分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2023-06-07 17:11:38 | 2023-06-07 17:13:53 | 135 秒 |
文件名 | ._cache_锄大地5.22.4.exe |
---|---|
文件大小 | 9158295 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 69175a2da049d19f22be8ea5f90845f2 |
SHA1 | 6bc6d031585ec90fb715c45689642928ad853fff |
SHA256 | 1dc633d25ca34ed7fe8b7efc5c76a9bcd645aa4676d608978fdc436d4df8c1e3 |
SHA512 | ba6d4c8767b917c18c7f09535085af20bae314f29a4aa903dea874a35e1227ef4a4671b1aed35b523013cfd7833da8383873ba2f9d1e62c3b994fcd2005f3fc5 |
CRC32 | EAC59C98 |
Ssdeep | 98304:/r3frjoeEg5qcAd4p5Blmkk5/C4OWoHI7NINa4tqR+zqbJ278Inp4jEMS66BXlkz:/7frMM5qr4Flmh5dCIetOl27WEMSZsJ |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 117.27.139.134 | 中国 | |
否 | 124.237.176.160 | 中国 | |
否 | 165.160.15.20 | 美国 | |
否 | 180.101.50.242 | 中国 | |
否 | 220.181.33.11 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
soft.anjian.com | 未知 | A 117.27.139.134 |
down.vrbrothers.com | 未知 | |
www.baidu.com | 未知 |
CNAME www.a.shifen.com A 180.101.50.188 A 180.101.50.242 |
hi.vrbrothers.com | 未知 | |
ad.vrbrothers.com | 未知 | |
s.csbew.com | 未知 |
A 165.160.15.20 A 165.160.13.20 |
img.users.51.la | 未知 | NXDOMAIN |
hm.baidu.com | 未知 |
CNAME hm.e.shifen.com A 220.181.33.11 |
log.hm.baidu.com | 未知 |
CNAME log.hm.e.shifen.com A 124.237.176.160 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00b86000 |
声明校验值 | 0x002e3da8 |
实际校验值 | 0x008c4209 |
最低操作系统版本要求 | 5.1 |
编译时间 | 2020-06-09 15:55:40 |
载入哈希 | baa93d47220682c04d92f7797d9224ce |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
2418b40b100bec5216a9781c921185916cfe9407 | Tue Jun 09 16:07:43 2020 | WinVerifyTrust returned error 0x80096010 |
证书链 | Certificate Chain 1 |
发行给 | DigiCert Assured ID Root CA |
发行人 | DigiCert Assured ID Root CA |
有效期 | Mon Nov 10 080000 2031 |
SHA1 哈希 | 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
证书链 | Certificate Chain 2 |
发行给 | DigiCert SHA2 Assured ID Code Signing CA |
发行人 | DigiCert Assured ID Root CA |
有效期 | Sun Oct 22 200000 2028 |
SHA1 哈希 | 92c1588e85af2201ce7915e8538b492f605b80c6 |
证书链 | Certificate Chain 3 |
发行给 | Fujian Chuangyi Jiahe Soft Co., Ltd. |
发行人 | DigiCert SHA2 Assured ID Code Signing CA |
有效期 | Thu Mar 25 200000 2021 |
SHA1 哈希 | ed5f47d7adc69afd09ac3fe793a357c4bab7145a |
证书链 | Timestamp Chain 1 |
发行给 | DigiCert Assured ID Root CA |
发行人 | DigiCert Assured ID Root CA |
有效期 | Mon Nov 10 080000 2031 |
SHA1 哈希 | 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |
证书链 | Timestamp Chain 2 |
发行给 | DigiCert Assured ID CA-1 |
发行人 | DigiCert Assured ID Root CA |
有效期 | Wed Nov 10 080000 2021 |
SHA1 哈希 | 19a09b5a36f4dd99727df783c17a51231a56c117 |
证书链 | Timestamp Chain 3 |
发行给 | DigiCert Timestamp Responder |
发行人 | DigiCert Assured ID CA-1 |
有效期 | Tue Oct 22 080000 2024 |
SHA1 哈希 | 614d271d9102e30169822487fde5de00a352b01d |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
\x00 | 0x00001000 | 0x002d3000 | 0x00134a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.99 |
.rsrc | 0x002d4000 | 0x00039a78 | 0x00023c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.95 |
.idata | 0x0030e000 | 0x00001000 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.31 |
0x0030f000 | 0x002fd000 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.26 | |
dlyhprqf | 0x0060c000 | 0x0017a000 | 0x00179800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.86 |
nrszgpfo | 0x00786000 | 0x00001000 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.35 |
偏移量 | 0x00765fa0 |
大小 | 0x00155ef7 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_MENU | 0x0030b94c | 0x0000010e | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0030bdb0 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0030bdb0 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0030bdb0 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0030bdb0 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0030bdb0 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0030bdb0 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_DIALOG | 0x0030bdb0 | 0x00000034 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_STRING | 0x0030d008 | 0x000001a6 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
RT_GROUP_CURSOR | 0x0030d2d8 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
None | 0x0030d9cc | 0x000000aa | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | None |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 117.27.139.134 | 中国 | |
否 | 124.237.176.160 | 中国 | |
否 | 165.160.15.20 | 美国 | |
否 | 180.101.50.242 | 中国 | |
否 | 220.181.33.11 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49159 | 104.100.168.41 | 80 |
192.168.122.201 | 49161 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49162 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49163 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49164 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49168 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49172 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49173 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49174 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49179 | 124.237.176.160 log.hm.baidu.com | 80 |
192.168.122.201 | 49180 | 124.237.176.160 log.hm.baidu.com | 80 |
192.168.122.201 | 49175 | 165.160.15.20 s.csbew.com | 80 |
192.168.122.201 | 49176 | 165.160.15.20 s.csbew.com | 80 |
192.168.122.201 | 49178 | 220.181.33.11 hm.baidu.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 51304 | 192.168.122.1 | 53 |
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 53759 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 59277 | 192.168.122.1 | 53 |
192.168.122.201 | 60155 | 192.168.122.1 | 53 |
192.168.122.201 | 61447 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
192.168.122.201 | 63902 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
soft.anjian.com | 未知 | A 117.27.139.134 |
down.vrbrothers.com | 未知 | |
www.baidu.com | 未知 |
CNAME www.a.shifen.com A 180.101.50.188 A 180.101.50.242 |
hi.vrbrothers.com | 未知 | |
ad.vrbrothers.com | 未知 | |
s.csbew.com | 未知 |
A 165.160.15.20 A 165.160.13.20 |
img.users.51.la | 未知 | NXDOMAIN |
hm.baidu.com | 未知 |
CNAME hm.e.shifen.com A 220.181.33.11 |
log.hm.baidu.com | 未知 |
CNAME log.hm.e.shifen.com A 124.237.176.160 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49159 | 104.100.168.41 | 80 |
192.168.122.201 | 49161 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49162 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49163 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49164 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49168 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49172 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49173 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49174 | 117.27.139.134 soft.anjian.com | 80 |
192.168.122.201 | 49179 | 124.237.176.160 log.hm.baidu.com | 80 |
192.168.122.201 | 49180 | 124.237.176.160 log.hm.baidu.com | 80 |
192.168.122.201 | 49175 | 165.160.15.20 s.csbew.com | 80 |
192.168.122.201 | 49176 | 165.160.15.20 s.csbew.com | 80 |
192.168.122.201 | 49178 | 220.181.33.11 hm.baidu.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 51304 | 192.168.122.1 | 53 |
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 53759 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 59277 | 192.168.122.1 | 53 |
192.168.122.201 | 60155 | 192.168.122.1 | 53 |
192.168.122.201 | 61447 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
192.168.122.201 | 63902 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://down.vrbrothers.com/qmacro/up_mymacro/liveupdate8.dat | GET /qmacro/up_mymacro/liveupdate8.dat HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: down.vrbrothers.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://soft.anjian.com/V2014V2/Config/ad-mymacro.xml | GET /V2014V2/Config/ad-mymacro.xml HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: soft.anjian.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://soft.anjian.com/Include/BuildPage/ExitAdXJL.shtml | POST /Include/BuildPage/ExitAdXJL.shtml HTTP/1.1 Accept: */* Host: soft.anjian.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 0 Cache-Control: no-cache |
URL专业沙箱检测 -> http://soft.anjian.com/Interface/GetIP.aspx | POST /Interface/GetIP.aspx HTTP/1.1 Accept: */* Host: soft.anjian.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 29 Cache-Control: no-cache data=697580D98850350D55630001 |
URL专业沙箱检测 -> http://soft.anjian.com/Include/BuildPage/AnJianBindingInstallPC.html | GET /Include/BuildPage/AnJianBindingInstallPC.html HTTP/1.1 User-Agent: HttpClient Host: soft.anjian.com Cache-Control: no-cache |
URL专业沙箱检测 -> http://soft.anjian.com/Interface/BindingPC/BindingUpdate.aspx | POST /Interface/BindingPC/BindingUpdate.aspx HTTP/1.1 Accept: */* Host: soft.anjian.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 269 Cache-Control: no-cache Cookie: ASP.NET_SessionId=fykk4ubv2mp0g1rsglhrnrzz data=09206B45BCFC569EBF8446011F6926E431F804A318E631C411256E8DE7592EED2796AF2EDF5529F9871EE4D34F0A0924B2F7F03D604499651666740C8F43EDB05CD75B9985870B13A018B1B802552A63D10CABD234C9ADB137AD8EAC671F08B417800B0D373A5F906E1294A3D2DCCD8704B5BD50072769DCC690460924C38A25B8F60002 |
URL专业沙箱检测 -> http://soft.anjian.com/Interface/BindingPC/BindingUsing.aspx | POST /Interface/BindingPC/BindingUsing.aspx HTTP/1.1 Accept: */* Host: soft.anjian.com Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible) Content-Length: 157 Cache-Control: no-cache Cookie: ASP.NET_SessionId=fykk4ubv2mp0g1rsglhrnrzz data=32225CA34697FF1E3AFB05BA3DF60C148EDA0EF2A32655A6D546E3F3C3AB7FCE61EB634F7DB1E5B526A40D9EED55F6A1931FC880E6C81F794222156A8A2DA41A9C52C350B09E29209D4B0002 |
URL专业沙箱检测 -> http://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm | GET /qmacro/ad-mymacro8-b.htm HTTP/1.1 User-Agent: ._cache__________5.22.4 Host: ad.vrbrothers.com |
URL专业沙箱检测 -> http://ad.vrbrothers.com/qmacro/ad-mymacro8-n.htm | GET /qmacro/ad-mymacro8-n.htm HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ad.vrbrothers.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm | GET /qmacro/ad-mymacro8-p.htm HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ad.vrbrothers.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm | GET /qmacro/ad-mymacro8-b.htm HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ad.vrbrothers.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s.csbew.com/k.js | GET /k.js HTTP/1.1 Accept: */* Referer: http://ad.vrbrothers.com/qmacro/ad-mymacro8-p.htm Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s.csbew.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s.csbew.com/k.js | GET /k.js HTTP/1.1 Accept: */* Referer: http://ad.vrbrothers.com/qmacro/ad-mymacro8-b.htm Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: s.csbew.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://hm.baidu.com/h.js?82d5c049236934007371777578c30be1 | GET /h.js?82d5c049236934007371777578c30be1 HTTP/1.1 Accept: application/javascript, */*;q=0.8 Referer: http://soft.anjian.com/V2014V2/UserExperience/SoftwareExperience.shtml?UT&P=mymacro&VP=2014.06.19549&VR=1.1.0.19486&MC=fbac1552 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Connection: Keep-Alive Host: hm.baidu.com |
URL专业沙箱检测 -> http://log.hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1440x900&et=0&ja=1&ln=zh-CN&lo=0<=1675774689&nv=1&rnd=1478447540&si=82d5c049236934007371777578c30be1&st=1&v=1.3.0&lv=2 | GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1440x900&et=0&ja=1&ln=zh-CN&lo=0<=1675774689&nv=1&rnd=1478447540&si=82d5c049236934007371777578c30be1&st=1&v=1.3.0&lv=2 HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: http://soft.anjian.com/V2014V2/UserExperience/SoftwareExperience.shtml?UT&P=mymacro&VP=2014.06.19549&VR=1.1.0.19486&MC=fbac1552 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate DNT: 1 Connection: Keep-Alive Host: log.hm.baidu.com Cookie: HMACCOUNT=E1D26E5788266558 |
URL专业沙箱检测 -> http://log.hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1440x900&ep=2000,100&et=3&ja=1&ln=zh-CN&lo=0<=1675774689&nv=0&rnd=1667573351&si=82d5c049236934007371777578c30be1&st=4&v=1.3.0&lv=2 | GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1440x900&ep=2000,100&et=3&ja=1&ln=zh-CN&lo=0<=1675774689&nv=0&rnd=1667573351&si=82d5c049236934007371777578c30be1&st=4&v=1.3.0&lv=2 HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: http://soft.anjian.com/V2014V2/UserExperience/SoftwareExperience.shtml?UT&P=mymacro&VP=2014.06.19549&VR=1.1.0.19486&MC=fbac1552 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate DNT: 1 Connection: Keep-Alive Host: log.hm.baidu.com Cookie: HMACCOUNT=E1D26E5788266558 |
URL专业沙箱检测 -> http://log.hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1440x900&et=0&ja=1&ln=zh-CN&lo=0<=1675774866&nv=1&rnd=292622231&si=82d5c049236934007371777578c30be1&st=1&v=1.3.0&lv=2 | GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1440x900&et=0&ja=1&ln=zh-CN&lo=0<=1675774866&nv=1&rnd=292622231&si=82d5c049236934007371777578c30be1&st=1&v=1.3.0&lv=2 HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: http://soft.anjian.com/V2014V2/UserExperience/SoftwareExperience.shtml?MyMacro2014=2014.06.19549&MMID=0010BDFBF195046ED175ED71E46C2F29F651F41C5C0A316DB9737889962B69ABD1CD5B0FE8DD2CD8D60FC68B5C45FE944B6A11420B17FA797226DF57E162DBDFC2F291D54C911DDEFFF791FA12049079C1389019 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate DNT: 1 Connection: Keep-Alive Host: log.hm.baidu.com Cookie: HMACCOUNT=E1D26E5788266558 |
URL专业沙箱检测 -> http://log.hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1440x900&ep=2000,100&et=3&ja=1&ln=zh-CN&lo=0<=1675774866&nv=0&rnd=998648007&si=82d5c049236934007371777578c30be1&st=4&v=1.3.0&lv=2 | GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1440x900&ep=2000,100&et=3&ja=1&ln=zh-CN&lo=0<=1675774866&nv=0&rnd=998648007&si=82d5c049236934007371777578c30be1&st=4&v=1.3.0&lv=2 HTTP/1.1 Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5 Referer: http://soft.anjian.com/V2014V2/UserExperience/SoftwareExperience.shtml?MyMacro2014=2014.06.19549&MMID=0010BDFBF195046ED175ED71E46C2F29F651F41C5C0A316DB9737889962B69ABD1CD5B0FE8DD2CD8D60FC68B5C45FE944B6A11420B17FA797226DF57E162DBDFC2F291D54C911DDEFFF791FA12049079C1389019 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Accept-Encoding: gzip, deflate DNT: 1 Connection: Keep-Alive Host: log.hm.baidu.com Cookie: HMACCOUNT=E1D26E5788266558 |
无SMTP流量.
无IRC请求.
源地址 | 目标地址 | ICMP类型 | 数据 |
---|---|---|---|
192.168.122.201 | 180.101.50.242 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
180.101.50.242 | 192.168.122.201 | 0 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.122.201 | 180.101.50.242 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
180.101.50.242 | 192.168.122.201 | 0 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.122.201 | 180.101.50.242 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
180.101.50.242 | 192.168.122.201 | 0 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.122.201 | 180.101.50.242 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
180.101.50.242 | 192.168.122.201 | 0 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.122.201 | 180.101.50.242 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
180.101.50.242 | 192.168.122.201 | 0 | abcdefghijklmnopqrstuvwabcdefghi |
192.168.122.201 | 180.101.50.242 | 8 | abcdefghijklmnopqrstuvwabcdefghi |
180.101.50.242 | 192.168.122.201 | 0 | abcdefghijklmnopqrstuvwabcdefghi |
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2023-06-07 17:12:14.869845+0800 | 192.168.122.201 | 49168 | 117.27.139.134 | 80 | TCP | 2008974 | ET MALWARE User-Agent (Mozilla/4.0 (compatible)) | A Network Trojan was detected |
2023-06-07 17:12:06.441842+0800 | 192.168.122.201 | 49163 | 117.27.139.134 | 80 | TCP | 2008974 | ET MALWARE User-Agent (Mozilla/4.0 (compatible)) | A Network Trojan was detected |
2023-06-07 17:12:18.012949+0800 | 192.168.122.201 | 49172 | 117.27.139.134 | 80 | TCP | 2008974 | ET MALWARE User-Agent (Mozilla/4.0 (compatible)) | A Network Trojan was detected |
2023-06-07 17:12:06.869891+0800 | 192.168.122.201 | 49163 | 117.27.139.134 | 80 | TCP | 2008974 | ET MALWARE User-Agent (Mozilla/4.0 (compatible)) | A Network Trojan was detected |
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 721967 |
---|---|
Mongo ID | 64804aa9dc327b4796064f5c |
Cuckoo release | 1.4-Maldun |