比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-5 2018-03-24 10:26:28 2018-03-24 10:28:53 145 秒

魔盾分数

0.0

正常的

文件详细信息

文件名 openvpn.exe
文件大小 768736 字节
文件类型 PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
MD5 61f744f9ee1e542b2f34cb76fba9c916
SHA1 4d268145d79a33a9f4ae6d30a0bacc507916249b
SHA256 b0de641b39beea7dc34eb3f6e94289a51b732f70c3c662e2d3e19299c7cb998b
SHA512 1d4cfc7440bf1a404ac005b6a541b3d43c94963beca347bc044d726b25c13611fbdfac7d4527c117708c542e196b40aa46af9e0f91986765bc306cb962e40c26
CRC32 3DC44334
Ssdeep 12288:l1IvrRlT45DrrRH0NInJvhtr0VDIrSQvzjYQBHE:l1IvrRlT45DrrRhJvhtr0VErSKE0HE
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.16.90.188 美国
117.18.237.29 亚洲太平洋地区

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
crt.comodoca.com A 104.16.92.188
CNAME crt.comodoca.com.cdn.cloudflare.net
A 104.16.90.188
A 104.16.91.188
A 104.16.93.188
A 104.16.89.188
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00401520
声明校验值 0x000ca077
实际校验值 0x000ca077
最低操作系统版本要求 4.0
编译时间 1970-01-01 08:00:00
载入哈希 9ab6f31dc079f6071345bfa9d51ae436

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
None Fri Oct 13 18:57:32 2017
证书链 Certificate Chain 1
发行给 AddTrust External CA Root
发行人 AddTrust External CA Root
有效期 Sat May 30 184838 2020
SHA1 哈希 02faf3e291435468607857694df5e45b68851868
证书链 Certificate Chain 2
发行给 COMODO RSA Certification Authority
发行人 AddTrust External CA Root
有效期 Sat May 30 184838 2020
SHA1 哈希 f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0
证书链 Certificate Chain 3
发行给 COMODO RSA Code Signing CA
发行人 COMODO RSA Certification Authority
有效期 Tue May 09 075959 2028
SHA1 哈希 b69e752bbe88b4458200a7c0f4f5b3cce6f35b47
证书链 Certificate Chain 4
发行给 Express Vpn LLC
发行人 COMODO RSA Code Signing CA
有效期 Thu Jan 21 075959 2021
SHA1 哈希 bb0304c1ff6dc0384701dd88363c2f1a1d5c8aeb
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert SHA2 Assured ID Timestamping CA
发行人 DigiCert Assured ID Root CA
有效期 Tue Jan 07 200000 2031
SHA1 哈希 3ba63a6e4841355772debef9cdcf4d5af353a297
证书链 Timestamp Chain 3
发行给 DigiCert SHA2 Timestamp Responder
发行人 DigiCert SHA2 Assured ID Timestamping CA
有效期 Tue Jan 18 080000 2028
SHA1 哈希 400191475c98891deba104af47091b5eb6d4cbcb

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00082860 0x00082a00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_16BYTES 5.80
.data 0x00084000 0x00000300 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES 2.09
.rdata 0x00085000 0x000224b0 0x00022600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_32BYTES 5.26
.pdata 0x000a8000 0x00007c74 0x00007e00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 5.87
.xdata 0x000b0000 0x000076c8 0x00007800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_ALIGN_4BYTES 3.57
.bss 0x000b8000 0x00007d70 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES 0.00
.idata 0x000c0000 0x00004538 0x00004600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES 4.65
.CRT 0x000c5000 0x00000068 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_8BYTES 0.28
.tls 0x000c6000 0x00000068 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_32BYTES 0.21
.rsrc 0x000c7000 0x00000338 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE|IMAGE_SCN_ALIGN_4BYTES 2.73

覆盖

偏移量 0x000b9c00
大小 0x00001ee0

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x000c7058 0x000002dc LANG_NEUTRAL SUBLANG_NEUTRAL 3.39 data

导入

库: LIBEAY32.dll:
0x4c0f40 ASN1_INTEGER_cmp
0x4c0f48 ASN1_INTEGER_to_BN
0x4c0f50 ASN1_OBJECT_free
0x4c0f58 ASN1_STRING_to_UTF8
0x4c0f60 BIO_ctrl
0x4c0f68 BIO_f_base64
0x4c0f70 BIO_free
0x4c0f78 BIO_free_all
0x4c0f80 BIO_new
0x4c0f88 BIO_new_file
0x4c0f90 BIO_new_mem_buf
0x4c0f98 BIO_push
0x4c0fa0 BIO_read
0x4c0fa8 BIO_s_mem
0x4c0fb0 BIO_test_flags
0x4c0fb8 BIO_write
0x4c0fc0 BN_bn2dec
0x4c0fc8 BN_dup
0x4c0fd0 BN_free
0x4c0fd8 BN_new
0x4c0fe0 BN_num_bits
0x4c0fe8 BN_set_word
0x4c0ff0 CRYPTO_free
0x4c1000 DES_ecb_encrypt
0x4c1008 DES_is_weak_key
0x4c1018 DES_set_odd_parity
0x4c1020 DH_free
0x4c1028 DH_size
0x4c1030 ENGINE_by_id
0x4c1038 ENGINE_cleanup
0x4c1048 ENGINE_free
0x4c1050 ENGINE_get_first
0x4c1058 ENGINE_get_id
0x4c1060 ENGINE_get_name
0x4c1068 ENGINE_get_next
0x4c1080 ENGINE_set_default
0x4c1088 ERR_clear_error
0x4c1090 ERR_error_string
0x4c1098 ERR_free_strings
0x4c10a0 ERR_get_error
0x4c10a8 ERR_load_strings
0x4c10b0 ERR_peek_error
0x4c10b8 ERR_put_error
0x4c10e0 EVP_CIPHER_CTX_init
0x4c1108 EVP_CIPHER_flags
0x4c1120 EVP_CIPHER_nid
0x4c1128 EVP_CipherFinal
0x4c1130 EVP_CipherInit
0x4c1138 EVP_CipherUpdate
0x4c1140 EVP_Digest
0x4c1148 EVP_DigestFinal
0x4c1150 EVP_DigestInit
0x4c1158 EVP_DigestUpdate
0x4c1160 EVP_MD_CTX_cleanup
0x4c1168 EVP_MD_CTX_init
0x4c1170 EVP_MD_CTX_md
0x4c1178 EVP_MD_size
0x4c1180 EVP_MD_type
0x4c1188 EVP_PKEY_free
0x4c1190 EVP_cleanup
0x4c11a8 HMAC_CTX_cleanup
0x4c11b0 HMAC_CTX_init
0x4c11b8 HMAC_Final
0x4c11c0 HMAC_Init_ex
0x4c11c8 HMAC_Update
0x4c11d0 OBJ_nid2sn
0x4c11d8 OBJ_obj2nid
0x4c11e0 OBJ_obj2txt
0x4c11e8 OBJ_txt2nid
0x4c1210 PEM_read_bio_X509
0x4c1220 PEM_write_X509
0x4c1228 PKCS12_free
0x4c1230 PKCS12_parse
0x4c1238 RAND_bytes
0x4c1240 RSA_free
0x4c1248 RSA_generate_key_ex
0x4c1250 RSA_new
0x4c1258 RSA_set_method
0x4c1260 RSA_size
0x4c1268 SSLeay_version
0x4c1270 X509V3_EXT_print
0x4c1278 X509_CRL_free
0x4c1280 X509_INFO_free
0x4c1288 X509_LOOKUP_ctrl
0x4c12a8 X509_NAME_cmp
0x4c12b0 X509_NAME_dup
0x4c12c0 X509_NAME_get_entry
0x4c12d0 X509_NAME_oneline
0x4c12d8 X509_NAME_print_ex
0x4c12e8 X509_STORE_add_cert
0x4c12f0 X509_STORE_add_crl
0x4c1308 X509_cmp_time
0x4c1310 X509_free
0x4c1318 X509_get_ext
0x4c1320 X509_get_ext_by_NID
0x4c1328 X509_get_ext_d2i
0x4c1338 X509_get_pubkey
0x4c1358 d2i_PKCS12_bio
0x4c1360 d2i_PKCS12_fp
0x4c1368 d2i_X509
0x4c1370 i2a_ASN1_INTEGER
0x4c1378 sk_find
0x4c1380 sk_new
0x4c1388 sk_num
0x4c1390 sk_pop_free
0x4c1398 sk_push
0x4c13a0 sk_value
库: liblzo2-2.dll:
0x4c13b0 __lzo_init_v2
0x4c13b8 lzo1x_1_15_compress
0x4c13c8 lzo_version_string
库: libpkcs11-helper-1.dll:
0x4c13d8 pkcs11h_addProvider
0x4c1428 pkcs11h_getMessage
0x4c1430 pkcs11h_initialize
0x4c1438 pkcs11h_logout
0x4c1468 pkcs11h_setForkMode
0x4c1470 pkcs11h_setLogHook
0x4c1478 pkcs11h_setLogLevel
0x4c14a0 pkcs11h_terminate
库: SSLEAY32.dll:
0x4c14b0 BIO_f_ssl
0x4c14b8 SSL_CIPHER_get_name
0x4c14d8 SSL_CTX_ctrl
0x4c14e0 SSL_CTX_free
0x4c14f8 SSL_CTX_new
0x4c1528 SSL_CTX_set_verify
0x4c1548 SSL_free
0x4c1550 SSL_get_cipher_list
0x4c1560 SSL_get_ex_data
0x4c1580 SSL_get_version
0x4c1588 SSL_library_init
0x4c1598 SSL_new
0x4c15a8 SSL_set_bio
0x4c15b8 SSL_set_ex_data
0x4c15c8 SSLv23_method
0x4c15d8 TLSv1_client_method
0x4c15e0 TLSv1_server_method
库: ADVAPI32.dll:
0x4c15f0 CryptCreateHash
0x4c15f8 CryptDestroyHash
0x4c1600 CryptGetHashParam
0x4c1608 CryptReleaseContext
0x4c1610 CryptSetHashParam
0x4c1618 CryptSignHashA
0x4c1628 RegCloseKey
0x4c1630 RegEnumKeyExA
0x4c1638 RegOpenKeyExA
0x4c1640 RegQueryValueExA
0x4c1648 RegQueryValueExW
库: CRYPT32.dll:
0x4c1668 CertCloseStore
0x4c1680 CertOpenStore
库: IPHLPAPI.DLL:
0x4c1698 AddIPAddress
0x4c16a8 DeleteIPAddress
0x4c16b8 FlushIpNetTable
0x4c16c0 GetAdapterIndex
0x4c16c8 GetAdaptersInfo
0x4c16d0 GetInterfaceInfo
0x4c16d8 GetIpForwardTable
0x4c16e0 GetPerAdapterInfo
0x4c16e8 IpReleaseAddress
0x4c16f0 IpRenewAddress
库: KERNEL32.dll:
0x4c1700 CancelIo
0x4c1708 CloseHandle
0x4c1710 CreateEventA
0x4c1718 CreateFileA
0x4c1720 CreateFileW
0x4c1728 CreateProcessA
0x4c1730 CreateProcessW
0x4c1738 CreateSemaphoreA
0x4c1748 DeleteFileW
0x4c1750 DeviceIoControl
0x4c1760 FormatMessageA
0x4c1768 FormatMessageW
0x4c1770 FreeLibrary
0x4c1778 GetConsoleMode
0x4c1780 GetConsoleTitleA
0x4c1788 GetCurrentProcess
0x4c1790 GetCurrentProcessId
0x4c1798 GetCurrentThreadId
0x4c17a8 GetExitCodeProcess
0x4c17b0 GetFileType
0x4c17b8 GetLastError
0x4c17c0 GetModuleFileNameA
0x4c17c8 GetModuleFileNameW
0x4c17d8 GetOverlappedResult
0x4c17e0 GetProcAddress
0x4c17e8 GetStartupInfoA
0x4c17f0 GetStartupInfoW
0x4c17f8 GetStdHandle
0x4c1808 GetTempPathW
0x4c1810 GetTickCount
0x4c1830 LoadLibraryA
0x4c1838 LoadLibraryW
0x4c1840 LocalFree
0x4c1848 MultiByteToWideChar
0x4c1858 ReadConsoleInputA
0x4c1860 ReadConsoleW
0x4c1868 ReadFile
0x4c1870 ReleaseSemaphore
0x4c1878 ResetEvent
0x4c1880 RtlAddFunctionTable
0x4c1888 RtlCaptureContext
0x4c1898 RtlVirtualUnwind
0x4c18a8 SetConsoleMode
0x4c18b0 SetConsoleOutputCP
0x4c18b8 SetConsoleTitleA
0x4c18c0 SetEvent
0x4c18c8 SetFilePointer
0x4c18d0 SetLastError
0x4c18e0 Sleep
0x4c18e8 TerminateProcess
0x4c18f0 TlsGetValue
0x4c1900 VerSetConditionMask
0x4c1908 VerifyVersionInfoW
0x4c1910 VirtualProtect
0x4c1918 VirtualQuery
0x4c1920 WaitForSingleObject
0x4c1928 WideCharToMultiByte
0x4c1930 WriteConsoleInputA
0x4c1938 WriteFile
库: msvcrt.dll:
0x4c1950 __dllonexit
0x4c1958 __iob_func
0x4c1960 __lconv_init
0x4c1968 __set_app_type
0x4c1970 __setusermatherr
0x4c1978 __wgetmainargs
0x4c1980 __winitenv
0x4c1988 _amsg_exit
0x4c1990 _cexit
0x4c1998 _chsize
0x4c19a0 _dup2
0x4c19a8 _errno
0x4c19b0 _exit
0x4c19b8 _fdopen
0x4c19c0 _fmode
0x4c19c8 _initterm
0x4c19d0 _lock
0x4c19d8 _onexit
0x4c19e0 _open_osfhandle
0x4c19e8 _snwprintf
0x4c19f0 _stricmp
0x4c19f8 _unlock
0x4c1a00 _vsnprintf
0x4c1a08 _waccess
0x4c1a10 _wchdir
0x4c1a18 _wcmdln
0x4c1a20 _wfopen
0x4c1a28 _wopen
0x4c1a30 abort
0x4c1a38 atoi
0x4c1a40 calloc
0x4c1a48 ctime
0x4c1a50 exit
0x4c1a58 fclose
0x4c1a60 fflush
0x4c1a68 fgets
0x4c1a70 fopen
0x4c1a78 fprintf
0x4c1a80 fputc
0x4c1a88 free
0x4c1a90 fwprintf
0x4c1a98 fwrite
0x4c1aa0 isalnum
0x4c1aa8 isalpha
0x4c1ab0 iscntrl
0x4c1ab8 isprint
0x4c1ac0 ispunct
0x4c1ac8 isspace
0x4c1ad0 isxdigit
0x4c1ad8 malloc
0x4c1ae0 mbstowcs
0x4c1ae8 memcmp
0x4c1af0 memcpy
0x4c1af8 memmove
0x4c1b00 memset
0x4c1b08 printf
0x4c1b10 putchar
0x4c1b18 puts
0x4c1b20 qsort
0x4c1b28 raise
0x4c1b30 rand
0x4c1b38 realloc
0x4c1b40 setlocale
0x4c1b48 signal
0x4c1b50 srand
0x4c1b58 sscanf
0x4c1b60 strcat
0x4c1b68 strchr
0x4c1b70 strcmp
0x4c1b78 strcpy
0x4c1b80 strcspn
0x4c1b88 strerror
0x4c1b90 strlen
0x4c1b98 strncmp
0x4c1ba0 strncpy
0x4c1ba8 strrchr
0x4c1bb0 strstr
0x4c1bb8 strtol
0x4c1bc0 tolower
0x4c1bc8 toupper
0x4c1bd0 vfprintf
0x4c1bd8 wcscpy
0x4c1be0 wcstombs
0x4c1be8 _time64
0x4c1bf0 _wstat64
0x4c1bf8 _write
0x4c1c00 _strdup
0x4c1c08 _read
0x4c1c10 _open
0x4c1c18 _lseek
0x4c1c20 _dup2
0x4c1c28 _dup
0x4c1c30 _close
库: USER32.dll:
0x4c1c40 MessageBoxW
库: WS2_32.dll:
0x4c1c50 WSAAddressToStringA
0x4c1c58 WSACleanup
0x4c1c68 WSAEventSelect
0x4c1c70 WSAGetLastError
0x4c1c80 WSARecv
0x4c1c88 WSARecvFrom
0x4c1c90 WSASend
0x4c1c98 WSASendTo
0x4c1ca0 WSASetLastError
0x4c1ca8 WSAStartup
0x4c1cb0 WSAStringToAddressA
0x4c1cc0 accept
0x4c1cc8 bind
0x4c1cd0 closesocket
0x4c1cd8 connect
0x4c1ce0 freeaddrinfo
0x4c1ce8 getaddrinfo
0x4c1cf0 getnameinfo
0x4c1cf8 getsockname
0x4c1d00 getsockopt
0x4c1d08 htonl
0x4c1d10 htons
0x4c1d18 inet_ntoa
0x4c1d20 ioctlsocket
0x4c1d28 listen
0x4c1d30 ntohl
0x4c1d38 ntohs
0x4c1d40 recv
0x4c1d48 select
0x4c1d50 send
0x4c1d58 setsockopt
0x4c1d60 socket
.text
P`.data
.rdata
`@.pdata
0@.xdata
0@.bss
.idata
.rsrc
wH=8'
wH=E'
wH=S'
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20171216
MicroWorld-eScan 未发现病毒 20171217
nProtect 未发现病毒 20171217
CMC 未发现病毒 20171217
CAT-QuickHeal 未发现病毒 20171216
ALYac 未发现病毒 20171217
Malwarebytes 未发现病毒 20171217
VIPRE 未发现病毒 20171217
TheHacker 未发现病毒 20171210
K7GW 未发现病毒 20171214
K7AntiVirus 未发现病毒 20171217
Arcabit 未发现病毒 20171215
Invincea 未发现病毒 20170914
Baidu 未发现病毒 20171216
F-Prot 未发现病毒 20171217
Symantec 未发现病毒 20171216
TotalDefense 未发现病毒 20171216
TrendMicro-HouseCall 未发现病毒 20171217
Avast 未发现病毒 20171217
ClamAV 未发现病毒 20171216
Kaspersky 未发现病毒 20171217
BitDefender 未发现病毒 20171217
NANO-Antivirus 未发现病毒 20171217
ViRobot 未发现病毒 20171216
AegisLab 未发现病毒 20171217
Rising Worm.Win32.FTP/BitCoinMiner-Botnet!1.ACDC (CLASSIC) 20171217
Ad-Aware 未发现病毒 20171217
Emsisoft 未发现病毒 20171217
Comodo 未发现病毒 20171217
F-Secure 未发现病毒 20171217
DrWeb 未发现病毒 20171217
Zillya 未发现病毒 20171214
TrendMicro 未发现病毒 20171217
McAfee-GW-Edition 未发现病毒 20171217
Sophos 未发现病毒 20171217
SentinelOne 未发现病毒 20171207
Cyren 未发现病毒 20171217
Jiangmin 未发现病毒 20171217
Webroot 未发现病毒 20171217
Avira 未发现病毒 20171216
Fortinet 未发现病毒 20171217
Antiy-AVL 未发现病毒 20171217
Kingsoft 未发现病毒 20171217
Endgame 未发现病毒 20171130
Microsoft 未发现病毒 20171216
SUPERAntiSpyware 未发现病毒 20171216
ZoneAlarm 未发现病毒 20171217
Avast-Mobile 未发现病毒 20171216
AhnLab-V3 未发现病毒 20171216
McAfee 未发现病毒 20171217
AVware 未发现病毒 20171217
MAX 未发现病毒 20171217
VBA32 未发现病毒 20171215
Cylance 未发现病毒 20171217
WhiteArmor 未发现病毒 20171204
Panda 未发现病毒 20171216
Zoner 未发现病毒 20171217
ESET-NOD32 未发现病毒 20171217
Tencent 未发现病毒 20171217
Yandex 未发现病毒 20171216
Ikarus 未发现病毒 20171216
eGambit 未发现病毒 20171217
GData 未发现病毒 20171217
AVG 未发现病毒 20171217
Cybereason 未发现病毒 20171103
Paloalto 未发现病毒 20171217
CrowdStrike 未发现病毒 20171016
Qihoo-360 未发现病毒 20171217
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.16.90.188 美国
117.18.237.29 亚洲太平洋地区

TCP

源地址 源端口 目标地址 目标端口
192.168.122.205 49159 104.16.90.188 crt.comodoca.com 80
192.168.122.205 49167 117.18.237.29 ocsp.digicert.com 80
192.168.122.205 49160 178.255.83.1 80
192.168.122.205 49161 178.255.83.1 80
192.168.122.205 49162 178.255.83.1 80
192.168.122.205 49166 65.200.22.9 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.205 55718 192.168.122.1 53
192.168.122.205 60006 192.168.122.1 53
192.168.122.205 62685 192.168.122.1 53
192.168.122.205 63809 192.168.122.1 53
192.168.122.205 64259 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
crt.comodoca.com A 104.16.92.188
CNAME crt.comodoca.com.cdn.cloudflare.net
A 104.16.90.188
A 104.16.91.188
A 104.16.93.188
A 104.16.89.188
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

TCP

源地址 源端口 目标地址 目标端口
192.168.122.205 49159 104.16.90.188 crt.comodoca.com 80
192.168.122.205 49167 117.18.237.29 ocsp.digicert.com 80
192.168.122.205 49160 178.255.83.1 80
192.168.122.205 49161 178.255.83.1 80
192.168.122.205 49162 178.255.83.1 80
192.168.122.205 49166 65.200.22.9 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.205 55718 192.168.122.1 53
192.168.122.205 60006 192.168.122.1 53
192.168.122.205 62685 192.168.122.1 53
192.168.122.205 63809 192.168.122.1 53
192.168.122.205 64259 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://crt.comodoca.com/COMODORSAAddTrustCA.crt 
GET /COMODORSAAddTrustCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crt.comodoca.com
URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1
Cache-Control: max-age = 462303
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 30 May 2017 14:10:49 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEQDjB%2Fbx%2BsdCPmwAM2qUEFsX 
GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEQDjB%2Fbx%2BsdCPmwAM2qUEFsX HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl 
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT
If-None-Match: "59aa882b-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 13.51 seconds )

  • 7.264 Suricata
  • 2.593 NetworkAnalysis
  • 1.225 TargetInfo
  • 1.188 VirusTotal
  • 0.795 Static
  • 0.257 peid
  • 0.171 AnalysisInfo
  • 0.009 Strings
  • 0.003 Memory
  • 0.002 BehaviorAnalysis
  • 0.002 Debug
  • 0.001 config_decoder

Signatures ( 1.506 seconds )

  • 1.412 md_url_bl
  • 0.014 md_domain_bl
  • 0.013 antiav_detectreg
  • 0.006 persistence_autorun
  • 0.006 infostealer_ftp
  • 0.005 antiav_detectfile
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_im
  • 0.004 md_bad_drop
  • 0.004 ransomware_files
  • 0.003 antianalysis_detectreg
  • 0.003 disables_browser_warn
  • 0.003 infostealer_bitcoin
  • 0.003 ransomware_extensions
  • 0.002 rat_nanocore
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 browser_security
  • 0.002 infostealer_mail
  • 0.002 network_http
  • 0.002 network_torgateway
  • 0.001 betabot_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy

Reporting ( 0.394 seconds )

  • 0.376 ReportHTMLSummary
  • 0.018 Malheur
Task ID 141546
Mongo ID 5ab5b7f9bb7d5768522f9c97
Cuckoo release 1.4-Maldun