比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-2 2020-11-01 21:12:42 2020-11-01 21:14:32 110 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 MyWeChat.exe
文件大小 3870720 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 573baaeba48b64677a54ff5fb14278a8
SHA1 22429a67028698eed4b21c01eff100d8b0a0da95
SHA256 d29fd26b85c6319f3e57194b3bcd16bba98e759b2f296d51e6e46f74e7a4db9c
SHA512 bc690f2f3a3eeccc05b84ef7093d5010cca966effd911a1c69fd26892d67e3ba2818bbd1a3c734146669271e244fe33f8d033d1bfa49c0c7a8808f0365fa1933
CRC32 11C50EF9
Ssdeep 49152:8xVJQtoHwl2H9I4ouVwXSLpec9odbirsV4rvrO9101nLRUjsPjnXcCLfwbOL:i9H9IfuVwXSsbWrtS9aZdKsPbLo6L
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ddos.dnsnb8.net A 162.217.99.134
www.baidu.com CNAME www.a.shifen.com
A 180.101.49.11
A 180.101.49.12
acroipm.adobe.com A 23.202.33.171
CNAME a1983.dscd.akamai.net
CNAME acroipm.adobe.com.edgesuite.net
A 23.202.33.152
share.weiyun.com A 101.89.39.11
img.weiyun.com CNAME img.weiyun.com.cloud.tc.qq.com
CNAME x2sv6.tcdn.qq.com
A 180.153.105.213
CNAME x2sv6mid.tcdn.qq.com
qzonestyle.gtimg.cn A 222.73.132.191
A 101.91.24.81
A 183.60.137.222
A 119.147.227.103
CNAME qzonestyle.gtimg.cn.cloud.tc.qq.com
CNAME qzonestyle.gtimg.cn.x2s.sched.dcloudstc.com
A 42.81.85.191
A 101.91.24.71
A 61.164.140.235
A 182.140.219.95
A 101.91.24.45
A 116.211.184.30
A 117.34.50.60
A 116.211.185.244
A 116.211.185.228
A 101.91.24.75
A 183.2.196.201
thirdqq.qlogo.cn A 180.97.9.16
CNAME q.qlogo.cn
A 180.97.117.21
A 180.97.8.120
A 180.97.9.18
A 180.97.9.112
A 101.91.63.223
A 61.151.183.121
A 101.91.63.222
A 180.97.117.19
ui.ptlogin2.qq.com CNAME xui.ptlogin2.tencent-cloud.com
A 101.89.38.48
user.weiyun.com
h5.qzone.qq.com A 61.129.7.12
wspeed.qq.com A 61.151.206.22
zyjc.sec.qq.com NXDOMAIN

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0080d000
声明校验值 0x00000000
实际校验值 0x003b3a64
最低操作系统版本要求 4.0
编译时间 2020-10-31 14:44:35
载入哈希 9087ecbc4ad3441224843ab0f595320c
图标
图标精确哈希值 b7f5a1cbe6033d319ceea2bf9f741f58
图标相似性哈希值 3c4feba29ee6ffe313e0f0a65f94cfa9

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0016097d 0x00161000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.54
.rdata 0x00162000 0x0020c5e0 0x0020d000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.60
.data 0x0036f000 0x0008a80a 0x0002a000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.31
.rsrc 0x003fa000 0x00012a0c 0x00013000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.74
\xab\xd3\xc1\x07\xa3uh 0x0040d000 0x00005000 0x00005000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 6.04

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x003faeb0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x003faeb0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
TEXTINCLUDE 0x003faeb0 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.25 C source, ASCII text, with CRLF line terminators
WAVE 0x003fb004 0x00001448 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.35 RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
RT_CURSOR 0x003fc9d0 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x003fc9d0 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x003fc9d0 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x003fc9d0 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x003fc9d0 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_CURSOR 0x003fc9d0 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.43 AmigaOS bitmap font
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_BITMAP 0x003fe2c4 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.88 data
RT_ICON 0x00406e80 0x00003975 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00406e80 0x00003975 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00406e80 0x00003975 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00406e80 0x00003975 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00406e80 0x00003975 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00406e80 0x00003975 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00406e80 0x00003975 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON 0x00406e80 0x00003975 LANG_NEUTRAL SUBLANG_NEUTRAL 7.96 PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_MENU 0x0040a804 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_MENU 0x0040a804 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.28 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_DIALOG 0x0040ba4c 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.74 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_STRING 0x0040c494 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.90 data
RT_GROUP_CURSOR 0x0040c508 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0040c508 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0040c508 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0040c508 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR 0x0040c508 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.25 MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON 0x0040c59c 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x0040c59c 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x0040c59c 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x0040c5b0 0x0000028c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.48 DOS executable (COM)
RT_MANIFEST 0x0040c83c 0x000001cd LANG_NEUTRAL SUBLANG_NEUTRAL 5.08 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: WINMM.dll:
0x562780 midiStreamOut
0x562788 midiStreamProperty
0x56278c midiStreamOpen
0x562794 waveOutOpen
0x562798 waveOutGetNumDevs
0x56279c midiStreamStop
0x5627a0 midiOutReset
0x5627a4 midiStreamClose
0x5627a8 midiStreamRestart
0x5627ac waveOutClose
0x5627b0 waveOutReset
0x5627b4 waveOutPause
0x5627b8 waveOutWrite
0x5627c4 PlaySoundA
0x5627c8 waveOutRestart
库: WS2_32.dll:
0x5627e0 gethostbyname
0x5627e4 inet_ntoa
0x5627e8 inet_addr
0x5627ec gethostname
0x5627f0 ioctlsocket
0x5627f4 connect
0x5627f8 WSAStartup
0x5627fc listen
0x562800 getpeername
0x562804 accept
0x562808 __WSAFDIsSet
0x56280c ntohs
0x562810 getsockname
0x562814 ntohl
0x562818 WSACleanup
0x56281c send
0x562820 recvfrom
0x562824 WSAAsyncSelect
0x562828 htons
0x56282c bind
0x562830 htonl
0x562834 socket
0x562838 recv
0x56283c sendto
0x562840 closesocket
0x562844 select
库: VERSION.dll:
0x562744 GetFileVersionInfoA
0x562748 VerQueryValueA
0x56274c VerLanguageNameA
库: MSVFW32.dll:
0x562414 DrawDibDraw
库: AVIFIL32.dll:
0x562020 AVIStreamInfoA
0x562024 AVIStreamGetFrame
库: RASAPI32.dll:
0x56248c RasHangUpA
库: KERNEL32.dll:
0x5621b0 GetSystemDirectoryA
0x5621b4 SetLastError
0x5621bc GetVersion
0x5621c4 GetTempFileNameA
0x5621c8 VirtualProtect
0x5621cc LoadLibraryW
0x5621d0 GetModuleHandleW
0x5621d4 VirtualFree
0x5621d8 VirtualAlloc
0x5621dc TerminateThread
0x5621e0 CreateMutexA
0x5621e4 ReleaseMutex
0x5621e8 SuspendThread
0x5621f4 FormatMessageA
0x5621fc lstrcpynA
0x562200 DuplicateHandle
0x562204 FlushFileBuffers
0x562208 LockFile
0x56220c UnlockFile
0x562210 SetEndOfFile
0x562214 GetThreadLocale
0x562218 lstrcmpiA
0x56221c GlobalDeleteAtom
0x562220 GlobalFindAtomA
0x562224 GlobalAddAtomA
0x562228 GlobalGetAtomNameA
0x56222c lstrcmpA
0x562230 LocalAlloc
0x562234 TlsAlloc
0x562238 GlobalHandle
0x56223c TlsFree
0x562240 TlsSetValue
0x562244 LocalReAlloc
0x562248 TlsGetValue
0x56224c GetFileTime
0x562250 GetCurrentThread
0x562254 GlobalFlags
0x562258 SetErrorMode
0x56225c GetProcessVersion
0x562260 GetCPInfo
0x562264 GetOEMCP
0x562268 GetStartupInfoA
0x56226c RtlUnwind
0x562270 GetSystemTime
0x562274 GetLocalTime
0x562278 RaiseException
0x56227c HeapSize
0x562280 GetACP
0x562284 SetStdHandle
0x562288 GetFileType
0x5622a0 SetHandleCount
0x5622a4 GetStdHandle
0x5622ac HeapDestroy
0x5622b0 HeapCreate
0x5622b8 LCMapStringA
0x5622bc LCMapStringW
0x5622c0 IsBadWritePtr
0x5622c8 GetStringTypeA
0x5622cc GetStringTypeW
0x5622d0 CompareStringA
0x5622d4 CompareStringW
0x5622d8 IsBadReadPtr
0x5622dc IsBadCodePtr
0x5622e0 GetSystemInfo
0x5622e8 TerminateProcess
0x5622ec GetCurrentProcess
0x5622f0 GetFileSize
0x5622f4 SetFilePointer
0x5622f8 CreateSemaphoreA
0x5622fc ResumeThread
0x562300 ReleaseSemaphore
0x56230c GetProfileStringA
0x562310 WriteFile
0x562318 CreateFileA
0x56231c DeviceIoControl
0x562320 SetEvent
0x562324 FindResourceA
0x562328 LoadResource
0x56232c LockResource
0x562330 ReadFile
0x562334 lstrlenW
0x562338 RemoveDirectoryA
0x56233c GetModuleFileNameA
0x562340 WideCharToMultiByte
0x562344 MultiByteToWideChar
0x562348 GetCurrentThreadId
0x56234c ExitProcess
0x562350 GlobalSize
0x562354 GlobalFree
0x562360 lstrcatA
0x562364 lstrlenA
0x562368 WinExec
0x56236c lstrcpyA
0x562370 FindNextFileA
0x562374 GlobalReAlloc
0x562378 HeapFree
0x56237c HeapReAlloc
0x562380 GetProcessHeap
0x562384 HeapAlloc
0x562388 GetUserDefaultLCID
0x56238c GetFullPathNameA
0x562390 FreeLibrary
0x562394 LoadLibraryA
0x562398 GetLastError
0x56239c GetVersionExA
0x5623a8 CreateThread
0x5623ac CreateEventA
0x5623b0 Sleep
0x5623b8 GlobalAlloc
0x5623bc GlobalLock
0x5623c0 GlobalUnlock
0x5623c4 GetTempPathA
0x5623c8 FindFirstFileA
0x5623cc FindClose
0x5623d0 GetFileAttributesA
0x5623d4 DeleteFileA
0x5623d8 CreateDirectoryA
0x5623e8 GetModuleHandleA
0x5623ec GetProcAddress
0x5623f0 MulDiv
0x5623f4 GetCommandLineA
0x5623f8 GetTickCount
0x5623fc CreateProcessA
0x562400 WaitForSingleObject
0x562404 CloseHandle
0x562408 InterlockedExchange
0x56240c LocalFree
库: USER32.dll:
0x5624a4 CharNextA
0x5624ac MapDialogRect
0x5624b0 LoadStringA
0x5624b4 GetSysColorBrush
0x5624b8 GetNextDlgGroupItem
0x5624bc PostThreadMessageA
0x5624c0 DrawFrameControl
0x5624c4 DrawEdge
0x5624c8 DrawFocusRect
0x5624cc WindowFromPoint
0x5624d0 GetMessageA
0x5624d4 DispatchMessageA
0x5624d8 SetRectEmpty
0x5624e8 DrawIconEx
0x5624ec CreatePopupMenu
0x5624f0 AppendMenuA
0x5624f4 ModifyMenuA
0x5624f8 CreateMenu
0x562500 GetDlgCtrlID
0x562504 GetSubMenu
0x562508 EnableMenuItem
0x56250c ClientToScreen
0x562514 LoadImageA
0x56251c ShowWindow
0x562520 IsWindowEnabled
0x562528 GetKeyState
0x562530 PostQuitMessage
0x562534 IsZoomed
0x562538 GetClassInfoA
0x56253c DefWindowProcA
0x562540 GetSystemMenu
0x562544 DeleteMenu
0x562548 GetMenu
0x56254c SetMenu
0x562550 PeekMessageA
0x562554 IsIconic
0x562558 SetFocus
0x56255c GetActiveWindow
0x562560 GetWindow
0x562568 SetWindowRgn
0x56256c GetMessagePos
0x562574 CopyRect
0x562578 LoadBitmapA
0x56257c KillTimer
0x562580 SetTimer
0x562584 ReleaseCapture
0x562588 GetCapture
0x56258c SetCapture
0x562590 GetScrollRange
0x562594 SetScrollRange
0x562598 SetScrollPos
0x56259c SetRect
0x5625a0 InflateRect
0x5625a4 IntersectRect
0x5625a8 DestroyIcon
0x5625ac PtInRect
0x5625b0 OffsetRect
0x5625b4 IsWindowVisible
0x5625b8 RedrawWindow
0x5625bc GetWindowLongA
0x5625c0 SetWindowLongA
0x5625c4 GetSysColor
0x5625c8 SetActiveWindow
0x5625cc SetCursorPos
0x5625d0 LoadCursorA
0x5625d4 SetCursor
0x5625d8 GetDC
0x5625dc FillRect
0x5625e0 IsRectEmpty
0x5625e4 ReleaseDC
0x5625e8 IsChild
0x5625ec TrackPopupMenu
0x5625f0 DestroyMenu
0x5625f4 SetForegroundWindow
0x5625f8 GetWindowRect
0x5625fc EqualRect
0x562600 UpdateWindow
0x562604 ValidateRect
0x562608 InvalidateRect
0x56260c GetClientRect
0x562610 GetFocus
0x562614 GetParent
0x562618 GetTopWindow
0x56261c PostMessageA
0x562620 IsWindow
0x562624 SetParent
0x562628 DestroyCursor
0x56262c SendMessageA
0x562630 SetWindowPos
0x562634 MessageBeep
0x562638 MessageBoxA
0x56263c GetCursorPos
0x562640 GetSystemMetrics
0x562644 EmptyClipboard
0x562648 SetClipboardData
0x56264c OpenClipboard
0x562650 GetClipboardData
0x562654 CloseClipboard
0x562658 wsprintfA
0x56265c WaitForInputIdle
0x562664 GetMenuState
0x562668 SetMenuItemBitmaps
0x56266c CheckMenuItem
0x562670 IsDialogMessageA
0x562674 ScrollWindowEx
0x562678 SendDlgItemMessageA
0x56267c MapWindowPoints
0x562680 AdjustWindowRectEx
0x562684 GetScrollPos
0x562688 GetMenuItemCount
0x56268c GetMenuItemID
0x562690 SetWindowsHookExA
0x562694 CallNextHookEx
0x562698 GetClassLongA
0x56269c UnhookWindowsHookEx
0x5626a0 CallWindowProcA
0x5626a4 RemovePropA
0x5626a8 GetMessageTime
0x5626ac GetLastActivePopup
0x5626b4 GetWindowPlacement
0x5626b8 EndDialog
0x5626c0 DestroyWindow
0x5626c4 GrayStringA
0x5626c8 DrawTextA
0x5626cc TabbedTextOutA
0x5626d0 EndPaint
0x5626d4 BeginPaint
0x5626d8 GetWindowDC
0x5626dc CharUpperA
0x5626e4 RegisterClassA
0x5626e8 CreateWindowExA
0x5626ec MoveWindow
0x5626f0 SetPropA
0x5626f4 DefWindowProcW
0x5626f8 GetPropA
0x5626fc SetWindowTextA
0x562700 GetForegroundWindow
0x562704 UnregisterClassA
0x562708 FrameRect
0x56270c GetNextDlgTabItem
0x562710 GetWindowTextA
0x562714 FindWindowExA
0x562718 GetDlgItem
0x56271c GetClassNameA
0x562720 GetDesktopWindow
0x562724 LoadIconA
0x562728 ScreenToClient
0x56272c TranslateMessage
0x562730 WinHelpA
0x562734 EnableWindow
0x562738 DrawStateA
库: GDI32.dll:
0x56204c GetMapMode
0x562050 GetTextMetricsA
0x562054 Escape
0x562058 ExtTextOutA
0x56205c RectVisible
0x562060 PtVisible
0x562064 GetViewportExtEx
0x562068 GetCurrentObject
0x56206c RoundRect
0x562070 ExtSelectClipRgn
0x562078 DPtoLP
0x56207c LPtoDP
0x562080 Rectangle
0x562084 Ellipse
0x562088 CreateCompatibleDC
0x56208c GetPixel
0x562090 BitBlt
0x562094 StartPage
0x562098 StartDocA
0x56209c DeleteDC
0x5620a0 EndDoc
0x5620a4 EndPage
0x5620a8 GetObjectA
0x5620ac GetStockObject
0x5620b0 CreateFontIndirectA
0x5620b4 CreateSolidBrush
0x5620b8 FillRgn
0x5620bc CreateRectRgn
0x5620c0 CombineRgn
0x5620c4 PatBlt
0x5620c8 CreatePen
0x5620cc SelectObject
0x5620d0 CreatePatternBrush
0x5620d4 CreateBitmap
0x5620d8 CreateDCA
0x5620e0 GetPolyFillMode
0x5620e4 GetStretchBltMode
0x5620e8 GetROP2
0x5620ec GetBkColor
0x5620f0 GetBkMode
0x5620f4 GetTextColor
0x5620f8 CreateRoundRectRgn
0x5620fc CreateEllipticRgn
0x562100 PathToRegion
0x562104 EndPath
0x562108 BeginPath
0x56210c GetWindowOrgEx
0x562110 GetViewportOrgEx
0x562114 GetWindowExtEx
0x562118 GetDIBits
0x56211c RealizePalette
0x562120 SelectPalette
0x562124 StretchBlt
0x562128 CreatePalette
0x562130 CreateDIBitmap
0x562134 DeleteObject
0x562138 SelectClipRgn
0x56213c CreatePolygonRgn
0x562140 GetClipRgn
0x562144 SetStretchBltMode
0x562148 CreateDIBSection
0x562150 SetBkColor
0x562154 TextOutA
0x562158 SetBkMode
0x56215c SetTextColor
0x562160 SetDIBitsToDevice
0x562164 SaveDC
0x562168 RestoreDC
0x56216c SetPolyFillMode
0x562170 SetROP2
0x562174 SetMapMode
0x562178 SetViewportOrgEx
0x56217c OffsetViewportOrgEx
0x562180 SetViewportExtEx
0x562184 ScaleViewportExtEx
0x562188 SetWindowOrgEx
0x56218c SetWindowExtEx
0x562190 ScaleWindowExtEx
0x562194 GetClipBox
0x562198 ExcludeClipRect
0x56219c MoveToEx
0x5621a0 LineTo
0x5621a4 GetDeviceCaps
库: WINSPOOL.DRV:
0x5627d0 OpenPrinterA
0x5627d4 DocumentPropertiesA
0x5627d8 ClosePrinter
库: comdlg32.dll:
0x56284c GetFileTitleA
0x562850 GetSaveFileNameA
0x562854 ChooseFontA
0x562858 ChooseColorA
0x56285c GetOpenFileNameA
库: ADVAPI32.dll:
0x562000 RegCreateKeyExA
0x562004 RegOpenKeyA
0x562008 RegQueryValueA
0x56200c RegSetValueExA
0x562010 RegOpenKeyExA
0x562014 RegQueryValueExA
0x562018 RegCloseKey
库: SHELL32.dll:
0x562498 Shell_NotifyIconA
0x56249c ShellExecuteA
库: ole32.dll:
0x562868 OleFlushClipboard
0x56286c CoRevokeClassObject
0x562884 CoGetClassObject
0x562888 CoTaskMemFree
0x56288c CoTaskMemAlloc
0x562890 CLSIDFromProgID
0x562894 OleInitialize
0x562898 OleUninitialize
0x56289c CLSIDFromString
0x5628a0 CoCreateInstance
0x5628a4 OleRun
库: OLEAUT32.dll:
0x562424 SysStringLen
0x562428 SysAllocStringLen
0x562430 LHashValOfNameSys
0x562434 UnRegisterTypeLib
0x562438 LoadTypeLib
0x56243c SafeArrayAccessData
0x562440 SafeArrayGetElement
0x562444 VariantCopyInd
0x562448 VariantInit
0x56244c SysFreeString
0x562450 SysAllocString
0x562454 SafeArrayDestroy
0x562458 SafeArrayCreate
0x56245c SafeArrayPutElement
0x562460 RegisterTypeLib
0x562464 VariantCopy
0x562468 VariantClear
0x56246c VariantChangeType
0x562470 SafeArrayGetUBound
0x562474 SafeArrayGetLBound
0x562478 SafeArrayGetDim
库: COMCTL32.dll:
0x56202c ImageList_Duplicate
0x562030 ImageList_Read
0x562034 ImageList_Destroy
0x562038 None
0x562044 _TrackMouseEvent
库: oledlg.dll:
0x5628ac None
库: WININET.dll:
0x562754 InternetConnectA
0x562758 InternetSetOptionA
0x56275c InternetOpenA
0x562760 InternetCloseHandle
0x562768 InternetCrackUrlA
0x56276c HttpOpenRequestA
0x562770 HttpSendRequestA
0x562774 HttpQueryInfoA
0x562778 InternetReadFile
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
没有防病毒引擎扫描信息!

进程树

MyWeChat.exe, PID: 2368, 上一级进程 PID: 2228
wXWKEw.exe, PID: 2484, 上一级进程 PID: 2368
cmd.exe, PID: 2716, 上一级进程 PID: 2368
PING.EXE, PID: 2848, 上一级进程 PID: 2716
MyWeChat.exe, PID: 2988, 上一级进程 PID: 2716
cmd.exe, PID: 2900, 上一级进程 PID: 2484
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 59583 101.89.38.48 ui.ptlogin2.qq.com 443
192.168.122.202 49171 101.89.39.11 share.weiyun.com 443
192.168.122.202 59585 101.89.39.11 share.weiyun.com 443
192.168.122.202 59586 101.89.39.11 share.weiyun.com 443
192.168.122.202 59587 101.89.39.11 share.weiyun.com 443
192.168.122.202 59588 101.89.39.11 share.weiyun.com 443
192.168.122.202 49162 180.101.49.12 www.baidu.com 443
192.168.122.202 49163 180.101.49.12 www.baidu.com 443
192.168.122.202 49167 180.101.49.12 www.baidu.com 443
192.168.122.202 49168 180.101.49.12 www.baidu.com 443
192.168.122.202 49170 180.101.49.12 www.baidu.com 443
192.168.122.202 49172 180.153.105.213 img.weiyun.com 443
192.168.122.202 59580 180.153.105.213 img.weiyun.com 443
192.168.122.202 59584 180.153.105.213 img.weiyun.com 443
192.168.122.202 59582 180.97.9.18 thirdqq.qlogo.cn 443
192.168.122.202 59579 183.60.137.222 qzonestyle.gtimg.cn 443
192.168.122.202 59581 183.60.137.222 qzonestyle.gtimg.cn 443
192.168.122.202 59578 192.168.122.1 53
192.168.122.202 49169 23.202.33.152 acroipm.adobe.com 80
192.168.122.202 59589 61.129.7.12 h5.qzone.qq.com 443
192.168.122.202 59590 61.151.206.22 wspeed.qq.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53
192.168.122.202 51349 192.168.122.1 53
192.168.122.202 51791 192.168.122.1 53
192.168.122.202 52150 192.168.122.1 53
192.168.122.202 53310 192.168.122.1 53
192.168.122.202 56802 192.168.122.1 53
192.168.122.202 57208 192.168.122.1 53
192.168.122.202 58495 192.168.122.1 53
192.168.122.202 61239 192.168.122.1 53
192.168.122.202 61625 192.168.122.1 53
192.168.122.202 62960 192.168.122.1 53
192.168.122.202 64524 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ddos.dnsnb8.net A 162.217.99.134
www.baidu.com CNAME www.a.shifen.com
A 180.101.49.11
A 180.101.49.12
acroipm.adobe.com A 23.202.33.171
CNAME a1983.dscd.akamai.net
CNAME acroipm.adobe.com.edgesuite.net
A 23.202.33.152
share.weiyun.com A 101.89.39.11
img.weiyun.com CNAME img.weiyun.com.cloud.tc.qq.com
CNAME x2sv6.tcdn.qq.com
A 180.153.105.213
CNAME x2sv6mid.tcdn.qq.com
qzonestyle.gtimg.cn A 222.73.132.191
A 101.91.24.81
A 183.60.137.222
A 119.147.227.103
CNAME qzonestyle.gtimg.cn.cloud.tc.qq.com
CNAME qzonestyle.gtimg.cn.x2s.sched.dcloudstc.com
A 42.81.85.191
A 101.91.24.71
A 61.164.140.235
A 182.140.219.95
A 101.91.24.45
A 116.211.184.30
A 117.34.50.60
A 116.211.185.244
A 116.211.185.228
A 101.91.24.75
A 183.2.196.201
thirdqq.qlogo.cn A 180.97.9.16
CNAME q.qlogo.cn
A 180.97.117.21
A 180.97.8.120
A 180.97.9.18
A 180.97.9.112
A 101.91.63.223
A 61.151.183.121
A 101.91.63.222
A 180.97.117.19
ui.ptlogin2.qq.com CNAME xui.ptlogin2.tencent-cloud.com
A 101.89.38.48
user.weiyun.com
h5.qzone.qq.com A 61.129.7.12
wspeed.qq.com A 61.151.206.22
zyjc.sec.qq.com NXDOMAIN

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 59583 101.89.38.48 ui.ptlogin2.qq.com 443
192.168.122.202 49171 101.89.39.11 share.weiyun.com 443
192.168.122.202 59585 101.89.39.11 share.weiyun.com 443
192.168.122.202 59586 101.89.39.11 share.weiyun.com 443
192.168.122.202 59587 101.89.39.11 share.weiyun.com 443
192.168.122.202 59588 101.89.39.11 share.weiyun.com 443
192.168.122.202 49162 180.101.49.12 www.baidu.com 443
192.168.122.202 49163 180.101.49.12 www.baidu.com 443
192.168.122.202 49167 180.101.49.12 www.baidu.com 443
192.168.122.202 49168 180.101.49.12 www.baidu.com 443
192.168.122.202 49170 180.101.49.12 www.baidu.com 443
192.168.122.202 49172 180.153.105.213 img.weiyun.com 443
192.168.122.202 59580 180.153.105.213 img.weiyun.com 443
192.168.122.202 59584 180.153.105.213 img.weiyun.com 443
192.168.122.202 59582 180.97.9.18 thirdqq.qlogo.cn 443
192.168.122.202 59579 183.60.137.222 qzonestyle.gtimg.cn 443
192.168.122.202 59581 183.60.137.222 qzonestyle.gtimg.cn 443
192.168.122.202 59578 192.168.122.1 53
192.168.122.202 49169 23.202.33.152 acroipm.adobe.com 80
192.168.122.202 59589 61.129.7.12 h5.qzone.qq.com 443
192.168.122.202 59590 61.151.206.22 wspeed.qq.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50785 192.168.122.1 53
192.168.122.202 51349 192.168.122.1 53
192.168.122.202 51791 192.168.122.1 53
192.168.122.202 52150 192.168.122.1 53
192.168.122.202 53310 192.168.122.1 53
192.168.122.202 56802 192.168.122.1 53
192.168.122.202 57208 192.168.122.1 53
192.168.122.202 58495 192.168.122.1 53
192.168.122.202 61239 192.168.122.1 53
192.168.122.202 61625 192.168.122.1 53
192.168.122.202 62960 192.168.122.1 53
192.168.122.202 64524 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-11-01 21:13:00.189397+0800 192.168.122.202 49163 180.101.49.12 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-11-01 21:13:05.382182+0800 192.168.122.202 49172 180.153.105.213 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=d3g.qq.com 03:2b:c3:20:4c:69:11:62:26:05:27:0e:16:a6:14:fc:fa:bb:b1:43
2020-11-01 21:13:00.177663+0800 192.168.122.202 49162 180.101.49.12 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-11-01 21:13:06.665878+0800 192.168.122.202 59585 101.89.39.11 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.weiyun.com 6c:3f:87:99:d6:a5:09:5a:19:a9:1a:ac:12:be:19:2e:8d:a8:65:7b
2020-11-01 21:13:06.844804+0800 192.168.122.202 59587 101.89.39.11 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=d3g.qq.com 03:2b:c3:20:4c:69:11:62:26:05:27:0e:16:a6:14:fc:fa:bb:b1:43
2020-11-01 21:13:05.031142+0800 192.168.122.202 49171 101.89.39.11 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=d3g.qq.com 03:2b:c3:20:4c:69:11:62:26:05:27:0e:16:a6:14:fc:fa:bb:b1:43
2020-11-01 21:13:01.549250+0800 192.168.122.202 49167 180.101.49.12 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-11-01 21:13:01.548604+0800 192.168.122.202 49168 180.101.49.12 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2020-11-01 21:13:05.830067+0800 192.168.122.202 59581 183.60.137.222 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.weixin.qq.com f4:06:3a:d0:48:87:3c:4d:73:36:2d:2f:0e:f8:78:89:4f:71:67:a6
2020-11-01 21:13:06.885069+0800 192.168.122.202 59588 101.89.39.11 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.weiyun.com 6c:3f:87:99:d6:a5:09:5a:19:a9:1a:ac:12:be:19:2e:8d:a8:65:7b
2020-11-01 21:13:05.403129+0800 192.168.122.202 59580 180.153.105.213 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=d3g.qq.com 03:2b:c3:20:4c:69:11:62:26:05:27:0e:16:a6:14:fc:fa:bb:b1:43
2020-11-01 21:13:06.000094+0800 192.168.122.202 59583 101.89.38.48 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=xui.ptlogin2.qq.com 86:12:7d:48:81:90:7e:0a:e3:5f:a7:1f:19:01:34:f4:21:39:7f:b8
2020-11-01 21:13:05.599583+0800 192.168.122.202 59579 183.60.137.222 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.weixin.qq.com f4:06:3a:d0:48:87:3c:4d:73:36:2d:2f:0e:f8:78:89:4f:71:67:a6
2020-11-01 21:13:06.808141+0800 192.168.122.202 59586 101.89.39.11 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.weiyun.com 6c:3f:87:99:d6:a5:09:5a:19:a9:1a:ac:12:be:19:2e:8d:a8:65:7b
2020-11-01 21:13:06.009195+0800 192.168.122.202 59582 180.97.9.18 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=guangdong, L=shenzhen, O=Tencent Technology (Shenzhen) Company Limited, CN=*.qpic.cn 19:a3:27:1f:59:71:a4:21:67:fe:2b:a1:4c:83:5c:66:ef:d2:5a:65
2020-11-01 21:13:08.990759+0800 192.168.122.202 59589 61.129.7.12 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=*.qzone.qq.com 89:39:26:02:eb:fd:36:ce:7d:93:4f:b3:e5:16:96:06:0f:b6:9a:5b
2020-11-01 21:13:09.052167+0800 192.168.122.202 59590 61.151.206.22 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2 C=CN, ST=Guangdong, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, OU=R&D, CN=qqweb.qq.com 02:a0:d6:d4:a4:87:64:82:e4:99:ce:4e:85:7b:82:ec:c4:57:32:a3

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 23.962 seconds )

  • 11.182 Suricata
  • 5.997 NetworkAnalysis
  • 2.46 Static
  • 1.769 VirusTotal
  • 1.485 BehaviorAnalysis
  • 0.824 TargetInfo
  • 0.213 peid
  • 0.012 Strings
  • 0.011 AnalysisInfo
  • 0.007 config_decoder
  • 0.002 Memory

Signatures ( 2.354 seconds )

  • 1.315 md_url_bl
  • 0.093 api_spamming
  • 0.073 antiav_detectfile
  • 0.07 stealth_decoy_document
  • 0.056 mimics_filetime
  • 0.047 infostealer_bitcoin
  • 0.041 antiav_detectreg
  • 0.039 stealth_timeout
  • 0.038 infostealer_ftp
  • 0.035 reads_self
  • 0.032 stealth_file
  • 0.028 virus
  • 0.028 antivm_vbox_files
  • 0.028 md_domain_bl
  • 0.026 bootkit
  • 0.025 antivm_generic_disk
  • 0.025 infostealer_im
  • 0.024 kovter_behavior
  • 0.021 antiemu_wine_func
  • 0.019 infostealer_browser_password
  • 0.019 hancitor_behavior
  • 0.015 infostealer_mail
  • 0.014 ransomware_extensions
  • 0.013 antidbg_devices
  • 0.011 antivm_vbox_libs
  • 0.01 ransomware_files
  • 0.009 network_tor
  • 0.009 betabot_behavior
  • 0.009 anomaly_persistence_autorun
  • 0.009 antianalysis_detectreg
  • 0.008 maldun_anomaly_massive_file_ops
  • 0.008 kibex_behavior
  • 0.008 rat_pcclient
  • 0.007 exec_crash
  • 0.007 geodo_banking_trojan
  • 0.006 hawkeye_behavior
  • 0.005 kazybot_behavior
  • 0.005 antivm_vmware_files
  • 0.005 codelux_behavior
  • 0.005 network_http
  • 0.004 antiav_avast_libs
  • 0.004 injection_createremotethread
  • 0.004 antisandbox_sunbelt_libs
  • 0.004 shifu_behavior
  • 0.004 sniffer_winpcap
  • 0.004 network_torgateway
  • 0.003 rat_nanocore
  • 0.003 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.003 antivm_vmware_libs
  • 0.003 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 antivm_generic_scsi
  • 0.003 antidbg_windows
  • 0.003 injection_runpe
  • 0.003 antianalysis_detectfile
  • 0.002 tinba_behavior
  • 0.002 antivm_generic_services
  • 0.002 injection_explorer
  • 0.002 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.002 cerber_behavior
  • 0.002 h1n1_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_vpc_files
  • 0.002 antivm_xen_keys
  • 0.002 banker_cridex
  • 0.002 disables_browser_warn
  • 0.002 malicous_targeted_flame
  • 0.002 network_cnc_http
  • 0.002 network_tor_service
  • 0.001 network_anomaly
  • 0.001 dridex_behavior
  • 0.001 rat_luminosity
  • 0.001 ransomware_message
  • 0.001 antisandbox_sleep
  • 0.001 sets_autoconfig_url
  • 0.001 stealth_network
  • 0.001 ipc_namedpipe
  • 0.001 anormaly_invoke_kills
  • 0.001 securityxploded_modules
  • 0.001 spreading_autoruninf
  • 0.001 antisandbox_fortinet_files
  • 0.001 antisandbox_productid
  • 0.001 antisandbox_sunbelt_files
  • 0.001 antisandbox_threattrack_files
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_vbox_devices
  • 0.001 banker_zeus_mutex
  • 0.001 bitcoin_opencl
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 recon_fingerprint

Reporting ( 0.573 seconds )

  • 0.504 ReportHTMLSummary
  • 0.069 Malheur
Task ID 584455
Mongo ID 5f9eb4da7e769a19fc8b43dd
Cuckoo release 1.4-Maldun