恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2020-11-30 10:34:20	2020-11-30 10:36:26	126 秒

魔盾分数

10.0

Trik病毒

文件详细信息

文件名	123.exe
文件大小	198656 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	6286813e23f3d047d8fb7038c9191990
SHA1	a2f0c6c05225e4b10afc2c92ca24ab86df81d776
SHA256	c16b53acd39eec526698c8e4e90956880b1cdd30554d08086fe94b833ee3a5b3
SHA512	7c3e17211c2cd1c46f76deea2fffc05a6356a2ce37c987a78e1308970d1d000acfc9e556005e387aab1eb24d27e2be23ec72236b0e1d7058e7af2bdc57cdf7f6
CRC32	3F01637A
Ssdeep	3072:JARzrYec4BUlCKpwwza0u4BNSAx1n5ez+x6k:25ce7SCKpRwgrOCkk
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 104.123.71.146 CNAME a1983.dscd.akamai.net A 104.123.71.144
ofhhusrugsrhgurhf.su	未知	NXDOMAIN
usifusurfbbuguruf.su	未知
ohsufsiuesiuhuhgf.su	未知
bafaejidjaiehfgsf.su
gaeuhaiuhfihehfsf.su	未知
gaeifiuheiuhauhdf.su	未知
gnnaneieaojoagisf.su	未知
iaefiazefgizagdgf.su	未知
agnediuaeuidhegsf.su
aehfiaheifuedhgsf.su	未知
nfbaeiudhaiedhhgf.su
ofhhusrugsrhgurhg.su	未知
usifusurfbbugurug.su	未知
ohsufsiuesiuhuhgg.su	未知
bafaejidjaiehfgsg.su	未知
gaeuhaiuhfihehfsg.su	未知
gaeifiuheiuhauhdg.su	未知
gnnaneieaojoagisg.su	未知
iaefiazefgizagdgg.su	未知
agnediuaeuidhegsg.su	未知
aehfiaheifuedhgsg.su	未知
ofhhusrugsrhgurho.su	未知
usifusurfbbuguruo.su	未知
ohsufsiuesiuhuhgo.su	未知
bafaejidjaiehfgso.su
gaeuhaiuhfihehfso.su	未知
gaeifiuheiuhauhdo.su	未知
gnnaneieaojoagiso.su	未知
iaefiazefgizagdgo.su	未知
agnediuaeuidhegso.su	未知
aehfiaheifuedhgso.su	未知
ofhhusrugsrhgurhx.su	未知
usifusurfbbugurux.su	未知
ohsufsiuesiuhuhgx.su	未知
bafaejidjaiehfgsx.su	未知
gaeuhaiuhfihehfsx.su
gaeifiuheiuhauhdx.su	未知
gnnaneieaojoagisx.su	未知
iaefiazefgizagdgx.su	未知
agnediuaeuidhegsx.su	未知

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00404d3d
声明校验值	0x00031b52
实际校验值	0x00031b52
最低操作系统版本要求	5.0
编译时间	2018-03-23 17:38:04
载入哈希	5b00d590482218bc14b27f2e39c85e2c
图标
图标精确哈希值	f31cb7ab73a020bb48c60bc27a08415a
图标相似性哈希值	9726c6f81782494b62c96defde1f1d66

版本信息

LegalCopyright
InternalName
ProductVersion
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0001a0a2	0x0001a200	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.98
.rdata	0x0001c000	0x00005cec	0x00005e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	6.03
.data	0x00022000	0x02bff7e0	0x00002600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.74
.rsrc	0x02c22000	0x00002e30	0x00003000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.37
.reloc	0x02c25000	0x0000ac50	0x0000ae00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	1.20

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
AFX_DIALOG_LAYOUT	0x02c24c78	0x00000002	LANG_NEUTRAL	SUBLANG_NEUTRAL	1.00	data
FASANOMOVEGISOVUCI	0x02c24398	0x000008d0	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.58	ASCII text, with very long lines, with no line terminators
RT_ICON	0x02c239e0	0x00000988	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.84	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x02c239e0	0x00000988	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.84	dBase III DBT, version number 0, next free block index 40
RT_ICON	0x02c239e0	0x00000988	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.84	dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON	0x02c24368	0x00000030	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.55	MS Windows icon resource - 3 icons, 24x24
RT_VERSION	0x02c24c80	0x000001b0	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.33	data
None	0x02c24c68	0x0000000a	LANG_NEUTRAL	SUBLANG_NEUTRAL	2.32	data

导入

库: KERNEL32.dll:

• 0x41c000 CreateFileA

• 0x41c004 WriteConsoleOutputW

• 0x41c008 GetCurrentProcess

• 0x41c00c GetLocaleInfoW

• 0x41c010 IsBadStringPtrA

• 0x41c014 GetStringTypeExA

• 0x41c018 GetProcAddress

• 0x41c01c LoadLibraryA

• 0x41c020 LocalAlloc

• 0x41c024 GetModuleFileNameA

• 0x41c028 GetModuleHandleA

• 0x41c02c IsDebuggerPresent

• 0x41c030 WriteConsoleOutputAttribute

• 0x41c034 QueryDepthSList

• 0x41c038 InterlockedIncrement

• 0x41c03c InterlockedDecrement

• 0x41c040 Sleep

• 0x41c044 InitializeCriticalSection

• 0x41c048 DeleteCriticalSection

• 0x41c04c EnterCriticalSection

• 0x41c050 LeaveCriticalSection

• 0x41c054 GetLastError

• 0x41c058 HeapFree

• 0x41c05c HeapAlloc

• 0x41c060 TerminateProcess

• 0x41c064 UnhandledExceptionFilter

• 0x41c068 SetUnhandledExceptionFilter

• 0x41c06c GetCommandLineA

• 0x41c070 GetStartupInfoA

• 0x41c074 RtlUnwind

• 0x41c078 RaiseException

• 0x41c07c LCMapStringA

• 0x41c080 WideCharToMultiByte

• 0x41c084 MultiByteToWideChar

• 0x41c088 LCMapStringW

• 0x41c08c GetCPInfo

• 0x41c090 HeapCreate

• 0x41c094 VirtualFree

• 0x41c098 VirtualAlloc

• 0x41c09c HeapReAlloc

• 0x41c0a0 GetModuleHandleW

• 0x41c0a4 ExitProcess

• 0x41c0a8 WriteFile

• 0x41c0ac GetStdHandle

• 0x41c0b0 TlsGetValue

• 0x41c0b4 TlsAlloc

• 0x41c0b8 TlsSetValue

• 0x41c0bc TlsFree

• 0x41c0c0 SetLastError

• 0x41c0c4 GetCurrentThreadId

• 0x41c0c8 HeapSize

• 0x41c0cc FreeEnvironmentStringsA

• 0x41c0d0 GetEnvironmentStrings

• 0x41c0d4 FreeEnvironmentStringsW

• 0x41c0d8 GetEnvironmentStringsW

• 0x41c0dc SetHandleCount

• 0x41c0e0 GetFileType

• 0x41c0e4 QueryPerformanceCounter

• 0x41c0e8 GetTickCount

• 0x41c0ec GetCurrentProcessId

• 0x41c0f0 GetSystemTimeAsFileTime

• 0x41c0f4 GetACP

• 0x41c0f8 GetOEMCP

• 0x41c0fc IsValidCodePage

• 0x41c100 GetUserDefaultLCID

• 0x41c104 GetLocaleInfoA

• 0x41c108 EnumSystemLocalesA

• 0x41c10c IsValidLocale

• 0x41c110 GetStringTypeA

• 0x41c114 GetStringTypeW

• 0x41c118 InitializeCriticalSectionAndSpinCount

库: MSIMG32.dll:

• 0x41c120 AlphaBlend

• 0x41c124 GradientFill

.text
`.rdata
@.data
.rsrc
@.reloc
Wh0 B
YQPVh
QW@Ph
35`$B
uL9=pHB
Fh8'B
Y;= &B
;5`+B
Fh=8'B
9=pHB
SVWUj
($0 !"&
$-$&'00
:<?'2
"36&5$>
$2,#$
05,#0,+
4!=80
6..20#
#?,04;<>
8 6*.=(
5<<063":+
bad allocation
string too long
invalid string position
Unknown exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
CorExitProcess
runtime error 
Microsoft Visual C++ Runtime Library
<program name unknown>
Program: 
EncodePointer
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
bad exception
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
floor
exp10
log10
e+000
GAIsProcessorFeaturePresent
KERNEL32
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
_nextafter
_logb
frexp
_hypot
_cabs
ldexp
atan2
1#QNAN
1#INF
1#IND
1#SNAN
bad allocation
kernel32.dll
GlobalAlloc
xoticexoguwahuwiziyuzizobi tu
vovusawebafovemiwu
kernel32.dll
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
bad cast
CreateFileA
WriteConsoleOutputW
GetCurrentProcess
GetLocaleInfoW
IsBadStringPtrA
GetStringTypeExA
GetProcAddress
LoadLibraryA
LocalAlloc
GetModuleFileNameA
GetModuleHandleA
IsDebuggerPresent
WriteConsoleOutputAttribute
QueryDepthSList
KERNEL32.dll
AlphaBlend
GradientFill
MSIMG32.dll
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetStartupInfoA
mscoree.dll
KERNEL32.DLL

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	W32.AIDetectVM.malware1	20200923
Elastic	malicious (high confidence)	20200917
DrWeb	Win32.HLLW.Autoruner2.49693	20200923
MicroWorld-eScan	Trojan.GenericKD.31994196	20200923
FireEye	Generic.mg.6286813e23f3d047	20200923
CAT-QuickHeal	Trojan.Mauvaise.SL1	20200923
Qihoo-360	Win32/Trojan.Downloader.e47	20200923
ALYac	Trojan.GenericKD.31994196	20200923
Cylance	Unsafe	20200923
Zillya	Downloader.Trik.Win32.2	20200923
SUPERAntiSpyware	未发现病毒	20200918
Sangfor	Malware	20200814
K7AntiVirus	Trojan ( 0054e5481 )	20200923
Alibaba	TrojanDownloader:Win32/Skeeyah.b8842e98	20190527
K7GW	Trojan ( 0054e5481 )	20200923
Cybereason	malicious.e23f3d	20190616
Invincea	Mal/Generic-R + Troj/AutoG-BO	20200923
BitDefenderTheta	Gen:NN.ZexaF.34254.mu0@aWM0iTc	20200918
Cyren	W32/Kryptik.ZE.gen!Eldorado	20200923
Symantec	Packed.Generic.525	20200923
TotalDefense	未发现病毒	20200923
APEX	Malicious	20200922
Avast	Other:Malware-gen [Trj]	20200923
ClamAV	Win.Packed.Os40444-7361867-0	20200923
Kaspersky	Trojan-Downloader.Win32.Trik.ed	20200923
BitDefender	Trojan.GenericKD.31994196	20200923
NANO-Antivirus	Trojan.Win32.Trik.fqjewx	20200923
Paloalto	generic.ml	20200923
ViRobot	未发现病毒	20200923
Tencent	Malware.Win32.Gencirc.116b3a34	20200923
Ad-Aware	Trojan.GenericKD.31994196	20200923
TACHYON	未发现病毒	20200923
Sophos	Troj/AutoG-BO	20200923
Comodo	Malware@#2lni1nnzq9j9v	20200923
F-Secure	Trojan.TR/AD.Phorpiex.btjzy	20200923
Baidu	未发现病毒	20190318
VIPRE	Trojan.Win32.Generic!BT	20200923
TrendMicro	TROJ_GEN.R022C0DF220	20200923
McAfee-GW-Edition	BehavesLike.Win32.Sodinokibi.cm	20200923
CMC	未发现病毒	20200923
Emsisoft	Trojan.GenericKD.31994196 (B)	20200923
SentinelOne	DFI - Suspicious PE	20200724
Jiangmin	TrojanDownloader.Trik.t	20200923
Webroot	W32.Malware.gen	20200923
Avira	TR/AD.Phorpiex.btjzy	20200923
Antiy-AVL	Trojan/Win32.Fuerboos	20200923
Kingsoft	未发现病毒	20200923
Microsoft	Trojan:Win32/CryptInject.YJ!MTB	20200923
Arcabit	Trojan.Generic.D1E83154	20200923
AegisLab	Trojan.Win32.Trik.a!c	20200923
ZoneAlarm	Trojan-Downloader.Win32.Trik.ed	20200923
GData	Win32.Worm.Phorpiex.IPQWRG	20200923
Cynet	Malicious (score: 100)	20200917
AhnLab-V3	Trojan/Win32.Ransomcrypt.R272328	20200923
Acronis	suspicious	20200917
McAfee	Generic.bto	20200922
MAX	malware (ai score=100)	20200923
VBA32	TrojanDownloader.Trik	20200923
Malwarebytes	Trojan.MalPack.GS.Generic	20200923
Zoner	Trojan.Win32.80447	20200920
ESET-NOD32	Win32/Phorpiex.J	20200923
TrendMicro-HouseCall	TROJ_GEN.R022C0DF220	20200923
Rising	Worm.Phorpiex!8.48D (KTSE)	20200923
Yandex	Trojan.DL.Trik!	20200911
Ikarus	Trojan.Win32.Crypt	20200923
eGambit	Unsafe.AI_Score_94%	20200923
Fortinet	W32/Trik.ED!tr	20200923
AVG	Other:Malware-gen [Trj]	20200923
Panda	Trj/WLT.E	20200923
CrowdStrike	win/malicious_confidence_100% (W)	20190702
MaxSecure	Trojan.Malware.74316719.susgen	20200922

进程树

123.exe id: 2316
- winrvbb.exe id: 2472

123.exe, PID: 2316, 上一级进程 PID: 2160

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

winrvbb.exe, PID: 2472, 上一级进程 PID: 2316

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49161	104.123.71.144 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49532	192.168.122.1	53
192.168.122.201	50123	192.168.122.1	53
192.168.122.201	50224	192.168.122.1	53
192.168.122.201	50433	192.168.122.1	53
192.168.122.201	52179	192.168.122.1	53
192.168.122.201	52207	192.168.122.1	53
192.168.122.201	52564	192.168.122.1	53
192.168.122.201	52852	192.168.122.1	53
192.168.122.201	52936	192.168.122.1	53
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	54135	192.168.122.1	53
192.168.122.201	54168	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	56449	192.168.122.1	53
192.168.122.201	56960	192.168.122.1	53
192.168.122.201	57769	192.168.122.1	53
192.168.122.201	59227	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	60120	192.168.122.1	53
192.168.122.201	60220	192.168.122.1	53
192.168.122.201	60318	192.168.122.1	53
192.168.122.201	60465	192.168.122.1	53
192.168.122.201	60794	192.168.122.1	53
192.168.122.201	60919	192.168.122.1	53
192.168.122.201	61329	192.168.122.1	53
192.168.122.201	61500	192.168.122.1	53
192.168.122.201	61663	192.168.122.1	53
192.168.122.201	61890	192.168.122.1	53
192.168.122.201	62169	192.168.122.1	53
192.168.122.201	62671	192.168.122.1	53
192.168.122.201	63953	192.168.122.1	53
192.168.122.201	63995	192.168.122.1	53
192.168.122.201	64191	192.168.122.1	53
192.168.122.201	64363	192.168.122.1	53
192.168.122.201	64712	192.168.122.1	53
192.168.122.201	64833	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53
192.168.122.201	65179	192.168.122.1	53
192.168.122.201	65259	192.168.122.1	53
192.168.122.201	65529	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 104.123.71.146 CNAME a1983.dscd.akamai.net A 104.123.71.144
ofhhusrugsrhgurhf.su	未知	NXDOMAIN
usifusurfbbuguruf.su	未知
ohsufsiuesiuhuhgf.su	未知
bafaejidjaiehfgsf.su
gaeuhaiuhfihehfsf.su	未知
gaeifiuheiuhauhdf.su	未知
gnnaneieaojoagisf.su	未知
iaefiazefgizagdgf.su	未知
agnediuaeuidhegsf.su
aehfiaheifuedhgsf.su	未知
nfbaeiudhaiedhhgf.su
ofhhusrugsrhgurhg.su	未知
usifusurfbbugurug.su	未知
ohsufsiuesiuhuhgg.su	未知
bafaejidjaiehfgsg.su	未知
gaeuhaiuhfihehfsg.su	未知
gaeifiuheiuhauhdg.su	未知
gnnaneieaojoagisg.su	未知
iaefiazefgizagdgg.su	未知
agnediuaeuidhegsg.su	未知
aehfiaheifuedhgsg.su	未知
ofhhusrugsrhgurho.su	未知
usifusurfbbuguruo.su	未知
ohsufsiuesiuhuhgo.su	未知
bafaejidjaiehfgso.su
gaeuhaiuhfihehfso.su	未知
gaeifiuheiuhauhdo.su	未知
gnnaneieaojoagiso.su	未知
iaefiazefgizagdgo.su	未知
agnediuaeuidhegso.su	未知
aehfiaheifuedhgso.su	未知
ofhhusrugsrhgurhx.su	未知
usifusurfbbugurux.su	未知
ohsufsiuesiuhuhgx.su	未知
bafaejidjaiehfgsx.su	未知
gaeuhaiuhfihehfsx.su
gaeifiuheiuhauhdx.su	未知
gnnaneieaojoagisx.su	未知
iaefiazefgizagdgx.su	未知
agnediuaeuidhegsx.su	未知

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49161	104.123.71.144 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49532	192.168.122.1	53
192.168.122.201	50123	192.168.122.1	53
192.168.122.201	50224	192.168.122.1	53
192.168.122.201	50433	192.168.122.1	53
192.168.122.201	52179	192.168.122.1	53
192.168.122.201	52207	192.168.122.1	53
192.168.122.201	52564	192.168.122.1	53
192.168.122.201	52852	192.168.122.1	53
192.168.122.201	52936	192.168.122.1	53
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	54135	192.168.122.1	53
192.168.122.201	54168	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	56449	192.168.122.1	53
192.168.122.201	56960	192.168.122.1	53
192.168.122.201	57769	192.168.122.1	53
192.168.122.201	59227	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	60120	192.168.122.1	53
192.168.122.201	60220	192.168.122.1	53
192.168.122.201	60318	192.168.122.1	53
192.168.122.201	60465	192.168.122.1	53
192.168.122.201	60794	192.168.122.1	53
192.168.122.201	60919	192.168.122.1	53
192.168.122.201	61329	192.168.122.1	53
192.168.122.201	61500	192.168.122.1	53
192.168.122.201	61663	192.168.122.1	53
192.168.122.201	61890	192.168.122.1	53
192.168.122.201	62169	192.168.122.1	53
192.168.122.201	62671	192.168.122.1	53
192.168.122.201	63953	192.168.122.1	53
192.168.122.201	63995	192.168.122.1	53
192.168.122.201	64191	192.168.122.1	53
192.168.122.201	64363	192.168.122.1	53
192.168.122.201	64712	192.168.122.1	53
192.168.122.201	64833	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53
192.168.122.201	65179	192.168.122.1	53
192.168.122.201	65259	192.168.122.1	53
192.168.122.201	65529	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

源地址	目标地址	ICMP类型	数据
95.81.1.43	192.168.122.201	3

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 39.886 seconds )

25.606 NetworkAnalysis
11.026 Suricata
1.295 VirusTotal
0.655 Static
0.596 BehaviorAnalysis
0.392 peid
0.275 TargetInfo
0.015 config_decoder
0.013 Strings
0.011 AnalysisInfo
0.002 Memory

Signatures ( 1.828 seconds )

1.412 md_url_bl
0.102 md_domain_bl
0.046 api_spamming
0.039 stealth_decoy_document
0.035 stealth_timeout
0.015 stealth_file
0.014 antisandbox_sleep
0.013 antiav_detectreg
0.011 injection_createremotethread
0.009 process_interest
0.007 injection_runpe
0.006 mimics_filetime
0.006 anomaly_persistence_autorun
0.006 antiav_detectfile
0.006 infostealer_ftp
0.006 network_torgateway
0.005 reads_self
0.005 vawtrak_behavior
0.005 virus
0.004 bootkit
0.004 antivm_generic_disk
0.004 process_needed
0.004 hancitor_behavior
0.004 geodo_banking_trojan
0.004 infostealer_im
0.004 ransomware_extensions
0.004 ransomware_files
0.003 stealth_network
0.003 kovter_behavior
0.003 antianalysis_detectreg
0.003 infostealer_bitcoin
0.003 network_http
0.002 tinba_behavior
0.002 antiemu_wine_func
0.002 betabot_behavior
0.002 infostealer_browser_password
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 infostealer_mail
0.002 md_bad_drop
0.001 mimics_agent
0.001 rat_nanocore
0.001 antiav_avast_libs
0.001 antiav_bitdefender_libs
0.001 cerber_behavior
0.001 multiple_useragents
0.001 antivm_parallels_keys
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 maldun_network_blacklist
0.001 network_cnc_http
0.001 recon_checkip
0.001 stealth_modify_uac_prompt

Reporting ( 0.652 seconds )

0.567 ReportHTMLSummary
0.085 Malheur


Task ID	592506
Mongo ID	5fc45ad97e769a09e4a4d898
Cuckoo release	1.4-Maldun