分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-23 13:17:37 | 2024-04-23 13:18:34 | 57 秒 |
魔盾分数
9.525
危险的
文件详细信息
| 文件名 | D000XMI0-J0DC.exe |
|---|---|
| 文件大小 | 761856 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
| MD5 | dbae8138e674110f1dba1d3cb1ab2f25 |
| SHA1 | 0d7034722073eacd4e68b624d2c2e5e3e2a8615a |
| SHA256 | cce9afab5e5ac240cb64aff76aaa2ddedcda461619dc1b3bc0eab6f571d9fe65 |
| SHA512 | b52978f24e167f966a69319d2c1ef0ad6fcea3c522b94d02fdf66d067724a658aa027c698dd664a6a49e229d96e27e007c293af2a25bc31e0940d0c9f5818e03 |
| CRC32 | 6D03CAA4 |
| Ssdeep | 12288:hLwjk730jPhx72zTDXLTp9gINmncmwwwy:gj5Y/rNNPIwy |
| Yara | 登录查看Yara规则 |
| 找不到该样本 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x004b93b2 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000c662e |
| 最低操作系统版本要求 | 4.0 |
| PDB路径 | D:\APL2\MMC 5A45\APL\D000XMI0-J0KC\D000XMI0-J0KC_v101\obj\Debug\D000XMI0-J0DC.pdb |
| 编译时间 | 2024-04-16 15:26:59 |
| 载入哈希 | f34d5f2d4577ed6d9ceec516c1f5a744 |
| 图标 |  |
| 图标精确哈希值 | 95b9a60f32c244b2273a2a813c8a4dac |
| 图标相似性哈希值 | 1d3655c0826278fbe7d96ad93122a272 |
版本信息
| Translation | |
|---|---|
| LegalCopyright | |
| Assembly Version | |
| InternalName | |
| FileVersion | |
| CompanyName | |
| LegalTrademarks | |
| Comments | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00002000 | 0x000b7528 | 0x000b7600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.19 |
| .rsrc | 0x000ba000 | 0x00002428 | 0x00002600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.81 |
| .reloc | 0x000be000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.10 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x000bb1d8 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.60 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000bb1d8 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.60 | GLS_BINARY_LSB_FIRST |
| RT_GROUP_ICON | 0x000bb650 | 0x00000022 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.21 | MS Windows icon resource - 2 icons, 32x32 |
| RT_VERSION | 0x000bb684 | 0x00000380 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.38 | 8086 relocatable (Microsoft) |
| RT_MANIFEST | 0x000bba14 | 0x00000a0f | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.74 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
导入
库: mscoree.dll:
• 0x402000 _CorExeMain
装载信息
| 名称 | D000XMI0-J0DC |
|---|---|
| 版本 | 1.0.1.0 |
装载参考
| 名称 | 版本 |
|---|---|
| mscorlib | 2.0.0.0 |
| System | 2.0.0.0 |
| Microsoft.VisualBasic | 8.0.0.0 |
| System.Windows.Forms | 2.0.0.0 |
| System.Drawing | 2.0.0.0 |
| canlibCLSNET | 7.1.7000.1 |
| MySql.Data | 5.1.5.0 |
| System.Data | 2.0.0.0 |
| Interop.ADOX | 2.8.0.0 |
| Plugin | 1.0.3708.32143 |
| EnaviTestmode | 1.0.0.4 |
| Microsoft.VisualC | 8.0.0.0 |
类型参考
| 装载 | 类型名称 |
|---|---|
| EnaviTestmode | EnaviTestmode.ClassEnaviTestmode |
| Interop.ADOX | ADOX.Catalog |
| Interop.ADOX | ADOX.CatalogClass |
| Interop.ADOX | ADOX.Column |
| Interop.ADOX | ADOX.ColumnAttributesEnum |
| Interop.ADOX | ADOX.Columns |
| Interop.ADOX | ADOX.DataTypeEnum |
| Interop.ADOX | ADOX.KeyTypeEnum |
| Interop.ADOX | ADOX.Keys |
| Interop.ADOX | ADOX.Table |
| Interop.ADOX | ADOX.TableClass |
| Interop.ADOX | ADOX.Tables |
| Interop.ADOX | ADOX._Catalog |
| Interop.ADOX | ADOX._Column |
| Interop.ADOX | ADOX._Table |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.ApplicationBase |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.AssemblyInfo |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.AuthenticationMode |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.ShutdownEventHandler |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.ShutdownMode |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.StartupNextInstanceEventArgs |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.StartupNextInstanceEventHandler |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.User |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompareMethod |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.Conversions |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.DesignerGeneratedAttribute |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.NewLateBinding |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.ObjectFlowControl |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.Operators |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.ProjectData |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute |
| Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.Utils |
| Microsoft.VisualBasic | Microsoft.VisualBasic.Conversion |
| Microsoft.VisualBasic | Microsoft.VisualBasic.Devices.Computer |
| Microsoft.VisualBasic | Microsoft.VisualBasic.Devices.ServerComputer |
| Microsoft.VisualBasic | Microsoft.VisualBasic.ErrObject |
| Microsoft.VisualBasic | Microsoft.VisualBasic.FileIO.DeleteDirectoryOption |
| Microsoft.VisualBasic | Microsoft.VisualBasic.HideModuleNameAttribute |
| Microsoft.VisualBasic | Microsoft.VisualBasic.Information |
| Microsoft.VisualBasic | Microsoft.VisualBasic.Interaction |
| Microsoft.VisualBasic | Microsoft.VisualBasic.MsgBoxResult |
| Microsoft.VisualBasic | Microsoft.VisualBasic.MsgBoxStyle |
| Microsoft.VisualBasic | Microsoft.VisualBasic.MyGroupCollectionAttribute |
| Microsoft.VisualBasic | Microsoft.VisualBasic.MyServices.FileSystemProxy |
| Microsoft.VisualBasic | Microsoft.VisualBasic.Strings |
| Microsoft.VisualBasic | Microsoft.VisualBasic.VBFixedStringAttribute |
| Microsoft.VisualC | Microsoft.VisualC.IsConstModifier |
| Microsoft.VisualC | Microsoft.VisualC.IsLongModifier |
| MySql.Data | MySql.Data.MySqlClient.MySqlCommand |
| MySql.Data | MySql.Data.MySqlClient.MySqlConnection |
| MySql.Data | MySql.Data.MySqlClient.MySqlDataAdapter |
| MySql.Data | MySql.Data.MySqlClient.MySqlTransaction |
| Plugin | Plugin.IPlugin |
| Plugin | Plugin.IPluginHost |
| System | System.CodeDom.Compiler.GeneratedCodeAttribute |
| System | System.Collections.Generic.Queue`1 |
| System | System.ComponentModel.CancelEventArgs |
| System | System.ComponentModel.CancelEventHandler |
| System | System.ComponentModel.Component |
| System | System.ComponentModel.ComponentResourceManager |
| System | System.ComponentModel.Container |
| System | System.ComponentModel.Design.HelpKeywordAttribute |
| System | System.ComponentModel.EditorBrowsableAttribute |
| System | System.ComponentModel.EditorBrowsableState |
| System | System.ComponentModel.IContainer |
| System | System.ComponentModel.ISupportInitialize |
| System | System.Configuration.ApplicationSettingsBase |
| System | System.Configuration.SettingsBase |
| System | System.Diagnostics.DataReceivedEventArgs |
| System | System.Diagnostics.DataReceivedEventHandler |
| System | System.Diagnostics.FileVersionInfo |
| System | System.Diagnostics.Process |
| System | System.Diagnostics.ProcessStartInfo |
| System | System.IO.Ports.Parity |
| System | System.IO.Ports.SerialDataReceivedEventArgs |
| System | System.IO.Ports.SerialDataReceivedEventHandler |
| System | System.IO.Ports.SerialPort |
| System | System.IO.Ports.StopBits |
| System | System.Net.FtpWebRequest |
| System | System.Net.FtpWebResponse |
| System | System.Net.ICredentials |
| System | System.Net.IPAddress |
| System | System.Net.NetworkCredential |
| System | System.Net.Sockets.NetworkStream |
| System | System.Net.Sockets.TcpClient |
| System | System.Net.WebRequest |
| System | System.Net.WebResponse |
| System | System.Timers.ElapsedEventArgs |
| System | System.Timers.ElapsedEventHandler |
| System | System.Timers.Timer |
| System | System.Uri |
| System.Data | System.Data.Common.DbDataAdapter |
| System.Data | System.Data.DataRow |
| System.Data | System.Data.DataRowCollection |
| System.Data | System.Data.DataSet |
| System.Data | System.Data.DataTable |
| System.Data | System.Data.DataTableCollection |
| System.Data | System.Data.OleDb.OleDbCommand |
| System.Data | System.Data.OleDb.OleDbConnection |
| System.Data | System.Data.OleDb.OleDbDataAdapter |
| System.Data | System.Data.OleDb.OleDbTransaction |
| System.Data | System.Data.SqlClient.SqlCommand |
| System.Data | System.Data.SqlClient.SqlConnection |
| System.Data | System.Data.SqlClient.SqlDataAdapter |
| System.Data | System.Data.SqlClient.SqlDataReader |
| System.Data | System.Data.SqlClient.SqlTransaction |
| System.Drawing | System.Drawing.Bitmap |
| System.Drawing | System.Drawing.Color |
| System.Drawing | System.Drawing.ContentAlignment |
| System.Drawing | System.Drawing.Font |
| System.Drawing | System.Drawing.FontStyle |
| System.Drawing | System.Drawing.GraphicsUnit |
| System.Drawing | System.Drawing.Icon |
| System.Drawing | System.Drawing.Image |
| System.Drawing | System.Drawing.Point |
| System.Drawing | System.Drawing.Rectangle |
| System.Drawing | System.Drawing.Size |
| System.Drawing | System.Drawing.SizeF |
| System.Drawing | System.Drawing.SystemColors |
| System.Windows.Forms | System.Windows.Forms.Application |
| System.Windows.Forms | System.Windows.Forms.AutoScaleMode |
| System.Windows.Forms | System.Windows.Forms.Border3DStyle |
| System.Windows.Forms | System.Windows.Forms.BorderStyle |
| System.Windows.Forms | System.Windows.Forms.Button |
| System.Windows.Forms | System.Windows.Forms.ButtonBase |
| System.Windows.Forms | System.Windows.Forms.CharacterCasing |
| System.Windows.Forms | System.Windows.Forms.CheckBox |
| System.Windows.Forms | System.Windows.Forms.CheckState |
| System.Windows.Forms | System.Windows.Forms.ComboBox |
| System.Windows.Forms | System.Windows.Forms.ComboBox/ObjectCollection |
| System.Windows.Forms | System.Windows.Forms.ComboBoxStyle |
| System.Windows.Forms | System.Windows.Forms.CommonDialog |
| System.Windows.Forms | System.Windows.Forms.ContainerControl |
| System.Windows.Forms | System.Windows.Forms.Control |
| System.Windows.Forms | System.Windows.Forms.Control/ControlCollection |
| System.Windows.Forms | System.Windows.Forms.CreateParams |
| System.Windows.Forms | System.Windows.Forms.DataGridView |
| System.Windows.Forms | System.Windows.Forms.DataGridViewCell |
| System.Windows.Forms | System.Windows.Forms.DataGridViewCellCollection |
| System.Windows.Forms | System.Windows.Forms.DataGridViewCellEventArgs |
| System.Windows.Forms | System.Windows.Forms.DataGridViewCellEventHandler |
| System.Windows.Forms | System.Windows.Forms.DataGridViewCellStyle |
| System.Windows.Forms | System.Windows.Forms.DataGridViewCheckBoxColumn |
| System.Windows.Forms | System.Windows.Forms.DataGridViewColumn |
| System.Windows.Forms | System.Windows.Forms.DataGridViewColumnCollection |
| System.Windows.Forms | System.Windows.Forms.DataGridViewColumnHeadersHeightSizeMode |
| System.Windows.Forms | System.Windows.Forms.DataGridViewComboBoxColumn |
| System.Windows.Forms | System.Windows.Forms.DataGridViewContentAlignment |
| System.Windows.Forms | System.Windows.Forms.DataGridViewDataErrorContexts |
| System.Windows.Forms | System.Windows.Forms.DataGridViewRow |
| System.Windows.Forms | System.Windows.Forms.DataGridViewRowCollection |
| System.Windows.Forms | System.Windows.Forms.DataGridViewSelectionMode |
| System.Windows.Forms | System.Windows.Forms.DataGridViewTextBoxColumn |
| System.Windows.Forms | System.Windows.Forms.DataGridViewTriState |
| System.Windows.Forms | System.Windows.Forms.DialogResult |
| System.Windows.Forms | System.Windows.Forms.FileDialog |
| System.Windows.Forms | System.Windows.Forms.FolderBrowserDialog |
| System.Windows.Forms | System.Windows.Forms.Form |
| System.Windows.Forms | System.Windows.Forms.FormBorderStyle |
| System.Windows.Forms | System.Windows.Forms.FormStartPosition |
| System.Windows.Forms | System.Windows.Forms.FormWindowState |
| System.Windows.Forms | System.Windows.Forms.GroupBox |
| System.Windows.Forms | System.Windows.Forms.HorizontalAlignment |
| System.Windows.Forms | System.Windows.Forms.IWin32Window |
| System.Windows.Forms | System.Windows.Forms.InputLanguage |
| System.Windows.Forms | System.Windows.Forms.KeyPressEventArgs |
| System.Windows.Forms | System.Windows.Forms.KeyPressEventHandler |
| System.Windows.Forms | System.Windows.Forms.Label |
| System.Windows.Forms | System.Windows.Forms.ListBox |
| System.Windows.Forms | System.Windows.Forms.ListBox/ObjectCollection |
| System.Windows.Forms | System.Windows.Forms.ListControl |
| System.Windows.Forms | System.Windows.Forms.MenuStrip |
| System.Windows.Forms | System.Windows.Forms.Message |
| System.Windows.Forms | System.Windows.Forms.MessageBox |
| System.Windows.Forms | System.Windows.Forms.MessageBoxButtons |
| System.Windows.Forms | System.Windows.Forms.MessageBoxIcon |
| System.Windows.Forms | System.Windows.Forms.NativeWindow |
| System.Windows.Forms | System.Windows.Forms.NumericUpDown |
| System.Windows.Forms | System.Windows.Forms.OpenFileDialog |
| System.Windows.Forms | System.Windows.Forms.Padding |
| System.Windows.Forms | System.Windows.Forms.ProgressBar |
| System.Windows.Forms | System.Windows.Forms.RadioButton |
| System.Windows.Forms | System.Windows.Forms.SaveFileDialog |
| System.Windows.Forms | System.Windows.Forms.Screen |
| System.Windows.Forms | System.Windows.Forms.ScrollBars |
| System.Windows.Forms | System.Windows.Forms.SendKeys |
| System.Windows.Forms | System.Windows.Forms.SizeGripStyle |
| System.Windows.Forms | System.Windows.Forms.StatusStrip |
| System.Windows.Forms | System.Windows.Forms.TabControl |
| System.Windows.Forms | System.Windows.Forms.TabPage |
| System.Windows.Forms | System.Windows.Forms.TextBox |
| System.Windows.Forms | System.Windows.Forms.TextBoxBase |
| System.Windows.Forms | System.Windows.Forms.Timer |
| System.Windows.Forms | System.Windows.Forms.ToolStrip |
| System.Windows.Forms | System.Windows.Forms.ToolStripControlHost |
| System.Windows.Forms | System.Windows.Forms.ToolStripDropDownItem |
| System.Windows.Forms | System.Windows.Forms.ToolStripItem |
| System.Windows.Forms | System.Windows.Forms.ToolStripItemCollection |
| System.Windows.Forms | System.Windows.Forms.ToolStripMenuItem |
| System.Windows.Forms | System.Windows.Forms.ToolStripProgressBar |
| System.Windows.Forms | System.Windows.Forms.ToolStripSeparator |
| System.Windows.Forms | System.Windows.Forms.ToolStripStatusLabel |
| System.Windows.Forms | System.Windows.Forms.UpDownBase |
| canlibCLSNET | canlibCLSNET.Canlib |
| canlibCLSNET | canlibCLSNET.Canlib/canStatus |
| mscorlib | System.Activator |
| mscorlib | System.ArgumentException |
| mscorlib | System.Array |
| mscorlib | System.AsyncCallback |
| mscorlib | System.Attribute |
| mscorlib | System.BitConverter |
| mscorlib | System.Boolean |
| mscorlib | System.Byte |
| mscorlib | System.Char |
| mscorlib | System.Collections.ArrayList |
| mscorlib | System.Collections.Generic.List`1 |
| mscorlib | System.Collections.Hashtable |
| mscorlib | System.Collections.ICollection |
| mscorlib | System.Collections.IEnumerator |
| mscorlib | System.Console |
| mscorlib | System.Convert |
| mscorlib | System.DateTime |
| mscorlib | System.Decimal |
| mscorlib | System.Delegate |
| mscorlib | System.Diagnostics.DebuggableAttribute |
| mscorlib | System.Diagnostics.DebuggableAttribute/DebuggingModes |
| mscorlib | System.Diagnostics.DebuggerBrowsableAttribute |
| mscorlib | System.Diagnostics.DebuggerBrowsableState |
| mscorlib | System.Diagnostics.DebuggerHiddenAttribute |
| mscorlib | System.Diagnostics.DebuggerNonUserCodeAttribute |
| mscorlib | System.Diagnostics.DebuggerStepThroughAttribute |
| mscorlib | System.Double |
| mscorlib | System.Enum |
| mscorlib | System.Environment |
| mscorlib | System.Environment/SpecialFolder |
| mscorlib | System.EventArgs |
| mscorlib | System.EventHandler |
| mscorlib | System.Exception |
| mscorlib | System.Globalization.CultureInfo |
| mscorlib | System.Globalization.DateTimeFormatInfo |
| mscorlib | System.Globalization.NumberStyles |
| mscorlib | System.IAsyncResult |
| mscorlib | System.IDisposable |
| mscorlib | System.IFormatProvider |
| mscorlib | System.IO.BinaryReader |
| mscorlib | System.IO.Directory |
| mscorlib | System.IO.DirectoryInfo |
| mscorlib | System.IO.File |
| mscorlib | System.IO.FileAccess |
| mscorlib | System.IO.FileAttributes |
| mscorlib | System.IO.FileInfo |
| mscorlib | System.IO.FileMode |
| mscorlib | System.IO.FileStream |
| mscorlib | System.IO.FileSystemInfo |
| mscorlib | System.IO.MemoryStream |
| mscorlib | System.IO.Path |
| mscorlib | System.IO.Stream |
| mscorlib | System.IO.StreamReader |
| mscorlib | System.IO.StreamWriter |
| mscorlib | System.IO.TextWriter |
| mscorlib | System.IO.UnmanagedMemoryStream |
| mscorlib | System.Int32 |
| mscorlib | System.Int64 |
| mscorlib | System.IntPtr |
| mscorlib | System.InvalidOperationException |
| mscorlib | System.Math |
| mscorlib | System.MulticastDelegate |
| mscorlib | System.Object |
| mscorlib | System.OperatingSystem |
| mscorlib | System.PlatformID |
| mscorlib | System.Reflection.Assembly |
| mscorlib | System.Reflection.AssemblyCompanyAttribute |
| mscorlib | System.Reflection.AssemblyCopyrightAttribute |
| mscorlib | System.Reflection.AssemblyDescriptionAttribute |
| mscorlib | System.Reflection.AssemblyFileVersionAttribute |
| mscorlib | System.Reflection.AssemblyProductAttribute |
| mscorlib | System.Reflection.AssemblyTitleAttribute |
| mscorlib | System.Reflection.AssemblyTrademarkAttribute |
| mscorlib | System.Reflection.Binder |
| mscorlib | System.Reflection.BindingFlags |
| mscorlib | System.Reflection.FieldInfo |
| mscorlib | System.Reflection.MemberInfo |
| mscorlib | System.Reflection.Module |
| mscorlib | System.Reflection.TargetInvocationException |
| mscorlib | System.Resources.ResourceManager |
| mscorlib | System.Runtime.CompilerServices.AccessedThroughPropertyAttribute |
| mscorlib | System.Runtime.CompilerServices.CompilationRelaxationsAttribute |
| mscorlib | System.Runtime.CompilerServices.CompilerGeneratedAttribute |
| mscorlib | System.Runtime.CompilerServices.RuntimeCompatibilityAttribute |
| mscorlib | System.Runtime.CompilerServices.RuntimeHelpers |
| mscorlib | System.Runtime.InteropServices.ComVisibleAttribute |
| mscorlib | System.Runtime.InteropServices.GuidAttribute |
| mscorlib | System.Runtime.InteropServices.Marshal |
| mscorlib | System.Runtime.Serialization.Formatters.Binary.BinaryFormatter |
| mscorlib | System.RuntimeFieldHandle |
| mscorlib | System.RuntimeTypeHandle |
| mscorlib | System.STAThreadAttribute |
| mscorlib | System.Security.Cryptography.HashAlgorithm |
| mscorlib | System.Security.Cryptography.MD5CryptoServiceProvider |
| mscorlib | System.Single |
| mscorlib | System.String |
| mscorlib | System.Text.Encoding |
| mscorlib | System.Text.StringBuilder |
| mscorlib | System.ThreadStaticAttribute |
| mscorlib | System.Threading.Interlocked |
| mscorlib | System.Threading.Monitor |
| mscorlib | System.Threading.Thread |
| mscorlib | System.Threading.ThreadStart |
| mscorlib | System.TimeSpan |
| mscorlib | System.Type |
| mscorlib | System.ValueType |
| mscorlib | System.Version |
.text
`.rsrc
@.reloc
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 104.123.154.162 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49160 | 104.123.154.162 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 59401 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 23.99 seconds )
- 11.128 Suricata
- 8.216 VirusTotal
- 1.454 Static
- 1.05 NetworkAnalysis
- 0.793 BehaviorAnalysis
- 0.583 static_dotnet
- 0.419 TargetInfo
- 0.32 peid
- 0.013 AnalysisInfo
- 0.011 Strings
- 0.002 Memory
- 0.001 config_decoder
Signatures ( 1.809 seconds )
- 1.348 proprietary_url_bl
- 0.055 antiav_detectreg
- 0.047 api_spamming
- 0.038 stealth_timeout
- 0.037 stealth_decoy_document
- 0.025 injection_createremotethread
- 0.023 infostealer_ftp
- 0.016 injection_runpe
- 0.014 infostealer_im
- 0.013 antiav_detectfile
- 0.012 injection_explorer
- 0.011 antianalysis_detectreg
- 0.009 infostealer_bitcoin
- 0.009 proprietary_domain_bl
- 0.008 infostealer_mail
- 0.006 antiemu_wine_func
- 0.006 antivm_generic_scsi
- 0.006 kovter_behavior
- 0.005 mimics_filetime
- 0.005 anomaly_persistence_autorun
- 0.005 infostealer_browser_password
- 0.005 antivm_vbox_files
- 0.005 geodo_banking_trojan
- 0.004 bootkit
- 0.004 reads_self
- 0.004 antivm_generic_disk
- 0.004 virus
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 stealth_file
- 0.003 antivm_generic_services
- 0.003 betabot_behavior
- 0.003 kibex_behavior
- 0.003 antidbg_windows
- 0.003 anormaly_invoke_kills
- 0.003 antivm_parallels_keys
- 0.003 antivm_xen_keys
- 0.003 network_http
- 0.002 tinba_behavior
- 0.002 antivm_vbox_libs
- 0.002 rat_nanocore
- 0.002 proprietary_anomaly_massive_file_ops
- 0.002 hancitor_behavior
- 0.002 antidbg_devices
- 0.002 antivm_generic_diskreg
- 0.002 disables_browser_warn
- 0.002 darkcomet_regkeys
- 0.002 recon_fingerprint
- 0.001 hawkeye_behavior
- 0.001 network_tor
- 0.001 proprietary_anomaly_write_exe_and_obsfucate_extension
- 0.001 antiav_avast_libs
- 0.001 proprietary_malicious_write_executeable_under_temp_to_regrun
- 0.001 sets_autoconfig_url
- 0.001 kazybot_behavior
- 0.001 antisandbox_sunbelt_libs
- 0.001 antisandbox_sboxie_libs
- 0.001 antiav_bitdefender_libs
- 0.001 shifu_behavior
- 0.001 exec_crash
- 0.001 cerber_behavior
- 0.001 bypass_firewall
- 0.001 antisandbox_productid
- 0.001 antivm_hyperv_keys
- 0.001 antivm_vbox_keys
- 0.001 antivm_vmware_files
- 0.001 antivm_vmware_keys
- 0.001 antivm_vpc_keys
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_security
- 0.001 modify_proxy
- 0.001 codelux_behavior
- 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
- 0.001 proprietary_anomaly_invoke_vb_vba
- 0.001 proprietary_bad_drop
- 0.001 network_cnc_http
- 0.001 rat_pcclient
Reporting ( 0.562 seconds )
- 0.49 ReportHTMLSummary
- 0.072 Malheur
| Task ID | 744236 |
|---|---|
| Mongo ID | 662744d47e769a1b228efbf9 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号