分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-11-18 23:19:25 | 2019-11-18 23:21:40 | 135 秒 |
文件名 | a4e806cfc72c4388c0a9d109546ff7c8.txt |
---|---|
文件大小 | 149637 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5 | a4e806cfc72c4388c0a9d109546ff7c8 |
SHA1 | 1f9f47b91b155e3b945ead6781e6dd274626d0e6 |
SHA256 | 56ed8ac2e96bd5af86174f02cc5d011f2595898b66f69728cafbd56ff9fe71a3 |
SHA512 | 8a26c787ecd4fbdc754a930fa9fd99d63f7580f6a9709fdb5f1ce4963bf5587875f6fab9186b48e7e864315b22ad35c43a746361dc3cf0469df07f4308fce459 |
CRC32 | 428F9735 |
Ssdeep | 3072:UO8K7OIHKMDsk0EtgboHVZPk7VwOZyVGXOxGNQcfmWo68UF:SK7OIqAtg0HrPEqGGAD/F |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
api.wipmania.net | 未知 | A 84.38.129.47 |
api.wipmania.com | A 212.83.168.196 | |
a.baerr666.ru | A 109.236.89.60 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00409ad0 |
声明校验值 | 0x00000000 |
实际校验值 | 0x00030208 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2013-07-08 08:01:06 |
载入哈希 | 2fd1a822e9e7315260ab4b1446e9ff9f |
ProductName | |
---|---|
CompanyName |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x00007000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
UPX1 | 0x00008000 | 0x00002000 | 0x00001e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.64 |
.rsrc | 0x0000a000 | 0x00001000 | 0x00000e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.89 |
偏移量 | 0x0000ac3c |
大小 | 0x00019c49 |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | W32.AppdataOfomoaM.Trojan | 20180706 |
MicroWorld-eScan | Trojan.Encpk.Gen.4 | 20180709 |
CMC | 未发现病毒 | 20180709 |
CAT-QuickHeal | 未发现病毒 | 20180709 |
McAfee | Artemis!A4E806CFC72C | 20180709 |
Cylance | Unsafe | 20180709 |
Zillya | 未发现病毒 | 20180709 |
SUPERAntiSpyware | 未发现病毒 | 20180709 |
TheHacker | Trojan/Injector.ajdl | 20180709 |
K7GW | Trojan ( 00403a7a1 ) | 20180709 |
K7AntiVirus | Trojan ( 00403a7a1 ) | 20180709 |
TrendMicro | WORM_DORKBOT.TJ | 20180709 |
Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9999 | 20180709 |
Babable | 未发现病毒 | 20180406 |
F-Prot | W32/Androm.G | 20180709 |
Symantec | ML.Attribute.HighConfidence | 20180709 |
TotalDefense | 未发现病毒 | 20180709 |
TrendMicro-HouseCall | TROJ_SPNR.03GT13 | 20180709 |
Avast | Win32:Fareit-HS [Trj] | 20180709 |
ClamAV | Win.Trojan.Androm-210 | 20180709 |
GData | Trojan.Encpk.Gen.4 | 20180709 |
Kaspersky | Backdoor.Win32.Androm.abkx | 20180709 |
BitDefender | Trojan.Encpk.Gen.4 | 20180709 |
NANO-Antivirus | Trojan.Win32.Androm.cqmxrh | 20180709 |
Paloalto | generic.ml | 20180709 |
AegisLab | Backdoor.W32.Androm.abkx!c | 20180709 |
Rising | 未发现病毒 | 20180709 |
Ad-Aware | Trojan.Encpk.Gen.4 | 20180709 |
Sophos | Troj/Zbot-FTB | 20180709 |
Comodo | 未发现病毒 | 20180709 |
F-Secure | Trojan.Encpk.Gen.4 | 20180709 |
DrWeb | Trojan.DownLoad3.8872 | 20180709 |
VIPRE | TrojanPWS.Win32.Fareit.aa (v) | 20180709 |
Invincea | heuristic | 20180601 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.cc | 20180709 |
Emsisoft | Trojan.Encpk.Gen.4 (B) | 20180709 |
SentinelOne | static engine - malicious | 20180701 |
Cyren | W32/Androm.HNVO-8431 | 20180709 |
Jiangmin | Backdoor/Androm.wp | 20180709 |
Webroot | Trojan.Dropper.Gen | 20180709 |
Avira | TR/Crypt.ULPM.Gen2 | 20180709 |
Antiy-AVL | Trojan[Backdoor]/Win32.Androm | 20180709 |
Kingsoft | 未发现病毒 | 20180709 |
Endgame | malicious (moderate confidence) | 20180612 |
Arcabit | Trojan.Encpk.Gen.4 | 20180709 |
ViRobot | 未发现病毒 | 20180709 |
ZoneAlarm | HEUR:Trojan.Win32.Generic | 20180709 |
Avast-Mobile | 未发现病毒 | 20180709 |
Microsoft | Worm:Win32/Dorkbot | 20180709 |
TACHYON | Backdoor/W32.Androm.149637 | 20180709 |
AhnLab-V3 | Trojan/Win32.Tepfer.R73632 | 20180709 |
ALYac | Trojan.Encpk.Gen.4 | 20180709 |
AVware | TrojanPWS.Win32.Fareit.aa (v) | 20180709 |
MAX | malware (ai score=100) | 20180709 |
VBA32 | BScope.Malware-Cryptor.Dubdabud | 20180709 |
Malwarebytes | Spyware.ZeuS | 20180709 |
Zoner | 未发现病毒 | 20180709 |
ESET-NOD32 | a variant of Win32/Injector.AJDL | 20180709 |
Tencent | Win32.Trojan.Inject.Auto | 20180709 |
Yandex | Backdoor.Androm!mO38siR6t9Y | 20180709 |
Ikarus | Trojan.Win32.Bamital | 20180709 |
eGambit | 未发现病毒 | 20180709 |
Fortinet | 未发现病毒 | 20180709 |
AVG | Win32:Fareit-HS [Trj] | 20180709 |
Cybereason | malicious.fc72c4 | 20180225 |
Panda | Trj/Dtcontx.F | 20180709 |
CrowdStrike | malicious_confidence_100% (D) | 20180530 |
Qihoo-360 | Win32/Trojan.e6d | 20180709 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49203 | 212.83.168.196 api.wipmania.com | 80 |
192.168.122.201 | 49204 | 212.83.168.196 api.wipmania.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 58897 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
api.wipmania.net | 未知 | A 84.38.129.47 |
api.wipmania.com | A 212.83.168.196 | |
a.baerr666.ru | A 109.236.89.60 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49203 | 212.83.168.196 api.wipmania.com | 80 |
192.168.122.201 | 49204 | 212.83.168.196 api.wipmania.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 58897 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://api.wipmania.com/ | GET / HTTP/1.1 User-Agent: Mozilla/4.0 Host: api.wipmania.com |
无SMTP流量.
无IRC请求.
源地址 | 目标地址 | ICMP类型 | 数据 |
---|---|---|---|
109.236.95.227 | 192.168.122.201 | 3 | |
109.236.95.227 | 192.168.122.201 | 3 | |
109.236.95.227 | 192.168.122.201 | 3 | |
194.85.16.129 | 192.168.122.201 | 3 |
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2019-11-18 23:20:16.196186+0800 | 192.168.122.201 | 49203 | 212.83.168.196 | 80 | TCP | 2014304 | ET POLICY External IP Lookup Attempt To Wipmania | Potential Corporate Privacy Violation |
2019-11-18 23:20:16.196186+0800 | 192.168.122.201 | 49203 | 212.83.168.196 | 80 | TCP | 2015800 | ET TROJAN Dorkbot GeoIP Lookup to wipmania | A Network Trojan was detected |
2019-11-18 23:20:17.303811+0800 | 192.168.122.201 | 49204 | 212.83.168.196 | 80 | TCP | 2014304 | ET POLICY External IP Lookup Attempt To Wipmania | Potential Corporate Privacy Violation |
2019-11-18 23:20:17.303811+0800 | 192.168.122.201 | 49204 | 212.83.168.196 | 80 | TCP | 2015800 | ET TROJAN Dorkbot GeoIP Lookup to wipmania | A Network Trojan was detected |
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 460750 |
---|---|
Mongo ID | 5dd2b7c72f8f2e08f660aed7 |
Cuckoo release | 1.4-Maldun |