分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2021-04-08 22:55:37 | 2021-04-08 22:57:43 | 126 秒 |
文件名 | 王卡助手20210310.exe |
---|---|
文件大小 | 4534272 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 6907cec51859b238c2b0225dcea38765 |
SHA1 | 4eaec64ed91407053a0cb14d7a6d5fc6cfeebeba |
SHA256 | 166b82cd380506e97d7de60bda5744c24216ae7812849b750ab2bbf278bd0b57 |
SHA512 | fde5dd79363846a0c3ddc346337d6933bc3b4a85ee1a9163eea0bbfe3fa5a848840c919050e8fc51166869d9b89f630d4e70af664cea7b3956e433a6f6f87b40 |
CRC32 | E199F0AB |
Ssdeep | 49152:nEzuCLMLhzoHMRkHsVfPkOQ1mxVFy42XFSBFjPBFjAu1qr6O0qr6OTqr6Obis:5nVfPkOQcjFxkORZRAu1qr67qr6Kqr6s |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
www.iwzh.cn |
CNAME 557fff94dda76e14.cdn.jiashule.com A 39.106.132.118 |
|
api.freeyun.net | A 43.248.201.145 | |
ss3.baidu.com |
CNAME sslbaidu.jomodns.com A 180.163.198.33 |
|
acroipm.adobe.com |
CNAME a1983.dscd.akamai.net CNAME acroipm.adobe.com.edgesuite.net A 104.91.68.27 A 104.91.68.75 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x005b8fa0 |
声明校验值 | 0x00000000 |
实际校验值 | 0x004542de |
最低操作系统版本要求 | 4.0 |
编译时间 | 2021-03-10 17:18:19 |
载入哈希 | 6f57a1bd79769bacc80f4df1abb834b9 |
图标 | |
图标精确哈希值 | 1bca88d3f61fc22108bfeca5dc5a84cd |
图标相似性哈希值 | d2a275ade2a7e584a484dd6146324137 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x001e73d5 | 0x001e8000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.41 |
.rdata | 0x001e9000 | 0x0023b46a | 0x0023c000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.51 |
.data | 0x00425000 | 0x000a74d6 | 0x00025000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.53 |
.rsrc | 0x004cd000 | 0x00008ef8 | 0x00009000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.62 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x004cdfac | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x004cdfac | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x004cdfac | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
WAVE | 0x004ce100 | 0x00001448 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.35 | RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 22050 Hz |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_CURSOR | 0x004cfe68 | 0x00000134 | LANG_ITALIAN | SUBLANG_ITALIAN | 3.07 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x004d2760 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_ICON | 0x004d2cb4 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.05 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x004d2cb4 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.05 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x004d2cb4 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.05 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 |
RT_MENU | 0x004d3d68 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_MENU | 0x004d3d68 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x004d4fb0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x004d59f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_GROUP_CURSOR | 0x004d5aa8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x004d5aa8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x004d5aa8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x004d5aa8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x004d5aa8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x004d5aa8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x004d5aa8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x004d5aa8 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x004d5af4 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x004d5af4 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x004d5af4 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x004d5b08 | 0x00000220 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.38 | data |
RT_MANIFEST | 0x004d5d28 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 104.91.68.27 acroipm.adobe.com | 80 |
192.168.122.201 | 49163 | 180.163.198.33 ss3.baidu.com | 443 |
192.168.122.201 | 49160 | 39.106.132.118 www.iwzh.cn | 80 |
192.168.122.201 | 49161 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49162 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49165 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49166 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49167 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49168 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49169 | 43.248.201.145 api.freeyun.net | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
www.iwzh.cn |
CNAME 557fff94dda76e14.cdn.jiashule.com A 39.106.132.118 |
|
api.freeyun.net | A 43.248.201.145 | |
ss3.baidu.com |
CNAME sslbaidu.jomodns.com A 180.163.198.33 |
|
acroipm.adobe.com |
CNAME a1983.dscd.akamai.net CNAME acroipm.adobe.com.edgesuite.net A 104.91.68.27 A 104.91.68.75 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 104.91.68.27 acroipm.adobe.com | 80 |
192.168.122.201 | 49163 | 180.163.198.33 ss3.baidu.com | 443 |
192.168.122.201 | 49160 | 39.106.132.118 www.iwzh.cn | 80 |
192.168.122.201 | 49161 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49162 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49165 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49166 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49167 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49168 | 43.248.201.145 api.freeyun.net | 443 |
192.168.122.201 | 49169 | 43.248.201.145 api.freeyun.net | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://www.iwzh.cn/api/updata/wkzsjbb/ | GET /api/updata/wkzsjbb/ HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: www.iwzh.cn |
URL专业沙箱检测 -> http://www.iwzh.cn/api/wangkazhushou.php | GET /api/wangkazhushou.php HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://www.iwzh.cn/api/wangkazhushou.php User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: www.iwzh.cn |
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2021-04-08 22:55:57.343976+0800 | 192.168.122.201 | 49161 | 43.248.201.145 | 443 | TLSv1 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=api.freeyun.net | 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce |
2021-04-08 22:55:57.941727+0800 | 192.168.122.201 | 49162 | 43.248.201.145 | 443 | TLSv1 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=api.freeyun.net | 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce |
2021-04-08 22:56:07.135131+0800 | 192.168.122.201 | 49167 | 43.248.201.145 | 443 | TLSv1 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=api.freeyun.net | 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce |
2021-04-08 22:55:58.290888+0800 | 192.168.122.201 | 49163 | 180.163.198.33 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=beijing, L=beijing, OU=service operation department, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com | fc:b4:0a:45:f2:7e:b3:91:ad:b1:3f:34:a6:25:96:87:35:ce:dd:cb |
2021-04-08 22:56:06.959295+0800 | 192.168.122.201 | 49166 | 43.248.201.145 | 443 | TLSv1 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=api.freeyun.net | 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce |
2021-04-08 22:56:07.761646+0800 | 192.168.122.201 | 49169 | 43.248.201.145 | 443 | TLSv1 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=api.freeyun.net | 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce |
2021-04-08 22:56:02.269113+0800 | 192.168.122.201 | 49165 | 43.248.201.145 | 443 | TLSv1 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=api.freeyun.net | 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce |
2021-04-08 22:56:07.607522+0800 | 192.168.122.201 | 49168 | 43.248.201.145 | 443 | TLSv1 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=api.freeyun.net | 51:45:95:ae:45:6b:17:73:85:3a:72:bd:93:1a:01:3e:f2:a6:bf:ce |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 628806 |
---|---|
Mongo ID | 606f1a2c7e769a06adeb36f0 |
Cuckoo release | 1.4-Maldun |