分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2020-04-08 20:44:40 | 2020-04-08 20:46:46 | 126 秒 |
文件名 | mir.exe |
---|---|
文件大小 | 155136 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 8c94cc081cdb526531997c64d1289e99 |
SHA1 | a1e4cf06b9d00b4a4910b4b754f07856432a4e69 |
SHA256 | 7efe2742331e3a079427defa5ba50fa93065c5d8697b0c56c5061ba3efa9e590 |
SHA512 | 3db91a5a3646131af60db31a43ebaf7e6f8a6fd2c6c81e1de0815801f9655ef1144a11918940b40aabb55d2ccfaa33b5315ce9a8bf6bdbed918640b877c0117f |
CRC32 | 83037713 |
Ssdeep | 3072:Mhb//xQMZDq/qh9B3pU3FsUdS8WOjym6FHXiZRVMYj1Dkg:MZ/xQMZeaf3WeOS873OcMYj1Dkg |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
stat.fei163.com | A 114.55.147.224 | |
down.fei163.com | 未知 | A 47.114.169.177 |
down.ttwz07.com | 未知 | A 47.114.164.183 |
sf.ttwz07.com | 未知 | |
www.baidu.com |
CNAME www.a.shifen.com A 180.101.49.11 A 180.101.49.12 |
|
m.baidu.com |
CNAME wap.n.shifen.com A 180.101.49.19 A 180.101.49.20 |
|
dss1.bdstatic.com |
CNAME sslbaiduv6.jomodns.com A 180.163.198.33 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0040a3b6 |
声明校验值 | 0x00000000 |
实际校验值 | 0x0002aacc |
最低操作系统版本要求 | 6.0 |
PDB路径 | D:\DownLoader\DownDll\Release\downloader.pdb |
编译时间 | 2020-03-26 20:19:43 |
载入哈希 | b46d492553bdb08f6266b5d2cdbf89c4 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x0001a8bb | 0x0001aa00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.65 |
.rdata | 0x0001c000 | 0x000077a4 | 0x00007800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.93 |
.data | 0x00024000 | 0x00003700 | 0x00001a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.07 |
.rsrc | 0x00028000 | 0x00000288 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.85 |
.reloc | 0x00029000 | 0x00001860 | 0x00001a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.41 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x00028060 | 0x00000224 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.04 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49176 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49201 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49204 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49211 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49220 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49221 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49203 | 173.208.160.45 | 88 |
192.168.122.201 | 49219 | 173.208.160.45 | 666 |
192.168.122.201 | 49222 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49223 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49224 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49225 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49173 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49175 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49177 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49178 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49179 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49180 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49181 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49182 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49183 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49184 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49185 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49186 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49187 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49188 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49189 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49190 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49191 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49192 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49193 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49194 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49162 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49163 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49164 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49165 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49166 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49167 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49168 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49171 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49172 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49200 | 63.141.246.178 | 80 |
192.168.122.201 | 49202 | 63.141.246.178 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49157 | 192.168.122.1 | 53 |
192.168.122.201 | 50112 | 192.168.122.1 | 53 |
192.168.122.201 | 51384 | 192.168.122.1 | 53 |
192.168.122.201 | 51466 | 192.168.122.1 | 53 |
192.168.122.201 | 51896 | 192.168.122.1 | 53 |
192.168.122.201 | 58646 | 192.168.122.1 | 53 |
192.168.122.201 | 59968 | 192.168.122.1 | 53 |
192.168.122.201 | 62882 | 192.168.122.1 | 53 |
192.168.122.201 | 63974 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
stat.fei163.com | A 114.55.147.224 | |
down.fei163.com | 未知 | A 47.114.169.177 |
down.ttwz07.com | 未知 | A 47.114.164.183 |
sf.ttwz07.com | 未知 | |
www.baidu.com |
CNAME www.a.shifen.com A 180.101.49.11 A 180.101.49.12 |
|
m.baidu.com |
CNAME wap.n.shifen.com A 180.101.49.19 A 180.101.49.20 |
|
dss1.bdstatic.com |
CNAME sslbaiduv6.jomodns.com A 180.163.198.33 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49176 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49201 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49204 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49211 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49220 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49221 | 114.55.147.224 stat.fei163.com | 680 |
192.168.122.201 | 49203 | 173.208.160.45 | 88 |
192.168.122.201 | 49219 | 173.208.160.45 | 666 |
192.168.122.201 | 49222 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49223 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49224 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49225 | 180.101.49.11 www.baidu.com | 443 |
192.168.122.201 | 49173 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49175 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49177 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49178 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49179 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49180 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49181 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49182 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49183 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49184 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49185 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49186 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49187 | 47.114.164.183 down.ttwz07.com | 88 |
192.168.122.201 | 49188 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49189 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49190 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49191 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49192 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49193 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49194 | 47.114.164.183 down.ttwz07.com | 447 |
192.168.122.201 | 49162 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49163 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49164 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49165 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49166 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49167 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49168 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49171 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49172 | 47.114.169.177 down.fei163.com | 88 |
192.168.122.201 | 49200 | 63.141.246.178 | 80 |
192.168.122.201 | 49202 | 63.141.246.178 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49157 | 192.168.122.1 | 53 |
192.168.122.201 | 50112 | 192.168.122.1 | 53 |
192.168.122.201 | 51384 | 192.168.122.1 | 53 |
192.168.122.201 | 51466 | 192.168.122.1 | 53 |
192.168.122.201 | 51896 | 192.168.122.1 | 53 |
192.168.122.201 | 58646 | 192.168.122.1 | 53 |
192.168.122.201 | 59968 | 192.168.122.1 | 53 |
192.168.122.201 | 62882 | 192.168.122.1 | 53 |
192.168.122.201 | 63974 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://stat.fei163.com:680/http://stat.fei163.com:680/api/index/index?status=1&shop_id=101308&mac=52540064DCC0&client_name=TEST-PC&product_id=0 | GET http://stat.fei163.com:680/api/index/index?status=1&shop_id=101308&mac=52540064DCC0&client_name=TEST-PC&product_id=0 HTTP/1.1 HOST: stat.fei163.com Connection: Close |
URL专业沙箱检测 -> http://down.fei163.com:88/http://down.fei163.com:88/downservers.aspx?ShopId=101308 | GET http://down.fei163.com:88/downservers.aspx?ShopId=101308 HTTP/1.1 HOST: down.fei163.com Connection: Close |
URL专业沙箱检测 -> http://down.fei163.com:88/http://down.fei163.com:88/GetProDownConfig.aspx?ShopId=101308 | GET http://down.fei163.com:88/GetProDownConfig.aspx?ShopId=101308 HTTP/1.1 HOST: down.fei163.com Connection: Close |
URL专业沙箱检测 -> http://down.fei163.com:88/http://down.fei163.com:88/proxy/101308/51/config.txt | GET http://down.fei163.com:88/proxy/101308/51/config.txt HTTP/1.1 HOST: down.fei163.com Connection: Close |
URL专业沙箱检测 -> http://down.fei163.com:88/http://down.fei163.com:88/proxy/101308/51/ExtensionDll.dll | GET http://down.fei163.com:88/proxy/101308/51/ExtensionDll.dll HTTP/1.1 HOST: down.fei163.com Connection: Close |
URL专业沙箱检测 -> http://down.fei163.com:88/http://down.fei163.com:88/proxy/101308/51/SuoLock.exe | GET http://down.fei163.com:88/proxy/101308/51/SuoLock.exe HTTP/1.1 HOST: down.fei163.com Connection: Close |
URL专业沙箱检测 -> http://down.fei163.com:88/http://down.fei163.com:88/proxy/101308/52/x86.dll | GET http://down.fei163.com:88/proxy/101308/52/x86.dll HTTP/1.1 HOST: down.fei163.com Connection: Close |
URL专业沙箱检测 -> http://down.fei163.com:88/http://down.fei163.com:88/proxy/101072/88/svchnots.exe | GET http://down.fei163.com:88/proxy/101072/88/svchnots.exe HTTP/1.1 HOST: down.fei163.com Connection: Close |
URL专业沙箱检测 -> http://47.114.164.183:88/http://47.114.164.183:88/zs.der | GET http://47.114.164.183:88/zs.der HTTP/1.1 HOST: 47.114.164.183 Connection: Close |
URL专业沙箱检测 -> http://47.114.164.183:88/proxy.pac | GET /proxy.pac HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: 47.114.164.183:88 |
URL专业沙箱检测 -> http://stat.fei163.com:680/http://stat.fei163.com:680/api/index/index?status=1&shop_id=101308&mac=52540064DCC0&client_name=test-PC&product_id=51 | GET http://stat.fei163.com:680/api/index/index?status=1&shop_id=101308&mac=52540064DCC0&client_name=test-PC&product_id=51 HTTP/1.1 HOST: stat.fei163.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/360/content-script.js | GET http://down.ttwz07.com:88/cq/101308/360/content-script.js HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/xiaobai/content-script.js | GET http://down.ttwz07.com:88/cq/101308/xiaobai/content-script.js HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/google/content-script.js | GET http://down.ttwz07.com:88/cq/101308/google/content-script.js HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/360/manifest.txt | GET http://down.ttwz07.com:88/cq/101308/360/manifest.txt HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/360/Preferences.txt | GET http://down.ttwz07.com:88/cq/101308/360/Preferences.txt HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/google/manifest.txt | GET http://down.ttwz07.com:88/cq/101308/google/manifest.txt HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/google/Preferences.txt | GET http://down.ttwz07.com:88/cq/101308/google/Preferences.txt HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://sf.ttwz07.com:447/http://sf.ttwz07.com:447/path360.txt | GET http://sf.ttwz07.com:447/path360.txt HTTP/1.1 HOST: sf.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/xiaobai/manifest.txt | GET http://down.ttwz07.com:88/cq/101308/xiaobai/manifest.txt HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/xiaobai/Preferences.txt | GET http://down.ttwz07.com:88/cq/101308/xiaobai/Preferences.txt HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://down.ttwz07.com:88/http://down.ttwz07.com:88/cq/101308/xiaobai/paths.txt | GET http://down.ttwz07.com:88/cq/101308/xiaobai/paths.txt HTTP/1.1 HOST: down.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://sf.ttwz07.com:447/http://sf.ttwz07.com:447/SiFuUrlList/zhaosf.txt | GET http://sf.ttwz07.com:447/SiFuUrlList/zhaosf.txt HTTP/1.1 HOST: sf.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://sf.ttwz07.com:447/http://sf.ttwz07.com:447/SiFuUrlList/haosf.txt | GET http://sf.ttwz07.com:447/SiFuUrlList/haosf.txt HTTP/1.1 HOST: sf.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://sf.ttwz07.com:447/http://sf.ttwz07.com:447/SiFuUrlList/sf945.txt | GET http://sf.ttwz07.com:447/SiFuUrlList/sf945.txt HTTP/1.1 HOST: sf.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://sf.ttwz07.com:447/http://sf.ttwz07.com:447/SiFuUrlList/qusf.txt | GET http://sf.ttwz07.com:447/SiFuUrlList/qusf.txt HTTP/1.1 HOST: sf.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://sf.ttwz07.com:447/http://sf.ttwz07.com:447/SiFuUrlList/sf33.txt | GET http://sf.ttwz07.com:447/SiFuUrlList/sf33.txt HTTP/1.1 HOST: sf.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://sf.ttwz07.com:447/http://sf.ttwz07.com:447/SiFuUrlList/sf999.txt | GET http://sf.ttwz07.com:447/SiFuUrlList/sf999.txt HTTP/1.1 HOST: sf.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://sf.ttwz07.com:447/http://sf.ttwz07.com:447/SiFuUrlList/rand.txt | GET http://sf.ttwz07.com:447/SiFuUrlList/rand.txt HTTP/1.1 HOST: sf.ttwz07.com Connection: Close |
URL专业沙箱检测 -> http://stat.fei163.com:680/api/index/index?status=1&shop_id=101298&mac=52:54:00:64:DC:C0&client_name=test-PC&product_id=53 | GET /api/index/index?status=1&shop_id=101298&mac=52:54:00:64:DC:C0&client_name=test-PC&product_id=53 HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://stat.fei163.com:680/api/index/index?status=1&shop_id=101298&mac=52:54:00:64:DC:C0&client_name=test-PC&product_id=53 User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: stat.fei163.com:680 |
URL专业沙箱检测 -> http://63.141.246.178/101298/Ver.txt | POST /101298/Ver.txt HTTP/1.1 Accept: */* Referer: http://63.141.246.178/101298/Ver.txt Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 63.141.246.178 Content-Length: 0 Cache-Control: no-cache |
URL专业沙箱检测 -> http://63.141.246.178/101298/Good.jpg | GET /101298/Good.jpg HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://63.141.246.178/101298/Good.jpg User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 63.141.246.178 |
URL专业沙箱检测 -> http://173.208.160.45:88/tongji.php?userid=101298&mac=52:54:00:64:DC:C0 | GET /tongji.php?userid=101298&mac=52:54:00:64:DC:C0 HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://173.208.160.45:88/tongji.php?userid=101298&mac=52:54:00:64:DC:C0 User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 173.208.160.45:88 |
URL专业沙箱检测 -> http://63.141.246.178/101298/better.jpg | GET /101298/better.jpg HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://63.141.246.178/101298/better.jpg User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 63.141.246.178 |
URL专业沙箱检测 -> http://63.141.246.178/101298/best.jpg | GET /101298/best.jpg HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://63.141.246.178/101298/best.jpg User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 63.141.246.178 |
URL专业沙箱检测 -> http://173.208.160.45:666/Ver.php | POST /Ver.php HTTP/1.1 Accept: */* Referer: http://173.208.160.45:666/Ver.php Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 173.208.160.45:666 Content-Length: 0 Cache-Control: no-cache |
URL专业沙箱检测 -> http://stat.fei163.com:680/api/index/index?status=0&shop_id=101298&mac=52:54:00:64:DC:C0&client_name=test-PC&product_id=53 | GET /api/index/index?status=0&shop_id=101298&mac=52:54:00:64:DC:C0&client_name=test-PC&product_id=53 HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://stat.fei163.com:680/api/index/index?status=0&shop_id=101298&mac=52:54:00:64:DC:C0&client_name=test-PC&product_id=53 User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: stat.fei163.com:680 |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2020-04-08 20:45:08.555961+0800 | 47.114.169.177 | 88 | 192.168.122.201 | 49167 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2020-04-08 20:45:09.131802+0800 | 47.114.169.177 | 88 | 192.168.122.201 | 49168 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2020-04-08 20:45:09.594622+0800 | 47.114.169.177 | 88 | 192.168.122.201 | 49171 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2020-04-08 20:45:11.124597+0800 | 47.114.169.177 | 88 | 192.168.122.201 | 49172 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2020-04-08 20:45:25.492074+0800 | 63.141.246.178 | 80 | 192.168.122.201 | 49202 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
2020-04-08 20:46:19.297784+0800 | 47.114.164.183 | 88 | 192.168.122.201 | 49175 | TCP | 2014435 | ET TROJAN Infostealer.Banprox Proxy.pac Download | A Network Trojan was detected |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-04-08 20:45:59.407872+0800 | 192.168.122.201 | 49222 | 180.101.49.11 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | d1:f6:32:3d:b6:f2:ec:81:e7:02:36:90:f4:9b:2d:91:e0:c3:99:3a |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 535187 |
---|---|
Mongo ID | 5e8dc7f1bb7d5727dd78b824 |
Cuckoo release | 1.4-Maldun |