分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp02-1 | 2024-04-25 22:23:38 | 2024-04-25 22:28:10 | 272 秒 |
文件名 | uninst.exe |
---|---|
文件大小 | 2362304 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 6f9d9bb100cab5863273bfdd48b87d16 |
SHA1 | 5ba6e3fdb1e7270a35c69fcb5f6d6976670ab53c |
SHA256 | 2dfb55755bf517417be6779f2339d66736a779f59ab8c9a01878e3c53c212bec |
SHA512 | 1ff2de78993763d7394a4bed9f582d0d733b5128e8c039c12a857277982fe5f1eddd2893fed9425a8d087b3911c2bc1329eee04f5a027d37c08bec871c42114d |
CRC32 | 665EE98A |
Ssdeep | 49152:6CPIauI2iFHrQ66gbilgcrySCKmVlmDe0TLRvzS:6Cg/I2GB9bizrdmVlm7tS |
Yara | 登录查看Yara规则 |
找不到该样本 提交误报 |
无主机纪录.
无域名信息.
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x004030de |
声明校验值 | 0x00000000 |
实际校验值 | 0x0024d7d3 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2015-12-11 15:12:34 |
载入哈希 | 5e27740d9754d3decf77cb65d4f31c5f |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
LegalTrademarks | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00005a97 | 0x00005c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.45 |
.rdata | 0x00007000 | 0x0000115e | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.14 |
.data | 0x00009000 | 0x0003e038 | 0x00000600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 4.04 |
.ndata | 0x00048000 | 0x0004a000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rsrc | 0x00092000 | 0x0004f000 | 0x0004ea00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.05 |
偏移量 | 0x0022dbc0 |
大小 | 0x00013000 |
无主机纪录.
无TCP连接纪录.
无UDP连接纪录.
无域名信息.
无TCP连接纪录.
无UDP连接纪录.
未发现HTTP请求.
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2024-04-25 22:25:10.884815+0800 | 192.168.122.201 | 49199 | 37.230.104.89 | 443 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:10.884815+0800 | 192.168.122.201 | 49199 | 37.230.104.89 | 443 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:25:10.885041+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49199 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:10.885041+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49199 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:25:11.580798+0800 | 192.168.122.201 | 49200 | 37.230.104.89 | 443 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:11.580798+0800 | 192.168.122.201 | 49200 | 37.230.104.89 | 443 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:25:11.793398+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49200 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:11.793398+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49200 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:24:48.184507+0800 | 34.174.61.199 | 80 | 192.168.122.201 | 49191 | TCP | 2018141 | ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz | A Network Trojan was detected |
2024-04-25 22:25:10.454677+0800 | 192.168.122.201 | 49198 | 37.230.104.89 | 443 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:10.454677+0800 | 192.168.122.201 | 49198 | 37.230.104.89 | 443 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:24:47.393025+0800 | 104.198.2.251 | 80 | 192.168.122.201 | 49190 | TCP | 2018141 | ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz | A Network Trojan was detected |
2024-04-25 22:24:51.405738+0800 | 34.174.61.199 | 80 | 192.168.122.201 | 49193 | TCP | 2018141 | ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz | A Network Trojan was detected |
2024-04-25 22:25:44.314553+0800 | 192.168.122.201 | 49212 | 37.230.104.89 | 443 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:44.314553+0800 | 192.168.122.201 | 49212 | 37.230.104.89 | 443 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:25:10.457401+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49198 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:10.457401+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49198 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:25:44.316168+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49212 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:44.316168+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49212 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:25:43.904248+0800 | 192.168.122.201 | 49211 | 37.230.104.89 | 443 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:43.904248+0800 | 192.168.122.201 | 49211 | 37.230.104.89 | 443 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
2024-04-25 22:25:43.905492+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49211 | TCP | 2230010 | SURICATA TLS invalid record/traffic | Generic Protocol Command Decode |
2024-04-25 22:25:43.905492+0800 | 37.230.104.89 | 443 | 192.168.122.201 | 49211 | TCP | 2230015 | SURICATA TLS invalid record version | Generic Protocol Command Decode |
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 744316 |
---|---|
Mongo ID | 662a6952dc327b93ad415da6 |
Cuckoo release | 1.4-Maldun |