比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-10-27 16:15:06 2020-10-27 16:17:23 137 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 1212.rar ==> War3Edit.exe
文件大小 4269568 字节
文件类型 PE32 executable (console) Intel 80386, for MS Windows
MD5 04a6aeeb73e4e8c17014d2686b29efe1
SHA1 49ad597edfd7ce6c2687e0f376fe6d09af3abb93
SHA256 8fc90ed4ebc298a4e20332eea71de5987940c448556ef670e85dc596b2c0370f
SHA512 3ff11791ca399d38e88fa3459696a6dbe0a67deecee11d1d0f2fe8a2f54ff6647485fdcce33fe8291ad99c635204cbd3fcdcfffff4a312882cf251d481064c9e
CRC32 FB005446
Ssdeep 98304:W2z65h0Slr40E9ciS+4VoGtvVRIinVqpX3Gmf:ZSlr4rciS+AFvVRIwuXPf
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME a1983.dscd.akamai.net
CNAME acroipm.adobe.com.edgesuite.net
A 23.59.188.114
A 23.59.188.113
w.eydata.net A 117.24.14.105
A 180.188.18.9
watson.microsoft.com A 104.42.151.234
CNAME legacy.umwatsonrouting.trafficmanager.net
CNAME skypedataprdcolwus16.cloudapp.net

摘要

登录查看详细行为信息
没有信息显示.
B@0S$
sZVPh
qL@LQ
'~D0?
J*'.[
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav HW32.Packed. 20190318
MicroWorld-eScan Gen:Trojan.Heur.FU.@tW@aug70ufb 20190319
CMC 未发现病毒 20190318
CAT-QuickHeal Trojan.Agent 20190318
McAfee GenericRXGQ-YC!04A6AEEB73E4 20190319
Malwarebytes 未发现病毒 20190319
Zillya 未发现病毒 20190318
AegisLab 未发现病毒 20190318
TheHacker 未发现病毒 20190315
BitDefender Gen:Trojan.Heur.FU.@tW@aug70ufb 20190319
K7GW Adware ( 005070c51 ) 20190315
K7AntiVirus Adware ( 005070c51 ) 20190318
Baidu 未发现病毒 20190318
Babable 未发现病毒 20180918
Cyren W32/Trojan.IQYH-3637 20190319
ESET-NOD32 a variant of Win32/Packed.BlackMoon.A potentially unwanted 20190319
TrendMicro-HouseCall TROJ_GEN.R005C0PCF19 20190319
Avast Win32:Malware-gen 20190318
ClamAV 未发现病毒 20190318
Kaspersky UDS:DangerousObject.Multi.Generic 20190319
Alibaba 未发现病毒 20190306
NANO-Antivirus 未发现病毒 20190319
ViRobot Trojan.Win32.Z.Packed.4269568 20190318
Rising Trojan.Tiggre!8.ED98 (CLOUD) 20190319
Ad-Aware Gen:Trojan.Heur.FU.@tW@aug70ufb 20190319
Trustlook 未发现病毒 20190319
Sophos Generic PUA OM (PUA) 20190319
Comodo TrojWare.Win32.Kryptik.ARSN@4t6mxs 20190319
F-Secure 未发现病毒 20190319
DrWeb 未发现病毒 20190319
VIPRE 未发现病毒 20190319
Invincea heuristic 20190313
McAfee-GW-Edition BehavesLike.Win32.Generic.rc 20190318
Trapmine malicious.high.ml.score 20190301
Emsisoft Gen:Trojan.Heur.FU.@tW@aug70ufb (B) 20190319
SentinelOne DFI - Suspicious PE 20190317
GData Gen:Trojan.Heur.FU.@tW@aug70ufb 20190319
Jiangmin 未发现病毒 20190319
Avira 未发现病毒 20190318
MAX malware (ai score=99) 20190319
Antiy-AVL Trojan[Packed]/Win32.Blackmoon 20190319
Kingsoft 未发现病毒 20190319
Microsoft Trojan:Win32/Tiggre!rfn 20190319
Endgame malicious (high confidence) 20190215
Arcabit Trojan.Heur.FU.EB78A0 20190319
SUPERAntiSpyware 未发现病毒 20190314
AhnLab-V3 未发现病毒 20190319
ZoneAlarm UDS:DangerousObject.Multi.Generic 20190319
Avast-Mobile 未发现病毒 20190318
TotalDefense 未发现病毒 20190318
Acronis suspicious 20190318
VBA32 BScope.Trojan.Downloader 20190318
ALYac 未发现病毒 20190319
TACHYON 未发现病毒 20190319
Panda Trj/GdSda.A 20190318
Zoner 未发现病毒 20190318
Tencent 未发现病毒 20190319
Yandex Riskware.BlackMoon! 20190318
Ikarus 未发现病毒 20190318
eGambit Unsafe.AI_Score_91% 20190319
Fortinet W32/Injector.BBYK!tr 20190319
AVG Win32:Malware-gen 20190318
Cybereason malicious.b73e4e 20190109
Paloalto generic.ml 20190319
CrowdStrike win/malicious_confidence_90% (W) 20190212
Qihoo-360 未发现病毒 20190319

进程树

cmd.exe, PID: 2712, 上一级进程 PID: 2264
War3Edit.exe, PID: 2844, 上一级进程 PID: 2712
ini.cg, PID: 2932, 上一级进程 PID: 2844
ini.cg, PID: 1332, 上一级进程 PID: 2844
cmd.exe, PID: 2464, 上一级进程 PID: 1332
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 117.24.14.105 w.eydata.net 80
192.168.122.201 49164 117.24.14.105 w.eydata.net 80
192.168.122.201 49167 117.24.14.105 w.eydata.net 80
192.168.122.201 49168 117.24.14.105 w.eydata.net 80
192.168.122.201 49158 23.59.188.113 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME a1983.dscd.akamai.net
CNAME acroipm.adobe.com.edgesuite.net
A 23.59.188.114
A 23.59.188.113
w.eydata.net A 117.24.14.105
A 180.188.18.9
watson.microsoft.com A 104.42.151.234
CNAME legacy.umwatsonrouting.trafficmanager.net
CNAME skypedataprdcolwus16.cloudapp.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 117.24.14.105 w.eydata.net 80
192.168.122.201 49164 117.24.14.105 w.eydata.net 80
192.168.122.201 49167 117.24.14.105 w.eydata.net 80
192.168.122.201 49168 117.24.14.105 w.eydata.net 80
192.168.122.201 49158 23.59.188.113 acroipm.adobe.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://w.eydata.net/ 
GET / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: w.eydata.net
URL专业沙箱检测 -> http://w.eydata.net/98039776530cf506 
POST /98039776530cf506 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: w.eydata.net
Content-Length: 7
Cache-Control: no-cache

ver=1.0
URL专业沙箱检测 -> http://w.eydata.net/98529ec3e5a5dad8 
POST /98529ec3e5a5dad8 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: w.eydata.net
Content-Length: 0
Cache-Control: no-cache
URL专业沙箱检测 -> http://w.eydata.net/9e8236ac98f4fb46 
POST /9e8236ac98f4fb46 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: w.eydata.net
Content-Length: 21
Cache-Control: no-cache

StatusCode=&UserName=
URL专业沙箱检测 -> http://w.eydata.net/17112dbe9584bbd0 
POST /17112dbe9584bbd0 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: w.eydata.net
Content-Length: 67
Cache-Control: no-cache

UserName=&UserPwd=&Version=1.0&Mac=AC5381C9304FC469DC9C9DA578A97012
URL专业沙箱检测 -> http://w.eydata.net/e43fb3d5cc338666 
POST /e43fb3d5cc338666 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: w.eydata.net
Content-Length: 9
Cache-Control: no-cache

UserName=
URL专业沙箱检测 -> http://w.eydata.net/d94d988aad6f61a4 
POST /d94d988aad6f61a4 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: w.eydata.net
Content-Length: 25
Cache-Control: no-cache

StatusCode=-101&UserName=
URL专业沙箱检测 -> http://w.eydata.net/9e8236ac98f4fb46 
POST /9e8236ac98f4fb46 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: w.eydata.net
Content-Length: 25
Cache-Control: no-cache

StatusCode=-101&UserName=

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2020-10-27 16:15:36.339364+0800 192.168.122.201 49164 117.24.14.105 80 TCP 2012888 ET POLICY Http Client Body contains pwd= in cleartext Potential Corporate Privacy Violation
2020-10-27 16:15:40.468277+0800 192.168.122.201 49168 117.24.14.105 80 TCP 2012888 ET POLICY Http Client Body contains pwd= in cleartext Potential Corporate Privacy Violation

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 War3Edit.exe
相关文件
C:\Users\test\AppData\Local\Temp\rar-tmp\War3Edit.exe
文件大小 4269568 字节
文件类型 PE32 executable (console) Intel 80386, for MS Windows
MD5 04a6aeeb73e4e8c17014d2686b29efe1
SHA1 49ad597edfd7ce6c2687e0f376fe6d09af3abb93
SHA256 8fc90ed4ebc298a4e20332eea71de5987940c448556ef670e85dc596b2c0370f
CRC32 FB005446
Ssdeep 98304:W2z65h0Slr40E9ciS+4VoGtvVRIinVqpX3Gmf:ZSlr4rciS+AFvVRIwuXPf
魔盾安全分析结果 10.0分析时间:2019-04-06 21:31:09查看分析报告
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 25.456 seconds )

  • 11.775 BehaviorAnalysis
  • 10.753 Suricata
  • 1.637 NetworkAnalysis
  • 0.91 TargetInfo
  • 0.188 VirusTotal
  • 0.167 Dropped
  • 0.013 Strings
  • 0.011 AnalysisInfo
  • 0.002 Memory

Signatures ( 59.014 seconds )

  • 50.157 network_http
  • 2.537 antidbg_windows
  • 1.522 md_url_bl
  • 0.809 api_spamming
  • 0.781 antivm_vbox_window
  • 0.671 browser_needed
  • 0.627 antisandbox_script_timer
  • 0.59 stealth_decoy_document
  • 0.579 stealth_timeout
  • 0.453 injection_explorer
  • 0.023 kovter_behavior
  • 0.022 antiemu_wine_func
  • 0.021 antiav_detectreg
  • 0.019 infostealer_browser_password
  • 0.014 antivm_vbox_libs
  • 0.013 md_domain_bl
  • 0.01 injection_createremotethread
  • 0.009 infostealer_ftp
  • 0.008 exec_crash
  • 0.007 process_interest
  • 0.006 antisandbox_sunbelt_libs
  • 0.006 antiav_detectfile
  • 0.005 antiav_avast_libs
  • 0.005 mimics_filetime
  • 0.005 anomaly_persistence_autorun
  • 0.005 vawtrak_behavior
  • 0.005 injection_runpe
  • 0.005 infostealer_im
  • 0.004 antivm_vmware_libs
  • 0.004 maldun_anomaly_massive_file_ops
  • 0.004 reads_self
  • 0.004 antisandbox_sboxie_libs
  • 0.004 antiav_bitdefender_libs
  • 0.004 antianalysis_detectreg
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 bootkit
  • 0.003 stealth_file
  • 0.003 antivm_generic_disk
  • 0.003 virus
  • 0.003 process_needed
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 stack_pivot
  • 0.002 dep_bypass
  • 0.002 dridex_behavior
  • 0.002 antivm_generic_scsi
  • 0.002 hancitor_behavior
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 infostealer_browser
  • 0.001 antivm_generic_services
  • 0.001 stealth_network
  • 0.001 betabot_behavior
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 dyre_behavior
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 anormaly_invoke_kills
  • 0.001 cerber_behavior
  • 0.001 bypass_firewall
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_xen_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.663 seconds )

  • 0.499 ReportHTMLSummary
  • 0.164 Malheur
Task ID 583393
Mongo ID 5f97d8057e769a0a8e08e61b
Cuckoo release 1.4-Maldun