比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-2 2024-04-19 21:48:36 2024-04-19 21:49:07 31 秒

魔盾分数

1.75

正常的

文件详细信息

文件名 DMCLIUpgrade.exe
文件大小 226816 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 5d300bdef89c7adeefe56012eade03e2
SHA1 8511ef061c7b215353a9d389a1fe87c02149223b
SHA256 d75258ab06ca5aabf9b5b1bb766faa78409bfde480c5efd46f5bdb9a55b8a5b9
SHA512 8047e48f25dec338b2abc15c5f881a79890e547b431ced9cd9d83eeae878e259183d41712741983169e57aace0f6a2f5110369e48471b6eb3beaa2f9bba5a097
CRC32 51B3FD18
Ssdeep 6144:IwMxT8SfxZ13X+qjrjq5hUOzQF/p/uwONct43D92U:H88S93X+qjrjqjU9pGHNu4B2U
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00411fe0
声明校验值 0x000457c1
实际校验值 0x000457c1
最低操作系统版本要求 5.1
PDB路径 F:\\xe6\x8b\x8d\xe5\x8d\x96\\xe5\xb7\xa5\xe7\xa8\x8b\Prj\\xe5\xa4\x9a\xe5\xbc\x80\DMCLIUpgrade\Release\DMCLIUpgrade.pdb
编译时间 2020-04-11 11:38:58
载入哈希 8c5897f1d1c274bb01ae644b060c787a
图标
图标精确哈希值 d549e08d5724f25a04600650f686caa2
图标相似性哈希值 cd28eee00afbf44d29ae798354f36182

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00017765 0x00017800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.47
.rdata 0x00019000 0x00008ea8 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.19
.data 0x00022000 0x00009dec 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.55
.tls 0x0002c000 0x00000002 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x0002d000 0x00011478 0x00011600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.12
.reloc 0x0003f000 0x00003aa2 0x00003c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.55

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_ICON 0x0003d7b4 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.72 GLS_BINARY_LSB_FIRST
RT_DIALOG 0x0003dd50 0x000000f8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.32 data
RT_DIALOG 0x0003dd50 0x000000f8 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.32 data
RT_STRING 0x0003de48 0x00000048 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.28 data
RT_GROUP_ICON 0x0003de90 0x000000bc LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.07 MS Windows icon resource - 13 icons, 48x48, 16 colors
RT_VERSION 0x0003df4c 0x000002cc LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.59 data
RT_MANIFEST 0x0003e218 0x0000025f LANG_ENGLISH SUBLANG_ENGLISH_US 4.95 ASCII text, with very long lines, with no line terminators

导入

库: libapr-1.dll:
0x419354 _apr_table_make@8
0x419358 _apr_array_pop@4
0x41935c _apr_pool_destroy@4
0x419368 _apr_array_make@12
0x419370 _apr_file_write@12
0x419374 _apr_initialize@0
0x419380 _apr_strerror@12
0x419384 _apr_file_close@4
0x419388 apr_terminate
0x41938c apr_snprintf
0x419390 apr_psprintf
0x419394 _apr_file_open@20
0x419398 _apr_time_exp_lt@12
0x41939c _apr_time_now@0
0x4193a4 _apr_pstrdup@8
0x4193a8 _apr_table_elts@4
0x4193ac _apr_table_addn@12
0x4193b4 _apr_palloc@8
0x4193c0 _apr_table_set@12
0x4193c8 _apr_table_get@8
0x4193cc _apr_strnatcmp@8
0x4193d0 _apr_pstrndup@12
0x4193d4 _apr_array_push@4
库: libcurl.dll:
0x4193ec curl_easy_perform
0x4193f0 curl_easy_setopt
0x4193f4 curl_slist_free_all
0x4193f8 curl_slist_append
0x4193fc curl_easy_reset
0x419400 curl_easy_init
0x419404 curl_global_init
0x419408 curl_easy_cleanup
0x41940c curl_easy_getinfo
0x419410 curl_easy_strerror
库: MXML1.dll:
0x4192e0 mxmlLoadString
0x4192e4 mxmlFindElement
0x4192e8 mxmlDelete
0x4192ec mxml_opaque_cb
库: libaprutil-1.dll:
0x4193dc _apr_sha1_update@12
0x4193e0 _apr_sha1_final@8
0x4193e4 _apr_sha1_init@4
库: WS2_32.dll:
0x41934c inet_addr
库: MSVCP100.dll:
0x4190f8 ?_BADOFF@std@@3_JB
库: MSVCR100.dll:
0x4191a8 memcpy
0x4191ac _setmbcp
0x4191b0 _strnicmp
0x4191b4 memset
0x4191b8 _gmtime64
0x4191cc memmove
0x4191d0 free
0x4191d4 malloc
0x4191d8 ??_V@YAXPAX@Z
0x4191dc ??3@YAXPAX@Z
0x4191e0 ??2@YAPAXI@Z
0x4191ec _purecall
0x4191f0 _access
0x4191f4 fwrite
0x4191f8 fclose
0x4191fc fputc
0x41920c _unlock_file
0x419210 _localtime64_s
0x419214 ungetc
0x419218 fgetpos
0x41921c _fseeki64
0x419220 memchr
0x419224 fflush
0x419228 fgetc
0x41922c tolower
0x419230 fsetpos
0x419234 setvbuf
0x419238 _lock_file
0x41923c memcpy_s
0x419240 _time64
0x419244 sprintf_s
0x419248 __iob_func
0x41924c fprintf
0x419250 isspace
0x419254 _errno
0x419258 isalnum
0x41925c isalpha
0x419260 isdigit
0x419264 isupper
0x419268 __CxxFrameHandler3
0x41926c ?terminate@@YAXXZ
0x419270 _unlock
0x419274 __dllonexit
0x419278 _lock
0x41927c _onexit
0x419280 _amsg_exit
0x419284 __getmainargs
0x419288 _cexit
0x41928c _exit
0x419290 _XcptFilter
0x419294 _ismbblead
0x419298 exit
0x41929c _acmdln
0x4192a0 _initterm
0x4192a4 _initterm_e
0x4192a8 _configthreadlocale
0x4192ac __setusermatherr
0x4192b0 _commode
0x4192b4 _fmode
0x4192b8 __set_app_type
0x4192bc _vsnprintf
0x4192c0 _crt_debugger_hook
0x4192cc _invoke_watson
0x4192d0 _controlfp_s
0x4192d4 _CxxThrowException
0x4192d8 _beginthreadex
库: mfc100.dll:
0x419418 None
0x41941c None
0x419420 None
0x419424 None
0x419428 None
0x41942c None
0x419430 None
0x419434 None
0x419438 None
0x41943c None
0x419440 None
0x419444 None
0x419448 None
0x41944c None
0x419450 None
0x419454 None
0x419458 None
0x41945c None
0x419460 None
0x419464 None
0x419468 None
0x41946c None
0x419470 None
0x419474 None
0x419478 None
0x41947c None
0x419480 None
0x419484 None
0x419488 None
0x41948c None
0x419490 None
0x419494 None
0x419498 None
0x41949c None
0x4194a0 None
0x4194a4 None
0x4194a8 None
0x4194ac None
0x4194b0 None
0x4194b4 None
0x4194b8 None
0x4194bc None
0x4194c0 None
0x4194c4 None
0x4194c8 None
0x4194cc None
0x4194d0 None
0x4194d4 None
0x4194d8 None
0x4194dc None
0x4194e0 None
0x4194e4 None
0x4194e8 None
0x4194ec None
0x4194f0 None
0x4194f4 None
0x4194f8 None
0x4194fc None
0x419500 None
0x419504 None
0x419508 None
0x41950c None
0x419510 None
0x419514 None
0x419518 None
0x41951c None
0x419520 None
0x419524 None
0x419528 None
0x41952c None
0x419530 None
0x419534 None
0x419538 None
0x41953c None
0x419540 None
0x419544 None
0x419548 None
0x41954c None
0x419550 None
0x419554 None
0x419558 None
0x41955c None
0x419560 None
0x419564 None
0x419568 None
0x41956c None
0x419570 None
0x419574 None
0x419578 None
0x41957c None
0x419580 None
0x419584 None
0x419588 None
0x41958c None
0x419590 None
0x419594 None
0x419598 None
0x41959c None
0x4195a0 None
0x4195a4 None
0x4195a8 None
0x4195ac None
0x4195b0 None
0x4195b4 None
0x4195b8 None
0x4195bc None
0x4195c0 None
0x4195c4 None
0x4195c8 None
0x4195cc None
0x4195d0 None
0x4195d4 None
0x4195d8 None
0x4195dc None
0x4195e0 None
0x4195e4 None
0x4195e8 None
0x4195ec None
0x4195f0 None
0x4195f4 None
0x4195f8 None
0x4195fc None
0x419600 None
0x419604 None
0x419608 None
0x41960c None
0x419610 None
0x419614 None
0x419618 None
0x41961c None
0x419620 None
0x419624 None
0x419628 None
0x41962c None
0x419630 None
0x419634 None
0x419638 None
0x41963c None
0x419640 None
0x419644 None
0x419648 None
0x41964c None
0x419650 None
0x419654 None
0x419658 None
0x41965c None
0x419660 None
0x419664 None
0x419668 None
0x41966c None
0x419670 None
0x419674 None
0x419678 None
0x41967c None
0x419680 None
0x419684 None
0x419688 None
0x41968c None
0x419690 None
0x419694 None
0x419698 None
0x41969c None
0x4196a0 None
0x4196a4 None
0x4196a8 None
0x4196ac None
0x4196b0 None
0x4196b4 None
0x4196b8 None
0x4196bc None
0x4196c0 None
0x4196c4 None
0x4196c8 None
0x4196cc None
0x4196d0 None
0x4196d4 None
0x4196d8 None
0x4196dc None
0x4196e0 None
0x4196e4 None
0x4196e8 None
0x4196ec None
0x4196f0 None
0x4196f4 None
0x4196f8 None
0x4196fc None
0x419700 None
0x419704 None
0x419708 None
0x41970c None
0x419710 None
0x419714 None
0x419718 None
0x41971c None
0x419720 None
0x419724 None
0x419728 None
0x41972c None
库: KERNEL32.dll:
0x419008 OpenEventA
0x41900c WaitForSingleObject
0x419010 TlsGetValue
0x419018 TlsAlloc
0x41901c ResumeThread
0x419024 SetWaitableTimer
0x41902c ResetEvent
0x419030 TlsFree
0x41903c GetCurrentProcessId
0x419040 GetCurrentThreadId
0x419048 IsDebuggerPresent
0x419054 GetCurrentProcess
0x419058 TerminateProcess
0x41905c GetStartupInfoW
0x419060 HeapSetInformation
0x419068 InterlockedExchange
0x41906c DecodePointer
0x419070 EncodePointer
0x419074 DeleteFileA
0x419078 CreateDirectoryA
0x41907c GetSystemInfo
0x419080 CreateFileMappingA
0x419084 GetLastError
0x419088 UnmapViewOfFile
0x41908c MapViewOfFile
0x419090 GetFileSize
0x419094 CreateFileA
0x419098 GetModuleHandleA
0x41909c GetModuleFileNameA
0x4190a0 Sleep
0x4190a4 HeapFree
0x4190a8 HeapAlloc
0x4190ac GetProcessHeap
0x4190b0 GetTickCount
0x4190b4 LocalFree
0x4190b8 CloseHandle
0x4190bc SetEvent
0x4190c0 CreateEventA
0x4190c4 GetCommandLineW
0x4190c8 MultiByteToWideChar
0x4190cc TlsSetValue
库: USER32.dll:
0x419300 GetClientRect
0x419304 EnableWindow
0x419308 GetSystemMetrics
0x41930c AppendMenuA
0x419310 SendMessageA
0x419314 LoadIconW
0x419318 PostMessageA
0x41931c DrawIcon
0x419320 GetClassNameA
0x419324 GetWindowRect
0x419328 EnumWindows
0x41932c GetWindowTextA
0x419330 IsWindowVisible
0x419338 GetSystemMenu
0x41933c PostQuitMessage
0x419340 IsIconic
0x419344 GetPropA
库: SHELL32.dll:
0x4192f4 CommandLineToArgvW
0x4192f8 ShellExecuteA
库: COMCTL32.dll:
.text
`.rdata
@.data
.rsrc
@.reloc
9=D5B
XPVSh
L$XhpGA
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
could not convert calendar time to UTC time
Day of month value is out of range 1..31
Year is out of valid range: 1400..10000
Month number is out of range 1..12
Day of month is not valid for year
image/jpeg
invalid string position
string too long
Delete
NoRemove
ForceRemove
C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl
Exception thrown in destructor
%s (%s:%d)
bad allocation
boost::thread_resource_error
DMCLI.exe
vector<T> too long
\Project\boost_1_47_0\boost_1_47_0\boost/exception/detail/exception_ptr.hpp
class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_alloc_>(void)
class boost::exception_ptr __cdecl boost::exception_detail::get_static_exception_object<struct boost::exception_detail::bad_exception_>(void)
bad exception
DMCLIUpgrade
ShellExecute open
DmCli
DMCLIUpgrade.exe
\log\
Static
Button
Shell_TrayWnd
bad cast
{Not-any-thread}
aos_pool_create failure.
aos_http_controller_create
aos_http_io.c
resp body file arg NULL.
aos_write_http_body_file
apr_file_write fialure, code:%d %s.
aos_http_io_initialize
Unknown
aliyun-sdk-c/3.2.1
%s(Compatible %s)
%s, %.2d %s %.4d %.2d:%.2d:%.2d GMT
HttpIoError
ParseXmlError
OpenFileFail
UnknownError
ClientError
Utf8EncodeFail
UrlEncodeFail
InconsistentError
x-oss-
x-oss-date
x-oss-acl
x-oss-copy-source
Content-MD5
Content-Type
Content-Length
Authorization
OSSAccessKeyId
Expect
Expires
Signature
prefix
delimiter
marker
max-keys
uploads
uploadId
max-parts
part-number-marker
key-marker
upload-id-marker
max-uploads
partNumber
append
position
application/x-www-form-urlencoded
x-oss-copy-source
x-oss-copy-source-range
x-oss-security-token
x-oss-replace-object-meta
x-oss-object-type
x-oss-next-append-position
x-oss-hash-crc64ecma
x-oss-callback
x-oss-process
lifecycle
delete
Normal
Appendable
status
history
startTime
endTime
playlistName
disabled
enabled
playlist.m3u8
application/vnd.android.package-archive
application/x-mpegURL
video/MP2T
video/x-msvideo
video/x-ms-wmv
video/x-ms-asf
video/x-mng
video/x-m4v
video/x-flv
video/webm
video/quicktime
video/mpeg
video/mp4
video/3gpp
audio/x-realaudio
audio/x-m4a
audio/ogg
audio/mpeg
audio/midi
application/x-nokia-widget
application/zip
application/xhtml+xml
xhtml
application/x-xpinstall
application/x-x509-ca-cert
application/x-tcl
application/x-stuffit
application/x-shockwave-flash
application/x-sea
application/x-redhat-package-manager
application/x-rar-compressed
application/x-pilot
application/x-perl
application/x-makeself
application/x-java-jnlp-file
application/x-java-archive-diff
jardiff
application/x-cocoa
application/x-7z-compressed
application/vnd.google-earth.kmz
application/vnd.google-earth.kml+xml
application/vnd.wap.wmlc
application/vnd.ms-powerpoint
application/vnd.ms-excel
application/rtf
application/postscript
application/pdf
application/msword
application/mac-binhex40
application/java-archive
image/webp
image/svg+xml
image/x-ms-bmp
image/x-jng
image/x-icon
image/vnd.wap.wbmp
image/tiff
image/png
text/x-component
text/vnd.wap.wml
text/vnd.sun.j2me.app-descriptor
text/plain
text/mathml
application/rss+xml
application/atom+xml
application/x-javascript
image/gif
text/xml
text/css
shtml
text/html
application/octet-stream
http://
https://
oss_request_options_create
oss_util.c
%.*s/%.*s
%.*s.%.*s
oss_init_read_response_body_to_file
x-oss-request-id
x-img-request-id
Range
apr_file_open failure, code:%d %s.
aos_buf.c
aos_open_file_for_write
[%04d-%02d-%02d %02d:%02d:%02d.%03d] %I64d %s:%d
Content-Length: %I64d
%s: %s
uri invalid argument.
query params invalid argument.
%s%s/%s
%s%s/%s%.*s
aos_transport.c
aos_transport_cleanup
apr_file_close failure, %s.
Content-Length
aos_curl_default_write_callback
receive body too big, current body size: %I64d, max memory size: %I64d
error reason:%s,
write body failure.
read body failure.
curl_easy_setopt failed, code:%d %s.
aos_curl_transport_setup
DELETE
transport failure curl code:%d error:%s
aos_curl_http_transport_perform
Error
aos_status_parse_from_body
aos_status.c
Message
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
0123456789ABCDEF
apr_time_exp_gmt fialure, code:%d %s.
aos_get_gmt_str_time
aos_util.c
aos_convert_to_GMT failure, code:%d.
query params args too big, key:%s.
aos_query_params_to_string
query params args too big, value:%s.
query params args too big, %s.
UNKNOWN
x-oss-process
endTime
startTime
status
delete
lifecycle
position
append
response-content-encoding
response-content-disposition
response-cache-control
response-expires
response-content-language
response-content-type
partNumber
uploads
uploadId
malloc %d memory failed.
oss_get_canonicalized_headers
oss_auth.c
%s:%.*s
user meta header too many, %d > %d.
%c%s=%s
http query params too long, %s.
oss_get_canonicalized_resource
http header date is empty.
oss_get_string_to_sign
OSS %.*s:%.*s
http resource too long, %s.
oss_sign_request
\DMCLIUpgrade\Release\DMCLIUpgrade.pdb
_apr_pool_destroy@4
_apr_pool_create_ex@16
_apr_palloc@8
_apr_table_get@8
_apr_table_set@12
_apr_table_make@8
libapr-1.dll
_apr_thread_mutex_unlock@4
curl_easy_strerror
curl_easy_cleanup
curl_global_init
_apr_thread_mutex_lock@4
_apr_thread_mutex_destroy@4
_apr_file_write@12
_apr_initialize@0
_apr_thread_mutex_create@12
_apr_file_open_stderr@8
curl_easy_init
curl_easy_reset
_apr_strerror@12
_apr_file_close@4
apr_terminate
apr_snprintf
apr_psprintf
_apr_file_open@20
_apr_time_exp_lt@12
_apr_time_now@0
_apr_os_thread_current@0
libcurl.dll
curl_slist_append
curl_easy_setopt
curl_easy_perform
_apr_pstrdup@8
curl_easy_getinfo
_apr_table_elts@4
curl_slist_free_all
_apr_table_addn@12
mxmlDelete
mxmlFindElement
_apr_is_empty_table@4
_apr_sha1_final@8
_apr_time_exp_gmt@12
_apr_sha1_update@12
mxmlLoadString
_apr_strnatcasecmp@8
_apr_sha1_init@4
mxml_opaque_cb
_apr_strnatcmp@8
_apr_pstrndup@12
_apr_array_make@12
_apr_array_push@4
_apr_array_pop@4
MXML1.dll
libaprutil-1.dll
WS2_32.dll
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
没有防病毒引擎扫描信息!
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49159 23.223.199.177 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49159 23.223.199.177 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 17.029 seconds )

  • 10.836 Suricata
  • 2.754 VirusTotal
  • 1.955 NetworkAnalysis
  • 0.842 Static
  • 0.312 peid
  • 0.304 TargetInfo
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 1.418 seconds )

  • 1.343 proprietary_url_bl
  • 0.011 antiav_detectreg
  • 0.008 proprietary_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http

Reporting ( 0.517 seconds )

  • 0.512 ReportHTMLSummary
  • 0.005 Malheur
Task ID 744131
Mongo ID 662276737e769a7c1916eb1c
Cuckoo release 1.4-Maldun