分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2020-02-19 05:27:21 | 2020-02-19 05:29:40 | 139 秒 |
文件名 | 444444.png |
---|---|
文件大小 | 401408 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 4bb84bd2a61f674b6fdc6a711572ebed |
SHA1 | d9481237fcb5d28cd1d61b74d895dfd9bec2bcdc |
SHA256 | ff9c9f32a64be793de04de2486b1e6fc74d6c500c293b2544776ff64114ce774 |
SHA512 | a35ccd58d0ba859ef91678d0b74155d095be9274adfefb52ac51c6104167a50d735bc4de21961284c66b2b08dc74d6a79182349c175d183c6f33664bf1e2d870 |
CRC32 | 9C6F88E2 |
Ssdeep | 6144:5N/T1A/l3oTDULRdJiJkUcyveV5MK61KsTHdpgzbOj3b:5M6TDULPWkUGM9VLdOerb |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
www.ip-adress.com |
A 85.93.89.6 A 85.93.88.251 A 209.126.124.166 A 207.38.89.115 |
|
26.178.164.180.in-addr.arpa | NXDOMAIN |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0043e0e4 |
声明校验值 | 0x00000000 |
实际校验值 | 0x00068dd2 |
最低操作系统版本要求 | 5.0 |
编译时间 | 2020-02-18 06:51:13 |
载入哈希 | 40d487a6cbee19efb7da9f163c5bc2a1 |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
PrivateBuild | |
LegalTrademarks | |
Comments | |
ProductName | |
SpecialBuild | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00044f03 | 0x00045000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.95 |
.rdata | 0x00046000 | 0x000024a0 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.39 |
.data | 0x00049000 | 0x00005c83 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.45 |
DATA | 0x0004f000 | 0x00000c0a | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.37 |
.rsrc | 0x00050000 | 0x00014c5c | 0x00015000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.95 |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20200217 |
MicroWorld-eScan | 未发现病毒 | 20200217 |
CMC | 未发现病毒 | 20190321 |
CAT-QuickHeal | 未发现病毒 | 20200217 |
Qihoo-360 | HEUR/QVM41.1.5693.Malware.Gen | 20200218 |
McAfee | GenericRXJH-SG!4BB84BD2A61F | 20200217 |
Zillya | 未发现病毒 | 20200217 |
Sangfor | 未发现病毒 | 20200212 |
CrowdStrike | win/malicious_confidence_90% (D) | 20190702 |
Alibaba | 未发现病毒 | 20190527 |
K7GW | Hacktool ( 700007861 ) | 20200217 |
K7AntiVirus | 未发现病毒 | 20200217 |
Invincea | heuristic | 20191211 |
Baidu | 未发现病毒 | 20190318 |
F-Prot | 未发现病毒 | 20200217 |
Symantec | ML.Attribute.HighConfidence | 20200217 |
ESET-NOD32 | 未发现病毒 | 20200217 |
APEX | Malicious | 20200216 |
Paloalto | 未发现病毒 | 20200218 |
ClamAV | 未发现病毒 | 20200216 |
Kaspersky | 未发现病毒 | 20200217 |
BitDefender | 未发现病毒 | 20200217 |
NANO-Antivirus | 未发现病毒 | 20200217 |
ViRobot | 未发现病毒 | 20200217 |
SUPERAntiSpyware | 未发现病毒 | 20200214 |
Avast | 未发现病毒 | 20200217 |
Tencent | 未发现病毒 | 20200218 |
Endgame | malicious (high confidence) | 20200131 |
Sophos | 未发现病毒 | 20200217 |
Comodo | 未发现病毒 | 20200217 |
F-Secure | 未发现病毒 | 20200217 |
DrWeb | 未发现病毒 | 20200217 |
VIPRE | 未发现病毒 | 20200217 |
TrendMicro | 未发现病毒 | 20200217 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.fc | 20200217 |
Trapmine | malicious.high.ml.score | 20200123 |
FireEye | Generic.mg.4bb84bd2a61f674b | 20200217 |
Emsisoft | 未发现病毒 | 20200217 |
SentinelOne | DFI - Malicious PE | 20191218 |
Cyren | 未发现病毒 | 20200217 |
Jiangmin | 未发现病毒 | 20200217 |
Webroot | W32.Trojan.Gen | 20200218 |
Avira | 未发现病毒 | 20200217 |
Fortinet | 未发现病毒 | 20200217 |
Antiy-AVL | 未发现病毒 | 20200217 |
Kingsoft | 未发现病毒 | 20200218 |
Arcabit | 未发现病毒 | 20200217 |
AegisLab | Trojan.Win32.Zbot.m2M2 | 20200217 |
ZoneAlarm | 未发现病毒 | 20200217 |
Avast-Mobile | 未发现病毒 | 20200213 |
Microsoft | Trojan:Win32/Wacatac.C!ml | 20200217 |
TACHYON | 未发现病毒 | 20200217 |
AhnLab-V3 | 未发现病毒 | 20200217 |
Acronis | suspicious | 20200217 |
VBA32 | 未发现病毒 | 20200217 |
ALYac | 未发现病毒 | 20200217 |
MAX | 未发现病毒 | 20200218 |
Ad-Aware | 未发现病毒 | 20200217 |
Zoner | 未发现病毒 | 20200217 |
TrendMicro-HouseCall | 未发现病毒 | 20200217 |
Rising | Malware.Heuristic!ET#96% (RDMK:cmRtazr4WTahFgI0V4jVFgN3zghy) | 20200217 |
Yandex | 未发现病毒 | 20200217 |
Ikarus | 未发现病毒 | 20200217 |
eGambit | 未发现病毒 | 20200218 |
GData | 未发现病毒 | 20200217 |
BitDefenderTheta | Gen:NN.ZexaF.34090.yu0@a400!Lei | 20200211 |
AVG | 未发现病毒 | 20200217 |
Cybereason | malicious.7fcb5d | 20190616 |
Panda | 未发现病毒 | 20200217 |
MaxSecure | 未发现病毒 | 20200215 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49185 | 104.35.124.47 | 2078 |
192.168.122.201 | 49209 | 173.61.231.209 | 443 |
192.168.122.201 | 49189 | 174.34.67.106 | 2222 |
192.168.122.201 | 49191 | 187.163.101.137 | 995 |
192.168.122.201 | 49192 | 187.163.101.137 | 995 |
192.168.122.201 | 49205 | 24.250.199.137 | 443 |
192.168.122.201 | 49181 | 47.40.244.237 | 443 |
192.168.122.201 | 49182 | 47.40.244.237 | 443 |
192.168.122.201 | 49183 | 47.40.244.237 | 443 |
192.168.122.201 | 49176 | 5.182.39.156 | 443 |
192.168.122.201 | 49177 | 5.182.39.156 | 443 |
192.168.122.201 | 49203 | 68.174.15.223 | 443 |
192.168.122.201 | 49188 | 70.174.3.241 | 443 |
192.168.122.201 | 49169 | 85.93.88.251 www.ip-adress.com | 80 |
192.168.122.201 | 49170 | 85.93.88.251 www.ip-adress.com | 443 |
192.168.122.201 | 49201 | 98.118.182.96 | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
www.ip-adress.com |
A 85.93.89.6 A 85.93.88.251 A 209.126.124.166 A 207.38.89.115 |
|
26.178.164.180.in-addr.arpa | NXDOMAIN |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49185 | 104.35.124.47 | 2078 |
192.168.122.201 | 49209 | 173.61.231.209 | 443 |
192.168.122.201 | 49189 | 174.34.67.106 | 2222 |
192.168.122.201 | 49191 | 187.163.101.137 | 995 |
192.168.122.201 | 49192 | 187.163.101.137 | 995 |
192.168.122.201 | 49205 | 24.250.199.137 | 443 |
192.168.122.201 | 49181 | 47.40.244.237 | 443 |
192.168.122.201 | 49182 | 47.40.244.237 | 443 |
192.168.122.201 | 49183 | 47.40.244.237 | 443 |
192.168.122.201 | 49176 | 5.182.39.156 | 443 |
192.168.122.201 | 49177 | 5.182.39.156 | 443 |
192.168.122.201 | 49203 | 68.174.15.223 | 443 |
192.168.122.201 | 49188 | 70.174.3.241 | 443 |
192.168.122.201 | 49169 | 85.93.88.251 www.ip-adress.com | 80 |
192.168.122.201 | 49170 | 85.93.88.251 www.ip-adress.com | 443 |
192.168.122.201 | 49201 | 98.118.182.96 | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://www.ip-adress.com/ | GET / HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.ip-adress.com Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
源地址 | 目标地址 | ICMP类型 | 数据 |
---|---|---|---|
108.190.148.31 | 192.168.122.201 | 3 | |
108.190.148.31 | 192.168.122.201 | 3 | |
108.190.148.31 | 192.168.122.201 | 3 | |
180.164.178.26 | 192.168.122.201 | 3 | |
180.164.178.26 | 192.168.122.201 | 3 | |
180.164.178.26 | 192.168.122.201 | 3 | |
180.164.178.26 | 192.168.122.201 | 3 | |
180.164.178.26 | 192.168.122.201 | 3 | |
180.164.178.26 | 192.168.122.201 | 3 | |
192.168.1.1 | 192.168.122.201 | 3 | |
192.168.1.1 | 192.168.122.201 | 3 | |
70.125.31.243 | 192.168.122.201 | 3 | |
70.125.31.243 | 192.168.122.201 | 3 | |
70.125.31.243 | 192.168.122.201 | 3 | |
79.106.13.119 | 192.168.122.201 | 3 | |
79.106.13.119 | 192.168.122.201 | 3 | |
79.106.13.119 | 192.168.122.201 | 3 | |
86.133.23.248 | 192.168.122.201 | 3 | |
86.133.23.248 | 192.168.122.201 | 3 | |
86.133.23.248 | 192.168.122.201 | 3 |
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-02-19 05:28:27.318696+0800 | 192.168.122.201 | 49176 | 5.182.39.156 | 443 | TLS 1.2 | C=CA, ST=IU, L=Ubeu Htabni, O=Fxsa Fpeososye Qnvi Kua Inc., CN=pqrpeacot.info | C=CA, OU=Oadxieb Boeejlbg, CN=pqrpeacot.info | e8:64:d4:43:95:bd:d6:88:aa:00:e4:49:71:a7:31:8c:72:fc:80:53 |
2020-02-19 05:28:18.908300+0800 | 192.168.122.201 | 49170 | 85.93.88.251 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA | OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.ip-adress.com | 0c:6a:6d:53:10:3f:66:47:97:2f:fd:83:12:c2:f5:ca:db:4c:cb:00 |
2020-02-19 05:28:36.513900+0800 | 192.168.122.201 | 49181 | 47.40.244.237 | 443 | TLS 1.2 | C=PT, ST=TE, L=Ihpe, O=Cataok Grignlwi Toajd Inc., CN=tietioojwg.org | C=PT, OU=Tamn, CN=tietioojwg.org | cd:4e:c6:bd:14:6f:1c:9e:bb:14:67:c3:09:10:10:89:11:c8:db:69 |
2020-02-19 05:28:44.632656+0800 | 192.168.122.201 | 49185 | 104.35.124.47 | 2078 | TLS 1.2 | C=FR, ST=XE, L=Lsvo, O=Jgcag Igxu Eeno LLC., CN=qymabliyzei.mobi | C=FR, OU=Ophvcarf, CN=qymabliyzei.mobi | 82:ee:df:b4:0c:12:ae:0c:4c:3f:da:41:11:a2:5f:7d:79:7a:96:d8 |
2020-02-19 05:28:50.068911+0800 | 192.168.122.201 | 49188 | 70.174.3.241 | 443 | TLS 1.2 | C=DE, ST=LE, L=Yqldt, O=Gqukeo Toso Ifueoo LLC., CN=rikbac.mobi | C=DE, OU=Jouedsi, CN=rikbac.mobi | ea:3b:d2:1c:5f:bb:7d:60:1a:a3:15:9f:73:ea:b0:d6:0c:37:6b:eb |
2020-02-19 05:28:52.456466+0800 | 192.168.122.201 | 49189 | 174.34.67.106 | 2222 | TLS 1.2 | C=AU, ST=MH, L=Aoi, O=Aiolfcll Atzdrl Inc., CN=soew.us | C=AU, OU=Hevogcxp Zwqtem, CN=soew.us | b5:e9:b7:af:f6:49:d8:4f:b8:33:02:c1:75:2d:0a:75:c0:76:f2:e3 |
2020-02-19 05:28:53.119840+0800 | 192.168.122.201 | 49191 | 187.163.101.137 | 995 | TLS 1.2 | C=GB, ST=EJ, L=Ioo Rbeihqe, O=Ifopje Opuzs LLC., CN=wbeiqdgu.us | C=GB, OU=Tactbrzk Moueqa, CN=wbeiqdgu.us | a6:c8:0a:57:34:f4:38:84:e3:9b:b5:68:e6:be:1a:bc:e1:98:61:b3 |
2020-02-19 05:29:12.639768+0800 | 192.168.122.201 | 49201 | 98.118.182.96 | 443 | TLS 1.2 | C=CA, ST=EF, L=Ocsu, O=Ayvy Bqodvo Nfl Mbgiaoce LLC., CN=yeoabtpwq.org | C=CA, OU=Gmlogenthf, CN=yeoabtpwq.org | 27:4f:5f:f9:ac:2e:c2:35:72:2b:2f:d1:82:85:e9:66:13:f3:a2:37 |
2020-02-19 05:29:18.887769+0800 | 192.168.122.201 | 49203 | 68.174.15.223 | 443 | TLS 1.2 | C=DE, ST=MW, L=Oikimuc Zptueah, O=Tytc Uimsusp Inoel Inc., CN=phowbyekv.us | C=DE, OU=Rwoice, CN=phowbyekv.us | 58:aa:21:09:b5:a7:e7:7a:2b:ee:61:a7:b9:a2:49:a7:ad:dd:11:cc |
2020-02-19 05:29:24.786641+0800 | 192.168.122.201 | 49205 | 24.250.199.137 | 443 | TLS 1.2 | C=ES, ST=TW, L=Fcepvpfzl, O=Ebea Adnaflowh Zcwoteai Inc., CN=duonagfh.biz | C=ES, OU=Eeutbs, CN=duonagfh.biz | 2b:10:e7:37:8a:63:df:ef:9d:8d:d6:0c:12:78:21:03:86:7d:68:3b |
2020-02-19 05:29:30.926322+0800 | 192.168.122.201 | 49209 | 173.61.231.209 | 443 | TLS 1.2 | C=FR, ST=IT, L=Oiveu Edkvut, O=Ftopky Cudcz Uafcdtq Itgjg, CN=hoxgeeia.biz | C=FR, OU=Iehi Icuozbew, CN=hoxgeeia.biz | d1:42:9e:2e:1c:f1:fc:47:70:63:e9:09:a4:93:c3:99:cd:f9:8b:33 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 513041 |
---|---|
Mongo ID | 5e4c577f2f8f2e0df86c6fc4 |
Cuckoo release | 1.4-Maldun |