比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-04-23 09:09:46 2024-04-23 09:12:02 136 秒

魔盾分数

5.25

可疑的

文件详细信息

文件名 范围.exe
文件大小 733184 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 3f582f38bd6512aab6f0f6282ee16705
SHA1 4296d982b4125926a55fccc6eea7d6c66512d1bf
SHA256 13ad0aff52d3bdde92aec7f090f6bdae0ba81c4d6f5106742a3c64903aa820d1
SHA512 72ab1468c39f937125aa28c8de6b951f1dab228ac652e0882d578171ad28c9b774bae553f5823ae51f251c15a1679a7254ef3bbf8715c24d83d1641640fc2958
CRC32 3E576164
Ssdeep 12288:6CTff4E5mA49unAckcfvwEDapsmOapzLlr9m:PfvAACuGcXfDaCmOapzLlg
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00465731
声明校验值 0x00000000
实际校验值 0x000b6bdd
最低操作系统版本要求 4.0
编译时间 2024-04-22 17:03:14
载入哈希 0a35af1c07134c60a550a45f1747c3cc
图标
图标精确哈希值 7e8d0dbe5de19f74f384ae459c5abecf
图标相似性哈希值 439e81c5165936c3ea55d4df339c6380

版本信息

LegalCopyright
FileVersion
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00083b6e 0x00084000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.57
.rdata 0x00085000 0x0001527e 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.40
.data 0x0009b000 0x00030b88 0x00012000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.05
.rsrc 0x000cc000 0x00005b1c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.78

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x000ccc78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x000ccc78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x000ccc78 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x000cd168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000cd168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000cd168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x000cd168 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x000ce9dc 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x000cf340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000cf340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000cf340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000cf340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_ICON 0x000cf340 0x00000668 LANG_NEUTRAL SUBLANG_NEUTRAL 2.62 dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0
RT_MENU 0x000cf9b4 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x000cf9b4 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x000d0bfc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x000d1644 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x000d1690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000d1690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x000d1690 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x000d16f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000d16f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x000d16f8 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x000d170c 0x00000240 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.83 data
RT_MANIFEST 0x000d194c 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: KERNEL32.dll:
0x485170 FindClose
0x485174 FindFirstFileA
0x485178 GlobalUnlock
0x48517c GlobalLock
0x485180 GlobalAlloc
0x485184 Sleep
0x485188 SetEndOfFile
0x48518c UnlockFile
0x485190 LockFile
0x485194 FlushFileBuffers
0x485198 SetFilePointer
0x48519c GetCurrentProcess
0x4851a0 DuplicateHandle
0x4851a4 lstrcpynA
0x4851a8 SetLastError
0x4851b4 SetStdHandle
0x4851b8 IsBadCodePtr
0x4851bc IsBadReadPtr
0x4851c0 CompareStringW
0x4851c4 CompareStringA
0x4851cc GetStringTypeW
0x4851d0 GetStringTypeA
0x4851d4 IsBadWritePtr
0x4851d8 VirtualAlloc
0x4851dc LCMapStringW
0x4851e0 LCMapStringA
0x4851e8 VirtualFree
0x4851ec HeapCreate
0x4851f0 HeapDestroy
0x4851f8 GetFileType
0x4851fc GetStdHandle
0x485200 SetHandleCount
0x485218 GetACP
0x48521c HeapSize
0x485220 TerminateProcess
0x485224 GetLocalTime
0x485228 GetSystemTime
0x485230 LocalFree
0x485238 CreateSemaphoreA
0x48523c ResumeThread
0x485240 ReleaseSemaphore
0x48524c GetProfileStringA
0x485250 WriteFile
0x485258 CreateFileA
0x48525c SetEvent
0x485260 FindResourceA
0x485264 LoadResource
0x485268 LockResource
0x48526c ReadFile
0x485270 GetModuleFileNameA
0x485274 WideCharToMultiByte
0x485278 MultiByteToWideChar
0x48527c GetCurrentThreadId
0x485280 ExitProcess
0x485284 GlobalSize
0x485288 GlobalFree
0x485294 lstrcatA
0x485298 lstrlenA
0x48529c WinExec
0x4852a0 lstrcpyA
0x4852a4 FindNextFileA
0x4852a8 GlobalReAlloc
0x4852ac HeapFree
0x4852b0 HeapReAlloc
0x4852b4 GetProcessHeap
0x4852b8 HeapAlloc
0x4852bc GetFullPathNameA
0x4852c0 FreeLibrary
0x4852c4 LoadLibraryA
0x4852c8 GetLastError
0x4852cc GetVersionExA
0x4852d4 CreateThread
0x4852d8 CreateEventA
0x4852dc RaiseException
0x4852e0 RtlUnwind
0x4852e4 GetStartupInfoA
0x4852e8 GetOEMCP
0x4852ec GetCPInfo
0x4852f0 GetProcessVersion
0x4852f4 SetErrorMode
0x4852f8 GlobalFlags
0x4852fc GetCurrentThread
0x485300 GetFileTime
0x485304 GetFileSize
0x485308 TlsGetValue
0x48530c LocalReAlloc
0x485310 TlsSetValue
0x485314 TlsFree
0x485318 GlobalHandle
0x48531c TlsAlloc
0x485320 LocalAlloc
0x485324 GetFileAttributesA
0x485330 lstrcmpA
0x485334 GetVersion
0x485338 GlobalGetAtomNameA
0x48533c GlobalAddAtomA
0x485340 GlobalFindAtomA
0x485344 GlobalDeleteAtom
0x485348 lstrcmpiA
0x48534c GetModuleHandleA
0x485350 GetProcAddress
0x485354 MulDiv
0x485358 GetCommandLineA
0x48535c GetTickCount
0x485360 WaitForSingleObject
0x485364 CloseHandle
库: USER32.dll:
0x48538c OpenClipboard
0x485390 SetClipboardData
0x485394 EmptyClipboard
0x485398 GetSystemMetrics
0x48539c GetCursorPos
0x4853a0 MessageBoxA
0x4853a4 SetWindowPos
0x4853a8 SendMessageA
0x4853ac DestroyCursor
0x4853b0 SetParent
0x4853b4 GetClipboardData
0x4853b8 PostMessageA
0x4853bc GetTopWindow
0x4853c0 GetParent
0x4853c4 CloseClipboard
0x4853c8 wsprintfA
0x4853cc GetFocus
0x4853d0 GetClientRect
0x4853d4 InvalidateRect
0x4853d8 ValidateRect
0x4853dc UpdateWindow
0x4853e0 EqualRect
0x4853e4 GetWindowRect
0x4853e8 SetForegroundWindow
0x4853ec IsWindow
0x4853f0 GetMenuItemCount
0x4853f4 DestroyMenu
0x4853f8 IsChild
0x4853fc ReleaseDC
0x485400 IsRectEmpty
0x485404 FillRect
0x485408 GetDC
0x48540c SetCursor
0x485410 LoadCursorA
0x485414 SetCursorPos
0x485418 SetActiveWindow
0x48541c GetSysColor
0x485420 SetWindowLongA
0x485424 GetWindowLongA
0x485428 RedrawWindow
0x48542c EnableWindow
0x485430 IsWindowVisible
0x485434 OffsetRect
0x485438 PtInRect
0x48543c DestroyIcon
0x485440 IntersectRect
0x485444 InflateRect
0x485448 SetRect
0x48544c SetScrollPos
0x485450 SetScrollRange
0x485454 GetScrollRange
0x485458 SetCapture
0x48545c GetCapture
0x485460 ReleaseCapture
0x485464 LoadIconA
0x485468 TranslateMessage
0x48546c DrawFrameControl
0x485470 DrawEdge
0x485474 DrawFocusRect
0x485478 WindowFromPoint
0x48547c GetMessageA
0x485480 DispatchMessageA
0x485484 SetRectEmpty
0x485494 DrawIconEx
0x485498 CreatePopupMenu
0x48549c AppendMenuA
0x4854a0 ModifyMenuA
0x4854a4 CreateMenu
0x4854ac GetDlgCtrlID
0x4854b0 GetSubMenu
0x4854b4 EnableMenuItem
0x4854b8 ClientToScreen
0x4854c0 LoadImageA
0x4854c8 ShowWindow
0x4854cc IsWindowEnabled
0x4854d4 GetKeyState
0x4854dc PostQuitMessage
0x4854e0 IsZoomed
0x4854e4 GetClassInfoA
0x4854e8 DefWindowProcA
0x4854ec GetSystemMenu
0x4854f0 DeleteMenu
0x4854f4 GetMenu
0x4854f8 SetMenu
0x4854fc PeekMessageA
0x485500 GetWindowTextA
0x485508 CharUpperA
0x48550c GetWindowDC
0x485510 BeginPaint
0x485514 EndPaint
0x485518 TabbedTextOutA
0x48551c DrawTextA
0x485520 GrayStringA
0x485524 GetDlgItem
0x485528 DestroyWindow
0x485530 EndDialog
0x485534 GetNextDlgTabItem
0x485538 GetWindowPlacement
0x485540 GetForegroundWindow
0x485544 GetLastActivePopup
0x485548 GetMessageTime
0x48554c RemovePropA
0x485550 CallWindowProcA
0x485554 GetPropA
0x485558 UnhookWindowsHookEx
0x48555c SetPropA
0x485560 GetClassLongA
0x485564 CallNextHookEx
0x485568 SetWindowsHookExA
0x48556c CreateWindowExA
0x485570 GetMenuItemID
0x485574 UnregisterClassA
0x485578 RegisterClassA
0x48557c GetScrollPos
0x485580 AdjustWindowRectEx
0x485584 MapWindowPoints
0x485588 SendDlgItemMessageA
0x48558c ScrollWindowEx
0x485590 IsDialogMessageA
0x485594 SetWindowTextA
0x485598 MoveWindow
0x48559c CheckMenuItem
0x4855a0 SetMenuItemBitmaps
0x4855a4 GetMenuState
0x4855ac GetClassNameA
0x4855b0 GetDesktopWindow
0x4855b4 LoadStringA
0x4855b8 GetSysColorBrush
0x4855bc IsIconic
0x4855c0 SetFocus
0x4855c4 GetActiveWindow
0x4855c8 GetWindow
0x4855d0 SetWindowRgn
0x4855d4 GetMessagePos
0x4855d8 ScreenToClient
0x4855e0 CopyRect
0x4855e4 LoadBitmapA
0x4855e8 WinHelpA
0x4855ec KillTimer
0x4855f0 SetTimer
库: GDI32.dll:
0x485024 ScaleWindowExtEx
0x485028 SetBkColor
0x485030 SetStretchBltMode
0x485034 GetClipRgn
0x485038 CreatePolygonRgn
0x48503c SelectClipRgn
0x485040 DeleteObject
0x485044 CreateDIBitmap
0x48504c CreatePalette
0x485050 StretchBlt
0x485054 SelectPalette
0x485058 RealizePalette
0x48505c GetDIBits
0x485060 GetWindowExtEx
0x485064 GetViewportOrgEx
0x485068 GetWindowOrgEx
0x48506c BeginPath
0x485070 EndPath
0x485074 PathToRegion
0x485078 CreateEllipticRgn
0x48507c CreateRoundRectRgn
0x485080 GetTextColor
0x485084 GetBkMode
0x485088 GetBkColor
0x48508c GetROP2
0x485090 GetStretchBltMode
0x485094 GetPolyFillMode
0x48509c CreateDCA
0x4850a0 CreateBitmap
0x4850a4 SelectObject
0x4850a8 GetObjectA
0x4850ac CreatePen
0x4850b0 PatBlt
0x4850b4 CombineRgn
0x4850b8 CreateRectRgn
0x4850bc FillRgn
0x4850c0 CreateSolidBrush
0x4850c4 GetStockObject
0x4850c8 CreateFontIndirectA
0x4850cc EndPage
0x4850d0 EndDoc
0x4850d4 DeleteDC
0x4850d8 StartDocA
0x4850dc StartPage
0x4850e0 BitBlt
0x4850e4 CreateCompatibleDC
0x4850e8 Ellipse
0x4850ec Rectangle
0x4850f0 LPtoDP
0x4850f4 DPtoLP
0x4850f8 GetCurrentObject
0x4850fc RoundRect
0x485104 GetDeviceCaps
0x485108 SaveDC
0x48510c RestoreDC
0x485110 SetBkMode
0x485114 SetPolyFillMode
0x485118 SetROP2
0x48511c SetTextColor
0x485120 SetMapMode
0x485124 SetViewportOrgEx
0x485128 OffsetViewportOrgEx
0x48512c SetViewportExtEx
0x485130 ScaleViewportExtEx
0x485134 SetWindowOrgEx
0x485138 SetWindowExtEx
0x48513c GetClipBox
0x485140 ExcludeClipRect
0x485144 MoveToEx
0x485148 GetTextMetricsA
0x48514c Escape
0x485150 ExtTextOutA
0x485154 TextOutA
0x485158 RectVisible
0x48515c PtVisible
0x485160 GetViewportExtEx
0x485164 ExtSelectClipRgn
0x485168 LineTo
库: WINMM.dll:
0x4855f8 midiStreamRestart
0x4855fc midiStreamClose
0x485600 midiOutReset
0x485604 midiStreamStop
0x485608 midiStreamOut
0x485610 midiStreamProperty
0x485614 midiStreamOpen
0x48561c waveOutOpen
0x485620 waveOutGetNumDevs
0x485624 waveOutClose
0x485628 waveOutReset
0x48562c waveOutPause
0x485630 waveOutWrite
库: WINSPOOL.DRV:
0x485640 ClosePrinter
0x485644 DocumentPropertiesA
0x485648 OpenPrinterA
库: ADVAPI32.dll:
0x485000 RegQueryValueA
0x485004 RegCloseKey
0x485008 RegOpenKeyExA
0x48500c RegSetValueExA
0x485010 RegCreateKeyExA
库: SHELL32.dll:
0x485380 ShellExecuteA
0x485384 Shell_NotifyIconA
库: ole32.dll:
0x48568c OleInitialize
0x485690 OleUninitialize
0x485694 CLSIDFromString
库: OLEAUT32.dll:
0x485370 UnRegisterTypeLib
0x485374 RegisterTypeLib
0x485378 LoadTypeLib
库: COMCTL32.dll:
0x485018 ImageList_Destroy
0x48501c None
库: WS2_32.dll:
0x485650 recvfrom
0x485654 ioctlsocket
0x485658 recv
0x48565c getpeername
0x485660 accept
0x485664 WSAAsyncSelect
0x485668 closesocket
0x48566c inet_ntoa
0x485670 WSACleanup
库: comdlg32.dll:
0x485678 GetSaveFileNameA
0x48567c GetOpenFileNameA
0x485680 ChooseColorA
0x485684 GetFileTitleA
.text
`.rdata
@.data
.rsrc
Rj,Qj
8`}<j
T$hVj
T$th
|$`Vj
|$tVj
D$@Sj
L$8h
D$8Rj
l$<VWj
jjjjh
没有防病毒引擎扫描信息!

进程树

______.exe, PID: 2596, 上一级进程 PID: 2268
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49159 23.220.73.42 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49159 23.220.73.42 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 17.445 seconds )

  • 11.632 Suricata
  • 3.969 NetworkAnalysis
  • 1.053 Static
  • 0.399 TargetInfo
  • 0.305 peid
  • 0.062 BehaviorAnalysis
  • 0.011 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 1.485 seconds )

  • 1.37 proprietary_url_bl
  • 0.021 antiav_detectreg
  • 0.011 proprietary_domain_bl
  • 0.008 infostealer_ftp
  • 0.006 ransomware_extensions
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_files
  • 0.003 stealth_decoy_document
  • 0.003 api_spamming
  • 0.003 stealth_timeout
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_mail
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.002 proprietary_bad_drop
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antidbg_windows
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 network_cnc_http

Reporting ( 0.575 seconds )

  • 0.568 ReportHTMLSummary
  • 0.007 Malheur
Task ID 744229
Mongo ID 66270b267e769a1b228efbc3
Cuckoo release 1.4-Maldun