
0x60e084 lstrcmpW
0x60e088 CreateEventW
0x60e08c FindClose
0x60e090 FindFirstFileW
0x60e094 GetFullPathNameW
0x60e098 SetEvent
0x60e0a0 lstrcpynW
0x60e0a4 CreateThread
0x60e0a8 WaitForSingleObject
0x60e0ac GetProcAddress
0x60e0b0 LoadLibraryExW
0x60e0b4 Sleep
0x60e0b8 GetDiskFreeSpaceExW
0x60e0bc DecodePointer
0x60e0c0 GetExitCodeThread
0x60e0c4 GetCurrentProcessId
0x60e0c8 FreeLibrary
0x60e0cc GetSystemDirectoryW
0x60e0d0 lstrlenW
0x60e0d4 VerifyVersionInfoW
0x60e0d8 VerSetConditionMask
0x60e0dc lstrcmpiW
0x60e0e0 GetModuleHandleW
0x60e0e4 LoadLibraryW
0x60e0e8 GetDriveTypeW
0x60e0ec CompareStringW
0x60e0f0 FindNextFileW
0x60e0f8 GetFileSize
0x60e0fc GetFileAttributesW
0x60e100 GetShortPathNameW
0x60e104 SetFileAttributesW
0x60e108 GetFileTime
0x60e10c CopyFileW
0x60e110 ReadFile
0x60e114 SetFilePointer
0x60e11c MultiByteToWideChar
0x60e120 WideCharToMultiByte
0x60e124 GetCurrentProcess
0x60e128 GetSystemInfo
0x60e130 VirtualProtect
0x60e134 VirtualQuery
0x60e138 LoadLibraryExA
0x60e13c GetStringTypeW
0x60e144 FormatMessageW
0x60e154 LocalFree
0x60e15c LoadLibraryA
0x60e160 GetModuleFileNameA
0x60e164 GetCurrentThread
0x60e168 GetConsoleOutputCP
0x60e16c FlushFileBuffers
0x60e174 GetStdHandle
0x60e17c OutputDebugStringW
0x60e180 CreateProcessW
0x60e184 GetExitCodeProcess
0x60e188 GetTickCount
0x60e18c GetCommandLineW
0x60e194 SetEndOfFile
0x60e19c GetLocaleInfoW
0x60e1ac GetSystemTime
0x60e1b0 GetDateFormatW
0x60e1b4 GetTimeFormatW
0x60e1bc Process32FirstW
0x60e1c0 Process32NextW
0x60e1c4 ResetEvent
0x60e1c8 GlobalFree
0x60e1d8 GetLocalTime
0x60e1dc CreateNamedPipeW
0x60e1e0 ConnectNamedPipe
0x60e1ec IsWow64Process
0x60e1f0 TerminateThread
0x60e1f4 LocalAlloc
0x60e1f8 CompareFileTime
0x60e1fc CopyFileExW
0x60e200 OpenEventW
0x60e204 PeekNamedPipe
0x60e210 EncodePointer
0x60e214 LCMapStringEx
0x60e21c CompareStringEx
0x60e220 GetCPInfo
0x60e224 IsDebuggerPresent
0x60e228 InitializeSListHead
0x60e23c VirtualAlloc
0x60e240 VirtualFree
0x60e24c TerminateProcess
0x60e250 GetStartupInfoW
0x60e254 RtlUnwind
0x60e258 TlsAlloc
0x60e25c TlsGetValue
0x60e260 TlsSetValue
0x60e264 TlsFree
0x60e268 ExitProcess
0x60e26c GetModuleHandleExW
0x60e270 GetFileType
0x60e278 LCMapStringW
0x60e27c IsValidLocale
0x60e280 GetUserDefaultLCID
0x60e284 EnumSystemLocalesW
0x60e288 GetConsoleMode
0x60e28c IsValidCodePage
0x60e290 GetACP
0x60e294 GetOEMCP
0x60e298 GetFileSizeEx
0x60e29c SetFilePointerEx
0x60e2a0 FindFirstFileExW
0x60e2a4 GetCommandLineA
0x60e2b0 SetStdHandle
0x60e2b4 ReadConsoleW
0x60e2b8 WriteConsoleW
.text
`.rdata
@.data
.rsrc
@.reloc
D$0X2b
D$`H3b
D$0X2b
D$`H3b
D$H(Fb
D$TpFb
D$l Gb
D$x\Gb
D$0X2b
D$`H3b
t[SUVWj
t+Vh0KA
t h0KA
FX@ b
Fh Bc
F\ Bc
没有防病毒引擎扫描信息!

进程树

f3b55cfccf1ed01a02ca6541a8052d613783f9ff7e164d07977d8d2adcee842e.exe, PID: 2628, 上一级进程 PID: 2276
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 23.72.90.68 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49157 23.72.90.68 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 53.858 seconds )

  • 30.982 Static
  • 12.216 Suricata
  • 6.115 BehaviorAnalysis
  • 3.209 TargetInfo
  • 1.05 NetworkAnalysis
  • 0.222 peid
  • 0.032 config_decoder
  • 0.016 AnalysisInfo
  • 0.014 Strings
  • 0.002 Memory

Signatures ( 3.748 seconds )

  • 1.707 proprietary_url_bl
  • 0.477 mimics_filetime
  • 0.322 api_spamming
  • 0.293 reads_self
  • 0.265 stealth_timeout
  • 0.212 stealth_file
  • 0.207 stealth_decoy_document
  • 0.122 bootkit
  • 0.023 antiav_detectreg
  • 0.009 infostealer_ftp
  • 0.009 proprietary_domain_bl
  • 0.007 antiav_detectfile
  • 0.006 anomaly_persistence_autorun
  • 0.006 infostealer_im
  • 0.005 infostealer_browser
  • 0.005 antianalysis_detectreg
  • 0.005 geodo_banking_trojan
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.004 infostealer_bitcoin
  • 0.004 network_http
  • 0.003 antivm_vbox_libs
  • 0.003 infostealer_browser_password
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 betabot_behavior
  • 0.002 kovter_behavior
  • 0.002 browser_security
  • 0.001 antiemu_wine_func
  • 0.001 antiav_avast_libs
  • 0.001 antivm_vmware_libs
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ipc_namedpipe
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 exec_crash
  • 0.001 antivm_generic_disk
  • 0.001 cerber_behavior
  • 0.001 virus
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 disables_system_restore
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.557 seconds )

  • 0.509 ReportHTMLSummary
  • 0.048 Malheur
Task ID 743116
Mongo ID 6603cba9dc327bb8978bece4
Cuckoo release 1.4-Maldun