分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2020-10-27 20:04:46 | 2020-10-27 20:07:03 | 137 秒 |
文件名 | CCleaner Professional v5.46.6652.zip ==> CCleaner.exe |
---|---|
文件大小 | 13797712 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 7218480ce5f9bc51d88e3d6dda49c0ff |
SHA1 | b297348fb1c6b0969317c712ebc90960d6a52428 |
SHA256 | 9081dfc8f89b2d1c11b7980b2b62585a71ced37d19e16bb7067b448e576a2e42 |
SHA512 | fbda05f43687e65bc1855f88511b129ecfe61d0ca4c54204811c393e728d83c04e9a1416c26532e1f3d4b3b1b636b7821613727bee9cdfa1e43ca6e95b1490f5 |
CRC32 | A961A380 |
Ssdeep | 196608:iTdq1L0bgnlgfR6W0XKpVdWeyrqNlGkA9cfSB+:iTA1L0slggrCByrqNa+5 |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 151.101.110.109 license.piriform.com | 443 |
192.168.122.201 | 49159 | 23.218.94.163 acroipm.adobe.com | 80 |
192.168.122.201 | 49163 | 5.62.53.212 analytics.ff.avast.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 151.101.110.109 license.piriform.com | 443 |
192.168.122.201 | 49159 | 23.218.94.163 acroipm.adobe.com | 80 |
192.168.122.201 | 49163 | 5.62.53.212 analytics.ff.avast.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2020-10-27 20:05:16.665348+0800 | 192.168.122.201 | 49164 | 151.101.110.109 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3 | C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f3.shared.global.fastly.net | c8:69:64:4e:52:7e:24:65:ee:27:d9:a5:a2:1b:c2:e2:0e:ff:25:f9 |
2020-10-27 20:05:16.607230+0800 | 192.168.122.201 | 49163 | 5.62.53.212 | 443 | TLS 1.1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | C=GB, L=London, O=Avast plc, OU=Certificates, CN=*.avast.com | 65:eb:5b:5a:f7:6b:81:c9:fa:53:ee:77:76:12:95:6b:c5:7c:0f:fa |
No Suricata HTTP
文件名 | CCleaner.exe |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\zip-tmp\CCleaner Professional v5.46.6652\CCleaner.exe
|
文件大小 | 13797712 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 7218480ce5f9bc51d88e3d6dda49c0ff |
SHA1 | b297348fb1c6b0969317c712ebc90960d6a52428 |
SHA256 | 9081dfc8f89b2d1c11b7980b2b62585a71ced37d19e16bb7067b448e576a2e42 |
CRC32 | A961A380 |
Ssdeep | 196608:iTdq1L0bgnlgfR6W0XKpVdWeyrqNlGkA9cfSB+:iTA1L0slggrCByrqNa+5 |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 583404 |
---|---|
Mongo ID | 5f980da07e769a0a8f08ee36 |
Cuckoo release | 1.4-Maldun |