比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-1 2018-03-24 01:15:59 2018-03-24 01:18:19 140 秒

魔盾分数

10.0

Chindo病毒

文件详细信息

文件名 Setupjike.exe`
文件大小 5164712 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 6840a4e6811e10bb1ad49875e0240eea
SHA1 f505f850209c8762d4769be0c7ba8dfa3c2b1b8f
SHA256 c452646ce79da928d36eee19e3b4a52d9fb88b5dccf52f1d2d2c95a2bd1ba97a
SHA512 be2d20efb984a3860a40f9f97d1ed20ae36b072b6892ba6e0495818aec88f59f24f01242c7072cfd8b0bf555356f7035c50a7577fbec089c2cfba7b8e46399b8
CRC32 624F81D0
Ssdeep 98304:UTe95ZYaMZGJWEh6cumkgIZWcvuAMQCSljg+jXRdfUdHBY:GHZ6WcN8ZIAMQtljxjfY
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
106.11.250.81 中国
117.18.237.29 亚洲太平洋地区
140.205.158.4 中国
58.215.145.188 中国
58.216.106.210 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
config.myjhxl.com CNAME config.myjhxl.com.cdn.dnsv1.com
CNAME 876007.p23.tc.cdntip.com
A 180.101.217.205
A 180.101.217.192
CNAME config.myjhxl.com.c.cdnhwc1.com
A 221.228.218.203
A 58.216.106.210
A 221.228.219.107
A 58.216.106.208
A 221.228.219.71
A 221.228.218.214
A 180.101.217.119
A 180.101.217.117
A 180.101.217.196
s19.cnzz.com CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com
A 58.215.145.188
ocsp.globalsign.com A 58.211.137.192
CNAME global.prd.cdn.globalsign.com
CNAME cdn.globalsigncdn.com.cdn.cloudflare.net
crl.globalsign.com
z8.cnzz.com A 140.205.60.79
CNAME z.cnzz.com
A 140.205.158.4
A 140.205.136.1
A 140.205.218.72
A 140.205.61.85
CNAME z.gds.cnzz.com
A 140.205.218.67
c.cnzz.com
cnzz.mmstat.com A 106.11.250.81
CNAME gm.gds.mmstat.com
CNAME gm.mmstat.com
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00490884
声明校验值 0x004f4868
实际校验值 0x004f4868
最低操作系统版本要求 5.1
PDB路径 E:\CPlusProject\trunk\SetupNew\Release\SetupNew.pdb
编译时间 2017-10-09 13:50:31
载入哈希 715af927052c475bc07f6c09989a378d
图标
图标精确哈希值 75e337e9be39d53188d809978cff151f
图标相似性哈希值 4a35b82199017a334171f2e445822c20

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
8809ca3422a99f019ad29b272387085e6d8b339e Mon Oct 09 13:50:47 2017
WinVerifyTrust returned error 0x800B010A
证书链 Certificate Chain 1
发行给 Certification Authority of WoSign
发行人 Microsoft Code Verification Root
有效期 Wed Apr 30 011211 2025
SHA1 哈希 b74827e3d6bf9dffd85111680688244db8c269fe
证书链 Certificate Chain 2
发行给 WoSign Class 3 Code Signing CA G2
发行人 Certification Authority of WoSign
有效期 Thu Nov 08 085858 2029
SHA1 哈希 fdf066448e05e060b1b14e542f6de002b59b0c71
证书链 Certificate Chain 3
发行给 Chongqing Jinghua Xulian Technology Co., Ltd.
发行人 WoSign Class 3 Code Signing CA G2
有效期 Fri Dec 15 163614 2017
SHA1 哈希 200914618e8ee10b755429ba56182972ba4edd40
证书链 Timestamp Chain 1
发行给 Thawte Timestamping CA
发行人 Thawte Timestamping CA
有效期 Fri Jan 01 075959 2021
SHA1 哈希 be36a4562fb2ee05dbb3d32323adf445084ed656
证书链 Timestamp Chain 2
发行给 Symantec Time Stamping Services CA - G2
发行人 Thawte Timestamping CA
有效期 Thu Dec 31 075959 2020
SHA1 哈希 6c07453ffdda08b83707c09b82fb3d15f35336b1
证书链 Timestamp Chain 3
发行给 Symantec Time Stamping Services Signer - G4
发行人 Symantec Time Stamping Services CA - G2
有效期 Wed Dec 30 075959 2020
SHA1 哈希 65439929b67973eb192d6ff243e6767adf0834e4

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0015733b 0x00157400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.50
.rdata 0x00159000 0x0005209a 0x00052200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.21
.data 0x001ac000 0x00028084 0x00009400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.60
.rsrc 0x001d5000 0x0005278c 0x00052800 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.77
.reloc 0x00228000 0x00013ff0 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 6.47

覆盖

偏移量 0x00219600
大小 0x002d38a8

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
IMG 0x001fc8c4 0x00000606 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.93 PNG image data, 281 x 20, 8-bit/color RGBA, non-interlaced
LAYOUT 0x001fe548 0x000004ef LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.98 UTF-8 Unicode (with BOM) text, with CRLF line terminators
LAYOUT 0x001fe548 0x000004ef LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.98 UTF-8 Unicode (with BOM) text, with CRLF line terminators
LAYOUT 0x001fe548 0x000004ef LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.98 UTF-8 Unicode (with BOM) text, with CRLF line terminators
LAYOUT 0x001fe548 0x000004ef LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.98 UTF-8 Unicode (with BOM) text, with CRLF line terminators
LAYOUT 0x001fe548 0x000004ef LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.98 UTF-8 Unicode (with BOM) text, with CRLF line terminators
LAYOUT 0x001fe548 0x000004ef LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.98 UTF-8 Unicode (with BOM) text, with CRLF line terminators
LAYOUT 0x001fe548 0x000004ef LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.98 UTF-8 Unicode (with BOM) text, with CRLF line terminators
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
PNG 0x00213c08 0x0000050f LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.74 PNG image data, 13 x 85, 8-bit/color RGBA, non-interlaced
UIDEF 0x002145a8 0x000002c6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.19 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
UIDEF 0x002145a8 0x000002c6 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.19 XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
VALUES 0x00214d38 0x00000070 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.59 XML 1.0 document, ASCII text, with CRLF line terminators
VALUES 0x00214d38 0x00000070 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.59 XML 1.0 document, ASCII text, with CRLF line terminators
VALUES 0x00214d38 0x00000070 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 4.59 XML 1.0 document, ASCII text, with CRLF line terminators
XML 0x002155a0 0x00000a48 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.35 ASCII text, with CRLF line terminators
XML 0x002155a0 0x00000a48 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.35 ASCII text, with CRLF line terminators
XML 0x002155a0 0x00000a48 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 5.35 ASCII text, with CRLF line terminators
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_ICON 0x00226e6c 0x00000468 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.23 GLS_BINARY_LSB_FIRST
RT_GROUP_ICON 0x002272d4 0x000000bc LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.12 MS Windows icon resource - 13 icons, 32x32, 16 colors
RT_VERSION 0x00227390 0x00000294 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.56 data
RT_MANIFEST 0x00227624 0x00000165 LANG_ENGLISH SUBLANG_ENGLISH_US 4.78 ASCII text, with CRLF line terminators

导入

库: KERNEL32.dll:
0x55912c GetFileType
0x559130 DuplicateHandle
0x559134 GetTempFileNameA
0x559138 GetCommandLineW
0x55913c GetModuleFileNameW
0x559144 GetFileAttributesW
0x559148 HeapDestroy
0x559150 HeapCreate
0x559154 LockResource
0x559158 LoadResource
0x55915c SizeofResource
0x559160 FindResourceW
0x559164 FreeResource
0x559168 GetFullPathNameW
0x55916c GetModuleHandleA
0x559170 MulDiv
0x559174 LoadLibraryW
0x559178 GetTickCount
0x55917c GetVersionExA
0x559184 VirtualProtect
0x559188 LoadLibraryA
0x55918c GetThreadLocale
0x559190 SetLastError
0x559194 lstrlenW
0x559198 IsBadReadPtr
0x55919c GetProcessHeap
0x5591a0 HeapFree
0x5591a4 HeapAlloc
0x5591a8 FreeLibrary
0x5591ac WinExec
0x5591b0 GetDiskFreeSpaceExA
0x5591b4 MoveFileA
0x5591c0 OutputDebugStringW
0x5591c4 ExitProcess
0x5591c8 GetTempPathA
0x5591cc GetCurrentProcessId
0x5591d4 FindNextFileW
0x5591d8 ResetEvent
0x5591dc FindNextFileA
0x5591e0 Process32NextW
0x5591e4 Process32FirstW
0x5591e8 GetLocalTime
0x5591ec FindClose
0x5591f0 RemoveDirectoryA
0x5591f4 GetProcAddress
0x5591f8 GlobalAlloc
0x5591fc GlobalLock
0x559200 GlobalUnlock
0x559204 LocalFree
0x559210 SetFileTime
0x559214 SetEndOfFile
0x559218 GetDriveTypeW
0x55921c WriteConsoleW
0x559220 IsValidLocale
0x559224 EnumSystemLocalesA
0x559228 GetLocaleInfoA
0x55922c GetUserDefaultLCID
0x559230 SetStdHandle
0x559240 PeekNamedPipe
0x559248 GetFullPathNameA
0x55924c InterlockedExchange
0x559254 FlushFileBuffers
0x559258 FatalAppExitA
0x55925c SetHandleCount
0x559260 GetConsoleMode
0x559264 GetConsoleCP
0x559268 GetStringTypeW
0x559270 HeapSize
0x559274 LCMapStringW
0x55927c RaiseException
0x559280 GetLocaleInfoW
0x559284 IsValidCodePage
0x559288 GetOEMCP
0x55928c GetACP
0x559290 GetCPInfo
0x559294 GetCurrentThread
0x559298 TlsFree
0x55929c TlsSetValue
0x5592a0 TlsGetValue
0x5592a4 TlsAlloc
0x5592ac GetStdHandle
0x5592b0 IsDebuggerPresent
0x5592bc RtlUnwind
0x5592c0 GetStartupInfoW
0x5592c4 HeapSetInformation
0x5592c8 ResumeThread
0x5592cc FindFirstFileExA
0x5592d0 GetDriveTypeA
0x5592dc GetFileAttributesA
0x5592e0 HeapReAlloc
0x5592e8 GetDateFormatA
0x5592ec GetTimeFormatA
0x5592f0 EncodePointer
0x5592f4 DecodePointer
0x5592f8 CreateThread
0x5592fc GetCurrentThreadId
0x559300 ExitThread
0x559304 CreateDirectoryW
0x559308 GetCurrentProcess
0x55930c CompareStringW
0x559310 ReleaseSemaphore
0x559318 FindFirstFileA
0x55931c TerminateProcess
0x559320 OpenProcess
0x559324 FindFirstFileW
0x559328 DeleteFileA
0x55932c SetFileAttributesW
0x559330 GetModuleFileNameA
0x559334 CreateFileMappingW
0x559338 GetModuleHandleW
0x55933c MapViewOfFile
0x559340 MultiByteToWideChar
0x559344 FormatMessageW
0x559348 WideCharToMultiByte
0x55934c DeleteFileW
0x559350 GetTempPathW
0x559354 Sleep
0x559358 CreateProcessW
0x55935c lstrcmpW
0x559368 CreateEventW
0x559370 CreateFileA
0x559374 SetEvent
0x559378 WaitForSingleObject
0x559388 GetVersionExW
0x55938c VirtualAlloc
0x559390 VirtualFree
0x559394 CloseHandle
0x559398 GetLastError
0x55939c CreateFileW
0x5593a0 ReadFile
0x5593a4 WriteFile
0x5593a8 SetFilePointer
0x5593ac GetFileSize
0x5593b0 CreateSemaphoreW
0x5593b4 lstrlenA
库: USER32.dll:
0x55943c SendMessageW
0x559440 wsprintfW
0x559444 ShowWindow
0x559448 PostMessageW
0x55944c GetWindow
0x559450 GetMonitorInfoW
0x559454 MapWindowPoints
0x559458 MessageBoxW
0x55945c SetWindowPos
0x559460 MonitorFromWindow
0x559464 GetWindowLongW
0x559468 GetClientRect
0x55946c GetWindowRect
0x559470 DestroyWindow
0x559474 MessageBoxA
0x559478 DestroyCursor
0x55947c GetFocus
0x559480 GetParent
0x559484 TranslateMessage
0x559488 GetMessageW
0x55948c PeekMessageW
0x559490 PtInRect
0x559494 IsRectEmpty
0x559498 IsWindow
0x55949c DefWindowProcW
0x5594a0 SetFocus
0x5594a4 InvertRect
0x5594a8 FillRect
0x5594ac DrawIconEx
0x5594b0 GetActiveWindow
0x5594b4 IsWindowVisible
0x5594b8 CopyRect
0x5594bc SetRect
0x5594c0 GetDesktopWindow
0x5594c4 IsWindowEnabled
0x5594c8 SetActiveWindow
0x5594cc EqualRect
0x5594d0 InflateRect
0x5594d4 IntersectRect
0x5594d8 UnionRect
0x5594dc SetCursor
0x5594e0 SetTimer
0x5594e4 KillTimer
0x5594e8 DestroyIcon
0x5594ec UpdateWindow
0x5594f0 SetWindowLongW
0x5594f4 InvalidateRect
0x5594f8 ScreenToClient
0x5594fc GetDC
0x559500 ReleaseDC
0x559504 SetCapture
0x559508 SetWindowTextW
0x55950c IsIconic
0x559510 GetCursorPos
0x559514 ReleaseCapture
0x559518 GetCapture
0x55951c HideCaret
0x559520 CreateCaret
0x559524 GetCaretBlinkTime
0x559528 SetCaretPos
0x55952c IsZoomed
0x559530 AnimateWindow
0x559534 TrackMouseEvent
0x559538 DispatchMessageW
0x55953c EnableWindow
0x559540 LoadCursorW
0x559544 UpdateLayeredWindow
0x559548 IsMenu
0x55954c AppendMenuW
0x559550 CreatePopupMenu
0x559554 GetSubMenu
0x559558 DestroyMenu
0x55955c SetForegroundWindow
0x559560 TrackPopupMenu
0x559564 InsertMenuW
0x559568 GetMenuItemCount
0x55956c GetMenuItemInfoW
0x559570 MapVirtualKeyA
0x559574 CharLowerBuffW
0x559578 DrawTextW
0x559580 GetWindowPlacement
0x559584 GetSystemMetrics
0x559588 LoadIconW
0x55958c EnableMenuItem
0x559590 GetKeyState
0x559594 GetSysColor
0x559598 ClientToScreen
0x5595a0 LoadImageW
0x5595a4 LoadBitmapW
0x5595a8 GetIconInfo
0x5595ac CharNextW
0x5595b0 OffsetRect
0x5595b4 RegisterClassExW
0x5595b8 CreateWindowExW
0x5595bc CallWindowProcW
0x5595c0 GetDlgItem
0x5595c4 UnregisterClassW
0x5595cc BeginPaint
0x5595d0 EndPaint
0x5595d4 PostQuitMessage
0x5595d8 GetClassNameW
库: GDI32.dll:
0x559054 SetViewportOrgEx
0x559058 StretchBlt
0x55905c CreateSolidBrush
0x559060 Rectangle
0x559064 SetBkMode
0x559068 GetStockObject
0x55906c GetObjectW
0x559070 CreateFontIndirectW
0x559074 GetClipBox
0x559078 GetDCOrgEx
0x55907c CreateRoundRectRgn
0x559080 CreateBitmap
0x559084 CreateCompatibleDC
0x559088 SelectObject
0x55908c DeleteDC
0x559090 GetDeviceCaps
0x559094 SetGraphicsMode
0x559098 EnumFontsW
0x55909c DeleteObject
0x5590a0 BitBlt
0x5590a4 CreateDIBSection
0x5590a8 CombineRgn
0x5590ac PtInRegion
0x5590b0 RectInRegion
0x5590b4 GetRgnBox
0x5590b8 OffsetRgn
0x5590bc SetRectRgn
0x5590c0 SetTextColor
0x5590c4 GetTextColor
0x5590c8 ExtSelectClipRgn
0x5590cc SaveDC
0x5590d4 RestoreDC
0x5590d8 ExcludeClipRect
0x5590dc IntersectClipRect
0x5590e0 CreateRectRgn
0x5590e8 RoundRect
0x5590ec Ellipse
0x5590f0 SetWorldTransform
0x5590f4 GetWorldTransform
0x5590f8 Polyline
0x5590fc Arc
0x559100 Pie
0x559104 CreatePen
0x559108 CreatePatternBrush
0x55910c GetClipRgn
0x559110 GetViewportOrgEx
0x559114 GetCurrentObject
库: ADVAPI32.dll:
0x559000 RegSetValueExA
0x559004 RegEnumKeyExA
0x559008 RegDeleteKeyA
0x55900c RegQueryInfoKeyW
0x559010 RegQueryValueExA
0x559014 RegSetValueExW
0x559018 RegEnumKeyExW
0x55901c RegOpenKeyExW
0x559020 RegDeleteValueW
0x559024 RegSaveKeyW
0x559028 RegDeleteKeyW
0x55902c RegQueryValueExW
0x559030 RegCreateKeyExW
0x559034 RegRestoreKeyW
0x559038 RegCloseKey
0x55903c RegCreateKeyExA
0x559040 RegEnumKeyA
0x559044 RegOpenKeyExA
库: SHELL32.dll:
0x559410 ShellExecuteW
0x559414 CommandLineToArgvW
0x559418 SHBrowseForFolderW
0x55941c ShellExecuteA
库: ole32.dll:
0x5596c0 CreateBindCtx
0x5596c4 OleLockRunning
0x5596c8 CLSIDFromString
0x5596cc CLSIDFromProgID
0x5596d4 OleInitialize
0x5596d8 CoInitialize
0x5596dc CoUninitialize
0x5596e0 CoCreateInstance
0x5596e4 OleUninitialize
库: OLEAUT32.dll:
0x5593d4 SysAllocStringLen
0x5593d8 VariantInit
0x5593dc VariantClear
0x5593e0 CreateErrorInfo
0x5593e4 SysStringLen
0x5593e8 VariantChangeType
0x5593ec GetErrorInfo
0x5593f0 SysFreeString
0x5593f4 SysAllocString
0x5593f8 SysStringByteLen
0x5593fc SetErrorInfo
库: SHLWAPI.dll:
0x55942c PathFileExistsA
0x559430 None
0x559434 StrToIntExW
库: NETAPI32.dll:
0x5593c8 Netbios
库: WININET.dll:
0x5595e0 HttpQueryInfoA
0x5595e4 InternetConnectA
0x5595e8 InternetCrackUrlA
0x5595ec InternetReadFile
0x5595f0 InternetSetOptionA
0x5595f4 HttpQueryInfoW
0x5595f8 HttpOpenRequestA
0x5595fc HttpSendRequestA
0x559600 InternetOpenA
0x559604 InternetCloseHandle
0x559608 InternetReadFileExA
0x559618 FindCloseUrlCache
库: WS2_32.dll:
0x559620 send
0x559624 gethostbyname
0x559628 closesocket
0x55962c socket
0x559630 recv
0x559634 WSACleanup
0x559638 setsockopt
0x55963c htons
0x559640 WSAStartup
0x559644 connect
库: PSAPI.DLL:
库: imagehlp.dll:
库: IMM32.dll:
0x55911c ImmReleaseContext
0x559120 ImmGetContext
库: gdiplus.dll:
0x559650 GdiplusStartup
0x559654 GdipFree
0x559658 GdipAlloc
0x55965c GdipDeleteGraphics
0x559660 GdipDisposeImage
0x559664 GdipSaveImageToFile
0x559668 GdipGetImageWidth
0x55966c GdipGetImageHeight
0x55967c GdipGetPropertyItem
0x559694 GdipBitmapLockBits
0x5596a4 GdipGraphicsClear
0x5596a8 GdipDrawImageRectI
0x5596ac GdiplusShutdown
0x5596b0 GdipCloneImage
库: MSIMG32.dll:
0x5593bc GradientFill
0x5593c0 AlphaBlend
.text
`.rdata
@.data
.rsrc
@.reloc
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20180317
MicroWorld-eScan Trojan.GenericKD.30427525 20180319
nProtect 未发现病毒 20180319
CMC 未发现病毒 20180319
CAT-QuickHeal Trojan.IGENERIC 20180319
McAfee Artemis!6840A4E6811E 20180319
Cylance 未发现病毒 20180319
Zillya 未发现病毒 20180316
AegisLab 未发现病毒 20180319
TheHacker 未发现病毒 20180319
K7GW Trojan-Downloader ( 005222451 ) 20180319
K7AntiVirus Trojan-Downloader ( 005222451 ) 20180319
Arcabit Trojan.Generic.D1D04985 20180319
Invincea 未发现病毒 20180121
Baidu 未发现病毒 20180319
F-Prot 未发现病毒 20180319
Symantec Trojan.Gen.2 20180319
ESET-NOD32 Win32/TrojanDownloader.Chindo.D 20180319
TrendMicro-HouseCall Suspicious_GEN.F47V0209 20180319
Paloalto 未发现病毒 20180319
ClamAV 未发现病毒 20180319
Kaspersky Trojan-Downloader.Win32.Agent.hhrl 20180319
BitDefender Trojan.GenericKD.30427525 20180319
NANO-Antivirus Trojan.Win32.Bot.eyxfor 20180319
SUPERAntiSpyware 未发现病毒 20180319
Avast Win32:Malware-gen 20180319
Tencent 未发现病毒 20180319
Ad-Aware Trojan.GenericKD.30427525 20180319
Emsisoft Trojan.GenericKD.30427525 (B) 20180319
Comodo 未发现病毒 20180319
F-Secure Trojan.GenericKD.30427525 20180319
DrWeb BackDoor.IRC.Bot.4731 20180319
VIPRE Trojan.Win32.Generic!BT 20180319
TrendMicro TROJ_GE.115E44CC 20180319
McAfee-GW-Edition Artemis 20180319
Sophos Mal/Generic-S 20180319
Ikarus Trojan-Downloader.Win32.Chindo 20180319
Cyren W32/Trojan.PKTC-8845 20180319
Jiangmin 未发现病毒 20180319
Webroot 未发现病毒 20180319
Avira TR/Dldr.Chindo.juiaz 20180319
Antiy-AVL 未发现病毒 20180319
Kingsoft 未发现病毒 20180319
Microsoft 未发现病毒 20180319
Endgame malicious (moderate confidence) 20180316
ViRobot 未发现病毒 20180319
ZoneAlarm Trojan-Downloader.Win32.Agent.hhrl 20180319
Avast-Mobile 未发现病毒 20180319
GData Win32.Trojan.Agent.Z7HSSE 20180319
AhnLab-V3 未发现病毒 20180318
ALYac 未发现病毒 20180319
AVware Trojan.Win32.Generic!BT 20180319
MAX 未发现病毒 20180319
VBA32 suspected of Trojan.Downloader.gen.h 20180316
Malwarebytes 未发现病毒 20180319
WhiteArmor 未发现病毒 20180223
Zoner 未发现病毒 20180319
Rising 未发现病毒 20180319
Yandex Trojan.DL.Chindo! 20180319
SentinelOne 未发现病毒 20180225
eGambit 未发现病毒 20180319
Fortinet W32/Chindo.D!tr.dldr 20180319
AVG Win32:Malware-gen 20180319
Panda 未发现病毒 20180318
CrowdStrike 未发现病毒 20170201
Qihoo-360 未发现病毒 20180319

进程树

Setupjike.exe_, PID: 1356, 上一级进程 PID: 300
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
106.11.250.81 中国
117.18.237.29 亚洲太平洋地区
140.205.158.4 中国
58.215.145.188 中国
58.216.106.210 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 50296 104.28.16.56 80
192.168.122.201 50301 106.11.250.81 cnzz.mmstat.com 443
192.168.122.201 50304 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 50300 140.205.158.4 z8.cnzz.com 443
192.168.122.201 50292 192.168.122.1 53
192.168.122.201 50303 192.204.26.80 80
192.168.122.201 50295 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 50297 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 50298 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 50294 58.215.145.188 s19.cnzz.com 443
192.168.122.201 50299 58.215.145.188 s19.cnzz.com 443
192.168.122.201 50293 58.216.106.210 config.myjhxl.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49230 192.168.122.1 53
192.168.122.201 51023 192.168.122.1 53
192.168.122.201 51070 192.168.122.1 53
192.168.122.201 52576 192.168.122.1 53
192.168.122.201 54275 192.168.122.1 53
192.168.122.201 55072 192.168.122.1 53
192.168.122.201 59418 192.168.122.1 53
192.168.122.201 59795 192.168.122.1 53
192.168.122.201 61817 192.168.122.1 53
192.168.122.201 62669 192.168.122.1 53
192.168.122.201 64810 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
config.myjhxl.com CNAME config.myjhxl.com.cdn.dnsv1.com
CNAME 876007.p23.tc.cdntip.com
A 180.101.217.205
A 180.101.217.192
CNAME config.myjhxl.com.c.cdnhwc1.com
A 221.228.218.203
A 58.216.106.210
A 221.228.219.107
A 58.216.106.208
A 221.228.219.71
A 221.228.218.214
A 180.101.217.119
A 180.101.217.117
A 180.101.217.196
s19.cnzz.com CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com
A 58.215.145.188
ocsp.globalsign.com A 58.211.137.192
CNAME global.prd.cdn.globalsign.com
CNAME cdn.globalsigncdn.com.cdn.cloudflare.net
crl.globalsign.com
z8.cnzz.com A 140.205.60.79
CNAME z.cnzz.com
A 140.205.158.4
A 140.205.136.1
A 140.205.218.72
A 140.205.61.85
CNAME z.gds.cnzz.com
A 140.205.218.67
c.cnzz.com
cnzz.mmstat.com A 106.11.250.81
CNAME gm.gds.mmstat.com
CNAME gm.mmstat.com
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 50296 104.28.16.56 80
192.168.122.201 50301 106.11.250.81 cnzz.mmstat.com 443
192.168.122.201 50304 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 50300 140.205.158.4 z8.cnzz.com 443
192.168.122.201 50292 192.168.122.1 53
192.168.122.201 50303 192.204.26.80 80
192.168.122.201 50295 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 50297 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 50298 58.211.137.192 ocsp.globalsign.com 80
192.168.122.201 50294 58.215.145.188 s19.cnzz.com 443
192.168.122.201 50299 58.215.145.188 s19.cnzz.com 443
192.168.122.201 50293 58.216.106.210 config.myjhxl.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49230 192.168.122.1 53
192.168.122.201 51023 192.168.122.1 53
192.168.122.201 51070 192.168.122.1 53
192.168.122.201 52576 192.168.122.1 53
192.168.122.201 54275 192.168.122.1 53
192.168.122.201 55072 192.168.122.1 53
192.168.122.201 59418 192.168.122.1 53
192.168.122.201 59795 192.168.122.1 53
192.168.122.201 61817 192.168.122.1 53
192.168.122.201 62669 192.168.122.1 53
192.168.122.201 64810 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://config.myjhxl.com/public/tj/geekzip.html 
GET /public/tj/geekzip.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: config.myjhxl.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8EJH HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://crl.globalsign.net/root.crl 
GET /root.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.net
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDD6XR06G9IA4Y4Qtog%3D%3D 
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDD6XR06G9IA4Y4Qtog%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDD6XR06G9IA4Y4Qtog%3D%3D 
GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDD6XR06G9IA4Y4Qtog%3D%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crl 
GET /gs/gsorganizationvalsha2g2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.globalsign.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl 
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT
If-None-Match: "59aa882b-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2018-03-24 01:16:15.072893+0800 192.168.122.201 50294 58.215.145.188 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com e4:29:80:20:63:63:5b:40:99:3b:a2:1b:de:7d:11:20:60:af:6a:46
2018-03-24 01:16:16.293501+0800 192.168.122.201 50300 140.205.158.4 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com e4:29:80:20:63:63:5b:40:99:3b:a2:1b:de:7d:11:20:60:af:6a:46
2018-03-24 01:16:16.427450+0800 192.168.122.201 50301 106.11.250.81 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.mmstat.com f2:25:f6:85:ba:93:b6:95:95:dc:3f:6c:c8:be:d1:c1:7f:32:df:3d
2018-03-24 01:16:16.285527+0800 192.168.122.201 50299 58.215.145.188 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com e4:29:80:20:63:63:5b:40:99:3b:a2:1b:de:7d:11:20:60:af:6a:46

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 26FAECAB15AD715CB7849E2211F9473B
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\26FAECAB15AD715CB7849E2211F9473B
文件大小 230 字节
文件类型 data
MD5 635ceaa5389b2ab64e9934c5e985f4e8
SHA1 df864ae83bcc731d30d59444b0e8a631501e0afa
SHA256 a14a2a86774dfd0119b713d1d740a6bc5eb4bf486807c7ae09edcd20fda6522d
CRC32 D48BFC99
Ssdeep 6:kKL/9qHVWepaE7/I1DpWhliKxlCPiRxElDC3g1j:j/9qHVWSM3WzfVClDC3Wj
下载提交魔盾安全分析
文件名 ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
文件大小 1518 字节
文件类型 data
MD5 66a4c528a840db25011353908a48a56c
SHA1 094e4b8a29f68533931f0c19dbc46a2f75dd3f83
SHA256 1c45b70e6553a285ec3fa5f715053979645fff660e1145886ffbea1818bcbf3a
CRC32 CB5D2CDD
Ssdeep 24:hdzN4asho0/tsqQ8QNPxycuBJbNcK70Q+FJhqW45BFruWzNyV3yJK6AvSrrbt:h5ursJPxycuBJbNZv+FJuuT3yJWSXZ
下载提交魔盾安全分析
文件名 stat[1].htm
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\stat[1].htm
文件大小 2 字节
文件类型 ASCII text, with no line terminators
MD5 444bcb3a3fcf8389296c49467f27e1d6
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
CRC32 79DCDD47
Ssdeep 3:V:V
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
ok
文件名 26FAECAB15AD715CB7849E2211F9473B
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\26FAECAB15AD715CB7849E2211F9473B
文件大小 146601 字节
文件类型 data
MD5 968ce192eee4ad1370dda70a8f33ff0a
SHA1 6a0ca7422f6567c175120c588abb9aba62f554ec
SHA256 6fc0909467aa22adb40d302bb3dc38b254cf37224bef64c82ff19047185ef078
CRC32 6D90581F
Ssdeep 1536:FRbKzDwz+o6ZUXiFK/86F40Ufb6PD75V0RMG/QcpOW8hyLo0KR6AlcVEDTLhWwT2:nwoXib6Cb6bNxTzELo5RZXhWw6
下载提交魔盾安全分析
文件名 A053CFB63FC8E6507871752236B5CCD5_319F934B3A4FB56D1EA4AD3AB45D0252
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_319F934B3A4FB56D1EA4AD3AB45D0252
文件大小 532 字节
文件类型 data
MD5 86becc9c6e2d4b9ef5f31a54c97ec6a4
SHA1 b22b10f26158ed6225b057c8c90268baa8e0c566
SHA256 4037a63164959be1f1b1a120b8786573dc9024a2a13e10fe0153cb03c01495da
CRC32 743BFA42
Ssdeep 12:NMJWzf8ClDC3bgLzK8sFFyOJQlUsyna2aNM3LKQf:NMJgEme3ELmvPyOJQ6aCbKQf
下载提交魔盾安全分析
文件名 core[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\core[1].php
文件大小 764 字节
文件类型 HTML document, ASCII text, with very long lines, with no line terminators
MD5 fe80dc0f8c5d8534efe6cc7d6f87a940
SHA1 4d5852bc4aa2591f3be57fff2c82cd05eb97b461
SHA256 bf4841a77e4341b7cdab4b0c31d102c8b3589f27bc0eaab4262d9fb0bb06895b
CRC32 6D8972A2
Ssdeep 12:cRq0YAaTbv2hgWcnQOJRGmyeLa5+yIx7Gu2LB2o1wNJ/lgzVjuXiVcELnPXerTWJ:cRqfAYL/WOqH3lCp2LBZ18pyBVNjPcTW
下载提交魔盾安全分析显示文本 
!function(){var p,q,r,a=encodeURIComponent,b="1263405234",c="",d="",e="online_v3.php",f="z8.cnzz.com",g="1",h="text",i="z",j="&#31449;&#38271;&#32479;&#35745;",k=window["_CNZZDbridge_"+b]["bobject"],l="https:",m="0",n=l+"//online.cnzz.com/online/"+e,o=[];o.push("id="+b),o.push("h="+f),o.push("on="+a(d)),o.push("s="+a(c)),n+="?"+o.join("&"),"0"===m&&k["callRequest"]([l+"//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["createScriptIcon"](n,"utf-8"):(q="z"==i?"http://www.cnzz.com/stat/website.php?web_id="+b:"http://quanjing.cnzz.com","pic"===h?(r=l+"//icon.cnzz.com/img/"+c+".gif",p="<a href='"+q+"' target=_blank title='"+j+"'><img border=0 hspace=0 vspace=0 src='"+r+"'></a>"):p="<a href='"+q+"' target=_blank title='"+j+"'>"+j+"</a>",k["createIcon"]([p])))}();
文件名 C8E7EC0C85688F4738F3BE49B104BA67
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
文件大小 186 字节
文件类型 data
MD5 1e1b1c370a4e45e4a5dd4b8b23818b4f
SHA1 badc26eb69aa3b2fdc7322545165caeaaa06c83f
SHA256 a3fadf92bf91ebbaf66f73b13d715ce9782449f7735d28adf9ba21abb3674b1f
CRC32 92287F07
Ssdeep 3:kkFklbn4oAk9tXXAhXfDll9ll8DNal/NQdo4tl4lhlR8rHelJlWlLltDBQkRlGlh:kKDoAk96hvDllSDNawdooWb1pWhlQeGz
下载提交魔盾安全分析
文件名 z_stat[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\z_stat[1].php
文件大小 10995 字节
文件类型 ASCII text, with very long lines
MD5 839ba509afb2413bb7830103bc73e9bd
SHA1 affe14d6126c014295c9442dc0d6d2b8ab7030de
SHA256 bfc3e6eded4b2e74744522c18d716431a01923908df0b0f11a6a8eeb848eca3e
CRC32 09059DFF
Ssdeep 192:kfjkXCOu7xxgsoyHijK/Va2mdhlOepSDg9RA25ywADwDPL+Whu76BA3W:kfjkXCOu7rho6LVafOi9KeVLf86BA3W
下载提交魔盾安全分析显示文本 
(function(){function k(){this.c="1263405234";this.ca="z";this.Z="";this.W="";this.Y="";this.C="1521823899";this.aa="z8.cnzz.com";this.X="";this.G="CNZZDATA"+this.c;this.F="_CNZZDbridge_"+this.c;this.P="_cnzz_CV"+this.c;this.R="CZ_UUID"+this.c;this.L="UM_distinctid";this.H="0";this.K={};this.a={};this.Aa()}function g(a,
b){try{var c=[];c.push("siteid=1263405234");c.push("name="+f(a.name));c.push("msg="+f(a.message));c.push("r="+f(h.referrer));c.push("page="+f(e.location.href));c.push("agent="+f(e.navigator.userAgent));c.push("ex="+f(b));c.push("rnd="+Math.floor(2147483648*Math.random()));(new Image).src="http://jserr.cnzz.com/log.php?"+c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,m=decodeURIComponent,r=unescape;k.prototype={Aa:function(){try{this.ja(),this.V(),this.wa(),this.T(),this.za(),
this.w(),this.ua(),this.ta(),this.xa(),this.o(),this.sa(),this.va(),this.ya(),this.qa(),this.oa(),this.ra(),this.Ea(),e[this.F]=e[this.F]||{},this.pa("_cnzz_CV")}catch(a){g(a,"i failed")}},Ca:function(){try{var a=this;e._czc={push:function(){return a.M.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},oa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b++){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?
c[1]:String(c[1]);break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},Ea:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[object Array]"==={}.toString.call(e._czc))for(var a=e._czc,b=0,c=a.length;b<c;b++)this.M(a[b]);this.Ca()}}catch(d){g(d,"pP failed")}},M:function(a){try{if("[object Array]"==={}.toString.call(a))switch(a[0]){case "_trackPageview":if(a[1]){this.a.f="https://"+
e.location.host;"/"!==a[1].charAt(0)&&(this.a.f+="/");this.a.f+=a[1];if(""===a[2])this.a.g="";else if(a[2]){var b=a[2];"http"!==b.substr(0,4)&&(b="https://"+e.location.host,"/"!==a[2].charAt(0)&&(b+="/"),b+=a[2]);this.a.g=b}th <truncated>
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
文件大小 49152 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 f031169e88ab64f31c6a91f4cbe422a4
SHA1 2a8d672b1333c3f977292b4db71dd42cf3e42706
SHA256 c207b5b80f84526d9091ccea38ca4066a3507f870e7ba9d6f76e39e2a171f35f
CRC32 DE51047B
Ssdeep 96:qadhFST+n18+94WTS1vVBfWlW84GvnLGvnbSWicoya64cQkYQkjWCLn9N91WBSO1:B7FSsormvqvbyett
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
文件大小 245760 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 3fd58b1f0e3cc7987cac0cd6dc4abef9
SHA1 6b770c6bc31395300825812cd76b15585af6b8a4
SHA256 4629cf0e2cb2e168c6d8472bd42911b72803c93a9d62c99503af67c7f03783ba
CRC32 DE53B67B
Ssdeep 3072:JLvCbKEbEMHeTbVNYSOKFP33/TxxQ0UjXV:IKEnHeTbVNYfKFP33/
下载提交魔盾安全分析
文件名 test@mmstat[1].txt
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@mmstat[1].txt
文件大小 94 字节
文件类型 ASCII text
MD5 502d127e45b42f7aa087271a05ce3a31
SHA1 c6f9acd63087e7c9e19dd0f36774db8c407068e8
SHA256 a8f7c7f8ee9a13109262781949a1a15d1413dd458efe5a040b193ffd52604c34
CRC32 8FCF45C9
Ssdeep 3:mSNimk1VFGdIKPv7YcKdxSrpTUP/n:mSY/EKKobSWn
下载提交魔盾安全分析显示文本 
cna
YCQ8E0T6BhUCAbSvsWRdaNs4
mmstat.com/
2147484672
1585016832
31389433
2489323072
30631118
*
文件名 C8E7EC0C85688F4738F3BE49B104BA67
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
文件大小 782 字节
文件类型 data
MD5 8144a8995270179c598d32a188a57122
SHA1 b5b8b0ec0ad69fbfe881b0c31a3de09e376b8910
SHA256 6ceb8172e20099cabe1e7b62b4aa8bd071c2268f283b28272cd3ada1515113dd
CRC32 7BDC876E
Ssdeep 12:9gKD81n9E1ZMI2bMAHGA3ERIDIyZjIS5amoXIJKZfb:5cuZh2bMAHGAUydjIS5amo4AN
下载提交魔盾安全分析
文件名 ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
文件大小 492 字节
文件类型 data
MD5 ab5a5deeeeec2f4cb05713d66e5f02b1
SHA1 980197b7814f4844cab80c83c7ce25c931f58134
SHA256 0b09466d5e0a6b103a379b90e7164e99edeb189accddf757573d4d5ee7230697
CRC32 569EE278
Ssdeep 12:u+sDWzF0Y1oOkksFyR7uE9SsAUOlJCXu47xN:ujDgF0WoLnYRd8JUKYeixN
下载提交魔盾安全分析
文件名 A053CFB63FC8E6507871752236B5CCD5_319F934B3A4FB56D1EA4AD3AB45D0252
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_319F934B3A4FB56D1EA4AD3AB45D0252
文件大小 1570 字节
文件类型 data
MD5 26158c15a96491db99750fc7462ae294
SHA1 da13f8d016450533bc615f3447586be5267454bd
SHA256 1325cb1d75fd05c771187e72e998e6201f69b220c5669ea4be8b0a661ba8b6db
CRC32 58CB0146
Ssdeep 24:Cg/xfk/Sm8FBmBtEeC15EUAxEk7HXABK76KBgY6kZ9qBeeCpXsAxOsYPMrIpOhZN:dJMTQmzB25Er2GwBCdfjSwIpOhs/Rot
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 d91fb97297628aa1a0acab595517915b
SHA1 37047c344403265007ed740be8d5b7caf62e69fc
SHA256 3b2a3b4d0dfdad9ff15caf9d2f701823a04044fa96c508e69c2c0050f3d89b64
CRC32 6FB7AB6D
Ssdeep 96:qJ+dmRkzO8SWd9V5Gnh8MnBo6o913aORplQNY23y544KlzSbnzZn:u+dmRkz/9kKKORplgzy6c
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 31.216 seconds )

  • 11.574 NetworkAnalysis
  • 7.216 Suricata
  • 4.916 TargetInfo
  • 3.927 Static
  • 1.523 VirusTotal
  • 0.811 BehaviorAnalysis
  • 0.721 Dropped
  • 0.319 peid
  • 0.188 AnalysisInfo
  • 0.009 Strings
  • 0.008 config_decoder
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 1.944 seconds )

  • 1.385 md_url_bl
  • 0.11 antiav_detectreg
  • 0.041 infostealer_ftp
  • 0.038 stealth_timeout
  • 0.03 api_spamming
  • 0.028 md_domain_bl
  • 0.025 decoy_document
  • 0.023 antianalysis_detectreg
  • 0.023 infostealer_im
  • 0.021 antivm_generic_scsi
  • 0.017 stealth_file
  • 0.013 infostealer_mail
  • 0.013 md_bad_drop
  • 0.011 antiav_detectfile
  • 0.01 antivm_generic_services
  • 0.007 antivm_generic_disk
  • 0.007 geodo_banking_trojan
  • 0.007 infostealer_bitcoin
  • 0.006 mimics_filetime
  • 0.006 kibex_behavior
  • 0.005 bootkit
  • 0.005 betabot_behavior
  • 0.005 persistence_autorun
  • 0.005 virus
  • 0.005 antivm_parallels_keys
  • 0.005 antivm_xen_keys
  • 0.005 darkcomet_regkeys
  • 0.004 dridex_behavior
  • 0.004 reads_self
  • 0.004 antivm_vbox_files
  • 0.004 network_http
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.003 antiemu_wine_func
  • 0.003 kovter_behavior
  • 0.003 antivm_generic_diskreg
  • 0.003 recon_fingerprint
  • 0.002 hancitor_behavior
  • 0.002 tinba_behavior
  • 0.002 ransomware_message
  • 0.002 stealth_network
  • 0.002 antivm_vbox_libs
  • 0.002 infostealer_browser_password
  • 0.002 antisandbox_productid
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 rat_nanocore
  • 0.001 antiav_avast_libs
  • 0.001 network_anomaly
  • 0.001 injection_createremotethread
  • 0.001 sets_autoconfig_url
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 kazybot_behavior
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 antidbg_windows
  • 0.001 vawtrak_behavior
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 bypass_firewall
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 recon_programs

Reporting ( 0.538 seconds )

  • 0.506 ReportHTMLSummary
  • 0.032 Malheur
Task ID 141296
Mongo ID 5ab53700bb7d57684f2f9734
Cuckoo release 1.4-Maldun