分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp03-1 | 2017-08-22 22:31:46 | 2017-08-22 22:34:10 | 144 秒 |
魔盾分数
10.0
Generickdz病毒
文件详细信息
| 文件名 | 1.exe |
|---|---|
| 文件大小 | 246784 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4e3b8920c730df878b149a30d35d7163 |
| SHA1 | 040a4158da904705b38fe7c943c7fc2d674da6e7 |
| SHA256 | 47cf31a80061edd87d99518298951f3a71ead96ec3153728f68199d6a0bc303f |
| SHA512 | 379721672f7b0f869e9fa8fde5ebe9a1992ca1360d3779ab2309e78052aea78f185e4e18aa49c1e8ea7efedde3f5b09fe785ffe5e1b42a1c1c700c92a599999a |
| CRC32 | 2701284A |
| Ssdeep | 6144:tRnXlF9dSmU2D22k2222f2222H222282222w2222L2222A2222Z2222O2222fbmE:txXPGmU2D22k2222f2222H222282222t |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 195.2.252.59 | 俄罗斯 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00407af7 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x0004b71f |
| 最低操作系统版本要求 | 5.1 |
| 编译时间 | 2017-08-19 09:47:42 |
| 载入哈希 | 498a29e746d9b5cb412502a979c3111d |
| 图标 |  |
| 图标精确哈希值 | 98e88cb282db09638e9776a65401f90c |
| 图标相似性哈希值 | e6139b3f8d1b730f1afd1ee873e2dc4b |
版本信息
| LegalCopyright | |
|---|---|
| FileVersion | |
| ProductVersion | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00013f0c | 0x00014000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.38 |
| .data | 0x00015000 | 0x00003e60 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.66 |
| .idata | 0x00019000 | 0x000009b6 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.33 |
| .rsrc | 0x0001a000 | 0x00024d4d | 0x00024e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.41 |
| .reloc | 0x0003f000 | 0x00001224 | 0x00001400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.25 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| GQDPIW | 0x0001a518 | 0x000071ed | LANG_NEUTRAL | SUBLANG_NEUTRAL | 7.99 | data |
| RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
| RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
| RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
| RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
| RT_BITMAP | 0x0002f280 | 0x00003668 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.27 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_ICON | 0x0003a150 | 0x00004228 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 6.67 | data |
| RT_MENU | 0x0003e780 | 0x00000218 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.29 | data |
| RT_MENU | 0x0003e780 | 0x00000218 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.29 | data |
| RT_MENU | 0x0003e780 | 0x00000218 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.29 | data |
| RT_GROUP_ICON | 0x0003ea10 | 0x00000022 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.45 | MS Windows icon resource - 2 icons, 32x32 |
| RT_GROUP_ICON | 0x0003ea10 | 0x00000022 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 2.45 | MS Windows icon resource - 2 icons, 32x32 |
| RT_VERSION | 0x0003ea34 | 0x0000019c | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.16 | data |
| RT_MANIFEST | 0x0003ebd0 | 0x0000017d | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.91 | XML 1.0 document text |
导入
库: KERNEL32.dll:
• 0x41901c GetModuleHandleA
• 0x419020 FindAtomW
• 0x419024 CreateFileW
• 0x419028 FlushFileBuffers
• 0x41902c GetStringTypeW
• 0x419030 AddAtomW
• 0x419034 SetStdHandle
• 0x419038 OutputDebugStringW
• 0x41903c LCMapStringW
• 0x419040 GetProcAddress
• 0x419044 GetLastError
• 0x419048 lstrlenW
• 0x41904c GetTickCount
• 0x419050 WriteConsoleOutputCharacterW
• 0x419054 WriteConsoleW
• 0x419058 FillConsoleOutputCharacterA
• 0x41905c HeapReAlloc
• 0x419060 EncodePointer
• 0x419064 DecodePointer
• 0x419068 GetCommandLineA
• 0x41906c RaiseException
• 0x419070 RtlUnwind
• 0x419074 IsDebuggerPresent
• 0x419078 IsProcessorFeaturePresent
• 0x41907c ExitProcess
• 0x419080 GetModuleHandleExW
• 0x419084 MultiByteToWideChar
• 0x419088 WideCharToMultiByte
• 0x41908c HeapSize
• 0x419090 HeapFree
• 0x419094 HeapAlloc
• 0x419098 SetLastError
• 0x41909c GetCurrentThreadId
• 0x4190a0 GetProcessHeap
• 0x4190a4 GetStdHandle
• 0x4190a8 GetFileType
• 0x4190ac DeleteCriticalSection
• 0x4190b0 GetStartupInfoW
• 0x4190b4 GetModuleFileNameA
• 0x4190b8 WriteFile
• 0x4190bc GetModuleFileNameW
• 0x4190c0 QueryPerformanceCounter
• 0x4190c4 GetCurrentProcessId
• 0x4190c8 GetSystemTimeAsFileTime
• 0x4190cc GetEnvironmentStringsW
• 0x4190d0 FreeEnvironmentStringsW
• 0x4190d4 UnhandledExceptionFilter
• 0x4190d8 SetUnhandledExceptionFilter
• 0x4190dc InitializeCriticalSectionAndSpinCount
• 0x4190e0 Sleep
• 0x4190e4 GetCurrentProcess
• 0x4190e8 TerminateProcess
• 0x4190ec TlsAlloc
• 0x4190f0 TlsGetValue
• 0x4190f4 TlsSetValue
• 0x4190f8 TlsFree
• 0x4190fc GetModuleHandleW
• 0x419100 EnterCriticalSection
• 0x419104 LeaveCriticalSection
• 0x419108 GetConsoleCP
• 0x41910c GetConsoleMode
• 0x419110 SetFilePointerEx
• 0x419114 IsValidCodePage
• 0x419118 GetACP
• 0x41911c GetOEMCP
• 0x419120 GetCPInfo
• 0x419124 LoadLibraryExW
• 0x419128 CloseHandle
库: USER32.dll:
• 0x419140 LoadBitmapA
• 0x419144 LoadIconA
• 0x419148 GetRawInputBuffer
• 0x41914c GetCaretPos
• 0x419150 RegisterRawInputDevices
• 0x419154 LoadImageA
• 0x419158 LoadKeyboardLayoutA
• 0x41915c LoadCursorA
• 0x419160 LoadCursorFromFileA
• 0x419164 LoadAcceleratorsA
库: GDI32.dll:
• 0x419000 CopyEnhMetaFileA
• 0x419004 GetEnhMetaFileHeader
• 0x419008 CombineRgn
• 0x41900c ColorMatchToTarget
• 0x419010 CombineTransform
• 0x419014 ColorCorrectPalette
.text
`.data
.idata
@.rsrc
@.reloc
permission denied
file exists
no such device
filename too long
device or resource busy
io error
directory not empty
invalid argument
no space on device
no such file or directory
function not supported
no lock available
not enough memory
resource unavailable try again
cross device link
operation canceled
too many files open
permission_denied
address_in_use
address_not_available
address_family_not_supported
connection_already_in_progress
bad_file_descriptor
connection_aborted
connection_refused
connection_reset
destination_address_required
bad_address
host_unreachable
operation_in_progress
interrupted
invalid_argument
already_connected
too_many_files_open
message_size
filename_too_long
network_down
network_reset
network_unreachable
no_buffer_space
no_protocol_option
not_connected
not_a_socket
operation_not_supported
protocol_not_supported
wrong_protocol_type
timed_out
operation_would_block
address family not supported
address in use
address not available
already connected
argument list too long
argument out of domain
bad address
bad file descriptor
bad message
broken pipe
connection aborted
connection already in progress
connection refused
connection reset
destination address required
executable format error
file too large
host unreachable
identifier removed
illegal byte sequence
inappropriate io control operation
invalid seek
is a directory
message size
network down
network reset
network unreachable
no buffer space
no child process
no link
no message available
no message
no protocol option
no stream resources
no such device or address
no such process
not a directory
not a socket
not a stream
not connected
not supported
operation in progress
operation not permitted
operation not supported
operation would block
owner dead
protocol error
protocol not supported
read only file system
resource deadlock would occur
result out of range
state not recoverable
stream timeout
text file busy
timed out
too many files open in system
too many links
too many symbolic link levels
value too large
wrong protocol type
bad allocation
Unknown exception
(null)
`h````
CorExitProcess
log10
atan2
floor
ldexp
_cabs
_hypot
frexp
_logb
_nextafter
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
InitializeCriticalSectionEx
CreateEventExW
CreateSemaphoreExW
SetThreadStackGuarantee
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
FlushProcessWriteBuffers
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
GetLogicalProcessorInformation
CreateSymbolicLinkW
SetDefaultDllDirectories
EnumSystemLocalesEx
CompareStringEx
GetDateFormatEx
GetLocaleInfoEx
GetTimeFormatEx
GetUserDefaultLocaleName
IsValidLocaleName
LCMapStringEx
GetCurrentPackageId
GetTickCount64
GetFileInformationByHandleExW
SetFileInformationByHandleW
bad exception
e+000
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
__based(
__cdecl
__pascal
__stdcall
__thiscall
__fastcall
__vectorcall
__clrcall
__eabi
__ptr64
__restrict
__unaligned
restrict(
delete
operator
`vftable'
`vbtable'
`vcall'
`typeof'
`local static guard'
`string'
`vbase destructor'
`vector deleting destructor'
`default constructor closure'
`scalar deleting destructor'
`vector constructor iterator'
`vector destructor iterator'
`vector vbase constructor iterator'
`virtual displacement map'
`eh vector constructor iterator'
`eh vector destructor iterator'
`eh vector vbase constructor iterator'
`copy constructor closure'
`udt returning'
`RTTI
`local vftable'
`local vftable constructor closure'
new[]
delete[]
`omni callsig'
`placement delete closure'
`placement delete[] closure'
`managed vector constructor iterator'
`managed vector destructor iterator'
`eh vector copy constructor iterator'
`eh vector vbase copy constructor iterator'
`dynamic initializer for '
`dynamic atexit destructor for '
`vector copy constructor iterator'
`vector vbase copy constructor iterator'
`managed vector copy constructor iterator'
`local static thread guard'
Type Descriptor'
Base Class Descriptor at (
Base Class Array'
Class Hierarchy Descriptor'
Complete Object Locator'
MessageBoxW
GetActiveWindow
GetLastActivePopup
GetUserObjectInformationW
GetProcessWindowStation
1#SNAN
1#IND
1#INF
1#QNAN
generic
unknown error
iostream
iostream stream error
system
sdifghiasfdugh asdioufgho8rewyfghasikdiyf aisukdygfiasudygfaoiusydgfoiasd
dufghpsudfgh asd9fuhgs0odf87gh wdsopfiughsodfughosidufhgoisduhg %d
VirtualProtect
string too long
invalid string position
3=,SA
t6h,SA
Y;=|\A
Ph,SA
Vh2fA
<v5h2fA
9=toA
954qA
VhdZ@
VVhdZ@
tO9=DqA
SVWUj
95|\A
Vh|\A
u0hpc@
u!hxc@
SVWhpuA
uDh`qA
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
.?AV_Iostream_error_category@std@@
.?AV_System_error_category@std@@
.?AVerror_category@std@@
.?AV_Generic_error_category@std@@
FillConsoleOutputCharacterA
WriteConsoleOutputCharacterW
GetTickCount
lstrlenW
GetLastError
GetProcAddress
AddAtomW
GetModuleHandleA
FindAtomW
KERNEL32.dll
LoadCursorFromFileA
LoadCursorA
LoadKeyboardLayoutA
LoadImageA
RegisterRawInputDevices
GetCaretPos
LoadAcceleratorsA
GetRawInputBuffer
LoadIconA
LoadBitmapA
USER32.dll
CombineTransform
ColorMatchToTarget
CombineRgn
GetEnhMetaFileHeader
CopyEnhMetaFileA
ColorCorrectPalette
GDI32.dll
FindExecutableA
DragQueryFileW
ShellAboutA
SHELL32.dll
EncodePointer
DecodePointer
GetCommandLineA
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
HeapFree
HeapAlloc
SetLastError
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
LoadLibraryExW
HeapReAlloc
LCMapStringW
OutputDebugStringW
SetStdHandle
WriteConsoleW
GetStringTypeW
FlushFileBuffers
CreateFileW
CloseHandle
E"&`V
aVLaVL
aVLaVLaVLaVL
aVLaVLaVLaVLaVL
aVLaVLaVLaVL
aVLaVLaVLaVL
aVLaVLaVL
aVLaVLaVL
aVLaVL
<<hh**
0 0(00080@0H0P0X0
9':z:7<
3,3P3
(null)
mscoree.dll
runtime error
Program:
<program name unknown>
Microsoft Visual C++ Runtime Library
kernel32.dll
@ja-JP
zh-CN
ko-KR
zh-TW
Sunday
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
January
February
March
April
August
September
October
November
December
MM/dd/yy
dddd, MMMM dd, yyyy
HH:mm:ss
en-US
zh-CHS
ar-SA
bg-BG
ca-ES
cs-CZ
da-DK
de-DE
el-GR
fi-FI
fr-FR
he-IL
hu-HU
is-IS
it-IT
nl-NL
nb-NO
pl-PL
pt-BR
ro-RO
ru-RU
hr-HR
sk-SK
sq-AL
sv-SE
th-TH
tr-TR
ur-PK
id-ID
uk-UA
be-BY
sl-SI
et-EE
lv-LV
lt-LT
fa-IR
vi-VN
hy-AM
az-AZ-Latn
eu-ES
mk-MK
tn-ZA
xh-ZA
zu-ZA
af-ZA
ka-GE
fo-FO
hi-IN
mt-MT
se-NO
ms-MY
kk-KZ
ky-KG
sw-KE
uz-UZ-Latn
tt-RU
bn-IN
pa-IN
gu-IN
ta-IN
te-IN
kn-IN
ml-IN
mr-IN
sa-IN
mn-MN
cy-GB
gl-ES
kok-IN
syr-SY
div-MV
quz-BO
ns-ZA
mi-NZ
ar-IQ
de-CH
en-GB
es-MX
fr-BE
it-CH
nl-BE
nn-NO
pt-PT
sr-SP-Latn
sv-FI
az-AZ-Cyrl
se-SE
ms-BN
uz-UZ-Cyrl
quz-EC
ar-EG
zh-HK
de-AT
en-AU
es-ES
fr-CA
sr-SP-Cyrl
se-FI
quz-PE
ar-LY
zh-SG
de-LU
en-CA
es-GT
fr-CH
hr-BA
smj-NO
ar-DZ
zh-MO
de-LI
en-NZ
es-CR
fr-LU
bs-BA-Latn
smj-SE
ar-MA
en-IE
es-PA
fr-MC
sr-BA-Latn
sma-NO
ar-TN
en-ZA
es-DO
sr-BA-Cyrl
sma-SE
ar-OM
en-JM
es-VE
sms-FI
ar-YE
en-CB
es-CO
smn-FI
ar-SY
en-BZ
es-PE
ar-JO
en-TT
es-AR
ar-LB
en-ZW
es-EC
ar-KW
en-PH
es-CL
ar-AE
es-UY
ar-BH
es-PY
ar-QA
es-BO
es-SV
es-HN
es-NI
es-PR
zh-CHT
af-za
ar-ae
ar-bh
ar-dz
ar-eg
ar-iq
ar-jo
ar-kw
ar-lb
ar-ly
ar-ma
ar-om
ar-qa
ar-sa
ar-sy
ar-tn
ar-ye
az-az-cyrl
az-az-latn
be-by
bg-bg
bn-in
bs-ba-latn
ca-es
cs-cz
cy-gb
da-dk
de-at
de-ch
de-de
de-li
de-lu
div-mv
el-gr
en-au
en-bz
en-ca
en-cb
en-gb
en-ie
en-jm
en-nz
en-ph
en-tt
en-us
en-za
en-zw
es-ar
es-bo
es-cl
es-co
es-cr
es-do
es-ec
es-es
es-gt
es-hn
es-mx
es-ni
es-pa
es-pe
es-pr
es-py
es-sv
es-uy
es-ve
et-ee
eu-es
fa-ir
fi-fi
fo-fo
fr-be
fr-ca
fr-ch
fr-fr
fr-lu
fr-mc
gl-es
gu-in
he-il
hi-in
hr-ba
hr-hr
hu-hu
hy-am
id-id
is-is
it-ch
it-it
ja-jp
ka-ge
kk-kz
kn-in
kok-in
ko-kr
ky-kg
lt-lt
lv-lv
mi-nz
mk-mk
ml-in
mn-mn
mr-in
ms-bn
ms-my
mt-mt
nb-no
nl-be
nl-nl
nn-no
ns-za
pa-in
pl-pl
pt-br
pt-pt
quz-bo
quz-ec
quz-pe
ro-ro
ru-ru
sa-in
se-fi
se-no
se-se
sk-sk
sl-si
sma-no
sma-se
smj-no
smj-se
smn-fi
sms-fi
sq-al
sr-ba-cyrl
sr-ba-latn
sr-sp-cyrl
sr-sp-latn
sv-fi
sv-se
sw-ke
syr-sy
ta-in
te-in
th-th
tn-za
tr-tr
tt-ru
uk-ua
ur-pk
uz-uz-cyrl
uz-uz-latn
vi-vn
xh-za
zh-chs
zh-cht
zh-cn
zh-hk
zh-mo
zh-sg
zh-tw
zu-za
USER32.DLL
CONOUT$
asidjfbh asdiyf asdiofyhgasioudgyfh
GQDPIW
Ge wuvu
Lasojuvi boselace ribi wipa
Facuyepoba
Jeya wivarove
Maruzoka jaxupavo
Jiko tofo rafiyo fusihure vitevoco
Loseluyoke magi
Muto wevovage waza ripa
Dewu pu dujipa hi ripufiveri
Ku sixoyako noyemime ve zokofeco
Dulavive
Daviro
Kirejesisu tago racunimi
Cetisato pebofako cujese cetijerape jirunu
Jajamefena
Pepatove mi
Rawijohi leralu yedoyu viheto
Muyuzufi na su bifewege
Lupenuxi
Coxa socitamera ro sihebuvi vefavuva
Hiweka minihugo
Vizaho bekuxu gaxi
Gaya buwenade xelu laraju gerazibe
Tofesinine bo hi sela ya
Gijilo gamano po
Poxigece cifupeca
Rogaye
Towasa hedu
Jariguxu
Mocofote matoye fujihata
Rolude bi do
Geza cenusu wetaxu tesuje mirete
Dosefatu zuli
Pidefu rese jidevoge rorinayu
VS_VERSION_INFO
StringFileInfo
000004b0
FileVersion
1, 0, 0, 1
LegalCopyright
Copyright (C) 2017
ProductVersion
1, 0, 0, 1
VarFileInfo
Translation
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20170822 |
| MicroWorld-eScan | Trojan.GenericKDZ.40157 | 20170821 |
| nProtect | 未发现病毒 | 20170822 |
| CMC | 未发现病毒 | 20170821 |
| CAT-QuickHeal | 未发现病毒 | 20170821 |
| McAfee | RDN/Generic.hbg | 20170822 |
| Cylance | Unsafe | 20170822 |
| Zillya | 未发现病毒 | 20170821 |
| AegisLab | Troj.W32.Generic!c | 20170822 |
| K7AntiVirus | Trojan ( 00514d6a1 ) | 20170821 |
| K7GW | Trojan ( 00514d6a1 ) | 20170821 |
| TheHacker | 未发现病毒 | 20170821 |
| Arcabit | Trojan.Generic.D9CDD | 20170822 |
| TrendMicro | 未发现病毒 | 20170822 |
| Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9996 | 20170817 |
| Cyren | W32/Trojan.JIRZ-1385 | 20170822 |
| Symantec | Trojan.Gen.2 | 20170822 |
| ESET-NOD32 | a variant of Win32/Kryptik.FVRV | 20170822 |
| TrendMicro-HouseCall | Suspicious_GEN.F47V0820 | 20170822 |
| Avast | Win32:Malware-gen | 20170822 |
| ClamAV | 未发现病毒 | 20170822 |
| GData | Trojan.GenericKDZ.40157 | 20170822 |
| Kaspersky | HEUR:Trojan.Win32.Generic | 20170822 |
| BitDefender | Trojan.GenericKDZ.40157 | 20170822 |
| NANO-Antivirus | 未发现病毒 | 20170822 |
| ViRobot | Trojan.Win32.Z.Agent.246784.EL | 20170822 |
| Tencent | Win32.Trojan.Inject.Auto | 20170822 |
| Ad-Aware | Trojan.GenericKDZ.40157 | 20170822 |
| Emsisoft | Trojan.GenericKDZ.40157 (B) | 20170822 |
| Comodo | UnclassifiedMalware | 20170822 |
| F-Secure | Trojan.GenericKDZ.40157 | 20170822 |
| DrWeb | Trojan.TinyNuke.9 | 20170822 |
| VIPRE | Trojan.Win32.Generic!BT | 20170822 |
| Invincea | heuristic | 20170818 |
| McAfee-GW-Edition | BehavesLike.Win32.Downloader.dc | 20170822 |
| Sophos | Mal/Generic-S | 20170821 |
| Ikarus | Trojan.Win32.Crypt | 20170821 |
| F-Prot | 未发现病毒 | 20170822 |
| Jiangmin | 未发现病毒 | 20170822 |
| Webroot | W32.Trojan.Gen | 20170822 |
| Avira | TR/Crypt.Xpack.sjvei | 20170822 |
| Antiy-AVL | Trojan/Win32.TSGeneric | 20170822 |
| Kingsoft | 未发现病毒 | 20170822 |
| Endgame | malicious (high confidence) | 20170821 |
| SUPERAntiSpyware | 未发现病毒 | 20170822 |
| ZoneAlarm | HEUR:Trojan.Win32.Generic | 20170822 |
| Microsoft | TrojanSpy:Win32/Tinukebot.A!bit | 20170822 |
| AhnLab-V3 | Trojan/Win32.MDA.R207046 | 20170822 |
| ALYac | Trojan.GenericKDZ.40157 | 20170822 |
| AVware | Trojan.Win32.Generic!BT | 20170822 |
| MAX | malware (ai score=84) | 20170822 |
| VBA32 | 未发现病毒 | 20170821 |
| Malwarebytes | Trojan.MalPack | 20170822 |
| WhiteArmor | 未发现病毒 | 20170817 |
| Panda | Trj/CI.A | 20170821 |
| Zoner | 未发现病毒 | 20170822 |
| Rising | Malware.Obscure/Heur!1.A89E (cloud:tDR9ZW8vmaK) | 20170822 |
| Yandex | 未发现病毒 | 20170821 |
| SentinelOne | static engine - malicious | 20170806 |
| Fortinet | W32/ETap.A | 20170822 |
| AVG | Win32:Malware-gen | 20170822 |
| Paloalto | generic.ml | 20170822 |
| CrowdStrike | malicious_confidence_60% (W) | 20170804 |
| Qihoo-360 | 未发现病毒 | 20170822 |
进程树
-
1.exe id: 1588
-
1.exe id: 2064
-
94D355F270963256450765.exe id: 2316
-
94D355F270963256450765.exe id: 2376
- dllhost.exe id: 2616
-
94D355F270963256450765.exe id: 2376
-
94D355F270963256450765.exe id: 2316
-
1.exe id: 2064
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 195.2.252.59 | 俄罗斯 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49180 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49181 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49192 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49193 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49195 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49196 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49197 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49198 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49199 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49200 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49201 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49202 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49205 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49206 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49207 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49208 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49209 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49212 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49215 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49216 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49217 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49220 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49221 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49222 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49223 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49224 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49225 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49226 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49227 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49228 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49229 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49230 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49231 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49232 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49233 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49234 | 195.2.252.59 | 80 |
UDP
无UDP连接纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49180 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49181 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49192 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49193 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49195 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49196 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49197 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49198 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49199 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49200 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49201 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49202 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49205 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49206 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49207 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49208 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49209 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49212 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49215 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49216 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49217 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49220 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49221 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49222 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49223 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49224 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49225 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49226 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49227 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49228 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49229 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49230 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49231 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49232 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49233 | 195.2.252.59 | 80 |
| 192.168.122.201 | 49234 | 195.2.252.59 | 80 |
UDP
无UDP连接纪录.
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://195.2.252.59/PANEL/gate.php?94D355F270963256450765 | POST /PANEL/gate.php?94D355F270963256450765 HTTP/1.1 Host: 195.2.252.59 Pragma: no-cache Content-type: text/html Connection: close |
| URL专业沙箱检测 -> http://195.2.252.59/PANEL/gate.php?94D355F270963256450765 | POST /PANEL/gate.php?94D355F270963256450765 HTTP/1.1 Host: 195.2.252.59 Pragma: no-cache Content-type: text/html Connection: close Content-Length: 9 |
| URL专业沙箱检测 -> http://195.2.252.59/PANEL/gate.php?94D355F270963256450765 | POST /PANEL/gate.php?94D355F270963256450765 HTTP/1.1 Host: 195.2.252.59 Pragma: no-cache Content-type: text/html Connection: close Content-Length: 36 |
| URL专业沙箱检测 -> http://195.2.252.59/PANEL/gate.php?94D355F270963256450765 | POST /PANEL/gate.php?94D355F270963256450765 HTTP/1.1 Host: 195.2.252.59 Pragma: no-cache Content-type: text/html Connection: close Content-Length: 4 |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2017-08-22 22:32:06.261357+0800 | 192.168.122.201 | 49180 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:06.261357+0800 | 192.168.122.201 | 49180 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:06.261357+0800 | 192.168.122.201 | 49180 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:06.796607+0800 | 192.168.122.201 | 49181 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:06.796607+0800 | 192.168.122.201 | 49181 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:08.988870+0800 | 192.168.122.201 | 49193 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:08.988870+0800 | 192.168.122.201 | 49193 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:08.447192+0800 | 192.168.122.201 | 49192 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:08.447192+0800 | 192.168.122.201 | 49192 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:08.447192+0800 | 192.168.122.201 | 49192 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:07.119073+0800 | 192.168.122.201 | 49181 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:11.188434+0800 | 192.168.122.201 | 49197 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:09.280403+0800 | 192.168.122.201 | 49193 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:11.188434+0800 | 192.168.122.201 | 49197 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:11.192806+0800 | 192.168.122.201 | 49196 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:10.389838+0800 | 192.168.122.201 | 49195 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:11.192806+0800 | 192.168.122.201 | 49196 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:10.389838+0800 | 192.168.122.201 | 49195 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:11.451857+0800 | 192.168.122.201 | 49197 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:10.652904+0800 | 192.168.122.201 | 49195 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:11.490740+0800 | 192.168.122.201 | 49196 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:12.555153+0800 | 192.168.122.201 | 49198 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:12.555153+0800 | 192.168.122.201 | 49198 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:23.896651+0800 | 192.168.122.201 | 49200 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:23.896651+0800 | 192.168.122.201 | 49200 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:21.949313+0800 | 192.168.122.201 | 49199 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:21.949313+0800 | 192.168.122.201 | 49199 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:12.853063+0800 | 192.168.122.201 | 49198 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:22.192550+0800 | 192.168.122.201 | 49199 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:24.204594+0800 | 192.168.122.201 | 49200 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:25.243631+0800 | 192.168.122.201 | 49201 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:25.243631+0800 | 192.168.122.201 | 49201 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:25.520832+0800 | 192.168.122.201 | 49201 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:32.725230+0800 | 192.168.122.201 | 49202 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:32.725230+0800 | 192.168.122.201 | 49202 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:36.564702+0800 | 192.168.122.201 | 49205 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:36.564702+0800 | 192.168.122.201 | 49205 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:32.985205+0800 | 192.168.122.201 | 49202 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:36.853943+0800 | 192.168.122.201 | 49205 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:37.901242+0800 | 192.168.122.201 | 49206 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:37.901242+0800 | 192.168.122.201 | 49206 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:38.185220+0800 | 192.168.122.201 | 49206 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:49.233982+0800 | 192.168.122.201 | 49208 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:43.533894+0800 | 192.168.122.201 | 49207 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:49.233982+0800 | 192.168.122.201 | 49208 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:43.533894+0800 | 192.168.122.201 | 49207 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:43.797447+0800 | 192.168.122.201 | 49207 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:49.524898+0800 | 192.168.122.201 | 49208 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:50.590443+0800 | 192.168.122.201 | 49209 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:50.590443+0800 | 192.168.122.201 | 49209 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:50.899266+0800 | 192.168.122.201 | 49209 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:32:54.357152+0800 | 192.168.122.201 | 49212 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:32:54.357152+0800 | 192.168.122.201 | 49212 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:01.976907+0800 | 192.168.122.201 | 49215 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:01.976907+0800 | 192.168.122.201 | 49215 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:32:54.626545+0800 | 192.168.122.201 | 49212 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:02.276465+0800 | 192.168.122.201 | 49215 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:05.172372+0800 | 192.168.122.201 | 49217 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:05.172372+0800 | 192.168.122.201 | 49217 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:03.608498+0800 | 192.168.122.201 | 49216 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:14.932809+0800 | 192.168.122.201 | 49220 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:03.608498+0800 | 192.168.122.201 | 49216 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:14.932809+0800 | 192.168.122.201 | 49220 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:05.436549+0800 | 192.168.122.201 | 49217 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:03.893411+0800 | 192.168.122.201 | 49216 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:15.216921+0800 | 192.168.122.201 | 49220 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:15.982005+0800 | 192.168.122.201 | 49221 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:15.982005+0800 | 192.168.122.201 | 49221 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:27.638250+0800 | 192.168.122.201 | 49224 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:27.638250+0800 | 192.168.122.201 | 49224 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:26.738216+0800 | 192.168.122.201 | 49223 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:16.246538+0800 | 192.168.122.201 | 49221 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:26.738216+0800 | 192.168.122.201 | 49223 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:27.947539+0800 | 192.168.122.201 | 49224 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:26.983318+0800 | 192.168.122.201 | 49223 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:16.262192+0800 | 192.168.122.201 | 49222 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:16.262192+0800 | 192.168.122.201 | 49222 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:40.398325+0800 | 192.168.122.201 | 49227 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:40.398325+0800 | 192.168.122.201 | 49227 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:16.552733+0800 | 192.168.122.201 | 49222 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:29.049915+0800 | 192.168.122.201 | 49225 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:29.049915+0800 | 192.168.122.201 | 49225 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:37.522635+0800 | 192.168.122.201 | 49226 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:37.522635+0800 | 192.168.122.201 | 49226 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:40.683577+0800 | 192.168.122.201 | 49227 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:37.776779+0800 | 192.168.122.201 | 49226 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:29.345610+0800 | 192.168.122.201 | 49225 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:41.724724+0800 | 192.168.122.201 | 49228 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:41.724724+0800 | 192.168.122.201 | 49228 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:54.435744+0800 | 192.168.122.201 | 49231 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:54.435744+0800 | 192.168.122.201 | 49231 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:42.011655+0800 | 192.168.122.201 | 49228 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:48.324400+0800 | 192.168.122.201 | 49229 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:48.324400+0800 | 192.168.122.201 | 49229 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:54.717754+0800 | 192.168.122.201 | 49231 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:48.589424+0800 | 192.168.122.201 | 49229 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:53.081142+0800 | 192.168.122.201 | 49230 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:53.081142+0800 | 192.168.122.201 | 49230 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:53.374744+0800 | 192.168.122.201 | 49230 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:34:05.778163+0800 | 192.168.122.201 | 49233 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:34:05.778163+0800 | 192.168.122.201 | 49233 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:33:59.138487+0800 | 192.168.122.201 | 49232 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:33:59.138487+0800 | 192.168.122.201 | 49232 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:34:06.080210+0800 | 192.168.122.201 | 49233 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:33:59.405210+0800 | 192.168.122.201 | 49232 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
| 2017-08-22 22:34:07.150199+0800 | 192.168.122.201 | 49234 | 195.2.252.59 | 80 | TCP | 2017930 | ET TROJAN Trojan Generic - POST To gate.php with no referer | A Network Trojan was detected |
| 2017-08-22 22:34:07.150199+0800 | 192.168.122.201 | 49234 | 195.2.252.59 | 80 | TCP | 2022986 | ET TROJAN Likely Zbot Generic Post to gate.php Dotted-Quad | A Network Trojan was detected |
| 2017-08-22 22:34:07.444795+0800 | 192.168.122.201 | 49234 | 195.2.252.59 | 80 | TCP | 2022985 | ET TROJAN Trojan Generic - POST To gate.php with no accept headers | A Network Trojan was detected |
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | 94D355F270963256450765 |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\94D355F270963256450765
|
| 文件大小 | 38 字节 |
| 文件类型 | ASCII text, with no line terminators |
| MD5 | 65049f4c4c1aa9b8aeb988d0619ded8a |
| SHA1 | 0da4845b935838efc0afcfe75b10e5724eaa60c3 |
| SHA256 | 10f748895d50d4f3174f5b77ae42a932606592694ccafcc3edf0c8e877ba4c52 |
| CRC32 | 173D9D27 |
| Ssdeep | 3:oNmWfkiE2J5xAImACn:oNm+kn23fyn |
| 下载 提交魔盾安全分析 显示文本 | |
C:\Users\test\AppData\Local\Temp\1.exe |
|
| 文件名 | 94D355F270963256450765.exe |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\94D355F270963256450765\94D355F270963256450765.exe
|
| 文件大小 | 246784 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 4e3b8920c730df878b149a30d35d7163 |
| SHA1 | 040a4158da904705b38fe7c943c7fc2d674da6e7 |
| SHA256 | 47cf31a80061edd87d99518298951f3a71ead96ec3153728f68199d6a0bc303f |
| CRC32 | 2701284A |
| Ssdeep | 6144:tRnXlF9dSmU2D22k2222f2222H222282222w2222L2222A2222Z2222O2222fbmE:txXPGmU2D22k2222f2222H222282222t |
| Yara |
|
| 下载 提交魔盾安全分析 |
| 文件名 | 94D355F27096325645076532 |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\94D355F27096325645076532
|
| 文件大小 | 62464 字节 |
| 文件类型 | data |
| MD5 | 731bab3d3508aa0869f0342a9aa11467 |
| SHA1 | 282d224b57ab4a35d687e33068b940179b9462ba |
| SHA256 | fe82efee93de3a80e9854454877c8f4daa2b95c1286b075bc7981a32ae334c12 |
| CRC32 | EDC97B7B |
| Ssdeep | 1536:02kWr0SOTOKvxfWtn9Hc01Ry6snFLGy5z695uCQDP:02k/SYOIxfKH1DsnFLGwzc5u3 |
| 下载 提交魔盾安全分析 |
| 文件名 | 94D355F27096325645076564 |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\94D355F27096325645076564
|
| 文件大小 | 47616 字节 |
| 文件类型 | data |
| MD5 | 41791bdffdc74441046c87471d4e0091 |
| SHA1 | 3cb7569e4683882f6f500eaf6d27f485b27f2ac3 |
| SHA256 | e9888ee3f8bae9be5872ed965446ae2f52ce1eca2dd3db9deec1a28a6e286983 |
| CRC32 | 1133678C |
| Ssdeep | 768:Yx4Wh2GZ+FX+qXpiEGiyJcl1bfNRjcOOVyE2yy5rUmz06LmZ61034AWeAJrGZrop:Yx4WIGZ+Yq3GAXNsyExCrRn1npegrGZq |
| 下载 提交魔盾安全分析 |
| 文件名 | prefs.js |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\i072kp8z.default-1494515848972\prefs.js
|
| 文件大小 | 19089 字节 |
| 文件类型 | ASCII text, with very long lines, with CRLF line terminators |
| MD5 | d4161f93e43e4f9423c9bf8e0e684b0b |
| SHA1 | b8ba7dd66d06b0f3e79fd311282776642394b8b5 |
| SHA256 | d2a3dffffcf6fe4196b3c1a75d0b3d62932f971ec81c8b3e20def295d5f978cf |
| CRC32 | F90281F3 |
| Ssdeep | 192:VHzTgv5+adaIMC6EMJu6w1tF1xKRVD5+jzYfY76D1hWZz87l8z9BgHfivGIPD:NXs1tFjKH4jkQicZzOle9BofwGSD |
| Yara |
|
| 下载 提交魔盾安全分析 显示文本 | |
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see http://www.mozilla.org/unix/customizing.html#prefs
*/
user_pref("app.update.auto", false);
user_pref("app.update.enabled", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1494516579);
user_pref("app.update.lastUpdateTime.background-update-timer", 1496022491);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1494516701);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1495632979);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1494516459);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1495633099);
user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1494516821);
user_pref("app.update.service.enabled", false);
user_pref("browser.cache.disk.capacity", 358400);
user_pref("browser.cache.disk.filesystem_reported", 1);
user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("browser.cache.disk.smart_size.use_old_max", false);
user_pref("browser.cache.disk.smart_size_cached_value", 614400);
user_pref("browser.cache.frecency_experiment", 2);
user_pref("browser.download.importedFromSqlite", true);
user_pref("browser.link.open_newwindow", 2);
user_pref("browser.migrated-sync-button", true);
user_pref("browser.migration.version", 37);
user_pref("browser.newtabpage.enhanced", true);
user_pref("browser.newtabpage.storageVersion", 1);
user_pref("browser.offline-apps.notify", false);
user_pref("browser.pagethumbnails.storage_version", 3);
user_pref("browser.places.smartBookmarksVersion", 7);
user_pref("browser.preferences.advanced.selectedTabIndex", 3);
user_pref("browser.rights.3.shown", true);
user_pref("browser.safebrowsing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.provider.baidu.lastupdatetime", "1494517226569");
user_pref("browser.safebrowsing.provider.baidu.nextupdatetime", "1494518397569");
user_pref("browser.search.countryCode", "CN");
user_pref("browser.search.region", "CN");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.update", false);
user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20161031133903");
user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("browser.shell.defaultBrowserCheckCount", 1);
user_pref("browser.slowStartup.averageTime", 8217);
user_pref("browser.slowStartup.samples", 1);
user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.startup.homepage_override.buildID", "20121011153109");
user_pref("browser.startup.homepage_override.mstone", "rv:10.0.9");
user_pref("browser.tabs.loadInBackground", false);
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.tabs.warnOnOpen", false);
user_pref("browser.taskbar.lastgroupid", "E7CF176E110C211B");
user_pref("browser.toolbarbuttons.introduced.pocket-button", true);
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-button\",\"history-panelmenu\",\"fullscreen-button\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\",\"commonfix\",\"sync-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"],\"PersonalToolbar\":[\"personal-bookmarks\",\"mozcn-mobile-bookmarks-button\"],\"nav-bar\":[\"urlbar-container\",\"search-container\",\"bookmarks-menu-button\",\"downloads-button\",\"home-button\",\"ce-undo-close-toolbar-button\",\"ce_easyscreenshot\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"toolbar-menubar\":[\"menubar-items\"]},\"seen\":[\"commonfix\",\"pocket-button\",\"loop-button\",\"mozcn-mobile-bookmarks-button\",\"ce-undo-close-toolbar-button\",\"ce_easyscreenshot\"],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\"],\"currentVersion\":6,\"newElementCount\":0}");
user_pref("cpmanager@mozillaonline.com.switch_fxa_pref.checked", true);
user_pref("datareporting.healthreport.nextDataSubmissionTime", "1494602265106");
user_pref("datareporting.healthreport.service.firstRun", true);
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 2);
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1494515906292");
user_pref("datareporting.policy.firstRunTime", "1494515865105");
user_pref("datareporting.sessions.current.activeTicks", 62);
user_pref("datareporting.sessions.current.clean", true);
user_pref("datareporting.sessions.current.firstPaint", 7845);
user_pref("datareporting.sessions.current.main", 1124);
user_pref("datareporting.sessions.current.sessionRestored", 8665);
user_pref("datareporting.sessions.current.startTime", "1495632854199");
user_pref("datareporting.sessions.current.totalTime", 341);
user_pref("datareporting.sessions.currentIndex", 5);
user_pref("datareporting.sessions.previous.0", "{\"s\":1494515848885,\"a\":4,\"t\":39,\"c\":true,\"m\":67,\"fp\":843,\"sr\":22445}");
user_pref("datareporting.sessions.previous.1", "{\"s\":1494515894233,\"a\":14,\"t\":70,\"c\":true,\"m\":93,\"fp\":1808,\"sr\":2060}");
user_pref("datareporting.sessions.previous.2", "{\"s\":1494515969084,\"a\":41,\"t\":1134,\"c\":true,\"m\":93,\"fp\":1431,\"sr\":1769}");
user_pref("datareporting.sessions.previous.3", "{\"s\":1494517107439,\"a\":7,\"t\":100,\"c\":true,\"m\":391,\"fp\":13377,\"sr\":13647}");
user_pref("datareporting.sessions.previous.4", "{\"s\":1494517214010,\"a\":32,\"t\":162,\"c\":true,\"m\":156,\"fp\":3331,\"sr\":3548}");
user_pref("distribution.MozillaOnline.bookmarksProcessed", true);
user_pref("dom.apps.reset-permissions", true);
user_pref("dom.disable_open_during_load", false);
user_pref("dom.mozApps.used", true);
user_pref("e10s.rollout.cohort", "unsupportedChannel");
user_pref("experiments.activeExperiment", false);
user_pref("extensions.addoninstaller.installation.completedtime", "30496226305439104");
user_pref("extensions.addoninstaller.null", false);
user_pref("extensions.addoninstaller.personas@mozillaonline.com", false);
user_pref("extensions.addoninstaller.quicklaunch@mozillaonline.com", false);
user_pref("extensions.addoninstaller.share_all_cn@mozillaonline.com", false);
user_pref("extensions.addoninstaller.xthunder@lshai.com", false);
user_pref("extensions.addoninstaller.youdao-translate@mozillaonline.com", false);
user_pref("extensions.addonnotification.default_rules_version", "0.7");
user_pref("extensions.blocklist.pingCountTotal", 2);
user_pref("extensions.blocklist.pingCountVersion", -1);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.cmimprove.features.sanitize.show", true);
user_pref("extensions.coba.official.filterlist", "*.icbc.com.cn* *.abchina.com* *.95599.cn* *.ecitic.com* *.cebbank.com* *.bankcomm.com* *.95559.com.cn* *.hxb.com.cn* *.psbc.com* *.bankofbeijing.com.cn* *.srcb.com* *.bankofshanghai.com* *.hzbank.com.cn* *.bjrcb.com* *.fudian-bank.com* *.wzcb.com.cn* *.cbhb.com.cn* *.njcb.com.cn* *.ccfccb.cn* *.nbcb.com.cn* *.chinastock.com.cn* *member.chinaacc.com//selectcourse/confirmSelect.shtm?* *toefl.etest.net.cn/*/SelectFeeType* *vpn.chinasafety.gov.cn/* *duiyi.sina.com.cn/giboview/giboview.asp?* *bjrbj.gov.cn/*");
user_pref("extensions.commonfix@mozillaonline.com.sdk.baseURI", "resource://commonfix-at-mozillaonline-dot-com/");
user_pref("extensions.commonfix@mozillaonline.com.sdk.domain", "commonfix-at-mozillaonline-dot-com");
user_pref("extensions.commonfix@mozillaonline.com.sdk.load.reason", "startup");
user_pref("extensions.commonfix@mozillaonline.com.sdk.rootURI", "jar:file:///C:/Users/test/AppData/Roaming/Mozilla/Firefox/Profiles/i072kp8z.default-1494515848972/extensions/commonf <truncated> |
|
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 24.646 seconds )
- 11.339 NetworkAnalysis
- 7.219 Suricata
- 1.45 Dropped
- 1.408 BehaviorAnalysis
- 1.299 VirusTotal
- 0.879 TargetInfo
- 0.628 Static
- 0.311 peid
- 0.053 AnalysisInfo
- 0.034 Debug
- 0.025 Strings
- 0.001 Memory
Signatures ( 2.568 seconds )
- 1.766 md_url_bl
- 0.415 md_bad_drop
- 0.128 dridex_behavior
- 0.066 stealth_timeout
- 0.032 stealth_network
- 0.015 antivm_generic_disk
- 0.013 mimics_filetime
- 0.012 antiav_detectreg
- 0.012 md_domain_bl
- 0.011 antiemu_wine_func
- 0.011 virus
- 0.01 stealth_file
- 0.009 bootkit
- 0.009 reads_self
- 0.005 persistence_autorun
- 0.005 antiav_detectfile
- 0.005 infostealer_ftp
- 0.005 ransomware_files
- 0.004 ransomware_extensions
- 0.003 injection_createremotethread
- 0.003 geodo_banking_trojan
- 0.003 infostealer_bitcoin
- 0.003 infostealer_im
- 0.002 tinba_behavior
- 0.002 antivm_vbox_libs
- 0.002 antianalysis_detectreg
- 0.002 antivm_vbox_files
- 0.002 disables_browser_warn
- 0.002 infostealer_mail
- 0.002 network_http
- 0.001 hawkeye_behavior
- 0.001 antiav_avast_libs
- 0.001 betabot_behavior
- 0.001 kazybot_behavior
- 0.001 exec_crash
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 modify_proxy
- 0.001 browser_security
Reporting ( 0.849 seconds )
- 0.489 Malheur
- 0.36 ReportHTMLSummary
| Task ID | 111357 |
|---|---|
| Mongo ID | 599c4106a093ef39d7c526d5 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号