分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp03-1 2018-03-23 22:02:32 2018-03-23 22:05:06 154 秒

魔盾分数

1.35

正常的

文件详细信息

文件名 gcway.dll
文件大小 5423560 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 dcbbc361458490199fb4ceabab7a7af8
SHA1 075bf4d6e25edab83b355b04388645d2a740b6ac
SHA256 f73d3fb4c86e94318591ca1aad83337ca97af952fc5a26421978c16b87b3f6ac
SHA512 738f43cd1be842a046438791a06978e395ca9da694d6db5135c462fdfb3472d525cea40fdb4802f95bc3dc2f2613fbf41f254ddc50d8f821abee041966b91bbd
CRC32 5069BD98
Ssdeep 98304:03xre9SxpUsVuPbP3PMhDDJ8+7wkkmAIdlp4kHQPJwGb:kxDxpUsGbvP098ICPIdlLHJGb
Yara 登录查看Yara规则
样本下载 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.96.10.73 中国
117.18.237.29 亚洲太平洋地区

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

摘要

登录查看详细行为信息

PE 信息

初始地址 0x10000000
入口地址 0x10944117
声明校验值 0x0052cc18
实际校验值 0x0052cc18
最低操作系统版本要求 5.1
编译时间 2018-01-26 04:35:34
载入哈希 0f81b2a81cb9f02069932fdb16090ac8
导出DLL库名称 GCWay.dll

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
70146a6dc196335228c0b9d4fc7440e62d9faa97 Fri Jan 26 05:57:03 2018
证书链 Certificate Chain 1
发行给 DigiCert High Assurance EV Root CA
发行人 DigiCert High Assurance EV Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25
证书链 Certificate Chain 2
发行给 DigiCert High Assurance Code Signing CA-1
发行人 DigiCert High Assurance EV Root CA
有效期 Tue Feb 10 200000 2026
SHA1 哈希 e308f829dc77e80af15edd4151ea47c59399ab46
证书链 Certificate Chain 3
发行给 Joao Hermes
发行人 DigiCert High Assurance Code Signing CA-1
有效期 Wed Oct 10 200000 2018
SHA1 哈希 fd384e152d92e94634dbc3b817e2febbf550d638
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert Assured ID CA-1
发行人 DigiCert Assured ID Root CA
有效期 Wed Nov 10 080000 2021
SHA1 哈希 19a09b5a36f4dd99727df783c17a51231a56c117
证书链 Timestamp Chain 3
发行给 DigiCert Timestamp Responder
发行人 DigiCert Assured ID CA-1
有效期 Tue Oct 22 080000 2024
SHA1 哈希 614d271d9102e30169822487fde5de00a352b01d

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000e379c 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.rdata 0x000e5000 0x00042af4 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.00
.data 0x00128000 0x00065a48 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.ddata0 0x0018e000 0x003c5aa8 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.ddata1 0x00554000 0x00527500 0x00527600 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 7.95
.reloc 0x00a7c000 0x000007c0 0x00000800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.42
.rsrc 0x00a7d000 0x00000598 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.24

覆盖

偏移量 0x00528800
大小 0x000039c8

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x00a7d0a0 0x000002d4 LANG_ENGLISH SUBLANG_ENGLISH_US 3.37 data
RT_MANIFEST 0x00a7d374 0x00000224 LANG_ENGLISH SUBLANG_ENGLISH_US 5.04 XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

导入

库: GDI32.dll:
0x10948000 ChoosePixelFormat
0x10948004 CreateDCA
0x10948008 StretchBlt
0x1094800c DeleteDC
0x10948010 SetPixelFormat
库: PSAPI.DLL:
0x10948018 EnumProcessModules
0x10948020 GetModuleFileNameExA
库: gdiplus.dll:
0x1094802c GdipCloneImage
0x10948030 GdipSaveImageToFile
0x10948038 GdipGetImageEncoders
0x1094803c GdipFree
0x10948040 GdipAlloc
0x10948044 GdipDeleteBrush
0x10948048 GdipCloneBrush
0x1094804c GdipCreateSolidFill
0x10948050 GdipDisposeImage
0x10948058 GdipDeleteGraphics
0x1094805c GdipGetDC
0x10948060 GdipReleaseDC
0x10948064 GdiplusStartup
0x1094806c GdiplusShutdown
0x10948070 GdipFillRectangleI
库: urlmon.dll:
0x10948078 URLDownloadToFileW
库: WS2_32.dll:
0x10948080 WSAGetLastError
0x10948084 WSASetLastError
0x10948088 closesocket
0x1094808c setsockopt
0x10948090 WSASend
0x10948094 getaddrinfo
0x10948098 freeaddrinfo
0x1094809c htonl
0x109480a0 WSACleanup
0x109480a4 ioctlsocket
0x109480a8 connect
0x109480ac WSAStartup
0x109480b0 inet_ntoa
0x109480b4 ntohl
0x109480b8 getsockopt
0x109480bc WSAIoctl
0x109480c0 bind
0x109480c4 getsockname
0x109480c8 WSARecv
0x109480cc listen
0x109480d0 accept
0x109480d4 select
0x109480d8 __WSAFDIsSet
0x109480dc WSASocketW
库: OPENGL32.dll:
0x109480e4 wglDeleteContext
0x109480e8 wglMakeCurrent
0x109480ec wglCreateContext
0x109480f0 glGetString
库: ntdll.dll:
0x109480f8 RtlAdjustPrivilege
0x109480fc NtRaiseHardError
0x10948100 NtShutdownSystem
0x10948104 NtSetSystemPowerState
0x10948108 RtlUnwind
0x1094810c VerSetConditionMask
库: USER32.dll:
0x10948114 wsprintfW
0x10948118 EnumDisplayDevicesA
0x1094811c EnumDisplayMonitors
0x10948120 GetSystemMetrics
0x10948124 GetMonitorInfoA
0x10948128 UnionRect
0x1094812c MessageBoxA
库: ole32.dll:
0x10948134 CoCreateInstance
0x10948138 CoUninitialize
0x1094813c CoSetProxyBlanket
0x10948140 CoInitialize
0x10948144 CoInitializeEx
库: OLEAUT32.dll:
0x1094814c VariantClear
0x10948150 SysAllocString
0x10948154 SysFreeString
0x10948158 VariantInit
库: iphlpapi.dll:
0x10948160 GetInterfaceInfo
0x10948164 GetIpAddrTable
0x10948168 GetIpForwardTable
0x1094816c GetAdaptersAddresses
0x10948170 GetNetworkParams
库: ADVAPI32.dll:
0x10948178 RegEnumKeyExA
0x1094817c QueryServiceStatus
0x10948180 RegQueryInfoKeyA
0x10948184 RegSetValueExA
0x10948188 RegCreateKeyExA
0x1094818c RegOpenKeyExA
0x10948198 OpenProcessToken
0x1094819c AdjustTokenPrivileges
0x109481a0 LookupPrivilegeValueA
0x109481a4 ControlService
0x109481a8 StartServiceA
0x109481ac DeleteService
0x109481b0 OpenServiceW
0x109481b4 CloseServiceHandle
0x109481b8 CreateServiceW
0x109481bc OpenSCManagerA
0x109481c0 RegOpenKeyA
0x109481c4 RegQueryValueExA
0x109481c8 RegCloseKey
库: KERNEL32.dll:
0x109481d0 GetModuleFileNameA
0x109481d4 ReadConsoleW
0x109481d8 GetConsoleMode
0x109481dc ReadFile
0x109481e0 GetOEMCP
0x109481e4 GetACP
0x109481e8 IsValidCodePage
0x109481ec HeapSize
0x109481f0 EnumSystemLocalesW
0x109481f4 GetUserDefaultLCID
0x109481f8 IsValidLocale
0x109481fc GetLocaleInfoW
0x10948200 LCMapStringW
0x10948204 CompareStringW
0x10948208 GetTimeFormatW
0x1094820c GetDateFormatW
0x10948214 GetCPInfo
0x10948218 UnregisterWait
0x10948220 SetThreadAffinityMask
0x10948224 GetProcessAffinityMask
0x1094822c DeleteTimerQueueTimer
0x10948230 WriteFile
0x10948234 CreateTimerQueueTimer
0x1094823c SwitchToThread
0x10948240 SignalObjectAndWait
0x10948244 WaitForSingleObjectEx
0x10948248 QueryDepthSList
0x1094824c InterlockedFlushSList
0x10948258 CreateTimerQueue
0x1094825c GetEnvironmentStringsW
0x10948260 CreateSemaphoreW
0x10948264 GetModuleHandleW
0x10948268 GetStartupInfoW
0x1094826c TerminateProcess
0x10948278 RaiseException
0x1094827c WriteConsoleW
0x10948280 GetModuleHandleExW
0x10948284 GetModuleFileNameW
0x10948288 GetFileType
0x1094828c GetStdHandle
0x10948290 IsDebuggerPresent
0x10948294 LoadLibraryExW
0x10948298 ExitThread
0x1094829c GetCommandLineA
0x109482a0 GetStringTypeW
0x109482a4 DecodePointer
0x109482a8 EncodePointer
0x109482b0 AreFileApisANSI
0x109482b4 GetFileAttributesExW
0x109482b8 FindNextFileW
0x109482bc FindFirstFileExW
0x109482c0 FindClose
0x109482c4 GetConsoleCP
0x109482c8 SetFilePointerEx
0x109482cc FlushFileBuffers
0x109482d0 HeapReAlloc
0x109482d4 OutputDebugStringW
0x109482d8 FreeLibrary
0x109482e0 ReleaseSemaphore
0x109482e4 InitializeSListHead
0x109482e8 UnregisterWaitEx
0x109482ec GetVersionExW
0x109482f0 GetTimeZoneInformation
0x109482f4 SetStdHandle
0x109482f8 SetEndOfFile
0x109482fc FormatMessageA
0x10948300 LocalFree
0x10948304 lstrlenA
0x1094830c ChangeTimerQueueTimer
0x10948310 GetWindowsDirectoryW
0x10948314 GetProcAddress
0x10948318 GetModuleHandleA
0x1094831c GetPrivateProfileIntA
0x10948320 CreateThread
0x10948324 ExitProcess
0x10948328 Sleep
0x1094832c VirtualProtect
0x10948330 GetCurrentProcessId
0x10948338 Process32First
0x1094833c Process32Next
0x10948340 CloseHandle
0x10948344 OpenProcess
0x10948348 WaitForSingleObject
0x1094834c VirtualQuery
0x10948350 WideCharToMultiByte
0x10948354 GetTickCount
0x10948358 lstrcpyW
0x10948360 GetSystemInfo
0x10948368 OutputDebugStringA
0x1094836c GetLastError
0x10948370 TlsFree
0x10948374 TlsAlloc
0x10948378 UnmapViewOfFile
0x1094837c GetCurrentDirectoryW
0x10948380 GetCurrentDirectoryA
0x10948384 CreateFileW
0x10948388 QueryDosDeviceW
0x1094838c IsWow64Process
0x10948390 GetCurrentProcess
0x10948394 DeviceIoControl
0x10948398 GetWindowsDirectoryA
0x1094839c CreateDirectoryA
0x109483a0 DeleteFileA
0x109483a4 SetEvent
0x109483a8 CreateFileMappingA
0x109483ac MapViewOfFile
0x109483b0 CreateEventA
0x109483b4 LeaveCriticalSection
0x109483b8 EnterCriticalSection
0x109483c0 CreateProcessA
0x109483c4 CreateIoCompletionPort
0x109483c8 DeleteCriticalSection
0x109483d0 VerifyVersionInfoA
0x109483d4 QueueUserAPC
0x109483d8 TerminateThread
0x109483dc WaitForMultipleObjects
0x109483e4 SetWaitableTimer
0x109483e8 SetLastError
0x109483ec TlsSetValue
0x109483f0 TlsGetValue
0x109483f4 SleepEx
0x109483f8 CreateEventW
0x109483fc DeleteFileW
0x10948400 MultiByteToWideChar
0x10948404 LoadLibraryW
0x10948410 VirtualQueryEx
0x10948414 GetModuleHandleExA
0x10948418 GetComputerNameA
0x10948420 CreateFileA
0x10948424 HeapAlloc
0x10948428 GetProcessHeap
0x1094842c HeapFree
0x10948434 GetThreadTimes
0x10948438 GetCurrentThread
0x1094843c GetThreadContext
0x10948440 VirtualFree
0x10948448 SetThreadPriority
0x1094844c FlushInstructionCache
0x10948450 VirtualAlloc
0x10948454 VirtualProtectEx
0x10948458 OpenThread
0x1094845c GetThreadPriority
0x10948460 GetCurrentThreadId
0x10948464 SuspendThread
0x10948468 ResumeThread
0x1094846c DuplicateHandle
库: WTSAPI32.dll:
0x10948474 WTSSendMessageW
库: KERNEL32.dll:
0x1094847c VirtualQuery
0x10948484 GetModuleHandleA
0x10948488 CreateEventA
0x1094848c GetModuleFileNameW
0x10948490 LoadLibraryA
0x10948494 FreeLibrary
0x10948498 TerminateProcess
0x1094849c GetCurrentProcess
0x109484a0 GetSystemInfo
0x109484a8 Thread32First
0x109484ac GetCurrentProcessId
0x109484b0 GetCurrentThreadId
0x109484b4 OpenThread
0x109484b8 Thread32Next
0x109484bc CloseHandle
0x109484c0 SuspendThread
0x109484c4 ResumeThread
0x109484c8 WriteProcessMemory
0x109484cc VirtualAlloc
0x109484d0 VirtualProtect
0x109484d4 VirtualFree
0x109484d8 GetProcessAffinityMask
0x109484dc SetProcessAffinityMask
0x109484e0 GetCurrentThread
0x109484e4 SetThreadAffinityMask
0x109484e8 Sleep
0x109484ec GetTickCount
0x109484f0 GlobalFree
0x109484f4 GetProcAddress
0x109484f8 LocalAlloc
0x109484fc LocalFree
0x10948500 ExitProcess
0x10948504 EnterCriticalSection
0x10948508 LeaveCriticalSection
0x10948510 DeleteCriticalSection
0x10948514 GetModuleHandleW
0x10948518 LoadResource
0x1094851c MultiByteToWideChar
0x10948520 FindResourceExW
0x10948524 FindResourceExA
0x10948528 WideCharToMultiByte
0x1094852c GetThreadLocale
0x10948530 GetUserDefaultLCID
0x10948534 GetSystemDefaultLCID
0x10948538 EnumResourceNamesA
0x1094853c EnumResourceNamesW
0x10948540 EnumResourceLanguagesA
0x10948544 EnumResourceLanguagesW
0x10948548 EnumResourceTypesA
0x1094854c EnumResourceTypesW
0x10948550 CreateFileW
0x10948554 LoadLibraryW
0x10948558 GetLastError
0x1094855c FlushFileBuffers
0x10948560 CreateFileA
0x10948564 WriteConsoleW
0x10948568 GetConsoleOutputCP
0x1094856c WriteConsoleA
0x10948570 GetCommandLineA
0x10948574 RaiseException
0x10948578 RtlUnwind
0x1094857c HeapFree
0x10948580 GetCPInfo
0x10948584 InterlockedIncrement
0x10948588 InterlockedDecrement
0x1094858c GetACP
0x10948590 GetOEMCP
0x10948594 IsValidCodePage
0x10948598 TlsGetValue
0x1094859c TlsAlloc
0x109485a0 TlsSetValue
0x109485a4 TlsFree
0x109485a8 SetLastError
0x109485b4 IsDebuggerPresent
0x109485b8 HeapAlloc
0x109485bc LCMapStringA
0x109485c0 LCMapStringW
0x109485c4 SetHandleCount
0x109485c8 GetStdHandle
0x109485cc GetFileType
0x109485d0 GetStartupInfoA
0x109485d4 GetModuleFileNameA
0x109485dc GetEnvironmentStrings
0x109485e4 GetEnvironmentStringsW
0x109485e8 HeapCreate
0x109485ec HeapDestroy
0x109485f4 HeapReAlloc
0x109485f8 GetStringTypeA
0x109485fc GetStringTypeW
0x10948600 GetLocaleInfoA
0x10948604 HeapSize
0x10948608 WriteFile
0x1094860c SetFilePointer
0x10948610 GetConsoleCP
0x10948614 GetConsoleMode
0x1094861c SetStdHandle
库: USER32.dll:
0x10948628 CharUpperBuffW
0x1094862c MessageBoxW
库: KERNEL32.dll:
0x10948638 LocalAlloc
0x1094863c LocalFree
0x10948640 GetModuleFileNameW
0x10948644 GetProcessAffinityMask
0x10948648 SetProcessAffinityMask
0x1094864c SetThreadAffinityMask
0x10948650 Sleep
0x10948654 ExitProcess
0x10948658 FreeLibrary
0x1094865c LoadLibraryA
0x10948660 GetModuleHandleA
0x10948664 GetProcAddress
库: USER32.dll:

导出

序列 地址 名称
1 0x1001cc90
.text
`.rdata
@.data
.ddata0
`.ddata1
`.reloc
@.rsrc
AreFileApisANSI
WriteProcessMemory
SetFilePointer
TlsAlloc
GetProcessAffinityMask
InterlockedIncrement
EnumResourceLanguagesW
DeviceIoControl
GetEnvironmentVariableA
VirtualFree
ChangeTimerQueueTimer
UnhandledExceptionFilter
SwitchToThread
FreeLibrary
GetSystemTimeAsFileTime
WTSAPI32.dll
CoCreateInstance
RegCloseKey
SetLastError
GetProcAddress
CoSetProxyBlanket
SetUnhandledExceptionFilter
EncodePointer
GetComputerNameA
ReleaseSemaphore
VirtualProtect
GetACP
SuspendThread
VirtualQuery
FreeEnvironmentStringsW
EnumDisplayDevicesA
GdipFillRectangleI
GetProcessAffinityMask
SetThreadAffinityMask
TlsGetValue
StartServiceA
SetEvent
LCMapStringA
InitializeCriticalSectionAndSpinCount
PostQueuedCompletionStatus
SuspendThread
GetThreadContext
GetCurrentDirectoryW
SetLastError
urlmon.dll
TlsSetValue
SetProcessAffinityMask
iphlpapi.dll
LCMapStringW
SetHandleCount
WideCharToMultiByte
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20180310
MicroWorld-eScan 未发现病毒 20180311
nProtect 未发现病毒 20180311
CMC 未发现病毒 20180311
CAT-QuickHeal 未发现病毒 20180310
McAfee 未发现病毒 20180311
Cylance 未发现病毒 20180311
VIPRE 未发现病毒 20180311
K7AntiVirus 未发现病毒 20180311
K7GW 未发现病毒 20180310
TheHacker 未发现病毒 20180307
TrendMicro 未发现病毒 20180311
Baidu 未发现病毒 20180309
F-Prot 未发现病毒 20180311
Symantec 未发现病毒 20180310
TotalDefense 未发现病毒 20180310
TrendMicro-HouseCall 未发现病毒 20180311
Avast 未发现病毒 20180311
ClamAV 未发现病毒 20180311
Kaspersky 未发现病毒 20180311
BitDefender 未发现病毒 20180311
NANO-Antivirus 未发现病毒 20180311
ViRobot 未发现病毒 20180310
AegisLab 未发现病毒 20180311
Rising 未发现病毒 20180311
Endgame 未发现病毒 20180308
Emsisoft 未发现病毒 20180311
Comodo 未发现病毒 20180311
F-Secure 未发现病毒 20180308
DrWeb 未发现病毒 20180311
Zillya 未发现病毒 20180309
Invincea 未发现病毒 20180121
McAfee-GW-Edition 未发现病毒 20180311
Sophos 未发现病毒 20180310
Ikarus 未发现病毒 20180310
Cyren 未发现病毒 20180311
Jiangmin 未发现病毒 20180311
ALYac 未发现病毒 20180311
Webroot 未发现病毒 20180311
Avira 未发现病毒 20180310
Fortinet 未发现病毒 20180311
Antiy-AVL 未发现病毒 20180311
Kingsoft 未发现病毒 20180311
Arcabit 未发现病毒 20180309
SUPERAntiSpyware 未发现病毒 20180310
ZoneAlarm 未发现病毒 20180311
Avast-Mobile 未发现病毒 20180310
Microsoft 未发现病毒 20180311
AhnLab-V3 未发现病毒 20180310
VBA32 未发现病毒 20180307
AVware 未发现病毒 20180311
MAX 未发现病毒 20180311
Ad-Aware 未发现病毒 20180311
Malwarebytes 未发现病毒 20180311
WhiteArmor 未发现病毒 20180223
Panda 未发现病毒 20180310
Zoner 未发现病毒 20180311
ESET-NOD32 未发现病毒 20180311
Tencent 未发现病毒 20180311
Yandex 未发现病毒 20180308
SentinelOne 未发现病毒 20180225
eGambit 未发现病毒 20180311
GData 未发现病毒 20180311
AVG 未发现病毒 20180311
Paloalto 未发现病毒 20180311
CrowdStrike 未发现病毒 20170201

进程树


rundll32.exe, PID: 700, 上一级进程 PID: 272

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.96.10.73 中国
117.18.237.29 亚洲太平洋地区

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 101.96.10.73 80
192.168.122.201 49158 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 49164 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 49162 205.197.140.145 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59793 192.168.122.1 53
192.168.122.201 60316 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 101.96.10.73 80
192.168.122.201 49158 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 49164 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 49162 205.197.140.145 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 59793 192.168.122.1 53
192.168.122.201 60316 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEALE0eWKSmgMVo2jBH5%2BTV8%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEALE0eWKSmgMVo2jBH5%2BTV8%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRm%2FrYSaqNr0YBIv29H4pMHhv2XmQQUl0gD6xUIa7myWCPMlC7xxmXSZI4CEAbjDLmGOieH%2FRnXGniJRSQ%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRm%2FrYSaqNr0YBIv29H4pMHhv2XmQQUl0gD6xUIa7myWCPMlC7xxmXSZI4CEAbjDLmGOieH%2FRnXGniJRSQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

URL专业沙箱检测 -> http://101.96.10.73/crl.microsoft.com/pki/crl/products/tspca.crl
GET /crl.microsoft.com/pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: 101.96.10.73

URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT
If-None-Match: "59aa882b-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 19.872 seconds )

  • 7.301 Suricata
  • 5.064 TargetInfo
  • 3.253 Static
  • 2.215 VirusTotal
  • 1.29 NetworkAnalysis
  • 0.336 peid
  • 0.29 AnalysisInfo
  • 0.062 BehaviorAnalysis
  • 0.038 Debug
  • 0.011 config_decoder
  • 0.01 Strings
  • 0.002 Memory

Signatures ( 1.538 seconds )

  • 1.366 md_url_bl
  • 0.078 md_bad_drop
  • 0.016 antiav_detectreg
  • 0.007 infostealer_ftp
  • 0.006 antiav_detectfile
  • 0.006 md_domain_bl
  • 0.005 persistence_autorun
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.004 ransomware_files
  • 0.003 stealth_timeout
  • 0.003 antianalysis_detectreg
  • 0.003 infostealer_mail
  • 0.003 ransomware_extensions
  • 0.002 tinba_behavior
  • 0.002 api_spamming
  • 0.002 decoy_document
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 network_http
  • 0.002 network_torgateway
  • 0.001 rat_nanocore
  • 0.001 injection_createremotethread
  • 0.001 betabot_behavior
  • 0.001 mimics_filetime
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_disk
  • 0.001 cerber_behavior
  • 0.001 antivm_parallels_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security

Reporting ( 0.83 seconds )

  • 0.425 Malheur
  • 0.405 ReportHTMLSummary
Task ID 141236
Mongo ID 5ab509b2a093ef2d69bd3458
Cuckoo release 1.4-Maldun