分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
---|---|---|---|---|
FILE | 2022-05-27 21:12:12 | 2022-05-27 21:13:19 | 67 秒 | 1.4-Maldun |
虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
---|---|---|---|---|
win7-sp1-x64-shaapp03-1 | win7-sp1-x64-shaapp03-1 | KVM | 2022-05-27 21:12:14 | 2022-05-27 21:13:22 |
魔盾分数 |
---|
10.0恶意的 |
文件名 | duplicate file finder plus_16.0.79.rar |
---|---|
文件大小 | 490296 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
CRC32 | 6E292587 |
MD5 | 8d282dae469c287ff5c66f53e1d68ed7 |
SHA1 | 617d458fe2434492737be317a921efe752ee0c53 |
SHA256 | 5be5e4b0abb9189c524560b999e9449817ff9220e4d7e853656f82b392349e0b |
SHA512 | 31fa194b9c724d4ed5d4b06da3c35d6a29d39f16bdb8818df91ebb2de2ea78abc9b491f65e592def5adb5ec2068e87d43d7b937b4fc4951f5bb08629e999d9a6 |
Ssdeep | 12288:5ExGg+U1dB+uImwwZGgeJmA2v/IOBp7rh9:5OGg+sK8VA2v/xBX9 |
PEiD | 无匹配 |
Yara |
|
VirusTotal | VirusTotal查询失败 |
直接访问 | IP地址 | 国家名 |
---|---|---|
否 | 104.22.25.131 | United States |
否 | 104.85.244.134 | United States |
否 | 172.67.169.247 | United States |
否 | 172.67.204.35 | United States |
域名 | 响应 |
---|---|
www.duplicatefilefinder4pc.com |
A 104.21.44.223
A 172.67.204.35 |
duplicatefilefinder4pc.com | |
use.fontawesome.com |
A 104.21.63.54
CNAME use.fontawesome.com.cdn.cloudflare.net A 172.67.169.247 |
s7.addthis.com |
CNAME ds-s7.addthis.com.edgekey.net
A 104.85.244.134 CNAME s8.addthis.com CNAME e4016.a.akamaiedge.net |
embed.tawk.to |
A 104.22.24.131
A 172.67.38.66 A 104.22.25.131 |
IP地址 | 端口 |
---|---|
104.22.25.131 | 443 |
104.22.25.131 | 443 |
104.22.25.131 | 443 |
104.22.25.131 | 443 |
104.22.25.131 | 443 |
104.22.25.131 | 443 |
104.85.244.134 | 443 |
104.96.203.48 | 80 |
172.67.169.247 | 443 |
172.67.169.247 | 443 |
172.67.204.35 | 80 |
172.67.204.35 | 443 |
172.67.204.35 | 443 |
172.67.204.35 | 443 |
172.67.204.35 | 443 |
172.67.204.35 | 443 |
172.67.204.35 | 443 |
172.67.204.35 | 443 |
IP地址 | 端口 |
---|---|
192.168.122.1 | 53 |
192.168.122.1 | 53 |
192.168.122.1 | 53 |
192.168.122.1 | 53 |
192.168.122.1 | 53 |
192.168.122.1 | 53 |
URL | HTTP数据 |
---|---|
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
http://www.duplicatefilefinder4pc.com/latestver-p.txt | GET /latestver-p.txt HTTP/1.1 Host: www.duplicatefilefinder4pc.com Connection: Keep-Alive |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00469800 |
声明校验值 | 0x00000000 |
实际校验值 | 0x000819a5 |
最低操作系统版本要求 | 5.1 |
编译时间 | 2018-06-24 23:04:40 |
载入哈希 | 4bb6c97d0fd6fbaeabdd43515fbc6b28 |
图标 | |
图标精确哈希值 | f4f666aa5b7140c61ee1207635d7022d |
图标相似性哈希值 | 01d5192ff2c9379c4085014f5894940f |
Translation: | 0x0000 0x04b0 |
LegalCopyright: | Copyright \xc2 2004-2021 TriSun Software Limited. All rights reserved. |
Assembly Version: | 16.0.79.0 |
InternalName: | Duplicate File Finder Plus.exe |
FileVersion: | 16.0.079 |
CompanyName: | TriSun Software Limited |
LegalTrademarks: | |
Comments: | Duplicate File Finder Plus |
ProductName: | Duplicate File Finder Plus |
ProductVersion: | 16.0.079 |
FileDescription: | Duplicate File Finder Plus |
OriginalFilename: | Duplicate File Finder Plus.exe |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x0004a000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
UPX1 | 0x0004b000 | 0x0001f000 | 0x0001ec00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.92 |
.rsrc | 0x0006a000 | 0x00008000 | 0x00007200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.24 |
偏移量: | 0x00026200 |
大小: | 0x00051938 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x00070148 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.15 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00070148 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.15 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00070148 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.15 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00070148 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.15 | GLS_BINARY_LSB_FIRST |
RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
RT_DIALOG | 0x00062eb8 | 0x00000252 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.43 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_STRING | 0x0006408c | 0x000000d6 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.70 | data |
RT_GROUP_ICON | 0x000705b4 | 0x0000003e | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.41 | MS Windows icon resource - 4 icons, 256x256 |
RT_VERSION | 0x000705f8 | 0x0000047c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.37 | data |
RT_MANIFEST | 0x00070a78 | 0x00000533 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.92 | XML 1.0 document, ASCII text, with CRLF line terminators |