恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2021-04-08 22:55:37	2021-04-08 22:57:43	126 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	王卡助手20210310.exe
文件大小	4534272 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	6907cec51859b238c2b0225dcea38765
SHA1	4eaec64ed91407053a0cb14d7a6d5fc6cfeebeba
SHA256	166b82cd380506e97d7de60bda5744c24216ae7812849b750ab2bbf278bd0b57
SHA512	fde5dd79363846a0c3ddc346337d6933bc3b4a85ee1a9163eea0bbfe3fa5a848840c919050e8fc51166869d9b89f630d4e70af664cea7b3956e433a6f6f87b40
CRC32	E199F0AB
Ssdeep	49152:nEzuCLMLhzoHMRkHsVfPkOQ1mxVFy42XFSBFjPBFjAu1qr6O0qr6OTqr6Obis:5nVfPkOQcjFxkORZRAu1qr67qr6Kqr6s
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.iwzh.cn	CNAME 557fff94dda76e14.cdn.jiashule.com A 39.106.132.118
api.freeyun.net	A 43.248.201.145
ss3.baidu.com	CNAME sslbaidu.jomodns.com A 180.163.198.33
acroipm.adobe.com	CNAME a1983.dscd.akamai.net CNAME acroipm.adobe.com.edgesuite.net A 104.91.68.27 A 104.91.68.75

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x005b8fa0
声明校验值	0x00000000
实际校验值	0x004542de
最低操作系统版本要求	4.0
编译时间	2021-03-10 17:18:19
载入哈希	6f57a1bd79769bacc80f4df1abb834b9
图标
图标精确哈希值	1bca88d3f61fc22108bfeca5dc5a84cd
图标相似性哈希值	d2a275ade2a7e584a484dd6146324137

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x001e73d5	0x001e8000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.41
.rdata	0x001e9000	0x0023b46a	0x0023c000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.51
.data	0x00425000	0x000a74d6	0x00025000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.53
.rsrc	0x004cd000	0x00008ef8	0x00009000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.62

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
TEXTINCLUDE	0x004cdfac	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x004cdfac	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x004cdfac	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
WAVE	0x004ce100	0x00001448	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	6.35	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_CURSOR	0x004cfe68	0x00000134	LANG_ITALIAN	SUBLANG_ITALIAN	3.07	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x004d2760	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_ICON	0x004d2cb4	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.05	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_ICON	0x004d2cb4	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.05	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_ICON	0x004d2cb4	0x000010a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.05	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_MENU	0x004d3d68	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_MENU	0x004d3d68	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x004d4fb0	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x004d59f8	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_GROUP_CURSOR	0x004d5aa8	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004d5aa8	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004d5aa8	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004d5aa8	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004d5aa8	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004d5aa8	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004d5aa8	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x004d5aa8	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON	0x004d5af4	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x004d5af4	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x004d5af4	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION	0x004d5b08	0x00000220	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.38	data
RT_MANIFEST	0x004d5d28	0x000001cd	LANG_NEUTRAL	SUBLANG_NEUTRAL	5.08	XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: MSVFW32.dll:

• 0x5e9454 DrawDibDraw

库: AVIFIL32.dll:

• 0x5e9018 AVIStreamGetFrame

• 0x5e901c AVIStreamInfoA

库: WINMM.dll:

• 0x5e97f0 midiStreamRestart

• 0x5e97f4 midiStreamClose

• 0x5e97f8 midiOutReset

• 0x5e97fc midiStreamStop

• 0x5e9800 midiStreamOut

• 0x5e9804 midiOutPrepareHeader

• 0x5e9808 midiStreamProperty

• 0x5e980c midiStreamOpen

• 0x5e9810 midiOutUnprepareHeader

• 0x5e9814 waveOutOpen

• 0x5e9818 waveOutGetNumDevs

• 0x5e981c waveOutClose

• 0x5e9820 waveOutReset

• 0x5e9824 waveOutPause

• 0x5e9828 waveOutWrite

• 0x5e982c waveOutPrepareHeader

• 0x5e9830 waveOutUnprepareHeader

• 0x5e9834 PlaySoundA

• 0x5e9838 mciSendStringA

• 0x5e983c mciSendCommandA

• 0x5e9840 waveOutRestart

库: WS2_32.dll:

• 0x5e9860 socket

• 0x5e9864 setsockopt

• 0x5e9868 recvfrom

• 0x5e986c ioctlsocket

• 0x5e9870 connect

• 0x5e9874 htons

• 0x5e9878 WSAAsyncSelect

• 0x5e987c closesocket

• 0x5e9880 send

• 0x5e9884 select

• 0x5e9888 WSACleanup

• 0x5e988c ntohl

• 0x5e9890 WSASetLastError

• 0x5e9894 accept

• 0x5e9898 getpeername

• 0x5e989c recv

• 0x5e98a0 inet_addr

• 0x5e98a4 inet_ntoa

• 0x5e98a8 gethostbyname

• 0x5e98ac WSAStartup

• 0x5e98b0 gethostname

库: RPCRT4.dll:

• 0x5e94d8 RpcStringFreeA

• 0x5e94dc UuidToStringA

库: RASAPI32.dll:

• 0x5e94cc RasHangUpA

• 0x5e94d0 RasGetConnectStatusA

库: KERNEL32.dll:

• 0x5e91fc LeaveCriticalSection

• 0x5e9200 EnterCriticalSection

• 0x5e9204 ReleaseSemaphore

• 0x5e9208 ResumeThread

• 0x5e920c CreateSemaphoreA

• 0x5e9210 SetFilePointer

• 0x5e9214 GetFileSize

• 0x5e9218 GetCurrentProcess

• 0x5e921c TerminateProcess

• 0x5e9220 GetWindowsDirectoryA

• 0x5e9224 LoadLibraryExA

• 0x5e9228 GetSystemDirectoryA

• 0x5e922c MultiByteToWideChar

• 0x5e9230 SetLastError

• 0x5e9234 GetTimeZoneInformation

• 0x5e9238 GetVersion

• 0x5e923c Beep

• 0x5e9240 GetTempFileNameA

• 0x5e9244 InterlockedDecrement

• 0x5e9248 InterlockedIncrement

• 0x5e924c lstrcmpiA

• 0x5e9250 TerminateThread

• 0x5e9254 FileTimeToSystemTime

• 0x5e9258 WideCharToMultiByte

• 0x5e925c CreateMutexA

• 0x5e9260 ReleaseMutex

• 0x5e9264 SuspendThread

• 0x5e9268 LocalFree

• 0x5e926c FormatMessageA

• 0x5e9270 FileTimeToLocalFileTime

• 0x5e9274 lstrcpynA

• 0x5e9278 DuplicateHandle

• 0x5e927c FlushFileBuffers

• 0x5e9280 LockFile

• 0x5e9284 UnlockFile

• 0x5e9288 SetEndOfFile

• 0x5e928c GetThreadLocale

• 0x5e9290 GlobalDeleteAtom

• 0x5e9294 GlobalFindAtomA

• 0x5e9298 GlobalAddAtomA

• 0x5e929c GlobalGetAtomNameA

• 0x5e92a0 lstrcmpA

• 0x5e92a4 LocalAlloc

• 0x5e92a8 TlsAlloc

• 0x5e92ac GlobalHandle

• 0x5e92b0 TlsFree

• 0x5e92b4 TlsSetValue

• 0x5e92b8 LocalReAlloc

• 0x5e92bc TlsGetValue

• 0x5e92c0 GetFileTime

• 0x5e92c4 GetCurrentThread

• 0x5e92c8 GlobalFlags

• 0x5e92cc SetErrorMode

• 0x5e92d0 GetProcessVersion

• 0x5e92d4 GetCPInfo

• 0x5e92d8 GetOEMCP

• 0x5e92dc GetStartupInfoA

• 0x5e92e0 RtlUnwind

• 0x5e92e4 GetSystemTime

• 0x5e92e8 GetLocalTime

• 0x5e92ec RaiseException

• 0x5e92f0 HeapSize

• 0x5e92f4 GetACP

• 0x5e92f8 SetStdHandle

• 0x5e92fc GetFileType

• 0x5e9300 UnhandledExceptionFilter

• 0x5e9304 FreeEnvironmentStringsA

• 0x5e9308 FreeEnvironmentStringsW

• 0x5e930c GetEnvironmentStrings

• 0x5e9310 GetEnvironmentStringsW

• 0x5e9314 SetHandleCount

• 0x5e9318 GetStdHandle

• 0x5e931c GetEnvironmentVariableA

• 0x5e9320 HeapDestroy

• 0x5e9324 HeapCreate

• 0x5e9328 VirtualFree

• 0x5e932c SetEnvironmentVariableA

• 0x5e9330 LCMapStringA

• 0x5e9334 LCMapStringW

• 0x5e9338 VirtualAlloc

• 0x5e933c IsBadWritePtr

• 0x5e9340 SetUnhandledExceptionFilter

• 0x5e9344 GetStringTypeA

• 0x5e9348 GetStringTypeW

• 0x5e934c CompareStringA

• 0x5e9350 CompareStringW

• 0x5e9354 IsBadReadPtr

• 0x5e9358 IsBadCodePtr

• 0x5e935c WriteFile

• 0x5e9360 WaitForMultipleObjects

• 0x5e9364 CreateFileA

• 0x5e9368 SetEvent

• 0x5e936c FindResourceA

• 0x5e9370 LoadResource

• 0x5e9374 LockResource

• 0x5e9378 ReadFile

• 0x5e937c lstrlenW

• 0x5e9380 GetModuleFileNameA

• 0x5e9384 GetCurrentThreadId

• 0x5e9388 ExitProcess

• 0x5e938c GlobalSize

• 0x5e9390 GlobalFree

• 0x5e9394 DeleteCriticalSection

• 0x5e9398 InitializeCriticalSection

• 0x5e939c lstrcatA

• 0x5e93a0 lstrlenA

• 0x5e93a4 WinExec

• 0x5e93a8 lstrcpyA

• 0x5e93ac FindNextFileA

• 0x5e93b0 GlobalReAlloc

• 0x5e93b4 HeapFree

• 0x5e93b8 HeapReAlloc

• 0x5e93bc GetProcessHeap

• 0x5e93c0 HeapAlloc

• 0x5e93c4 GetUserDefaultLCID

• 0x5e93c8 GetFullPathNameA

• 0x5e93cc FreeLibrary

• 0x5e93d0 LoadLibraryA

• 0x5e93d4 GetLastError

• 0x5e93d8 GetVersionExA

• 0x5e93dc WritePrivateProfileStringA

• 0x5e93e0 GetPrivateProfileStringA

• 0x5e93e4 CreateThread

• 0x5e93e8 CreateEventA

• 0x5e93ec Sleep

• 0x5e93f0 GlobalAlloc

• 0x5e93f4 GlobalLock

• 0x5e93f8 GlobalUnlock

• 0x5e93fc GetTempPathA

• 0x5e9400 FindFirstFileA

• 0x5e9404 FindClose

• 0x5e9408 SetFileAttributesA

• 0x5e940c GetFileAttributesA

• 0x5e9410 DeleteFileA

• 0x5e9414 CreateDirectoryA

• 0x5e9418 SetCurrentDirectoryA

• 0x5e941c GetVolumeInformationA

• 0x5e9420 GetModuleHandleA

• 0x5e9424 GetProcAddress

• 0x5e9428 MulDiv

• 0x5e942c GetCommandLineA

• 0x5e9430 GetTickCount

• 0x5e9434 CreateProcessA

• 0x5e9438 WaitForSingleObject

• 0x5e943c CloseHandle

• 0x5e9440 InterlockedExchange

• 0x5e9444 GetProfileStringA

库: USER32.dll:

• 0x5e9500 AdjustWindowRectEx

• 0x5e9504 MapWindowPoints

• 0x5e9508 SendDlgItemMessageA

• 0x5e950c ScrollWindowEx

• 0x5e9510 IsDialogMessageA

• 0x5e9514 CheckMenuItem

• 0x5e9518 SetMenuItemBitmaps

• 0x5e951c GetMenuCheckMarkDimensions

• 0x5e9520 CharNextA

• 0x5e9524 SetWindowContextHelpId

• 0x5e9528 MapDialogRect

• 0x5e952c GetSysColorBrush

• 0x5e9530 GetNextDlgGroupItem

• 0x5e9534 PostThreadMessageA

• 0x5e9538 GetPropA

• 0x5e953c MoveWindow

• 0x5e9540 CallWindowProcA

• 0x5e9544 SetPropA

• 0x5e9548 DrawTextA

• 0x5e954c GetCursor

• 0x5e9550 CreateIconIndirect

• 0x5e9554 GetIconInfo

• 0x5e9558 CopyIcon

• 0x5e955c LoadStringA

• 0x5e9560 SetWindowTextA

• 0x5e9564 UnhookWindowsHookEx

• 0x5e9568 SetWindowsHookExA

• 0x5e956c CallNextHookEx

• 0x5e9570 GetMenuItemCount

• 0x5e9574 GetMenuItemID

• 0x5e9578 GetMenuState

• 0x5e957c GetWindowTextA

• 0x5e9580 FindWindowExA

• 0x5e9584 GetDlgItem

• 0x5e9588 GetClassNameA

• 0x5e958c GetDesktopWindow

• 0x5e9590 MsgWaitForMultipleObjects

• 0x5e9594 DrawStateA

• 0x5e9598 FrameRect

• 0x5e959c GetNextDlgTabItem

• 0x5e95a0 LoadIconA

• 0x5e95a4 TranslateMessage

• 0x5e95a8 DrawFrameControl

• 0x5e95ac DrawEdge

• 0x5e95b0 DrawFocusRect

• 0x5e95b4 WindowFromPoint

• 0x5e95b8 GetMessageA

• 0x5e95bc DispatchMessageA

• 0x5e95c0 SetRectEmpty

• 0x5e95c4 RegisterClipboardFormatA

• 0x5e95c8 CreateIconFromResourceEx

• 0x5e95cc CreateIconFromResource

• 0x5e95d0 DrawIconEx

• 0x5e95d4 CreatePopupMenu

• 0x5e95d8 AppendMenuA

• 0x5e95dc RegisterClassA

• 0x5e95e0 CreateAcceleratorTableA

• 0x5e95e4 GetDlgCtrlID

• 0x5e95e8 GetSubMenu

• 0x5e95ec RegisterHotKey

• 0x5e95f0 ClientToScreen

• 0x5e95f4 EnumDisplaySettingsA

• 0x5e95f8 LoadImageA

• 0x5e95fc SystemParametersInfoA

• 0x5e9600 ShowWindow

• 0x5e9604 IsWindowEnabled

• 0x5e9608 TranslateAcceleratorA

• 0x5e960c GetKeyState

• 0x5e9610 CopyAcceleratorTableA

• 0x5e9614 PostQuitMessage

• 0x5e9618 IsZoomed

• 0x5e961c GetClassInfoA

• 0x5e9620 DefWindowProcA

• 0x5e9624 GetSystemMenu

• 0x5e9628 DeleteMenu

• 0x5e962c GetMenu

• 0x5e9630 SetMenu

• 0x5e9634 PeekMessageA

• 0x5e9638 IsIconic

• 0x5e963c SetFocus

• 0x5e9640 GetActiveWindow

• 0x5e9644 GetWindow

• 0x5e9648 DestroyAcceleratorTable

• 0x5e964c SetWindowRgn

• 0x5e9650 GetMessagePos

• 0x5e9654 ScreenToClient

• 0x5e9658 ChildWindowFromPointEx

• 0x5e965c CopyRect

• 0x5e9660 LoadBitmapA

• 0x5e9664 WinHelpA

• 0x5e9668 KillTimer

• 0x5e966c SetTimer

• 0x5e9670 ReleaseCapture

• 0x5e9674 GetCapture

• 0x5e9678 SetCapture

• 0x5e967c GetScrollRange

• 0x5e9680 SetScrollRange

• 0x5e9684 SetScrollPos

• 0x5e9688 SetRect

• 0x5e968c InflateRect

• 0x5e9690 IntersectRect

• 0x5e9694 DestroyIcon

• 0x5e9698 PtInRect

• 0x5e969c OffsetRect

• 0x5e96a0 IsWindowVisible

• 0x5e96a4 EnableWindow

• 0x5e96a8 RedrawWindow

• 0x5e96ac GetWindowLongA

• 0x5e96b0 SetWindowLongA

• 0x5e96b4 GetSysColor

• 0x5e96b8 SetActiveWindow

• 0x5e96bc SetCursorPos

• 0x5e96c0 LoadCursorA

• 0x5e96c4 SetCursor

• 0x5e96c8 GetDC

• 0x5e96cc FillRect

• 0x5e96d0 IsRectEmpty

• 0x5e96d4 ReleaseDC

• 0x5e96d8 IsChild

• 0x5e96dc TrackPopupMenu

• 0x5e96e0 DestroyMenu

• 0x5e96e4 SetForegroundWindow

• 0x5e96e8 GetWindowRect

• 0x5e96ec EqualRect

• 0x5e96f0 UpdateWindow

• 0x5e96f4 ValidateRect

• 0x5e96f8 InvalidateRect

• 0x5e96fc GetClientRect

• 0x5e9700 GetFocus

• 0x5e9704 GetParent

• 0x5e9708 GetTopWindow

• 0x5e970c PostMessageA

• 0x5e9710 IsWindow

• 0x5e9714 SetParent

• 0x5e9718 DestroyCursor

• 0x5e971c SendMessageA

• 0x5e9720 SetWindowPos

• 0x5e9724 MessageBeep

• 0x5e9728 MessageBoxA

• 0x5e972c GetCursorPos

• 0x5e9730 GetSystemMetrics

• 0x5e9734 UnregisterClassA

• 0x5e9738 ModifyMenuA

• 0x5e973c GetScrollPos

• 0x5e9740 GetClassLongA

• 0x5e9744 RemovePropA

• 0x5e9748 GetMessageTime

• 0x5e974c GetLastActivePopup

• 0x5e9750 RegisterWindowMessageA

• 0x5e9754 GetWindowPlacement

• 0x5e9758 EndDialog

• 0x5e975c CreateDialogIndirectParamA

• 0x5e9760 DestroyWindow

• 0x5e9764 EndPaint

• 0x5e9768 BeginPaint

• 0x5e976c CharUpperA

• 0x5e9770 GetWindowTextLengthA

• 0x5e9774 CreateMenu

• 0x5e9778 UnregisterHotKey

• 0x5e977c EmptyClipboard

• 0x5e9780 SetClipboardData

• 0x5e9784 OpenClipboard

• 0x5e9788 GetClipboardData

• 0x5e978c CloseClipboard

• 0x5e9790 wsprintfA

• 0x5e9794 WaitForInputIdle

• 0x5e9798 CreateWindowExA

• 0x5e979c GetForegroundWindow

• 0x5e97a0 GetMenuStringA

• 0x5e97a4 GetTabbedTextExtentA

• 0x5e97a8 GrayStringA

• 0x5e97ac TabbedTextOutA

• 0x5e97b0 WindowFromDC

• 0x5e97b4 EnumChildWindows

• 0x5e97b8 EnableMenuItem

• 0x5e97bc GetWindowDC

库: GDI32.dll:

• 0x5e9078 CombineRgn

• 0x5e907c PatBlt

• 0x5e9080 CreatePen

• 0x5e9084 SelectObject

• 0x5e9088 CreatePatternBrush

• 0x5e908c CreateBitmap

• 0x5e9090 CreateBrushIndirect

• 0x5e9094 CreateDCA

• 0x5e9098 CreateCompatibleBitmap

• 0x5e909c GetPolyFillMode

• 0x5e90a0 GetStretchBltMode

• 0x5e90a4 GetROP2

• 0x5e90a8 GetBkColor

• 0x5e90ac GetBkMode

• 0x5e90b0 GetTextColor

• 0x5e90b4 CreateRoundRectRgn

• 0x5e90b8 CreateEllipticRgn

• 0x5e90bc PathToRegion

• 0x5e90c0 EndPath

• 0x5e90c4 BeginPath

• 0x5e90c8 GetWindowOrgEx

• 0x5e90cc GetViewportOrgEx

• 0x5e90d0 GetWindowExtEx

• 0x5e90d4 GetDIBits

• 0x5e90d8 RealizePalette

• 0x5e90dc SelectPalette

• 0x5e90e0 StretchBlt

• 0x5e90e4 CreatePalette

• 0x5e90e8 GetSystemPaletteEntries

• 0x5e90ec CreateRectRgn

• 0x5e90f0 FillRgn

• 0x5e90f4 CreateSolidBrush

• 0x5e90f8 CreateRectRgnIndirect

• 0x5e90fc Ellipse

• 0x5e9100 Rectangle

• 0x5e9104 LPtoDP

• 0x5e9108 DPtoLP

• 0x5e910c GetCurrentObject

• 0x5e9110 RoundRect

• 0x5e9114 CreateDIBSection

• 0x5e9118 SetPixel

• 0x5e911c ExtCreateRegion

• 0x5e9120 SetStretchBltMode

• 0x5e9124 GetClipRgn

• 0x5e9128 CreatePolygonRgn

• 0x5e912c CreateFontIndirectA

• 0x5e9130 GetStockObject

• 0x5e9134 GetObjectA

• 0x5e9138 EndPage

• 0x5e913c EndDoc

• 0x5e9140 DeleteDC

• 0x5e9144 SetBkColor

• 0x5e9148 TextOutA

• 0x5e914c SetBkMode

• 0x5e9150 SetTextColor

• 0x5e9154 SetDIBitsToDevice

• 0x5e9158 CreateFontA

• 0x5e915c FrameRgn

• 0x5e9160 OffsetRgn

• 0x5e9164 GetTextMetricsA

• 0x5e9168 LineTo

• 0x5e916c MoveToEx

• 0x5e9170 SetWindowOrgEx

• 0x5e9174 SaveDC

• 0x5e9178 RestoreDC

• 0x5e917c CreatePenIndirect

• 0x5e9180 PtVisible

• 0x5e9184 RectVisible

• 0x5e9188 ExtTextOutA

• 0x5e918c Escape

• 0x5e9190 TranslateCharsetInfo

• 0x5e9194 SetPolyFillMode

• 0x5e9198 SetROP2

• 0x5e919c SetMapMode

• 0x5e91a0 SetViewportOrgEx

• 0x5e91a4 OffsetViewportOrgEx

• 0x5e91a8 SetViewportExtEx

• 0x5e91ac ScaleViewportExtEx

• 0x5e91b0 SetWindowExtEx

• 0x5e91b4 ScaleWindowExtEx

• 0x5e91b8 GetClipBox

• 0x5e91bc ExcludeClipRect

• 0x5e91c0 ExtSelectClipRgn

• 0x5e91c4 GetViewportExtEx

• 0x5e91c8 GetMapMode

• 0x5e91cc DeleteObject

• 0x5e91d0 CreateDIBitmap

• 0x5e91d4 StartDocA

• 0x5e91d8 StartPage

• 0x5e91dc BitBlt

• 0x5e91e0 GetPixel

• 0x5e91e4 GetTextExtentPoint32A

• 0x5e91e8 CreateCompatibleDC

• 0x5e91ec SetPixelV

• 0x5e91f0 GetDeviceCaps

• 0x5e91f4 SelectClipRgn

库: MSIMG32.dll:

• 0x5e944c GradientFill

库: WINSPOOL.DRV:

• 0x5e9848 DocumentPropertiesA

• 0x5e984c ClosePrinter

• 0x5e9850 OpenPrinterA

库: comdlg32.dll:

• 0x5e98b8 GetOpenFileNameA

• 0x5e98bc GetSaveFileNameA

• 0x5e98c0 GetFileTitleA

• 0x5e98c4 ChooseFontA

• 0x5e98c8 ChooseColorA

库: ADVAPI32.dll:

• 0x5e9000 RegSetValueExA

• 0x5e9004 RegOpenKeyExA

• 0x5e9008 RegCloseKey

• 0x5e900c RegCreateKeyExA

• 0x5e9010 RegQueryValueA

库: SHELL32.dll:

• 0x5e94e4 ShellExecuteA

• 0x5e94e8 SHGetSpecialFolderPathA

• 0x5e94ec DragQueryFileA

• 0x5e94f0 DragAcceptFiles

• 0x5e94f4 DragFinish

• 0x5e94f8 Shell_NotifyIconA

库: ole32.dll:

• 0x5e98d0 CLSIDFromString

• 0x5e98d4 OleUninitialize

• 0x5e98d8 OleInitialize

• 0x5e98dc CoCreateGuid

• 0x5e98e0 CoTaskMemFree

• 0x5e98e4 ReleaseStgMedium

• 0x5e98e8 CLSIDFromProgID

• 0x5e98ec CoTaskMemAlloc

• 0x5e98f0 OleRun

• 0x5e98f4 CoCreateInstance

• 0x5e98f8 CoGetClassObject

• 0x5e98fc StgOpenStorageOnILockBytes

• 0x5e9900 StgCreateDocfileOnILockBytes

• 0x5e9904 CreateILockBytesOnHGlobal

• 0x5e9908 CoFreeUnusedLibraries

• 0x5e990c CoRegisterMessageFilter

• 0x5e9910 CoRevokeClassObject

• 0x5e9914 OleFlushClipboard

• 0x5e9918 OleIsCurrentClipboard

• 0x5e991c RevokeDragDrop

库: OLEAUT32.dll:

• 0x5e945c VariantInit

• 0x5e9460 SysAllocString

• 0x5e9464 SafeArrayDestroy

• 0x5e9468 SafeArrayCreate

• 0x5e946c SafeArrayPutElement

• 0x5e9470 RegisterTypeLib

• 0x5e9474 LHashValOfNameSys

• 0x5e9478 LoadTypeLib

• 0x5e947c OleCreateFontIndirect

• 0x5e9480 UnRegisterTypeLib

• 0x5e9484 SysFreeString

• 0x5e9488 SysStringLen

• 0x5e948c SysAllocStringByteLen

• 0x5e9490 VariantCopyInd

• 0x5e9494 SysAllocStringLen

• 0x5e9498 VariantTimeToSystemTime

• 0x5e949c SafeArrayGetElement

• 0x5e94a0 SafeArrayAccessData

• 0x5e94a4 SafeArrayUnaccessData

• 0x5e94a8 SafeArrayGetDim

• 0x5e94ac SafeArrayGetLBound

• 0x5e94b0 SafeArrayGetUBound

• 0x5e94b4 GetErrorInfo

• 0x5e94b8 VariantChangeType

• 0x5e94bc VariantClear

• 0x5e94c0 VariantCopy

• 0x5e94c4 SafeArrayGetElemsize

库: COMCTL32.dll:

• 0x5e9024 ImageList_Destroy

• 0x5e9028 ImageList_Create

• 0x5e902c ImageList_BeginDrag

• 0x5e9030 ImageList_Add

• 0x5e9034 ImageList_Draw

• 0x5e9038 ImageList_AddMasked

• 0x5e903c ImageList_DragEnter

• 0x5e9040 ImageList_SetBkColor

• 0x5e9044 ImageList_GetImageCount

• 0x5e9048 ImageList_GetImageInfo

• 0x5e904c ImageList_GetIcon

• 0x5e9050 ImageList_DragLeave

• 0x5e9054 ImageList_DragMove

• 0x5e9058 ImageList_DragShowNolock

• 0x5e905c ImageList_EndDrag

• 0x5e9060 None

• 0x5e9064 ImageList_Read

• 0x5e9068 _TrackMouseEvent

• 0x5e906c ImageList_Duplicate

• 0x5e9070 ImageList_DrawIndirect

库: oledlg.dll:

• 0x5e9924 None

库: WININET.dll:

• 0x5e97c4 InternetCanonicalizeUrlA

• 0x5e97c8 InternetCrackUrlA

• 0x5e97cc HttpOpenRequestA

• 0x5e97d0 HttpSendRequestA

• 0x5e97d4 HttpQueryInfoA

• 0x5e97d8 InternetReadFile

• 0x5e97dc InternetConnectA

• 0x5e97e0 InternetSetOptionA

• 0x5e97e4 InternetOpenA

• 0x5e97e8 InternetCloseHandle

库: WLDAP32.dll:

• 0x5e9858 None

.text
`.rdata
@.data
.rsrc
VMProtect end
VMProtect end
3h)o`
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
3h,k`
3h,k`
3h,k`
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end
VMProtect end

没有防病毒引擎扫描信息!

进程树

____________20210310.exe id: 2464

搜索
____________20210310.exe (2464)

____________20210310.exe, PID: 2464, 上一级进程 PID: 2168

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49164	104.91.68.27 acroipm.adobe.com	80
192.168.122.201	49163	180.163.198.33 ss3.baidu.com	443
192.168.122.201	49160	39.106.132.118 www.iwzh.cn	80
192.168.122.201	49161	43.248.201.145 api.freeyun.net	443
192.168.122.201	49162	43.248.201.145 api.freeyun.net	443
192.168.122.201	49165	43.248.201.145 api.freeyun.net	443
192.168.122.201	49166	43.248.201.145 api.freeyun.net	443
192.168.122.201	49167	43.248.201.145 api.freeyun.net	443
192.168.122.201	49168	43.248.201.145 api.freeyun.net	443
192.168.122.201	49169	43.248.201.145 api.freeyun.net	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.iwzh.cn	CNAME 557fff94dda76e14.cdn.jiashule.com A 39.106.132.118
api.freeyun.net	A 43.248.201.145
ss3.baidu.com	CNAME sslbaidu.jomodns.com A 180.163.198.33
acroipm.adobe.com	CNAME a1983.dscd.akamai.net CNAME acroipm.adobe.com.edgesuite.net A 104.91.68.27 A 104.91.68.75

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49164	104.91.68.27 acroipm.adobe.com	80
192.168.122.201	49163	180.163.198.33 ss3.baidu.com	443
192.168.122.201	49160	39.106.132.118 www.iwzh.cn	80
192.168.122.201	49161	43.248.201.145 api.freeyun.net	443
192.168.122.201	49162	43.248.201.145 api.freeyun.net	443
192.168.122.201	49165	43.248.201.145 api.freeyun.net	443
192.168.122.201	49166	43.248.201.145 api.freeyun.net	443
192.168.122.201	49167	43.248.201.145 api.freeyun.net	443
192.168.122.201	49168	43.248.201.145 api.freeyun.net	443
192.168.122.201	49169	43.248.201.145 api.freeyun.net	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.iwzh.cn/api/updata/wkzsjbb/	GET /api/updata/wkzsjbb/ HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, / Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: www.iwzh.cn
URL专业沙箱检测 -> http://www.iwzh.cn/api/wangkazhushou.php	GET /api/wangkazhushou.php HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Language: zh-cn Referer: http://www.iwzh.cn/api/wangkazhushou.php User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: www.iwzh.cn
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

URI

HTTP数据

URL专业沙箱检测 -> http://www.iwzh.cn/api/updata/wkzsjbb/

GET /api/updata/wkzsjbb/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: www.iwzh.cn

URL专业沙箱检测 -> http://www.iwzh.cn/api/wangkazhushou.php

GET /api/wangkazhushou.php HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: zh-cn
Referer: http://www.iwzh.cn/api/wangkazhushou.php
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: www.iwzh.cn

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip

GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2021-04-08 22:55:57.343976+0800	192.168.122.201	49161	43.248.201.145	443	TLSv1	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=api.freeyun.net	51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:55:57.941727+0800	192.168.122.201	49162	43.248.201.145	443	TLSv1	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=api.freeyun.net	51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:56:07.135131+0800	192.168.122.201	49167	43.248.201.145	443	TLSv1	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=api.freeyun.net	51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:55:58.290888+0800	192.168.122.201	49163	180.163.198.33	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com	fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb
2021-04-08 22:56:06.959295+0800	192.168.122.201	49166	43.248.201.145	443	TLSv1	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=api.freeyun.net	51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:56:07.761646+0800	192.168.122.201	49169	43.248.201.145	443	TLSv1	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=api.freeyun.net	51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:56:02.269113+0800	192.168.122.201	49165	43.248.201.145	443	TLSv1	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=api.freeyun.net	51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce
2021-04-08 22:56:07.607522+0800	192.168.122.201	49168	43.248.201.145	443	TLSv1	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=api.freeyun.net	51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 30.256 seconds )

11.188 Suricata
7.419 TargetInfo
3.468 BehaviorAnalysis
3.163 Static
2.652 VirusTotal
1.877 NetworkAnalysis
0.455 peid
0.011 config_decoder
0.011 Strings
0.01 AnalysisInfo
0.002 Memory

Signatures ( 22.258 seconds )

19.675 network_http
1.513 md_url_bl
0.223 api_spamming
0.186 stealth_decoy_document
0.169 stealth_timeout
0.085 antidbg_windows
0.051 antiav_detectreg
0.022 antivm_generic_scsi
0.02 infostealer_ftp
0.019 antivm_vbox_window
0.016 md_domain_bl
0.015 antivm_generic_services
0.013 ransomeware_modifies_desktop_wallpaper
0.013 anormaly_invoke_kills
0.013 antisandbox_script_timer
0.012 infostealer_im
0.011 antivm_vbox_libs
0.01 reads_self
0.01 antianalysis_detectreg
0.009 mimics_filetime
0.007 bootkit
0.007 stealth_file
0.007 exec_crash
0.007 antiav_detectfile
0.007 infostealer_mail
0.006 antiemu_wine_func
0.006 infostealer_browser_password
0.006 kovter_behavior
0.006 ransomware_extensions
0.005 anomaly_persistence_autorun
0.005 virus
0.005 geodo_banking_trojan
0.005 infostealer_bitcoin
0.005 ransomware_files
0.004 antiav_avast_libs
0.004 maldun_anomaly_massive_file_ops
0.004 antisandbox_sunbelt_libs
0.004 shifu_behavior
0.004 network_torgateway
0.003 antivm_vmware_libs
0.003 betabot_behavior
0.003 antisandbox_sboxie_libs
0.003 antiav_bitdefender_libs
0.003 dyre_behavior
0.003 kibex_behavior
0.003 encrypted_ioc
0.003 hancitor_behavior
0.003 antivm_vbox_files
0.002 tinba_behavior
0.002 rat_nanocore
0.002 infostealer_browser
0.002 antivm_parallels_keys
0.002 antivm_xen_keys
0.002 disables_browser_warn
0.002 darkcomet_regkeys
0.001 network_tor
0.001 dridex_behavior
0.001 rat_luminosity
0.001 injection_createremotethread
0.001 injection_explorer
0.001 browser_needed
0.001 stealth_network
0.001 ipc_namedpipe
0.001 cerber_behavior
0.001 injection_runpe
0.001 cryptowall_behavior
0.001 bypass_firewall
0.001 antidbg_devices
0.001 antivm_generic_diskreg
0.001 antivm_hyperv_keys
0.001 antivm_vpc_keys
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop
0.001 network_cnc_http
0.001 office_security
0.001 packer_armadillo_regkey
0.001 recon_fingerprint
0.001 stealth_modify_uac_prompt
0.001 stealth_modify_security_center_warnings

Reporting ( 0.734 seconds )

0.62 ReportHTMLSummary
0.114 Malheur


Task ID	628806
Mongo ID	606f1a2c7e769a06adeb36f0
Cuckoo release	1.4-Maldun