比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-1 2017-12-15 20:53:31 2017-12-15 20:55:51 140 秒

魔盾分数

5.2

可疑的

文件详细信息

文件名 坎巴拉太空计划.exe
文件大小 3207832 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 6914adf7190949c74c016e1ed8357e17
SHA1 3c2f11ee36970372a18338aa08296ab101defb81
SHA256 84a9222a1722fb5bcefdb8077b05553b811901e972005adfc245cec8bbd8685c
SHA512 fc63d1e8ccf1e195221d394d12df7b7c44cfd126b4c9c43f7fcab5ce3daabbb5615eb93cc02dfef87a6bdeb74939a4e2ca32cc6ddd5f227f7e4a2ecb93b5a44a
CRC32 7DC9FEB2
Ssdeep 98304:a0CLNCw9cNRkkt2ui91nYma/bZFmIMVB:aBNz9ykkwD9ra/j/
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.192.110.216 美国
111.206.66.61 中国
112.74.72.71 中国
123.56.64.121 中国
123.57.50.145 中国
180.163.251.149 中国
182.140.227.162 中国
36.110.213.84 未知 中国
42.120.217.87 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ocsp.startssl.com A 104.192.110.216
crl.startssl.com A 111.206.66.61
ocsp.wosign.com A 180.163.251.149
A 36.110.213.84
A 125.88.193.179
crls.wosign.com A 182.140.227.162
CNAME 5e632e13b6d2a645.360safedns.com
ocsp1.wosign.com 未知
crls1.wosign.com CNAME 3f7d16b3e55bcb4c.360safedns.com
box.hf-game.com 未知 A 123.57.50.145
ext.gdatacube.net 未知 A 123.56.64.121
A 112.74.72.71
hfgame.aliapp.com 未知 A 42.120.217.87

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x0040323c
声明校验值 0x0031ead7
实际校验值 0x0031ead7
最低操作系统版本要求 4.0
编译时间 2009-12-06 06:50:46
载入哈希 099c0646ea7282d232219f8807883be0
图标
图标精确哈希值 e51d6dcfcc1bf1d69f16316a804dcda9
图标相似性哈希值 a8b55c821312c7fe3cf49c4d24894a04

版本信息

LegalCopyright
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
5cd54d0aa36f5a0c22f41281311560aa756467e9 Fri Jul 15 18:28:55 2016
证书链 Certificate Chain 1
发行给 StartCom Certification Authority
发行人 StartCom Certification Authority
有效期 Thu Sep 18 034636 2036
SHA1 哈希 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f
证书链 Certificate Chain 2
发行给 Certification Authority of WoSign
发行人 StartCom Certification Authority
有效期 Wed Jan 01 075959 2020
SHA1 哈希 b0b68ae97cfe2afacd0dc2010b9d70ace593e8a6
证书链 Certificate Chain 3
发行给 WoSign Class 3 Code Signing CA
发行人 Certification Authority of WoSign
有效期 Sun Aug 08 090001 2027
SHA1 哈希 13fa85c20c13b4c71f211f3fc1a841a78c5b979b
证书链 Certificate Chain 4
发行给
发行人 WoSign Class 3 Code Signing CA
有效期 Mon Aug 12 133528 2019
SHA1 哈希 0cf64dd12712e52abc18012bbd2fe649c78fafa3
证书链 Timestamp Chain 1
发行给 StartCom Certification Authority
发行人 StartCom Certification Authority
有效期 Thu Sep 18 034636 2036
SHA1 哈希 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f
证书链 Timestamp Chain 2
发行给 Certification Authority of WoSign
发行人 StartCom Certification Authority
有效期 Wed Jan 01 075959 2020
SHA1 哈希 b0b68ae97cfe2afacd0dc2010b9d70ace593e8a6
证书链 Timestamp Chain 3
发行给 WoSign Time Stamping Services CA G2
发行人 Certification Authority of WoSign
有效期 Tue Apr 08 085858 2025
SHA1 哈希 2e5e6806c71b367f13da195e3656b9bda793c5c6
证书链 Timestamp Chain 4
发行给 WoSign Time Stamping Signer G2
发行人 WoSign Time Stamping Services CA G2
有效期 Sat Apr 08 090005 2023
SHA1 哈希 390096c49ce243ebeecfd23c43ff7feb36e9c8f1

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00005a5a 0x00005c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.42
.rdata 0x00007000 0x00001190 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.18
.data 0x00009000 0x0001af98 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.71
.ndata 0x00024000 0x00008000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x0002c000 0x000082d0 0x00008400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.66

覆盖

偏移量 0x0000fa00
大小 0x002ff898

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x00032a08 0x000010a8 LANG_ENGLISH SUBLANG_ENGLISH_US 6.66 data
RT_ICON 0x00032a08 0x000010a8 LANG_ENGLISH SUBLANG_ENGLISH_US 6.66 data
RT_ICON 0x00032a08 0x000010a8 LANG_ENGLISH SUBLANG_ENGLISH_US 6.66 data
RT_DIALOG 0x00033cd0 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_DIALOG 0x00033cd0 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_DIALOG 0x00033cd0 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_GROUP_ICON 0x00033d30 0x00000030 LANG_ENGLISH SUBLANG_ENGLISH_US 2.52 MS Windows icon resource - 3 icons, 32x32
RT_VERSION 0x00033d60 0x00000294 LANG_ENGLISH SUBLANG_ENGLISH_US 3.90 data
RT_MANIFEST 0x00033ff8 0x000002d7 LANG_ENGLISH SUBLANG_ENGLISH_US 5.20 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: KERNEL32.dll:
0x407060 CompareFileTime
0x407064 SearchPathA
0x407068 GetShortPathNameA
0x40706c GetFullPathNameA
0x407070 MoveFileA
0x407078 GetFileAttributesA
0x40707c GetLastError
0x407080 CreateDirectoryA
0x407084 SetFileAttributesA
0x407088 Sleep
0x40708c GetTickCount
0x407090 CreateFileA
0x407094 GetFileSize
0x407098 GetModuleFileNameA
0x40709c GetCurrentProcess
0x4070a0 CopyFileA
0x4070a4 ExitProcess
0x4070a8 SetFileTime
0x4070ac GetTempPathA
0x4070b0 GetCommandLineA
0x4070b4 SetErrorMode
0x4070b8 LoadLibraryA
0x4070bc lstrcpynA
0x4070c0 GetDiskFreeSpaceA
0x4070c4 GlobalUnlock
0x4070c8 GlobalLock
0x4070cc CreateThread
0x4070d0 CreateProcessA
0x4070d4 RemoveDirectoryA
0x4070d8 GetTempFileNameA
0x4070dc lstrlenA
0x4070e0 lstrcatA
0x4070e4 GetSystemDirectoryA
0x4070e8 GetVersion
0x4070ec CloseHandle
0x4070f0 lstrcmpiA
0x4070f4 lstrcmpA
0x4070fc GlobalFree
0x407100 GlobalAlloc
0x407104 WaitForSingleObject
0x407108 GetExitCodeProcess
0x40710c GetModuleHandleA
0x407110 LoadLibraryExA
0x407114 GetProcAddress
0x407118 FreeLibrary
0x40711c MultiByteToWideChar
0x407128 WriteFile
0x40712c ReadFile
0x407130 MulDiv
0x407134 SetFilePointer
0x407138 FindClose
0x40713c FindNextFileA
0x407140 FindFirstFileA
0x407144 DeleteFileA
库: USER32.dll:
0x40716c EndDialog
0x407170 ScreenToClient
0x407174 GetWindowRect
0x407178 EnableMenuItem
0x40717c GetSystemMenu
0x407180 SetClassLongA
0x407184 IsWindowEnabled
0x407188 SetWindowPos
0x40718c GetSysColor
0x407190 GetWindowLongA
0x407194 SetCursor
0x407198 LoadCursorA
0x40719c CheckDlgButton
0x4071a0 GetMessagePos
0x4071a4 LoadBitmapA
0x4071a8 CallWindowProcA
0x4071ac IsWindowVisible
0x4071b0 CloseClipboard
0x4071b4 SetClipboardData
0x4071b8 EmptyClipboard
0x4071bc RegisterClassA
0x4071c0 TrackPopupMenu
0x4071c4 AppendMenuA
0x4071c8 CreatePopupMenu
0x4071cc GetSystemMetrics
0x4071d0 SetDlgItemTextA
0x4071d4 GetDlgItemTextA
0x4071d8 MessageBoxIndirectA
0x4071dc CharPrevA
0x4071e0 DispatchMessageA
0x4071e4 PeekMessageA
0x4071e8 DestroyWindow
0x4071ec CreateDialogParamA
0x4071f0 SetTimer
0x4071f4 SetWindowTextA
0x4071f8 PostQuitMessage
0x4071fc SetForegroundWindow
0x407200 wsprintfA
0x407204 SendMessageTimeoutA
0x407208 FindWindowExA
0x407210 CreateWindowExA
0x407214 GetClassInfoA
0x407218 DialogBoxParamA
0x40721c CharNextA
0x407220 OpenClipboard
0x407224 ExitWindowsEx
0x407228 IsWindow
0x40722c GetDlgItem
0x407230 SetWindowLongA
0x407234 LoadImageA
0x407238 GetDC
0x40723c EnableWindow
0x407240 InvalidateRect
0x407244 SendMessageA
0x407248 DefWindowProcA
0x40724c BeginPaint
0x407250 GetClientRect
0x407254 FillRect
0x407258 DrawTextA
0x40725c EndPaint
0x407260 ShowWindow
库: GDI32.dll:
0x40703c SetBkColor
0x407040 GetDeviceCaps
0x407044 DeleteObject
0x407048 CreateBrushIndirect
0x40704c CreateFontIndirectA
0x407050 SetBkMode
0x407054 SetTextColor
0x407058 SelectObject
库: SHELL32.dll:
0x407154 SHBrowseForFolderA
0x407158 SHGetFileInfoA
0x40715c ShellExecuteA
0x407160 SHFileOperationA
库: ADVAPI32.dll:
0x407000 RegQueryValueExA
0x407004 RegSetValueExA
0x407008 RegEnumKeyA
0x40700c RegEnumValueA
0x407010 RegOpenKeyExA
0x407014 RegDeleteKeyA
0x407018 RegDeleteValueA
0x40701c RegCloseKey
0x407020 RegCreateKeyExA
库: COMCTL32.dll:
0x407028 ImageList_AddMasked
0x40702c ImageList_Destroy
0x407030 None
0x407034 ImageList_Create
库: ole32.dll:
0x407278 CoTaskMemFree
0x40727c OleInitialize
0x407280 OleUninitialize
0x407284 CoCreateInstance
库: VERSION.dll:
0x40726c GetFileVersionInfoA
0x407270 VerQueryValueA
.text
`.rdata
@.data
.ndata
.rsrc
Phts@
v95LpA
#Vh;+@
WhPpA
WhPpA
ihE:@
u49-,?B
9-l6B
9-l6B
9-,?B
9-,?B
9-,?B
9- ?B
9-l6B
9-x6B
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
~nsu.tmp
\Temp
NSIS Error
%u.%u%s%s
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
GetUserDefaultUILanguage
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyExA
ADVAPI32
MoveFileExA
GetDiskFreeSpaceExA
KERNEL32
*?|<>/":
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>
"4]ZrsF
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
VS_VERSION_INFO
StringFileInfo
04090000
Comments
CompanyName
FileDescription
FileVersion
2.0.3.31
LegalCopyright
LegalTrademarks
ProductName
ProductVersion
2.0.3.31
VarFileInfo
Translation
没有防病毒引擎扫描信息!

进程树

_____________________.exe, PID: 1584, 上一级进程 PID: 300
HuofengGameWorld.exe, PID: 2100, 上一级进程 PID: 1584
HuofengGameWorld.exe, PID: 2236, 上一级进程 PID: 1584
HuofengGameWorld.exe, PID: 2376, 上一级进程 PID: 1584
HuofengGameWorld.exe, PID: 2500, 上一级进程 PID: 1584
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.192.110.216 美国
111.206.66.61 中国
112.74.72.71 中国
123.56.64.121 中国
123.57.50.145 中国
180.163.251.149 中国
182.140.227.162 中国
36.110.213.84 未知 中国
42.120.217.87 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 104.192.110.216 ocsp.startssl.com 80
192.168.122.201 49159 111.206.66.61 crl.startssl.com 80
192.168.122.201 49183 112.74.72.71 ext.gdatacube.net 80
192.168.122.201 49192 112.74.72.71 ext.gdatacube.net 80
192.168.122.201 49172 123.57.50.145 box.hf-game.com 80
192.168.122.201 49186 123.57.50.145 box.hf-game.com 80
192.168.122.201 49162 180.163.251.149 ocsp.wosign.com 80
192.168.122.201 49161 182.140.227.162 crls.wosign.com 80
192.168.122.201 49163 182.140.227.162 crls.wosign.com 80
192.168.122.201 49160 36.110.213.84 ocsp.wosign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49230 192.168.122.1 53
192.168.122.201 51023 192.168.122.1 53
192.168.122.201 51070 192.168.122.1 53
192.168.122.201 52576 192.168.122.1 53
192.168.122.201 59418 192.168.122.1 53
192.168.122.201 59795 192.168.122.1 53
192.168.122.201 61817 192.168.122.1 53
192.168.122.201 62669 192.168.122.1 53
192.168.122.201 64810 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ocsp.startssl.com A 104.192.110.216
crl.startssl.com A 111.206.66.61
ocsp.wosign.com A 180.163.251.149
A 36.110.213.84
A 125.88.193.179
crls.wosign.com A 182.140.227.162
CNAME 5e632e13b6d2a645.360safedns.com
ocsp1.wosign.com 未知
crls1.wosign.com CNAME 3f7d16b3e55bcb4c.360safedns.com
box.hf-game.com 未知 A 123.57.50.145
ext.gdatacube.net 未知 A 123.56.64.121
A 112.74.72.71
hfgame.aliapp.com 未知 A 42.120.217.87

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 104.192.110.216 ocsp.startssl.com 80
192.168.122.201 49159 111.206.66.61 crl.startssl.com 80
192.168.122.201 49183 112.74.72.71 ext.gdatacube.net 80
192.168.122.201 49192 112.74.72.71 ext.gdatacube.net 80
192.168.122.201 49172 123.57.50.145 box.hf-game.com 80
192.168.122.201 49186 123.57.50.145 box.hf-game.com 80
192.168.122.201 49162 180.163.251.149 ocsp.wosign.com 80
192.168.122.201 49161 182.140.227.162 crls.wosign.com 80
192.168.122.201 49163 182.140.227.162 crls.wosign.com 80
192.168.122.201 49160 36.110.213.84 ocsp.wosign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49230 192.168.122.1 53
192.168.122.201 51023 192.168.122.1 53
192.168.122.201 51070 192.168.122.1 53
192.168.122.201 52576 192.168.122.1 53
192.168.122.201 59418 192.168.122.1 53
192.168.122.201 59795 192.168.122.1 53
192.168.122.201 61817 192.168.122.1 53
192.168.122.201 62669 192.168.122.1 53
192.168.122.201 64810 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://ocsp.startssl.com/ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICBxnChTDpOzY%3D 
GET /ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICBxnChTDpOzY%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.startssl.com
URL专业沙箱检测 -> http://ocsp.startssl.com/ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICBxnChTDpOzY%3D 
GET /ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICBxnChTDpOzY%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.startssl.com
URL专业沙箱检测 -> http://crl.startssl.com/sfsca.crl 
GET /sfsca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.startssl.com
URL专业沙箱检测 -> http://ocsp.wosign.com/ca/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBS123LceJQIOu0H42J9h%2FERhahaJAQU4WbPDtHxs0u3BiAU%2FocS1fb%2B%2Bz4CBBlt%2BKc%3D 
GET /ca/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBS123LceJQIOu0H42J9h%2FERhahaJAQU4WbPDtHxs0u3BiAU%2FocS1fb%2B%2Bz4CBBlt%2BKc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.wosign.com
URL专业沙箱检测 -> http://ocsp.wosign.com/ca/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBS123LceJQIOu0H42J9h%2FERhahaJAQU4WbPDtHxs0u3BiAU%2FocS1fb%2B%2Bz4CBBlt%2BKc%3D 
GET /ca/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBS123LceJQIOu0H42J9h%2FERhahaJAQU4WbPDtHxs0u3BiAU%2FocS1fb%2B%2Bz4CBBlt%2BKc%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.wosign.com
URL专业沙箱检测 -> http://crls.wosign.com/ca.crl 
GET /ca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crls.wosign.com
URL专业沙箱检测 -> http://ocsp1.wosign.com/class3/code/ca1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTqEnJhU5dFi16HHVA7etSPSTXCygQU9QKqS9PgGo53UNYau%2BvfuYNwsE4CEEy2r8T7GgTNfXztZkfbYE4%3D 
GET /class3/code/ca1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTqEnJhU5dFi16HHVA7etSPSTXCygQU9QKqS9PgGo53UNYau%2BvfuYNwsE4CEEy2r8T7GgTNfXztZkfbYE4%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp1.wosign.com
URL专业沙箱检测 -> http://ocsp1.wosign.com/class3/code/ca1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTqEnJhU5dFi16HHVA7etSPSTXCygQU9QKqS9PgGo53UNYau%2BvfuYNwsE4CEEy2r8T7GgTNfXztZkfbYE4%3D 
GET /class3/code/ca1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTqEnJhU5dFi16HHVA7etSPSTXCygQU9QKqS9PgGo53UNYau%2BvfuYNwsE4CEEy2r8T7GgTNfXztZkfbYE4%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp1.wosign.com
URL专业沙箱检测 -> http://crls1.wosign.com/ca1-code-3.crl 
GET /ca1-code-3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crls1.wosign.com
URL专业沙箱检测 -> http://box.hf-game.com/api/ip.jsp 
GET /api/ip.jsp HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: box.hf-game.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://ext.gdatacube.net/dc/rest/online?appId=82198C19A0EEFE02E43DC98A726FBA67&appVersion=2.0.3.31&accountId=4B4C784466BB5BB652FD7A6744809721&platform=3&gameRegion=SG&channel=sgpc&accountType=0&mac=52:54:00:F9:C6:64&imei=4B4C784466BB5BB652FD7A6744809721&gender=0&resolution=800*600&osVersion=6.1.7601&brand=&language=CHS&netType=3&ip=180.173.36.83&loginTime=1502978045&onlineTime=0 
GET /dc/rest/online?appId=82198C19A0EEFE02E43DC98A726FBA67&appVersion=2.0.3.31&accountId=4B4C784466BB5BB652FD7A6744809721&platform=3&gameRegion=SG&channel=sgpc&accountType=0&mac=52:54:00:F9:C6:64&imei=4B4C784466BB5BB652FD7A6744809721&gender=0&resolution=800*600&osVersion=6.1.7601&brand=&language=CHS&netType=3&ip=180.173.36.83&loginTime=1502978045&onlineTime=0 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ext.gdatacube.net
Connection: Keep-Alive
URL专业沙箱检测 -> http://box.hf-game.com/api/gameinfo.jsp?category=5&sp=gameid:6912001383065138309&req_from=api&resulttype=xml&qd=sgpc 
GET /api/gameinfo.jsp?category=5&sp=gameid:6912001383065138309&req_from=api&resulttype=xml&qd=sgpc HTTP/1.1
User-Agent: Hfgame
Host: box.hf-game.com
Cache-Control: no-cache
URL专业沙箱检测 -> http://ext.gdatacube.net/dc/rest/online?appId=82198C19A0EEFE02E43DC98A726FBA67&appVersion=2.0.3.31&accountId=4B4C784466BB5BB652FD7A6744809721&platform=3&gameRegion=SG&channel=sgpc&accountType=0&mac=52:54:00:F9:C6:64&imei=4B4C784466BB5BB652FD7A6744809721&gender=0&resolution=800*600&osVersion=6.1.7601&brand=&language=CHS&netType=3&ip=180.173.36.83&loginTime=1502978088&onlineTime=0 
GET /dc/rest/online?appId=82198C19A0EEFE02E43DC98A726FBA67&appVersion=2.0.3.31&accountId=4B4C784466BB5BB652FD7A6744809721&platform=3&gameRegion=SG&channel=sgpc&accountType=0&mac=52:54:00:F9:C6:64&imei=4B4C784466BB5BB652FD7A6744809721&gender=0&resolution=800*600&osVersion=6.1.7601&brand=&language=CHS&netType=3&ip=180.173.36.83&loginTime=1502978088&onlineTime=0 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ext.gdatacube.net
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 MiniThunderPlatform.exe
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\MiniThunderPlatform.exe
文件大小 268744 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 e2e9483568dc53f68be0b80c34fe27fb
SHA1 8919397fcc5ce4f91fe0dc4e6f55cea5d39e4bb9
SHA256 205c40f2733ba3e30cc538adc6ac6ee46f4c84a245337a36108095b9280abb37
CRC32 D621E075
Ssdeep 6144:ePH9aqri3YL1Avg3NloWPxFL8QL2Ma8tvT0ecR:eP4qri3YL1Avg3NloWPTnL2f3x
魔盾安全分析结果 0.3分析时间:2016-08-26 17:02:13查看分析报告
下载提交魔盾安全分析
文件名 msvcp71.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\msvcp71.dll
文件大小 503808 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a94dc60a90efd7a35c36d971e3ee7470
SHA1 f936f612bc779e4ba067f77514b68c329180a380
SHA256 6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9
CRC32 4029812E
Ssdeep 12288:b692dAsfQqt4oJcRYRhUgiW6QR7t5k3Ooc8iHkC2ek:bSYACJcRYe3Ooc8iHkC2e
魔盾安全分析结果 2.0分析时间:2016-05-28 15:07:08查看分析报告
下载提交魔盾安全分析
文件名 config.dat
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\config.dat
文件大小 393 字节
文件类型 UTF-8 Unicode text, with CRLF line terminators
MD5 74763b466651a9f061464bf3da5b7707
SHA1 c8ed4bc93bbbbcd5025eec9d31c7091146fbf422
SHA256 258bcf86763cceb3e535f1d6422d8b2ba8f99a72af0843027ea54df12e7697db
CRC32 4CB6F28F
Ssdeep 12:GEbMkZcRTSIZR+cRTqp7cRT+PL99pRL99WRaC:cRRmIZRbRyYRCPLnHLuwC
下载提交魔盾安全分析显示文本 
{
"updateHost":"hfgame.aliapp.com",
"updatePath":"/api/update.jsp",
"updatePort":80,
"homeUrl":"http://box.hf-game.com/api/home.jsp",
"gameLibUrl":"http://box.hf-game.com/api/gamelib.jsp",
"navigateUrl":"http://box.hf-game.com/api/navigate.jsp",
"navigateHost":"box.hf-game.com",
"navigatePath":"/api/navigate.jsp",
"navigatePort":80,
"apiHost":"box.hf-game.com",
"test":"\xe4\xb8\xad\xe6\x96\x87"
}
文件名 hfgwupdate.exe
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\hfgwupdate.exe
文件大小 684208 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7500395f2c1353c49ba2ebf8b5a85546
SHA1 ef0cb174a919d92ce743d7e11e88c84eca19c620
SHA256 44e2c30372e3563f47b0dda78b8db697b8aa2270633437acb927478cb35073e7
CRC32 A5977219
Ssdeep 12288:15UpeVxh/w3P3bl2Px5wEDVdSha16znPYAKdVRB5fFfkE7Z:15Upec0Px5w0Oha1BAKf5NfH7Z
下载提交魔盾安全分析
文件名 MiniTPFw.exe
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\MiniTPFw.exe
文件大小 59848 字节
文件类型 PE32 executable (console) Intel 80386, for MS Windows
MD5 58bb62e88687791ad2ea5d8d6e3fe18b
SHA1 0ffb029064741d10c9cf3f629202aa97167883de
SHA256 f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100
CRC32 0E23C82A
Ssdeep 768:BSODywYihzSrVPdQsNruuGYOLO3NNkFlBi1jSZIfjeGdJARt03juFGu:BSKywYDdQsQuG5L27Ui1SPRt0qf
魔盾安全分析结果 3.3分析时间:2016-08-26 17:02:18查看分析报告
下载提交魔盾安全分析
文件名 setting.dat
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\setting\setting.dat
文件大小 530 字节
文件类型 UTF-8 Unicode text, with CRLF line terminators
MD5 e759313e404abf86e930b2abdc262ea3
SHA1 b9d816d9b56ae0f2356f3f899285d338ae24ffe1
SHA256 13a9660b3115924ee645f8088a344e524d699179f4be201078ea849997d6b9f9
CRC32 A6277AF1
Ssdeep 12:NCTR5o7Zu85o7NzmoJIZ935h8eD5o7Fequ85o7dzmoJQEFvhIVy:NCTUAVJIZ9vWUtlKEtmM
下载提交魔盾安全分析显示文本 
{"tabs":
[{"pic":"http://hfgame.aliapp.com/images/gamebox/tab_mygames.png",
"hoverpic":"http://hfgame.aliapp.com/images/gamebox/tab_mygames_hot.png",
"righturl":"http://hfgame.aliapp.com/api/home.jsp",
"isdefault":"true","name":"mygames","cname":"\xe6\x88\x91\xe7\x9a\x84\xe6\xb8\xb8\xe6\x88\x8f"},
{"pic":"http://hfgame.aliapp.com/images/gamebox/tab_gamelib.png",
"hoverpic":"http://hfgame.aliapp.com/images/gamebox/tab_gamelib_hot.png",
"righturl":"http://hfgame.aliapp.com/api/gamelib.jsp",
"isdefault":"false","name":"gamelib","cname":"\xe6\xb8\xb8\xe6\x88\x8f\xe5\xa4\xa7\xe5\x85\xa8"}]}
文件名 atl71.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\atl71.dll
文件大小 89600 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 79cb6457c81ada9eb7f2087ce799aaa7
SHA1 322ddde439d9254182f5945be8d97e9d897561ae
SHA256 a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a
CRC32 1387F05A
Ssdeep 1536:kIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroV:BtvBOI+FQny5R6nG//SdaZwms
魔盾安全分析结果 2.8分析时间:2016-05-28 14:59:30查看分析报告
下载提交魔盾安全分析
文件名 uninst.exe
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\uninst.exe
文件大小 65349 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 f35e8d1b04ac25dc2c09fadd17785d72
SHA1 78de122ccdc3ddb4e1f08b4911fa122e95a7ffd4
SHA256 8dc05ad7dc560cdc95ad96ac905b560d4f21b78605659b1f2efee28e342d02ad
CRC32 215C92D6
Ssdeep 1536:SQpQ5EP0ijnRTXJgS3G6dnjXqiz4bPrr79sOlPjmiZIptCm:SQIURTXJgv6V6izCPrfuOFlitCm
下载提交魔盾安全分析
文件名 skin.zip
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\skin.zip
文件大小 456019 字节
文件类型 Zip archive data, at least v2.0 to extract
MD5 7f5f26ba449b6205b02230729349ec71
SHA1 a19c5d28281ef641ef96bc542d68a0372bb45db5
SHA256 6f02ecbb1aa8ecb8ff2c3d2bc2aca0d19e246c02c884238afd16b027de6f7d96
CRC32 C401F504
Ssdeep 12288:vFp/N2d/gyxR9oCBL1rH8zSOIzRz0SChpy0UB:vigGPHrGT2R9mFUB
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 f73cb7f99b284144c15c5ba148ed1aa5
SHA1 e05fc35d1fba8250c3114ee8e6e7aaa8a3cb6ddf
SHA256 24f381158dc01265e21692c528dd2db7bc1b158d378696b4ed5071a71386052b
CRC32 2D30E01E
Ssdeep 96:qv3mQd+kxzWCfJC4m8Mnom8SWd9V58SQ8MnBo6o913aORplQNY23y544KlzSbnzt:m3mQd+kxzjl/n9o9KKORplgzy6c
下载提交魔盾安全分析
文件名 sqlite3.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\sqlite3.dll
文件大小 541360 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 d12d28dce936a741dc0e01858f9f8ec4
SHA1 7f04eb55fad0ca0cdf99dabcc00a7eb1634d85c5
SHA256 38832085b72e6bf16fce077ddc848c0f72e9fb6888a13d0d5cd04ee99ce34d5f
CRC32 9234F38A
Ssdeep 12288:VoGlUXWiMO4ESDNZpAiWTfhbpKI29WmyL4DLRmef:VoxMFE4pADXKI2jykwk
下载提交魔盾安全分析
文件名 mygames_hot.png
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\setting\mygames_hot.png
文件大小 1631 字节
文件类型 PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced
MD5 7f7d159e97d63a2e5b1ef6c18869b18c
SHA1 1cb0014172d654a3fc50e21344f8f2f021bba698
SHA256 79abce6749dd99c51dc8c13a9cba57540125df73582176b08d6990758ec09a68
CRC32 562C0BB1
Ssdeep 48:mwqQNn2xCtJ39njzaP9GGwSHg5ZKwurKgFJnRKCqf:6Y28Bg9GGwB5YXKg7RK9f
下载提交魔盾安全分析
文件名 download_engine.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\download_engine.dll
文件大小 3512776 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 1a87ff238df9ea26e76b56f34e18402c
SHA1 2df48c31f3b3adb118f6472b5a2dc3081b302d7c
SHA256 abaeb5121548256577ddd8b0fc30c9ff3790649ad6a0704e4e30d62e70a72964
CRC32 5F5020A4
Ssdeep 49152:O/4yyAd2+awsEL4eyiiDoHHPLvQB0o32Qm6m7VBmurXztN:OVrsEcTiiAvLa0oYkuf/
魔盾安全分析结果 2.2分析时间:2016-05-28 15:02:27查看分析报告
下载提交魔盾安全分析
文件名 gamelib_hot.png
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\setting\gamelib_hot.png
文件大小 1930 字节
文件类型 PNG image data, 80 x 80, 8-bit/color RGB, non-interlaced
MD5 428ab0566da92e393025855366022ecd
SHA1 04c3bad9fc7eefa952e9bdd8f8780f47f458c1b7
SHA256 78478d3cb7e8e20e92cea4045b547a931ae0fb36a5a7228d99f4321fa6a1ddb2
CRC32 7E4EBE02
Ssdeep 48:mwqQNn2xNZcFJ3NXRLOEHYgwfYNoG6RckE:6Y248tG6Rcf
下载提交魔盾安全分析
文件名 zlib1.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\zlib1.dll
文件大小 59904 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 89f6488524eaa3e5a66c5f34f3b92405
SHA1 330f9f6da03ae96dfa77dd92aae9a294ead9c7f7
SHA256 bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56
CRC32 0296B7A0
Ssdeep 1536:ZfU1BgfZqvECHUhUMPZVmnToIfxIOjIOG8TI:ZfzfZR2UhUMPZVSTBfbFG6I
魔盾安全分析结果 2.0分析时间:2016-05-28 15:12:18查看分析报告
下载提交魔盾安全分析
文件名 HuofengGameWorld.exe
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\HuofengGameWorld.exe
文件大小 978096 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f034531a701044350969d768a825b60c
SHA1 8763743d1d3e4c8a3cf151de06b34e67cec88465
SHA256 11456913c0f21eeeb78a85ba0e3f6d7e420d1da47774f53c20973ccb89c04584
CRC32 A3BF4482
Ssdeep 24576:af/yTb1kKxB7aQhVWxlvosfW+DwZzOPdF5OFN/wFC5aX:af/gbec7aQme+DwM52+g5aX
下载提交魔盾安全分析
文件名 dl_peer_id.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\dl_peer_id.dll
文件大小 92080 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dba9a19752b52943a0850a7e19ac600a
SHA1 3485ac30cd7340eccb0457bca37cf4a6dfda583d
SHA256 69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26
CRC32 DDA98A20
Ssdeep 1536:5myH1Ar4zLdIoXJED0ySFzyhSU+kcexDCaDRqxAnNQDB:foEZEDDSFzDkce7RqxAnIB
魔盾安全分析结果 2.7分析时间:2016-05-28 14:59:35查看分析报告
下载提交魔盾安全分析
文件名 addfav.swf
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\addfav.swf
文件大小 1419 字节
文件类型 Macromedia Flash data (compressed), version 11
MD5 6885f9e27bda47306556b52890956d98
SHA1 d24bd59fac2b84154b4a07ef4d4ae862513a9e80
SHA256 3abc5da36702acd575466ae5081523d95089c0cd398533cdbc71869b2d01e531
CRC32 72073BA7
Ssdeep 24:Jv72/mZU2q450R/doe7KfGxNoDdXU7NHuRmfOSIR/OCdfYR5BN1bHVioB6J1NB/:JKKVe7HYFl2Cd4NR1iHff
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
文件大小 49152 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 857c9fece35bc24772965af3c6950146
SHA1 34589305537d3bfe816143869b83465d77fe4281
SHA256 5b002207458e75f2032911d3ade90fb72af811ccd3c9e5306c5cd3ad62cb306f
CRC32 5DCE1202
Ssdeep 96:qlz4YvHtz0T+n18+94WTS1vVBfWlW84GvnLGvnbSWicoya64cQkYQkjWCLn9N91O:uz4Vsormvqvbyett
下载提交魔盾安全分析
文件名 IEAux.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\IEAux.dll
文件大小 66224 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 3633de4079190b65d9c1a062db39b882
SHA1 70b6f944a6711b69b8d1a992456dccb3bc2618f2
SHA256 71141a084a6ccc601f9ae32b5a56476854efde219bdad3c4abc93865fb5e611b
CRC32 0731C78E
Ssdeep 1536:syzCRxaBYqBh9W4rdIEYNvdfej3xkqKOZ0+OEU8Fx:syzCDGYqBh9fLYNvdWj3xkqKOZ0EUy
下载提交魔盾安全分析
文件名 \xe5\x9d\x8e\xe5\xb7\xb4\xe6\x8b\x89\xe5\xa4\xaa\xe7\xa9\xba\xe8\xae\xa1\xe5\x88\x92.lnk
相关文件
C:\Users\test\Desktop\\xe5\x9d\x8e\xe5\xb7\xb4\xe6\x8b\x89\xe5\xa4\xaa\xe7\xa9\xba\xe8\xae\xa1\xe5\x88\x92.lnk
文件大小 2147 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Thu Dec 10 10:03:00 2015, mtime=Thu Aug 17 04:53:41 2017, atime=Thu Dec 10 10:03:00 2015, length=978096, window=hide
MD5 bd545f06581514832ca3b51ab06b9d6e
SHA1 4fac4f5d39c8bec804b4953f619fce227f8dff32
SHA256 a3714cfa5e61d1a4941855b62d08f612286c396b5e67f8d7b78d9fa930dbeceb
CRC32 7BC288F6
Ssdeep 48:8Mz9xzRbg05xl+yLM7hOiZ55siqM7hWFZI:8kNbwdsMM0
下载提交魔盾安全分析
文件名 msvcp100.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\msvcp100.dll
文件大小 421200 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 e3c817f7fe44cc870ecdbcbc3ea36132
SHA1 2ada702a0c143a7ae39b7de16a4b5cc994d2548b
SHA256 d769fafa2b3232de9fa7153212ba287f68e745257f1c00fafb511e7a02de7adf
CRC32 2492E74F
Ssdeep 12288:zNb8zxr1aWPaHX7dGP57rhUgiW6QR7t5qv3Ooc8UHkC2ejGH:zNb8Fpa6aHX7dGP5Kv3Ooc8UHkC2eKH
下载提交魔盾安全分析
文件名 game.ico
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\gamedata\6912001383065138309\game.ico
文件大小 30894 字节
文件类型 MS Windows icon resource - 3 icons, 32x32
MD5 f15ee68e7ac612749a6483c3fded608b
SHA1 ac0bcefb1079b8419925bf781c9b350cbbb47dba
SHA256 03f4ccc5d39737b599354a0ab3640c2d34758b9854d1c4247cc2a1a48f4e0905
CRC32 7862FF33
Ssdeep 768:sY726e+wGy76lP0C5msBZhEfS8xTdWGlEdno8dXz2iz4QkPrrdQKu6:sp7OlPjmiZOfS3G6dnjXqiz4bPrr79
下载提交魔盾安全分析
文件名 xldl.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\xldl.dll
文件大小 293320 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 208662418974bca6faab5c0ca6f7debf
SHA1 db216fc36ab02e0b08bf343539793c96ba393cf1
SHA256 a7427f58e40c131e77e8a4f226db9c772739392f3347e0fce194c44ad8da26d5
CRC32 D27D783C
Ssdeep 6144:qUWWnyka1c7u2SbdYUUvZjWj9gj0U+zlVKy5:qvKa+7u7bqUoZjW5gj0U+z+Y
魔盾安全分析结果 2.8分析时间:2016-11-16 20:04:13查看分析报告
下载提交魔盾安全分析
文件名 \xe7\xbd\x91\xe9\xa1\xb5\xe6\xb8\xb8\xe6\x88\x8f\xe5\xa4\xa7\xe5\x85\xa8.url
相关文件
C:\Users\test\Desktop\\xe7\xbd\x91\xe9\xa1\xb5\xe6\xb8\xb8\xe6\x88\x8f\xe5\xa4\xa7\xe5\x85\xa8.url
文件大小 118 字节
文件类型 data
MD5 dac163882bbab455b77f3902e86b1faa
SHA1 ba285c6e4e3a8e82b5a249bf1f42b78dab8c504c
SHA256 e1b31175a90c55108edcb8b369127c1bced3bf0881db50a218d210d91f7447ef
CRC32 5692AD2D
Ssdeep 3:8uRkiglZlo15gaJal+TlcQlwXK49:7glZyhJaelcQlwaG
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
文件大小 245760 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 1ab211ab0a818222569880ed2b390e19
SHA1 cd0468efa8ffd1912ccce520adc9e11e8b1062f6
SHA256 32c5d1b0c8e70911a647238719cc509b1f962f25cf5d12e302d13188e6fb5244
CRC32 3069E4EF
Ssdeep 3072:fEUyC4qbEMHeTbVNYSOKFP33/TxxQ0UjXV:1wqnHeTbVNYfKFP33/
下载提交魔盾安全分析
文件名 msvcr71.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\msvcr71.dll
文件大小 348160 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 ca2f560921b7b8be1cf555a5a18d54c3
SHA1 432dbcf54b6f1142058b413a9d52668a2bde011d
SHA256 c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb
CRC32 F83AD7CD
Ssdeep 6144:cPlV59g81QWguohIP/siMbo8Crn2zzwRFMciFMNrb3YgxS3bCAO5kkG:OlVvN1QWguohInJDrn8zwNF7eCr
魔盾安全分析结果 2.8分析时间:2016-05-28 15:07:32查看分析报告
下载提交魔盾安全分析
文件名 msvcr100.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\msvcr100.dll
文件大小 773968 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 bf38660a9125935658cfa3e53fdc7d65
SHA1 0b51fb415ec89848f339f8989d323bea722bfd70
SHA256 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
CRC32 14EE1F12
Ssdeep 12288:yMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BV0eAI:dmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV4I
下载提交魔盾安全分析
文件名 \xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c.lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c\\xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c.lnk
文件大小 1125 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Dec 10 10:03:00 2015, mtime=Thu Aug 17 04:53:41 2017, atime=Thu Dec 10 10:03:00 2015, length=978096, window=hide
MD5 8e0c41e575c55895941e1763451374eb
SHA1 0884e069ab2f4a23781bae91259ebafb5c40604f
SHA256 b426b376383b78faccb4fcff26852103e3f0b4df0e315a4addba9125cabc690f
CRC32 F23550CD
Ssdeep 12:8muonnzc064c0CrXJWCARyzA7kihEjAQ105c41V3jl1Q1V8wua4t2YZqI0GX6Qn+:8mLzcaxEX4R89AQ105bpqk6qhniynYl
下载提交魔盾安全分析
文件名 gamelib.png
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\setting\gamelib.png
文件大小 2714 字节
文件类型 PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
MD5 f1cd23cec1ad277e34214d8c7458c226
SHA1 0c3fa5144536b02657276377989cfb36d4c235de
SHA256 2ca40d953b3df2cb71ad3c649af7da3ef47878d0b647aaf803c4080ca292a797
CRC32 FB145C31
Ssdeep 48:ZwqQNn2xwJ3VJc0ssOoqMQV4L9+rXLggPI1Jxbpc48jtyXhSe:XY26JTsstqMQVQsbI1JRpcDsSe
下载提交魔盾安全分析
文件名 \xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c.lnk
相关文件
C:\Users\test\Desktop\\xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c.lnk
C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\\xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c.lnk
C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\\xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c.lnk
文件大小 1129 字节
文件类型 MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Thu Dec 10 10:03:00 2015, mtime=Thu Aug 17 04:53:41 2017, atime=Thu Dec 10 10:03:00 2015, length=978096, window=hide
MD5 87a7bfd5ddaed1fc5f2ce5b98eb81598
SHA1 11dac600655cc2da597ca4ff14d70b879a83bed8
SHA256 3d2d9de5c60252a8a0a41ccd6763bc4ba40f7be248877f7a492f4c26bd9f7799
CRC32 E74B86A0
Ssdeep 12:87onnzc064c0CrXJWCARyzA7kihEjAQ105MQ1V3jl1Q1VE8bwua4t2YZqI0GX6Q+:8MzcaxEX4R89AQ105xpqJ6qhniynYl
下载提交魔盾安全分析
文件名 putdesktop.swf
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\putdesktop.swf
文件大小 1329 字节
文件类型 Macromedia Flash data (compressed), version 11
MD5 0571ba1275604adf5d704104a00d51be
SHA1 af308ba7bd8bfa9adfe95985bcdb4301136fbc4c
SHA256 d4a196da49c78668a36749c868e30759dc8e56d5b8f8c613f864700cd0533ade
CRC32 56CB168D
Ssdeep 24:71OU35IrZGklbCkthl5ugKgKrHwvNYzACWdXKq4nA59E94/w5RwFDKFs6yU:7nRk3thrugKXHwvSoXKJA//owDQwU
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析
文件名 hfg7416.tmp
相关文件
C:\Users\test\AppData\Local\Temp\hfg7416.tmp
文件大小 2708 字节
文件类型 ISO-8859 text, with very long lines, with no line terminators
MD5 8197118a4f423c75d35a188efdd1be38
SHA1 d02d5e61bafa623f53f48bc5281078e55ddcb8a9
SHA256 3a607eb1a5a50b641f5791d5b8a8aa9b569b69e06d8fbd482f43717336c05cea
CRC32 FAFFFAD2
Ssdeep 48:FCL5cwHLLYsLCfp8kDbrgtQ7+fm5gsCI80wmEzFs6LadBq+BP3FOBSQp+CGyaKsV:AL3H+pRD3AQCfFBzFsqadBjB/kBvpcH1
下载提交魔盾安全分析
文件名 id.dat
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\id.dat
文件大小 40 字节
文件类型 ASCII text, with CRLF line terminators
MD5 857163e2b17e92232efe030f677668a1
SHA1 9ff8f6aa92b696d062f691010066c798a55d4367
SHA256 a6bbbc4ff398ac6b25b7038ea6d1729e40905c4d1e91742f2f301c916679b54c
CRC32 86FEB4B2
Ssdeep 3:q12SVYqYy:q12SVQy
下载提交魔盾安全分析显示文本 
[partner]
id=80000372
ver = 3.2.1.42
文件名 \xe5\x8d\xb8\xe8\xbd\xbd\xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c.lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\\xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c\\xe5\x8d\xb8\xe8\xbd\xbd\xe7\x81\xab\xe5\x87\xa4\xe6\xb8\xb8\xe6\x88\x8f\xe4\xb8\x96\xe7\x95\x8c.lnk
文件大小 1030 字节
文件类型 MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 15:54:17 1600, mtime=Sun Dec 31 15:54:17 1600, atime=Sun Dec 31 15:54:17 1600, length=0, window=hide
MD5 ec379e129374e3c0f10a4019b13a3f10
SHA1 48b23cbc7fda37850a2a71a5e41f32aab0a292e4
SHA256 451e622775a70d20670f78d79f38f5b09e3a054dc901e76f1d41a1d4375742a9
CRC32 8A1B756B
Ssdeep 12:8wl0aY9/tpf7GyuRq/42d1VITl1Q1Vi/5NJkKAH4t2YZqI0GX:8ppzqRq9dAxqSTHAdq
下载提交魔盾安全分析
文件名 HFUILib.dll
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\HFUILib.dll
文件大小 319664 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 010b4d91d539d4e595bc5dfd0cc76d49
SHA1 0a72003557a8676705ebdbdf23b35f62202d0099
SHA256 93125bad493948dd0c577623a364751a1c960561a6b933a2c5dfd8b93421dad5
CRC32 BD975B4C
Ssdeep 6144:5NJY/UbzDM7Zy1JM+a4E4ttTea21oTJ7VObmXfRR7:2sI9y1JZttL2qTJDX5R7
下载提交魔盾安全分析
文件名 ThunderFW.exe
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\bin\download\ThunderFW.exe
文件大小 73160 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 f0372ff8a6148498b19e04203dbb9e69
SHA1 27fe4b5f8cb9464ab5ddc63e69c3c180b77dbde8
SHA256 298d334b630c77b70e66cf5e9c1924c7f0d498b02c2397e92e2d9efdff2e1bdf
CRC32 073B7C68
Ssdeep 1536:BG9vRpkFqhyU/v47PZSOKhqTwYu5tEm1n22W:E1RIOAkz5tEmZvW
魔盾安全分析结果 2.8分析时间:2016-08-26 17:00:50查看分析报告
下载提交魔盾安全分析
文件名 mygames.png
相关文件
C:\Users\test\AppData\Local\HuofengGameWorld\setting\mygames.png
文件大小 2289 字节
文件类型 PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced
MD5 5cae3b1af2d7fa15a301bd73e57bb6a8
SHA1 54502662655eac7889fd49b701d2f5f37ea1e219
SHA256 f2af69dd00da4e6b1fe8d930824a892cf0e75c9ae3c7a3132ce66288d17efdcb
CRC32 BCA75D22
Ssdeep 48:ZwqQNn2xWJ3GZflvwDtz0lGqD/pod2GGB:XY2DFSolGqlg3GB
下载提交魔盾安全分析
文件名 test@hfgame.huofeng[1].txt
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@hfgame.huofeng[1].txt
文件大小 85 字节
文件类型 ASCII text
MD5 08a9501f83856d6a315ace0e6e759896
SHA1 009b0a51c5688345333f164afd47e2105a2725b9
SHA256 4a2917e99322a9b03424b3c3b9c8adcf1bf81f43cf1d51c03a603d3ed8ae6ff5
CRC32 99429A0A
Ssdeep 3:aAML8BvxWVeWLNNLBvVvmQxmWQFLtWVv:LML8BvQVhPB9zmWQFpWF
下载提交魔盾安全分析显示文本 
hfgameinstalled
yes
hfgame.huofeng.site/
0
1998739072
31079493
1717974384
30611296
*
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 47.167 seconds )

  • 20.934 NetworkAnalysis
  • 8.733 Suricata
  • 8.616 BehaviorAnalysis
  • 3.435 TargetInfo
  • 1.775 VirusTotal
  • 1.701 Static
  • 1.621 Dropped
  • 0.318 peid
  • 0.013 Strings
  • 0.012 AnalysisInfo
  • 0.005 config_decoder
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 6.381 seconds )

  • 2.377 md_url_bl
  • 0.634 antiav_detectreg
  • 0.365 stealth_timeout
  • 0.326 api_spamming
  • 0.246 decoy_document
  • 0.22 infostealer_ftp
  • 0.169 infostealer_browser
  • 0.133 antianalysis_detectreg
  • 0.126 infostealer_im
  • 0.122 antivm_generic_scsi
  • 0.122 antivm_generic_disk
  • 0.106 md_bad_drop
  • 0.105 mimics_filetime
  • 0.101 stealth_file
  • 0.097 md_domain_bl
  • 0.094 virus
  • 0.079 bootkit
  • 0.077 shifu_behavior
  • 0.07 infostealer_mail
  • 0.062 hancitor_behavior
  • 0.052 antivm_generic_services
  • 0.046 ipc_namedpipe
  • 0.037 infostealer_browser_password
  • 0.033 kibex_behavior
  • 0.033 antivm_xen_keys
  • 0.033 darkcomet_regkeys
  • 0.03 antivm_parallels_keys
  • 0.028 geodo_banking_trojan
  • 0.027 recon_fingerprint
  • 0.024 betabot_behavior
  • 0.023 persistence_autorun
  • 0.022 antivm_generic_diskreg
  • 0.02 antiav_detectfile
  • 0.018 antisandbox_productid
  • 0.014 infostealer_bitcoin
  • 0.011 persistence_bootexecute
  • 0.011 creates_largekey
  • 0.011 antivm_hyperv_keys
  • 0.011 antivm_vbox_keys
  • 0.011 antivm_vmware_keys
  • 0.011 antivm_vpc_keys
  • 0.01 antivm_xen_keys
  • 0.01 antivm_vbox_acpi
  • 0.01 bypass_firewall
  • 0.01 packer_armadillo_regkey
  • 0.009 antivm_generic_bios
  • 0.009 antivm_generic_cpu
  • 0.009 antivm_generic_system
  • 0.009 recon_programs
  • 0.008 antivm_vbox_files
  • 0.008 ransomware_extensions
  • 0.007 injection_createremotethread
  • 0.007 creates_nullvalue
  • 0.007 ransomware_files
  • 0.006 antiemu_wine_func
  • 0.006 securityxploded_modules
  • 0.005 dridex_behavior
  • 0.005 sets_autoconfig_url
  • 0.005 nymaim_behavior
  • 0.005 injection_runpe
  • 0.005 kovter_behavior
  • 0.004 ransomware_message
  • 0.004 antivm_vbox_libs
  • 0.004 antidbg_windows
  • 0.004 disables_browser_warn
  • 0.003 antiav_avast_libs
  • 0.003 tinba_behavior
  • 0.003 rat_luminosity
  • 0.003 vawtrak_behavior
  • 0.003 antidbg_devices
  • 0.003 browser_security
  • 0.003 network_torgateway
  • 0.002 hawkeye_behavior
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 disables_spdy
  • 0.002 injection_explorer
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 exec_crash
  • 0.002 disables_wfp
  • 0.002 cerber_behavior
  • 0.002 antiemu_wine_reg
  • 0.002 modify_proxy
  • 0.002 modify_uac_prompt
  • 0.002 network_http
  • 0.002 rat_pcclient
  • 0.001 office_dl_write_exe
  • 0.001 office_write_exe
  • 0.001 network_anomaly
  • 0.001 antivm_vmware_libs
  • 0.001 stealth_network
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ursnif_behavior
  • 0.001 h1n1_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 maldun_blacklist
  • 0.001 modify_security_center_warnings
  • 0.001 network_cnc_http
  • 0.001 office_security
  • 0.001 rat_spynet
  • 0.001 sniffer_winpcap
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 targeted_flame

Reporting ( 0.868 seconds )

  • 0.743 ReportHTMLSummary
  • 0.125 Malheur
Task ID 122636
Mongo ID 5a33c69ebb7d5720df12a42b
Cuckoo release 1.4-Maldun