分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-19 22:45:49 | 2024-04-19 22:48:13 | 144 秒 |
魔盾分数
9.075
危险的
文件详细信息
| 文件名 | 御风绝-4.19【S驱动】.sp.exe |
|---|---|
| 文件大小 | 30384128 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 6cefc21152a78712b8d6a0bf42865191 |
| SHA1 | 381b9919981271a6fa64d3f27dc89fe61d242881 |
| SHA256 | e3018357afc0b3f281b6145d1ad62a73da8c4bd2f83727ee5be07cfb2dbaba75 |
| SHA512 | fbf4805fee281483b7f66b8fabe3942e06515705e156de03ebd80171dd97e8ee77a6d3570da6d1cb0a7538711c24f65847f036166827fa69af3dc183cc0e1abd |
| CRC32 | 6E32BE85 |
| Ssdeep | 786432:Raq+GbaYG5N5ClmAKc+T9laqOPmAXo1i:Raq+hdYLqLs2i |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 183.131.79.214 | 中国 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| yun.wlspp.com | 未知 | A 183.131.79.214 |
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x01025240 |
| 声明校验值 | 0x01d010c2 |
| 实际校验值 | 0x01d010c2 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2024-04-19 09:34:16 |
| 载入哈希 | 59aa6b52b70a3fa1c1fb32c5a66fccc1 |
| 图标 |  |
| 图标精确哈希值 | e79dc3d9a17370e7839226ae16aed4ac |
| 图标相似性哈希值 | fa153f3c43099f143e468b422799dd03 |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| CompanyName | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000c5c0e | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
| .rdata | 0x000c7000 | 0x000f65bc | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
| .data | 0x001be000 | 0x00069dca | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x00228000 | 0x0000759c | 0x00008000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.62 |
| .svmp1 | 0x00230000 | 0x00395a49 | 0x00000000 | IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .svmp2 | 0x005c6000 | 0x0043f5da | 0x00440000 | IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.99 |
| .svmp3 | 0x00a06000 | 0x002e5d69 | 0x002e6000 | IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.98 |
| .svmp4 | 0x00cec000 | 0x015ca69b | 0x015cb000 | IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.77 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| TEXTINCLUDE | 0x00228c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x00228c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| TEXTINCLUDE | 0x00228c18 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
| RT_CURSOR | 0x00229108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x00229108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x00229108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_CURSOR | 0x00229108 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_BITMAP | 0x0022a97c | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
| RT_ICON | 0x0022aed0 | 0x000025a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.95 | data |
| RT_ICON | 0x0022aed0 | 0x000025a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.95 | data |
| RT_ICON | 0x0022aed0 | 0x000025a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.95 | data |
| RT_MENU | 0x0022d484 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_MENU | 0x0022d484 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_DIALOG | 0x0022e6cc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_STRING | 0x0022f114 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
| RT_GROUP_CURSOR | 0x0022f160 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0022f160 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_CURSOR | 0x0022f160 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
| RT_GROUP_ICON | 0x0022f1ac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x0022f1ac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_GROUP_ICON | 0x0022f1ac | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
| RT_VERSION | 0x0022f1c0 | 0x0000020c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.36 | data |
| RT_MANIFEST | 0x0022f3cc | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
导入
库: WINMM.dll:
• 0xe053ce midiStreamOut
库: WS2_32.dll:
• 0xe053d6 WSAAsyncSelect
库: RASAPI32.dll:
• 0xe053de RasHangUpA
库: KERNEL32.dll:
• 0xe053e6 GetSystemDirectoryA
库: USER32.dll:
• 0xe053ee SetFocus
库: GDI32.dll:
• 0xe053f6 LineTo
库: WINSPOOL.DRV:
• 0xe053fe OpenPrinterA
库: ADVAPI32.dll:
• 0xe05406 RegOpenKeyExA
库: SHELL32.dll:
• 0xe0540e DragQueryFileA
库: ole32.dll:
• 0xe05416 CLSIDFromString
库: OLEAUT32.dll:
• 0xe0541e LoadTypeLib
库: COMCTL32.dll:
• 0xe05426 ImageList_Add
库: WININET.dll:
• 0xe0542e InternetCloseHandle
库: comdlg32.dll:
• 0xe05436 ChooseColorA
.text
`.rdata
@.data
.rsrc
@.svmp1
.svmp2
.svmp3
.svmp4
resource.h
SbpS:g:
USMO:
-NbkSbpS(
-NbkSbpS
OX[0R
N*N(W%
N*N(W%
N*N(W0
g~b0R
l5l1
sN$d"
mlS\q
Ctrl+PageUp
Ctrl+PageDown
PageUp
PageDown
Ctrl+G
Ctrl+Home
Ctrl+End
Shift+Tab
Tab/Enter
Ctrl+N
Ctrl+D
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_progress32
Progress1
MS Shell Dlg
......
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.0.0.0
FileDescription
ProductName
ProductVersion
1.0.0.0
CompanyName
LegalCopyright
Comments
VarFileInfo
Translation
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 183.131.79.214 | 中国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49161 | 183.131.79.214 yun.wlspp.com | 8899 |
| 192.168.122.201 | 49162 | 183.131.79.214 yun.wlspp.com | 8899 |
| 192.168.122.201 | 49157 | 184.25.50.112 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 56270 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| yun.wlspp.com | 未知 | A 183.131.79.214 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49161 | 183.131.79.214 yun.wlspp.com | 8899 |
| 192.168.122.201 | 49162 | 183.131.79.214 yun.wlspp.com | 8899 |
| 192.168.122.201 | 49157 | 184.25.50.112 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 56270 | 192.168.122.1 | 53 |
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 54.104 seconds )
- 16.808 Static
- 13.141 NetworkAnalysis
- 10.762 Suricata
- 6.292 TargetInfo
- 5.94 VirusTotal
- 0.484 BehaviorAnalysis
- 0.468 peid
- 0.104 Strings
- 0.092 config_decoder
- 0.011 AnalysisInfo
- 0.002 Memory
Signatures ( 1.593 seconds )
- 1.339 proprietary_url_bl
- 0.028 api_spamming
- 0.022 stealth_timeout
- 0.021 stealth_decoy_document
- 0.018 kovter_behavior
- 0.018 antiav_detectreg
- 0.017 antiemu_wine_func
- 0.015 infostealer_browser_password
- 0.012 stealth_file
- 0.01 proprietary_domain_bl
- 0.008 infostealer_ftp
- 0.006 antidbg_windows
- 0.006 antiav_detectfile
- 0.005 anomaly_persistence_autorun
- 0.005 infostealer_im
- 0.004 antianalysis_detectreg
- 0.004 geodo_banking_trojan
- 0.004 infostealer_bitcoin
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 antivm_vbox_files
- 0.003 infostealer_mail
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 antivm_vbox_libs
- 0.002 mimics_filetime
- 0.002 disables_browser_warn
- 0.002 network_torgateway
- 0.001 bootkit
- 0.001 rat_nanocore
- 0.001 antiav_avast_libs
- 0.001 proprietary_anomaly_massive_file_ops
- 0.001 antivm_vbox_window
- 0.001 betabot_behavior
- 0.001 reads_self
- 0.001 antisandbox_sunbelt_libs
- 0.001 kibex_behavior
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 antivm_generic_disk
- 0.001 cerber_behavior
- 0.001 antisandbox_script_timer
- 0.001 virus
- 0.001 antivm_parallels_keys
- 0.001 antivm_xen_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 proprietary_bad_drop
- 0.001 network_cnc_http
Reporting ( 0.598 seconds )
- 0.532 ReportHTMLSummary
- 0.066 Malheur
| Task ID | 744133 |
|---|---|
| Mongo ID | 662284737e769a7c1b16ec8f |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号