比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-04-29 17:28:43 2024-04-29 17:29:20 37 秒

魔盾分数

5.392

可疑的

文件详细信息

文件名 香肠留恋免费版0429.exe
文件大小 38400 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 7390bced73b8d82611513dcb3f644811
SHA1 e4c7edd26ae7c1ba433ac53d5a2eb6f5dbb40edf
SHA256 b75e4aabfe50218392b8b1035dd71ff153dfbf97da8f2c8dfa66d54137056d0b
SHA512 2859d34632b2b5ad7a959a242a7962c9198924c204d44373d59450c694ab548c6a450d2616d74516244303f08e908c12c55b746781380b9349e67361b93b9825
CRC32 C8610EB0
Ssdeep 768:auOe6+J7zs0exR5NPrpq3w2MnvOCQH1IIvfP7RAYIra8y:ansJPY9rpq3wnvOvH1IYn1MrC
Yara 登录查看Yara规则
找不到该样本 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.230.213.88 中国
180.101.49.206 中国
180.163.200.99 中国
183.131.158.108 中国
183.131.158.109 中国
183.131.158.110 中国
183.131.158.123 中国
183.131.158.98 未知 中国
183.61.32.99 中国
220.181.107.131 中国
220.181.33.11 中国
222.73.33.237 中国
60.188.66.49 中国
61.170.99.38 中国
8.142.85.127 未知 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
note.youdao.com 未知 A 222.73.33.222
CNAME note.ntes53.netease.com
A 222.73.33.234
A 222.73.33.237
CNAME note.youdao.com.163jiasu.com
CNAME note.youdao.com.w.kunluncan.com
dl.3dmgame.com A 183.131.158.98
A 183.131.158.123
dup.baidustatic.com A 60.188.66.49
CNAME ecomcbjs.jomodns.com
www.3dmgame.com
pos.baidu.com A 180.101.49.206
CNAME cb.e.shifen.com
unmc.cdn.bcebos.com 未知 A 117.68.34.38
CNAME unmc.cdn.bcebos.com.a.bdydns.com
CNAME opencdnbd.jomodns.com
A 61.170.99.38
img.3dmgame.com 未知 A 180.163.200.99
CNAME img.3dmgame.com.ctadns.cn
CNAME img.3dmgame.com.jycloudgslb.com
A 180.163.200.98
A 180.163.200.96
my.3dmgame.com A 183.131.158.110
A 183.131.158.109
eclick.baidu.com 未知 A 220.181.107.131
CNAME eclick.e.shifen.com
ssl.captcha.qq.com A 183.61.32.99
work.3dmgame.com
open.thunderurl.com 未知 A 114.230.213.88
A 58.220.53.86
A 114.230.213.89
CNAME hcdnw101.gslb.v6.c.cdnhwc2.com
CNAME open.thunderurl.com.d1b7f386.c.cdnhwc1.com
hm.baidu.com 未知 CNAME hm.e.shifen.com
A 220.181.33.11
news.vainews.cn A 39.99.255.134
A 8.142.85.127
A 8.142.132.29
yx.3dmgame.com A 183.131.158.108

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00429db0
声明校验值 0x00000000
实际校验值 0x00014223
最低操作系统版本要求 4.0
编译时间 2024-04-29 01:32:10
载入哈希 1fd2dd442cfd46c140fe080f3302e1ff

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
UPX0 0x00001000 0x00020000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
UPX1 0x00021000 0x00009000 0x00009000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.90
UPX2 0x0002a000 0x00001000 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.74

导入

库: KERNEL32.DLL:
0x42a078 LoadLibraryA
0x42a07c ExitProcess
0x42a080 GetProcAddress
0x42a084 VirtualProtect
库: MSVCRT.dll:
0x42a08c free
库: ole32.dll:
0x42a094 OleRun
库: OLEAUT32.dll:
0x42a09c VarR8FromCy
库: USER32.dll:
0x42a0a4 wsprintfA
ArjeX'
Z5[i=
!x/$\
,A@K?
PuAm0
l tRqS
OPTIONS
KERNEL32.DLL
MSVCRT.dll
ole32.dll
OLEAUT32.dll
USER32.dll
ExitProcess
GetProcAddress
LoadLibraryA
VirtualProtect
OleRun
wsprintfA
没有防病毒引擎扫描信息!

进程树

_____________________0429.exe, PID: 2560, 上一级进程 PID: 2196
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.230.213.88 中国
180.101.49.206 中国
180.163.200.99 中国
183.131.158.108 中国
183.131.158.109 中国
183.131.158.110 中国
183.131.158.123 中国
183.131.158.98 未知 中国
183.61.32.99 中国
220.181.107.131 中国
220.181.33.11 中国
222.73.33.237 中国
60.188.66.49 中国
61.170.99.38 中国
8.142.85.127 未知 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49188 114.230.213.88 open.thunderurl.com 443
192.168.122.201 49169 180.101.49.206 pos.baidu.com 443
192.168.122.201 49174 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49175 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49176 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49177 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49178 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49179 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49180 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49195 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49196 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49197 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49198 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49199 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49201 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49187 183.131.158.109 my.3dmgame.com 443
192.168.122.201 49172 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49173 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49202 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49203 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49204 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49205 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49162 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49163 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49164 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49165 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49185 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49167 183.131.158.98 dl.3dmgame.com 443
192.168.122.201 49168 183.131.158.98 dl.3dmgame.com 443
192.168.122.201 49194 183.131.158.98 dl.3dmgame.com 443
192.168.122.201 49186 183.61.32.99 ssl.captcha.qq.com 443
192.168.122.201 49182 220.181.107.131 eclick.baidu.com 443
192.168.122.201 49192 220.181.33.11 hm.baidu.com 443
192.168.122.201 49160 222.73.33.237 note.youdao.com 443
192.168.122.201 49161 23.72.90.16 80
192.168.122.201 49166 60.188.66.49 dup.baidustatic.com 443
192.168.122.201 49170 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49171 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49183 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49184 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49189 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49190 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49191 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49193 8.142.85.127 news.vainews.cn 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 54135 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 60919 192.168.122.1 53
192.168.122.201 61329 192.168.122.1 53
192.168.122.201 64363 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53
192.168.122.201 65259 192.168.122.1 53
192.168.122.201 65529 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
note.youdao.com 未知 A 222.73.33.222
CNAME note.ntes53.netease.com
A 222.73.33.234
A 222.73.33.237
CNAME note.youdao.com.163jiasu.com
CNAME note.youdao.com.w.kunluncan.com
dl.3dmgame.com A 183.131.158.98
A 183.131.158.123
dup.baidustatic.com A 60.188.66.49
CNAME ecomcbjs.jomodns.com
www.3dmgame.com
pos.baidu.com A 180.101.49.206
CNAME cb.e.shifen.com
unmc.cdn.bcebos.com 未知 A 117.68.34.38
CNAME unmc.cdn.bcebos.com.a.bdydns.com
CNAME opencdnbd.jomodns.com
A 61.170.99.38
img.3dmgame.com 未知 A 180.163.200.99
CNAME img.3dmgame.com.ctadns.cn
CNAME img.3dmgame.com.jycloudgslb.com
A 180.163.200.98
A 180.163.200.96
my.3dmgame.com A 183.131.158.110
A 183.131.158.109
eclick.baidu.com 未知 A 220.181.107.131
CNAME eclick.e.shifen.com
ssl.captcha.qq.com A 183.61.32.99
work.3dmgame.com
open.thunderurl.com 未知 A 114.230.213.88
A 58.220.53.86
A 114.230.213.89
CNAME hcdnw101.gslb.v6.c.cdnhwc2.com
CNAME open.thunderurl.com.d1b7f386.c.cdnhwc1.com
hm.baidu.com 未知 CNAME hm.e.shifen.com
A 220.181.33.11
news.vainews.cn A 39.99.255.134
A 8.142.85.127
A 8.142.132.29
yx.3dmgame.com A 183.131.158.108

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49188 114.230.213.88 open.thunderurl.com 443
192.168.122.201 49169 180.101.49.206 pos.baidu.com 443
192.168.122.201 49174 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49175 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49176 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49177 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49178 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49179 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49180 180.163.200.99 img.3dmgame.com 443
192.168.122.201 49195 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49196 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49197 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49198 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49199 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49201 183.131.158.108 yx.3dmgame.com 443
192.168.122.201 49187 183.131.158.109 my.3dmgame.com 443
192.168.122.201 49172 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49173 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49202 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49203 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49204 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49205 183.131.158.110 my.3dmgame.com 443
192.168.122.201 49162 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49163 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49164 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49165 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49185 183.131.158.123 dl.3dmgame.com 443
192.168.122.201 49167 183.131.158.98 dl.3dmgame.com 443
192.168.122.201 49168 183.131.158.98 dl.3dmgame.com 443
192.168.122.201 49194 183.131.158.98 dl.3dmgame.com 443
192.168.122.201 49186 183.61.32.99 ssl.captcha.qq.com 443
192.168.122.201 49182 220.181.107.131 eclick.baidu.com 443
192.168.122.201 49192 220.181.33.11 hm.baidu.com 443
192.168.122.201 49160 222.73.33.237 note.youdao.com 443
192.168.122.201 49161 23.72.90.16 80
192.168.122.201 49166 60.188.66.49 dup.baidustatic.com 443
192.168.122.201 49170 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49171 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49183 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49184 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49189 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49190 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49191 61.170.99.38 unmc.cdn.bcebos.com 443
192.168.122.201 49193 8.142.85.127 news.vainews.cn 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49532 192.168.122.1 53
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 54135 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 60465 192.168.122.1 53
192.168.122.201 60919 192.168.122.1 53
192.168.122.201 61329 192.168.122.1 53
192.168.122.201 64363 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53
192.168.122.201 65259 192.168.122.1 53
192.168.122.201 65529 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2024-04-29 17:29:05.062423+0800 192.168.122.201 49160 222.73.33.237 443 TLSv1 C=US, O=DigiCert Inc, CN=GeoTrust RSA CN CA G2 C=CN, ST=北京市, O=网易有道信息技术(北京)有限公司, CN=*.youdao.com 2f:14:9d:99:51:c1:1b:13:a2:f9:2c:37:ef:1b:eb:85:72:80:ea:5e
2024-04-29 17:29:12.009333+0800 192.168.122.201 49163 183.131.158.123 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:12.027369+0800 192.168.122.201 49164 183.131.158.123 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:12.037952+0800 192.168.122.201 49165 183.131.158.123 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:11.437470+0800 192.168.122.201 49162 183.131.158.123 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:12.311753+0800 192.168.122.201 49167 183.131.158.98 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:12.345003+0800 192.168.122.201 49168 183.131.158.98 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:17.594743+0800 192.168.122.201 49172 183.131.158.110 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:17.555777+0800 192.168.122.201 49171 61.170.99.38 443 TLS 1.2 C=CN, O=Baidu, Inc., CN=Baidu, Inc. DV CA CN=a.bdydns.com 16:a0:3c:f6:b3:02:f1:7c:44:03:97:2c:60:91:81:c0:71:c1:a6:ff
2024-04-29 17:29:12.409007+0800 192.168.122.201 49169 180.101.49.206 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com 97:42:d5:98:27:d6:22:88:cf:59:c3:ff:75:86:8d:d5:d3:12:a0:af
2024-04-29 17:29:17.594843+0800 192.168.122.201 49173 183.131.158.110 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:17.609692+0800 192.168.122.201 49175 180.163.200.99 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:17.614224+0800 192.168.122.201 49176 180.163.200.99 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:17.620219+0800 192.168.122.201 49179 180.163.200.99 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:12.051093+0800 192.168.122.201 49166 60.188.66.49 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com 97:42:d5:98:27:d6:22:88:cf:59:c3:ff:75:86:8d:d5:d3:12:a0:af
2024-04-29 17:29:17.512278+0800 192.168.122.201 49170 61.170.99.38 443 TLS 1.2 C=CN, O=Baidu, Inc., CN=Baidu, Inc. DV CA CN=a.bdydns.com 16:a0:3c:f6:b3:02:f1:7c:44:03:97:2c:60:91:81:c0:71:c1:a6:ff
2024-04-29 17:29:17.736540+0800 192.168.122.201 49180 180.163.200.99 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:17.608268+0800 192.168.122.201 49174 180.163.200.99 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:17.613852+0800 192.168.122.201 49177 180.163.200.99 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:17.618065+0800 192.168.122.201 49178 180.163.200.99 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:18.524087+0800 192.168.122.201 49187 183.131.158.109 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:18.484701+0800 192.168.122.201 49185 183.131.158.123 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:18.567029+0800 192.168.122.201 49188 114.230.213.88 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=open.thunderurl.com fd:12:a1:0e:e7:47:d5:27:48:0b:f4:8c:9e:e1:96:fe:07:84:b4:58
2024-04-29 17:29:18.609501+0800 192.168.122.201 49186 183.61.32.99 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert Secure Site CN CA G3 C=CN, ST=Guangdong Province, L=Shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.captcha.qq.com 11:ab:f2:18:35:db:25:5c:4d:09:1e:87:34:8a:f3:5e:2c:1d:96:a4
2024-04-29 17:29:18.211577+0800 192.168.122.201 49182 220.181.107.131 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com 97:42:d5:98:27:d6:22:88:cf:59:c3:ff:75:86:8d:d5:d3:12:a0:af
2024-04-29 17:29:19.199675+0800 192.168.122.201 49193 8.142.85.127 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G4 CN=*.vainews.cn c4:3b:21:7a:46:ee:21:59:a0:e4:2c:7c:b0:a2:a5:63:2c:56:0d:9c
2024-04-29 17:29:19.315718+0800 192.168.122.201 49194 183.131.158.98 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.676412+0800 192.168.122.201 49201 183.131.158.108 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.503111+0800 192.168.122.201 49196 183.131.158.108 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.503651+0800 192.168.122.201 49198 183.131.158.108 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.500920+0800 192.168.122.201 49195 183.131.158.108 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.055536+0800 192.168.122.201 49192 220.181.33.11 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=CN, ST=beijing, L=beijing, O=Beijing Baidu Netcom Science Technology Co., Ltd, CN=baidu.com 97:42:d5:98:27:d6:22:88:cf:59:c3:ff:75:86:8d:d5:d3:12:a0:af
2024-04-29 17:29:19.509112+0800 192.168.122.201 49199 183.131.158.108 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.502540+0800 192.168.122.201 49197 183.131.158.108 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.850667+0800 192.168.122.201 49202 183.131.158.110 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.860803+0800 192.168.122.201 49203 183.131.158.110 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.861640+0800 192.168.122.201 49205 183.131.158.110 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8
2024-04-29 17:29:19.862713+0800 192.168.122.201 49204 183.131.158.110 443 TLS 1.2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 CN=*.3dmgame.com 04:97:68:5c:e9:27:d5:0c:9b:6c:08:8c:d7:12:33:71:58:6c:78:b8

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 35.868 seconds )

  • 22.135 NetworkAnalysis
  • 11.979 Suricata
  • 0.823 BehaviorAnalysis
  • 0.332 Static
  • 0.305 peid
  • 0.278 TargetInfo
  • 0.011 AnalysisInfo
  • 0.003 Strings
  • 0.002 Memory

Signatures ( 2.101 seconds )

  • 1.508 proprietary_url_bl
  • 0.069 antiav_detectreg
  • 0.068 proprietary_domain_bl
  • 0.05 api_spamming
  • 0.041 stealth_decoy_document
  • 0.041 stealth_timeout
  • 0.026 infostealer_ftp
  • 0.015 antianalysis_detectreg
  • 0.015 infostealer_im
  • 0.013 mimics_filetime
  • 0.012 reads_self
  • 0.012 antivm_generic_scsi
  • 0.01 geodo_banking_trojan
  • 0.009 stealth_file
  • 0.009 antivm_generic_services
  • 0.008 antivm_generic_disk
  • 0.008 virus
  • 0.008 kovter_behavior
  • 0.008 infostealer_mail
  • 0.008 ransomware_files
  • 0.007 antiemu_wine_func
  • 0.007 bootkit
  • 0.007 stealth_network
  • 0.007 anomaly_persistence_autorun
  • 0.007 infostealer_browser_password
  • 0.007 anormaly_invoke_kills
  • 0.007 hancitor_behavior
  • 0.007 network_http
  • 0.007 ransomware_extensions
  • 0.006 antiav_detectfile
  • 0.006 antivm_xen_keys
  • 0.006 network_torgateway
  • 0.005 antivm_vbox_files
  • 0.005 infostealer_bitcoin
  • 0.004 antivm_parallels_keys
  • 0.004 darkcomet_regkeys
  • 0.003 betabot_behavior
  • 0.003 kibex_behavior
  • 0.003 antivm_generic_diskreg
  • 0.003 recon_fingerprint
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_libs
  • 0.002 infostealer_browser
  • 0.002 shifu_behavior
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 bot_drive2
  • 0.002 disables_browser_warn
  • 0.002 network_cnc_http
  • 0.001 rat_nanocore
  • 0.001 injection_createremotethread
  • 0.001 ipc_namedpipe
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 bypass_firewall
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_athenahttp
  • 0.001 bot_drive
  • 0.001 browser_addon
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_invoke_vb_vba
  • 0.001 proprietary_bad_drop
  • 0.001 proprietary_network_blacklist
  • 0.001 office_security
  • 0.001 packer_armadillo_regkey
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_checkip
  • 0.001 recon_programs
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.556 seconds )

  • 0.492 ReportHTMLSummary
  • 0.064 Malheur
Task ID 744455
Mongo ID 662f68c17e769a05bb3db66a
Cuckoo release 1.4-Maldun