比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-05-20 14:53:00 2020-05-20 14:55:25 145 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 QQ空间相册助手V4.exe
文件大小 638976 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 415feb94f5fbd0172c8ddf978bb42c69
SHA1 719f352993d627cf8235c1ff800c931ccd125374
SHA256 5c9bbaf856f9d8934f2c55d8a4aa59529cf894abfd19acf39e09574ecbfab605
SHA512 9c65ef38d9032e294bdaf091c72eeed8ce2dc9f8332d7bbf2c4975469fe0bd253ea8bf2cde954e52697eb47e6fac1b5aeb5ea42032df99418039de5fbeddbc35
CRC32 1D6C0293
Ssdeep 12288:EvbYotCM/nV80ggD21qcs66phwGMMgBMMhN:EhtCM/nV80+sLphwGMMgBMMD
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
xui.ptlogin2.qq.com 未知 CNAME xui.ptlogin2.tencent-cloud.com
A 101.89.38.48
imgcache.qq.com 未知 A 122.246.6.51
A 111.177.1.109
A 124.225.105.110
CNAME luna-imgcache.qq.com.tcdn.qq.com
CNAME 6927.sched.ssdv6.tdnsv6.com
A 182.247.229.228
A 59.63.237.93
A 118.112.11.101
A 122.228.0.223
A 58.49.157.229
A 114.106.160.70
A 113.96.156.217
A 222.186.49.51
A 113.142.52.246
A 113.96.83.67
A 58.49.224.31
A 118.180.30.209
tajs.qq.com 未知 A 14.215.138.25
ty.captcha.qq.com 未知 A 101.226.233.193
qq-web.cdn-go.cn 未知 A 180.153.105.227
CNAME x2sv6.tcdn.qq.com
CNAME any.cdn-go.cn.cloud.tc.qq.com
localhost.sec.qq.com 未知 A 127.0.0.1
localhost.ptlogin2.qq.com 未知
ui.ptlogin2.qq.com 未知
ssl.captcha.qq.com 未知 A 61.129.7.74
ssl.ptlogin2.qq.com 未知 A 61.129.7.39
CNAME ssl.ptlogin2.tencent-cloud.com
A 109.244.153.16
captcha.gtimg.com 未知 A 180.153.100.249
CNAME ssdv6mid.tcdn.qq.com
A 58.216.107.91
A 115.231.229.8
CNAME ssdv6.tcdn.qq.com
CNAME captcha.gtimg.com.cloud.tc.qq.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00445438
声明校验值 0x00000000
实际校验值 0x000abc54
最低操作系统版本要求 4.0
编译时间 2017-10-20 13:58:02
载入哈希 a0bcd3b6af1135d54ba41a887284a4f5

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00062ccc 0x00063000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.38
.rdata 0x00064000 0x0000a476 0x0000b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.68
.data 0x0006f000 0x00025908 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.64
.rsrc 0x00095000 0x00016f78 0x00017000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.31

导入

库: KERNEL32.dll:
0x4640dc GetLocaleInfoW
0x4640e0 LocalSize
0x4640e4 IsBadCodePtr
0x4640e8 EnumSystemLocalesA
0x4640ec GetLocaleInfoA
0x4640f0 IsValidCodePage
0x4640f4 IsValidLocale
0x4640f8 GetStringTypeW
0x4640fc GetStringTypeA
0x464104 IsBadWritePtr
0x464108 VirtualAlloc
0x46410c LCMapStringW
0x464110 VirtualFree
0x464114 HeapCreate
0x464118 HeapDestroy
0x46411c GetVersionExA
0x464124 GetStdHandle
0x464128 SetHandleCount
0x464140 GetFileType
0x464144 SetStdHandle
0x464148 HeapSize
0x46414c GetACP
0x464154 ExitThread
0x464158 CreateThread
0x46415c TerminateProcess
0x464160 CompareStringA
0x464164 CompareStringW
0x46416c InterlockedExchange
0x464170 WideCharToMultiByte
0x464174 ExitProcess
0x464178 HeapReAlloc
0x46417c IsBadReadPtr
0x464180 GetUserDefaultLCID
0x464184 GetModuleFileNameA
0x464188 CreateDirectoryA
0x46418c GetTickCount
0x464190 CloseHandle
0x464194 WriteFile
0x464198 CreateFileA
0x46419c LCMapStringA
0x4641a0 LoadLibraryA
0x4641a4 GetProcAddress
0x4641a8 HeapAlloc
0x4641ac HeapFree
0x4641b0 GetProcessHeap
0x4641b4 MultiByteToWideChar
0x4641b8 MulDiv
0x4641bc GlobalUnlock
0x4641c0 RtlMoveMemory
0x4641c4 RaiseException
0x4641c8 RtlUnwind
0x4641cc GetStartupInfoA
0x4641d0 GetOEMCP
0x4641d4 FreeLibrary
0x4641d8 GetCommandLineA
0x4641dc GetCPInfo
0x4641e0 GetFileTime
0x4641e4 GetFileSize
0x4641e8 GetFileAttributesA
0x4641ec SetErrorMode
0x4641f0 GetProcessVersion
0x4641f4 FindResourceA
0x4641f8 LoadResource
0x4641fc LockResource
0x464200 GetVersion
0x464204 GlobalGetAtomNameA
0x464208 GlobalAddAtomA
0x46420c GlobalFindAtomA
0x464210 SetLastError
0x464214 lstrcatA
0x46421c GlobalFlags
0x464220 TlsGetValue
0x464224 LocalReAlloc
0x464228 TlsSetValue
0x46422c GlobalReAlloc
0x464230 TlsFree
0x464234 GlobalHandle
0x464238 TlsAlloc
0x46423c GlobalFree
0x464240 GlobalLock
0x464244 GlobalAlloc
0x464248 GetModuleHandleA
0x464254 lstrcmpA
0x464258 GetCurrentThreadId
0x46425c GetCurrentThread
0x464260 Sleep
0x464264 DuplicateHandle
0x464268 GetCurrentProcess
0x46426c lstrlenW
0x464270 lstrlenA
0x464274 lstrcpynA
0x464278 lstrcmpiA
0x46427c GlobalDeleteAtom
0x464280 WaitForSingleObject
0x464284 SetEvent
0x464288 ResumeThread
0x46428c SetThreadPriority
0x464290 SuspendThread
0x464294 CreateEventA
0x4642a0 GetLastError
0x4642a8 lstrcpyA
0x4642ac LocalAlloc
0x4642b0 LocalFree
0x4642c0 ReadFile
0x4642c4 SetFilePointer
0x4642c8 FlushFileBuffers
0x4642cc LockFile
0x4642d0 UnlockFile
0x4642d4 SetEndOfFile
0x4642d8 FindClose
0x4642dc FindFirstFileA
0x4642e4 GetFullPathNameA
库: USER32.dll:
0x464374 SetMenuItemInfoA
0x464378 CheckMenuItem
0x46437c RemoveMenu
0x464380 MenuItemFromPoint
0x464384 GetMenuDefaultItem
0x464388 GetMenuInfo
0x46438c GetMenuState
0x464390 GetMenuItemRect
0x464394 GetMenuItemInfoA
0x464398 GetMenuStringA
0x46439c TrackPopupMenu
0x4643a0 SetForegroundWindow
0x4643a4 CheckMenuRadioItem
0x4643a8 GetMenuItemID
0x4643ac GetSubMenu
0x4643b0 SetMenuInfo
0x4643b4 InsertMenuA
0x4643b8 GetMenuItemCount
0x4643bc AppendMenuA
0x4643c0 DestroyMenu
0x4643c4 LoadMenuA
0x4643c8 GetSystemMenu
0x4643cc CreatePopupMenu
0x4643d0 CreateMenu
0x4643d4 RegisterClassExA
0x4643d8 SetActiveWindow
0x4643e4 GetLastActivePopup
0x4643e8 SetWindowsHookExA
0x4643ec CallNextHookEx
0x4643f0 GetKeyState
0x4643f4 GetActiveWindow
0x4643f8 GetNextDlgTabItem
0x4643fc EnableMenuItem
0x464400 ModifyMenuA
0x464404 LoadBitmapA
0x464410 CharUpperA
0x464414 PtInRect
0x464418 GetDlgCtrlID
0x46441c GetWindow
0x464420 ClientToScreen
0x464424 UnhookWindowsHookEx
0x464428 TabbedTextOutA
0x46442c DrawTextA
0x464430 GrayStringA
0x464434 SendDlgItemMessageA
0x464438 SetMenuItemBitmaps
0x46443c GetForegroundWindow
0x464440 GetMessagePos
0x464444 GetMessageTime
0x464448 RegisterClassA
0x46444c GetClassInfoA
0x464450 WinHelpA
0x464454 GetCapture
0x464458 GetTopWindow
0x46445c CopyRect
0x464460 AdjustWindowRectEx
0x464464 MapWindowPoints
0x464468 GetSysColorBrush
0x46446c LoadStringA
0x464470 UnregisterClassA
0x464474 PostThreadMessageA
0x464478 EndDialog
0x46447c UnregisterHotKey
0x464480 RegisterHotKey
0x464488 DrawMenuBar
0x46448c SetMenu
0x464490 GetMenu
0x464494 GetSystemMetrics
0x464498 IsZoomed
0x46449c IsIconic
0x4644a0 GetSysColor
0x4644a4 FillRect
0x4644a8 SetClassLongA
0x4644ac GetClassLongA
0x4644b0 SetRect
0x4644b4 SetWindowRgn
0x4644b8 RemovePropA
0x4644bc GetPropA
0x4644c0 SetPropA
0x4644c4 MessageBoxA
0x4644c8 SetWindowTextA
0x4644cc GetWindowTextA
0x4644d4 EnableWindow
0x4644d8 IsWindowEnabled
0x4644dc ShowWindow
0x4644e0 IsWindowVisible
0x4644e4 SetParent
0x4644e8 PostMessageA
0x4644ec SetWindowPos
0x4644f0 MoveWindow
0x4644f4 UpdateWindow
0x4644f8 ValidateRect
0x4644fc InvalidateRect
0x464500 ScreenToClient
0x464504 GetWindowRect
0x464508 SetFocus
0x46450c GetClassNameA
0x464510 GetDlgItem
0x464514 GetWindowLongA
0x464518 CreateWindowExA
0x46451c DestroyCursor
0x464520 SetWindowLongA
0x464524 DestroyIcon
0x464528 TrackMouseEvent
0x46452c SetCursor
0x464530 LoadCursorA
0x464534 DefMDIChildProcA
0x464538 ReleaseCapture
0x46453c SetCapture
0x464540 DefWindowProcA
0x464544 DestroyWindow
0x464548 GetClientRect
0x46454c GetAsyncKeyState
0x464550 CallWindowProcA
0x464554 EndPaint
0x464558 BeginPaint
0x46455c PostQuitMessage
0x464560 ReleaseDC
0x464564 GetDC
0x464568 SetMenuDefaultItem
0x46456c DrawIcon
0x464570 DrawIconEx
0x464574 GetIconInfo
0x464578 wsprintfA
0x46457c CloseClipboard
0x464580 SetClipboardData
0x464584 EmptyClipboard
0x464588 CopyIcon
0x46458c CopyImage
0x464590 LoadIconA
0x464594 IsWindow
0x464598 DispatchMessageA
0x46459c TranslateMessage
0x4645a0 IsDialogMessageA
0x4645a8 SendMessageA
0x4645ac GetParent
0x4645b0 IsChild
0x4645b4 GetFocus
0x4645b8 OpenClipboard
0x4645bc GetCursorPos
0x4645c4 GetMessageA
0x4645c8 PeekMessageA
0x4645cc GetWindowPlacement
库: GDI32.dll:
0x46404c SetBkMode
0x464050 SetTextColor
0x464054 SetBkColor
0x464058 CreatePatternBrush
0x46405c CreateSolidBrush
0x464060 StretchBlt
0x464064 SetStretchBltMode
0x464068 CreateRoundRectRgn
0x46406c CombineRgn
0x464070 ExtCreateRegion
0x464074 BitBlt
0x464078 SelectObject
0x46407c DeleteDC
0x464080 CreateDIBSection
0x464084 CreateCompatibleDC
0x464088 Escape
0x46408c ExtTextOutA
0x464090 TextOutA
0x464094 RectVisible
0x464098 PtVisible
0x46409c GetClipBox
0x4640a0 ScaleWindowExtEx
0x4640a4 SetWindowExtEx
0x4640a8 ScaleViewportExtEx
0x4640ac SetViewportExtEx
0x4640b0 OffsetViewportOrgEx
0x4640b4 SetViewportOrgEx
0x4640b8 SetMapMode
0x4640bc RestoreDC
0x4640c0 SaveDC
0x4640c4 CreateBitmap
0x4640c8 GetObjectA
0x4640cc GetStockObject
0x4640d0 DeleteObject
0x4640d4 GetDeviceCaps
库: ADVAPI32.dll:
0x464000 CryptGetHashParam
0x464004 CryptDestroyHash
0x464008 CryptHashData
0x46400c CryptReleaseContext
0x464010 CryptCreateHash
0x464018 RegCloseKey
0x46401c RegCreateKeyExA
0x464020 RegOpenKeyExA
0x464024 RegSetValueExA
库: SHELL32.dll:
0x464350 ShellExecuteA
0x464354 DragFinish
0x464358 Shell_NotifyIconA
0x46435c DragAcceptFiles
0x464360 DragQueryFileA
库: COMCTL32.dll:
0x464044 None
库: ole32.dll:
0x46461c CoCreateInstance
0x464620 CLSIDFromProgID
0x464628 CLSIDFromString
0x46462c OleRun
0x464630 OleInitialize
0x464634 OleUninitialize
0x464640 OleFlushClipboard
0x464644 CoRevokeClassObject
库: OLEAUT32.dll:
0x4642f4 VarR8FromCy
0x4642f8 VarR8FromBool
0x4642fc LoadTypeLib
0x464300 LHashValOfNameSys
0x464304 RegisterTypeLib
0x464308 SafeArrayCreate
0x46430c SysFreeString
0x464310 VariantChangeType
0x464314 VariantInit
0x46431c SafeArrayAllocData
0x464320 SafeArrayDestroy
0x464324 VariantCopy
0x464328 SysAllocString
0x46432c VariantClear
0x464330 SafeArrayGetDim
0x464334 SafeArrayGetLBound
0x464338 SafeArrayGetUBound
0x46433c SafeArrayAccessData
0x464348 OleLoadPicture
库: SHLWAPI.dll:
0x464368 PathFileExistsA
0x46436c StrToIntExW
库: ATL.DLL:
0x46402c None
0x464030 None
0x464034 None
0x464038 None
库: MSIMG32.dll:
0x4642ec AlphaBlend
库: oledlg.dll:
0x46464c None
库: comdlg32.dll:
0x464610 GetFileTitleA
库: WINSPOOL.DRV:
0x464600 OpenPrinterA
0x464604 DocumentPropertiesA
0x464608 ClosePrinter
库: WININET.dll:
0x4645d4 HttpOpenRequestA
0x4645dc InternetCrackUrlA
0x4645e0 InternetCloseHandle
0x4645e4 InternetReadFile
0x4645e8 HttpQueryInfoA
0x4645ec HttpSendRequestA
0x4645f0 InternetConnectA
0x4645f4 InternetOpenA
0x4645f8 InternetSetOptionA
.text
`.rdata
@.data
.rsrc
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20171115
MicroWorld-eScan Gen:Variant.Graftor.350970 20171116
nProtect 未发现病毒 20171116
CMC 未发现病毒 20171109
CAT-QuickHeal 未发现病毒 20171115
McAfee 未发现病毒 20171116
Cylance Unsafe 20171116
VIPRE 未发现病毒 20171116
TheHacker 未发现病毒 20171112
K7GW 未发现病毒 20171116
K7AntiVirus 未发现病毒 20171116
Arcabit Trojan.Graftor.D55AFA 20171116
Invincea 未发现病毒 20170914
Baidu 未发现病毒 20171116
F-Prot 未发现病毒 20171116
Symantec 未发现病毒 20171115
ESET-NOD32 a variant of Win32/Packed.BlackMoon.A potentially unwanted 20171116
TrendMicro-HouseCall 未发现病毒 20171116
Paloalto 未发现病毒 20171116
ClamAV 未发现病毒 20171115
Kaspersky 未发现病毒 20171116
BitDefender Gen:Variant.Graftor.350970 20171116
NANO-Antivirus 未发现病毒 20171116
ViRobot 未发现病毒 20171116
SUPERAntiSpyware 未发现病毒 20171116
Avast 未发现病毒 20171116
Tencent 未发现病毒 20171116
Ad-Aware Gen:Variant.Graftor.350970 20171116
Emsisoft Gen:Variant.Graftor.350970 (B) 20171116
Comodo 未发现病毒 20171116
F-Secure Gen:Variant.Graftor.350970 20171116
DrWeb 未发现病毒 20171116
Zillya 未发现病毒 20171115
TrendMicro 未发现病毒 20171116
McAfee-GW-Edition 未发现病毒 20171116
Sophos 未发现病毒 20171116
SentinelOne static engine - malicious 20171113
Cyren 未发现病毒 20171116
Jiangmin 未发现病毒 20171115
Webroot 未发现病毒 20171116
Avira 未发现病毒 20171115
Antiy-AVL 未发现病毒 20171116
Kingsoft 未发现病毒 20171116
Microsoft 未发现病毒 20171116
Endgame malicious (high confidence) 20171024
AegisLab 未发现病毒 20171116
ZoneAlarm 未发现病毒 20171116
Avast-Mobile 未发现病毒 20171115
GData Win32.Trojan.Agent.WP 20171116
AhnLab-V3 未发现病毒 20171115
ALYac Gen:Variant.Graftor.350970 20171116
AVware 未发现病毒 20171116
MAX malware (ai score=82) 20171116
VBA32 未发现病毒 20171115
Malwarebytes 未发现病毒 20171116
WhiteArmor Malware.HighConfidence 20171104
Zoner 未发现病毒 20171116
Rising Trojan.Injector!1.A1C3 (CLASSIC) 20171116
Yandex 未发现病毒 20171116
Ikarus 未发现病毒 20171115
eGambit 未发现病毒 20171116
Fortinet 未发现病毒 20171116
AVG 未发现病毒 20171116
Cybereason malicious.1b8fb7 20171103
Panda Trj/Genetic.gen 20171115
CrowdStrike malicious_confidence_80% (D) 20171016
Qihoo-360 未发现病毒 20171116

进程树

QQ__________________V4.exe, PID: 2704, 上一级进程 PID: 2340
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49441 101.226.233.193 ty.captcha.qq.com 443
192.168.122.201 49161 101.89.38.48 xui.ptlogin2.qq.com 80
192.168.122.201 49162 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49446 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49453 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49454 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49457 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49458 109.244.153.16 ssl.ptlogin2.qq.com 443
192.168.122.201 49461 109.244.153.16 ssl.ptlogin2.qq.com 443
192.168.122.201 49442 111.177.1.109 imgcache.qq.com 443
192.168.122.201 49443 111.177.1.109 imgcache.qq.com 443
192.168.122.201 49460 122.228.0.223 imgcache.qq.com 443
192.168.122.201 49163 14.215.138.25 tajs.qq.com 443
192.168.122.201 49444 180.153.105.227 qq-web.cdn-go.cn 443
192.168.122.201 49440 192.168.122.1 53
192.168.122.201 49455 61.129.7.74 ssl.captcha.qq.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 49749 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 60905 192.168.122.1 53
192.168.122.201 62594 192.168.122.1 53
192.168.122.201 63681 192.168.122.1 53
192.168.122.201 64155 192.168.122.1 53
192.168.122.201 64725 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49441 101.226.233.193 ty.captcha.qq.com 443
192.168.122.201 49161 101.89.38.48 xui.ptlogin2.qq.com 80
192.168.122.201 49162 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49446 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49453 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49454 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49457 101.89.38.48 xui.ptlogin2.qq.com 443
192.168.122.201 49458 109.244.153.16 ssl.ptlogin2.qq.com 443
192.168.122.201 49461 109.244.153.16 ssl.ptlogin2.qq.com 443
192.168.122.201 49442 111.177.1.109 imgcache.qq.com 443
192.168.122.201 49443 111.177.1.109 imgcache.qq.com 443
192.168.122.201 49460 122.228.0.223 imgcache.qq.com 443
192.168.122.201 49163 14.215.138.25 tajs.qq.com 443
192.168.122.201 49444 180.153.105.227 qq-web.cdn-go.cn 443
192.168.122.201 49440 192.168.122.1 53
192.168.122.201 49455 61.129.7.74 ssl.captcha.qq.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 49749 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 60905 192.168.122.1 53
192.168.122.201 62594 192.168.122.1 53
192.168.122.201 63681 192.168.122.1 53
192.168.122.201 64155 192.168.122.1 53
192.168.122.201 64725 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http%3A//qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http%3A%2F%2Fqzs.qq.com%2Fqzone%2Fv5%2Floginsucc.html%3Fpara%3Dizone&pt_qr_app=\xca\xd6\xbb\xfaQQ\xbf\xd5\xbc\xe4&pt_qr_link=http%3A//z.qzone.com/download.html&self_regurl=http%3A//qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http%3A//z.qzone.com/download.html 
GET /cgi-bin/xlogin?proxy_url=http%3A//qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http%3A%2F%2Fqzs.qq.com%2Fqzone%2Fv5%2Floginsucc.html%3Fpara%3Dizone&pt_qr_app=\xca\xd6\xbb\xfaQQ\xbf\xd5\xbc\xe4&pt_qr_link=http%3A//z.qzone.com/download.html&self_regurl=http%3A//qzs.qq.com/qzone/v6/reg/index.html&pt_qr_help_link=http%3A//z.qzone.com/download.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: xui.ptlogin2.qq.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-05-20 14:53:40.458927+0800 192.168.122.201 49162 101.89.38.48 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=xui.ptlogin2.qq.com c2:27:24:8c:cf:b1:26:bf:f7:44:70:7a:c1:08:d1:b8:fb:1c:db:60
2020-05-20 14:53:42.507756+0800 192.168.122.201 49443 111.177.1.109 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.weixin.qq.com f4:06:3a:d0:48:87:3c:4d:73:36:2d:2f:0e:f8:78:89:4f:71:67:a6
2020-05-20 14:53:42.463824+0800 192.168.122.201 49442 111.177.1.109 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.weixin.qq.com f4:06:3a:d0:48:87:3c:4d:73:36:2d:2f:0e:f8:78:89:4f:71:67:a6
2020-05-20 14:53:47.821695+0800 192.168.122.201 49446 101.89.38.48 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=xui.ptlogin2.qq.com c2:27:24:8c:cf:b1:26:bf:f7:44:70:7a:c1:08:d1:b8:fb:1c:db:60
2020-05-20 14:53:52.994528+0800 192.168.122.201 49453 101.89.38.48 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=xui.ptlogin2.qq.com c2:27:24:8c:cf:b1:26:bf:f7:44:70:7a:c1:08:d1:b8:fb:1c:db:60
2020-05-20 14:53:47.503799+0800 192.168.122.201 49444 180.153.105.227 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=*.cdn-go.cn 83:4c:f5:19:f8:9c:bd:a5:85:d8:1a:b0:9f:d8:fc:e8:15:90:f8:d1
2020-05-20 14:53:53.068945+0800 192.168.122.201 49455 61.129.7.74 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=*.captcha.qq.com 17:a3:04:83:d2:84:6b:00:ef:93:bd:02:c6:a9:01:f5:75:5a:97:65
2020-05-20 14:53:42.414116+0800 192.168.122.201 49163 14.215.138.25 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=pingfore.qq.com bb:5d:15:8d:96:fc:77:01:90:f0:de:f8:7d:9d:fb:60:82:56:85:11
2020-05-20 14:53:53.996318+0800 192.168.122.201 49457 101.89.38.48 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=xui.ptlogin2.qq.com c2:27:24:8c:cf:b1:26:bf:f7:44:70:7a:c1:08:d1:b8:fb:1c:db:60
2020-05-20 14:53:53.017866+0800 192.168.122.201 49454 101.89.38.48 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=xui.ptlogin2.qq.com c2:27:24:8c:cf:b1:26:bf:f7:44:70:7a:c1:08:d1:b8:fb:1c:db:60
2020-05-20 14:53:54.017611+0800 192.168.122.201 49458 109.244.153.16 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=ssl.ptlogin2.qq.com 14:1f:99:75:a0:d6:ed:6a:81:3b:cd:b8:38:3a:ae:8c:8c:0b:8c:80
2020-05-20 14:53:43.019443+0800 192.168.122.201 49441 101.226.233.193 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=*.captcha.qq.com 17:a3:04:83:d2:84:6b:00:ef:93:bd:02:c6:a9:01:f5:75:5a:97:65
2020-05-20 14:53:54.144118+0800 192.168.122.201 49460 122.228.0.223 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong, L=Shenzhen, O=Tencent Technology (Shenzhen) Company Limited, OU=R&D, CN=*.gtimg.com 6b:e6:38:25:95:bd:ac:83:82:83:ee:34:bd:7e:bc:91:36:19:3c:4b

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 37.059 seconds )

  • 15.59 Suricata
  • 12.024 NetworkAnalysis
  • 3.301 Static
  • 2.712 VirusTotal
  • 2.328 BehaviorAnalysis
  • 0.472 TargetInfo
  • 0.428 peid
  • 0.181 AnalysisInfo
  • 0.018 Strings
  • 0.003 Memory
  • 0.002 config_decoder

Signatures ( 20.281 seconds )

  • 17.347 network_http
  • 1.836 md_url_bl
  • 0.159 antiav_detectreg
  • 0.105 api_spamming
  • 0.087 stealth_timeout
  • 0.084 stealth_decoy_document
  • 0.059 md_domain_bl
  • 0.058 infostealer_ftp
  • 0.034 antianalysis_detectreg
  • 0.033 infostealer_im
  • 0.025 antivm_generic_scsi
  • 0.02 dridex_behavior
  • 0.02 stealth_file
  • 0.02 heapspray_js
  • 0.019 antivm_generic_services
  • 0.019 infostealer_mail
  • 0.017 anormaly_invoke_kills
  • 0.014 stealth_network
  • 0.013 virtualcheck_js
  • 0.013 antiav_detectfile
  • 0.01 geodo_banking_trojan
  • 0.009 mimics_filetime
  • 0.009 infostealer_bitcoin
  • 0.008 bootkit
  • 0.008 reads_self
  • 0.008 anomaly_persistence_autorun
  • 0.008 kibex_behavior
  • 0.008 antivm_parallels_keys
  • 0.008 antivm_xen_keys
  • 0.008 ransomware_extensions
  • 0.008 ransomware_files
  • 0.007 betabot_behavior
  • 0.007 darkcomet_regkeys
  • 0.006 hawkeye_behavior
  • 0.006 clickfraud_cookies
  • 0.006 antivm_generic_disk
  • 0.006 dead_connect
  • 0.006 virus
  • 0.006 network_torgateway
  • 0.005 infostealer_browser_password
  • 0.005 kovter_behavior
  • 0.005 antivm_generic_diskreg
  • 0.005 antivm_vbox_files
  • 0.005 recon_fingerprint
  • 0.004 antiemu_wine_func
  • 0.004 antivm_vbox_libs
  • 0.004 kazybot_behavior
  • 0.004 java_js
  • 0.004 antidbg_windows
  • 0.004 silverlight_js
  • 0.003 tinba_behavior
  • 0.003 infostealer_browser
  • 0.003 js_phish
  • 0.003 antisandbox_productid
  • 0.003 disables_browser_warn
  • 0.003 packer_armadillo_regkey
  • 0.002 internet_dropper
  • 0.002 rat_nanocore
  • 0.002 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.002 network_anomaly
  • 0.002 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.002 kelihos_behavior
  • 0.002 sets_autoconfig_url
  • 0.002 ipc_namedpipe
  • 0.002 shifu_behavior
  • 0.002 exec_crash
  • 0.002 cerber_behavior
  • 0.002 hancitor_behavior
  • 0.002 securityxploded_modules
  • 0.002 bypass_firewall
  • 0.002 antidbg_devices
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 maldun_anomaly_invoke_vb_vba
  • 0.002 md_bad_drop
  • 0.002 network_cnc_http
  • 0.001 sundown_js
  • 0.001 network_tor
  • 0.001 browser_scanbox
  • 0.001 antiav_avast_libs
  • 0.001 disables_spdy
  • 0.001 office_dl_write_exe
  • 0.001 antivm_vmware_libs
  • 0.001 maldun_anomaly_massive_file_ops
  • 0.001 injection_createremotethread
  • 0.001 ransomware_message
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 network_execute_http
  • 0.001 antiav_bitdefender_libs
  • 0.001 ispy_behavior
  • 0.001 disables_wfp
  • 0.001 js_suspicious_redirect
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_network_blacklist
  • 0.001 office_security
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.327 seconds )

  • 0.947 ReportHTMLSummary
  • 0.38 Malheur
Task ID 546738
Mongo ID 5ec4d4b62f8f2e315ef7073d
Cuckoo release 1.4-Maldun