分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2023-01-27 16:01:16 2023-01-27 16:03:29 133 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 SuWar3Tools.exe
文件大小 659456 字节
文件类型 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 3fb2b4a918acaa367d3b9523d4fa9cb0
SHA1 f5379f4bcd248f0c0e8dd59beb69b741128cb67b
SHA256 24f0cac86ca2985d3dadb117cbf77e97305fd338f46545c97f81d4de26d61808
SHA512 9d8c9b1583f61d8e5945dd5d9afc22b37e2a7855c0300a4906f2854d260f80a7dbeaafb7b9a54b66e20e85057fe00ac6158b503c78353cd9b0505d56f9bf6928
CRC32 9DAB3975
Ssdeep 12288:FdT22NEthtMzvIVxNVoLnJroDb3ynuFkgCDl:jbIVx/oLcpFkjDl
Yara 登录查看Yara规则
找不到该样本 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
119.28.77.158 中国
139.129.143.197 中国
20.205.243.166 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.suyx.net 未知 A 139.129.143.197
github.com 未知 A 20.205.243.166
visitor-badge.laobi.icu 未知 A 119.28.77.158

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0049d76e
声明校验值 0x00000000
实际校验值 0x000af73b
最低操作系统版本要求 4.0
编译时间 2022-09-21 22:46:42
载入哈希 f34d5f2d4577ed6d9ceec516c1f5a744
图标
图标精确哈希值 74cc139109cecf141803bc7caac97302
图标相似性哈希值 92edeafa207130be5cd130064af9ed75

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00002000 0x0009b774 0x0009b800 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.08
.rsrc 0x0009e000 0x0000535c 0x00005400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.11
.reloc 0x000a4000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x0009e100 0x00004228 LANG_NEUTRAL SUBLANG_NEUTRAL 5.86 dBase III DBT, version number 0, next free block index 40
RT_GROUP_ICON 0x000a2338 0x00000014 LANG_NEUTRAL SUBLANG_NEUTRAL 1.92 MS Windows icon resource - 1 icon, 64x64
RT_VERSION 0x000a235c 0x00000304 LANG_NEUTRAL SUBLANG_NEUTRAL 3.25 data
RT_MANIFEST 0x000a2670 0x00000ce8 LANG_NEUTRAL SUBLANG_NEUTRAL 5.90 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

导入

库: mscoree.dll:
0x402000 _CorExeMain

装载信息

名称 SuWar3Tools
版本 1.0.0.0

装载参考

名称 版本
mscorlib 4.0.0.0
System.Net.Http 4.0.0.0
System 4.0.0.0
System.Windows.Forms 4.0.0.0
System.Drawing 4.0.0.0
System.Runtime.Serialization 4.0.0.0
System.Data 4.0.0.0
System.IO.Compression 4.0.0.0
System.Management 4.0.0.0
System.Core 4.0.0.0
System.IO.Compression.FileSystem 4.0.0.0

自定义属性

类型 名称
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute Copyright \xc2\xa9 20
Assembly [mscorlib]System.Reflection.AssemblyFileVersionAttribute 1.0.0

类型参考

装载 类型名称
System System.CodeDom.Compiler.GeneratedCodeAttribute
System System.ComponentModel.CancelEventArgs
System System.ComponentModel.CancelEventHandler
System System.ComponentModel.Component
System System.ComponentModel.EditorBrowsableAttribute
System System.ComponentModel.EditorBrowsableState
System System.ComponentModel.IContainer
System System.ComponentModel.ISupportInitialize
System System.ComponentModel.Win32Exception
System System.Configuration.ApplicationSettingsBase
System System.Configuration.SettingsBase
System System.Diagnostics.DataReceivedEventArgs
System System.Diagnostics.DataReceivedEventHandler
System System.Diagnostics.FileVersionInfo
System System.Diagnostics.Process
System System.Diagnostics.ProcessModule
System System.Diagnostics.ProcessModuleCollection
System System.Diagnostics.ProcessStartInfo
System System.Diagnostics.ProcessThread
System System.Diagnostics.ProcessThreadCollection
System System.Net.IPAddress
System System.Net.IPEndPoint
System System.Net.NetworkInformation.IPGlobalProperties
System System.Net.NetworkInformation.TcpConnectionInformation
System System.Net.NetworkInformation.TcpState
System System.Threading.ThreadExceptionEventArgs
System System.Threading.ThreadExceptionEventHandler
System System.Timers.ElapsedEventArgs
System System.Timers.ElapsedEventHandler
System System.Timers.Timer
System System.Uri
System.Core System.Linq.Enumerable
System.Data System.Data.DataColumn
System.Data System.Data.DataColumnCollection
System.Data System.Data.DataRow
System.Data System.Data.DataRowCollection
System.Data System.Data.DataTable
System.Data System.Data.InternalDataCollectionBase
System.Drawing System.Drawing.Bitmap
System.Drawing System.Drawing.Color
System.Drawing System.Drawing.ContentAlignment
System.Drawing System.Drawing.Font
System.Drawing System.Drawing.FontFamily
System.Drawing System.Drawing.FontStyle
System.Drawing System.Drawing.Graphics
System.Drawing System.Drawing.GraphicsUnit
System.Drawing System.Drawing.Icon
System.Drawing System.Drawing.Image
System.Drawing System.Drawing.Imaging.ImageFormat
System.Drawing System.Drawing.Point
System.Drawing System.Drawing.PointF
System.Drawing System.Drawing.Rectangle
System.Drawing System.Drawing.Size
System.Drawing System.Drawing.SizeF
System.Drawing System.Drawing.SystemColors
System.IO.Compression System.IO.Compression.ZipArchive
System.IO.Compression System.IO.Compression.ZipArchiveEntry
System.IO.Compression.FileSystem System.IO.Compression.ZipFile
System.IO.Compression.FileSystem System.IO.Compression.ZipFileExtensions
System.Management System.Management.ManagementBaseObject
System.Management System.Management.ManagementClass
System.Management System.Management.ManagementObject
System.Management System.Management.ManagementObjectCollection
System.Management System.Management.ManagementObjectCollection/ManagementObjectEnumerator
System.Management System.Management.PropertyData
System.Management System.Management.PropertyDataCollection
System.Net.Http System.Net.Http.HttpClient
System.Runtime.Serialization System.Runtime.Serialization.Json.DataContractJsonSerializer
System.Runtime.Serialization System.Runtime.Serialization.XmlObjectSerializer
System.Windows.Forms System.Windows.Forms.AnchorStyles
System.Windows.Forms System.Windows.Forms.Application
System.Windows.Forms System.Windows.Forms.AutoScaleMode
System.Windows.Forms System.Windows.Forms.BaseCollection
System.Windows.Forms System.Windows.Forms.BorderStyle
System.Windows.Forms System.Windows.Forms.Button
System.Windows.Forms System.Windows.Forms.ButtonBase
System.Windows.Forms System.Windows.Forms.CheckBox
System.Windows.Forms System.Windows.Forms.CheckState
System.Windows.Forms System.Windows.Forms.Clipboard
System.Windows.Forms System.Windows.Forms.ComboBox
System.Windows.Forms System.Windows.Forms.ComboBox/ObjectCollection
System.Windows.Forms System.Windows.Forms.ComboBoxStyle
System.Windows.Forms System.Windows.Forms.CommonDialog
System.Windows.Forms System.Windows.Forms.ContainerControl
System.Windows.Forms System.Windows.Forms.ContextMenuStrip
System.Windows.Forms System.Windows.Forms.Control
System.Windows.Forms System.Windows.Forms.Control/ControlCollection
System.Windows.Forms System.Windows.Forms.ControlStyles
System.Windows.Forms System.Windows.Forms.CreateParams
System.Windows.Forms System.Windows.Forms.Cursor
System.Windows.Forms System.Windows.Forms.Cursors
System.Windows.Forms System.Windows.Forms.DataGridView
System.Windows.Forms System.Windows.Forms.DataGridViewAutoSizeRowsMode
System.Windows.Forms System.Windows.Forms.DataGridViewBand
System.Windows.Forms System.Windows.Forms.DataGridViewCell
System.Windows.Forms System.Windows.Forms.DataGridViewCellEventArgs
System.Windows.Forms System.Windows.Forms.DataGridViewCellEventHandler
System.Windows.Forms System.Windows.Forms.DataGridViewCellMouseEventArgs
System.Windows.Forms System.Windows.Forms.DataGridViewCellMouseEventHandler
System.Windows.Forms System.Windows.Forms.DataGridViewCellStyle
System.Windows.Forms System.Windows.Forms.DataGridViewCheckBoxCell
System.Windows.Forms System.Windows.Forms.DataGridViewColumn
System.Windows.Forms System.Windows.Forms.DataGridViewColumnCollection
System.Windows.Forms System.Windows.Forms.DataGridViewColumnHeadersHeightSizeMode
System.Windows.Forms System.Windows.Forms.DataGridViewColumnSortMode
System.Windows.Forms System.Windows.Forms.DataGridViewContentAlignment
System.Windows.Forms System.Windows.Forms.DataGridViewRow
System.Windows.Forms System.Windows.Forms.DataGridViewTriState
System.Windows.Forms System.Windows.Forms.DialogResult
System.Windows.Forms System.Windows.Forms.DockStyle
System.Windows.Forms System.Windows.Forms.FileDialog
System.Windows.Forms System.Windows.Forms.FlatButtonAppearance
System.Windows.Forms System.Windows.Forms.FlatStyle
System.Windows.Forms System.Windows.Forms.Form
System.Windows.Forms System.Windows.Forms.FormBorderStyle
System.Windows.Forms System.Windows.Forms.FormClosingEventArgs
System.Windows.Forms System.Windows.Forms.FormClosingEventHandler
System.Windows.Forms System.Windows.Forms.FormStartPosition
System.Windows.Forms System.Windows.Forms.FormWindowState
System.Windows.Forms System.Windows.Forms.GroupBox
System.Windows.Forms System.Windows.Forms.HorizontalAlignment
System.Windows.Forms System.Windows.Forms.HtmlDocument
System.Windows.Forms System.Windows.Forms.HtmlElement
System.Windows.Forms System.Windows.Forms.HtmlElementErrorEventArgs
System.Windows.Forms System.Windows.Forms.HtmlElementErrorEventHandler
System.Windows.Forms System.Windows.Forms.HtmlWindow
System.Windows.Forms System.Windows.Forms.IMessageFilter
System.Windows.Forms System.Windows.Forms.KeyEventArgs
System.Windows.Forms System.Windows.Forms.KeyEventHandler
System.Windows.Forms System.Windows.Forms.Keys
System.Windows.Forms System.Windows.Forms.Label
System.Windows.Forms System.Windows.Forms.Layout.ArrangedElementCollection
System.Windows.Forms System.Windows.Forms.LinkLabel
System.Windows.Forms System.Windows.Forms.LinkLabelLinkClickedEventArgs
System.Windows.Forms System.Windows.Forms.LinkLabelLinkClickedEventHandler
System.Windows.Forms System.Windows.Forms.ListControl
System.Windows.Forms System.Windows.Forms.Message
System.Windows.Forms System.Windows.Forms.MessageBox
System.Windows.Forms System.Windows.Forms.MessageBoxButtons
System.Windows.Forms System.Windows.Forms.MessageBoxDefaultButton
System.Windows.Forms System.Windows.Forms.MessageBoxIcon
System.Windows.Forms System.Windows.Forms.MouseButtons
System.Windows.Forms System.Windows.Forms.MouseEventArgs
System.Windows.Forms System.Windows.Forms.MouseEventHandler
System.Windows.Forms System.Windows.Forms.NotifyIcon
System.Windows.Forms System.Windows.Forms.OpenFileDialog
System.Windows.Forms System.Windows.Forms.Padding
System.Windows.Forms System.Windows.Forms.Panel
System.Windows.Forms System.Windows.Forms.RichTextBox
System.Windows.Forms System.Windows.Forms.Screen
System.Windows.Forms System.Windows.Forms.SendKeys
System.Windows.Forms System.Windows.Forms.SystemInformation
System.Windows.Forms System.Windows.Forms.TextBox
System.Windows.Forms System.Windows.Forms.TextBoxBase
System.Windows.Forms System.Windows.Forms.ToolStrip
System.Windows.Forms System.Windows.Forms.ToolStripDropDown
System.Windows.Forms System.Windows.Forms.ToolStripDropDownItem
System.Windows.Forms System.Windows.Forms.ToolStripDropDownMenu
System.Windows.Forms System.Windows.Forms.ToolStripItem
System.Windows.Forms System.Windows.Forms.ToolStripItemClickedEventArgs
System.Windows.Forms System.Windows.Forms.ToolStripItemClickedEventHandler
System.Windows.Forms System.Windows.Forms.ToolStripItemCollection
System.Windows.Forms System.Windows.Forms.ToolStripMenuItem
System.Windows.Forms System.Windows.Forms.ToolStripSeparator
System.Windows.Forms System.Windows.Forms.ToolTip
System.Windows.Forms System.Windows.Forms.UnhandledExceptionMode
System.Windows.Forms System.Windows.Forms.WebBrowser
System.Windows.Forms System.Windows.Forms.WebBrowserDocumentCompletedEventArgs
System.Windows.Forms System.Windows.Forms.WebBrowserDocumentCompletedEventHandler
mscorlib Microsoft.Win32.Registry
mscorlib Microsoft.Win32.RegistryKey
mscorlib Microsoft.Win32.RegistryValueKind
mscorlib System.Action
mscorlib System.Action`1
mscorlib System.Action`2
mscorlib System.Activator
mscorlib System.AppDomain
mscorlib System.ArgumentException
mscorlib System.ArgumentNullException
mscorlib System.Array
mscorlib System.AsyncCallback
mscorlib System.Attribute
mscorlib System.BitConverter
mscorlib System.Boolean
mscorlib System.Byte
mscorlib System.Char
mscorlib System.Collections.Generic.Dictionary`2
mscorlib System.Collections.Generic.Dictionary`2/Enumerator
mscorlib System.Collections.Generic.Dictionary`2/KeyCollection
mscorlib System.Collections.Generic.Dictionary`2/KeyCollection/Enumerator
mscorlib System.Collections.Generic.Dictionary`2/ValueCollection
mscorlib System.Collections.Generic.IEnumerable`1
mscorlib System.Collections.Generic.IEnumerator`1
mscorlib System.Collections.Generic.KeyValuePair`2
mscorlib System.Collections.Generic.List`1
mscorlib System.Collections.Generic.List`1/Enumerator
mscorlib System.Collections.Hashtable
mscorlib System.Collections.ICollection
mscorlib System.Collections.IEnumerable
mscorlib System.Collections.IEnumerator
mscorlib System.Collections.ObjectModel.ReadOnlyCollection`1
mscorlib System.Collections.ReadOnlyCollectionBase
mscorlib System.Console
mscorlib System.Convert
mscorlib System.DateTime
mscorlib System.Delegate
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Diagnostics.DebuggerHiddenAttribute
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
mscorlib System.Double
mscorlib System.Enum
mscorlib System.Environment
mscorlib System.Environment/SpecialFolder
mscorlib System.EventArgs
mscorlib System.EventHandler
mscorlib System.Exception
mscorlib System.FlagsAttribute
mscorlib System.Func`1
mscorlib System.Func`2
mscorlib System.Globalization.CultureInfo
mscorlib System.Guid
mscorlib System.IAsyncResult
mscorlib System.IDisposable
mscorlib System.IO.BinaryReader
mscorlib System.IO.Directory
mscorlib System.IO.DirectoryInfo
mscorlib System.IO.File
mscorlib System.IO.FileAccess
mscorlib System.IO.FileInfo
mscorlib System.IO.FileMode
mscorlib System.IO.FileStream
mscorlib System.IO.MemoryStream
mscorlib System.IO.Path
mscorlib System.IO.SeekOrigin
mscorlib System.IO.Stream
mscorlib System.IO.StreamReader
mscorlib System.IO.StreamWriter
mscorlib System.IO.TextReader
mscorlib System.IO.TextWriter
mscorlib System.Int32
mscorlib System.Int64
mscorlib System.IntPtr
mscorlib System.Math
mscorlib System.MissingMethodException
mscorlib System.MulticastDelegate
mscorlib System.NotSupportedException
mscorlib System.Object
mscorlib System.OperatingSystem
mscorlib System.ParamArrayAttribute
mscorlib System.Predicate`1
mscorlib System.Random
mscorlib System.Reflection.Assembly
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyConfigurationAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Reflection.BindingFlags
mscorlib System.Reflection.FieldInfo
mscorlib System.Reflection.MemberInfo
mscorlib System.Resources.ResourceManager
mscorlib System.Runtime.CompilerServices.AsyncStateMachineAttribute
mscorlib System.Runtime.CompilerServices.AsyncTaskMethodBuilder
mscorlib System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1
mscorlib System.Runtime.CompilerServices.AsyncVoidMethodBuilder
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
mscorlib System.Runtime.CompilerServices.IAsyncStateMachine
mscorlib System.Runtime.CompilerServices.IteratorStateMachineAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Runtime.CompilerServices.RuntimeHelpers
mscorlib System.Runtime.CompilerServices.TaskAwaiter
mscorlib System.Runtime.CompilerServices.TaskAwaiter`1
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Runtime.InteropServices.LayoutKind
mscorlib System.Runtime.InteropServices.Marshal
mscorlib System.Runtime.InteropServices.StructLayoutAttribute
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib System.RuntimeFieldHandle
mscorlib System.RuntimeTypeHandle
mscorlib System.STAThreadAttribute
mscorlib System.Security.Cryptography.CipherMode
mscorlib System.Security.Cryptography.HashAlgorithm
mscorlib System.Security.Cryptography.ICryptoTransform
mscorlib System.Security.Cryptography.MD5CryptoServiceProvider
mscorlib System.Security.Cryptography.PaddingMode
mscorlib System.Security.Cryptography.RijndaelManaged
mscorlib System.Security.Cryptography.SymmetricAlgorithm
mscorlib System.Security.UnverifiableCodeAttribute
mscorlib System.Single
mscorlib System.String
mscorlib System.StringComparison
mscorlib System.StringSplitOptions
mscorlib System.Text.Encoding
mscorlib System.Text.StringBuilder
mscorlib System.Text.UnicodeEncoding
mscorlib System.Threading.EventWaitHandle
mscorlib System.Threading.Interlocked
mscorlib System.Threading.ManualResetEvent
mscorlib System.Threading.Monitor
mscorlib System.Threading.Mutex
mscorlib System.Threading.Tasks.Task
mscorlib System.Threading.Tasks.Task`1
mscorlib System.Threading.Thread
mscorlib System.Threading.WaitHandle
mscorlib System.TimeSpan
mscorlib System.Type
mscorlib System.UInt32
mscorlib System.UInt64
mscorlib System.UIntPtr
mscorlib System.UnhandledExceptionEventArgs
mscorlib System.UnhandledExceptionEventHandler
mscorlib System.ValueType
mscorlib System.Version

.text
`.rsrc
@.reloc
&+1('
没有防病毒引擎扫描信息!

进程树


SuWar3Tools.exe, PID: 2644, 上一级进程 PID: 2316
FD0EFF5D.exe, PID: 2808, 上一级进程 PID: 2644

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
119.28.77.158 中国
139.129.143.197 中国
20.205.243.166 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49165 119.28.77.158 visitor-badge.laobi.icu 443
192.168.122.201 49164 139.129.143.197 www.suyx.net 80
192.168.122.201 49163 20.205.243.166 github.com 443
192.168.122.201 49160 23.67.75.120 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.suyx.net 未知 A 139.129.143.197
github.com 未知 A 20.205.243.166
visitor-badge.laobi.icu 未知 A 119.28.77.158

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49165 119.28.77.158 visitor-badge.laobi.icu 443
192.168.122.201 49164 139.129.143.197 www.suyx.net 80
192.168.122.201 49163 20.205.243.166 github.com 443
192.168.122.201 49160 23.67.75.120 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://www.suyx.net/war3/download/getupdate.ashx?l=1
GET /war3/download/getupdate.ashx?l=1 HTTP/1.1
Host: www.suyx.net
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.suyx.net/war3/download/README.md
GET /war3/download/README.md HTTP/1.1
Host: www.suyx.net

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2023-01-27 16:01:55.245457+0800 192.168.122.201 49163 20.205.243.166 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com 1e:16:cc:3f:84:2f:65:fc:c0:ab:93:2d:63:8a:c6:4a:95:c9:1b:7a
2023-01-27 16:01:55.631032+0800 192.168.122.201 49165 119.28.77.158 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=visitor-badge.laobi.icu c6:68:26:03:b8:6c:50:e3:87:09:5f:6e:f0:89:37:f4:7b:24:d6:f3

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 31.473 seconds )

  • 13.172 NetworkAnalysis
  • 11.004 Suricata
  • 3.544 VirusTotal
  • 1.82 BehaviorAnalysis
  • 0.962 Static
  • 0.474 peid
  • 0.357 TargetInfo
  • 0.115 static_dotnet
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory
  • 0.001 config_decoder

Signatures ( 35.935 seconds )

  • 33.657 network_http
  • 1.403 md_url_bl
  • 0.101 api_spamming
  • 0.083 stealth_timeout
  • 0.082 stealth_decoy_document
  • 0.075 antiav_detectreg
  • 0.044 antidbg_windows
  • 0.032 infostealer_ftp
  • 0.021 antiav_detectfile
  • 0.019 infostealer_im
  • 0.016 antivm_generic_scsi
  • 0.015 kovter_behavior
  • 0.015 antianalysis_detectreg
  • 0.014 antiemu_wine_func
  • 0.014 infostealer_browser_password
  • 0.014 infostealer_bitcoin
  • 0.013 mimics_filetime
  • 0.013 md_domain_bl
  • 0.012 antivm_generic_services
  • 0.011 reads_self
  • 0.011 antivm_generic_disk
  • 0.011 virus
  • 0.011 infostealer_mail
  • 0.01 bootkit
  • 0.01 antiav_avast_libs
  • 0.01 stealth_file
  • 0.01 antivm_vbox_window
  • 0.01 antisandbox_sunbelt_libs
  • 0.009 injection_createremotethread
  • 0.009 anormaly_invoke_kills
  • 0.009 antivm_vbox_files
  • 0.008 maldun_anomaly_massive_file_ops
  • 0.007 antisandbox_sboxie_libs
  • 0.007 antiav_bitdefender_libs
  • 0.007 antisandbox_script_timer
  • 0.007 hancitor_behavior
  • 0.007 geodo_banking_trojan
  • 0.006 anomaly_persistence_autorun
  • 0.006 injection_runpe
  • 0.005 antivm_vbox_libs
  • 0.005 betabot_behavior
  • 0.005 kibex_behavior
  • 0.005 shifu_behavior
  • 0.005 ransomware_files
  • 0.004 packer_themida
  • 0.004 antivm_parallels_keys
  • 0.004 antivm_xen_keys
  • 0.004 ransomware_extensions
  • 0.003 injection_explorer
  • 0.003 ransomeware_modifies_desktop_wallpaper
  • 0.003 exec_crash
  • 0.003 antidbg_devices
  • 0.003 darkcomet_regkeys
  • 0.002 tinba_behavior
  • 0.002 hawkeye_behavior
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 antisandbox_sleep
  • 0.002 browser_needed
  • 0.002 antivm_generic_diskreg
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.002 rat_pcclient
  • 0.002 recon_fingerprint
  • 0.001 infostealer_browser
  • 0.001 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.001 dridex_behavior
  • 0.001 rat_luminosity
  • 0.001 antivm_vmware_libs
  • 0.001 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.001 sets_autoconfig_url
  • 0.001 Locky_behavior
  • 0.001 kazybot_behavior
  • 0.001 dyre_behavior
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 cerber_behavior
  • 0.001 h1n1_behavior
  • 0.001 bypass_firewall
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 packer_armadillo_regkey
  • 0.001 recon_programs
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.53 seconds )

  • 0.523 ReportHTMLSummary
  • 0.007 Malheur
Task ID 717085
Mongo ID 63d385ac7e769a7a56f3f994
Cuckoo release 1.4-Maldun