比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-04-26 09:59:17 2024-04-26 09:59:51 34 秒

魔盾分数

1.4

正常的

文件详细信息

文件名 LunaTranslator_main.exe
文件大小 8051200 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 2322a247cad7dc741bbcba826f0fa593
SHA1 28821e42876667f11153cb2b62a40a46aff2c8c5
SHA256 7f0e89f31bd95edba3af6b3d4cd8f459b9b138bffad5d950164bced49676dd44
SHA512 6f43001f18b140b940b76b4a287b67022cac56135782ecab446d7a03a24b3b847a4aa259c1f9553ef11e1225bad39082baab4305fa1fda3b08433a420063e5f3
CRC32 96219A94
Ssdeep 98304:avXgvKfKPSevENt+m298nXaMD4+33lKdOUr1CBglH9NSU2y5:aMSNq8qMD4+C5
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x1403a6be4
声明校验值 0x00000000
实际校验值 0x007ade9d
最低操作系统版本要求 6.0
编译时间 2024-04-26 04:58:23
载入哈希 676d58af7c511171ce631424157e17fe

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x003c4e10 0x003c5000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.20
.rdata 0x003c6000 0x0002507c 0x00025200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.05
.data 0x003ec000 0x000260e8 0x00007400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.37
.pdata 0x00413000 0x0000a3ec 0x0000a400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.25
_RDATA 0x0041e000 0x000001f4 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.21
.rsrc 0x0041f000 0x003b0940 0x003b0a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.78
.reloc 0x007d0000 0x00000ed0 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 5.28

导入

库: python37.dll:
0x1403c62a0 Py_IgnoreEnvironmentFlag
0x1403c62a8 Py_DontWriteBytecodeFlag
0x1403c62b0 Py_NoUserSiteDirectory
0x1403c62b8 Py_UTF8Mode
0x1403c62c0 PyImport_FrozenModules
0x1403c62c8 PyObject_Repr
0x1403c62d0 PyObject_Str
0x1403c62d8 PyObject_RichCompare
0x1403c62e0 PyObject_RichCompareBool
0x1403c62e8 PyObject_SetAttrString
0x1403c62f0 PyObject_GetAttr
0x1403c62f8 PyObject_SetAttr
0x1403c6300 PyObject_SelfIter
0x1403c6308 PyObject_GenericSetAttr
0x1403c6310 PyObject_IsTrue
0x1403c6318 PyCallable_Check
0x1403c6320 PyObject_ClearWeakRefs
0x1403c6328 PyMem_Malloc
0x1403c6330 PyMem_Realloc
0x1403c6338 PyObject_Malloc
0x1403c6340 PyObject_Realloc
0x1403c6348 PyObject_Free
0x1403c6350 _PyObject_New
0x1403c6358 _PyObject_GC_Resize
0x1403c6360 PyObject_GC_UnTrack
0x1403c6368 PyObject_GC_Del
0x1403c6370 PyByteArray_FromObject
0x1403c6388 PyUnicode_New
0x1403c6390 _PyUnicode_Ready
0x1403c63a0 PyUnicode_AsUnicode
0x1403c63a8 PyUnicode_FromFormat
0x1403c63b0 PyUnicode_InternInPlace
0x1403c63b8 PyUnicode_FromWideChar
0x1403c63c0 PyUnicode_FromOrdinal
0x1403c63c8 PyUnicode_DecodeUTF8
0x1403c63d0 PyUnicode_Concat
0x1403c63d8 PyUnicode_FindChar
0x1403c63e0 PyUnicode_Format
0x1403c63e8 PyLong_AsLongAndOverflow
0x1403c63f0 PyLong_FromLongLong
0x1403c6400 PyLong_FromString
0x1403c6408 PyLong_FromUnicodeObject
0x1403c6410 _PyLong_New
0x1403c6418 PyFloat_FromString
0x1403c6420 PyFloat_FromDouble
0x1403c6428 PyComplex_FromDoubles
0x1403c6430 PyTuple_Pack
0x1403c6438 PyList_SetItem
0x1403c6440 PyList_Sort
0x1403c6448 PyDict_GetItem
0x1403c6450 PyDict_GetItemString
0x1403c6458 PyDict_SetItemString
0x1403c6460 _PySet_NextEntry
0x1403c6468 PySet_Add
0x1403c6470 PyCFunction_NewEx
0x1403c6478 PyModule_NewObject
0x1403c6480 PyModule_GetName
0x1403c6490 PyModule_GetDef
0x1403c64a8 PyErr_WarnEx
0x1403c64b0 PyErr_ExceptionMatches
0x1403c64b8 PyErr_NormalizeException
0x1403c64c0 PyException_SetCause
0x1403c64c8 PyErr_BadArgument
0x1403c64d0 PyErr_NoMemory
0x1403c64d8 Py_BytesWarningFlag
0x1403c64e0 PyOS_snprintf
0x1403c64e8 PyArg_ParseTuple
0x1403c64f8 PyArg_UnpackTuple
0x1403c6500 _PyArg_NoKeywords
0x1403c6508 PyModule_ExecDef
0x1403c6510 PyModule_FromDefAndSpec2
0x1403c6518 PyCode_New
0x1403c6520 Py_CompileStringExFlags
0x1403c6528 PyErr_Print
0x1403c6530 PyEval_GetFuncName
0x1403c6538 PyEval_EvalFrameEx
0x1403c6540 PySys_WriteStderr
0x1403c6548 PyImport_ExecCodeModule
0x1403c6558 PyImport_GetModuleDict
0x1403c6560 PyImport_ImportModule
0x1403c6578 PyObject_Call
0x1403c6580 PyObject_CallObject
0x1403c6598 _PyObject_HasLen
0x1403c65a0 PyObject_LengthHint
0x1403c65a8 PyObject_GetIter
0x1403c65b0 PyIter_Next
0x1403c65b8 PyNumber_Add
0x1403c65c0 PyNumber_Subtract
0x1403c65c8 PyNumber_FloorDivide
0x1403c65d0 PyNumber_Float
0x1403c65d8 PyNumber_InPlaceAdd
0x1403c65e0 PyNumber_InPlaceMultiply
0x1403c65e8 PyNumber_InPlaceLshift
0x1403c65f0 PyNumber_ToBase
0x1403c65f8 PySequence_List
0x1403c6600 PySequence_InPlaceConcat
0x1403c6608 PyMapping_Size
0x1403c6610 PyEval_EvalCodeEx
0x1403c6618 PyFrame_New
0x1403c6628 _Py_NotImplementedStruct
0x1403c6630 PyByteArray_Type
0x1403c6640 PyFloat_Type
0x1403c6648 PyComplex_Type
0x1403c6650 PyRange_Type
0x1403c6658 PyDictKeys_Type
0x1403c6660 PySet_Type
0x1403c6668 PyFrozenSet_Type
0x1403c6670 PyModuleDef_Type
0x1403c6678 PyMethod_Type
0x1403c6680 PyTraceBack_Type
0x1403c6688 _Py_EllipsisObject
0x1403c6690 PySlice_Type
0x1403c6698 PyEllipsis_Type
0x1403c66a0 PyGen_Type
0x1403c66a8 PyCoro_Type
0x1403c66b0 PyAsyncGen_Type
0x1403c66c0 PyExc_StopAsyncIteration
0x1403c66c8 PyExc_ImportError
0x1403c66d0 PyExc_NameError
0x1403c66d8 PyExc_OverflowError
0x1403c66e0 PyExc_RuntimeError
0x1403c66e8 PyExc_UnboundLocalError
0x1403c66f0 PyExc_ImportWarning
0x1403c66f8 _Py_PackageContext
0x1403c6700 PyCode_Type
0x1403c6708 PyFrame_Type
0x1403c6710 Py_FrozenFlag
0x1403c6718 Py_NoSiteFlag
0x1403c6720 Py_OptimizeFlag
0x1403c6728 Py_InspectFlag
0x1403c6730 Py_InteractiveFlag
0x1403c6738 Py_VerboseFlag
0x1403c6740 Py_DebugFlag
0x1403c6748 PySys_SetArgv
0x1403c6750 Py_Initialize
0x1403c6760 Py_SetProgramName
0x1403c6768 _PyWarnings_Init
0x1403c6770 PyDict_DelItemString
0x1403c6778 PyLong_AsLong
0x1403c6780 PyUnicode_AsUTF8
0x1403c6788 PyFrozenSet_New
0x1403c6790 PyObject_DelItem
0x1403c6798 PyExc_OSError
0x1403c67a0 PyExc_LookupError
0x1403c67b0 PyReversed_Type
0x1403c67b8 PyMap_Type
0x1403c67c0 PyUnicode_Join
0x1403c67c8 PyZip_Type
0x1403c67d0 PyNumber_Invert
0x1403c67d8 PyExc_GeneratorExit
0x1403c67e0 PyNumber_Positive
0x1403c67e8 PyDict_MergeFromSeq2
0x1403c67f0 PyDict_Merge
0x1403c67f8 PyBytes_Type
0x1403c6800 PyNumber_Negative
0x1403c6808 PyEnum_Type
0x1403c6810 PyBool_Type
0x1403c6818 PySet_New
0x1403c6820 PyLong_Type
0x1403c6828 PyDict_Type
0x1403c6830 PyTuple_Type
0x1403c6838 PySequence_Tuple
0x1403c6840 PyDict_DelItem
0x1403c6848 PyFilter_Type
0x1403c6850 PyExc_ValueError
0x1403c6858 PyExc_KeyError
0x1403c6860 PyExc_IndexError
0x1403c6868 PyExc_StopIteration
0x1403c6870 PyExc_Exception
0x1403c6878 PyExc_BaseException
0x1403c6880 PyProperty_Type
0x1403c6888 PySeqIter_Type
0x1403c6890 PyModule_Type
0x1403c6898 PyList_Type
0x1403c68a0 PyUnicode_Type
0x1403c68a8 PyObject_IsSubclass
0x1403c68b0 PySequence_Contains
0x1403c68b8 PySequence_Check
0x1403c68c0 PyNumber_Long
0x1403c68c8 PyNumber_AsSsize_t
0x1403c68d0 PyObject_SetItem
0x1403c68d8 PyObject_GetItem
0x1403c68e0 PyEval_AcquireThread
0x1403c68f0 PyEval_SaveThread
0x1403c68f8 Py_MakePendingCalls
0x1403c6900 Py_Exit
0x1403c6908 PyErr_PrintEx
0x1403c6910 PyErr_WriteUnraisable
0x1403c6918 PyException_SetContext
0x1403c6920 PyException_GetContext
0x1403c6928 PySlice_New
0x1403c6930 PyThreadState_Get
0x1403c6938 PyModule_GetDict
0x1403c6940 _PyDict_NewPresized
0x1403c6948 PyDict_SetItem
0x1403c6950 PyDict_New
0x1403c6958 PyList_New
0x1403c6960 PyLong_FromSsize_t
0x1403c6968 PyObject_GC_Track
0x1403c6970 _PyObject_GC_Malloc
0x1403c6978 PyObject_Dir
0x1403c6980 PyObject_GetAttrString
0x1403c6988 PyType_IsSubtype
0x1403c6990 PyExc_TypeError
0x1403c6998 PyExc_SystemError
0x1403c69a0 PyExc_AttributeError
0x1403c69a8 PyFunction_Type
0x1403c69b0 PyCFunction_Type
0x1403c69b8 _Py_NoneStruct
0x1403c69c0 PyBaseObject_Type
0x1403c69c8 PyType_Type
0x1403c69d0 PyObject_IsInstance
0x1403c69d8 PyErr_Format
0x1403c69e0 PyTuple_New
0x1403c69e8 _PyType_Lookup
0x1403c69f0 PyType_Ready
0x1403c69f8 _Py_TrueStruct
0x1403c6a00 _Py_FalseStruct
0x1403c6a08 PySys_SetObject
0x1403c6a10 PySys_GetObject
0x1403c6a18 PyStructSequence_New
0x1403c6a28 PyCapsule_New
0x1403c6a30 PyLong_FromLong
0x1403c6a38 PyUnicode_Find
0x1403c6a40 PyUnicode_GetLength
0x1403c6a48 PyUnicode_Substring
0x1403c6a50 PyUnicode_FromString
0x1403c6a58 _PyErr_FormatFromCause
库: KERNEL32.dll:
0x1403c6000 WriteConsoleW
0x1403c6008 HeapReAlloc
0x1403c6010 HeapSize
0x1403c6018 SetFilePointerEx
0x1403c6020 GetFileSizeEx
0x1403c6028 GetConsoleMode
0x1403c6030 GetConsoleOutputCP
0x1403c6038 FlushFileBuffers
0x1403c6040 GetProcessHeap
0x1403c6048 GetStringTypeW
0x1403c6050 FreeEnvironmentStringsW
0x1403c6058 GetEnvironmentStringsW
0x1403c6060 GetCPInfo
0x1403c6068 GetOEMCP
0x1403c6070 GetACP
0x1403c6078 IsValidCodePage
0x1403c6080 FindNextFileW
0x1403c6088 FindFirstFileExW
0x1403c6090 FindClose
0x1403c6098 MultiByteToWideChar
0x1403c60a0 GetFileType
0x1403c60a8 LCMapStringW
0x1403c60b0 CompareStringW
0x1403c60b8 FlsFree
0x1403c60c0 FlsSetValue
0x1403c60c8 FlsGetValue
0x1403c60d0 FlsAlloc
0x1403c60d8 HeapFree
0x1403c60e0 HeapAlloc
0x1403c60e8 GetStdHandle
0x1403c60f0 GetCommandLineW
0x1403c60f8 GetCommandLineA
0x1403c6100 GetModuleHandleExW
0x1403c6108 ExitProcess
0x1403c6110 RtlPcToFileHeader
0x1403c6118 RaiseException
0x1403c6120 EncodePointer
0x1403c6128 FreeLibrary
0x1403c6130 TlsFree
0x1403c6138 TlsSetValue
0x1403c6140 TlsGetValue
0x1403c6148 TlsAlloc
0x1403c6158 DeleteCriticalSection
0x1403c6160 LeaveCriticalSection
0x1403c6168 EnterCriticalSection
0x1403c6170 SetLastError
0x1403c6178 RtlUnwindEx
0x1403c6180 SetDllDirectoryW
0x1403c6188 GetModuleHandleW
0x1403c6190 GetStartupInfoW
0x1403c6198 IsDebuggerPresent
0x1403c61a0 InitializeSListHead
0x1403c61a8 GetCurrentThreadId
0x1403c61b0 QueryPerformanceCounter
0x1403c61c0 TerminateProcess
0x1403c61c8 GetCurrentProcess
0x1403c61d8 UnhandledExceptionFilter
0x1403c61e0 RtlVirtualUnwind
0x1403c61e8 RtlLookupFunctionEntry
0x1403c61f0 RtlCaptureContext
0x1403c61f8 WideCharToMultiByte
0x1403c6200 FindResourceA
0x1403c6208 FormatMessageA
0x1403c6210 LockResource
0x1403c6218 LoadResource
0x1403c6220 LoadLibraryExW
0x1403c6228 GetProcAddress
0x1403c6230 GetModuleHandleA
0x1403c6238 GetModuleFileNameW
0x1403c6240 GetSystemTimeAsFileTime
0x1403c6248 GetCurrentProcessId
0x1403c6250 SetErrorMode
0x1403c6258 GetLastError
0x1403c6260 CloseHandle
0x1403c6268 WriteFile
0x1403c6270 GetShortPathNameW
0x1403c6278 CreateFileW
0x1403c6280 SetEnvironmentVariableW
0x1403c6288 GetEnvironmentVariableW
0x1403c6290 SetStdHandle
.text
`.rdata
@.data
.pdata
@_RDATA
@.rsrc
@.reloc
L;5ux;
没有防病毒引擎扫描信息!
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.33.33.178 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 23.33.33.178 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 20.382 seconds )

  • 17.287 Static
  • 1.678 TargetInfo
  • 1.045 NetworkAnalysis
  • 0.311 peid
  • 0.019 config_decoder
  • 0.016 Suricata
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.002 BehaviorAnalysis
  • 0.002 Memory

Signatures ( 1.403 seconds )

  • 1.324 proprietary_url_bl
  • 0.011 antiav_detectreg
  • 0.008 proprietary_domain_bl
  • 0.005 anomaly_persistence_autorun
  • 0.005 antiav_detectfile
  • 0.005 infostealer_ftp
  • 0.004 geodo_banking_trojan
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_im
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 antianalysis_detectreg
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 infostealer_mail
  • 0.001 rat_nanocore
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.51 seconds )

  • 0.46 ReportHTMLSummary
  • 0.05 Malheur
Task ID 744330
Mongo ID 662b0adbdc327b93ac415acf
Cuckoo release 1.4-Maldun