分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-2 | 2021-06-19 02:09:23 | 2021-06-19 02:11:34 | 131 秒 |
文件名 | HYXD.exe |
---|---|
文件大小 | 1957888 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 9a09eedb64979157cbdb47378a06879c |
SHA1 | 20e4c4c82a5162ffe6a52b0304ccd511466d5d41 |
SHA256 | 44b0448b84055dd9f7797962d61ef2cac23641efc4f87590fd875d5b2400997e |
SHA512 | ce924b67dfa03563c83ae7a1371e70af65846840ffad1657c3113d56caaef0a8113dfcdac614ff8a430a65f1a52023055edd814192c01b4faff2735671c268dd |
CRC32 | 3D0F4861 |
Ssdeep | 49152:/gyeQzWbbaLGZCcpxKKKQjBXofMDc//////ZTVJ50BSRc0Ole:6/ZCAfBXofMDc///////J5pW0 |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00618000 |
声明校验值 | 0x00000000 |
实际校验值 | 0x001e4f5e |
最低操作系统版本要求 | 4.0 |
编译时间 | 2021-05-15 06:56:00 |
载入哈希 | 7003525c62e1b88163353dfd26879d93 |
图标 | |
图标精确哈希值 | 82ca2085517d0a19bd5c1f6385835a74 |
图标相似性哈希值 | 4d479a6f5e589e2814bdbfbe82633f1c |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000ccf46 | 0x000cd000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.55 |
.rdata | 0x000ce000 | 0x000dd954 | 0x000de000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.50 |
.data | 0x001ac000 | 0x0005374a | 0x00019000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.02 |
.rsrc | 0x00200000 | 0x00017864 | 0x00018000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.36 |
.awang | 0x00218000 | 0x00000064 | 0x00001000 | IMAGE_SCN_MEM_EXECUTE | 0.15 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x00200d40 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x00200d40 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x00200d40 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
RT_CURSOR | 0x00201230 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00201230 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00201230 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00201230 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x00202938 | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x002151f4 | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.81 | GLS_BINARY_LSB_FIRST |
RT_MENU | 0x00215668 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_MENU | 0x00215668 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x002168b0 | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x002172f8 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_GROUP_CURSOR | 0x00217344 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00217344 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x00217344 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x00217400 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00217400 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x00217400 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x00217414 | 0x00000280 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.72 | 8086 relocatable (Microsoft) |
RT_MANIFEST | 0x00217694 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49168 | 114.80.187.102 wwa.lanzoui.com | 443 |
192.168.122.202 | 49181 | 117.27.158.81 www.taobao.com | 80 |
192.168.122.202 | 49182 | 117.27.158.81 www.taobao.com | 443 |
192.168.122.202 | 49160 | 23.218.94.163 acroipm.adobe.com | 80 |
192.168.122.202 | 49183 | 61.172.205.224 ocsp.globalsign.com | 80 |
192.168.122.202 | 49184 | 61.172.205.224 ocsp.globalsign.com | 80 |
192.168.122.202 | 49185 | 61.172.205.224 ocsp.globalsign.com | 80 |
192.168.122.202 | 49186 | 61.172.205.224 ocsp.globalsign.com | 80 |
192.168.122.202 | 49180 | 81.69.249.244 hackerinvasion.f3322.net | 6066 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 50785 | 192.168.122.1 | 53 |
192.168.122.202 | 51349 | 192.168.122.1 | 53 |
192.168.122.202 | 52150 | 192.168.122.1 | 53 |
192.168.122.202 | 53310 | 192.168.122.1 | 53 |
192.168.122.202 | 56802 | 192.168.122.1 | 53 |
192.168.122.202 | 57208 | 192.168.122.1 | 53 |
192.168.122.202 | 58495 | 192.168.122.1 | 53 |
192.168.122.202 | 61625 | 192.168.122.1 | 53 |
192.168.122.202 | 62960 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49168 | 114.80.187.102 wwa.lanzoui.com | 443 |
192.168.122.202 | 49181 | 117.27.158.81 www.taobao.com | 80 |
192.168.122.202 | 49182 | 117.27.158.81 www.taobao.com | 443 |
192.168.122.202 | 49160 | 23.218.94.163 acroipm.adobe.com | 80 |
192.168.122.202 | 49183 | 61.172.205.224 ocsp.globalsign.com | 80 |
192.168.122.202 | 49184 | 61.172.205.224 ocsp.globalsign.com | 80 |
192.168.122.202 | 49185 | 61.172.205.224 ocsp.globalsign.com | 80 |
192.168.122.202 | 49186 | 61.172.205.224 ocsp.globalsign.com | 80 |
192.168.122.202 | 49180 | 81.69.249.244 hackerinvasion.f3322.net | 6066 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 50785 | 192.168.122.1 | 53 |
192.168.122.202 | 51349 | 192.168.122.1 | 53 |
192.168.122.202 | 52150 | 192.168.122.1 | 53 |
192.168.122.202 | 53310 | 192.168.122.1 | 53 |
192.168.122.202 | 56802 | 192.168.122.1 | 53 |
192.168.122.202 | 57208 | 192.168.122.1 | 53 |
192.168.122.202 | 58495 | 192.168.122.1 | 53 |
192.168.122.202 | 61625 | 192.168.122.1 | 53 |
192.168.122.202 | 62960 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://www.taobao.com/help/getip.php | GET /help/getip.php HTTP/1.1 Host: www.taobao.com Cache-Control: no-cache |
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH | GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com |
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH | GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.globalsign.com |
URL专业沙箱检测 -> http://crl.globalsign.net/root.crl | GET /root.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.globalsign.net |
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDG1VcWLvtKJkED9zuA%3D%3D | GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDG1VcWLvtKJkED9zuA%3D%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.globalsign.com |
URL专业沙箱检测 -> http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl | GET /gs/gsorganizationvalsha2g2.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.globalsign.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2021-06-19 02:11:09.180668+0800 | 192.168.122.202 | 49180 | 81.69.249.244 | 6066 | TCP | 2221030 | SURICATA HTTP METHOD terminated by non-compliant character | Generic Protocol Command Decode |
2021-06-19 02:11:09.180668+0800 | 192.168.122.202 | 49180 | 81.69.249.244 | 6066 | TCP | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2021-06-19 02:09:52.570218+0800 | 192.168.122.202 | 49168 | 114.80.187.102 | 443 | TLSv1 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | CN=*.lanzoui.com | d1:7a:6f:b5:77:df:e3:2b:dd:d9:0d:7b:e3:d4:63:2c:e6:c6:44:09 |
2021-06-19 02:11:07.358114+0800 | 192.168.122.202 | 49182 | 117.27.158.81 | 443 | TLSv1 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.tmall.com | 9c:54:64:7f:72:a5:07:a6:b9:1d:46:d3:df:50:a6:7f:8a:28:25:30 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 641037 |
---|---|
Mongo ID | 60cce2297e769a1c5a71322d |
Cuckoo release | 1.4-Maldun |