ahseven/Malware-Sample-found-by-me
GitHub: ahseven/Malware-Sample-found-by-me
恶意软件样本库,用于测试和分析。
Stars: 0 | Forks: 0
# 恶意软件分析:image_2025-12-31_12-46-16.exe
**样本密码:** `infected`
## 概述
该恶意软件被发现通过Telegram传播,据信源自中国。
## 判定
**恶意**(AI评分:0.2)
## 指示符
| 类型 | 值 |
|------|-------|
| 文件名 | `image_2025-12-31_12-46-16.exe` |
| SHA256 | `2b24dce2ba941a8be030a7b4496260910a066f6a7124dd867939b85762404a1e` |
## PE元数据
- **节:** 5
- **入口点:** `0x369f`
## 完整分析JSON
```
{
"filename": "image_2025-12-31_12-46-16.exe",
"sha256": "2b24dce2ba941a8be030a7b4496260910a066f6a7124dd867939b85762404a1e",
"verdict": "MALICIOUS",
"ai_score": 0.2,
"yara_hits": [
"CRC32_poly_Constant",
"IsPE32",
"IsWindowsGUI",
"IsPacked",
"HasOverlay",
"HasRichSignature",
"escalate_priv",
"screenshot",
"win_registry",
"win_token",
"win_files_operation",
"CRC32_poly_Constant",
"IsPE32",
"IsWindowsGUI",
"IsPacked",
"HasOverlay",
"HasRichSignature",
"android_meterpreter",
"escalate_priv",
"screenshot",
"win_registry",
"win_token",
"win_files_operation",
"contains_base64",
"url",
"IP",
"domain"
],
"pe_metadata": {
"sections": 5,
"entry_point": "0x369f"
}
}
```
标签:Base64编码, CRC32校验, DAST, DNS信息、DNS暴力破解, HTTP接口, IP地址, PE32格式, PE文件分析, SHA256哈希, Telegram传播, URL, Windows令牌, Windows图形界面, Windows注册表, YARA规则, 中国来源, 丰富签名, 协议分析, 域名, 屏幕截图, 恶意软件分析, 恶意软件库, 打包软件, 文件操作, 权限提升, 覆盖段