比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-02-19 05:27:21 2020-02-19 05:29:40 139 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 444444.png
文件大小 401408 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4bb84bd2a61f674b6fdc6a711572ebed
SHA1 d9481237fcb5d28cd1d61b74d895dfd9bec2bcdc
SHA256 ff9c9f32a64be793de04de2486b1e6fc74d6c500c293b2544776ff64114ce774
SHA512 a35ccd58d0ba859ef91678d0b74155d095be9274adfefb52ac51c6104167a50d735bc4de21961284c66b2b08dc74d6a79182349c175d183c6f33664bf1e2d870
CRC32 9C6F88E2
Ssdeep 6144:5N/T1A/l3oTDULRdJiJkUcyveV5MK61KsTHdpgzbOj3b:5M6TDULPWkUGM9VLdOerb
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.ip-adress.com A 85.93.89.6
A 85.93.88.251
A 209.126.124.166
A 207.38.89.115
26.178.164.180.in-addr.arpa NXDOMAIN

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0043e0e4
声明校验值 0x00000000
实际校验值 0x00068dd2
最低操作系统版本要求 5.0
编译时间 2020-02-18 06:51:13
载入哈希 40d487a6cbee19efb7da9f163c5bc2a1

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
PrivateBuild
LegalTrademarks
Comments
ProductName
SpecialBuild
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00044f03 0x00045000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.95
.rdata 0x00046000 0x000024a0 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.39
.data 0x00049000 0x00005c83 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.45
DATA 0x0004f000 0x00000c0a 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.37
.rsrc 0x00050000 0x00014c5c 0x00015000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.95

导入

库: KERNEL32.dll:
0x446030 VirtualQuery
0x446034 GetSystemInfo
0x446038 VirtualProtect
0x44603c GetCurrentProcess
0x446040 TerminateProcess
0x446048 GetModuleHandleA
0x44604c GetModuleHandleW
0x446050 GetCommandLineA
0x446054 GetVersionExA
0x446058 GetStartupInfoA
0x446060 GetProcAddress
0x446064 ExitProcess
0x446068 WriteFile
0x44606c GetStdHandle
0x446070 GetModuleFileNameA
0x446080 WideCharToMultiByte
0x446084 GetLastError
0x44608c SetHandleCount
0x446090 GetFileType
0x446098 TlsGetValue
0x44609c TlsAlloc
0x4460a0 TlsSetValue
0x4460a4 TlsFree
0x4460ac SetLastError
0x4460b4 GetCurrentThreadId
0x4460b8 HeapDestroy
0x4460bc HeapCreate
0x4460c0 VirtualFree
0x4460c4 HeapFree
0x4460cc GetTickCount
0x4460d0 GetCurrentProcessId
0x4460d8 GetCPInfo
0x4460dc GetACP
0x4460e0 GetOEMCP
0x4460e4 OutputDebugStringA
0x4460f0 LoadLibraryExA
0x4460f8 HeapAlloc
0x4460fc Sleep
0x446100 VirtualAlloc
0x446104 HeapReAlloc
0x446108 LCMapStringA
0x44610c MultiByteToWideChar
0x446110 LCMapStringW
0x446114 GetStringTypeA
0x446118 GetStringTypeW
0x44611c GetLocaleInfoA
库: OLEAUT32.dll:
0x44612c BSTR_UserMarshal
库: ntdll.dll:
0x446150 RtlUnwind
库: CLUSAPI.dll:
库: GDI32.dll:
0x446024 GetStockObject
库: ADVAPI32.dll:
0x446000 CloseEventLog
0x446008 CloseServiceHandle
库: WINSPOOL.DRV:
库: SETUPAPI.dll:
库: NTDSAPI.dll:
0x446124 DsBindWithCredW
库: CRYPT32.dll:
0x446018 CertGetValidUsages
0x44601c CertFindRDNAttr
库: USER32.dll:
0x44613c VkKeyScanExA
.text
`.rdata
@.data
.rsrc
;nlEE
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20200217
MicroWorld-eScan 未发现病毒 20200217
CMC 未发现病毒 20190321
CAT-QuickHeal 未发现病毒 20200217
Qihoo-360 HEUR/QVM41.1.5693.Malware.Gen 20200218
McAfee GenericRXJH-SG!4BB84BD2A61F 20200217
Zillya 未发现病毒 20200217
Sangfor 未发现病毒 20200212
CrowdStrike win/malicious_confidence_90% (D) 20190702
Alibaba 未发现病毒 20190527
K7GW Hacktool ( 700007861 ) 20200217
K7AntiVirus 未发现病毒 20200217
Invincea heuristic 20191211
Baidu 未发现病毒 20190318
F-Prot 未发现病毒 20200217
Symantec ML.Attribute.HighConfidence 20200217
ESET-NOD32 未发现病毒 20200217
APEX Malicious 20200216
Paloalto 未发现病毒 20200218
ClamAV 未发现病毒 20200216
Kaspersky 未发现病毒 20200217
BitDefender 未发现病毒 20200217
NANO-Antivirus 未发现病毒 20200217
ViRobot 未发现病毒 20200217
SUPERAntiSpyware 未发现病毒 20200214
Avast 未发现病毒 20200217
Tencent 未发现病毒 20200218
Endgame malicious (high confidence) 20200131
Sophos 未发现病毒 20200217
Comodo 未发现病毒 20200217
F-Secure 未发现病毒 20200217
DrWeb 未发现病毒 20200217
VIPRE 未发现病毒 20200217
TrendMicro 未发现病毒 20200217
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20200217
Trapmine malicious.high.ml.score 20200123
FireEye Generic.mg.4bb84bd2a61f674b 20200217
Emsisoft 未发现病毒 20200217
SentinelOne DFI - Malicious PE 20191218
Cyren 未发现病毒 20200217
Jiangmin 未发现病毒 20200217
Webroot W32.Trojan.Gen 20200218
Avira 未发现病毒 20200217
Fortinet 未发现病毒 20200217
Antiy-AVL 未发现病毒 20200217
Kingsoft 未发现病毒 20200218
Arcabit 未发现病毒 20200217
AegisLab Trojan.Win32.Zbot.m2M2 20200217
ZoneAlarm 未发现病毒 20200217
Avast-Mobile 未发现病毒 20200213
Microsoft Trojan:Win32/Wacatac.C!ml 20200217
TACHYON 未发现病毒 20200217
AhnLab-V3 未发现病毒 20200217
Acronis suspicious 20200217
VBA32 未发现病毒 20200217
ALYac 未发现病毒 20200217
MAX 未发现病毒 20200218
Ad-Aware 未发现病毒 20200217
Zoner 未发现病毒 20200217
TrendMicro-HouseCall 未发现病毒 20200217
Rising Malware.Heuristic!ET#96% (RDMK:cmRtazr4WTahFgI0V4jVFgN3zghy) 20200217
Yandex 未发现病毒 20200217
Ikarus 未发现病毒 20200217
eGambit 未发现病毒 20200218
GData 未发现病毒 20200217
BitDefenderTheta Gen:NN.ZexaF.34090.yu0@a400!Lei 20200211
AVG 未发现病毒 20200217
Cybereason malicious.7fcb5d 20190616
Panda 未发现病毒 20200217
MaxSecure 未发现病毒 20200215

进程树

444444.png, PID: 2712, 上一级进程 PID: 2332
444444.png, PID: 2832, 上一级进程 PID: 2712
dsnzeujd.exe, PID: 2476, 上一级进程 PID: 2712
dsnzeujd.exe, PID: 268, 上一级进程 PID: 2476
explorer.exe, PID: 2732, 上一级进程 PID: 2476
schtasks.exe, PID: 2908, 上一级进程 PID: 2712
dsnzeujd.exe, PID: 3056, 上一级进程 PID: 2732
schtasks.exe, PID: 1120, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 2536, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 2448, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 2144, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 2460, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 2124, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 1368, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 2624, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 2952, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 2200, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 1992, 上一级进程 PID: 2732
dsnzeujd.exe, PID: 1352, 上一级进程 PID: 2732
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49185 104.35.124.47 2078
192.168.122.201 49209 173.61.231.209 443
192.168.122.201 49189 174.34.67.106 2222
192.168.122.201 49191 187.163.101.137 995
192.168.122.201 49192 187.163.101.137 995
192.168.122.201 49205 24.250.199.137 443
192.168.122.201 49181 47.40.244.237 443
192.168.122.201 49182 47.40.244.237 443
192.168.122.201 49183 47.40.244.237 443
192.168.122.201 49176 5.182.39.156 443
192.168.122.201 49177 5.182.39.156 443
192.168.122.201 49203 68.174.15.223 443
192.168.122.201 49188 70.174.3.241 443
192.168.122.201 49169 85.93.88.251 www.ip-adress.com 80
192.168.122.201 49170 85.93.88.251 www.ip-adress.com 443
192.168.122.201 49201 98.118.182.96 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.ip-adress.com A 85.93.89.6
A 85.93.88.251
A 209.126.124.166
A 207.38.89.115
26.178.164.180.in-addr.arpa NXDOMAIN

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49185 104.35.124.47 2078
192.168.122.201 49209 173.61.231.209 443
192.168.122.201 49189 174.34.67.106 2222
192.168.122.201 49191 187.163.101.137 995
192.168.122.201 49192 187.163.101.137 995
192.168.122.201 49205 24.250.199.137 443
192.168.122.201 49181 47.40.244.237 443
192.168.122.201 49182 47.40.244.237 443
192.168.122.201 49183 47.40.244.237 443
192.168.122.201 49176 5.182.39.156 443
192.168.122.201 49177 5.182.39.156 443
192.168.122.201 49203 68.174.15.223 443
192.168.122.201 49188 70.174.3.241 443
192.168.122.201 49169 85.93.88.251 www.ip-adress.com 80
192.168.122.201 49170 85.93.88.251 www.ip-adress.com 443
192.168.122.201 49201 98.118.182.96 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.ip-adress.com/ 
GET / HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.ip-adress.com
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

源地址 目标地址 ICMP类型 数据
108.190.148.31 192.168.122.201 3
108.190.148.31 192.168.122.201 3
108.190.148.31 192.168.122.201 3
180.164.178.26 192.168.122.201 3
180.164.178.26 192.168.122.201 3
180.164.178.26 192.168.122.201 3
180.164.178.26 192.168.122.201 3
180.164.178.26 192.168.122.201 3
180.164.178.26 192.168.122.201 3
192.168.1.1 192.168.122.201 3
192.168.1.1 192.168.122.201 3
70.125.31.243 192.168.122.201 3
70.125.31.243 192.168.122.201 3
70.125.31.243 192.168.122.201 3
79.106.13.119 192.168.122.201 3
79.106.13.119 192.168.122.201 3
79.106.13.119 192.168.122.201 3
86.133.23.248 192.168.122.201 3
86.133.23.248 192.168.122.201 3
86.133.23.248 192.168.122.201 3

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-02-19 05:28:27.318696+0800 192.168.122.201 49176 5.182.39.156 443 TLS 1.2 C=CA, ST=IU, L=Ubeu Htabni, O=Fxsa Fpeososye Qnvi Kua Inc., CN=pqrpeacot.info C=CA, OU=Oadxieb Boeejlbg, CN=pqrpeacot.info e8:64:d4:43:95:bd:d6:88:aa:00:e4:49:71:a7:31:8c:72:fc:80:53
2020-02-19 05:28:18.908300+0800 192.168.122.201 49170 85.93.88.251 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.ip-adress.com 0c:6a:6d:53:10:3f:66:47:97:2f:fd:83:12:c2:f5:ca:db:4c:cb:00
2020-02-19 05:28:36.513900+0800 192.168.122.201 49181 47.40.244.237 443 TLS 1.2 C=PT, ST=TE, L=Ihpe, O=Cataok Grignlwi Toajd Inc., CN=tietioojwg.org C=PT, OU=Tamn, CN=tietioojwg.org cd:4e:c6:bd:14:6f:1c:9e:bb:14:67:c3:09:10:10:89:11:c8:db:69
2020-02-19 05:28:44.632656+0800 192.168.122.201 49185 104.35.124.47 2078 TLS 1.2 C=FR, ST=XE, L=Lsvo, O=Jgcag Igxu Eeno LLC., CN=qymabliyzei.mobi C=FR, OU=Ophvcarf, CN=qymabliyzei.mobi 82:ee:df:b4:0c:12:ae:0c:4c:3f:da:41:11:a2:5f:7d:79:7a:96:d8
2020-02-19 05:28:50.068911+0800 192.168.122.201 49188 70.174.3.241 443 TLS 1.2 C=DE, ST=LE, L=Yqldt, O=Gqukeo Toso Ifueoo LLC., CN=rikbac.mobi C=DE, OU=Jouedsi, CN=rikbac.mobi ea:3b:d2:1c:5f:bb:7d:60:1a:a3:15:9f:73:ea:b0:d6:0c:37:6b:eb
2020-02-19 05:28:52.456466+0800 192.168.122.201 49189 174.34.67.106 2222 TLS 1.2 C=AU, ST=MH, L=Aoi, O=Aiolfcll Atzdrl Inc., CN=soew.us C=AU, OU=Hevogcxp Zwqtem, CN=soew.us b5:e9:b7:af:f6:49:d8:4f:b8:33:02:c1:75:2d:0a:75:c0:76:f2:e3
2020-02-19 05:28:53.119840+0800 192.168.122.201 49191 187.163.101.137 995 TLS 1.2 C=GB, ST=EJ, L=Ioo Rbeihqe, O=Ifopje Opuzs LLC., CN=wbeiqdgu.us C=GB, OU=Tactbrzk Moueqa, CN=wbeiqdgu.us a6:c8:0a:57:34:f4:38:84:e3:9b:b5:68:e6:be:1a:bc:e1:98:61:b3
2020-02-19 05:29:12.639768+0800 192.168.122.201 49201 98.118.182.96 443 TLS 1.2 C=CA, ST=EF, L=Ocsu, O=Ayvy Bqodvo Nfl Mbgiaoce LLC., CN=yeoabtpwq.org C=CA, OU=Gmlogenthf, CN=yeoabtpwq.org 27:4f:5f:f9:ac:2e:c2:35:72:2b:2f:d1:82:85:e9:66:13:f3:a2:37
2020-02-19 05:29:18.887769+0800 192.168.122.201 49203 68.174.15.223 443 TLS 1.2 C=DE, ST=MW, L=Oikimuc Zptueah, O=Tytc Uimsusp Inoel Inc., CN=phowbyekv.us C=DE, OU=Rwoice, CN=phowbyekv.us 58:aa:21:09:b5:a7:e7:7a:2b:ee:61:a7:b9:a2:49:a7:ad:dd:11:cc
2020-02-19 05:29:24.786641+0800 192.168.122.201 49205 24.250.199.137 443 TLS 1.2 C=ES, ST=TW, L=Fcepvpfzl, O=Ebea Adnaflowh Zcwoteai Inc., CN=duonagfh.biz C=ES, OU=Eeutbs, CN=duonagfh.biz 2b:10:e7:37:8a:63:df:ef:9d:8d:d6:0c:12:78:21:03:86:7d:68:3b
2020-02-19 05:29:30.926322+0800 192.168.122.201 49209 173.61.231.209 443 TLS 1.2 C=FR, ST=IT, L=Oiveu Edkvut, O=Ftopky Cudcz Uafcdtq Itgjg, CN=hoxgeeia.biz C=FR, OU=Iehi Icuozbew, CN=hoxgeeia.biz d1:42:9e:2e:1c:f1:fc:47:70:63:e9:09:a4:93:c3:99:cd:f9:8b:33

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 27.429 seconds )

  • 15.654 Suricata
  • 4.045 BehaviorAnalysis
  • 3.252 NetworkAnalysis
  • 1.993 Static
  • 1.365 VirusTotal
  • 0.621 peid
  • 0.429 TargetInfo
  • 0.05 AnalysisInfo
  • 0.016 Strings
  • 0.003 Memory
  • 0.001 config_decoder

Signatures ( 3.941 seconds )

  • 1.943 md_url_bl
  • 0.319 antiav_detectreg
  • 0.225 api_spamming
  • 0.162 stealth_decoy_document
  • 0.111 infostealer_ftp
  • 0.067 antianalysis_detectreg
  • 0.062 kovter_behavior
  • 0.062 infostealer_im
  • 0.056 antiemu_wine_func
  • 0.056 antivm_generic_disk
  • 0.056 virus
  • 0.055 stealth_file
  • 0.051 infostealer_browser_password
  • 0.048 bootkit
  • 0.042 mimics_filetime
  • 0.037 reads_self
  • 0.036 infostealer_mail
  • 0.03 stealth_timeout
  • 0.028 hancitor_behavior
  • 0.026 injection_createremotethread
  • 0.026 md_domain_bl
  • 0.024 antivm_generic_scsi
  • 0.016 antivm_vbox_libs
  • 0.016 process_interest
  • 0.016 kibex_behavior
  • 0.016 antivm_parallels_keys
  • 0.016 antivm_xen_keys
  • 0.016 geodo_banking_trojan
  • 0.016 darkcomet_regkeys
  • 0.014 recon_fingerprint
  • 0.013 vawtrak_behavior
  • 0.012 betabot_behavior
  • 0.012 antiav_detectfile
  • 0.011 antivm_generic_diskreg
  • 0.01 antivm_generic_services
  • 0.009 anormaly_invoke_kills
  • 0.009 antisandbox_productid
  • 0.008 antiav_avast_libs
  • 0.008 antisandbox_sunbelt_libs
  • 0.008 anomaly_persistence_autorun
  • 0.008 exec_crash
  • 0.008 infostealer_bitcoin
  • 0.007 process_needed
  • 0.007 ransomware_files
  • 0.006 antisandbox_sleep
  • 0.006 antisandbox_sboxie_libs
  • 0.006 antiav_bitdefender_libs
  • 0.006 network_http
  • 0.006 ransomware_extensions
  • 0.005 bypass_firewall
  • 0.005 antivm_xen_keys
  • 0.005 antivm_hyperv_keys
  • 0.005 antivm_vbox_acpi
  • 0.005 antivm_vbox_files
  • 0.005 antivm_vbox_keys
  • 0.005 antivm_vmware_keys
  • 0.005 antivm_vpc_keys
  • 0.005 maldun_anormaly_invoke_vb_vba
  • 0.005 packer_armadillo_regkey
  • 0.004 dridex_behavior
  • 0.004 antivm_vmware_libs
  • 0.004 antivm_generic_bios
  • 0.004 antivm_generic_cpu
  • 0.004 antivm_generic_system
  • 0.004 recon_programs
  • 0.003 tinba_behavior
  • 0.003 maldun_anomaly_massive_file_ops
  • 0.003 injection_runpe
  • 0.003 disables_browser_warn
  • 0.003 network_torgateway
  • 0.002 rat_nanocore
  • 0.002 shifu_behavior
  • 0.002 cerber_behavior
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 network_cnc_http
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.001 network_anomaly
  • 0.001 rat_luminosity
  • 0.001 clickfraud_cookies
  • 0.001 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.001 injection_explorer
  • 0.001 sets_autoconfig_url
  • 0.001 stealth_network
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 chimera_behavior
  • 0.001 ispy_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_vmware_files
  • 0.001 antiemu_wine_reg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 rat_pcclient
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.36 seconds )

  • 0.907 ReportHTMLSummary
  • 0.453 Malheur
Task ID 513041
Mongo ID 5e4c577f2f8f2e0df86c6fc4
Cuckoo release 1.4-Maldun