比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2020-07-05 20:29:19 2020-07-05 20:31:43 144 秒

魔盾分数

1.975

正常的

文件详细信息

文件名 油耗计算器.exe
文件大小 884736 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 df9e358006ebfe6ae73f04331c777f35
SHA1 96b81364691a9d51cb761480957009224863b594
SHA256 706c913b819590d0792eb080bf639c353c42ed8c1ed2f451e2067257a661edb5
SHA512 0856c8bf27a64d60c9b9e9525281522e82a689d737102b872785503e81348e680b576f642cc994ee8bdf00996d271618bdaf5c3cc32fc58f863f5a338e2de6e5
CRC32 09A7DDB6
Ssdeep 24576:mhjDyJfoUi0JEIOG7lrsP5IxE6JbXmKWgiOj:mhjDyJfoUT77l5E6hmXgiq
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
youjia.chemcp.com A 219.156.123.204
winscp.net 未知 A 87.106.181.237
winscp-static-746341.c.cdn77.org CNAME 1578389079.rsc.cdn77.org
A 89.187.187.12
www.googletagmanager.com 未知 CNAME www-googletagmanager.l.google.com
A 203.208.50.169
pagead2.googlesyndication.com A 203.208.43.102
CNAME pagead46.l.doubleclick.net

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004837fc
声明校验值 0x00000000
实际校验值 0x000e5b8a
最低操作系统版本要求 4.0
编译时间 2020-07-05 20:08:57
载入哈希 cc951e32effaa3a551eae33a21b8c7b9

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000a274e 0x000a3000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.59
.rdata 0x000a4000 0x00015d00 0x00016000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.51
.data 0x000ba000 0x0004a44b 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.05
.rsrc 0x00105000 0x0000595c 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.82

导入

库: KERNEL32.dll:
0x4a4170 SetEndOfFile
0x4a4174 UnlockFile
0x4a4178 LockFile
0x4a417c FlushFileBuffers
0x4a4180 SetFilePointer
0x4a4184 GetCurrentProcess
0x4a4188 DuplicateHandle
0x4a418c lstrcpynA
0x4a4190 SetLastError
0x4a419c LocalFree
0x4a41a0 MultiByteToWideChar
0x4a41a4 WideCharToMultiByte
0x4a41ac SuspendThread
0x4a41b0 TerminateThread
0x4a41b4 ReleaseMutex
0x4a41b8 CreateMutexA
0x4a41bc CreateSemaphoreA
0x4a41c0 SetStdHandle
0x4a41c4 IsBadCodePtr
0x4a41c8 IsBadReadPtr
0x4a41cc CompareStringW
0x4a41d0 CompareStringA
0x4a41d4 GetStringTypeW
0x4a41d8 GetStringTypeA
0x4a41e0 IsBadWritePtr
0x4a41e4 VirtualAlloc
0x4a41e8 LCMapStringW
0x4a41ec LCMapStringA
0x4a41f4 VirtualFree
0x4a41f8 HeapCreate
0x4a41fc HeapDestroy
0x4a4204 GetFileType
0x4a4208 GetStdHandle
0x4a420c SetHandleCount
0x4a4214 ResumeThread
0x4a4218 ReleaseSemaphore
0x4a4224 GetProfileStringA
0x4a4228 WriteFile
0x4a422c ReadFile
0x4a4234 CreateFileA
0x4a4238 SetEvent
0x4a423c FindResourceA
0x4a4240 LoadResource
0x4a4244 LockResource
0x4a4248 lstrlenW
0x4a424c GetModuleFileNameA
0x4a4250 GetCurrentThreadId
0x4a4254 ExitProcess
0x4a4258 GlobalSize
0x4a425c GlobalFree
0x4a4268 lstrcatA
0x4a426c lstrlenA
0x4a4270 WinExec
0x4a4274 lstrcpyA
0x4a4278 FindNextFileA
0x4a427c GlobalReAlloc
0x4a4280 HeapFree
0x4a4284 HeapReAlloc
0x4a4288 GetProcessHeap
0x4a428c HeapAlloc
0x4a4290 GetUserDefaultLCID
0x4a4294 GetFullPathNameA
0x4a4298 FreeLibrary
0x4a429c LoadLibraryA
0x4a42a0 GetLastError
0x4a42a4 GetVersionExA
0x4a42ac CreateThread
0x4a42b0 CreateEventA
0x4a42b4 Sleep
0x4a42b8 GlobalAlloc
0x4a42bc GlobalLock
0x4a42c0 GlobalUnlock
0x4a42c4 FindFirstFileA
0x4a42c8 FindClose
0x4a42dc GetACP
0x4a42e0 HeapSize
0x4a42e4 TerminateProcess
0x4a42e8 GetLocalTime
0x4a42ec GetSystemTime
0x4a42f4 RaiseException
0x4a42f8 RtlUnwind
0x4a42fc GetStartupInfoA
0x4a4300 GetOEMCP
0x4a4304 GetCPInfo
0x4a4308 GetProcessVersion
0x4a430c SetErrorMode
0x4a4310 GlobalFlags
0x4a4314 GetCurrentThread
0x4a4318 GetFileTime
0x4a431c GetFileSize
0x4a4320 TlsGetValue
0x4a4324 LocalReAlloc
0x4a4328 TlsSetValue
0x4a432c TlsFree
0x4a4330 GlobalHandle
0x4a4334 GetFileAttributesA
0x4a4340 TlsAlloc
0x4a4344 LocalAlloc
0x4a4348 lstrcmpA
0x4a434c GetVersion
0x4a4350 GlobalGetAtomNameA
0x4a4354 GlobalAddAtomA
0x4a4358 GlobalFindAtomA
0x4a435c GlobalDeleteAtom
0x4a4360 lstrcmpiA
0x4a4364 GetModuleHandleA
0x4a4368 GetProcAddress
0x4a436c MulDiv
0x4a4370 GetCommandLineA
0x4a4374 GetTickCount
0x4a4378 WaitForSingleObject
0x4a437c CloseHandle
库: USER32.dll:
0x4a43e4 OpenClipboard
0x4a43e8 SetClipboardData
0x4a43ec EmptyClipboard
0x4a43f0 GetSystemMetrics
0x4a43f4 GetCursorPos
0x4a43f8 MessageBoxA
0x4a43fc SetWindowPos
0x4a4400 SendMessageA
0x4a4404 DestroyCursor
0x4a4408 SetParent
0x4a440c GetClipboardData
0x4a4410 PostMessageA
0x4a4414 GetTopWindow
0x4a4418 GetParent
0x4a441c GetFocus
0x4a4420 GetClientRect
0x4a4424 InvalidateRect
0x4a4428 ValidateRect
0x4a442c UpdateWindow
0x4a4430 CloseClipboard
0x4a4434 wsprintfA
0x4a4438 EqualRect
0x4a443c GetWindowRect
0x4a4440 SetForegroundWindow
0x4a4444 DestroyMenu
0x4a4448 IsWindow
0x4a444c IsChild
0x4a4450 ReleaseDC
0x4a4454 IsRectEmpty
0x4a4458 FillRect
0x4a445c GetDC
0x4a4460 SetCursor
0x4a4464 LoadCursorA
0x4a4468 SetCursorPos
0x4a446c SetActiveWindow
0x4a4470 GetSysColor
0x4a4474 SetWindowLongA
0x4a4478 GetWindowLongA
0x4a447c RedrawWindow
0x4a4480 EnableWindow
0x4a4484 IsWindowVisible
0x4a4488 OffsetRect
0x4a448c PtInRect
0x4a4490 DestroyIcon
0x4a4494 IntersectRect
0x4a4498 InflateRect
0x4a449c SetRect
0x4a44a0 SetScrollPos
0x4a44a4 SetScrollRange
0x4a44a8 GetScrollRange
0x4a44ac SetCapture
0x4a44b0 GetCapture
0x4a44b4 ReleaseCapture
0x4a44b8 SetTimer
0x4a44bc KillTimer
0x4a44c0 TranslateMessage
0x4a44c4 LoadIconA
0x4a44c8 DrawFrameControl
0x4a44cc DrawEdge
0x4a44d0 DrawFocusRect
0x4a44d4 WindowFromPoint
0x4a44d8 GetMessageA
0x4a44dc DispatchMessageA
0x4a44e0 SetRectEmpty
0x4a44f0 DrawIconEx
0x4a44f4 CreatePopupMenu
0x4a44f8 AppendMenuA
0x4a44fc ModifyMenuA
0x4a4500 CreateMenu
0x4a4508 GetDlgCtrlID
0x4a450c GetSubMenu
0x4a4510 EnableMenuItem
0x4a4514 ClientToScreen
0x4a451c LoadImageA
0x4a4524 ShowWindow
0x4a4528 IsWindowEnabled
0x4a4530 GetKeyState
0x4a4538 PostQuitMessage
0x4a453c IsZoomed
0x4a4540 GetClassInfoA
0x4a4544 GetWindowTextA
0x4a454c CharUpperA
0x4a4550 GetWindowDC
0x4a4554 BeginPaint
0x4a4558 EndPaint
0x4a455c TabbedTextOutA
0x4a4560 DrawTextA
0x4a4564 GrayStringA
0x4a4568 GetDlgItem
0x4a456c DestroyWindow
0x4a4574 EndDialog
0x4a4578 GetNextDlgTabItem
0x4a457c GetWindowPlacement
0x4a4584 GetForegroundWindow
0x4a4588 GetLastActivePopup
0x4a458c GetMessageTime
0x4a4590 RemovePropA
0x4a4594 CallWindowProcA
0x4a4598 GetPropA
0x4a459c UnhookWindowsHookEx
0x4a45a0 SetPropA
0x4a45a4 GetClassLongA
0x4a45a8 CallNextHookEx
0x4a45ac SetWindowsHookExA
0x4a45b0 CreateWindowExA
0x4a45b4 GetMenuItemID
0x4a45b8 GetMenuItemCount
0x4a45bc RegisterClassA
0x4a45c0 GetScrollPos
0x4a45c4 UnregisterClassA
0x4a45c8 AdjustWindowRectEx
0x4a45cc MapWindowPoints
0x4a45d0 SendDlgItemMessageA
0x4a45d4 ScrollWindowEx
0x4a45d8 IsDialogMessageA
0x4a45dc SetWindowTextA
0x4a45e0 MoveWindow
0x4a45e4 CheckMenuItem
0x4a45e8 SetMenuItemBitmaps
0x4a45ec GetMenuState
0x4a45f4 GetClassNameA
0x4a45f8 GetDesktopWindow
0x4a45fc LoadStringA
0x4a4600 GetSysColorBrush
0x4a4604 DefWindowProcA
0x4a4608 GetSystemMenu
0x4a460c DeleteMenu
0x4a4610 GetMenu
0x4a4614 SetMenu
0x4a4618 PeekMessageA
0x4a461c IsIconic
0x4a4620 SetFocus
0x4a4624 GetActiveWindow
0x4a4628 GetWindow
0x4a4630 SetWindowRgn
0x4a4634 GetMessagePos
0x4a4638 ScreenToClient
0x4a4640 CopyRect
0x4a4644 LoadBitmapA
0x4a4648 WinHelpA
库: GDI32.dll:
0x4a4024 SetStretchBltMode
0x4a4028 GetClipRgn
0x4a402c CreatePolygonRgn
0x4a4030 SelectClipRgn
0x4a4034 DeleteObject
0x4a4038 CreateDIBitmap
0x4a4040 CreatePalette
0x4a4044 StretchBlt
0x4a4048 SelectPalette
0x4a404c RealizePalette
0x4a4050 GetDIBits
0x4a4054 GetWindowExtEx
0x4a4058 GetViewportOrgEx
0x4a405c GetWindowOrgEx
0x4a4060 BeginPath
0x4a4064 EndPath
0x4a4068 PathToRegion
0x4a406c CreateEllipticRgn
0x4a4070 CreateRoundRectRgn
0x4a4074 GetTextColor
0x4a4078 GetBkMode
0x4a407c GetBkColor
0x4a4080 GetROP2
0x4a4084 GetStretchBltMode
0x4a4088 GetPolyFillMode
0x4a4090 CreateDCA
0x4a4094 CreateBitmap
0x4a4098 SelectObject
0x4a409c CreatePen
0x4a40a0 PatBlt
0x4a40a4 CombineRgn
0x4a40a8 FillRgn
0x4a40ac CreateSolidBrush
0x4a40b0 CreateFontIndirectA
0x4a40b4 GetStockObject
0x4a40b8 GetObjectA
0x4a40bc EndPage
0x4a40c0 EndDoc
0x4a40c4 DeleteDC
0x4a40c8 StartDocA
0x4a40cc StartPage
0x4a40d0 BitBlt
0x4a40d4 CreateCompatibleDC
0x4a40d8 Ellipse
0x4a40dc Rectangle
0x4a40e0 LPtoDP
0x4a40e4 DPtoLP
0x4a40e8 GetCurrentObject
0x4a40ec RoundRect
0x4a40f4 GetDeviceCaps
0x4a40f8 SaveDC
0x4a40fc RestoreDC
0x4a4100 SetBkMode
0x4a4104 SetPolyFillMode
0x4a4108 SetROP2
0x4a410c SetTextColor
0x4a4110 SetMapMode
0x4a4114 SetViewportOrgEx
0x4a4118 OffsetViewportOrgEx
0x4a411c SetViewportExtEx
0x4a4120 ScaleViewportExtEx
0x4a4124 SetWindowOrgEx
0x4a4128 SetWindowExtEx
0x4a412c ScaleWindowExtEx
0x4a4130 GetClipBox
0x4a4134 ExcludeClipRect
0x4a4138 MoveToEx
0x4a413c LineTo
0x4a4144 SetBkColor
0x4a4148 CreateRectRgn
0x4a414c GetTextMetricsA
0x4a4150 Escape
0x4a4154 ExtTextOutA
0x4a4158 TextOutA
0x4a415c RectVisible
0x4a4160 PtVisible
0x4a4164 GetViewportExtEx
0x4a4168 ExtSelectClipRgn
库: WINMM.dll:
0x4a4650 midiStreamRestart
0x4a4654 midiStreamClose
0x4a4658 midiOutReset
0x4a465c midiStreamStop
0x4a4660 midiStreamOut
0x4a4668 midiStreamProperty
0x4a466c midiStreamOpen
0x4a4674 waveOutOpen
0x4a4678 waveOutGetNumDevs
0x4a467c waveOutClose
0x4a4680 waveOutReset
0x4a4684 waveOutPause
0x4a4688 waveOutWrite
0x4a4694 waveOutRestart
库: WINSPOOL.DRV:
0x4a469c ClosePrinter
0x4a46a0 DocumentPropertiesA
0x4a46a4 OpenPrinterA
库: ADVAPI32.dll:
0x4a4000 RegCloseKey
0x4a4004 RegOpenKeyExA
0x4a4008 RegSetValueExA
0x4a400c RegQueryValueA
0x4a4010 RegCreateKeyExA
库: SHELL32.dll:
0x4a43d8 ShellExecuteA
0x4a43dc Shell_NotifyIconA
库: ole32.dll:
0x4a46ec CLSIDFromProgID
0x4a46f0 OleInitialize
0x4a46f4 OleUninitialize
0x4a46f8 CoCreateInstance
0x4a46fc OleRun
0x4a4700 CLSIDFromString
库: OLEAUT32.dll:
0x4a4388 SysAllocString
0x4a438c SafeArrayDestroy
0x4a4390 SafeArrayCreate
0x4a4394 SafeArrayPutElement
0x4a4398 RegisterTypeLib
0x4a439c LHashValOfNameSys
0x4a43a0 LoadTypeLib
0x4a43a4 UnRegisterTypeLib
0x4a43a8 VariantCopyInd
0x4a43ac SafeArrayGetElement
0x4a43b0 SafeArrayAccessData
0x4a43b8 SafeArrayGetDim
0x4a43bc SafeArrayGetLBound
0x4a43c0 SafeArrayGetUBound
0x4a43c4 VariantChangeType
0x4a43c8 VariantClear
0x4a43cc VariantCopy
0x4a43d0 VariantInit
库: COMCTL32.dll:
0x4a4018 ImageList_Destroy
0x4a401c None
库: WS2_32.dll:
0x4a46ac recv
0x4a46b0 getpeername
0x4a46b4 accept
0x4a46b8 ntohl
0x4a46bc ioctlsocket
0x4a46c0 recvfrom
0x4a46c4 WSAAsyncSelect
0x4a46c8 closesocket
0x4a46cc WSACleanup
0x4a46d0 inet_ntoa
库: comdlg32.dll:
0x4a46d8 GetFileTitleA
0x4a46dc GetSaveFileNameA
0x4a46e0 GetOpenFileNameA
0x4a46e4 ChooseColorA
.text
`.rdata
@.data
.rsrc
3h(eJ
D$$0wJ
D$00wJ
D$00wJ
D$D0wJ
D$$0wJ
D$$0wJ
D$$0wJ
D$$0wJ
D$$0wJ
D$00wJ
8`}<j
T$hVj
DRQPj
T$|Vj
T$th
|$`Vj
|$tVj
D$`4wJ
D$@Sj
L$8h
D$8Rj
l$<VWj
D$L4wJ
D$L0wJ
jjjjh
没有防病毒引擎扫描信息!

进程树

_______________.exe, PID: 2688, 上一级进程 PID: 2332
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49169 203.208.43.102 pagead2.googlesyndication.com 443
192.168.122.201 49176 203.208.50.169 www.googletagmanager.com 443
192.168.122.201 49162 219.156.123.204 youjia.chemcp.com 80
192.168.122.201 49165 87.106.181.237 winscp.net 443
192.168.122.201 49166 87.106.181.237 winscp.net 80
192.168.122.201 49168 87.106.181.237 winscp.net 443
192.168.122.201 49170 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49171 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49172 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49173 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49174 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49175 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49177 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49178 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49179 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49180 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49181 89.187.187.12 winscp-static-746341.c.cdn77.org 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
youjia.chemcp.com A 219.156.123.204
winscp.net 未知 A 87.106.181.237
winscp-static-746341.c.cdn77.org CNAME 1578389079.rsc.cdn77.org
A 89.187.187.12
www.googletagmanager.com 未知 CNAME www-googletagmanager.l.google.com
A 203.208.50.169
pagead2.googlesyndication.com A 203.208.43.102
CNAME pagead46.l.doubleclick.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49169 203.208.43.102 pagead2.googlesyndication.com 443
192.168.122.201 49176 203.208.50.169 www.googletagmanager.com 443
192.168.122.201 49162 219.156.123.204 youjia.chemcp.com 80
192.168.122.201 49165 87.106.181.237 winscp.net 443
192.168.122.201 49166 87.106.181.237 winscp.net 80
192.168.122.201 49168 87.106.181.237 winscp.net 443
192.168.122.201 49170 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49171 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49172 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49173 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49174 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49175 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49177 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49178 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49179 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49180 89.187.187.12 winscp-static-746341.c.cdn77.org 443
192.168.122.201 49181 89.187.187.12 winscp-static-746341.c.cdn77.org 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49310 192.168.122.1 53
192.168.122.201 49608 192.168.122.1 53
192.168.122.201 51856 192.168.122.1 53
192.168.122.201 58897 192.168.122.1 53
192.168.122.201 64912 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://youjia.chemcp.com/index.asp 
GET /index.asp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: youjia.chemcp.com
URL专业沙箱检测 -> http://winscp.net/eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 
GET /eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: winscp.net
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-07-05 20:31:29.795694+0800 192.168.122.201 49169 203.208.43.102 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.g.doubleclick.net 4a:1b:6b:23:67:97:34:fc:c2:ac:cc:45:85:ee:96:c4:1f:d5:a2:b7
2020-07-05 20:31:16.514008+0800 192.168.122.201 49165 87.106.181.237 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 CN=www.winscp.net e3:2f:9d:ec:c7:e2:51:fd:6d:76:db:bf:fe:94:fe:94:89:ee:32:a0
2020-07-05 20:31:28.694152+0800 192.168.122.201 49168 87.106.181.237 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018 CN=www.winscp.net e3:2f:9d:ec:c7:e2:51:fd:6d:76:db:bf:fe:94:fe:94:89:ee:32:a0
2020-07-05 20:31:30.958217+0800 192.168.122.201 49176 203.208.50.169 443 TLS 1.2 C=US, O=Google Trust Services, CN=GTS CA 1O1 C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com 38:87:37:c2:7b:3f:f1:e8:54:93:f9:c3:69:2a:3d:46:ad:ce:66:49
2020-07-05 20:31:31.038491+0800 192.168.122.201 49175 89.187.187.12 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=www.cdn77.com d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19
2020-07-05 20:31:31.020228+0800 192.168.122.201 49174 89.187.187.12 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=www.cdn77.com d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19
2020-07-05 20:31:34.289274+0800 192.168.122.201 49172 89.187.187.12 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=www.cdn77.com d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19
2020-07-05 20:31:31.005801+0800 192.168.122.201 49170 89.187.187.12 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=www.cdn77.com d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19
2020-07-05 20:31:31.416947+0800 192.168.122.201 49171 89.187.187.12 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=www.cdn77.com d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19
2020-07-05 20:31:34.483511+0800 192.168.122.201 49173 89.187.187.12 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=www.cdn77.com d6:8f:53:0d:1c:8f:7b:db:36:70:99:c3:3a:1a:d2:29:ec:b9:18:19

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 34.551 seconds )

  • 15.565 Suricata
  • 10.905 NetworkAnalysis
  • 4.222 Static
  • 2.43 VirusTotal
  • 0.537 TargetInfo
  • 0.518 peid
  • 0.212 BehaviorAnalysis
  • 0.138 AnalysisInfo
  • 0.018 Strings
  • 0.003 Memory
  • 0.003 config_decoder

Signatures ( 39.718 seconds )

  • 37.586 network_http
  • 1.895 md_url_bl
  • 0.041 md_domain_bl
  • 0.028 antiav_detectreg
  • 0.012 infostealer_ftp
  • 0.009 api_spamming
  • 0.008 ransomware_extensions
  • 0.008 ransomware_files
  • 0.007 anomaly_persistence_autorun
  • 0.007 stealth_timeout
  • 0.007 antiav_detectfile
  • 0.007 infostealer_im
  • 0.006 stealth_decoy_document
  • 0.006 antianalysis_detectreg
  • 0.006 geodo_banking_trojan
  • 0.006 network_torgateway
  • 0.005 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.003 tinba_behavior
  • 0.003 antidbg_windows
  • 0.003 antivm_vbox_files
  • 0.003 disables_browser_warn
  • 0.002 antivm_vbox_libs
  • 0.002 rat_nanocore
  • 0.002 mimics_filetime
  • 0.002 betabot_behavior
  • 0.002 reads_self
  • 0.002 cerber_behavior
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 md_bad_drop
  • 0.002 network_cnc_http
  • 0.001 bootkit
  • 0.001 infostealer_browser
  • 0.001 stealth_file
  • 0.001 antivm_generic_services
  • 0.001 ursnif_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antivm_generic_disk
  • 0.001 infostealer_browser_password
  • 0.001 virus
  • 0.001 kovter_behavior
  • 0.001 hancitor_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 maldun_network_blacklist
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_fingerprint
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 1.035 seconds )

  • 0.854 ReportHTMLSummary
  • 0.181 Malheur
Task ID 557758
Mongo ID 5f01c8842f8f2e385c663118
Cuckoo release 1.4-Maldun