分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-18 10:54:18 | 2024-04-18 10:56:34 | 136 秒 |
文件名 | WinLogs_Killer_x64.exe |
---|---|
文件大小 | 811761 字节 |
文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
MD5 | 1f5657b16b5b226e95f05ddb7483c564 |
SHA1 | eca29821ad0d329d1492ede325435a94281806a4 |
SHA256 | a5a7b44f8955d639551e5811a39a02cc168049c008394ce2af5a4d3e3e9ab5a4 |
SHA512 | 9062977b5817f6835bf509d6011693335bff803bbcb2b7f908acc7ad4924f90a5ac9cd9b547c7b763fdba964e46ac7bd7abd00e0732919a120fae4111f785560 |
CRC32 | 778F0C59 |
Ssdeep | 24576:HAQoDefT6HesrQrSDZhyZ+aan+mMfqZaRfAm:HAcGHC2ZUZ+umWea+m |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.85.241.42 | 美国 | |
否 | 143.244.51.207 | 美国 | |
否 | 180.163.150.169 | 中国 | |
否 | 180.163.151.38 | 中国 | |
否 | 88.198.21.111 | 德国 |
初始地址 | 0x140000000 |
---|---|
入口地址 | 0x14001a53c |
声明校验值 | 0x000c68bf |
实际校验值 | 0x000cbf4b |
最低操作系统版本要求 | 5.2 |
编译时间 | 2012-01-30 05:32:45 |
载入哈希 | 09965c276d620e5917bed399e0fe50ac |
图标 | |
图标精确哈希值 | 33bcfebe5086e6424e1ddb3be0d0e533 |
图标相似性哈希值 | d1dc3a18b6b558afd1eb497640da7388 |
CompiledScript | |
---|---|
FileVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00091b6e | 0x00091c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.49 |
.rdata | 0x00093000 | 0x000156ca | 0x00015800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.93 |
.data | 0x000a9000 | 0x0001cf88 | 0x00007800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.20 |
.pdata | 0x000c6000 | 0x00006edc | 0x00007000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.79 |
text | 0x000cd000 | 0x00001a31 | 0x00001c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE | 5.55 |
data | 0x000cf000 | 0x00004940 | 0x00004a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.29 |
.rsrc | 0x000d4000 | 0x00009328 | 0x00009400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.54 |
偏移量 | 0x000c5a00 |
大小 | 0x000008f1 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x000da6c0 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 5.81 | GLS_BINARY_LSB_FIRST |
RT_MENU | 0x000dab28 | 0x00000050 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.68 | data |
RT_DIALOG | 0x000dab78 | 0x000000fc | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 3.04 | data |
RT_STRING | 0x000dccf0 | 0x00000158 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | data |
RT_STRING | 0x000dccf0 | 0x00000158 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | data |
RT_STRING | 0x000dccf0 | 0x00000158 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | data |
RT_STRING | 0x000dccf0 | 0x00000158 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | data |
RT_STRING | 0x000dccf0 | 0x00000158 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | data |
RT_STRING | 0x000dccf0 | 0x00000158 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | data |
RT_STRING | 0x000dccf0 | 0x00000158 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.09 | data |
RT_GROUP_ICON | 0x000dcf00 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x000dcf00 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x000dcf00 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x000dcf00 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_VERSION | 0x000dcf18 | 0x0000019c | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 3.28 | data |
RT_MANIFEST | 0x000dd0b8 | 0x0000026c | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.01 | ASCII text, with CRLF line terminators |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.85.241.42 | 美国 | |
否 | 143.244.51.207 | 美国 | |
否 | 180.163.150.169 | 中国 | |
否 | 180.163.151.38 | 中国 | |
否 | 88.198.21.111 | 德国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 104.102.250.53 | 80 |
192.168.122.201 | 49273 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49274 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49275 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49276 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49277 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49278 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49266 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49267 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49268 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49269 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49270 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49272 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49279 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49280 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49281 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49282 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49283 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49265 | 180.163.150.169 www.googletagmanager.com | 443 |
192.168.122.201 | 49271 | 180.163.151.38 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49252 | 88.198.21.111 winscp.net | 443 |
192.168.122.201 | 49262 | 88.198.21.111 winscp.net | 80 |
192.168.122.201 | 49263 | 88.198.21.111 winscp.net | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49532 | 192.168.122.1 | 53 |
192.168.122.201 | 52179 | 192.168.122.1 | 53 |
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 60465 | 192.168.122.1 | 53 |
192.168.122.201 | 61329 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
192.168.122.201 | 65179 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 104.102.250.53 | 80 |
192.168.122.201 | 49273 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49274 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49275 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49276 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49277 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49278 | 104.85.241.42 x1.i.lencr.org | 80 |
192.168.122.201 | 49266 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49267 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49268 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49269 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49270 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49272 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49279 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49280 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49281 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49282 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49283 | 143.244.51.207 winscp-static-746341.c.cdn77.org | 443 |
192.168.122.201 | 49265 | 180.163.150.169 www.googletagmanager.com | 443 |
192.168.122.201 | 49271 | 180.163.151.38 pagead2.googlesyndication.com | 443 |
192.168.122.201 | 49252 | 88.198.21.111 winscp.net | 443 |
192.168.122.201 | 49262 | 88.198.21.111 winscp.net | 80 |
192.168.122.201 | 49263 | 88.198.21.111 winscp.net | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49532 | 192.168.122.1 | 53 |
192.168.122.201 | 52179 | 192.168.122.1 | 53 |
192.168.122.201 | 52207 | 192.168.122.1 | 53 |
192.168.122.201 | 53125 | 192.168.122.1 | 53 |
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
192.168.122.201 | 60465 | 192.168.122.1 | 53 |
192.168.122.201 | 61329 | 192.168.122.1 | 53 |
192.168.122.201 | 65178 | 192.168.122.1 | 53 |
192.168.122.201 | 65179 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://winscp.net/eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 | GET /eng/upgrade.php?v=5.7.3.5438&lang=0804&isinstalled=1&beta=0&to=5.13.4&utm_source=winscp&utm_medium=app&utm_campaign=5.7.3 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: winscp.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://x1.i.lencr.org/ | GET / HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: x1.i.lencr.org |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2024-04-18 10:56:26.305035+0800 | 192.168.122.201 | 49266 | 143.244.51.207 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=R3 | CN=www.cdn77.com | c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5 |
2024-04-18 10:56:26.312855+0800 | 192.168.122.201 | 49267 | 143.244.51.207 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=R3 | CN=www.cdn77.com | c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5 |
2024-04-18 10:56:04.427757+0800 | 192.168.122.201 | 49252 | 88.198.21.111 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1 | CN=winscp.net | 32:25:23:2b:47:bb:dc:4b:8a:cf:72:73:c6:0f:2b:fd:81:5d:72:e3 |
2024-04-18 10:56:26.314188+0800 | 192.168.122.201 | 49270 | 143.244.51.207 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=R3 | CN=www.cdn77.com | c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5 |
2024-04-18 10:56:26.304158+0800 | 192.168.122.201 | 49272 | 143.244.51.207 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=R3 | CN=www.cdn77.com | c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5 |
2024-04-18 10:56:26.091822+0800 | 192.168.122.201 | 49271 | 180.163.151.38 | 443 | TLS 1.2 | C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.g.doubleclick.net | 1b:fa:17:60:e2:34:d4:fa:d1:13:08:09:6e:8f:ed:e7:a8:8c:6e:7a |
2024-04-18 10:56:26.054071+0800 | 192.168.122.201 | 49265 | 180.163.150.169 | 443 | TLS 1.2 | C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=*.google-analytics.com | 1e:33:2e:4b:c3:51:05:b7:73:dc:21:bf:3e:02:b3:16:d8:0b:ab:bb |
2024-04-18 10:56:25.310295+0800 | 192.168.122.201 | 49263 | 88.198.21.111 | 443 | TLS 1.2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1 | CN=winscp.net | 32:25:23:2b:47:bb:dc:4b:8a:cf:72:73:c6:0f:2b:fd:81:5d:72:e3 |
2024-04-18 10:56:26.321961+0800 | 192.168.122.201 | 49269 | 143.244.51.207 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=R3 | CN=www.cdn77.com | c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5 |
2024-04-18 10:56:26.326912+0800 | 192.168.122.201 | 49268 | 143.244.51.207 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=R3 | CN=www.cdn77.com | c8:9d:13:b0:db:68:50:cf:32:b1:d9:54:1f:a1:a3:eb:0c:9e:d1:b5 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 744072 |
---|---|
Mongo ID | 66208c607e769a7c1a16e762 |
Cuckoo release | 1.4-Maldun |