恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2024-04-19 13:51:39	2024-04-19 13:53:48	129 秒

魔盾分数

5.95

可疑的

文件详细信息

文件名	自动准备挂机.exe
文件大小	1187840 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	ca6682337b4b31d92dcc3780f680ff6f
SHA1	95cf1da5ee2b2b9abcbc915e4b655e3a22276753
SHA256	8ac7ef2adca33efe2910222c54bf0cb3313069a8aa27d3dd41cd9197a0d53e37
SHA512	3b0ff637225bb3ed0818a398abaf7154f79ed430761dc13eaab4f23e71f055a41bb1d93b0eb4c35678acecfcbaedbf27df4c21309ac06279695391727d3b3b5b
CRC32	CD423F40
Ssdeep	24576:DlE8u23m1pR7RAQHU4lGIOCHBIZZ40Q58vnt:DX38Rx+ChCQe
Yara	登录查看Yara规则
	找不到该样本提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004859f0
声明校验值	0x00000000
实际校验值	0x001285a2
最低操作系统版本要求	4.0
编译时间	2024-04-18 17:11:49
载入哈希	a6d76d9d5d8488a907b5ed0e17a34239

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x00098fde	0x00099000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.18
.rdata	0x0009a000	0x00005836	0x00006000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.78
.data	0x000a0000	0x0009c23e	0x00081000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	6.88
.rsrc	0x0013d000	0x00000298	0x00001000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	3.51

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_VERSION	0x0013d058	0x00000240	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.83	data

导入

库: SHLWAPI.dll:

• 0x49a28c PathFileExistsA

• 0x49a290 PathIsDirectoryA

库: WS2_32.dll:

• 0x49a4a0 WSACleanup

库: KERNEL32.dll:

• 0x49a0b0 LoadLibraryA

• 0x49a0b4 GetProcAddress

• 0x49a0b8 FreeLibrary

• 0x49a0bc GetCommandLineA

• 0x49a0c0 LCMapStringA

• 0x49a0c4 GetEnvironmentVariableA

• 0x49a0c8 DeleteFileA

• 0x49a0cc WriteFile

• 0x49a0d0 CreateFileA

• 0x49a0d4 GetFileSize

• 0x49a0d8 ReadFile

• 0x49a0dc CloseHandle

• 0x49a0e0 GlobalAlloc

• 0x49a0e4 GlobalLock

• 0x49a0e8 GlobalFree

• 0x49a0ec MultiByteToWideChar

• 0x49a0f0 Sleep

• 0x49a0f4 GetTickCount

• 0x49a0f8 GetModuleFileNameA

• 0x49a0fc IsBadReadPtr

• 0x49a100 HeapReAlloc

• 0x49a104 ExitProcess

• 0x49a108 InterlockedExchange

• 0x49a10c SetStdHandle

• 0x49a110 IsBadCodePtr

• 0x49a114 GetStringTypeW

• 0x49a118 GetStringTypeA

• 0x49a11c SetUnhandledExceptionFilter

• 0x49a120 LCMapStringW

• 0x49a124 IsBadWritePtr

• 0x49a128 VirtualAlloc

• 0x49a12c VirtualFree

• 0x49a130 GetFileType

• 0x49a134 GetStdHandle

• 0x49a138 SetHandleCount

• 0x49a13c GetEnvironmentStringsW

• 0x49a140 GetEnvironmentStrings

• 0x49a144 FreeEnvironmentStringsW

• 0x49a148 FreeEnvironmentStringsA

• 0x49a14c UnhandledExceptionFilter

• 0x49a150 GetACP

• 0x49a154 HeapSize

• 0x49a158 RaiseException

• 0x49a15c RtlUnwind

• 0x49a160 GetStartupInfoA

• 0x49a164 GetOEMCP

• 0x49a168 GetCPInfo

• 0x49a16c SetErrorMode

• 0x49a170 GetProcessVersion

• 0x49a174 GlobalGetAtomNameA

• 0x49a178 GetModuleHandleA

• 0x49a17c GetSystemInfo

• 0x49a180 CreateMutexA

• 0x49a184 GlobalAddAtomA

• 0x49a188 GlobalFindAtomA

• 0x49a18c WritePrivateProfileStringA

• 0x49a190 GlobalFlags

• 0x49a194 TlsGetValue

• 0x49a198 LocalReAlloc

• 0x49a19c CreateEventA

• 0x49a1a0 GlobalSize

• 0x49a1a4 lstrcpyn

• 0x49a1a8 GlobalUnlock

• 0x49a1ac GetSystemDirectoryA

• 0x49a1b0 GetTempPathA

• 0x49a1b4 HeapCreate

• 0x49a1b8 RtlZeroMemory

• 0x49a1bc HeapDestroy

• 0x49a1c0 HeapFree

• 0x49a1c4 HeapAlloc

• 0x49a1c8 GetProcessHeap

• 0x49a1cc ReleaseMutex

• 0x49a1d0 RtlMoveMemory

• 0x49a1d4 WideCharToMultiByte

• 0x49a1d8 QueryDosDeviceA

• 0x49a1dc GetLogicalDriveStringsA

• 0x49a1e0 TerminateProcess

• 0x49a1e4 Process32Next

• 0x49a1e8 Process32First

• 0x49a1ec CreateToolhelp32Snapshot

• 0x49a1f0 SetFilePointer

• 0x49a1f4 GetLastError

• 0x49a1f8 GetCurrentProcess

• 0x49a1fc GetVersionExA

• 0x49a200 OpenProcess

• 0x49a204 lstrcpyA

• 0x49a208 lstrlenA

• 0x49a20c SetLastError

• 0x49a210 lstrcatA

• 0x49a214 LockResource

• 0x49a218 LoadResource

• 0x49a21c FindResourceA

• 0x49a220 GetVersion

• 0x49a224 GetCurrentThreadId

• 0x49a228 GetCurrentThread

• 0x49a22c lstrcmpiA

• 0x49a230 lstrcmpA

• 0x49a234 GlobalDeleteAtom

• 0x49a238 InterlockedIncrement

• 0x49a23c InterlockedDecrement

• 0x49a240 MulDiv

• 0x49a244 LocalFree

• 0x49a248 FlushFileBuffers

• 0x49a24c lstrcpynA

• 0x49a250 LocalAlloc

• 0x49a254 InitializeCriticalSection

• 0x49a258 TlsAlloc

• 0x49a25c DeleteCriticalSection

• 0x49a260 GlobalHandle

• 0x49a264 TlsFree

• 0x49a268 LeaveCriticalSection

• 0x49a26c GlobalReAlloc

• 0x49a270 EnterCriticalSection

• 0x49a274 TlsSetValue

库: USER32.dll:

• 0x49a298 GetWindowThreadProcessId

• 0x49a29c FindWindowA

• 0x49a2a0 SystemParametersInfoA

• 0x49a2a4 UpdateWindow

• 0x49a2a8 SetWindowLongA

• 0x49a2ac GetWindowTextA

• 0x49a2b0 GetWindowLongA

• 0x49a2b4 IsWindowVisible

• 0x49a2b8 PtInRect

• 0x49a2bc GetWindow

• 0x49a2c0 GetParent

• 0x49a2c4 PostQuitMessage

• 0x49a2c8 PostMessageA

• 0x49a2cc SetCursor

• 0x49a2d0 SetWindowsHookExA

• 0x49a2d4 ValidateRect

• 0x49a2d8 CallNextHookEx

• 0x49a2dc GetKeyState

• 0x49a2e0 GetActiveWindow

• 0x49a2e4 GetNextDlgTabItem

• 0x49a2e8 GetFocus

• 0x49a2ec CheckMenuItem

• 0x49a2f0 SetMenuItemBitmaps

• 0x49a2f4 ModifyMenuA

• 0x49a2f8 GetMenuState

• 0x49a2fc LoadBitmapA

• 0x49a300 GetMenuCheckMarkDimensions

• 0x49a304 RegisterClipboardFormatA

• 0x49a308 ClientToScreen

• 0x49a30c TabbedTextOutA

• 0x49a310 DrawTextA

• 0x49a314 GrayStringA

• 0x49a318 UnhookWindowsHookEx

• 0x49a31c DestroyWindow

• 0x49a320 CreateDialogIndirectParamA

• 0x49a324 EndDialog

• 0x49a328 GetDlgCtrlID

• 0x49a32c SetWindowTextA

• 0x49a330 GetMenuItemCount

• 0x49a334 SendDlgItemMessageA

• 0x49a338 IsDialogMessageA

• 0x49a33c SetFocus

• 0x49a340 GetWindowPlacement

• 0x49a344 RegisterWindowMessageA

• 0x49a348 SetForegroundWindow

• 0x49a34c GetForegroundWindow

• 0x49a350 GetMessagePos

• 0x49a354 GetMessageTime

• 0x49a358 DefWindowProcA

• 0x49a35c RemovePropA

• 0x49a360 CallWindowProcA

• 0x49a364 GetPropA

• 0x49a368 SetPropA

• 0x49a36c GetClassLongA

• 0x49a370 CreateWindowExA

• 0x49a374 RegisterClassA

• 0x49a378 GetClassInfoA

• 0x49a37c WinHelpA

• 0x49a380 GetCapture

• 0x49a384 GetTopWindow

• 0x49a388 CopyRect

• 0x49a38c GetClientRect

• 0x49a390 AdjustWindowRectEx

• 0x49a394 GetSysColor

• 0x49a398 MapWindowPoints

• 0x49a39c LoadIconA

• 0x49a3a0 LoadCursorA

• 0x49a3a4 GetSysColorBrush

• 0x49a3a8 LoadStringA

• 0x49a3ac UnregisterClassA

• 0x49a3b0 PostThreadMessageA

• 0x49a3b4 DestroyMenu

• 0x49a3b8 GetClassNameA

• 0x49a3bc IsWindow

• 0x49a3c0 SendMessageA

• 0x49a3c4 SetKeyboardState

• 0x49a3c8 GetWindowInfo

• 0x49a3cc SendInput

• 0x49a3d0 SetWinEventHook

• 0x49a3d4 UnhookWinEvent

• 0x49a3d8 DrawIcon

• 0x49a3dc EnumDisplaySettingsA

• 0x49a3e0 WindowFromDC

• 0x49a3e4 MessageBoxA

• 0x49a3e8 wsprintfA

• 0x49a3ec DispatchMessageA

• 0x49a3f0 TranslateMessage

• 0x49a3f4 GetAsyncKeyState

• 0x49a3f8 IsIconic

• 0x49a3fc ShowWindow

• 0x49a400 IsWindowEnabled

• 0x49a404 EnableMenuItem

• 0x49a408 RedrawWindow

• 0x49a40c GetWindowRect

• 0x49a410 GetAncestor

• 0x49a414 GetMenuBarInfo

• 0x49a418 WindowFromPoint

• 0x49a41c SetActiveWindow

• 0x49a420 SwitchToThisWindow

• 0x49a424 SetWindowPos

• 0x49a428 FindWindowExA

• 0x49a42c IsZoomed

• 0x49a430 GetWindowDC

• 0x49a434 ReleaseDC

• 0x49a438 GetDlgItem

• 0x49a43c GetCursorInfo

• 0x49a440 ChildWindowFromPointEx

• 0x49a444 GetDC

• 0x49a448 FillRect

• 0x49a44c DrawIconEx

• 0x49a450 EnableWindow

• 0x49a454 GetLastActivePopup

• 0x49a458 GetScrollInfo

• 0x49a45c GetMenu

• 0x49a460 GetSubMenu

• 0x49a464 GetMenuItemID

• 0x49a468 GetMenuStringA

• 0x49a46c MoveWindow

• 0x49a470 MessageBoxTimeoutW

• 0x49a474 MapVirtualKeyA

• 0x49a478 GetSystemMetrics

• 0x49a47c GetCursorPos

• 0x49a480 PeekMessageA

• 0x49a484 GetMessageA

• 0x49a488 AttachThreadInput

库: GDI32.dll:

• 0x49a024 DeleteDC

• 0x49a028 GetDeviceCaps

• 0x49a02c GetClipBox

• 0x49a030 ScaleWindowExtEx

• 0x49a034 SetWindowExtEx

• 0x49a038 ScaleViewportExtEx

• 0x49a03c SetViewportExtEx

• 0x49a040 OffsetViewportOrgEx

• 0x49a044 SetViewportOrgEx

• 0x49a048 SetMapMode

• 0x49a04c SetTextColor

• 0x49a050 SetBkColor

• 0x49a054 RestoreDC

• 0x49a058 SaveDC

• 0x49a05c Escape

• 0x49a060 ExtTextOutA

• 0x49a064 TextOutA

• 0x49a068 RectVisible

• 0x49a06c PtVisible

• 0x49a070 SelectObject

• 0x49a074 Rectangle

• 0x49a078 CreateCompatibleDC

• 0x49a07c CreateSolidBrush

• 0x49a080 CreateDIBSection

• 0x49a084 BitBlt

• 0x49a088 GetDIBits

• 0x49a08c GetStockObject

• 0x49a090 CreateDIBitmap

• 0x49a094 GetTextExtentPoint32A

• 0x49a098 CreateBitmap

• 0x49a09c GetCurrentObject

• 0x49a0a0 StretchBlt

• 0x49a0a4 GetObjectA

• 0x49a0a8 DeleteObject

库: ADVAPI32.dll:

• 0x49a000 RegCreateKeyExA

• 0x49a004 RegOpenKeyA

• 0x49a008 RegQueryValueExA

• 0x49a00c RegCloseKey

• 0x49a010 RegOpenKeyExA

• 0x49a014 RegSetValueExA

库: SHELL32.dll:

• 0x49a284 SHAppBarMessage

库: ole32.dll:

• 0x49a4e4 OleInitialize

• 0x49a4e8 OleUninitialize

• 0x49a4ec CoFreeUnusedLibraries

• 0x49a4f0 CoRevokeClassObject

• 0x49a4f4 OleFlushClipboard

• 0x49a4f8 OleIsCurrentClipboard

• 0x49a4fc CreateStreamOnHGlobal

• 0x49a500 CoRegisterMessageFilter

库: gdiplus.dll:

• 0x49a4a8 GdipDisposeImage

• 0x49a4ac GdipDeleteGraphics

• 0x49a4b0 GdiplusShutdown

• 0x49a4b4 GdipDrawImageRectRect

• 0x49a4b8 GdipFillRectangle

• 0x49a4bc GdipGetImageGraphicsContext

• 0x49a4c0 GdipCreateBitmapFromScan0

• 0x49a4c4 GdipSaveImageToStream

• 0x49a4c8 GdipGetImageWidth

• 0x49a4cc GdipCreateSolidFill

• 0x49a4d0 GdipDeleteBrush

• 0x49a4d4 GdipCreateBitmapFromStream

• 0x49a4d8 GdiplusStartup

• 0x49a4dc GdipGetImageHeight

库: oledlg.dll:

• 0x49a508 None

库: OLEAUT32.dll:

• 0x49a27c VariantTimeToSystemTime

库: WINSPOOL.DRV:

• 0x49a490 DocumentPropertiesA

• 0x49a494 ClosePrinter

• 0x49a498 OpenPrinterA

库: COMCTL32.dll:

• 0x49a01c None

.text
`.rdata
@.data
.rsrc
D$@ary

没有防病毒引擎扫描信息!

进程树

__________________.exe id: 2628

搜索
__________________.exe (2628)

__________________.exe, PID: 2628, 上一级进程 PID: 2248

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.114.76.144	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	104.114.76.144	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 14.24 seconds )

10.995 Suricata
1.15 NetworkAnalysis
1.077 Static
0.469 TargetInfo
0.4 peid
0.121 BehaviorAnalysis
0.012 Strings
0.01 AnalysisInfo
0.003 Memory
0.003 config_decoder

Signatures ( 1.491 seconds )

1.368 proprietary_url_bl
0.018 antiav_detectreg
0.009 proprietary_domain_bl
0.008 infostealer_ftp
0.007 api_spamming
0.005 stealth_decoy_document
0.005 anomaly_persistence_autorun
0.005 stealth_timeout
0.005 antiav_detectfile
0.005 infostealer_im
0.004 antianalysis_detectreg
0.004 geodo_banking_trojan
0.004 ransomware_extensions
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_mail
0.003 network_http
0.002 tinba_behavior
0.002 antiemu_wine_func
0.002 kovter_behavior
0.002 antivm_vbox_files
0.002 bot_drive
0.002 disables_browser_warn
0.001 rat_nanocore
0.001 antiav_avast_libs
0.001 betabot_behavior
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 kibex_behavior
0.001 antivm_generic_scsi
0.001 infostealer_browser_password
0.001 cerber_behavior
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 bot_drive2
0.001 browser_addon
0.001 browser_security
0.001 modify_proxy
0.001 proprietary_malicious_drop_executable_file_to_temp_folder
0.001 proprietary_bad_drop
0.001 network_cnc_http

Reporting ( 0.572 seconds )

0.518 ReportHTMLSummary
0.054 Malheur


Task ID	744117
Mongo ID	662207227e769a7c1c1706ca
Cuckoo release	1.4-Maldun