分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2020-04-08 19:41:18 | 2020-04-08 19:43:32 | 134 秒 |
文件名 | Finder.exe |
---|---|
文件大小 | 3966976 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5 | 77bde3a6392ea0d7b1ce5cf90a54d07d |
SHA1 | 74f02b3e956bd585c823a64d367fa0df7a3e9737 |
SHA256 | 9cb758ba8ceeb376eb3b4e2d5909f306e57fa97b250a52783921c396d6b31046 |
SHA512 | b0693483e00f9db7c0dbff2fd858c5cb3629f8b3a5dbfae8370ec9181603d59f8113038f134e4b87d8235b1d17cf6bd49ccb316b16708e1a2803b05bda0aec4b |
CRC32 | 4597CE70 |
Ssdeep | 98304:mIISvokg7C3ixc344VlSlmcMQX9ORQavwmaWfy:mI7vRge3imI4DSllMiA |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
ip.cn | 未知 |
A 198.41.214.99 A 104.16.25.99 A 198.41.215.99 |
www.baidu.com |
CNAME www.a.shifen.com A 180.101.49.11 A 180.101.49.12 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0112f7e0 |
声明校验值 | 0x003c9cd6 |
实际校验值 | 0x003c9cd6 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2019-10-13 13:48:10 |
载入哈希 | 39377f0114f24d341cca951a328a8f25 |
图标 | |
图标精确哈希值 | 81550947a9310ecb92f62a64fc4911da |
图标相似性哈希值 | 3545091877939d64324c0a70928d72e4 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
[u'UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser'] |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x00994000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
UPX1 | 0x00995000 | 0x0039b000 | 0x0039aa00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.93 |
.rsrc | 0x00d30000 | 0x0002e000 | 0x0002da00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.34 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x00cfd6a8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.97 | data |
TEXTINCLUDE | 0x00cfd6a8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.97 | data |
TEXTINCLUDE | 0x00cfd6a8 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.97 | data |
RT_CURSOR | 0x00cfdb98 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.60 | data |
RT_CURSOR | 0x00cfdb98 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.60 | data |
RT_CURSOR | 0x00cfdb98 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.60 | data |
RT_CURSOR | 0x00cfdb98 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.60 | data |
RT_BITMAP | 0x00cfdc4c | 0x0000016c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.06 | data |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x00d5c8ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.32 | GLS_BINARY_LSB_FIRST |
RT_DIALOG | 0x00d2a9d4 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.85 | data |
RT_DIALOG | 0x00d2a9d4 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.85 | data |
RT_DIALOG | 0x00d2a9d4 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.85 | data |
RT_GROUP_CURSOR | 0x00d2aae0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.68 | data |
RT_GROUP_CURSOR | 0x00d2aae0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.68 | data |
RT_GROUP_CURSOR | 0x00d2aae0 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.68 | data |
RT_GROUP_ICON | 0x00d5cd18 | 0x00000084 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.07 | MS Windows icon resource - 9 icons, 256x256 |
RT_VERSION | 0x00d5cda0 | 0x000002b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.20 | data |
RT_MANIFEST | 0x00d5d058 | 0x00000607 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.05 | XML 1.0 document, ASCII text, with CRLF line terminators |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20191228 |
DrWeb | 未发现病毒 | 20191229 |
MicroWorld-eScan | 未发现病毒 | 20191229 |
CMC | 未发现病毒 | 20190321 |
CAT-QuickHeal | Trojan.Wacatac | 20191229 |
McAfee | Artemis!77BDE3A6392E | 20191229 |
Cylance | Unsafe | 20191229 |
Zillya | 未发现病毒 | 20191228 |
Sangfor | 未发现病毒 | 20191224 |
K7AntiVirus | Adware ( 005070c51 ) | 20191229 |
BitDefender | 未发现病毒 | 20191229 |
K7GW | Adware ( 005070c51 ) | 20191229 |
Cybereason | malicious.e956bd | 20190616 |
TrendMicro | 未发现病毒 | 20191229 |
BitDefenderTheta | Gen:NN.ZexaF.33558.YpKfaCxIy2ob | 20191223 |
F-Prot | W32/Trojan.CLL.gen!Eldorado | 20191229 |
Symantec | Trojan Horse | 20191220 |
ESET-NOD32 | a variant of Win32/Packed.BlackMoon.A potentially unwanted | 20191229 |
APEX | 未发现病毒 | 20191228 |
Paloalto | generic.ml | 20191229 |
ClamAV | 未发现病毒 | 20191229 |
GData | 未发现病毒 | 20191229 |
Kaspersky | 未发现病毒 | 20191229 |
Alibaba | 未发现病毒 | 20190527 |
NANO-Antivirus | 未发现病毒 | 20191229 |
ViRobot | 未发现病毒 | 20191229 |
SUPERAntiSpyware | 未发现病毒 | 20191227 |
Rising | Trojan.Kryptik!1.B3E8 (TFE:5:fpZJMZROweE) | 20191229 |
Ad-Aware | 未发现病毒 | 20191229 |
Emsisoft | 未发现病毒 | 20191229 |
Comodo | Malware@#1iyufsdw0rmbv | 20191229 |
F-Secure | 未发现病毒 | 20191229 |
Baidu | 未发现病毒 | 20190318 |
VIPRE | 未发现病毒 | 20191229 |
Invincea | heuristic | 20191211 |
McAfee-GW-Edition | BehavesLike.Win32.Flyagent.wc | 20191229 |
Trapmine | 未发现病毒 | 20191216 |
FireEye | 未发现病毒 | 20191229 |
Sophos | Generic PUA HE (PUA) | 20191229 |
SentinelOne | DFI - Malicious PE | 20191218 |
Cyren | W32/Trojan.CLL.gen!Eldorado | 20191229 |
Jiangmin | 未发现病毒 | 20191229 |
MaxSecure | 未发现病毒 | 20191228 |
Avira | 未发现病毒 | 20191229 |
MAX | 未发现病毒 | 20191229 |
Antiy-AVL | GrayWare/Win32.FlyStudio.a | 20191229 |
Kingsoft | 未发现病毒 | 20191229 |
Endgame | malicious (moderate confidence) | 20190918 |
Arcabit | 未发现病毒 | 20191229 |
AegisLab | 未发现病毒 | 20191220 |
ZoneAlarm | 未发现病毒 | 20191229 |
Avast-Mobile | 未发现病毒 | 20191219 |
Microsoft | Trojan:Win32/Tiggre!rfn | 20191229 |
AhnLab-V3 | 未发现病毒 | 20191229 |
Acronis | 未发现病毒 | 20191224 |
VBA32 | BScope.Trojan.Tiggre | 20191227 |
ALYac | 未发现病毒 | 20191229 |
TACHYON | 未发现病毒 | 20191229 |
Malwarebytes | 未发现病毒 | 20191229 |
Panda | 未发现病毒 | 20191229 |
Zoner | 未发现病毒 | 20191229 |
TrendMicro-HouseCall | 未发现病毒 | 20191229 |
Tencent | 未发现病毒 | 20191229 |
Yandex | 未发现病毒 | 20191229 |
Ikarus | Trojan-PSW.QQpass | 20191229 |
eGambit | 未发现病毒 | 20191229 |
Fortinet | W32/Agent.65CA!tr | 20191229 |
Webroot | 未发现病毒 | 20191229 |
AVG | Win32:Malware-gen | 20191229 |
Avast | Win32:Malware-gen | 20191229 |
CrowdStrike | win/malicious_confidence_70% (W) | 20190702 |
Qihoo-360 | 未发现病毒 | 20191229 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49162 | 180.101.49.11 www.baidu.com | 80 |
192.168.122.201 | 49163 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49161 | 198.41.214.99 ip.cn | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59968 | 192.168.122.1 | 53 |
192.168.122.201 | 62882 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
ip.cn | 未知 |
A 198.41.214.99 A 104.16.25.99 A 198.41.215.99 |
www.baidu.com |
CNAME www.a.shifen.com A 180.101.49.11 A 180.101.49.12 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49162 | 180.101.49.11 www.baidu.com | 80 |
192.168.122.201 | 49163 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49161 | 198.41.214.99 ip.cn | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 59968 | 192.168.122.1 | 53 |
192.168.122.201 | 62882 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://www.baidu.com/ | GET / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: www.baidu.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-04-08 19:41:42.785106+0800 | 192.168.122.201 | 49163 | 180.101.49.11 | 443 | TLSv1 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | d1:f6:32:3d:b6:f2:ec:81:e7:02:36:90:f4:9b:2d:91:e0:c3:99:3a |
2020-04-08 19:41:43.023167+0800 | 192.168.122.201 | 49161 | 198.41.214.99 | 443 | TLSv1 | C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc RSA CA-1 | C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com | 34:49:4e:02:90:4d:9e:69:3d:11:88:5b:fb:07:8c:aa:1f:50:d6:cb |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 535171 |
---|---|
Mongo ID | 5e8db912bb7d5727dc78b7f2 |
Cuckoo release | 1.4-Maldun |