分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp03-2 | 2018-03-23 22:07:43 | 2018-03-23 22:10:35 | 172 秒 |
文件名 | muaway.exe |
---|---|
文件大小 | 7477728 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 129fa84fa8f2c56d345bfeecb8f89cd6 |
SHA1 | ac3d148bfcd2124a7a0194cc01e7943c3eef31c7 |
SHA256 | d0761666dc29d666450cd92bdf7bd86b19092e7e82f03b979dc9cb86086d049e |
SHA512 | 36ae9a6fe79b3f53a78f26304aec0539c34944b9c776c8507c89a618026422ea2f59287cc6b18f18b6df3c175a815e6e9c1fb5c950778be7df7d62940722f9b6 |
CRC32 | 789AD295 |
Ssdeep | 196608:X0i4/uAt+S+nAX8AnVip8lrmtdArMbrUzqLrGOG:EiIuAt+S+nAFnViWlEArX4rXG |
Yara | 登录查看Yara规则 |
样本下载 提交漏报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 23.59.133.163 | 美国 |
域名 | 安全评级 | 响应 |
---|---|---|
s.symcd.com |
CNAME ocsp-ds.ws.symantec.com.edgekey.net CNAME e8218.dscb1.akamaiedge.net A 23.5.251.27 |
|
sw.symcb.com |
A 23.59.133.163 CNAME e6845.dscb1.akamaiedge.net CNAME crl-ds.ws.symantec.com.edgekey.net |
|
ocsp.digicert.com |
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x03c6bea6 |
声明校验值 | 0x0072308d |
实际校验值 | 0x0072308d |
最低操作系统版本要求 | 5.1 |
编译时间 | 2018-02-16 20:28:59 |
载入哈希 | ca113a744d665b1f2a67ca075f6ce91a |
图标 | |
图标精确哈希值 | ddb9a1aa9dc4b2cd810c2c55194a735f |
图标相似性哈希值 | 8b0c8868c1dfd3e1013811d79855fa81 |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
782674334b26a4d40c002612ccf663b3edfb81b2 | Fri Feb 16 22:14:20 2018 | 无 |
证书链 | Certificate Chain 1 |
发行给 | VeriSign Class 3 Public Primary Certification Authority - G5 |
发行人 | VeriSign Class 3 Public Primary Certification Authority - G5 |
有效期 | Thu Jul 17 075959 2036 |
SHA1 哈希 | 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5 |
证书链 | Certificate Chain 2 |
发行给 | Symantec Class 3 Extended Validation Code Signing CA - G2 |
发行人 | VeriSign Class 3 Public Primary Certification Authority - G5 |
有效期 | Mon Mar 04 075959 2024 |
SHA1 哈希 | 5b8f88c80a73d35f76cd412a9e74e916594dfa67 |
证书链 | Certificate Chain 3 |
发行给 | Btra Away Ltda - ME |
发行人 | Symantec Class 3 Extended Validation Code Signing CA - G2 |
有效期 | Thu Oct 04 075959 2018 |
SHA1 哈希 | e6742fbec35f3ba570e239bc6a4199ca7e08b4e9 |
证书链 | Timestamp Chain 1 |
发行给 | Thawte Timestamping CA |
发行人 | Thawte Timestamping CA |
有效期 | Fri Jan 01 075959 2021 |
SHA1 哈希 | be36a4562fb2ee05dbb3d32323adf445084ed656 |
证书链 | Timestamp Chain 2 |
发行给 | Symantec Time Stamping Services CA - G2 |
发行人 | Thawte Timestamping CA |
有效期 | Thu Dec 31 075959 2020 |
SHA1 哈希 | 6c07453ffdda08b83707c09b82fb3d15f35336b1 |
证书链 | Timestamp Chain 3 |
发行给 | Symantec Time Stamping Services Signer - G4 |
发行人 | Symantec Time Stamping Services CA - G2 |
有效期 | Wed Dec 30 075959 2020 |
SHA1 哈希 | 65439929b67973eb192d6ff243e6767adf0834e4 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x004097dc | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
.rdata | 0x0040b000 | 0x000a606c | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
.data | 0x004b2000 | 0x029faa08 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
_RDATA | 0x02ead000 | 0x000005e0 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
.ddata0 | 0x02eae000 | 0x00481f71 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
.ddata1 | 0x03330000 | 0x006c4ab0 | 0x006c4c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.97 |
.rsrc | 0x039f5000 | 0x0005abd9 | 0x0005ac00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.55 |
偏移量 | 0x0071fc00 |
大小 | 0x00001de0 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x03a0d728 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.54 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 4281743676, next used block 4280033057 |
RT_ICON | 0x03a0d728 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.54 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 4281743676, next used block 4280033057 |
RT_ICON | 0x03a0d728 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.54 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 4281743676, next used block 4280033057 |
RT_ICON | 0x03a0d728 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.54 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 4281743676, next used block 4280033057 |
RT_ICON | 0x03a0d728 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.54 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 4281743676, next used block 4280033057 |
RT_ICON | 0x03a0d728 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 6.54 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 4281743676, next used block 4280033057 |
RT_GROUP_ICON | 0x03a4f750 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.77 | MS Windows icon resource - 6 icons, 16x16 |
RT_VERSION | 0x03a4f7ac | 0x000002b0 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.37 | data |
RT_MANIFEST | 0x03a4fa5c | 0x0000017d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | XML 1.0 document text |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20180314 |
MicroWorld-eScan | 未发现病毒 | 20180314 |
nProtect | 未发现病毒 | 20180314 |
CMC | 未发现病毒 | 20180314 |
CAT-QuickHeal | 未发现病毒 | 20180314 |
McAfee | 未发现病毒 | 20180314 |
Cylance | Unsafe | 20180314 |
Zillya | 未发现病毒 | 20180314 |
AegisLab | 未发现病毒 | 20180314 |
K7AntiVirus | 未发现病毒 | 20180314 |
K7GW | 未发现病毒 | 20180314 |
TheHacker | 未发现病毒 | 20180311 |
Arcabit | 未发现病毒 | 20180314 |
Baidu | 未发现病毒 | 20180314 |
Cyren | 未发现病毒 | 20180314 |
Symantec | 未发现病毒 | 20180314 |
ESET-NOD32 | 未发现病毒 | 20180314 |
TrendMicro-HouseCall | 未发现病毒 | 20180314 |
Paloalto | 未发现病毒 | 20180314 |
ClamAV | 未发现病毒 | 20180314 |
Kaspersky | 未发现病毒 | 20180314 |
BitDefender | 未发现病毒 | 20180314 |
NANO-Antivirus | 未发现病毒 | 20180314 |
SUPERAntiSpyware | 未发现病毒 | 20180314 |
Rising | 未发现病毒 | 20180314 |
Ad-Aware | 未发现病毒 | 20180314 |
Emsisoft | 未发现病毒 | 20180314 |
Comodo | 未发现病毒 | 20180314 |
F-Secure | 未发现病毒 | 20180314 |
DrWeb | 未发现病毒 | 20180314 |
VIPRE | 未发现病毒 | 20180314 |
Invincea | heuristic | 20180121 |
McAfee-GW-Edition | 未发现病毒 | 20180314 |
Sophos | 未发现病毒 | 20180314 |
Ikarus | 未发现病毒 | 20180314 |
F-Prot | 未发现病毒 | 20180314 |
Jiangmin | 未发现病毒 | 20180314 |
Webroot | 未发现病毒 | 20180314 |
Avira | 未发现病毒 | 20180314 |
Antiy-AVL | 未发现病毒 | 20180314 |
Kingsoft | 未发现病毒 | 20180314 |
Microsoft | 未发现病毒 | 20180314 |
Endgame | 未发现病毒 | 20180308 |
ViRobot | 未发现病毒 | 20180314 |
ZoneAlarm | 未发现病毒 | 20180314 |
Avast-Mobile | 未发现病毒 | 20180313 |
GData | 未发现病毒 | 20180314 |
AhnLab-V3 | 未发现病毒 | 20180314 |
ALYac | 未发现病毒 | 20180314 |
AVware | 未发现病毒 | 20180314 |
MAX | 未发现病毒 | 20180314 |
VBA32 | 未发现病毒 | 20180314 |
Malwarebytes | 未发现病毒 | 20180314 |
WhiteArmor | 未发现病毒 | 20180223 |
Panda | 未发现病毒 | 20180313 |
Zoner | 未发现病毒 | 20180314 |
Tencent | 未发现病毒 | 20180314 |
Yandex | 未发现病毒 | 20180314 |
SentinelOne | 未发现病毒 | 20180225 |
eGambit | 未发现病毒 | 20180314 |
Fortinet | 未发现病毒 | 20180314 |
AVG | 未发现病毒 | 20180314 |
Avast | 未发现病毒 | 20180314 |
CrowdStrike | 未发现病毒 | 20170201 |
Qihoo-360 | 未发现病毒 | 20180314 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 117.18.237.29 | 亚洲太平洋地区 | |
否 | 23.59.133.163 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49165 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49164 | 210.65.144.162 | 80 |
192.168.122.202 | 49158 | 23.5.251.27 s.symcd.com | 80 |
192.168.122.202 | 49159 | 23.5.251.27 s.symcd.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49866 | 192.168.122.1 | 53 |
192.168.122.202 | 56444 | 192.168.122.1 | 53 |
192.168.122.202 | 63596 | 192.168.122.1 | 53 |
192.168.122.202 | 63623 | 192.168.122.1 | 53 |
192.168.122.202 | 64002 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
s.symcd.com |
CNAME ocsp-ds.ws.symantec.com.edgekey.net CNAME e8218.dscb1.akamaiedge.net A 23.5.251.27 |
|
sw.symcb.com |
A 23.59.133.163 CNAME e6845.dscb1.akamaiedge.net CNAME crl-ds.ws.symantec.com.edgekey.net |
|
ocsp.digicert.com |
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49165 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49164 | 210.65.144.162 | 80 |
192.168.122.202 | 49158 | 23.5.251.27 s.symcd.com | 80 |
192.168.122.202 | 49159 | 23.5.251.27 s.symcd.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49866 | 192.168.122.1 | 53 |
192.168.122.202 | 56444 | 192.168.122.1 | 53 |
192.168.122.202 | 63596 | 192.168.122.1 | 53 |
192.168.122.202 | 63623 | 192.168.122.1 | 53 |
192.168.122.202 | 64002 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: s.symcd.com |
URL专业沙箱检测 -> http://sw.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSbgiNwvmjR4M%2B9oE39sZR%2FxyzMPwQUFmbeSjTjUKcRhgOxbKnGrM1ZbpsCEDRXk6jA0NZpDTefR%2FGum8A%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSbgiNwvmjR4M%2B9oE39sZR%2FxyzMPwQUFmbeSjTjUKcRhgOxbKnGrM1ZbpsCEDRXk6jA0NZpDTefR%2FGum8A%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: sw.symcd.com |
URL专业沙箱检测 -> http://sw.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSbgiNwvmjR4M%2B9oE39sZR%2FxyzMPwQUFmbeSjTjUKcRhgOxbKnGrM1ZbpsCEDRXk6jA0NZpDTefR%2FGum8A%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSbgiNwvmjR4M%2B9oE39sZR%2FxyzMPwQUFmbeSjTjUKcRhgOxbKnGrM1ZbpsCEDRXk6jA0NZpDTefR%2FGum8A%3D HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: sw.symcd.com |
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT If-None-Match: "59aa882b-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 141242 |
---|---|
Mongo ID | 5ab50b08a093ef2d6ebd3107 |
Cuckoo release | 1.4-Maldun |