分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2022-01-29 19:45:03 | 2022-01-29 19:45:58 | 55 秒 |
文件名 | 博宇人物透视.exe |
---|---|
文件大小 | 1024000 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | d0a03049ae5febaa4b0ba8f694a77dc0 |
SHA1 | 5624e8acd9c0309ba87fae6ccf5f26bdbbc31332 |
SHA256 | 5947e325afe4f564f881da65ab34141dad8d464a225bb018b37f6193ffe9ed04 |
SHA512 | 3b8cd362d985f1ebf35f2f91b3d2bc6a166ef61512b08d2e57b08da42e1734a59d8de481c29d0099e8474d9f78054f2304fe300888d7a55ad8e52a22702f4ab2 |
CRC32 | C51200B3 |
Ssdeep | 24576:U+AeEh20kqOEqw85t7fAx7Zo5lG4nCsHrMaLxn:U+AeEh20Yw8zAxqlG4CsLMaB |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 119.96.89.91 | 未知 | 中国 |
否 | 14.215.158.24 | 未知 | 中国 |
否 | 183.3.226.29 | 未知 | 中国 |
是 | 45.125.58.206 | 未知 | 中国 |
否 | 47.98.88.98 | 未知 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
yuhuan6.lanzoux.com | 未知 |
A 119.96.89.91 CNAME all.lanzoux.com.w.kunlungr.com |
www.lanzoux.com | 未知 | |
developer.lanzoug.com | 未知 | A 47.98.88.98 |
jq.qq.com | 未知 | A 14.215.158.24 |
qm.qq.com | 未知 | A 183.3.226.29 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00497b3b |
声明校验值 | 0x00000000 |
实际校验值 | 0x000fa470 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2021-07-30 23:22:05 |
载入哈希 | a970b0beb20ba86c965bd1c618e6424e |
图标 | |
图标精确哈希值 | 7e8d0dbe5de19f74f384ae459c5abecf |
图标相似性哈希值 | 439e81c5165936c3ea55d4df339c6380 |
LegalCopyright | |
---|---|
FileVersion | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000b83c2 | 0x000b9000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.56 |
.rdata | 0x000ba000 | 0x00021da4 | 0x00022000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.05 |
.data | 0x000dc000 | 0x00068a0a | 0x00018000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.05 |
.rsrc | 0x00145000 | 0x00005b20 | 0x00006000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.78 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x00145c78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x00145c78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
TEXTINCLUDE | 0x00145c78 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.25 | C source, ASCII text, with CRLF line terminators |
RT_CURSOR | 0x00146168 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00146168 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00146168 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_CURSOR | 0x00146168 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.74 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_BITMAP | 0x001479dc | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.88 | data |
RT_ICON | 0x00148340 | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x00148340 | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x00148340 | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x00148340 | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_ICON | 0x00148340 | 0x00000668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.62 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 0, next used block 0 |
RT_MENU | 0x001489b4 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_MENU | 0x001489b4 | 0x00000284 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.28 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_DIALOG | 0x00149bfc | 0x0000018c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.74 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_STRING | 0x0014a644 | 0x00000024 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.90 | data |
RT_GROUP_CURSOR | 0x0014a690 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x0014a690 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x0014a690 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.25 | MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x0014a6f8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x0014a6f8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x0014a6f8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x0014a70c | 0x00000244 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.82 | data |
RT_MANIFEST | 0x0014a950 | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 119.96.89.91 | 未知 | 中国 |
否 | 14.215.158.24 | 未知 | 中国 |
否 | 183.3.226.29 | 未知 | 中国 |
是 | 45.125.58.206 | 未知 | 中国 |
否 | 47.98.88.98 | 未知 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 119.96.89.91 yuhuan6.lanzoux.com | 443 |
192.168.122.201 | 49162 | 119.96.89.91 yuhuan6.lanzoux.com | 443 |
192.168.122.201 | 49166 | 14.215.158.24 jq.qq.com | 443 |
192.168.122.201 | 49167 | 14.215.158.24 jq.qq.com | 443 |
192.168.122.201 | 49168 | 183.3.226.29 qm.qq.com | 80 |
192.168.122.201 | 49169 | 183.3.226.29 qm.qq.com | 80 |
192.168.122.201 | 49170 | 183.3.226.29 qm.qq.com | 443 |
192.168.122.201 | 49171 | 183.3.226.29 qm.qq.com | 443 |
192.168.122.201 | 49164 | 23.194.213.147 | 80 |
192.168.122.201 | 49160 | 45.125.58.206 | 94 |
192.168.122.201 | 49163 | 47.98.88.98 developer.lanzoug.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
yuhuan6.lanzoux.com | 未知 |
A 119.96.89.91 CNAME all.lanzoux.com.w.kunlungr.com |
www.lanzoux.com | 未知 | |
developer.lanzoug.com | 未知 | A 47.98.88.98 |
jq.qq.com | 未知 | A 14.215.158.24 |
qm.qq.com | 未知 | A 183.3.226.29 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 119.96.89.91 yuhuan6.lanzoux.com | 443 |
192.168.122.201 | 49162 | 119.96.89.91 yuhuan6.lanzoux.com | 443 |
192.168.122.201 | 49166 | 14.215.158.24 jq.qq.com | 443 |
192.168.122.201 | 49167 | 14.215.158.24 jq.qq.com | 443 |
192.168.122.201 | 49168 | 183.3.226.29 qm.qq.com | 80 |
192.168.122.201 | 49169 | 183.3.226.29 qm.qq.com | 80 |
192.168.122.201 | 49170 | 183.3.226.29 qm.qq.com | 443 |
192.168.122.201 | 49171 | 183.3.226.29 qm.qq.com | 443 |
192.168.122.201 | 49164 | 23.194.213.147 | 80 |
192.168.122.201 | 49160 | 45.125.58.206 | 94 |
192.168.122.201 | 49163 | 47.98.88.98 developer.lanzoug.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://45.125.58.206:94/qun6.txt | GET /qun6.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: 45.125.58.206:94 Cache-Control: no-cache |
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://qm.qq.com/cgi-bin/qm/qr?k=N6zpEKjad8SAgopxCP6SrjeSwwGSRhlN&authKey=NVfYFYJw%2BBSLYZCuClmr9tmyl6m8Jwdm52Qj4quB%2BFQR%2BEd3XENxJ33JQle09QzC&noverify=0&group_code=797993389 | GET /cgi-bin/qm/qr?k=N6zpEKjad8SAgopxCP6SrjeSwwGSRhlN&authKey=NVfYFYJw%2BBSLYZCuClmr9tmyl6m8Jwdm52Qj4quB%2BFQR%2BEd3XENxJ33JQle09QzC&noverify=0&group_code=797993389 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: qm.qq.com Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2022-01-29 19:45:47.523810+0800 | 192.168.122.201 | 49160 | 45.125.58.206 | 94 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2022-01-29 19:45:26.288439+0800 | 192.168.122.201 | 49161 | 119.96.89.91 | 443 | TLSv1 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | CN=*.lanzoux.com | 48:2c:33:a2:80:7e:6d:24:fd:e2:44:c0:04:70:01:53:5c:88:1a:24 |
2022-01-29 19:45:49.228800+0800 | 192.168.122.201 | 49167 | 14.215.158.24 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 | C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jq.qq.com | be:fe:55:f5:e9:1e:0a:df:14:de:30:5a:58:49:6e:43:23:ca:9f:48 |
2022-01-29 19:45:26.954374+0800 | 192.168.122.201 | 49162 | 119.96.89.91 | 443 | TLSv1 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | CN=*.lanzoux.com | 48:2c:33:a2:80:7e:6d:24:fd:e2:44:c0:04:70:01:53:5c:88:1a:24 |
2022-01-29 19:45:50.027320+0800 | 192.168.122.201 | 49170 | 183.3.226.29 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 | C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=qqweb.qq.com | 77:01:9e:0f:3c:8e:0f:41:b9:e6:63:14:ac:cc:34:72:e0:d4:fb:69 |
2022-01-29 19:45:50.123150+0800 | 192.168.122.201 | 49171 | 183.3.226.29 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 | C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=qqweb.qq.com | 77:01:9e:0f:3c:8e:0f:41:b9:e6:63:14:ac:cc:34:72:e0:d4:fb:69 |
2022-01-29 19:45:27.341636+0800 | 192.168.122.201 | 49163 | 47.98.88.98 | 443 | TLSv1 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | CN=*.lanzoug.com | 82:e2:cf:f4:10:c6:f3:b9:96:01:2f:d7:2f:22:c6:66:93:54:07:9a |
2022-01-29 19:45:47.880579+0800 | 192.168.122.201 | 49166 | 14.215.158.24 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 | C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=jq.qq.com | be:fe:55:f5:e9:1e:0a:df:14:de:30:5a:58:49:6e:43:23:ca:9f:48 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 675386 |
---|---|
Mongo ID | 61f529597e769a11525d8521 |
Cuckoo release | 1.4-Maldun |