分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp03-2 | 2017-12-15 11:32:43 | 2017-12-15 11:35:07 | 144 秒 |
文件名 | 4.exe |
---|---|
文件大小 | 215040 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 1c8bc73dcd85cb6bdece3c05e74a1887 |
SHA1 | 05c6dd41dec0fb4eca39a32970e341b96b53c4af |
SHA256 | 291ed3b7c84c59637a0ee2c4b51b7c46695cbe97d0c40c5881e6ffb1c08e3f89 |
SHA512 | c3d57a2711da38272832310a9da326149ee1ade93cad4203ca4ae4ed64406a8ebc2f93871ee0d982336b3e91dc448e90e7e33c6beaa039b4d00216a3581d9338 |
CRC32 | 294E131E |
Ssdeep | 3072:j/Xb8YZDjwbseaXdQbMUPbUJl/9siaYNBGrxK0itljcs:j/Xb8YZDjBXdQAUbGnaG0E0iTP |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 139.59.208.246 | 新加坡 | |
否 | 172.231.74.187 | 美国 | |
否 | 202.89.233.100 | 中国 | |
否 | 202.89.233.101 | 中国 | |
否 | 23.198.128.9 | 美国 | |
是 | 47.88.216.71 | 加拿大 | |
否 | 65.54.226.150 | 美国 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00407b5e |
声明校验值 | 0x0003e49d |
实际校验值 | 0x0004449d |
最低操作系统版本要求 | 5.1 |
PDB路径 | C:\Simulation\HashtagO.pdb |
编译时间 | 2015-01-20 00:44:13 |
载入哈希 | 3facaeea87d5a2bb0a0aa7e756b1728d |
图标 | |
图标精确哈希值 | 92b41776b582644438095f04c113e59d |
图标相似性哈希值 | c4371c12668f99cf2b2726140ec97ac6 |
LegalCopyright | |
---|---|
CompanyName | |
LegalTrademarks | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00011099 | 0x00011200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.54 |
.rdata | 0x00013000 | 0x00004fd2 | 0x00005000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.17 |
.data | 0x00018000 | 0x00001f7c | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.75 |
.rsrc | 0x0001a000 | 0x0001fe3c | 0x0001d000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.28 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
PNG | 0x0001e7f4 | 0x0000039d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.68 | PNG image data, 17 x 32, 8-bit/color RGBA, non-interlaced |
RCDATA | 0x000243a4 | 0x000003b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.72 | data |
RCDATA | 0x000243a4 | 0x000003b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.72 | data |
RCDATA | 0x000243a4 | 0x000003b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.72 | data |
RCDATA | 0x000243a4 | 0x000003b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.72 | data |
RCDATA | 0x000243a4 | 0x000003b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.72 | data |
RCDATA | 0x000243a4 | 0x000003b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.72 | data |
RCDATA | 0x000243a4 | 0x000003b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 7.72 | data |
RT_CURSOR | 0x00025f54 | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | data |
RT_CURSOR | 0x00025f54 | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | data |
RT_CURSOR | 0x00025f54 | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | data |
RT_CURSOR | 0x00025f54 | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | data |
RT_CURSOR | 0x00025f54 | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | data |
RT_CURSOR | 0x00025f54 | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_BITMAP | 0x000293c4 | 0x00000088 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.41 | data |
RT_ICON | 0x000350a4 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.68 | dBase III DBT, version number 0, next free block index 40 |
RT_ICON | 0x000350a4 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.68 | dBase III DBT, version number 0, next free block index 40 |
RT_ICON | 0x000350a4 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.68 | dBase III DBT, version number 0, next free block index 40 |
RT_ICON | 0x000350a4 | 0x00000988 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.68 | dBase III DBT, version number 0, next free block index 40 |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_DIALOG | 0x000364fc | 0x00000214 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.26 | data |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_CURSOR | 0x000367c4 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.02 | MS Windows cursor resource - 1 icon, 32x256, hotspot @1x1 |
RT_GROUP_ICON | 0x000367d8 | 0x0000003e | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.80 | MS Windows icon resource - 4 icons, 72x72 |
RT_VERSION | 0x00036818 | 0x00000360 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.46 | data |
RT_MANIFEST | 0x00036b78 | 0x000002c1 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.03 | XML 1.0 document, ASCII text, with CRLF line terminators |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20171214 |
MicroWorld-eScan | Trojan.GenericKD.12674758 | 20171214 |
nProtect | 未发现病毒 | 20171214 |
CMC | 未发现病毒 | 20171214 |
CAT-QuickHeal | Backdoor.Androm | 20171214 |
ALYac | 未发现病毒 | 20171214 |
Cylance | Unsafe | 20171214 |
Zillya | 未发现病毒 | 20171214 |
TheHacker | 未发现病毒 | 20171210 |
K7GW | Trojan-Downloader ( 004f875e1 ) | 20171214 |
K7AntiVirus | Trojan-Downloader ( 004f875e1 ) | 20171214 |
TrendMicro | TROJ_GEN.R00EC0WLE17 | 20171214 |
Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9996 | 20171212 |
F-Prot | 未发现病毒 | 20171214 |
Symantec | Trojan.Gen | 20171214 |
TotalDefense | 未发现病毒 | 20171214 |
TrendMicro-HouseCall | TROJ_GEN.R00EC0WLE17 | 20171214 |
Avast | FileRepMalware | 20171214 |
ClamAV | Win.Trojan.Agent-6399167-0 | 20171214 |
Kaspersky | Backdoor.Win32.Androm.osiq | 20171214 |
BitDefender | Trojan.GenericKD.12674758 | 20171214 |
NANO-Antivirus | 未发现病毒 | 20171214 |
ViRobot | 未发现病毒 | 20171214 |
AegisLab | Backdoor.W32.Androm!c | 20171214 |
Rising | 未发现病毒 | 20171214 |
Ad-Aware | Trojan.GenericKD.12674758 | 20171214 |
Sophos | Mal/Generic-S | 20171214 |
Comodo | 未发现病毒 | 20171214 |
F-Secure | Trojan.GenericKD.12674758 | 20171214 |
DrWeb | Trojan.DownLoader26.793 | 20171214 |
VIPRE | 未发现病毒 | 20171214 |
Invincea | heuristic | 20170914 |
McAfee-GW-Edition | Artemis | 20171214 |
Emsisoft | Trojan.GenericKD.12674758 (B) | 20171214 |
Ikarus | Trojan-Downloader.Win32.Zurgop | 20171214 |
Cyren | W32/Trojan.PEQT-6726 | 20171214 |
Jiangmin | 未发现病毒 | 20171214 |
Webroot | W32.Trojan.Gen | 20171214 |
Avira | TR/Crypt.Xpack.mgkwj | 20171214 |
Fortinet | W32/Zurgop.CO!tr.dldr | 20171214 |
Antiy-AVL | 未发现病毒 | 20171214 |
Kingsoft | 未发现病毒 | 20171214 |
Endgame | malicious (high confidence) | 20171130 |
Arcabit | Trojan.Generic.DC166C6 | 20171214 |
SUPERAntiSpyware | 未发现病毒 | 20171214 |
ZoneAlarm | Backdoor.Win32.Androm.osiq | 20171214 |
Avast-Mobile | 未发现病毒 | 20171214 |
Microsoft | TrojanDownloader:Win32/Dofoil.AC | 20171214 |
AhnLab-V3 | Win-Trojan/Sagecrypt.Gen | 20171214 |
McAfee | Artemis!1C8BC73DCD85 | 20171214 |
AVware | Trojan.Win32.Generic!BT | 20171214 |
MAX | malware (ai score=100) | 20171214 |
VBA32 | 未发现病毒 | 20171214 |
Malwarebytes | Trojan.SmokeLoader | 20171214 |
WhiteArmor | 未发现病毒 | 20171204 |
Panda | Trj/CI.A | 20171214 |
Zoner | 未发现病毒 | 20171214 |
ESET-NOD32 | Win32/TrojanDownloader.Zurgop.CO | 20171214 |
Tencent | Suspicious.Heuristic.Gen.b.0 | 20171214 |
Yandex | 未发现病毒 | 20171214 |
SentinelOne | static engine - malicious | 20171207 |
eGambit | 未发现病毒 | 20171214 |
GData | Trojan.GenericKD.12674758 | 20171214 |
AVG | FileRepMalware | 20171214 |
Cybereason | 未发现病毒 | 20171103 |
Paloalto | generic.ml | 20171214 |
CrowdStrike | malicious_confidence_90% (W) | 20171016 |
Qihoo-360 | Trojan.Generic | 20171214 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 139.59.208.246 | 新加坡 | |
否 | 172.231.74.187 | 美国 | |
否 | 202.89.233.100 | 中国 | |
否 | 202.89.233.101 | 中国 | |
否 | 23.198.128.9 | 美国 | |
是 | 47.88.216.71 | 加拿大 | |
否 | 65.54.226.150 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 51760 | 139.59.208.246 | 53 |
192.168.122.202 | 52828 | 139.59.208.246 | 53 |
192.168.122.202 | 49166 | 172.231.74.187 go.microsoft.com | 80 |
192.168.122.202 | 49164 | 202.89.233.100 www.bing.com | 80 |
192.168.122.202 | 49165 | 202.89.233.101 www.bing.com | 80 |
192.168.122.202 | 49168 | 23.198.128.9 support.microsoft.com | 80 |
192.168.122.202 | 49169 | 23.198.128.9 support.microsoft.com | 443 |
192.168.122.202 | 51761 | 47.88.216.71 | 80 |
192.168.122.202 | 52829 | 47.88.216.71 | 80 |
192.168.122.202 | 49167 | 65.54.226.150 msdn.microsoft.com | 80 |
192.168.122.202 | 49170 | 65.54.226.150 msdn.microsoft.com | 80 |
192.168.122.202 | 51762 | 65.54.226.150 msdn.microsoft.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49866 | 192.168.122.1 | 53 |
192.168.122.202 | 51722 | 192.168.122.1 | 53 |
192.168.122.202 | 56444 | 192.168.122.1 | 53 |
192.168.122.202 | 63596 | 192.168.122.1 | 53 |
192.168.122.202 | 63623 | 192.168.122.1 | 53 |
192.168.122.202 | 64002 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 51760 | 139.59.208.246 | 53 |
192.168.122.202 | 52828 | 139.59.208.246 | 53 |
192.168.122.202 | 49166 | 172.231.74.187 go.microsoft.com | 80 |
192.168.122.202 | 49164 | 202.89.233.100 www.bing.com | 80 |
192.168.122.202 | 49165 | 202.89.233.101 www.bing.com | 80 |
192.168.122.202 | 49168 | 23.198.128.9 support.microsoft.com | 80 |
192.168.122.202 | 49169 | 23.198.128.9 support.microsoft.com | 443 |
192.168.122.202 | 51761 | 47.88.216.71 | 80 |
192.168.122.202 | 52829 | 47.88.216.71 | 80 |
192.168.122.202 | 49167 | 65.54.226.150 msdn.microsoft.com | 80 |
192.168.122.202 | 49170 | 65.54.226.150 msdn.microsoft.com | 80 |
192.168.122.202 | 51762 | 65.54.226.150 msdn.microsoft.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49866 | 192.168.122.1 | 53 |
192.168.122.202 | 51722 | 192.168.122.1 | 53 |
192.168.122.202 | 56444 | 192.168.122.1 | 53 |
192.168.122.202 | 63596 | 192.168.122.1 | 53 |
192.168.122.202 | 63623 | 192.168.122.1 | 53 |
192.168.122.202 | 64002 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://www.bing.com/ | GET / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.bing.com |
URL专业沙箱检测 -> http://cn.bing.com/ | GET / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: cn.bing.com |
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=133405 | POST /fwlink/?LinkId=133405 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Length: 42 Host: go.microsoft.com |
URL专业沙箱检测 -> http://msdn.microsoft.com/vstudio | GET /vstudio HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: msdn.microsoft.com |
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=286133 | POST /fwlink/?LinkId=286133 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Length: 42 Host: go.microsoft.com |
URL专业沙箱检测 -> http://support.microsoft.com/ | GET / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: support.microsoft.com |
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=133405 | POST /fwlink/?LinkId=133405 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Length: 79 Host: go.microsoft.com |
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=286133 | POST /fwlink/?LinkId=286133 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Length: 124 Host: go.microsoft.com |
URL专业沙箱检测 -> http://bbank.bit/ | POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded Host: bbank.bit User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Length: 63 |
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=286133 | POST /fwlink/?LinkId=286133 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Length: 138 Host: go.microsoft.com |
URL专业沙箱检测 -> http://go.microsoft.com/fwlink/?LinkId=133405 | POST /fwlink/?LinkId=133405 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Content-Length: 145 Host: go.microsoft.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2017-12-15 11:33:23.948250+0800 | 192.168.122.202 | 49166 | 172.231.74.187 | 80 | TCP | 2022124 | ET TROJAN Sharik/Smoke Loader Microsoft Connectivity Check | A Network Trojan was detected |
2017-12-15 11:33:28.753058+0800 | 192.168.122.202 | 49166 | 172.231.74.187 | 80 | TCP | 2022124 | ET TROJAN Sharik/Smoke Loader Microsoft Connectivity Check | A Network Trojan was detected |
2017-12-15 11:33:34.618636+0800 | 192.168.122.202 | 49166 | 172.231.74.187 | 80 | TCP | 2022124 | ET TROJAN Sharik/Smoke Loader Microsoft Connectivity Check | A Network Trojan was detected |
2017-12-15 11:33:38.456249+0800 | 192.168.122.202 | 49166 | 172.231.74.187 | 80 | TCP | 2022124 | ET TROJAN Sharik/Smoke Loader Microsoft Connectivity Check | A Network Trojan was detected |
2017-12-15 11:33:44.072260+0800 | 192.168.122.202 | 49166 | 172.231.74.187 | 80 | TCP | 2022124 | ET TROJAN Sharik/Smoke Loader Microsoft Connectivity Check | A Network Trojan was detected |
2017-12-15 11:33:52.184246+0800 | 192.168.122.202 | 49166 | 172.231.74.187 | 80 | TCP | 2022124 | ET TROJAN Sharik/Smoke Loader Microsoft Connectivity Check | A Network Trojan was detected |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2017-12-15 11:33:29.286032+0800 | 192.168.122.202 | 49169 | 23.198.128.9 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA2 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=support.microsoft.com | 80:4d:37:e9:f9:23:3e:ba:d7:5b:e8:af:cc:63:a6:38:b5:1e:69:fa |
No Suricata HTTP
文件名 | jeetbsrj.exe |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\dviwsasf\jeetbsrj.exe
|
文件大小 | 215040 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 1c8bc73dcd85cb6bdece3c05e74a1887 |
SHA1 | 05c6dd41dec0fb4eca39a32970e341b96b53c4af |
SHA256 | 291ed3b7c84c59637a0ee2c4b51b7c46695cbe97d0c40c5881e6ffb1c08e3f89 |
CRC32 | 294E131E |
Ssdeep | 3072:j/Xb8YZDjwbseaXdQbMUPbUJl/9siaYNBGrxK0itljcs:j/Xb8YZDjBXdQAUbGnaG0E0iTP |
下载 提交魔盾安全分析 |
文件名 | dviwsasf |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\dviwsasf\dviwsasf
|
文件大小 | 13889 字节 |
文件类型 | data |
MD5 | e260288041bb406f47075e139a557269 |
SHA1 | 03c6783befa9ada27c27c1fdc20131044b6bdd30 |
SHA256 | 9578ca3dbfc04c977bb7776f62b866a0f8b310ccfe1f781474ecc6003f5f6caa |
CRC32 | FB23F8B3 |
Ssdeep | 384:LyYKagaO3yvZ59XzroDMQ5coVZfNNIzc1j3:LqZyvZXoDMQ6oz2c1z |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 122594 |
---|---|
Mongo ID | 5a334354a093ef4c8fb59197 |
Cuckoo release | 1.4-Maldun |