分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2022-07-05 16:59:55 | 2022-07-05 17:02:11 | 136 秒 |
文件名 | XiaoXin ToolBox V1.0.3.exe |
---|---|
文件大小 | 8377336 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 716a8a81305922a720bbf4ec7ff2b32f |
SHA1 | b4f18b544fac498a459158a9053871b1ae6681eb |
SHA256 | eca4aeec1175b9f48f0a612a452a2814a3f04345fad45016889f33b9868acdd8 |
SHA512 | 08e487d4e387b4dfb9397417e93d32f04994a1a72457079f8e71fa2df8f99fe5c3c9cf6ed6b25d7bc68fdcd9e06606f1c589678200d25bd1d3c133820be5396d |
CRC32 | 39A2515F |
Ssdeep | 196608:SP1Tid4/4hBhBNsUvf+1Zg3hjX2yY8JXej+BxCGcMJJNA3:dqgsU+1oT287BJs3 |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 103.205.252.104 | 中国 | |
否 | 180.111.199.93 | 中国 | |
否 | 47.96.130.35 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
gitclone.com | 未知 | A 47.96.130.35 |
q1.qlogo.cn | 未知 |
CNAME q.qlogo.cn A 180.111.199.93 A 180.111.198.52 A 180.111.199.110 A 180.111.198.158 A 180.111.199.109 A 180.111.199.184 A 180.111.199.95 A 180.111.198.41 A 180.111.198.106 A 180.111.198.198 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0129c058 |
声明校验值 | 0x008080bb |
实际校验值 | 0x008080bb |
最低操作系统版本要求 | 4.0 |
编译时间 | 2022-07-04 01:14:19 |
载入哈希 | e59d7c7e8285eee901e619ad01d97421 |
导出DLL库名称 | \x38\x31\x39\x31\x38\x31\x31\x38\x31\x31\x31\x36\x31\x31\x34\x31\x31\x31 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
0x00001000 | 0x003ca4cd | 0x00111fd3 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.99 | |
0x003cc000 | 0x002754d1 | 0x001322b8 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.98 | |
0x00642000 | 0x00128c76 | 0x000334f3 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.98 | |
0x0076b000 | 0x002e0bac | 0x002e1000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 8.00 | |
.exports | 0x00a4c000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.76 |
.imports | 0x00a4d000 | 0x00001000 | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.17 |
.rsrc | 0x00a4e000 | 0x00002000 | 0x00002000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.88 |
.themida | 0x00a50000 | 0x0044c000 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.boot | 0x00e9c000 | 0x0029f000 | 0x0029e3f8 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.96 |
序列 | 地址 | 名称 |
---|---|---|
1 | 0x729720 | e2ee_CacheClear |
2 | 0x729760 | e2ee_CacheDecr |
3 | 0x729700 | e2ee_CacheDelete |
4 | 0x7296e0 | e2ee_CacheExists |
5 | 0x729620 | e2ee_CacheGet |
6 | 0x7296a0 | e2ee_CacheGetMulti |
7 | 0x7296c0 | e2ee_CacheGetMultiText |
8 | 0x729640 | e2ee_CacheGetText |
9 | 0x729740 | e2ee_CacheIncr |
10 | 0x729660 | e2ee_CacheSet |
11 | 0x729780 | e2ee_CacheSetExpire |
12 | 0x729680 | e2ee_CacheSetText |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 103.205.252.104 | 中国 | |
否 | 180.111.199.93 | 中国 | |
否 | 47.96.130.35 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49162 | 103.205.252.104 | 9969 |
192.168.122.201 | 49163 | 180.111.199.93 q1.qlogo.cn | 80 |
192.168.122.201 | 49158 | 184.28.235.201 | 80 |
192.168.122.201 | 49161 | 47.96.130.35 gitclone.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
gitclone.com | 未知 | A 47.96.130.35 |
q1.qlogo.cn | 未知 |
CNAME q.qlogo.cn A 180.111.199.93 A 180.111.198.52 A 180.111.199.110 A 180.111.198.158 A 180.111.199.109 A 180.111.199.184 A 180.111.199.95 A 180.111.198.41 A 180.111.198.106 A 180.111.198.198 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49162 | 103.205.252.104 | 9969 |
192.168.122.201 | 49163 | 180.111.199.93 q1.qlogo.cn | 80 |
192.168.122.201 | 49158 | 184.28.235.201 | 80 |
192.168.122.201 | 49161 | 47.96.130.35 gitclone.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://103.205.252.104:9969/api/xiaoxin/gonggao.html | GET /api/xiaoxin/gonggao.html HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 103.205.252.104:9969 |
URL专业沙箱检测 -> http://q1.qlogo.cn/g?b=qq&nk=&s=640 | GET /g?b=qq&nk=&s=640 HTTP/1.1 Accept: */* Referer: http://q1.qlogo.cn/g?b=qq&nk=&s=640 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: q1.qlogo.cn Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2022-07-05 17:00:27.469092+0800 | 192.168.122.201 | 49161 | 47.96.130.35 | 443 | TLSv1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 | CN=gitclone.com | c7:a5:19:c0:b1:89:b2:90:b5:e3:dc:6c:98:25:44:d6:c7:a2:c6:2c |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 698052 |
---|---|
Mongo ID | 62c3feb3dc327b14ec5afd05 |
Cuckoo release | 1.4-Maldun |