分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2020-07-05 20:29:19 | 2020-07-05 20:31:43 | 144 秒 |
文件名 | 油耗计算器.exe |
---|---|
文件大小 | 884736 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | df9e358006ebfe6ae73f04331c777f35 |
SHA1 | 96b81364691a9d51cb761480957009224863b594 |
SHA256 | 706c913b819590d0792eb080bf639c353c42ed8c1ed2f451e2067257a661edb5 |
SHA512 | 0856c8bf27a64d60c9b9e9525281522e82a689d737102b872785503e81348e680b576f642cc994ee8bdf00996d271618bdaf5c3cc32fc58f863f5a338e2de6e5 |
CRC32 | 09A7DDB6 |
Ssdeep | 24576:mhjDyJfoUi0JEIOG7lrsP5IxE6JbXmKWgiOj:mhjDyJfoUT77l5E6hmXgiq |
Yara | 登录查看Yara规则 |
样本下载 提交漏报 |
无主机纪录.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x004837fc |
声明校验值 | 0x00000000 |
实际校验值 | 0x000e5b8a |
最低操作系统版本要求 | 4.0 |
编译时间 | 2020-07-05 20:08:57 |
载入哈希 | cc951e32effaa3a551eae33a21b8c7b9 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000a274e | 0x000a3000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.59 |
.rdata | 0x000a4000 | 0x00015d00 | 0x00016000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.51 |
.data | 0x000ba000 | 0x0004a44b | 0x00018000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.05 |
.rsrc | 0x00105000 | 0x0000595c | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.82 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49169 | 203.208.43.102 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49176 | 203.208.50.169 www.googletagmanager.com | 443 |
192.168.122.201 | 49162 | 219.156.123.204 youjia.chemcp.com | 80 |
192.168.122.201 | 49165 | 87.106.181.237 winscp.net | 443 |
192.168.122.201 | 49166 | 87.106.181.237 winscp.net | 80 |
192.168.122.201 | 49168 | 87.106.181.237 winscp.net | 443 |
192.168.122.201 | 49170 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49171 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49172 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49173 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49174 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49175 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49177 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49178 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49179 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49180 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49181 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 58897 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49169 | 203.208.43.102 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49176 | 203.208.50.169 www.googletagmanager.com | 443 |
192.168.122.201 | 49162 | 219.156.123.204 youjia.chemcp.com | 80 |
192.168.122.201 | 49165 | 87.106.181.237 winscp.net | 443 |
192.168.122.201 | 49166 | 87.106.181.237 winscp.net | 80 |
192.168.122.201 | 49168 | 87.106.181.237 winscp.net | 443 |
192.168.122.201 | 49170 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49171 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49172 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49173 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49174 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49175 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49177 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49178 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49179 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49180 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49181 | 89.187.187.12 winscp-static-746341.c.cdn77.org | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 51856 | 192.168.122.1 | 53 |
192.168.122.201 | 58897 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://youjia.chemcp.com/index.asp | GET /index.asp HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: youjia.chemcp.com |
URL专业沙箱检测 -> http://winscp.net/eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 | GET /eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: winscp.net Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-07-05 20:31:29.795694+0800 | 192.168.122.201 | 49169 | 203.208.43.102 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net | 4a:1b:6b:23:67:97:34:fc:c2:ac:cc:45:85:ee:96:c4:1f:d5:a2:b7 |
2020-07-05 20:31:16.514008+0800 | 192.168.122.201 | 49165 | 87.106.181.237 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 | CN=www.winscp.net | e3:2f:9d:ec:c7:e2:51:fd:6d:76:db:bf:fe:94:fe:94:89:ee:32:a0 |
2020-07-05 20:31:28.694152+0800 | 192.168.122.201 | 49168 | 87.106.181.237 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 | CN=www.winscp.net | e3:2f:9d:ec:c7:e2:51:fd:6d:76:db:bf:fe:94:fe:94:89:ee:32:a0 |
2020-07-05 20:31:30.958217+0800 | 192.168.122.201 | 49176 | 203.208.50.169 | 443 | TLS 1.2 | C=US, O=Google Trust Services, CN=GTS CA 1O1 | C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com | 38:87:37:c2:7b:3f:f1:e8:54:93:f9:c3:69:2a:3d:46:ad:ce:66:49 |
2020-07-05 20:31:31.038491+0800 | 192.168.122.201 | 49175 | 89.187.187.12 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=www.cdn77.com | d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19 |
2020-07-05 20:31:31.020228+0800 | 192.168.122.201 | 49174 | 89.187.187.12 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=www.cdn77.com | d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19 |
2020-07-05 20:31:34.289274+0800 | 192.168.122.201 | 49172 | 89.187.187.12 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=www.cdn77.com | d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19 |
2020-07-05 20:31:31.005801+0800 | 192.168.122.201 | 49170 | 89.187.187.12 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=www.cdn77.com | d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19 |
2020-07-05 20:31:31.416947+0800 | 192.168.122.201 | 49171 | 89.187.187.12 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=www.cdn77.com | d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19 |
2020-07-05 20:31:34.483511+0800 | 192.168.122.201 | 49173 | 89.187.187.12 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=www.cdn77.com | d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 557758 |
---|---|
Mongo ID | 5f01c8842f8f2e385c663118 |
Cuckoo release | 1.4-Maldun |