分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-09-25 20:42:01 2020-09-25 20:44:07 126 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 生死狙击爱尚辅助V15.5.exe
文件大小 8671232 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 08aa277b506b594bf4212933cbc56a7b
SHA1 f18d1ecd31314366a2c59c34d1ed83c839549419
SHA256 67cb55e2c29506b1df035eafb09412449753a63932f1363f208756d440e20d57
SHA512 17e3d360a8b2e331961f95759ec34c457b7b13f776324c42cabadf20ef02b04209495a4f8cdbc1321f97acbef40b400d9f77dd3ed2b457657ce90d0c5831673e
CRC32 F154A0DF
Ssdeep 98304:udF5ZqlG4082zfokp8prJB45SbWf+YFC2t7TZMtW1ywPZpHCZkdNcw:uDrzAlHB4Qaf+HQT2Wcasg
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com A 23.198.99.176
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.198.99.183
asdata.ui10.net 未知 A 154.221.16.135
my.4399.com A 101.227.98.71
CNAME my.4399.com.lxdns.com
CNAME my.4399api.net
A 218.1.70.80
s1.img4399.com CNAME s1.img4399.com.wscdns.com
ptlogin.3304399.net A 101.227.98.111
A 183.131.168.6
CNAME ptlogin.3304399.net.lxdns.com
fs.img4399.com CNAME fs.img4399.com.lxdns.com
A 101.227.102.169
mygame.5054399.com A 49.232.78.158
hm.baidu.com CNAME hm.e.shifen.com
A 106.120.159.126
4399stat.5054399.com 未知 CNAME 4399stat.5054399.com.lxdns.com
tj.img4399.com CNAME tj.img4399.com.lxdns.com
A 122.224.186.209
s23.cnzz.com
s19.cnzz.com A 58.215.157.250
CNAME all.cnzz.com.danuoyi.tbcache.com
A 218.94.207.228
CNAME c.cnzz.com
gprp.4399api.net A 42.62.52.249
z5.cnzz.com A 106.11.84.7
CNAME z.cnzz.com
CNAME z.gds.cnzz.com
c.cnzz.com
cnzz.mmstat.com CNAME gm.gds.mmstat.com
CNAME gm.mmstat.com
A 106.11.251.20
z8.cnzz.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x005333e0
声明校验值 0x00000000
实际校验值 0x0084506f
最低操作系统版本要求 4.0
编译时间 2020-08-15 04:57:02
载入哈希 d945ea8d2611442d51698c47482aa4ad
图标
图标精确哈希值 fed729cfe3036ad379f30dc442a25b53
图标相似性哈希值 69ac855da432bbf7912116a65bdec02a

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
UnPackEr 0x00001000 0x0015a000 0x0015a000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.40
By 0x0015b000 0x0068a000 0x0068a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.56
LoveBoom 0x007e5000 0x00058000 0x00058000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 1.68
0x0083d000 0x00006000 0x00006000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.57
0x00843000 0x00002000 0x00002000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.28

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x0083dc18 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0083dc18 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x0083dc18 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
RT_CURSOR 0x0083e108 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0083e108 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0083e108 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_CURSOR 0x0083e108 0x000000b4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.74 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x0083f97c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x008447d4 0x00000130 LANG_NEUTRAL SUBLANG_NEUTRAL 2.93 data
RT_ICON 0x008447d4 0x00000130 LANG_NEUTRAL SUBLANG_NEUTRAL 2.93 data
RT_ICON 0x008447d4 0x00000130 LANG_NEUTRAL SUBLANG_NEUTRAL 2.93 data
RT_MENU 0x0084000c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x0084000c 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x00841254 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x00841c9c 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x00841ce8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00841ce8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x00841ce8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x00844798 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00844798 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00844798 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x00844504 0x00000294 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_MANIFEST 0x00844334 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x55b7b4 midiStreamOut
0x55b7bc midiStreamProperty
0x55b7c0 midiStreamOpen
0x55b7c8 waveOutOpen
0x55b7cc waveOutGetNumDevs
0x55b7d0 waveOutClose
0x55b7dc waveOutWrite
0x55b7e0 waveOutPause
0x55b7e4 waveOutReset
0x55b7e8 midiStreamStop
0x55b7ec midiOutReset
0x55b7f0 midiStreamClose
0x55b7f4 midiStreamRestart
库: WS2_32.dll:
0x55b80c WSAAsyncSelect
0x55b810 send
0x55b814 select
0x55b818 WSACleanup
0x55b81c WSAStartup
0x55b820 recvfrom
0x55b824 ioctlsocket
0x55b828 recv
0x55b82c getpeername
0x55b830 accept
0x55b834 gethostbyname
0x55b838 inet_ntoa
0x55b83c closesocket
库: RASAPI32.dll:
0x55b494 RasHangUpA
库: KERNEL32.dll:
0x55b1cc GetVersion
0x55b1d4 GetTempFileNameA
0x55b1d8 SetSystemPowerState
0x55b1dc WideCharToMultiByte
0x55b1e0 IsDBCSLeadByte
0x55b1e4 lstrcmpA
0x55b1e8 lstrcmpiA
0x55b1ec lstrcpynA
0x55b1f0 GetFileType
0x55b1f4 DuplicateHandle
0x55b1fc GetLocalTime
0x55b204 SetFileTime
0x55b208 GetCPInfo
0x55b20c GetProcessVersion
0x55b210 SetErrorMode
0x55b214 GlobalFlags
0x55b218 GetCurrentThread
0x55b21c GetFileTime
0x55b220 TlsGetValue
0x55b224 LocalReAlloc
0x55b228 TlsSetValue
0x55b22c TlsFree
0x55b230 GlobalHandle
0x55b234 TlsAlloc
0x55b238 LocalAlloc
0x55b23c GlobalGetAtomNameA
0x55b240 GlobalAddAtomA
0x55b244 GlobalFindAtomA
0x55b248 GlobalDeleteAtom
0x55b24c GetThreadLocale
0x55b250 SetEndOfFile
0x55b254 UnlockFile
0x55b258 LockFile
0x55b25c FlushFileBuffers
0x55b260 FormatMessageA
0x55b264 LocalFree
0x55b270 SetLastError
0x55b274 MultiByteToWideChar
0x55b278 GetSystemDirectoryA
0x55b280 TerminateProcess
0x55b284 GetCurrentProcess
0x55b288 GetFileSize
0x55b28c SetFilePointer
0x55b290 CreateSemaphoreA
0x55b294 ResumeThread
0x55b298 ReleaseSemaphore
0x55b2a4 GetProfileStringA
0x55b2a8 WriteFile
0x55b2b0 CreateFileA
0x55b2b4 DeviceIoControl
0x55b2b8 SetEvent
0x55b2bc FindResourceA
0x55b2c0 LoadResource
0x55b2c4 LockResource
0x55b2c8 ReadFile
0x55b2cc lstrlenW
0x55b2d0 RemoveDirectoryA
0x55b2d4 GetModuleFileNameA
0x55b2d8 GetCurrentThreadId
0x55b2dc ExitProcess
0x55b2e0 GlobalSize
0x55b2e4 GlobalFree
0x55b2f0 lstrcatA
0x55b2f4 lstrlenA
0x55b2f8 WinExec
0x55b2fc lstrcpyA
0x55b300 FindNextFileA
0x55b304 GetDriveTypeA
0x55b308 GlobalReAlloc
0x55b30c HeapFree
0x55b310 HeapReAlloc
0x55b314 GetProcessHeap
0x55b318 HeapAlloc
0x55b31c GetUserDefaultLCID
0x55b320 GetFullPathNameA
0x55b324 FreeLibrary
0x55b328 LoadLibraryA
0x55b32c GetLastError
0x55b330 GetVersionExA
0x55b33c CreateThread
0x55b340 CreateEventA
0x55b344 Sleep
0x55b34c GlobalAlloc
0x55b350 GlobalLock
0x55b354 GlobalUnlock
0x55b358 InterlockedExchange
0x55b35c GetTempPathA
0x55b360 FindFirstFileA
0x55b364 FindClose
0x55b368 SetFileAttributesA
0x55b36c GetFileAttributesA
0x55b370 DeleteFileA
0x55b374 CopyFileA
0x55b378 CreateDirectoryA
0x55b388 GetModuleHandleA
0x55b38c GetProcAddress
0x55b390 GetDiskFreeSpaceA
0x55b394 MulDiv
0x55b398 GetCommandLineA
0x55b39c GetTickCount
0x55b3a0 CreateProcessA
0x55b3a4 WaitForSingleObject
0x55b3a8 CloseHandle
0x55b3ac GetOEMCP
0x55b3b0 GetStartupInfoA
0x55b3b4 RtlUnwind
0x55b3b8 GetSystemTime
0x55b3bc RaiseException
0x55b3c0 HeapSize
0x55b3c4 GetACP
0x55b3c8 SetStdHandle
0x55b3e0 SetHandleCount
0x55b3e4 GetStdHandle
0x55b3ec HeapDestroy
0x55b3f0 HeapCreate
0x55b3f4 VirtualFree
0x55b3fc LCMapStringA
0x55b400 LCMapStringW
0x55b404 VirtualAlloc
0x55b408 IsBadWritePtr
0x55b410 GetStringTypeA
0x55b414 GetStringTypeW
0x55b418 CompareStringA
0x55b41c CompareStringW
0x55b420 IsBadReadPtr
0x55b424 IsBadCodePtr
库: USER32.dll:
0x55b4c0 GetWindow
0x55b4c4 GetActiveWindow
0x55b4c8 SetFocus
0x55b4cc IsIconic
0x55b4d0 PeekMessageA
0x55b4d8 SetWindowRgn
0x55b4dc GetMessagePos
0x55b4e0 ScreenToClient
0x55b4e8 CopyRect
0x55b4ec LoadBitmapA
0x55b4f0 WinHelpA
0x55b4f4 SetMenu
0x55b4f8 GetMenu
0x55b4fc DeleteMenu
0x55b500 GetSystemMenu
0x55b504 DefWindowProcA
0x55b508 GetClassInfoA
0x55b50c IsZoomed
0x55b510 PostQuitMessage
0x55b518 GetKeyState
0x55b520 IsWindowEnabled
0x55b524 ShowWindow
0x55b52c LoadImageA
0x55b534 ClientToScreen
0x55b538 EnableMenuItem
0x55b53c GetSubMenu
0x55b540 GetDlgCtrlID
0x55b548 CreateMenu
0x55b54c ModifyMenuA
0x55b550 KillTimer
0x55b554 SetTimer
0x55b558 ReleaseCapture
0x55b55c GetCapture
0x55b560 SetCapture
0x55b564 GetScrollRange
0x55b568 SetScrollRange
0x55b56c SetScrollPos
0x55b570 SetRect
0x55b574 InflateRect
0x55b578 IntersectRect
0x55b57c DestroyIcon
0x55b580 PtInRect
0x55b584 OffsetRect
0x55b588 IsWindowVisible
0x55b58c AppendMenuA
0x55b590 RedrawWindow
0x55b594 GetWindowLongA
0x55b598 SetWindowLongA
0x55b59c GetSysColor
0x55b5a0 SetActiveWindow
0x55b5a4 SetCursorPos
0x55b5a8 LoadCursorA
0x55b5ac SetCursor
0x55b5b0 GetDC
0x55b5b4 FillRect
0x55b5b8 IsRectEmpty
0x55b5bc PostThreadMessageA
0x55b5c0 GetNextDlgGroupItem
0x55b5c4 GetSysColorBrush
0x55b5c8 LoadStringA
0x55b5cc MapDialogRect
0x55b5d4 CharNextA
0x55b5dc GetMenuState
0x55b5e0 SetMenuItemBitmaps
0x55b5e4 CheckMenuItem
0x55b5e8 MoveWindow
0x55b5ec IsDialogMessageA
0x55b5f0 ScrollWindowEx
0x55b5f4 SendDlgItemMessageA
0x55b5f8 MapWindowPoints
0x55b5fc AdjustWindowRectEx
0x55b600 ScrollWindow
0x55b604 GetScrollInfo
0x55b608 SetScrollInfo
0x55b60c ShowScrollBar
0x55b610 GetScrollPos
0x55b614 ReleaseDC
0x55b618 IsChild
0x55b61c DestroyMenu
0x55b620 SetForegroundWindow
0x55b624 GetWindowRect
0x55b628 EqualRect
0x55b62c UpdateWindow
0x55b630 ValidateRect
0x55b634 InvalidateRect
0x55b638 GetClientRect
0x55b63c GetFocus
0x55b640 GetParent
0x55b644 GetTopWindow
0x55b648 PostMessageA
0x55b64c IsWindow
0x55b650 SetParent
0x55b654 DestroyCursor
0x55b658 SendMessageA
0x55b65c SetWindowPos
0x55b660 MessageBeep
0x55b664 MessageBoxA
0x55b668 GetCursorPos
0x55b66c GetSystemMetrics
0x55b670 EmptyClipboard
0x55b674 SetClipboardData
0x55b678 OpenClipboard
0x55b67c GetClipboardData
0x55b680 CloseClipboard
0x55b684 wsprintfA
0x55b688 WaitForInputIdle
0x55b68c CreatePopupMenu
0x55b690 DrawIconEx
0x55b6a0 SetRectEmpty
0x55b6a4 DispatchMessageA
0x55b6a8 GetMessageA
0x55b6ac WindowFromPoint
0x55b6b0 DrawFocusRect
0x55b6b4 DrawEdge
0x55b6b8 DrawFrameControl
0x55b6bc TranslateMessage
0x55b6c0 UnregisterClassA
0x55b6c4 LoadIconA
0x55b6c8 CallWindowProcA
0x55b6cc CreateWindowExA
0x55b6d0 RegisterHotKey
0x55b6d4 UnregisterHotKey
0x55b6d8 GetKeyboardLayout
0x55b6dc VkKeyScanExA
0x55b6e0 GetClassNameA
0x55b6e4 keybd_event
0x55b6e8 mouse_event
0x55b6ec FindWindowA
0x55b6f0 GetDlgItem
0x55b6f4 FindWindowExA
0x55b6f8 GetWindowTextA
0x55b6fc SetWindowTextA
0x55b700 GetForegroundWindow
0x55b704 ExitWindowsEx
0x55b708 CharUpperA
0x55b70c EnableWindow
0x55b710 GetDesktopWindow
0x55b718 GetWindowDC
0x55b71c BeginPaint
0x55b720 EndPaint
0x55b724 TabbedTextOutA
0x55b728 DrawTextA
0x55b72c GrayStringA
0x55b730 DestroyWindow
0x55b738 EndDialog
0x55b73c GetNextDlgTabItem
0x55b740 GetWindowPlacement
0x55b748 GetLastActivePopup
0x55b74c GetMessageTime
0x55b750 RemovePropA
0x55b754 GetPropA
0x55b758 UnhookWindowsHookEx
0x55b75c SetPropA
0x55b760 GetClassLongA
0x55b764 CallNextHookEx
0x55b768 SetWindowsHookExA
0x55b76c GetMenuItemID
0x55b770 GetMenuItemCount
0x55b774 RegisterClassA
库: GDI32.dll:
0x55b064 ExtSelectClipRgn
0x55b068 Ellipse
0x55b06c Rectangle
0x55b070 LPtoDP
0x55b074 DPtoLP
0x55b078 GetCurrentObject
0x55b07c RoundRect
0x55b084 GetDeviceCaps
0x55b088 RealizePalette
0x55b08c SelectPalette
0x55b090 StretchBlt
0x55b094 CreatePalette
0x55b09c CreateDIBitmap
0x55b0a0 DeleteObject
0x55b0a4 SelectClipRgn
0x55b0a8 CreatePolygonRgn
0x55b0ac SetStretchBltMode
0x55b0b4 SetBkColor
0x55b0b8 CreateFontA
0x55b0c0 LineTo
0x55b0c4 MoveToEx
0x55b0c8 ExcludeClipRect
0x55b0cc GetClipBox
0x55b0d0 ScaleWindowExtEx
0x55b0d4 SetWindowExtEx
0x55b0d8 GetViewportExtEx
0x55b0dc PtVisible
0x55b0e0 RectVisible
0x55b0e4 TextOutA
0x55b0e8 ExtTextOutA
0x55b0ec Escape
0x55b0f0 GetTextMetricsA
0x55b0f4 GetMapMode
0x55b0f8 CreateCompatibleDC
0x55b0fc GetPixel
0x55b100 BitBlt
0x55b104 StartPage
0x55b108 StartDocA
0x55b10c DeleteDC
0x55b110 EndDoc
0x55b114 EndPage
0x55b118 GetObjectA
0x55b11c GetStockObject
0x55b120 CreateFontIndirectA
0x55b124 CreateSolidBrush
0x55b128 FillRgn
0x55b12c CreateRectRgn
0x55b130 CombineRgn
0x55b134 PatBlt
0x55b138 SetWindowOrgEx
0x55b13c ScaleViewportExtEx
0x55b140 SetViewportExtEx
0x55b144 OffsetViewportOrgEx
0x55b148 SetViewportOrgEx
0x55b14c SetMapMode
0x55b150 SetTextColor
0x55b154 CreatePen
0x55b158 SelectObject
0x55b15c CreateBitmap
0x55b160 CreateDCA
0x55b168 GetPolyFillMode
0x55b16c GetStretchBltMode
0x55b170 GetROP2
0x55b174 GetBkColor
0x55b178 GetBkMode
0x55b17c GetTextColor
0x55b180 CreateRoundRectRgn
0x55b184 CreateEllipticRgn
0x55b188 PathToRegion
0x55b18c EndPath
0x55b190 BeginPath
0x55b194 GetWindowOrgEx
0x55b198 GetViewportOrgEx
0x55b19c GetWindowExtEx
0x55b1a0 GetClipRgn
0x55b1a4 SetROP2
0x55b1a8 SetPolyFillMode
0x55b1ac SetBkMode
0x55b1b0 RestoreDC
0x55b1b4 SaveDC
0x55b1b8 GetDIBits
库: WINSPOOL.DRV:
0x55b7fc DocumentPropertiesA
0x55b800 OpenPrinterA
0x55b804 ClosePrinter
库: ADVAPI32.dll:
0x55b000 RegQueryValueExA
0x55b004 RegOpenKeyExA
0x55b008 RegSetValueExA
0x55b00c RegCreateKeyA
0x55b010 RegQueryValueA
0x55b014 OpenProcessToken
0x55b020 RegCreateKeyExA
0x55b024 RegCloseKey
库: SHELL32.dll:
0x55b4a4 SHEmptyRecycleBinA
0x55b4a8 ShellExecuteA
0x55b4ac Shell_NotifyIconA
0x55b4b0 DragAcceptFiles
0x55b4b4 DragFinish
0x55b4b8 DragQueryFileA
库: ole32.dll:
0x55b868 CoRevokeClassObject
0x55b86c OleFlushClipboard
0x55b874 CLSIDFromProgID
0x55b880 CoGetClassObject
0x55b884 CoDisconnectObject
0x55b888 OleRun
0x55b88c CoCreateInstance
0x55b890 CLSIDFromString
0x55b894 OleUninitialize
0x55b898 OleInitialize
0x55b89c CoTaskMemFree
0x55b8a0 CoTaskMemAlloc
库: OLEAUT32.dll:
0x55b430 VariantChangeType
0x55b434 VariantClear
0x55b438 VariantCopy
0x55b43c SafeArrayGetUBound
0x55b444 SysStringLen
0x55b448 SysAllocStringLen
0x55b454 SafeArrayGetLBound
0x55b458 SafeArrayAccessData
0x55b45c SafeArrayGetElement
0x55b460 VariantCopyInd
0x55b464 VariantInit
0x55b468 SysAllocString
0x55b46c SafeArrayCreate
0x55b470 SafeArrayGetDim
0x55b474 SysFreeString
0x55b478 UnRegisterTypeLib
0x55b480 LoadTypeLib
0x55b484 LHashValOfNameSys
0x55b488 RegisterTypeLib
库: COMCTL32.dll:
0x55b02c ImageList_Add
0x55b030 ImageList_BeginDrag
0x55b034 ImageList_Create
0x55b038 ImageList_Destroy
0x55b03c ImageList_DragEnter
0x55b040 ImageList_DragLeave
0x55b044 ImageList_DragMove
0x55b04c ImageList_EndDrag
0x55b050 None
0x55b054 ImageList_GetIcon
0x55b058 ImageList_Read
0x55b05c ImageList_Duplicate
库: oledlg.dll:
0x55b8a8 None
库: WININET.dll:
0x55b780 InternetCrackUrlA
0x55b784 HttpOpenRequestA
0x55b788 HttpSendRequestA
0x55b78c HttpQueryInfoA
0x55b790 InternetConnectA
0x55b794 InternetSetOptionA
0x55b798 InternetOpenA
0x55b79c InternetCloseHandle
0x55b7a8 DeleteUrlCacheEntry
0x55b7ac InternetReadFile
库: comdlg32.dll:
0x55b844 ChooseFontA
0x55b848 GetFileTitleA
0x55b84c GetSaveFileNameA
0x55b850 GetOpenFileNameA
0x55b854 ChooseColorA

UnPackEr
LoveBoom
SEBEGN
SEENDP
VWPh|
VWQPh(
WVRQSUj
没有防病毒引擎扫描信息!

进程树


________________________V15.5.exe, PID: 2328, 上一级进程 PID: 2172

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49173 101.227.102.169 fs.img4399.com 80
192.168.122.201 49161 101.227.98.71 my.4399.com 80
192.168.122.201 49175 101.227.98.71 my.4399.com 80
192.168.122.201 49180 101.227.98.71 my.4399.com 80
192.168.122.201 49186 101.227.98.71 my.4399.com 80
192.168.122.201 49195 106.11.251.20 cnzz.mmstat.com 443
192.168.122.201 49196 106.11.251.20 cnzz.mmstat.com 443
192.168.122.201 49192 106.11.84.7 z5.cnzz.com 443
192.168.122.201 49194 106.11.84.7 z5.cnzz.com 443
192.168.122.201 49182 106.120.159.126 hm.baidu.com 443
192.168.122.201 49183 106.120.159.126 hm.baidu.com 443
192.168.122.201 49184 106.120.159.126 hm.baidu.com 443
192.168.122.201 49185 106.120.159.126 hm.baidu.com 443
192.168.122.201 49197 122.224.186.209 tj.img4399.com 443
192.168.122.201 49162 154.221.16.135 asdata.ui10.net 80
192.168.122.201 49163 154.221.16.135 asdata.ui10.net 80
192.168.122.201 49187 154.221.16.135 asdata.ui10.net 80
192.168.122.201 49164 183.131.168.6 ptlogin.3304399.net 80
192.168.122.201 49168 183.131.168.6 ptlogin.3304399.net 80
192.168.122.201 49176 183.131.168.6 ptlogin.3304399.net 80
192.168.122.201 49165 218.1.70.80 my.4399.com 80
192.168.122.201 49166 218.1.70.80 my.4399.com 80
192.168.122.201 49167 218.1.70.80 my.4399.com 80
192.168.122.201 49169 218.1.70.80 my.4399.com 80
192.168.122.201 49170 218.1.70.80 my.4399.com 80
192.168.122.201 49171 218.1.70.80 my.4399.com 80
192.168.122.201 49172 218.1.70.80 my.4399.com 80
192.168.122.201 49189 218.94.207.228 s19.cnzz.com 443
192.168.122.201 49191 218.94.207.228 s19.cnzz.com 443
192.168.122.201 49193 218.94.207.228 s19.cnzz.com 443
192.168.122.201 49160 23.198.99.176 acroipm.adobe.com 80
192.168.122.201 49188 42.62.52.249 gprp.4399api.net 80
192.168.122.201 49181 49.232.78.158 mygame.5054399.com 80
192.168.122.201 49190 58.215.157.250 s19.cnzz.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 54135 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60220 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 60919 192.168.122.1 53
192.168.122.201 61329 192.168.122.1 53
192.168.122.201 64363 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53
192.168.122.201 65259 192.168.122.1 53
192.168.122.201 65529 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com A 23.198.99.176
CNAME acroipm.adobe.com.edgesuite.net
CNAME a1983.dscd.akamai.net
A 23.198.99.183
asdata.ui10.net 未知 A 154.221.16.135
my.4399.com A 101.227.98.71
CNAME my.4399.com.lxdns.com
CNAME my.4399api.net
A 218.1.70.80
s1.img4399.com CNAME s1.img4399.com.wscdns.com
ptlogin.3304399.net A 101.227.98.111
A 183.131.168.6
CNAME ptlogin.3304399.net.lxdns.com
fs.img4399.com CNAME fs.img4399.com.lxdns.com
A 101.227.102.169
mygame.5054399.com A 49.232.78.158
hm.baidu.com CNAME hm.e.shifen.com
A 106.120.159.126
4399stat.5054399.com 未知 CNAME 4399stat.5054399.com.lxdns.com
tj.img4399.com CNAME tj.img4399.com.lxdns.com
A 122.224.186.209
s23.cnzz.com
s19.cnzz.com A 58.215.157.250
CNAME all.cnzz.com.danuoyi.tbcache.com
A 218.94.207.228
CNAME c.cnzz.com
gprp.4399api.net A 42.62.52.249
z5.cnzz.com A 106.11.84.7
CNAME z.cnzz.com
CNAME z.gds.cnzz.com
c.cnzz.com
cnzz.mmstat.com CNAME gm.gds.mmstat.com
CNAME gm.mmstat.com
A 106.11.251.20
z8.cnzz.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49173 101.227.102.169 fs.img4399.com 80
192.168.122.201 49161 101.227.98.71 my.4399.com 80
192.168.122.201 49175 101.227.98.71 my.4399.com 80
192.168.122.201 49180 101.227.98.71 my.4399.com 80
192.168.122.201 49186 101.227.98.71 my.4399.com 80
192.168.122.201 49195 106.11.251.20 cnzz.mmstat.com 443
192.168.122.201 49196 106.11.251.20 cnzz.mmstat.com 443
192.168.122.201 49192 106.11.84.7 z5.cnzz.com 443
192.168.122.201 49194 106.11.84.7 z5.cnzz.com 443
192.168.122.201 49182 106.120.159.126 hm.baidu.com 443
192.168.122.201 49183 106.120.159.126 hm.baidu.com 443
192.168.122.201 49184 106.120.159.126 hm.baidu.com 443
192.168.122.201 49185 106.120.159.126 hm.baidu.com 443
192.168.122.201 49197 122.224.186.209 tj.img4399.com 443
192.168.122.201 49162 154.221.16.135 asdata.ui10.net 80
192.168.122.201 49163 154.221.16.135 asdata.ui10.net 80
192.168.122.201 49187 154.221.16.135 asdata.ui10.net 80
192.168.122.201 49164 183.131.168.6 ptlogin.3304399.net 80
192.168.122.201 49168 183.131.168.6 ptlogin.3304399.net 80
192.168.122.201 49176 183.131.168.6 ptlogin.3304399.net 80
192.168.122.201 49165 218.1.70.80 my.4399.com 80
192.168.122.201 49166 218.1.70.80 my.4399.com 80
192.168.122.201 49167 218.1.70.80 my.4399.com 80
192.168.122.201 49169 218.1.70.80 my.4399.com 80
192.168.122.201 49170 218.1.70.80 my.4399.com 80
192.168.122.201 49171 218.1.70.80 my.4399.com 80
192.168.122.201 49172 218.1.70.80 my.4399.com 80
192.168.122.201 49189 218.94.207.228 s19.cnzz.com 443
192.168.122.201 49191 218.94.207.228 s19.cnzz.com 443
192.168.122.201 49193 218.94.207.228 s19.cnzz.com 443
192.168.122.201 49160 23.198.99.176 acroipm.adobe.com 80
192.168.122.201 49188 42.62.52.249 gprp.4399api.net 80
192.168.122.201 49181 49.232.78.158 mygame.5054399.com 80
192.168.122.201 49190 58.215.157.250 s19.cnzz.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 54135 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60220 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 60919 192.168.122.1 53
192.168.122.201 61329 192.168.122.1 53
192.168.122.201 64363 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53
192.168.122.201 65259 192.168.122.1 53
192.168.122.201 65529 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://my.4399.com/yxssjj/?from=news&newsrefer=
GET /yxssjj/?from=news&newsrefer= HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: my.4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://asdata.ui10.net/asjjdata/gonggao/zxgg.html
GET /asjjdata/gonggao/zxgg.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: asdata.ui10.net
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/base/js/jquery.min.1.7.2.js?eba9b9c
GET /base/js/jquery.min.1.7.2.js?eba9b9c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/base/css/KS.css?eba9b9c
GET /base/css/KS.css?eba9b9c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/css/base.css?v=2
GET /resource/css/base.css?v=2 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ptlogin.3304399.net
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/base/css/ptunlogin.css
GET /base/css/ptunlogin.css HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/webgame/home/js/init/PageWebTools.js?67a898c
GET /webgame/home/js/init/PageWebTools.js?67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=67a898c
GET /merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/webgame/home/css/wg_downline.css?67a898c
GET /webgame/home/css/wg_downline.css?67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/base/css/KS.css?eba9b9c
GET /base/css/KS.css?eba9b9c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 20 Nov 2012 02:13:11 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/base/css/ue_common.css?eba9b9c
GET /base/css/ue_common.css?eba9b9c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/css/base.css?v=2
GET /resource/css/base.css?v=2 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 19 Jun 2020 13:56:56 GMT
If-None-Match: "5eecc428-d624"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ptlogin.3304399.net
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/base/css/ptunlogin.css
GET /base/css/ptunlogin.css HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 26 May 2017 09:09:34 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fhome%2Fcss%2Fglobal_server%2Cglobal_oserver%2Cglobal_footer%2Cglobal_sprite%3Bwebgame%2Fssjj%2Fnews%2Fcss%2Fptlogin%3Bwebgame%2Fhome%2Ffcm%2Fgame%2FwebFcmStyle.css&v=67a898c
GET /merge/?file=webgame%2Fhome%2Fcss%2Fglobal_server%2Cglobal_oserver%2Cglobal_footer%2Cglobal_sprite%3Bwebgame%2Fssjj%2Fnews%2Fcss%2Fptlogin%3Bwebgame%2Fhome%2Ffcm%2Fgame%2FwebFcmStyle.css&v=67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/body_bg.png?67a898c
GET /webgame/ssjj/news/images/body_bg.png?67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=67a898c
GET /merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
If-Modified-Since: Sun, 28 Jun 2020 16:21:26 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/base/images/global/global_ftop.png
GET /base/images/global/global_ftop.png HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/full_bg_01.jpg?67a898c
GET /webgame/ssjj/news/images/full_bg_01.jpg?67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/full_bg_02.jpg?67a898c
GET /webgame/ssjj/news/images/full_bg_02.jpg?67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/full_bg_03.jpg?67a898c
GET /webgame/ssjj/news/images/full_bg_03.jpg?67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://fs.img4399.com/images~2020/09/25/14_OdjA_DAauO.807x56.jpg
GET /images~2020/09/25/14_OdjA_DAauO.807x56.jpg HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: fs.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/webgame/ssjj/news/images/out_face_bg.png?67a898c
GET /webgame/ssjj/news/images/out_face_bg.png?67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/webgame/home/css/wg_downline.css?67a898c
GET /webgame/home/css/wg_downline.css?67a898c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 23 Sep 2020 03:48:49 GMT
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/ucenter.js?v=191225
GET /resource/ucenter.js?v=191225 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ptlogin.3304399.net
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/r/tj/heatmap.js
GET /r/tj/heatmap.js HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s1.img4399.com/base/tj/tj.js?v170104&eba9b9c
GET /base/tj/tj.js?v170104&eba9b9c HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://mygame.5054399.com/js/stat.js
GET /js/stat.js HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: mygame.5054399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/cs.txt
GET //asjjdata/cs.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache

URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/gonggao/gglx.txt
GET //asjjdata/gonggao/gglx.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache

URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/banben.txt
GET //asjjdata/banben.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache

URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/zdbanben.txt
GET //asjjdata/zdbanben.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache

URL专业沙箱检测 -> http://4399stat.5054399.com/js/click.js
GET /js/click.js HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 4399stat.5054399.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/tj.html?V15.5
GET //asjjdata/tj.html?V15.5 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: asdata.ui10.net
Connection: Keep-Alive

URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/gxdz.txt
GET //asjjdata/gxdz.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache

URL专业沙箱检测 -> http://gprp.4399api.net/s?uid=&vid=15906983391826035&m=&f=&c=&t=1590698339182&v=1
GET /s?uid=&vid=15906983391826035&m=&f=&c=&t=1590698339182&v=1 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: gprp.4399api.net
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2020-09-25 20:42:30.425616+0800 192.168.122.201 49187 154.221.16.135 80 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation
2020-09-25 20:42:30.184330+0800 192.168.122.201 49163 154.221.16.135 80 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-09-25 20:42:29.353998+0800 192.168.122.201 49183 106.120.159.126 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-09-25 20:42:29.354957+0800 192.168.122.201 49182 106.120.159.126 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-09-25 20:42:30.441881+0800 192.168.122.201 49190 58.215.157.250 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8
2020-09-25 20:42:30.581235+0800 192.168.122.201 49191 218.94.207.228 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8
2020-09-25 20:42:30.608077+0800 192.168.122.201 49192 106.11.84.7 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8
2020-09-25 20:42:30.680299+0800 192.168.122.201 49193 218.94.207.228 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8
2020-09-25 20:42:30.691488+0800 192.168.122.201 49195 106.11.251.20 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.mmstat.com 1c:32:2c:16:1b:08:b7:c6:0a:0e:fd:4e:76:f6:1a:cf:d3:05:e6:d1
2020-09-25 20:42:30.697384+0800 192.168.122.201 49194 106.11.84.7 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8
2020-09-25 20:42:30.439127+0800 192.168.122.201 49189 218.94.207.228 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 9c:2b:8f:7e:cb:08:54:ed:74:b2:2a:d8:eb:ff:2b:f2:44:c3:a2:f8
2020-09-25 20:42:30.763288+0800 192.168.122.201 49196 106.11.251.20 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.mmstat.com 1c:32:2c:16:1b:08:b7:c6:0a:0e:fd:4e:76:f6:1a:cf:d3:05:e6:d1
2020-09-25 20:42:31.710218+0800 192.168.122.201 49197 122.224.186.209 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert CN RSA CA G1 C=CN, ST=福建省, L=厦门市, O=网宿科技股份有限公司厦门分公司, OU=IT, CN=www.chinanetcenter.com 80:92:4b:c8:03:14:6f:4c:ab:88:7c:c0:9c:a6:0d:68:80:85:20:10

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 36.094 seconds )

  • 11.33 NetworkAnalysis
  • 10.512 Suricata
  • 5.767 BehaviorAnalysis
  • 4.822 Static
  • 1.785 TargetInfo
  • 1.536 VirusTotal
  • 0.301 peid
  • 0.017 config_decoder
  • 0.012 Strings
  • 0.01 AnalysisInfo
  • 0.002 Memory

Signatures ( 76.748 seconds )

  • 72.341 network_http
  • 2.07 md_url_bl
  • 0.334 api_spamming
  • 0.263 stealth_decoy_document
  • 0.261 stealth_timeout
  • 0.132 antiav_detectreg
  • 0.11 infostealer_browser
  • 0.108 reads_self
  • 0.08 mimics_filetime
  • 0.077 stealth_file
  • 0.059 antidbg_windows
  • 0.052 bootkit
  • 0.051 infostealer_ftp
  • 0.05 infostealer_browser_password
  • 0.044 ipc_namedpipe
  • 0.035 md_domain_bl
  • 0.031 antivm_generic_scsi
  • 0.03 infostealer_im
  • 0.029 antianalysis_detectreg
  • 0.026 virus
  • 0.022 antivm_generic_disk
  • 0.021 dridex_behavior
  • 0.021 maldun_anomaly_massive_file_ops
  • 0.021 antivm_generic_services
  • 0.02 anormaly_invoke_kills
  • 0.019 heapspray_js
  • 0.019 antiav_detectfile
  • 0.017 stealth_network
  • 0.017 infostealer_mail
  • 0.013 virtualcheck_js
  • 0.013 kovter_behavior
  • 0.013 infostealer_bitcoin
  • 0.012 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.012 antivm_vbox_window
  • 0.011 antiemu_wine_func
  • 0.01 antivm_vbox_libs
  • 0.01 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.01 geodo_banking_trojan
  • 0.009 hancitor_behavior
  • 0.008 sets_autoconfig_url
  • 0.008 kibex_behavior
  • 0.008 antisandbox_script_timer
  • 0.008 antivm_vbox_files
  • 0.008 ransomware_extensions
  • 0.007 ransomware_message
  • 0.007 betabot_behavior
  • 0.007 anomaly_persistence_autorun
  • 0.007 shifu_behavior
  • 0.007 dead_connect
  • 0.007 antivm_xen_keys
  • 0.007 ransomware_files
  • 0.006 hawkeye_behavior
  • 0.006 securityxploded_modules
  • 0.006 antivm_parallels_keys
  • 0.006 darkcomet_regkeys
  • 0.005 clickfraud_cookies
  • 0.005 ransomeware_modifies_desktop_wallpaper
  • 0.005 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.005 exec_crash
  • 0.004 antiav_avast_libs
  • 0.004 disables_spdy
  • 0.004 rat_luminosity
  • 0.004 injection_createremotethread
  • 0.004 kazybot_behavior
  • 0.004 antisandbox_sunbelt_libs
  • 0.004 java_js
  • 0.004 disables_wfp
  • 0.004 silverlight_js
  • 0.004 antivm_generic_diskreg
  • 0.004 recon_fingerprint
  • 0.003 office_dl_write_exe
  • 0.003 network_anomaly
  • 0.003 antivm_vmware_libs
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 js_phish
  • 0.003 antidbg_devices
  • 0.003 disables_browser_warn
  • 0.003 network_torgateway
  • 0.003 rat_pcclient
  • 0.002 tinba_behavior
  • 0.002 internet_dropper
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 office_write_exe
  • 0.002 kelihos_behavior
  • 0.002 network_execute_http
  • 0.002 cerber_behavior
  • 0.002 injection_runpe
  • 0.002 bypass_firewall
  • 0.002 antisandbox_productid
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 maldun_anomaly_invoke_vb_vba
  • 0.002 network_cnc_http
  • 0.002 packer_armadillo_regkey
  • 0.001 browser_scanbox
  • 0.001 network_document_http
  • 0.001 injection_explorer
  • 0.001 dyre_behavior
  • 0.001 ispy_behavior
  • 0.001 h1n1_behavior
  • 0.001 js_suspicious_redirect
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 md_bad_drop
  • 0.001 maldun_network_blacklist
  • 0.001 recon_programs
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.674 seconds )

  • 0.572 ReportHTMLSummary
  • 0.102 Malheur
Task ID 577689
Mongo ID 5f6de6977e769a53d2c22724
Cuckoo release 1.4-Maldun