分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-11-18 17:20:44 | 2019-11-18 17:23:01 | 137 秒 |
文件名 | dragon.exe |
---|---|
文件大小 | 4046654 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | d556b343ffb45a8c1ac53da54303895d |
SHA1 | 032821c210fcee7dcc7d7567a85b457eb4e840c3 |
SHA256 | 06aa1501aca895658d9a0d654af162a00b6b9df3488c82803145487c4aeb79bb |
SHA512 | 9d8c64f7e7782833434d11fe3afc2fa0c6231f9499ad0c1c21adc4f5d7014861d766c644e945645409f6394cc33ab74a7bb1a52b9fb2f2dc0573727af4efa955 |
CRC32 | E44663FA |
Ssdeep | 98304:p5YZt2C1zSKFpJl/Oy68MgcAGcZAGCJbch5o:p031TZlGyQKK1beK |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0041d759 |
声明校验值 | 0x00000000 |
实际校验值 | 0x003e656b |
最低操作系统版本要求 | 5.1 |
PDB路径 | D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb |
编译时间 | 2019-04-28 04:03:27 |
载入哈希 | 00be6e6c4f9e287672c8301b72bdabf3 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0002e854 | 0x0002ea00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.69 |
.rdata | 0x00030000 | 0x00009a9c | 0x00009c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.13 |
.data | 0x0003a000 | 0x000213d0 | 0x00000c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.25 |
.gfids | 0x0005c000 | 0x000000e8 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.11 |
.rsrc | 0x0005d000 | 0x0000d478 | 0x0000d600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.85 |
.reloc | 0x0006b000 | 0x00001fcc | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.65 |
偏移量 | 0x0006cfcc |
大小 | 0x0036ef72 |
无主机纪录.
无TCP连接纪录.
无UDP连接纪录.
无域名信息.
无TCP连接纪录.
无UDP连接纪录.
未发现HTTP请求.
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2019-11-18 17:21:20.450011+0800 | 47.244.180.173 | 80 | 192.168.122.201 | 49163 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2019-11-18 17:21:58.086507+0800 | 47.244.180.173 | 80 | 192.168.122.201 | 49174 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2019-11-18 17:21:58.398020+0800 | 47.244.180.173 | 80 | 192.168.122.201 | 49175 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2019-11-18 17:21:58.741520+0800 | 47.244.180.173 | 80 | 192.168.122.201 | 49176 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2019-11-18 17:21:59.179719+0800 | 47.244.180.173 | 80 | 192.168.122.201 | 49177 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2019-11-18 17:21:59.518509+0800 | 47.244.180.173 | 80 | 192.168.122.201 | 49178 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2019-11-18 17:22:03.356629+0800 | 192.168.122.201 | 49192 | 61.147.112.198 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
2019-11-18 17:22:05.083398+0800 | 192.168.122.201 | 49194 | 103.39.210.144 | 808 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
2019-11-18 17:22:05.083398+0800 | 192.168.122.201 | 49194 | 103.39.210.144 | 808 | TCP | 2018752 | ET TROJAN Generic .bin download from Dotted Quad | A Network Trojan was detected |
2019-11-18 17:22:05.237977+0800 | 103.39.210.144 | 808 | 192.168.122.201 | 49194 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2019-11-18 17:22:36.551202+0800 | 192.168.122.201 | 65401 | 180.76.76.76 | 53 | UDP | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2019-11-18 17:22:40.319674+0800 | 192.168.122.201 | 49235 | 180.101.49.12 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | d1:f6:32:3d:b6:f2:ec:81:e7:02:36:90:f4:9b:2d:91:e0:c3:99:3a |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 460638 |
---|---|
Mongo ID | 5dd263572f8f2e08f460aafc |
Cuckoo release | 1.4-Maldun |