分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2023-06-07 18:46:58 | 2023-06-07 18:49:58 | 180 秒 |
文件名 | 雷电9人脸.exe |
---|---|
文件大小 | 3360256 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | ba58574a15b55b777b45b5f96bab0af5 |
SHA1 | 4b2471dd460e3fd3bbf274e5c350f559786ce500 |
SHA256 | 461b2bcaa82061399cb2b9e4260b7e3d443c50fb28dab24b64e2d288f14f9575 |
SHA512 | abe9be393d3906c6610b296bd17075b6752dc0a3404879a746d5d523939b9751dbe404f9f16ab68bd327ebed1c36c042198d1be0f5db02e47c56d659101007ff |
CRC32 | 20B70553 |
Ssdeep | 49152:rnsHyjtk2MYC5GDqYREXSVMDi3t0F+N+Rc4VdF5:rnsmtk2aQ2SVMD8Og+RciF5 |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 121.12.125.122 | 中国 | |
否 | 128.121.146.101 | 美国 | |
否 | 174.128.246.100 | 美国 | |
否 | 47.102.42.74 | 中国 | |
否 | 54.76.135.1 | 爱尔兰 | |
否 | 77.4.7.92 | 德国 |
域名 | 安全评级 | 响应 |
---|---|---|
xred.mooo.com | 未知 |
A 253.157.14.165 A 54.76.135.1 A 77.4.7.92 |
nisheba.ysepan.com | 未知 | A 121.12.125.122 |
freedns.afraid.org | 未知 | A 174.128.246.100 |
docs.google.com | 未知 | A 128.121.146.101 |
author.mobileanjian.com | 未知 | A 47.102.42.74 |
kinh.xmcxmr.com | 未知 | NXDOMAIN |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0049ab80 |
声明校验值 | 0x00000000 |
实际校验值 | 0x0033c471 |
最低操作系统版本要求 | 4.0 |
编译时间 | 1992-06-20 06:22:17 |
载入哈希 | 332f7ce65ead0adfb3d35147033aabe9 |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
CODE | 0x00001000 | 0x00099bec | 0x00099c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.57 |
DATA | 0x0009b000 | 0x00002e54 | 0x00003000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.85 |
BSS | 0x0009e000 | 0x000011e5 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.idata | 0x000a0000 | 0x00002a42 | 0x00002c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.92 |
.tls | 0x000a3000 | 0x00000010 | 0x00000000 | IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rdata | 0x000a4000 | 0x00000039 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 0.78 |
.reloc | 0x000a5000 | 0x0000a980 | 0x0000aa00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 6.67 |
.rsrc | 0x000b0000 | 0x00289d50 | 0x00289e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_SHARED|IMAGE_SCN_MEM_READ | 6.65 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 121.12.125.122 | 中国 | |
否 | 128.121.146.101 | 美国 | |
否 | 174.128.246.100 | 美国 | |
否 | 47.102.42.74 | 中国 | |
否 | 54.76.135.1 | 爱尔兰 | |
否 | 77.4.7.92 | 德国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49169 | 121.12.125.122 nisheba.ysepan.com | 80 |
192.168.122.201 | 49170 | 174.128.246.100 freedns.afraid.org | 80 |
192.168.122.201 | 49160 | 23.223.198.226 | 80 |
192.168.122.201 | 49175 | 47.102.42.74 author.mobileanjian.com | 80 |
192.168.122.201 | 49176 | 47.102.42.74 author.mobileanjian.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 51805 | 192.168.122.1 | 53 |
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 59236 | 192.168.122.1 | 53 |
192.168.122.201 | 59277 | 192.168.122.1 | 53 |
192.168.122.201 | 60869 | 192.168.122.1 | 53 |
192.168.122.201 | 61447 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
xred.mooo.com | 未知 |
A 253.157.14.165 A 54.76.135.1 A 77.4.7.92 |
nisheba.ysepan.com | 未知 | A 121.12.125.122 |
freedns.afraid.org | 未知 | A 174.128.246.100 |
docs.google.com | 未知 | A 128.121.146.101 |
author.mobileanjian.com | 未知 | A 47.102.42.74 |
kinh.xmcxmr.com | 未知 | NXDOMAIN |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49169 | 121.12.125.122 nisheba.ysepan.com | 80 |
192.168.122.201 | 49170 | 174.128.246.100 freedns.afraid.org | 80 |
192.168.122.201 | 49160 | 23.223.198.226 | 80 |
192.168.122.201 | 49175 | 47.102.42.74 author.mobileanjian.com | 80 |
192.168.122.201 | 49176 | 47.102.42.74 author.mobileanjian.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 51805 | 192.168.122.1 | 53 |
192.168.122.201 | 53118 | 192.168.122.1 | 53 |
192.168.122.201 | 53947 | 192.168.122.1 | 53 |
192.168.122.201 | 57526 | 192.168.122.1 | 53 |
192.168.122.201 | 59236 | 192.168.122.1 | 53 |
192.168.122.201 | 59277 | 192.168.122.1 | 53 |
192.168.122.201 | 60869 | 192.168.122.1 | 53 |
192.168.122.201 | 61447 | 192.168.122.1 | 53 |
192.168.122.201 | 63246 | 192.168.122.1 | 53 |
192.168.122.201 | 63472 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://nisheba.ysepan.com/ | GET / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: nisheba.ysepan.com |
URL专业沙箱检测 -> http://nisheba.ysepan.com/kh_login_sm.aspx?dlmc=nisheba | GET /kh_login_sm.aspx?dlmc=nisheba HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: nisheba.ysepan.com |
URL专业沙箱检测 -> http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 | GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1 User-Agent: MyApp Host: freedns.afraid.org Cache-Control: no-cache |
URL专业沙箱检测 -> http://author.mobileanjian.com/Account/LoginCheck | POST /Account/LoginCheck HTTP/1.1 Accept: */* Referer: http://author.mobileanjian.com/Account/LoginCheck Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: author.mobileanjian.com Content-Length: 52 Cache-Control: no-cache UserName=qwe6962438&Password=6962438&IsChecked=false |
URL专业沙箱检测 -> http://author.mobileanjian.com/Author/MyInfo | GET /Author/MyInfo HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: author.mobileanjian.com |
URL专业沙箱检测 -> http://author.mobileanjian.com/ | GET / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: author.mobileanjian.com |
URL专业沙箱检测 -> http://author.mobileanjian.com/Account/LoginCheck | POST /Account/LoginCheck HTTP/1.1 Accept: */* Referer: http://author.mobileanjian.com/Account/LoginCheck Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: author.mobileanjian.com Content-Length: 52 Cache-Control: no-cache Cookie: UserLogion=; .ASPXAUTH=A4AAE49E87A581011960DCDC6EFED0942E3B624681E53BF5E7F6EB3608559DA14AD28E604CD9E4598664B83E03EA86059C08CC73C912CD86A07ACEEAE8FB4DF0A46B0B45FE7BF98320E3A263AE99A8D09CDE84FA5E6318A9F3A40DAF6DCEF3B964B407C9DDDEE1330CEA6D877F0CC40D4ADFEFE73FD6612F41A88748F5F5F086 UserName=qwe6962438&Password=6962438&IsChecked=false |
URL专业沙箱检测 -> http://author.mobileanjian.com/Account/LoginCheck | POST /Account/LoginCheck HTTP/1.1 Accept: */* Referer: http://author.mobileanjian.com/Account/LoginCheck Accept-Language: zh-cn Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: author.mobileanjian.com Content-Length: 52 Cache-Control: no-cache Cookie: UserLogion=; .ASPXAUTH=7876A2763F5363ADCE07029BF593FD161838F40F1A3427CC6588559F5021AA71DB40A1EF9F627B0C650F991386F5AED8C743D09145909B957A35EEA0922DBC665685A76F09D9033653F485F11E792AD6AB7AB412A4C1D31FED35AA4B859CACC41CE2B3125ED0452446D4883C3C180F8E62487489FEAC4EE4EDDF2DEB9A26C5CF UserName=qwe6962438&Password=6962438&IsChecked=false |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 721975 |
---|---|
Mongo ID | 64806124dc327b479506502e |
Cuckoo release | 1.4-Maldun |