比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-05-10 13:51:47 2024-05-10 13:52:47 60 秒

魔盾分数

6.8023125

危险的

文件详细信息

文件名 滑油测试平台.exe
文件大小 12841472 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1699175631eff1a405a30abfd6070a89
SHA1 d12719a87fb7cb97b7c07a8194bedd7eadb08f01
SHA256 a13c7124294e0e8eb9879f7b380722abd0633de7af2520282456362a1a6f16a1
SHA512 27117a767f42b42176a256efeb60005e9376da663946c3bd554a3cc0a0dbb0e0075b136c9207da7cbdf47127c808d1dcd170b61a54259800c3c3f07a6e0c21d7
CRC32 778B3196
Ssdeep 196608:4Ivxtz6GzxHu7gVNyEMTIiV/Pf8Uh9F+hym3PtpAVOtTCve0oNP8suRQx+G9wILk:4iT6mbsB/P8UhbmFpAVBvevN2cGu
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
183.131.87.161 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.ni.com CNAME www.ni.com.cdn.cloudflare.net
A 183.131.87.161

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004065a3
声明校验值 0x0001ef12
实际校验值 0x00c4cb7d
最低操作系统版本要求 6.0
编译时间 2022-07-07 11:17:08
载入哈希 7aa4c3eb831240e8b5d5e0cfd7258a52
图标
图标精确哈希值 39bd34806ac0808c78c94ff501a05379
图标相似性哈希值 34af714d2b1bcc25cfddec3b358d0c16
导出DLL库名称 appshell_bcrte.exe

版本信息

LegalCopyright
InternalName
FileVersion
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0000b9a5 0x0000ba00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.62
.rdata 0x0000d000 0x00007d90 0x00007e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.60
.data 0x00015000 0x00002e04 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 2.61
.gfids 0x00018000 0x000000ac 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 1.44
.rsrc 0x00019000 0x00c29814 0x00c29a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 8.00
.reloc 0x00c43000 0x00000f54 0x00001000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.41

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x0002d0a0 0x000009f2 LANG_ENGLISH SUBLANG_ENGLISH_US 7.62 PNG image data, 512 x 512, 8-bit colormap, non-interlaced
RT_ICON 0x0002d0a0 0x000009f2 LANG_ENGLISH SUBLANG_ENGLISH_US 7.62 PNG image data, 512 x 512, 8-bit colormap, non-interlaced
RT_ICON 0x0002d0a0 0x000009f2 LANG_ENGLISH SUBLANG_ENGLISH_US 7.62 PNG image data, 512 x 512, 8-bit colormap, non-interlaced
RT_ICON 0x0002d0a0 0x000009f2 LANG_ENGLISH SUBLANG_ENGLISH_US 7.62 PNG image data, 512 x 512, 8-bit colormap, non-interlaced
RT_ICON 0x0002d0a0 0x000009f2 LANG_ENGLISH SUBLANG_ENGLISH_US 7.62 PNG image data, 512 x 512, 8-bit colormap, non-interlaced
RT_ICON 0x0002d0a0 0x000009f2 LANG_ENGLISH SUBLANG_ENGLISH_US 7.62 PNG image data, 512 x 512, 8-bit colormap, non-interlaced
RT_STRING 0x0002e754 0x00000130 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.99 data
RT_STRING 0x0002e754 0x00000130 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.99 data
RT_STRING 0x0002e754 0x00000130 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.99 data
RT_STRING 0x0002e754 0x00000130 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.99 data
RT_STRING 0x0002e754 0x00000130 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.99 data
RT_STRING 0x0002e754 0x00000130 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.99 data
RT_STRING 0x0002e754 0x00000130 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.99 data
RT_RCDATA 0x00c41d04 0x00000004 LANG_NEUTRAL SUBLANG_NEUTRAL 1.50 ASCII text, with no line terminators
RT_RCDATA 0x00c41d04 0x00000004 LANG_NEUTRAL SUBLANG_NEUTRAL 1.50 ASCII text, with no line terminators
RT_RCDATA 0x00c41d04 0x00000004 LANG_NEUTRAL SUBLANG_NEUTRAL 1.50 ASCII text, with no line terminators
RT_RCDATA 0x00c41d04 0x00000004 LANG_NEUTRAL SUBLANG_NEUTRAL 1.50 ASCII text, with no line terminators
RT_GROUP_ICON 0x00c41d08 0x0000005a LANG_ENGLISH SUBLANG_ENGLISH_US 2.70 MS Windows icon resource - 6 icons, 128x128
RT_VERSION 0x00c41d64 0x00000258 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.65 data
RT_MANIFEST 0x00c41fbc 0x00000855 LANG_ENGLISH SUBLANG_ENGLISH_US 5.16 ASCII text, with very long lines, with no line terminators

导入

库: USER32.dll:
0x40d140 MessageBoxA
库: ADVAPI32.dll:
0x40d000 RegQueryValueExA
0x40d004 RegCloseKey
0x40d008 RegOpenKeyExA
库: COMCTL32.dll:
0x40d010 None
库: KERNEL32.dll:
0x40d018 DecodePointer
0x40d01c GetLastError
0x40d020 GetProcAddress
0x40d024 SearchPathA
0x40d028 VirtualAlloc
0x40d02c VirtualFree
0x40d030 GetModuleFileNameA
0x40d034 LoadLibraryA
0x40d038 FormatMessageA
0x40d03c GetUserDefaultLCID
0x40d044 FreeLibrary
0x40d048 GetFileAttributesA
0x40d04c LoadLibraryExA
0x40d054 IsDebuggerPresent
0x40d060 GetCurrentProcess
0x40d064 TerminateProcess
0x40d06c SetLastError
0x40d070 GetCurrentThreadId
0x40d074 MultiByteToWideChar
0x40d078 GetACP
0x40d07c HeapAlloc
0x40d080 HeapFree
0x40d084 GetModuleHandleW
0x40d098 TlsAlloc
0x40d09c TlsGetValue
0x40d0a0 TlsSetValue
0x40d0a4 TlsFree
0x40d0ac LoadLibraryExW
0x40d0b0 LCMapStringW
0x40d0b4 RaiseException
0x40d0b8 IsValidCodePage
0x40d0bc GetOEMCP
0x40d0c0 GetCPInfo
0x40d0c4 GetStringTypeW
0x40d0c8 ExitProcess
0x40d0cc GetModuleHandleExW
0x40d0d0 GetProcessHeap
0x40d0d4 WideCharToMultiByte
0x40d0d8 HeapSize
0x40d0dc HeapReAlloc
0x40d0e0 RtlUnwind
0x40d0e4 CreateFileW
0x40d0e8 GetStartupInfoW
0x40d0f0 GetCurrentProcessId
0x40d0f4 InitializeSListHead
0x40d0f8 GetStdHandle
0x40d0fc WriteFile
0x40d100 CloseHandle
0x40d104 FindClose
0x40d108 FindFirstFileExA
0x40d10c FindNextFileA
0x40d110 GetCommandLineA
0x40d114 GetCommandLineW
0x40d120 SetStdHandle
0x40d124 GetFileType
0x40d128 FlushFileBuffers
0x40d12c GetConsoleCP
0x40d130 GetConsoleMode
0x40d134 SetFilePointerEx
0x40d138 WriteConsoleW
库: VERSION.dll:
0x40d14c GetFileVersionInfoA
0x40d150 VerQueryValueA

导出

序列 地址 名称
1 0x4158e8 LVRTTable
.text
`.rdata
@.data
.gfids
@.rsrc
@.reloc
D$ Pj
D$ Pj
D$ Pj
@HHUA
tl=xWA
xHHUA
35<vA
35DvA
URPQQh a@
SVWUj
;5$}A
SOFTWARE\National Instruments\LabVIEW Run-Time
National Instruments\Shared\LabVIEW Run-Time
c:\Program Files\National Instruments\Shared\LabVIEW Run-Time
%ProgramFiles%\National Instruments\Shared\LabVIEW Run-Time
lvrt.dll
DLLWinMain
LVRTTable
Cette erreur peut provenir de l'absence du run-time de Visual C++ 2008.
Cette erreur peut provenir de l'absence du run-time de Visual C++ 2008.
charger ?
cution de LabVIEW.
%1 erfordert eine LabVIEW Runtime-Engine der Version %2 (oder damit kompatibel). Wenden Sie sich an den Hersteller von %3, um dieses Problem zu beheben.
%1 erfordert eine LabVIEW Full Featured Runtime-Engine der Version %2 (oder damit kompatibel). Wenden Sie sich an den Hersteller von %3, um dieses Problem zu beheben.
Ggf. fehlen Laufzeitkomponenten von Visual C++ 2008.
Ggf. fehlen Laufzeitkomponenten von Visual C++ 2008.
chten Sie ni.com zum Herunterladen der LabVIEW Run-Time Engine besuchen?
ffnet werden. Besuchen Sie ni.com/updates und suchen Sie nach der Version %1 der LabVIEW Run-Time Engine.
%1 requires a version %2 (or compatible) LabVIEW Run-Time Engine. Please contact the vendor of %3 to correct this problem.
%1 requires a version %2 (or compatible) LabVIEW Full Featured Run-Time Engine. Please contact the vendor of %3 to correct this problem.
This error might be caused by missing Visual C++ 2008 run-time components.
This error might be caused by missing Visual C++ 2008 run-time components.
Do you want to visit ni.com to download the LabVIEW Run-Time Engine?
Failed to open webpage. Please visit ni.com/updates and search for version %1 of the LabVIEW Run-Time Engine.
"unknown"
\StringFileInfo\040904e4\ProductVersion
\StringFileInfo\040904b0\ProductVersion
LabVIEW
http://www.ni.com/rteFinder?dest=lvrte
&version=
&platform=Win7_
&lang=
shell32.dll
ole32.dll
CoInitializeEx
ShellExecuteA
zh-CN
NILVRuntimeManager.dll
NILVRunTimeManagerPath
c:\Program Files\National Instruments\Shared
AppLibs
NILVRTEManager
National Instruments\Shared
%ProgramFiles%\National Instruments\Shared
LoadLatestCompatibleRTE
LoadExactRTE
DLLPath
Software\Microsoft\Windows\CurrentVersion
ProgramFilesDir
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
GetCurrentPackageId
InitializeCriticalSectionEx
LCMapStringEx
LocaleNameToLCID
CorExitProcess
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
operator ""
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
log10
log10
BC .=
"B <1=
#.X'=
atan2
floor
ldexp
_cabs
_hypot
frexp
_logb
_nextafter
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIC
.CRT$XIZ
.CRT$XPA
.CRT$XPX
.CRT$XPXA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.edata
.idata$2
.idata$3
.idata$4
.idata$6
.data
.gfids$x
.gfids$y
.rsrc$01
.rsrc$02
appshell_bcrte.exe
LVRTTable
MessageBoxA
USER32.dll
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ADVAPI32.dll
COMCTL32.dll
GetLastError
GetProcAddress
SearchPathA
VirtualAlloc
VirtualFree
GetModuleFileNameA
LoadLibraryA
FormatMessageA
GetUserDefaultLCID
ExpandEnvironmentStringsA
FreeLibrary
GetFileAttributesA
LoadLibraryExA
GetPrivateProfileStringA
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetLastError
GetCurrentThreadId
MultiByteToWideChar
GetACP
HeapAlloc
HeapFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetStringTypeW
ExitProcess
GetModuleHandleExW
GetProcessHeap
WideCharToMultiByte
HeapSize
HeapReAlloc
RtlUnwind
KERNEL32.dll
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VERSION.dll
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetStdHandle
WriteFile
CloseHandle
FindClose
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateFileW
DecodePointer
RaiseException
plat\win\appsrc\exemain.cpp
plat\win\appsrc\lvshell.cpp
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
api-ms-win-appmodel-runtime-l1-1-1
api-ms-win-core-datetime-l1-1-1
api-ms-win-core-fibers-l1-1-1
api-ms-win-core-localization-l1-2-1
api-ms-win-core-localization-obsolete-l1-2-0
api-ms-win-core-processthreads-l1-1-2
api-ms-win-core-string-l1-1-0
api-ms-win-core-synch-l1-2-0
api-ms-win-core-sysinfo-l1-2-1
api-ms-win-core-winrt-l1-1-0
api-ms-win-core-xstate-l2-1-0
api-ms-win-rtcore-ntuser-window-l1-1-0
api-ms-win-security-systemfunctions-l1-1-0
ext-ms-win-kernel32-package-current-l1-1-0
ext-ms-win-ntuser-dialogbox-l1-1-0
ext-ms-win-ntuser-windowstation-l1-1-0
advapi32
kernel32
user32
Aja-JP
zh-CN
ko-KR
zh-TW
mscoree.dll
zh-CHS
ar-SA
bg-BG
ca-ES
cs-CZ
da-DK
de-DE
el-GR
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
CONOUT$
没有防病毒引擎扫描信息!

进程树

__________________.exe, PID: 2624, 上一级进程 PID: 2268
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
183.131.87.161 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 183.131.87.161 www.ni.com 80
192.168.122.201 49162 183.131.87.161 www.ni.com 443
192.168.122.201 49157 23.206.188.214 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.ni.com CNAME www.ni.com.cdn.cloudflare.net
A 183.131.87.161

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49161 183.131.87.161 www.ni.com 80
192.168.122.201 49162 183.131.87.161 www.ni.com 443
192.168.122.201 49157 23.206.188.214 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://www.ni.com/rteFinder?dest=lvrte&version=22.3&platform=Win7_32&lang=zh-CN 
GET /rteFinder?dest=lvrte&version=22.3&platform=Win7_32&lang=zh-CN HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.ni.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2024-05-10 13:52:26.085332+0800 192.168.122.201 49162 183.131.87.161 443 TLS 1.2 C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 C=US, ST=Texas, L=Austin, O=National Instruments Corporation, CN=*.ni.com 1e:c0:ea:99:d1:c5:b2:9c:de:5a:cc:63:35:86:80:8f:50:0a:b4:2e

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 34.583 seconds )

  • 10.89 Suricata
  • 10.237 NetworkAnalysis
  • 10.031 Static
  • 2.871 TargetInfo
  • 0.318 peid
  • 0.175 BehaviorAnalysis
  • 0.034 config_decoder
  • 0.013 Strings
  • 0.012 AnalysisInfo
  • 0.002 Memory

Signatures ( 45.899 seconds )

  • 44.044 network_http
  • 1.654 proprietary_url_bl
  • 0.04 antiav_detectreg
  • 0.017 proprietary_domain_bl
  • 0.015 infostealer_ftp
  • 0.01 api_spamming
  • 0.009 infostealer_im
  • 0.008 stealth_decoy_document
  • 0.008 stealth_timeout
  • 0.008 antianalysis_detectreg
  • 0.007 antiav_detectfile
  • 0.007 infostealer_mail
  • 0.005 anomaly_persistence_autorun
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_bitcoin
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antivm_generic_scsi
  • 0.003 antivm_vbox_files
  • 0.002 tinba_behavior
  • 0.002 mimics_filetime
  • 0.002 betabot_behavior
  • 0.002 kibex_behavior
  • 0.002 antivm_parallels_keys
  • 0.002 antivm_xen_keys
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 antiemu_wine_func
  • 0.001 antivm_vbox_libs
  • 0.001 bootkit
  • 0.001 rat_nanocore
  • 0.001 stealth_file
  • 0.001 antivm_generic_services
  • 0.001 proprietary_anomaly_massive_file_ops
  • 0.001 reads_self
  • 0.001 antivm_generic_disk
  • 0.001 infostealer_browser_password
  • 0.001 anormaly_invoke_kills
  • 0.001 cerber_behavior
  • 0.001 virus
  • 0.001 kovter_behavior
  • 0.001 hancitor_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_diskreg
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_bad_drop
  • 0.001 network_cnc_http
  • 0.001 recon_fingerprint

Reporting ( 0.496 seconds )

  • 0.492 ReportHTMLSummary
  • 0.004 Malheur
Task ID 744801
Mongo ID 663db6a87e769a05bc3dbc23
Cuckoo release 1.4-Maldun