比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-05-26 17:26:22 2020-05-26 17:28:49 147 秒

魔盾分数

10.0

Malicious病毒

文件详细信息

文件名 PandaOCR_2.56.zip ==> PandaOCR.exe
文件大小 2907136 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 02b7bafe2d522fd2ab7dc9222644f974
SHA1 491be0f46eaa9b7f869af152b2e34b6bdf5d9a8e
SHA256 f343a9c425228a71fb88ae80d102294ee9894368beacb35b448f8956aab5f6fd
SHA512 564464bacafee38571206e17d30b47bf0c8a893517c3ccc6fa228ee9516baf1a315259d3c9e1f6ead77858166e335ba4abcde60178a3e585eee7d4b0b60f57ee
CRC32 8132E0A0
Ssdeep 49152:V/xaRtA0XhB4rHArPdE9MTDdYFMfCClPJM76jRIqysfWbRG:VkblXDUgrF4mDd83ClPJMcMsuY
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
dev.voicecloud.cn A 58.67.223.138
www.51.la CNAME f7e5541e3e16f351.huaweisafedns.com
A 183.131.207.66
aip.baidubce.com CNAME aip-developer.n.shifen.com
A 180.97.104.231
web.51.la CNAME 4bcd71f4bd40beff.huaweisafedns.com
ia.51.la CNAME d2cb5ad7002c4066.huaweisafedns.com

摘要

登录查看详细行为信息
没有信息显示.
XvO:[8Un
Qa9&`5T
$3@Pg
W=%6rXl
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20200521
MicroWorld-eScan 未发现病毒 20200521
FireEye Generic.mg.02b7bafe2d522fd2 20200508
McAfee Artemis!02B7BAFE2D52 20200521
Malwarebytes 未发现病毒 20200521
VIPRE 未发现病毒 20200521
Sangfor Malware 20200423
K7AntiVirus 未发现病毒 20200521
BitDefender 未发现病毒 20200521
K7GW 未发现病毒 20200521
CrowdStrike win/malicious_confidence_80% (D) 20190702
TrendMicro 未发现病毒 20200521
Baidu 未发现病毒 20190318
Cyren 未发现病毒 20200521
Symantec ML.Attribute.HighConfidence 20200521
TotalDefense 未发现病毒 20200521
APEX Malicious 20200519
Avast 未发现病毒 20200521
ClamAV 未发现病毒 20200520
Kaspersky HEUR:Trojan.Win32.Generic 20200521
Alibaba 未发现病毒 20190527
NANO-Antivirus 未发现病毒 20200521
ViRobot 未发现病毒 20200521
AegisLab 未发现病毒 20200521
Rising Trojan.Generic!8.C3 (CLOUD) 20200521
Endgame malicious (moderate confidence) 20200512
Sophos 未发现病毒 20200521
Comodo Packed.Win32.MUPX.Gen@24tbus 20200521
F-Secure 未发现病毒 20200521
DrWeb 未发现病毒 20200521
Zillya 未发现病毒 20200520
Invincea heuristic 20200502
McAfee-GW-Edition BehavesLike.Win32.Backdoor.vc 20200521
Trapmine 未发现病毒 20200505
CMC 未发现病毒 20190321
Emsisoft 未发现病毒 20200521
Ikarus 未发现病毒 20200520
F-Prot 未发现病毒 20200521
Jiangmin Trojan.Generic.molm 20200521
Webroot 未发现病毒 20200521
Avira 未发现病毒 20200521
eGambit Unsafe.AI_Score_99% 20200521
MAX 未发现病毒 20200521
Antiy-AVL GrayWare/Win32.FlyStudio.a 20200521
Kingsoft 未发现病毒 20200521
Microsoft Trojan:Win32/Wacatac.C!ml 20200521
Arcabit 未发现病毒 20200521
SUPERAntiSpyware 未发现病毒 20200519
ZoneAlarm HEUR:Trojan.Win32.Generic 20200521
Avast-Mobile 未发现病毒 20200521
GData 未发现病毒 20200521
AhnLab-V3 未发现病毒 20200520
Acronis 未发现病毒 20200515
BitDefenderTheta Gen:NN.ZexaF.34110.XoGfaSdlYIlb 20200514
ALYac 未发现病毒 20200521
TACHYON 未发现病毒 20200521
VBA32 未发现病毒 20200520
Cylance Unsafe 20200521
Panda 未发现病毒 20200520
Zoner 未发现病毒 20200521
ESET-NOD32 a variant of Win32/Packed.FlyStudio.AA potentially unwanted 20200521
TrendMicro-HouseCall 未发现病毒 20200521
Tencent 未发现病毒 20200521
Yandex 未发现病毒 20200520
SentinelOne DFI - Malicious PE 20200513
MaxSecure Trojan.Malware.300983.susgen 20200520
Fortinet W32/QQWare.A!tr 20200521
Ad-Aware 未发现病毒 20200521
AVG 未发现病毒 20200521
Cybereason malicious.46eaa9 20190616
Paloalto 未发现病毒 20200521
Qihoo-360 未发现病毒 20200521

进程树

cmd.exe, PID: 2740, 上一级进程 PID: 2332
PandaOCR.exe, PID: 2828, 上一级进程 PID: 2740
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 180.97.104.231 aip.baidubce.com 443
192.168.122.201 49162 183.131.207.66 www.51.la 443
192.168.122.201 49164 183.131.207.66 www.51.la 443
192.168.122.201 49165 183.131.207.66 www.51.la 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
dev.voicecloud.cn A 58.67.223.138
www.51.la CNAME f7e5541e3e16f351.huaweisafedns.com
A 183.131.207.66
aip.baidubce.com CNAME aip-developer.n.shifen.com
A 180.97.104.231
web.51.la CNAME 4bcd71f4bd40beff.huaweisafedns.com
ia.51.la CNAME d2cb5ad7002c4066.huaweisafedns.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 180.97.104.231 aip.baidubce.com 443
192.168.122.201 49162 183.131.207.66 www.51.la 443
192.168.122.201 49164 183.131.207.66 www.51.la 443
192.168.122.201 49165 183.131.207.66 www.51.la 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://ia.51.la/go1?id=19882305&pvFlag=1 
GET /go1?id=19882305&pvFlag=1 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
Referer: https://www.51.la/#Ver=2.56#PandaOCR.exe
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: ia.51.la

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-05-26 17:27:07.353392+0800 192.168.122.201 49162 183.131.207.66 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2 OU=Domain Control Validated, CN=*.51.la bb:a6:24:fb:6b:8b:28:5d:23:f0:58:68:31:ca:49:b2:e2:c3:4a:45
2020-05-26 17:27:07.238150+0800 192.168.122.201 49163 180.97.104.231 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-05-26 17:27:08.147170+0800 192.168.122.201 49164 183.131.207.66 443 TLSv1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2 OU=Domain Control Validated, CN=*.51.la bb:a6:24:fb:6b:8b:28:5d:23:f0:58:68:31:ca:49:b2:e2:c3:4a:45

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 PandaOCR.exe
相关文件
C:\Users\test\AppData\Local\Temp\zip-tmp\PandaOCR.exe
文件大小 2907136 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 02b7bafe2d522fd2ab7dc9222644f974
SHA1 491be0f46eaa9b7f869af152b2e34b6bdf5d9a8e
SHA256 f343a9c425228a71fb88ae80d102294ee9894368beacb35b448f8956aab5f6fd
CRC32 8132E0A0
Ssdeep 49152:V/xaRtA0XhB4rHArPdE9MTDdYFMfCClPJM76jRIqysfWbRG:VkblXDUgrF4mDd83ClPJMcMsuY
魔盾安全分析结果 10.0分析时间:2020-05-23 14:55:52查看分析报告
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 24.189 seconds )

  • 16.355 Suricata
  • 3.228 NetworkAnalysis
  • 2.045 BehaviorAnalysis
  • 1.289 VirusTotal
  • 1.022 TargetInfo
  • 0.16 Dropped
  • 0.058 AnalysisInfo
  • 0.027 Strings
  • 0.003 Memory
  • 0.002 Static

Signatures ( 43.719 seconds )

  • 40.699 network_http
  • 1.905 md_url_bl
  • 0.117 antiav_detectreg
  • 0.104 md_bad_drop
  • 0.102 api_spamming
  • 0.085 stealth_timeout
  • 0.08 stealth_decoy_document
  • 0.044 infostealer_ftp
  • 0.036 md_domain_bl
  • 0.025 stealth_file
  • 0.025 antianalysis_detectreg
  • 0.025 infostealer_im
  • 0.023 antivm_generic_scsi
  • 0.021 antivm_vbox_libs
  • 0.019 antivm_generic_services
  • 0.018 mimics_filetime
  • 0.017 infostealer_browser_password
  • 0.017 antidbg_windows
  • 0.017 kovter_behavior
  • 0.015 antiemu_wine_func
  • 0.015 reads_self
  • 0.015 anormaly_invoke_kills
  • 0.014 infostealer_mail
  • 0.013 antiav_detectfile
  • 0.01 bootkit
  • 0.01 infostealer_browser
  • 0.01 exec_crash
  • 0.01 antivm_generic_disk
  • 0.009 virus
  • 0.009 geodo_banking_trojan
  • 0.009 infostealer_bitcoin
  • 0.009 ransomware_extensions
  • 0.009 ransomware_files
  • 0.008 anomaly_persistence_autorun
  • 0.007 antiav_avast_libs
  • 0.007 antisandbox_sunbelt_libs
  • 0.006 kibex_behavior
  • 0.006 antivm_parallels_keys
  • 0.006 antivm_xen_keys
  • 0.006 network_torgateway
  • 0.005 antivm_vmware_libs
  • 0.005 maldun_anomaly_massive_file_ops
  • 0.005 betabot_behavior
  • 0.005 antisandbox_sboxie_libs
  • 0.005 antiav_bitdefender_libs
  • 0.005 hancitor_behavior
  • 0.005 antivm_vbox_files
  • 0.005 darkcomet_regkeys
  • 0.004 antivm_generic_diskreg
  • 0.004 disables_browser_warn
  • 0.003 tinba_behavior
  • 0.003 dridex_behavior
  • 0.003 antivm_vbox_window
  • 0.003 ipc_namedpipe
  • 0.003 packer_armadillo_regkey
  • 0.003 recon_fingerprint
  • 0.002 rat_nanocore
  • 0.002 injection_createremotethread
  • 0.002 heapspray_js
  • 0.002 shifu_behavior
  • 0.002 cerber_behavior
  • 0.002 antisandbox_script_timer
  • 0.002 bypass_firewall
  • 0.002 antidbg_devices
  • 0.002 antisandbox_productid
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 maldun_anomaly_invoke_vb_vba
  • 0.002 network_cnc_http
  • 0.002 rat_pcclient
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 virtualcheck_js
  • 0.001 ursnif_behavior
  • 0.001 kazybot_behavior
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 java_js
  • 0.001 injection_runpe
  • 0.001 silverlight_js
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 network_tor_service
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.315 seconds )

  • 0.839 ReportHTMLSummary
  • 0.476 Malheur
Task ID 548171
Mongo ID 5ecce1a52f8f2e73207ee8d3
Cuckoo release 1.4-Maldun