分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-12-09 18:13:02 | 2019-12-09 18:15:38 | 156 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | MasterZ_Custom_93.exe |
|---|---|
| 文件大小 | 10454664 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5 | 70028b45526712f0a0e2e303c9832ad3 |
| SHA1 | 59d669e7beae9d90d1cbd67a7422446bb85e80a4 |
| SHA256 | 9a7d4bdcf84cec14b83c9442bbc97aeac78429273bb313c70d5bc8f203be2b0a |
| SHA512 | 693f13e85ded9b60a417b463bb246d3ece24b90bac9aea68203ad0fa2a342ae5d6ef7b32cf740f4a96b8ad47be923249c5ce99f47c89e025e1d5067de7c72ee8 |
| CRC32 | 8F240AE4 |
| Ssdeep | 196608:oIOwfMKp3AN4Jzt4x7QC/lp+9xSH94pqWKCjagaGnDSO0uUXlYpVILJ8:oIEKp3g4ht4xSmHOqij0Gni+VI |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0040354b |
| 声明校验值 | 0x009fabc1 |
| 实际校验值 | 0x009fabc1 |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 2010-04-10 20:19:31 |
| 载入哈希 | b729b61eb1515fcf7b3e511e4e66258b |
版本信息
| LegalCopyright | |
|---|---|
| ProductName | |
| ProductVersion | |
| FileDescription | |
| Translation |
微软证书验证 (Sign Tool)
| SHA1 | 时间戳 | 有效性 | 错误 |
|---|---|---|---|
| None | Fri Nov 22 09:36:36 2019 | 无 |
| 证书链 | Certificate Chain 1 |
| 发行给 | Certum Trusted Network CA |
| 发行人 | Certum Trusted Network CA |
| 有效期 | Mon Dec 31 200737 2029 |
| SHA1 哈希 | 07e032e020b72c3f192f0628a2593a19a70f069e |
| 证书链 | Certificate Chain 2 |
| 发行给 | WoTrus Code Signing CA |
| 发行人 | Certum Trusted Network CA |
| 有效期 | Tue May 18 162015 2027 |
| SHA1 哈希 | d0c864713473adbd12052962e7c68d876a90dbbf |
| 证书链 | Certificate Chain 3 |
| 发行给 | Shenzhen Shangzhou Net Technology Co., Ltd. |
| 发行人 | WoTrus Code Signing CA |
| 有效期 | Sun Dec 20 154303 2020 |
| SHA1 哈希 | 98f4327966f8b44f5aaa75ffa19e5c6a0a1c40e5 |
| 证书链 | Timestamp Chain 1 |
| 发行给 | DigiCert Assured ID Root CA |
| 发行人 | DigiCert Assured ID Root CA |
| 有效期 | Mon Nov 10 080000 2031 |
| SHA1 哈希 | 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
| 证书链 | Timestamp Chain 2 |
| 发行给 | DigiCert SHA2 Assured ID Timestamping CA |
| 发行人 | DigiCert Assured ID Root CA |
| 有效期 | Tue Jan 07 200000 2031 |
| SHA1 哈希 | 3ba63a6e4841355772debef9cdcf4d5af353a297 |
| 证书链 | Timestamp Chain 3 |
| 发行给 | TIMESTAMP-SHA256-2019-10-15 |
| 发行人 | DigiCert SHA2 Assured ID Timestamping CA |
| 有效期 | Thu Oct 17 080000 2030 |
| SHA1 哈希 | 0325bd505eda96302dc22f4fa01e4c28be2834c5 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000063a2 | 0x00006400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.48 |
| .rdata | 0x00008000 | 0x000018f2 | 0x00001a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.89 |
| .data | 0x0000a000 | 0x0006669c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.43 |
| .ndata | 0x00071000 | 0x000a1000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x00112000 | 0x00006ee8 | 0x00007000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.76 |
导入
库: KERNEL32.dll:
• 0x408060 SetFileTime
• 0x408064 CompareFileTime
• 0x408068 SearchPathW
• 0x40806c GetShortPathNameW
• 0x408070 GetFullPathNameW
• 0x408074 MoveFileW
• 0x408078 SetCurrentDirectoryW
• 0x40807c GetFileAttributesW
• 0x408080 GetLastError
• 0x408084 CreateDirectoryW
• 0x408088 SetFileAttributesW
• 0x40808c Sleep
• 0x408090 GetTickCount
• 0x408094 CreateFileW
• 0x408098 GetFileSize
• 0x40809c GetModuleFileNameW
• 0x4080a0 GetCurrentProcess
• 0x4080a4 CopyFileW
• 0x4080a8 ExitProcess
• 0x4080ac GetWindowsDirectoryW
• 0x4080b0 GetTempPathW
• 0x4080b4 GetCommandLineW
• 0x4080b8 SetErrorMode
• 0x4080bc CloseHandle
• 0x4080c0 lstrlenW
• 0x4080c4 lstrcpynW
• 0x4080c8 GetDiskFreeSpaceW
• 0x4080cc GlobalUnlock
• 0x4080d0 GlobalLock
• 0x4080d4 CreateThread
• 0x4080d8 LoadLibraryW
• 0x4080dc CreateProcessW
• 0x4080e0 lstrcmpiA
• 0x4080e4 GetTempFileNameW
• 0x4080e8 lstrcatW
• 0x4080ec GetProcAddress
• 0x4080f0 LoadLibraryA
• 0x4080f4 GetModuleHandleA
• 0x4080f8 OpenProcess
• 0x4080fc lstrcpyW
• 0x408100 GetVersionExW
• 0x408104 GetSystemDirectoryW
• 0x408108 GetVersion
• 0x40810c lstrcpyA
• 0x408110 RemoveDirectoryW
• 0x408114 lstrcmpiW
• 0x408118 lstrcmpW
• 0x40811c ExpandEnvironmentStringsW
• 0x408120 GlobalAlloc
• 0x408124 WaitForSingleObject
• 0x408128 GetExitCodeProcess
• 0x40812c GlobalFree
• 0x408130 GetModuleHandleW
• 0x408134 LoadLibraryExW
• 0x408138 FreeLibrary
• 0x40813c WritePrivateProfileStringW
• 0x408140 GetPrivateProfileStringW
• 0x408144 WideCharToMultiByte
• 0x408148 MulDiv
• 0x40814c lstrlenA
• 0x408150 WriteFile
• 0x408154 ReadFile
• 0x408158 MultiByteToWideChar
• 0x40815c SetFilePointer
• 0x408160 FindClose
• 0x408164 FindNextFileW
• 0x408168 FindFirstFileW
• 0x40816c DeleteFileW
• 0x408170 lstrcpynA
库: USER32.dll:
• 0x408194 ScreenToClient
• 0x408198 GetMessagePos
• 0x40819c CallWindowProcW
• 0x4081a0 IsWindowVisible
• 0x4081a4 LoadBitmapW
• 0x4081a8 CloseClipboard
• 0x4081ac SetClipboardData
• 0x4081b0 EmptyClipboard
• 0x4081b4 OpenClipboard
• 0x4081b8 TrackPopupMenu
• 0x4081bc GetWindowRect
• 0x4081c0 AppendMenuW
• 0x4081c4 CreatePopupMenu
• 0x4081c8 GetSystemMetrics
• 0x4081cc EndDialog
• 0x4081d0 EnableMenuItem
• 0x4081d4 GetSystemMenu
• 0x4081d8 SetClassLongW
• 0x4081dc IsWindowEnabled
• 0x4081e0 SetWindowPos
• 0x4081e4 DialogBoxParamW
• 0x4081e8 CheckDlgButton
• 0x4081ec CreateWindowExW
• 0x4081f0 SystemParametersInfoW
• 0x4081f4 RegisterClassW
• 0x4081f8 SetDlgItemTextW
• 0x4081fc GetDlgItemTextW
• 0x408200 MessageBoxIndirectW
• 0x408204 CharNextA
• 0x408208 CharUpperW
• 0x40820c CharPrevW
• 0x408210 DispatchMessageW
• 0x408214 PeekMessageW
• 0x408218 wsprintfA
• 0x40821c DestroyWindow
• 0x408220 CreateDialogParamW
• 0x408224 SetTimer
• 0x408228 SetWindowTextW
• 0x40822c PostQuitMessage
• 0x408230 SetForegroundWindow
• 0x408234 ShowWindow
• 0x408238 wsprintfW
• 0x40823c SendMessageTimeoutW
• 0x408240 LoadCursorW
• 0x408244 SetCursor
• 0x408248 GetWindowLongW
• 0x40824c GetSysColor
• 0x408250 CharNextW
• 0x408254 GetClassInfoW
• 0x408258 ExitWindowsEx
• 0x40825c FindWindowExW
• 0x408260 GetDlgItem
• 0x408264 SetWindowLongW
• 0x408268 LoadImageW
• 0x40826c GetDC
• 0x408270 EnableWindow
• 0x408274 InvalidateRect
• 0x408278 SendMessageW
• 0x40827c DefWindowProcW
• 0x408280 BeginPaint
• 0x408284 GetClientRect
• 0x408288 FillRect
• 0x40828c DrawTextW
• 0x408290 EndPaint
• 0x408294 IsWindow
库: GDI32.dll:
• 0x40803c SetBkColor
• 0x408040 GetDeviceCaps
• 0x408044 DeleteObject
• 0x408048 CreateBrushIndirect
• 0x40804c CreateFontIndirectW
• 0x408050 SetBkMode
• 0x408054 SetTextColor
• 0x408058 SelectObject
库: SHELL32.dll:
• 0x408178 SHBrowseForFolderW
• 0x40817c SHGetPathFromIDListW
• 0x408180 SHGetFileInfoW
• 0x408184 ShellExecuteW
• 0x408188 SHFileOperationW
• 0x40818c SHGetSpecialFolderLocation
库: ADVAPI32.dll:
• 0x408000 RegEnumKeyW
• 0x408004 RegOpenKeyExW
• 0x408008 RegCloseKey
• 0x40800c RegDeleteKeyW
• 0x408010 RegDeleteValueW
• 0x408014 RegCreateKeyExW
• 0x408018 RegSetValueExW
• 0x40801c RegQueryValueExW
• 0x408020 RegEnumValueW
库: COMCTL32.dll:
• 0x408028 ImageList_AddMasked
• 0x40802c ImageList_Destroy
• 0x408030 None
• 0x408034 ImageList_Create
库: ole32.dll:
• 0x4082ac CoTaskMemFree
• 0x4082b0 OleInitialize
• 0x4082b4 OleUninitialize
• 0x4082b8 CoCreateInstance
库: VERSION.dll:
• 0x40829c GetFileVersionInfoSizeW
• 0x4082a0 GetFileVersionInfoW
• 0x4082a4 VerQueryValueW
.text
`.rdata
@.data
.ndata
.rsrc
Ph~L@
9-dbE
Sh{P@
PhhbE
SHGetFolderPathW
SHFOLDER
SHAutoComplete
SHLWAPI
GetUserDefaultUILanguage
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyExW
ADVAPI32
MoveFileExW
GetDiskFreeSpaceExW
KERNEL32
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Kernel32.DLL
GetModuleBaseNameW
EnumProcessModules
EnumProcesses
PSAPI.DLL
MulDiv
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
MultiByteToWideChar
ReadFile
WriteFile
lstrlenA
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalFree
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
ExpandEnvironmentStringsW
lstrcmpW
lstrcmpiW
CloseHandle
SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
KERNEL32.dll
EndPaint
DrawTextW
FillRect
GetClientRect
BeginPaint
DefWindowProcW
SendMessageW
InvalidateRect
EnableWindow
GetDC
LoadImageW
SetWindowLongW
GetDlgItem
IsWindow
FindWindowExW
SendMessageTimeoutW
wsprintfW
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextW
SetTimer
CreateDialogParamW
DestroyWindow
ExitWindowsEx
CharNextW
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationW
ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VERSION.dll
BBBp;;;>
@@@`777-
(EEEH
xmaad
dc{odadm
fcaacopefm
wwwwp
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
~nsu.tmp
\Temp
NSIS Error
%u.%u%s%s
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
*?|<>/":
Unknown
msctls_progress32
SysListView32
Please wait while Setup is loading...
VS_VERSION_INFO
StringFileInfo
000003a8
FileDescription
LegalCopyright
ProductName
ProductVersion
1.2.1.0
VarFileInfo
Translation
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20191209 |
| MicroWorld-eScan | 未发现病毒 | 20191209 |
| CMC | 未发现病毒 | 20190321 |
| CAT-QuickHeal | 未发现病毒 | 20191208 |
| McAfee | 未发现病毒 | 20191209 |
| Cylance | 未发现病毒 | 20191209 |
| Zillya | 未发现病毒 | 20191207 |
| SUPERAntiSpyware | 未发现病毒 | 20191203 |
| Sangfor | 未发现病毒 | 20191031 |
| K7AntiVirus | 未发现病毒 | 20191209 |
| Alibaba | 未发现病毒 | 20190527 |
| K7GW | 未发现病毒 | 20191209 |
| Cybereason | 未发现病毒 | 20190616 |
| TrendMicro | 未发现病毒 | 20191209 |
| Baidu | 未发现病毒 | 20190318 |
| F-Prot | 未发现病毒 | 20191209 |
| Symantec | 未发现病毒 | 20191208 |
| TotalDefense | 未发现病毒 | 20191209 |
| APEX | 未发现病毒 | 20191207 |
| Avast | 未发现病毒 | 20191209 |
| ClamAV | 未发现病毒 | 20191208 |
| GData | 未发现病毒 | 20191209 |
| Kaspersky | 未发现病毒 | 20191209 |
| BitDefender | 未发现病毒 | 20191209 |
| NANO-Antivirus | 未发现病毒 | 20191209 |
| ViRobot | 未发现病毒 | 20191209 |
| Tencent | 未发现病毒 | 20191209 |
| Endgame | 未发现病毒 | 20190918 |
| Emsisoft | 未发现病毒 | 20191209 |
| Comodo | 未发现病毒 | 20191209 |
| F-Secure | 未发现病毒 | 20191209 |
| DrWeb | DLOADER.Trojan | 20191209 |
| VIPRE | Dialer.Win32.GBDialer.i (v) | 20191209 |
| Invincea | 未发现病毒 | 20190904 |
| McAfee-GW-Edition | 未发现病毒 | 20191208 |
| FireEye | 未发现病毒 | 20191209 |
| Sophos | 未发现病毒 | 20191209 |
| Paloalto | 未发现病毒 | 20191209 |
| Cyren | 未发现病毒 | 20191209 |
| Jiangmin | 未发现病毒 | 20191209 |
| Webroot | 未发现病毒 | 20191209 |
| Avira | 未发现病毒 | 20191209 |
| Antiy-AVL | 未发现病毒 | 20191209 |
| Kingsoft | 未发现病毒 | 20191209 |
| Microsoft | 未发现病毒 | 20191209 |
| Arcabit | 未发现病毒 | 20191209 |
| AegisLab | 未发现病毒 | 20191209 |
| ZoneAlarm | 未发现病毒 | 20191209 |
| Avast-Mobile | 未发现病毒 | 20191209 |
| TACHYON | 未发现病毒 | 20191209 |
| AhnLab-V3 | 未发现病毒 | 20191209 |
| Acronis | 未发现病毒 | 20191209 |
| VBA32 | 未发现病毒 | 20191209 |
| ALYac | 未发现病毒 | 20191209 |
| MAX | 未发现病毒 | 20191209 |
| Ad-Aware | 未发现病毒 | 20191209 |
| Malwarebytes | 未发现病毒 | 20191209 |
| Zoner | 未发现病毒 | 20191209 |
| ESET-NOD32 | 未发现病毒 | 20191209 |
| TrendMicro-HouseCall | 未发现病毒 | 20191209 |
| Rising | 未发现病毒 | 20191209 |
| Yandex | 未发现病毒 | 20191208 |
| SentinelOne | 未发现病毒 | 20191203 |
| MaxSecure | 未发现病毒 | 20191207 |
| Fortinet | 未发现病毒 | 20191209 |
| BitDefenderTheta | 未发现病毒 | 20191204 |
| AVG | 未发现病毒 | 20191209 |
| Panda | 未发现病毒 | 20191208 |
| CrowdStrike | 未发现病毒 | 20190702 |
| Qihoo-360 | 未发现病毒 | 20191209 |
进程树
-
MasterZ_Custom_93.exe id: 2504
- taskkill.exe id: 2640
- cmd.exe id: 2716
- cmd.exe id: 2988
-
services.exe id: 428
- mscorsvw.exe id: 2376
- mscorsvw.exe id: 1144
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 112.74.102.50 | 21 | 192.168.122.201 | 49207 |
| 112.74.102.50 | 30392 | 192.168.122.201 | 49208 |
| 112.74.102.50 | 30393 | 192.168.122.201 | 49209 |
| 112.74.102.50 | 30394 | 192.168.122.201 | 49210 |
| 112.74.102.50 | 30395 | 192.168.122.201 | 49211 |
| 112.74.102.50 | 30396 | 192.168.122.201 | 49212 |
| 112.74.102.50 | 30397 | 192.168.122.201 | 49213 |
| 112.74.102.50 | 30398 | 192.168.122.201 | 49214 |
| 112.74.102.50 | 30399 | 192.168.122.201 | 49215 |
| 112.74.102.50 | 30400 | 192.168.122.201 | 49216 |
| 112.74.102.50 | 30401 | 192.168.122.201 | 49217 |
| 112.74.102.50 | 30402 | 192.168.122.201 | 49218 |
| 112.74.102.50 | 30403 | 192.168.122.201 | 49219 |
| 112.74.102.50 | 30404 | 192.168.122.201 | 49220 |
| 112.74.102.50 | 30405 | 192.168.122.201 | 49221 |
| 112.74.102.50 | 30406 | 192.168.122.201 | 49222 |
| 112.74.102.50 | 30407 | 192.168.122.201 | 49223 |
| 112.74.102.50 | 30408 | 192.168.122.201 | 49224 |
| 112.74.102.50 | 30409 | 192.168.122.201 | 49225 |
| 112.74.102.50 | 30410 | 192.168.122.201 | 49226 |
| 112.74.102.50 | 30411 | 192.168.122.201 | 49227 |
| 112.74.102.50 | 30412 | 192.168.122.201 | 49228 |
| 112.74.102.50 | 30413 | 192.168.122.201 | 49229 |
| 112.74.102.50 | 30414 | 192.168.122.201 | 49230 |
| 112.74.102.50 | 30415 | 192.168.122.201 | 49231 |
| 112.74.102.50 | 30416 | 192.168.122.201 | 49232 |
| 112.74.102.50 | 30417 | 192.168.122.201 | 49233 |
| 112.74.102.50 | 30418 | 192.168.122.201 | 49234 |
| 112.74.102.50 | 30419 | 192.168.122.201 | 49235 |
| 112.74.102.50 | 30420 | 192.168.122.201 | 49236 |
| 112.74.102.50 | 30421 | 192.168.122.201 | 49237 |
| 112.74.102.50 | 30422 | 192.168.122.201 | 49238 |
| 112.74.102.50 | 30423 | 192.168.122.201 | 49239 |
| 112.74.102.50 | 30424 | 192.168.122.201 | 49240 |
| 112.74.102.50 | 30425 | 192.168.122.201 | 49241 |
| 112.74.102.50 | 30426 | 192.168.122.201 | 49242 |
| 112.74.102.50 | 30427 | 192.168.122.201 | 49243 |
| 112.74.102.50 | 30428 | 192.168.122.201 | 49244 |
| 112.74.102.50 | 30429 | 192.168.122.201 | 49245 |
| 112.74.102.50 | 30430 | 192.168.122.201 | 49246 |
| 112.74.102.50 | 30431 | 192.168.122.201 | 49247 |
| 112.74.102.50 | 30432 | 192.168.122.201 | 49248 |
| 112.74.102.50 | 30433 | 192.168.122.201 | 49249 |
| 112.74.102.50 | 30434 | 192.168.122.201 | 49250 |
| 112.74.102.50 | 30435 | 192.168.122.201 | 49251 |
| 112.74.102.50 | 30436 | 192.168.122.201 | 49252 |
| 112.74.102.50 | 30437 | 192.168.122.201 | 49253 |
| 112.74.102.50 | 30438 | 192.168.122.201 | 49254 |
| 112.74.102.50 | 30439 | 192.168.122.201 | 49255 |
| 112.74.102.50 | 30440 | 192.168.122.201 | 49256 |
| 112.74.102.50 | 30441 | 192.168.122.201 | 49257 |
| 112.74.102.50 | 30442 | 192.168.122.201 | 49258 |
| 112.74.102.50 | 30443 | 192.168.122.201 | 49259 |
| 112.74.102.50 | 30444 | 192.168.122.201 | 49260 |
| 112.74.102.50 | 30445 | 192.168.122.201 | 49261 |
| 112.74.102.50 | 30446 | 192.168.122.201 | 49262 |
| 112.74.102.50 | 30447 | 192.168.122.201 | 49263 |
| 112.74.102.50 | 30448 | 192.168.122.201 | 49264 |
| 112.74.102.50 | 30449 | 192.168.122.201 | 49265 |
| 112.74.102.50 | 30451 | 192.168.122.201 | 49266 |
| 112.74.102.50 | 30452 | 192.168.122.201 | 49267 |
| 112.74.102.50 | 30453 | 192.168.122.201 | 49268 |
| 112.74.102.50 | 30454 | 192.168.122.201 | 49269 |
| 112.74.102.50 | 30455 | 192.168.122.201 | 49270 |
| 112.74.102.50 | 30456 | 192.168.122.201 | 49271 |
| 112.74.102.50 | 30457 | 192.168.122.201 | 49272 |
| 112.74.102.50 | 30458 | 192.168.122.201 | 49273 |
| 112.74.102.50 | 30459 | 192.168.122.201 | 49274 |
| 112.74.102.50 | 30460 | 192.168.122.201 | 49275 |
| 112.74.102.50 | 30461 | 192.168.122.201 | 49276 |
| 112.74.102.50 | 30462 | 192.168.122.201 | 49277 |
| 112.74.102.50 | 30463 | 192.168.122.201 | 49278 |
| 112.74.102.50 | 30464 | 192.168.122.201 | 49279 |
| 112.74.102.50 | 30465 | 192.168.122.201 | 49280 |
| 112.74.102.50 | 30466 | 192.168.122.201 | 49281 |
| 112.74.102.50 | 30469 | 192.168.122.201 | 49282 |
| 112.74.102.50 | 30471 | 192.168.122.201 | 49283 |
| 112.74.102.50 | 30472 | 192.168.122.201 | 49284 |
| 112.74.102.50 | 30474 | 192.168.122.201 | 49285 |
| 112.74.102.50 | 30477 | 192.168.122.201 | 49286 |
| 112.74.102.50 | 30482 | 192.168.122.201 | 49287 |
| 112.74.102.50 | 30485 | 192.168.122.201 | 49288 |
| 112.74.102.50 | 30487 | 192.168.122.201 | 49289 |
| 112.74.102.50 | 30489 | 192.168.122.201 | 49290 |
| 112.74.102.50 | 30492 | 192.168.122.201 | 49291 |
| 112.74.102.50 | 30493 | 192.168.122.201 | 49292 |
| 112.74.102.50 | 30494 | 192.168.122.201 | 49293 |
| 112.74.102.50 | 30495 | 192.168.122.201 | 49294 |
| 112.74.102.50 | 30496 | 192.168.122.201 | 49295 |
| 112.74.102.50 | 30497 | 192.168.122.201 | 49296 |
| 112.74.102.50 | 30498 | 192.168.122.201 | 49297 |
| 112.74.102.50 | 30499 | 192.168.122.201 | 49298 |
| 112.74.102.50 | 30500 | 192.168.122.201 | 49299 |
| 112.74.102.50 | 30502 | 192.168.122.201 | 49300 |
| 112.74.102.50 | 30504 | 192.168.122.201 | 49301 |
| 112.74.102.50 | 30505 | 192.168.122.201 | 49302 |
| 112.74.102.50 | 30507 | 192.168.122.201 | 49303 |
| 112.74.102.50 | 30509 | 192.168.122.201 | 49304 |
| 112.74.102.50 | 30511 | 192.168.122.201 | 49305 |
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 112.74.102.50 | 21 | 192.168.122.201 | 49207 |
| 112.74.102.50 | 30392 | 192.168.122.201 | 49208 |
| 112.74.102.50 | 30393 | 192.168.122.201 | 49209 |
| 112.74.102.50 | 30394 | 192.168.122.201 | 49210 |
| 112.74.102.50 | 30395 | 192.168.122.201 | 49211 |
| 112.74.102.50 | 30396 | 192.168.122.201 | 49212 |
| 112.74.102.50 | 30397 | 192.168.122.201 | 49213 |
| 112.74.102.50 | 30398 | 192.168.122.201 | 49214 |
| 112.74.102.50 | 30399 | 192.168.122.201 | 49215 |
| 112.74.102.50 | 30400 | 192.168.122.201 | 49216 |
| 112.74.102.50 | 30401 | 192.168.122.201 | 49217 |
| 112.74.102.50 | 30402 | 192.168.122.201 | 49218 |
| 112.74.102.50 | 30403 | 192.168.122.201 | 49219 |
| 112.74.102.50 | 30404 | 192.168.122.201 | 49220 |
| 112.74.102.50 | 30405 | 192.168.122.201 | 49221 |
| 112.74.102.50 | 30406 | 192.168.122.201 | 49222 |
| 112.74.102.50 | 30407 | 192.168.122.201 | 49223 |
| 112.74.102.50 | 30408 | 192.168.122.201 | 49224 |
| 112.74.102.50 | 30409 | 192.168.122.201 | 49225 |
| 112.74.102.50 | 30410 | 192.168.122.201 | 49226 |
| 112.74.102.50 | 30411 | 192.168.122.201 | 49227 |
| 112.74.102.50 | 30412 | 192.168.122.201 | 49228 |
| 112.74.102.50 | 30413 | 192.168.122.201 | 49229 |
| 112.74.102.50 | 30414 | 192.168.122.201 | 49230 |
| 112.74.102.50 | 30415 | 192.168.122.201 | 49231 |
| 112.74.102.50 | 30416 | 192.168.122.201 | 49232 |
| 112.74.102.50 | 30417 | 192.168.122.201 | 49233 |
| 112.74.102.50 | 30418 | 192.168.122.201 | 49234 |
| 112.74.102.50 | 30419 | 192.168.122.201 | 49235 |
| 112.74.102.50 | 30420 | 192.168.122.201 | 49236 |
| 112.74.102.50 | 30421 | 192.168.122.201 | 49237 |
| 112.74.102.50 | 30422 | 192.168.122.201 | 49238 |
| 112.74.102.50 | 30423 | 192.168.122.201 | 49239 |
| 112.74.102.50 | 30424 | 192.168.122.201 | 49240 |
| 112.74.102.50 | 30425 | 192.168.122.201 | 49241 |
| 112.74.102.50 | 30426 | 192.168.122.201 | 49242 |
| 112.74.102.50 | 30427 | 192.168.122.201 | 49243 |
| 112.74.102.50 | 30428 | 192.168.122.201 | 49244 |
| 112.74.102.50 | 30429 | 192.168.122.201 | 49245 |
| 112.74.102.50 | 30430 | 192.168.122.201 | 49246 |
| 112.74.102.50 | 30431 | 192.168.122.201 | 49247 |
| 112.74.102.50 | 30432 | 192.168.122.201 | 49248 |
| 112.74.102.50 | 30433 | 192.168.122.201 | 49249 |
| 112.74.102.50 | 30434 | 192.168.122.201 | 49250 |
| 112.74.102.50 | 30435 | 192.168.122.201 | 49251 |
| 112.74.102.50 | 30436 | 192.168.122.201 | 49252 |
| 112.74.102.50 | 30437 | 192.168.122.201 | 49253 |
| 112.74.102.50 | 30438 | 192.168.122.201 | 49254 |
| 112.74.102.50 | 30439 | 192.168.122.201 | 49255 |
| 112.74.102.50 | 30440 | 192.168.122.201 | 49256 |
| 112.74.102.50 | 30441 | 192.168.122.201 | 49257 |
| 112.74.102.50 | 30442 | 192.168.122.201 | 49258 |
| 112.74.102.50 | 30443 | 192.168.122.201 | 49259 |
| 112.74.102.50 | 30444 | 192.168.122.201 | 49260 |
| 112.74.102.50 | 30445 | 192.168.122.201 | 49261 |
| 112.74.102.50 | 30446 | 192.168.122.201 | 49262 |
| 112.74.102.50 | 30447 | 192.168.122.201 | 49263 |
| 112.74.102.50 | 30448 | 192.168.122.201 | 49264 |
| 112.74.102.50 | 30449 | 192.168.122.201 | 49265 |
| 112.74.102.50 | 30451 | 192.168.122.201 | 49266 |
| 112.74.102.50 | 30452 | 192.168.122.201 | 49267 |
| 112.74.102.50 | 30453 | 192.168.122.201 | 49268 |
| 112.74.102.50 | 30454 | 192.168.122.201 | 49269 |
| 112.74.102.50 | 30455 | 192.168.122.201 | 49270 |
| 112.74.102.50 | 30456 | 192.168.122.201 | 49271 |
| 112.74.102.50 | 30457 | 192.168.122.201 | 49272 |
| 112.74.102.50 | 30458 | 192.168.122.201 | 49273 |
| 112.74.102.50 | 30459 | 192.168.122.201 | 49274 |
| 112.74.102.50 | 30460 | 192.168.122.201 | 49275 |
| 112.74.102.50 | 30461 | 192.168.122.201 | 49276 |
| 112.74.102.50 | 30462 | 192.168.122.201 | 49277 |
| 112.74.102.50 | 30463 | 192.168.122.201 | 49278 |
| 112.74.102.50 | 30464 | 192.168.122.201 | 49279 |
| 112.74.102.50 | 30465 | 192.168.122.201 | 49280 |
| 112.74.102.50 | 30466 | 192.168.122.201 | 49281 |
| 112.74.102.50 | 30469 | 192.168.122.201 | 49282 |
| 112.74.102.50 | 30471 | 192.168.122.201 | 49283 |
| 112.74.102.50 | 30472 | 192.168.122.201 | 49284 |
| 112.74.102.50 | 30474 | 192.168.122.201 | 49285 |
| 112.74.102.50 | 30477 | 192.168.122.201 | 49286 |
| 112.74.102.50 | 30482 | 192.168.122.201 | 49287 |
| 112.74.102.50 | 30485 | 192.168.122.201 | 49288 |
| 112.74.102.50 | 30487 | 192.168.122.201 | 49289 |
| 112.74.102.50 | 30489 | 192.168.122.201 | 49290 |
| 112.74.102.50 | 30492 | 192.168.122.201 | 49291 |
| 112.74.102.50 | 30493 | 192.168.122.201 | 49292 |
| 112.74.102.50 | 30494 | 192.168.122.201 | 49293 |
| 112.74.102.50 | 30495 | 192.168.122.201 | 49294 |
| 112.74.102.50 | 30496 | 192.168.122.201 | 49295 |
| 112.74.102.50 | 30497 | 192.168.122.201 | 49296 |
| 112.74.102.50 | 30498 | 192.168.122.201 | 49297 |
| 112.74.102.50 | 30499 | 192.168.122.201 | 49298 |
| 112.74.102.50 | 30500 | 192.168.122.201 | 49299 |
| 112.74.102.50 | 30502 | 192.168.122.201 | 49300 |
| 112.74.102.50 | 30504 | 192.168.122.201 | 49301 |
| 112.74.102.50 | 30505 | 192.168.122.201 | 49302 |
| 112.74.102.50 | 30507 | 192.168.122.201 | 49303 |
| 112.74.102.50 | 30509 | 192.168.122.201 | 49304 |
| 112.74.102.50 | 30511 | 192.168.122.201 | 49305 |
UDP
无UDP连接纪录.
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2019-12-09 18:14:52.988963+0800 | 112.74.102.50 | 21 | 192.168.122.201 | 49207 | TCP | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 64.536 seconds )
- 24.486 Static
- 17.224 BehaviorAnalysis
- 15.614 Suricata
- 3.035 VirusTotal
- 2.374 TargetInfo
- 1.251 NetworkAnalysis
- 0.436 peid
- 0.07 AnalysisInfo
- 0.028 config_decoder
- 0.015 Strings
- 0.003 Memory
Signatures ( 6.344 seconds )
- 0.847 api_spamming
- 0.701 stealth_timeout
- 0.616 stealth_decoy_document
- 0.295 mimics_filetime
- 0.259 antiav_detectreg
- 0.22 virus
- 0.219 injection_createremotethread
- 0.204 antivm_generic_disk
- 0.198 stealth_file
- 0.197 bootkit
- 0.153 injection_runpe
- 0.134 hancitor_behavior
- 0.125 antivm_generic_scsi
- 0.117 infostealer_browser
- 0.11 infostealer_ftp
- 0.1 injection_explorer
- 0.089 antivm_generic_services
- 0.072 ransomware_extensions
- 0.066 shifu_behavior
- 0.065 infostealer_im
- 0.063 antiav_detectfile
- 0.06 maldun_anomaly_massive_file_ops
- 0.056 infostealer_browser_password
- 0.055 ipc_namedpipe
- 0.053 antivm_vbox_libs
- 0.053 antianalysis_detectreg
- 0.047 maldun_anomaly_write_exe_and_obsfucate_extension
- 0.046 securityxploded_modules
- 0.045 maldun_malicious_write_executeable_under_temp_to_regrun
- 0.043 infostealer_bitcoin
- 0.038 anomaly_persistence_autorun
- 0.037 infostealer_mail
- 0.035 ransomware_message
- 0.035 sets_autoconfig_url
- 0.035 ransomware_files
- 0.033 kovter_behavior
- 0.03 dridex_behavior
- 0.027 antidbg_windows
- 0.026 antiemu_wine_func
- 0.026 exec_crash
- 0.025 antivm_vbox_files
- 0.022 antisandbox_sunbelt_libs
- 0.022 disables_wfp
- 0.021 md_url_bl
- 0.02 antiav_avast_libs
- 0.019 disables_spdy
- 0.017 antisandbox_sboxie_libs
- 0.017 kibex_behavior
- 0.017 maldun_anomaly_write_exe_and_dll_under_winroot_run
- 0.017 md_domain_bl
- 0.016 hawkeye_behavior
- 0.016 betabot_behavior
- 0.016 antiav_bitdefender_libs
- 0.015 dead_connect
- 0.014 anomaly_persistence_bootexecute
- 0.014 antivm_vmware_libs
- 0.014 creates_largekey
- 0.014 creates_nullvalue
- 0.014 antivm_xen_keys
- 0.013 office_dl_write_exe
- 0.013 anomaly_reset_winsock
- 0.013 stealth_network
- 0.013 geodo_banking_trojan
- 0.013 darkcomet_regkeys
- 0.012 office_write_exe
- 0.012 kazybot_behavior
- 0.012 antivm_parallels_keys
- 0.011 rat_luminosity
- 0.011 antidbg_devices
- 0.009 anormaly_invoke_kills
- 0.009 vawtrak_behavior
- 0.009 nymaim_behavior
- 0.009 antivm_generic_diskreg
- 0.009 rat_pcclient
- 0.008 network_tor
- 0.008 disables_browser_warn
- 0.008 recon_fingerprint
- 0.007 rat_nanocore
- 0.006 antivm_vbox_window
- 0.005 tinba_behavior
- 0.005 cerber_behavior
- 0.005 antisandbox_script_timer
- 0.005 process_needed
- 0.005 antisandbox_productid
- 0.005 browser_security
- 0.005 packer_armadillo_regkey
- 0.004 network_anomaly
- 0.004 antisandbox_sleep
- 0.004 kelihos_behavior
- 0.004 browser_needed
- 0.004 h1n1_behavior
- 0.004 bypass_firewall
- 0.004 antivm_xen_keys
- 0.004 antivm_hyperv_keys
- 0.004 antivm_vbox_acpi
- 0.004 antivm_vbox_keys
- 0.004 antivm_vmware_files
- 0.004 antivm_vmware_keys
- 0.004 antivm_vpc_keys
- 0.004 modify_proxy
- 0.004 codelux_behavior
- 0.004 maldun_anormaly_invoke_vb_vba
- 0.003 ispy_behavior
- 0.003 sniffer_winpcap
- 0.003 antivm_generic_bios
- 0.003 antivm_generic_system
- 0.003 browser_addon
- 0.003 maldun_malicious_drop_executable_file_to_temp_folder
- 0.003 network_tor_service
- 0.003 recon_programs
- 0.002 antiav_servicestop
- 0.002 network_bind
- 0.002 antianalysis_detectfile
- 0.002 antivm_generic_cpu
- 0.002 antivm_vpc_files
- 0.002 banker_cridex
- 0.002 disables_system_restore
- 0.002 disables_windows_defender
- 0.002 malicous_targeted_flame
- 0.002 md_bad_drop
- 0.002 office_security
- 0.002 ransomware_radamant
- 0.002 stealth_modify_uac_prompt
- 0.001 removes_zoneid_ads
- 0.001 andromeda_behavior
- 0.001 banker_prinimalka
- 0.001 TrickBotTaskDelete
- 0.001 gootkit_behavior
- 0.001 Locky_behavior
- 0.001 ursnif_behavior
- 0.001 deletes_self
- 0.001 network_execute_http
- 0.001 ransomeware_modifies_desktop_wallpaper
- 0.001 dyre_behavior
- 0.001 spreading_autoruninf
- 0.001 modifies_hostfile
- 0.001 antisandbox_fortinet_files
- 0.001 antisandbox_sunbelt_files
- 0.001 antisandbox_threattrack_files
- 0.001 banker_zeus_mutex
- 0.001 bitcoin_opencl
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 disables_windowsupdate
- 0.001 dropper
- 0.001 maldun_anomaly_commands
- 0.001 locker_regedit
- 0.001 locker_taskmgr
- 0.001 rat_spynet
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_modify_security_center_warnings
- 0.001 stealth_web_history
Reporting ( 1.438 seconds )
- 0.914 ReportHTMLSummary
- 0.524 Malheur
| Task ID | 471283 |
|---|---|
| Mongo ID | 5dee1f5b2f8f2e4e2ab0d847 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号