分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2022-08-19 11:32:54 | 2022-08-19 11:35:08 | 134 秒 |
文件名 | 生死狙击爱尚辅助V15.5.rar ==> V155.exe |
---|---|
文件大小 | 8671232 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 08aa277b506b594bf4212933cbc56a7b |
SHA1 | f18d1ecd31314366a2c59c34d1ed83c839549419 |
SHA256 | 67cb55e2c29506b1df035eafb09412449753a63932f1363f208756d440e20d57 |
SHA512 | 17e3d360a8b2e331961f95759ec34c457b7b13f776324c42cabadf20ef02b04209495a4f8cdbc1321f97acbef40b400d9f77dd3ed2b457657ce90d0c5831673e |
CRC32 | F154A0DF |
Ssdeep | 98304:udF5ZqlG4082zfokp8prJB45SbWf+YFC2t7TZMtW1ywPZpHCZkdNcw:uDrzAlHB4Qaf+HQT2Wcasg |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 115.223.11.149 | 中国 | |
否 | 150.138.101.76 | 中国 | |
否 | 220.181.135.250 | 中国 | |
否 | 43.129.88.15 | 日本 | |
否 | 59.54.253.95 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
asdata.ui10.net | 未知 | A 43.129.88.15 |
my.4399.com | 未知 |
A 49.71.74.18 A 150.138.101.76 CNAME my.4399.com.lxdns.com A 49.71.73.132 CNAME my.4399api.net |
s1.img4399.com | 未知 |
A 115.223.11.149 CNAME s1.img4399.com.wscdns.com A 61.147.211.209 A 49.71.75.15 |
ptlogin.3304399.net | 未知 |
A 59.54.253.95 A 101.227.98.111 CNAME ptlogin.3304399.net.lxdns.com |
s19.cnzz.com | 未知 |
A 220.181.135.250 CNAME all.cnzz.com.danuoyi.tbcache.com CNAME c.cnzz.com |
s23.cnzz.com | 未知 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 115.223.11.149 | 中国 | |
否 | 150.138.101.76 | 中国 | |
否 | 220.181.135.250 | 中国 | |
否 | 43.129.88.15 | 日本 | |
否 | 59.54.253.95 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 115.223.11.149 s1.img4399.com | 80 |
192.168.122.201 | 49165 | 115.223.11.149 s1.img4399.com | 80 |
192.168.122.201 | 49162 | 150.138.101.76 my.4399.com | 80 |
192.168.122.201 | 49170 | 150.138.101.76 my.4399.com | 80 |
192.168.122.201 | 49175 | 150.138.101.76 my.4399.com | 443 |
192.168.122.201 | 49172 | 220.181.135.250 s19.cnzz.com | 443 |
192.168.122.201 | 49173 | 220.181.135.250 s19.cnzz.com | 443 |
192.168.122.201 | 49159 | 23.33.32.227 | 80 |
192.168.122.201 | 49166 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49167 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49168 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49169 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49171 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49163 | 59.54.253.95 ptlogin.3304399.net | 80 |
192.168.122.201 | 49174 | 59.54.253.95 ptlogin.3304399.net | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 51304 | 192.168.122.1 | 53 |
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 59277 | 192.168.122.1 | 53 |
192.168.122.201 | 60155 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
asdata.ui10.net | 未知 | A 43.129.88.15 |
my.4399.com | 未知 |
A 49.71.74.18 A 150.138.101.76 CNAME my.4399.com.lxdns.com A 49.71.73.132 CNAME my.4399api.net |
s1.img4399.com | 未知 |
A 115.223.11.149 CNAME s1.img4399.com.wscdns.com A 61.147.211.209 A 49.71.75.15 |
ptlogin.3304399.net | 未知 |
A 59.54.253.95 A 101.227.98.111 CNAME ptlogin.3304399.net.lxdns.com |
s19.cnzz.com | 未知 |
A 220.181.135.250 CNAME all.cnzz.com.danuoyi.tbcache.com CNAME c.cnzz.com |
s23.cnzz.com | 未知 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 115.223.11.149 s1.img4399.com | 80 |
192.168.122.201 | 49165 | 115.223.11.149 s1.img4399.com | 80 |
192.168.122.201 | 49162 | 150.138.101.76 my.4399.com | 80 |
192.168.122.201 | 49170 | 150.138.101.76 my.4399.com | 80 |
192.168.122.201 | 49175 | 150.138.101.76 my.4399.com | 443 |
192.168.122.201 | 49172 | 220.181.135.250 s19.cnzz.com | 443 |
192.168.122.201 | 49173 | 220.181.135.250 s19.cnzz.com | 443 |
192.168.122.201 | 49159 | 23.33.32.227 | 80 |
192.168.122.201 | 49166 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49167 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49168 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49169 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49171 | 43.129.88.15 asdata.ui10.net | 80 |
192.168.122.201 | 49163 | 59.54.253.95 ptlogin.3304399.net | 80 |
192.168.122.201 | 49174 | 59.54.253.95 ptlogin.3304399.net | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 51304 | 192.168.122.1 | 53 |
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 59277 | 192.168.122.1 | 53 |
192.168.122.201 | 60155 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://my.4399.com/yxssjj/?from=news&newsrefer= | GET /yxssjj/?from=news&newsrefer= HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: my.4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/css/base.css?v=2 | GET /resource/css/base.css?v=2 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ptlogin.3304399.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/js/jquery.min.1.7.2.js?20a4607 | GET /base/js/jquery.min.1.7.2.js?20a4607 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/KS.css?20a4607 | GET /base/css/KS.css?20a4607 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/ptunlogin.css | GET /base/css/ptunlogin.css HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fhome%2Fcss%2Fglobal_server%2Cglobal_oserver%2Cglobal_footer%2Cglobal_sprite%2CageLimitDialog%3Bwebgame%2Fssjj%2Fnews%2Fcss%2Fptlogin%3Bwebgame%2Fhome%2Ffcm%2Fgame%2FwebFcmStyle.css&v=128cf2e | GET /merge/?file=webgame%2Fhome%2Fcss%2Fglobal_server%2Cglobal_oserver%2Cglobal_footer%2Cglobal_sprite%2CageLimitDialog%3Bwebgame%2Fssjj%2Fnews%2Fcss%2Fptlogin%3Bwebgame%2Fhome%2Ffcm%2Fgame%2FwebFcmStyle.css&v=128cf2e HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/cs.txt | GET //asjjdata/cs.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://asdata.ui10.net/asjjdata/gonggao/zxgg.html | GET /asjjdata/gonggao/zxgg.html HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: asdata.ui10.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/webgame/home/js/init/PageWebTools.js?128cf2e | GET /webgame/home/js/init/PageWebTools.js?128cf2e HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=128cf2e | GET /merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=128cf2e HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/KS.css?20a4607 | GET /base/css/KS.css?20a4607 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate If-Modified-Since: Tue, 20 Nov 2012 02:13:11 GMT If-None-Match: W/"50aae737-902" User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/gonggao/gglx.txt | GET //asjjdata/gonggao/gglx.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/banben.txt | GET //asjjdata/banben.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/zdbanben.txt | GET //asjjdata/zdbanben.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/tj.html?V15.5 | GET //asjjdata/tj.html?V15.5 HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: asdata.ui10.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://s1.img4399.com/base/css/ue_common.css?20a4607 | GET /base/css/ue_common.css?20a4607 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s1.img4399.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/gxdz.txt | GET //asjjdata/gxdz.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: asdata.ui10.net Cache-Control: no-cache |
URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/css/base.css?v=2 | GET /resource/css/base.css?v=2 HTTP/1.1 Accept: */* Referer: http://my.4399.com/yxssjj/?from=news&newsrefer= Accept-Language: zh-CN Accept-Encoding: gzip, deflate If-Modified-Since: Sat, 02 Apr 2022 07:00:38 GMT If-None-Match: "6247f496-e58d" User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ptlogin.3304399.net Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2022-08-19 11:33:24.241712+0800 | 192.168.122.201 | 49167 | 43.129.88.15 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
2022-08-19 11:33:24.321668+0800 | 192.168.122.201 | 49168 | 43.129.88.15 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2022-08-19 11:33:24.921659+0800 | 192.168.122.201 | 49173 | 220.181.135.250 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com | 06:2c:fc:5d:c1:34:6d:ca:7c:4c:e6:5f:dd:15:d0:a5:ca:69:59:bf |
2022-08-19 11:33:24.947773+0800 | 192.168.122.201 | 49172 | 220.181.135.250 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com | 06:2c:fc:5d:c1:34:6d:ca:7c:4c:e6:5f:dd:15:d0:a5:ca:69:59:bf |
2022-08-19 11:33:25.072586+0800 | 192.168.122.201 | 49175 | 150.138.101.76 | 443 | TLS 1.2 | C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.4399.com | 5e:f7:d4:f5:1a:87:36:b6:fb:1b:34:26:06:7a:26:d3:27:d9:8a:d6 |
No Suricata HTTP
文件名 | V155.exe |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\rar-tmp\V155.exe
|
文件大小 | 8671232 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 08aa277b506b594bf4212933cbc56a7b |
SHA1 | f18d1ecd31314366a2c59c34d1ed83c839549419 |
SHA256 | 67cb55e2c29506b1df035eafb09412449753a63932f1363f208756d440e20d57 |
CRC32 | F154A0DF |
Ssdeep | 98304:udF5ZqlG4082zfokp8prJB45SbWf+YFC2t7TZMtW1ywPZpHCZkdNcw:uDrzAlHB4Qaf+HQT2Wcasg |
魔盾安全分析结果 | 10.0 分析时间:2020-09-25 20:44:07 查看分析报告 |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 704740 |
---|---|
Mongo ID | 62ff0554dc327beba7e00de1 |
Cuckoo release | 1.4-Maldun |