分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-shaapp01-2 | 2018-03-24 09:10:36 | 2018-03-24 09:13:05 | 149 秒 |
魔盾分数
1.75
正常的
文件详细信息
| 文件名 | expressvpn_6.5.1.3605.exe |
|---|---|
| 文件大小 | 25491712 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 15e962297483472130e8367fca6d2ef1 |
| SHA1 | 90cc20712db9d7956b55e283e6b39ba2b2788535 |
| SHA256 | c4e815cf040819b29b43405977a30bf749d2ee8ae09b9a7dad9011d904cbdd81 |
| SHA512 | 75b6e3c27156715aa19dffbdc8f82c85e922efd5c4a07c2f9f8208b5460f478b6a81d700e6a8d1a73536c42515143fe8dffa027255ec20c01fb1b7788fdcf298 |
| CRC32 | B091CE9F |
| Ssdeep | 786432:i0liK/0UVaH7lDnSCV74IcugFmKDDBOl+0yq6L:HB00C7lDP74I1WmKTUk |
| Yara | 登录查看Yara规则 |
| 样本下载 提交漏报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 104.16.91.188 | 美国 | |
| 否 | 117.18.237.29 | 亚洲太平洋地区 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| crt.comodoca.com |
A 104.16.92.188 CNAME crt.comodoca.com.cdn.cloudflare.net A 104.16.90.188 A 104.16.91.188 A 104.16.93.188 A 104.16.89.188 |
|
| ocsp.digicert.com |
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0042e1fd |
| 声明校验值 | 0x0185cc4c |
| 实际校验值 | 0x0185cc4c |
| 最低操作系统版本要求 | 5.1 |
| PDB路径 | C:\build\work\eca3d12b\wix3\build\ship\x86\burn.pdb |
| 编译时间 | 2017-05-01 22:33:52 |
| 载入哈希 | 945b38293d63de197023e59f28a06bb8 |
| 图标 |  |
| 图标精确哈希值 | 7afc4835c274d97cb3c14bdf33c92032 |
| 图标相似性哈希值 | 7dacd6c800b3cb402fe38f3b3f972f75 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
微软证书验证 (Sign Tool)
| SHA1 | 时间戳 | 有效性 | 错误 |
|---|---|---|---|
| None | Wed Feb 07 16:46:59 2018 | 无 |
| 证书链 | Certificate Chain 1 |
| 发行给 | AddTrust External CA Root |
| 发行人 | AddTrust External CA Root |
| 有效期 | Sat May 30 184838 2020 |
| SHA1 哈希 | 02faf3e291435468607857694df5e45b68851868 |
| 证书链 | Certificate Chain 2 |
| 发行给 | COMODO RSA Certification Authority |
| 发行人 | AddTrust External CA Root |
| 有效期 | Sat May 30 184838 2020 |
| SHA1 哈希 | f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0 |
| 证书链 | Certificate Chain 3 |
| 发行给 | COMODO RSA Code Signing CA |
| 发行人 | COMODO RSA Certification Authority |
| 有效期 | Tue May 09 075959 2028 |
| SHA1 哈希 | b69e752bbe88b4458200a7c0f4f5b3cce6f35b47 |
| 证书链 | Certificate Chain 4 |
| 发行给 | Express Vpn LLC |
| 发行人 | COMODO RSA Code Signing CA |
| 有效期 | Thu Jan 21 075959 2021 |
| SHA1 哈希 | bb0304c1ff6dc0384701dd88363c2f1a1d5c8aeb |
| 证书链 | Timestamp Chain 1 |
| 发行给 | UTN-USERFirst-Object |
| 发行人 | UTN-USERFirst-Object |
| 有效期 | Wed Jul 10 024036 2019 |
| SHA1 哈希 | e12dfb4b41d7d9c32b30514bac1d81d8385e2d46 |
| 证书链 | Timestamp Chain 2 |
| 发行给 | COMODO SHA-256 Time Stamping Signer |
| 发行人 | UTN-USERFirst-Object |
| 有效期 | Wed Jul 10 024036 2019 |
| SHA1 哈希 | 36527d4fa26a68f9eb4596f1d99abb2c0ea76dfa |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00049a67 | 0x00049c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.56 |
| .rdata | 0x0004b000 | 0x0001ec60 | 0x0001ee00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.11 |
| .data | 0x0006a000 | 0x00001730 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.15 |
| .wixburn | 0x0006c000 | 0x00000038 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.75 |
| .tls | 0x0006d000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x0006e000 | 0x0005d7cc | 0x0005d800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.72 |
| .reloc | 0x000cc000 | 0x00003dec | 0x00003e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.79 |
覆盖
| 偏移量 | 0x000cb200 |
| 大小 | 0x01784700 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
| RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
| RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
| RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
| RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
| RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
| RT_MESSAGETABLE | 0x000c8798 | 0x00002840 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.07 | data |
| RT_GROUP_ICON | 0x000cafd8 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | MS Windows icon resource - 6 icons, 16x16 |
| RT_VERSION | 0x000cb034 | 0x000002c4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.30 | data |
| RT_MANIFEST | 0x000cb2f8 | 0x000004d2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.31 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
导入
库: ADVAPI32.dll:
• 0x44b000 RegCloseKey
• 0x44b004 RegOpenKeyExW
• 0x44b008 OpenProcessToken
• 0x44b00c AdjustTokenPrivileges
• 0x44b010 LookupPrivilegeValueW
• 0x44b014 InitiateSystemShutdownExW
• 0x44b018 GetUserNameW
• 0x44b01c RegQueryValueExW
• 0x44b020 RegDeleteValueW
• 0x44b024 CloseEventLog
• 0x44b028 OpenEventLogW
• 0x44b02c ReportEventW
• 0x44b034 DecryptFileW
• 0x44b038 CreateWellKnownSid
• 0x44b03c InitializeAcl
• 0x44b040 SetEntriesInAclW
• 0x44b044 ChangeServiceConfigW
• 0x44b048 CloseServiceHandle
• 0x44b04c ControlService
• 0x44b050 OpenSCManagerW
• 0x44b054 OpenServiceW
• 0x44b058 QueryServiceStatus
• 0x44b05c SetNamedSecurityInfoW
• 0x44b060 CheckTokenMembership
• 0x44b064 AllocateAndInitializeSid
• 0x44b068 SetEntriesInAclA
• 0x44b06c SetSecurityDescriptorGroup
• 0x44b070 SetSecurityDescriptorOwner
• 0x44b074 SetSecurityDescriptorDacl
• 0x44b078 InitializeSecurityDescriptor
• 0x44b07c RegSetValueExW
• 0x44b080 RegQueryInfoKeyW
• 0x44b084 RegEnumValueW
• 0x44b088 RegEnumKeyExW
• 0x44b08c RegDeleteKeyW
• 0x44b090 RegCreateKeyExW
• 0x44b094 GetTokenInformation
• 0x44b098 CryptDestroyHash
• 0x44b09c CryptHashData
• 0x44b0a0 CryptCreateHash
• 0x44b0a4 CryptGetHashParam
• 0x44b0a8 CryptReleaseContext
• 0x44b0ac CryptAcquireContextW
• 0x44b0b0 QueryServiceConfigW
库: USER32.dll:
• 0x44b35c GetMessageW
• 0x44b360 PostMessageW
• 0x44b364 IsWindow
• 0x44b368 WaitForInputIdle
• 0x44b36c PostQuitMessage
• 0x44b370 PeekMessageW
• 0x44b374 MsgWaitForMultipleObjects
• 0x44b378 PostThreadMessageW
• 0x44b37c GetMonitorInfoW
• 0x44b380 MonitorFromPoint
• 0x44b384 IsDialogMessageW
• 0x44b388 LoadCursorW
• 0x44b38c LoadBitmapW
• 0x44b390 SetWindowLongW
• 0x44b394 GetWindowLongW
• 0x44b398 GetCursorPos
• 0x44b39c MessageBoxW
• 0x44b3a0 CreateWindowExW
• 0x44b3a4 UnregisterClassW
• 0x44b3a8 RegisterClassW
• 0x44b3ac DefWindowProcW
• 0x44b3b0 DispatchMessageW
• 0x44b3b4 TranslateMessage
库: OLEAUT32.dll:
• 0x44b330 SysFreeString
• 0x44b334 SysAllocString
• 0x44b338 VariantInit
• 0x44b33c VariantClear
库: GDI32.dll:
• 0x44b0b8 CreateCompatibleDC
• 0x44b0bc DeleteObject
• 0x44b0c0 SelectObject
• 0x44b0c4 StretchBlt
• 0x44b0c8 GetObjectW
• 0x44b0cc DeleteDC
库: SHELL32.dll:
• 0x44b34c SHGetFolderPathW
• 0x44b350 CommandLineToArgvW
• 0x44b354 ShellExecuteExW
库: ole32.dll:
• 0x44b3bc CoUninitialize
• 0x44b3c0 CoInitializeEx
• 0x44b3c4 CoInitialize
• 0x44b3c8 StringFromGUID2
• 0x44b3cc CoCreateInstance
• 0x44b3d0 CoTaskMemFree
• 0x44b3d4 CoInitializeSecurity
• 0x44b3d8 CLSIDFromProgID
库: KERNEL32.dll:
• 0x44b0d4 GetCommandLineA
• 0x44b0d8 GetCPInfo
• 0x44b0dc GetOEMCP
• 0x44b0e0 CloseHandle
• 0x44b0e4 CreateFileW
• 0x44b0e8 GetProcAddress
• 0x44b0ec LocalFree
• 0x44b0f0 HeapSetInformation
• 0x44b0f4 GetLastError
• 0x44b0f8 GetModuleHandleW
• 0x44b0fc FormatMessageW
• 0x44b100 lstrlenA
• 0x44b104 lstrlenW
• 0x44b108 MultiByteToWideChar
• 0x44b10c WideCharToMultiByte
• 0x44b110 LCMapStringW
• 0x44b114 Sleep
• 0x44b118 GetLocalTime
• 0x44b11c GetModuleFileNameW
• 0x44b120 ExpandEnvironmentStringsW
• 0x44b124 GetTempPathW
• 0x44b128 GetTempFileNameW
• 0x44b12c CreateDirectoryW
• 0x44b130 GetFullPathNameW
• 0x44b134 CompareStringW
• 0x44b138 GetCurrentProcessId
• 0x44b13c WriteFile
• 0x44b140 SetFilePointer
• 0x44b144 LoadLibraryW
• 0x44b148 GetSystemDirectoryW
• 0x44b14c CreateFileA
• 0x44b150 HeapAlloc
• 0x44b154 HeapReAlloc
• 0x44b158 HeapFree
• 0x44b15c HeapSize
• 0x44b160 GetProcessHeap
• 0x44b164 FindClose
• 0x44b168 GetCommandLineW
• 0x44b16c GetCurrentDirectoryW
• 0x44b170 RemoveDirectoryW
• 0x44b174 SetFileAttributesW
• 0x44b178 GetFileAttributesW
• 0x44b17c DeleteFileW
• 0x44b180 FindFirstFileW
• 0x44b184 FindNextFileW
• 0x44b188 MoveFileExW
• 0x44b18c GetCurrentProcess
• 0x44b190 GetCurrentThreadId
• 0x44b194 InitializeCriticalSection
• 0x44b198 DeleteCriticalSection
• 0x44b19c ReleaseMutex
• 0x44b1a0 TlsAlloc
• 0x44b1a4 GetEnvironmentStringsW
• 0x44b1a8 TlsSetValue
• 0x44b1ac TlsFree
• 0x44b1b0 CreateProcessW
• 0x44b1b4 GetVersionExW
• 0x44b1b8 VerSetConditionMask
• 0x44b1bc FreeLibrary
• 0x44b1c0 EnterCriticalSection
• 0x44b1c4 LeaveCriticalSection
• 0x44b1c8 GetSystemTime
• 0x44b1cc GetNativeSystemInfo
• 0x44b1d0 GetModuleHandleExW
• 0x44b1d4 GetWindowsDirectoryW
• 0x44b1d8 GetSystemWow64DirectoryW
• 0x44b1dc GetComputerNameW
• 0x44b1e0 VerifyVersionInfoW
• 0x44b1e4 GetVolumePathNameW
• 0x44b1e8 GetDateFormatW
• 0x44b1ec GetUserDefaultUILanguage
• 0x44b1f0 GetSystemDefaultLangID
• 0x44b1f4 GetUserDefaultLangID
• 0x44b1f8 GetStringTypeW
• 0x44b1fc ReadFile
• 0x44b200 SetFilePointerEx
• 0x44b204 DuplicateHandle
• 0x44b208 InterlockedExchange
• 0x44b20c InterlockedCompareExchange
• 0x44b210 LoadLibraryExW
• 0x44b214 CreateEventW
• 0x44b218 ProcessIdToSessionId
• 0x44b21c OpenProcess
• 0x44b220 GetProcessId
• 0x44b224 WaitForSingleObject
• 0x44b228 ConnectNamedPipe
• 0x44b22c SetNamedPipeHandleState
• 0x44b230 CreateNamedPipeW
• 0x44b234 CreateThread
• 0x44b238 GetExitCodeThread
• 0x44b23c SetEvent
• 0x44b240 WaitForMultipleObjects
• 0x44b244 InterlockedIncrement
• 0x44b248 InterlockedDecrement
• 0x44b24c ResetEvent
• 0x44b250 SetEndOfFile
• 0x44b254 SetFileTime
• 0x44b258 LocalFileTimeToFileTime
• 0x44b25c DosDateTimeToFileTime
• 0x44b260 CompareStringA
• 0x44b264 GetExitCodeProcess
• 0x44b268 SetThreadExecutionState
• 0x44b26c CopyFileExW
• 0x44b270 MapViewOfFile
• 0x44b274 UnmapViewOfFile
• 0x44b278 CreateMutexW
• 0x44b27c CreateFileMappingW
• 0x44b280 GetThreadLocale
• 0x44b284 IsValidCodePage
• 0x44b288 FreeEnvironmentStringsW
• 0x44b28c TlsGetValue
• 0x44b290 SetStdHandle
• 0x44b294 GetConsoleCP
• 0x44b298 GetConsoleMode
• 0x44b29c FlushFileBuffers
• 0x44b2a0 DecodePointer
• 0x44b2a4 WriteConsoleW
• 0x44b2a8 GetModuleHandleA
• 0x44b2ac GlobalAlloc
• 0x44b2b0 GlobalFree
• 0x44b2b4 GetFileSizeEx
• 0x44b2b8 CopyFileW
• 0x44b2bc VirtualAlloc
• 0x44b2c0 VirtualFree
• 0x44b2c4 SystemTimeToTzSpecificLocalTime
• 0x44b2c8 GetTimeZoneInformation
• 0x44b2cc SystemTimeToFileTime
• 0x44b2d0 GetSystemInfo
• 0x44b2d4 VirtualProtect
• 0x44b2d8 VirtualQuery
• 0x44b2dc SetCurrentDirectoryW
• 0x44b2e0 FindFirstFileExW
• 0x44b2e4 GetFileType
• 0x44b2e8 GetACP
• 0x44b2ec ExitProcess
• 0x44b2f0 GetStdHandle
• 0x44b2f4 InitializeCriticalSectionAndSpinCount
• 0x44b2f8 SetLastError
• 0x44b2fc UnhandledExceptionFilter
• 0x44b300 SetUnhandledExceptionFilter
• 0x44b304 TerminateProcess
• 0x44b308 IsProcessorFeaturePresent
• 0x44b30c QueryPerformanceCounter
• 0x44b310 GetSystemTimeAsFileTime
• 0x44b314 InitializeSListHead
• 0x44b318 IsDebuggerPresent
• 0x44b31c GetStartupInfoW
• 0x44b320 RaiseException
• 0x44b324 RtlUnwind
• 0x44b328 LoadLibraryExA
库: RPCRT4.dll:
• 0x44b344 UuidCreate
.text
`.rdata
@.data
.wixburn8
@.tls
.rsrc
@.reloc
SSWSh3
9_ t!j
PhD!E
w`h,!E
wdhD!E
Phd!E
7h$,E
7h8+E
6hp+E
6h$,E
0hD%E
tKh`,E
7h`-E
PhD?E
RQh<:E
RhD:E
3ht:E
WWWh4;E
ynVhL;E
7h0@E
3h8GE
7h0@E
7h|CE
Ph]WA
6h\PE
yIhPRE
PhlUE
Ph\UE
Ph(VE
t@h0KE
t;PhDJE
WVhXoE
Ph<eE
Wh uE
Wh\uE
7h\sE
ShDyE
ShlyE
SWPh rE
y&SWhTrE
SWhprE
y&SWhTrE
SWhprE
y3h|gE
WhDiE
7h(kE
7hpkE
Ph<eE
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20180322 |
| MicroWorld-eScan | 未发现病毒 | 20180322 |
| nProtect | 未发现病毒 | 20180322 |
| CMC | 未发现病毒 | 20180322 |
| CAT-QuickHeal | 未发现病毒 | 20180322 |
| McAfee | 未发现病毒 | 20180322 |
| Cylance | 未发现病毒 | 20180322 |
| SUPERAntiSpyware | 未发现病毒 | 20180322 |
| TheHacker | 未发现病毒 | 20180319 |
| K7GW | 未发现病毒 | 20180322 |
| K7AntiVirus | 未发现病毒 | 20180322 |
| Invincea | 未发现病毒 | 20180121 |
| Baidu | 未发现病毒 | 20180322 |
| F-Prot | 未发现病毒 | 20180322 |
| Symantec | 未发现病毒 | 20180322 |
| ESET-NOD32 | 未发现病毒 | 20180322 |
| TrendMicro-HouseCall | 未发现病毒 | 20180322 |
| Avast | 未发现病毒 | 20180322 |
| ClamAV | 未发现病毒 | 20180322 |
| Kaspersky | 未发现病毒 | 20180322 |
| BitDefender | 未发现病毒 | 20180322 |
| NANO-Antivirus | 未发现病毒 | 20180322 |
| Paloalto | 未发现病毒 | 20180322 |
| ViRobot | 未发现病毒 | 20180322 |
| Tencent | 未发现病毒 | 20180322 |
| Ad-Aware | 未发现病毒 | 20180322 |
| Sophos | 未发现病毒 | 20180322 |
| Comodo | 未发现病毒 | 20180322 |
| F-Secure | 未发现病毒 | 20180322 |
| DrWeb | 未发现病毒 | 20180322 |
| VIPRE | 未发现病毒 | 20180322 |
| TrendMicro | 未发现病毒 | 20180322 |
| McAfee-GW-Edition | 未发现病毒 | 20180322 |
| Emsisoft | 未发现病毒 | 20180322 |
| SentinelOne | 未发现病毒 | 20180225 |
| Cyren | 未发现病毒 | 20180322 |
| Jiangmin | 未发现病毒 | 20180322 |
| Webroot | 未发现病毒 | 20180322 |
| Avira | 未发现病毒 | 20180322 |
| Fortinet | 未发现病毒 | 20180322 |
| Antiy-AVL | 未发现病毒 | 20180322 |
| Kingsoft | 未发现病毒 | 20180322 |
| Endgame | 未发现病毒 | 20180316 |
| Arcabit | 未发现病毒 | 20180322 |
| AegisLab | 未发现病毒 | 20180322 |
| ZoneAlarm | 未发现病毒 | 20180322 |
| Avast-Mobile | 未发现病毒 | 20180322 |
| Microsoft | 未发现病毒 | 20180322 |
| AhnLab-V3 | 未发现病毒 | 20180322 |
| ALYac | 未发现病毒 | 20180322 |
| AVware | 未发现病毒 | 20180322 |
| MAX | 未发现病毒 | 20180322 |
| VBA32 | 未发现病毒 | 20180322 |
| Malwarebytes | 未发现病毒 | 20180322 |
| WhiteArmor | 未发现病毒 | 20180223 |
| Zoner | 未发现病毒 | 20180322 |
| Rising | 未发现病毒 | 20180322 |
| Yandex | 未发现病毒 | 20180322 |
| Ikarus | 未发现病毒 | 20180322 |
| eGambit | 未发现病毒 | 20180322 |
| GData | 未发现病毒 | 20180322 |
| AVG | 未发现病毒 | 20180322 |
| Cybereason | 未发现病毒 | 20180225 |
| Panda | 未发现病毒 | 20180321 |
| CrowdStrike | 未发现病毒 | 20170201 |
| Qihoo-360 | 未发现病毒 | 20180322 |
进程树
-
expressvpn_6.5.1.3605.exe id: 2084
-
expressvpn_6.5.1.3605.exe id: 2144
- ExpressVPN_6.5.1.3605.exe id: 2268
-
expressvpn_6.5.1.3605.exe id: 2144
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 104.16.91.188 | 美国 | |
| 否 | 117.18.237.29 | 亚洲太平洋地区 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49158 | 104.16.91.188 crt.comodoca.com | 80 |
| 192.168.122.202 | 49168 | 117.18.237.29 ocsp.digicert.com | 80 |
| 192.168.122.202 | 49159 | 178.255.83.1 | 80 |
| 192.168.122.202 | 49160 | 178.255.83.1 | 80 |
| 192.168.122.202 | 49161 | 178.255.83.1 | 80 |
| 192.168.122.202 | 49167 | 65.200.22.9 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 51930 | 192.168.122.1 | 53 |
| 192.168.122.202 | 51997 | 192.168.122.1 | 53 |
| 192.168.122.202 | 53717 | 192.168.122.1 | 53 |
| 192.168.122.202 | 54930 | 192.168.122.1 | 53 |
| 192.168.122.202 | 57729 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| crt.comodoca.com |
A 104.16.92.188 CNAME crt.comodoca.com.cdn.cloudflare.net A 104.16.90.188 A 104.16.91.188 A 104.16.93.188 A 104.16.89.188 |
|
| ocsp.digicert.com |
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 49158 | 104.16.91.188 crt.comodoca.com | 80 |
| 192.168.122.202 | 49168 | 117.18.237.29 ocsp.digicert.com | 80 |
| 192.168.122.202 | 49159 | 178.255.83.1 | 80 |
| 192.168.122.202 | 49160 | 178.255.83.1 | 80 |
| 192.168.122.202 | 49161 | 178.255.83.1 | 80 |
| 192.168.122.202 | 49167 | 65.200.22.9 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 51930 | 192.168.122.1 | 53 |
| 192.168.122.202 | 51997 | 192.168.122.1 | 53 |
| 192.168.122.202 | 53717 | 192.168.122.1 | 53 |
| 192.168.122.202 | 54930 | 192.168.122.1 | 53 |
| 192.168.122.202 | 57729 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://crt.comodoca.com/COMODORSAAddTrustCA.crt | GET /COMODORSAAddTrustCA.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crt.comodoca.com |
| URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1 Cache-Control: max-age = 462303 Connection: Keep-Alive Accept: */* If-Modified-Since: Tue, 30 May 2017 14:10:49 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.usertrust.com |
| URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com |
| URL专业沙箱检测 -> http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEQDjB%2Fbx%2BsdCPmwAM2qUEFsX | GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEQDjB%2Fbx%2BsdCPmwAM2qUEFsX HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com |
| URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
| URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT If-None-Match: "59aa882b-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | progressbar.png |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\progressbar.png
|
| 文件大小 | 139 字节 |
| 文件类型 | PNG image data, 4 x 28, 8-bit/color RGBA, non-interlaced |
| MD5 | 6ad97b79dcee4ccc8099cddaa0c3541e |
| SHA1 | a94be2c46de7927a02a11059b8e4a844c528f7d2 |
| SHA256 | e6db7240e6f628c670db07c07ecf5c55e171b413487aa9c7e5427f31255bf468 |
| CRC32 | FB59EAE3 |
| Ssdeep | 3:yionv//thPlJjt778W3MLts7CX9/gh/rywOxGhakLTrcFe/l2up:6v/lhPOwMR/ChmFp4r/l2up |
| 下载 提交魔盾安全分析 |
| 文件名 | expressvpn_6.5.1.3605.exe |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\{B6EBC473-EE69-40A6-964E-5DD7C8A0F8EE}\.cr\expressvpn_6.5.1.3605.exe
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.be\ExpressVPN_6.5.1.3605.exe
|
| 文件大小 | 947856 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 8ffc184ff9bba97578593331bfcddd38 |
| SHA1 | c6adae30de913595fabd3c2c0442a86163b0c660 |
| SHA256 | 697f47a48e806558440574b12fcf4c6b46f27a86cd71b7e3dd30f5f021aaef83 |
| CRC32 | 885E1078 |
| Ssdeep | 12288:h79g/k9Ygb25zyaaEqrHqm/AkP7yrjlIX5g8v:jgwYgb25FJsqIAkTx |
| 下载 提交魔盾安全分析 |
| 文件名 | logo.png |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\logo.png
|
| 文件大小 | 8148 字节 |
| 文件类型 | PNG image data, 211 x 43, 8-bit/color RGBA, non-interlaced |
| MD5 | 06b448ef3db3dc6ef6557fad768e8211 |
| SHA1 | 7b9fc89fad2273a4ff568dac9ad75ea92391389f |
| SHA256 | 95ce59c408c9165a692e3f96c0ea714fb8db6271bb6ab8ad94d1ece0ba747ab1 |
| CRC32 | 54137EA0 |
| Ssdeep | 192:eq4W+FWz31wbgQjlcf0mox1GY/hRtfKyVKRgP:14W+Fm3mbgQjLmA7pRMyVKRgP |
| 下载 提交魔盾安全分析 |
| 文件名 | BootstrapperApplicationData.xml |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\BootstrapperApplicationData.xml
|
| 文件大小 | 12502 字节 |
| 文件类型 | XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators |
| MD5 | 2459fcadd4eca84cea848fb01c888e9c |
| SHA1 | 47001170aa469ff755c6edc1430a0c3a7f047c9e |
| SHA256 | 1f3c36ab79f3f0818c62813886baac52bca06f6ea57f9fcc82c379cb1aad1aa3 |
| CRC32 | EFAEF290 |
| Ssdeep | 192:X0suuKTOkYfa+B56CX7beEgodQXJHGtmjMCv8wsJkSY/cWna:X0suuKKJOZ/wd |
| 下载 提交魔盾安全分析 显示文本 | |
\xff\xfe<\x00?\x00x\x00m\x00l\x00 \x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00=\x00"\x001\x00.\x000\x00"\x00 \x00e\x00n\x00c\x00o\x00d\x00i\x00n\x00g\x00=\x00"\x00u\x00t\x00f\x00-\x001\x006\x00"\x00?\x00>\x00
\x00
\x00<\x00B\x00o\x00o\x00t\x00s\x00t\x00r\x00a\x00p\x00p\x00e\x00r\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00D\x00a\x00t\x00a\x00 \x00x\x00m\x00l\x00n\x00s\x00=\x00"\x00h\x00t\x00t\x00p\x00:\x00/\x00/\x00s\x00c\x00h\x00e\x00m\x00a\x00s\x00.\x00m\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00.\x00c\x00o\x00m\x00/\x00w\x00i\x00x\x00/\x002\x000\x001\x000\x00/\x00B\x00o\x00o\x00t\x00s\x00t\x00r\x00a\x00p\x00p\x00e\x00r\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00D\x00a\x00t\x00a\x00"\x00>\x00
\x00
\x00 \x00 \x00<\x00W\x00i\x00x\x00B\x00a\x00l\x00C\x00o\x00n\x00d\x00i\x00t\x00i\x00o\x00n\x00 \x00C\x00o\x00n\x00d\x00i\x00t\x00i\x00o\x00n\x00=\x00"\x00V\x00e\x00r\x00s\x00i\x00o\x00n\x00N\x00T\x00 \x00&\x00g\x00t\x00;\x00=\x00 \x00v\x006\x00.\x001\x00"\x00 \x00M\x00e\x00s\x00s\x00a\x00g\x00e\x00=\x00"\x00T\x00h\x00i\x00s\x00 \x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00 \x00o\x00f\x00 \x00E\x00x\x00p\x00r\x00e\x00s\x00s\x00V\x00P\x00N\x00 \x00r\x00e\x00q\x00u\x00i\x00r\x00e\x00s\x00 \x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x007\x00 \x00o\x00r\x00 \x00n\x00e\x00w\x00e\x00r\x00.\x00 \x00P\x00l\x00e\x00a\x00s\x00e\x00 \x00u\x00p\x00d\x00a\x00t\x00e\x00 \x00y\x00o\x00u\x00r\x00 \x00o\x00p\x00e\x00r\x00a\x00t\x00i\x00n\x00g\x00 \x00s\x00y\x00s\x00t\x00e\x00m\x00 \x00a\x00n\x00d\x00 \x00t\x00r\x00y\x00 \x00a\x00g\x00a\x00i\x00n\x00,\x00 \x00o\x00r\x00 \x00s\x00i\x00g\x00n\x00 \x00i\x00n\x00 \x00t\x00o\x00 \x00y\x00o\x00u\x00r\x00 \x00E\x00x\x00p\x00r\x00e\x00s\x00s\x00V\x00P\x00N\x00 \x00a\x00c\x00c\x00o\x00u\x00n\x00t\x00 \x00a\x00n\x00d\x00 \x00d\x00o\x00w\x00n\x00l\x00o\x00a\x00d\x00 \x00a\x00 \x00c\x00o\x00m\x00p\x00a\x00t\x00i\x00b\x00l\x00e\x00 \x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00.\x00"\x00 \x00/\x00>\x00
\x00
\x00 \x00 \x00<\x00W\x00i\x00x\x00B\x00u\x00n\x00d\x00l\x00e\x00P\x00r\x00o\x00p\x00e\x00r\x00t\x00i\x00e\x00s\x00 \x00D\x00i\x00s\x00p\x00l\x00a\x00y\x00N\x00a\x00m\x00e\x00=\x00"\x00E\x00x\x00p\x00r\x00e\x00s\x00s\x00V\x00P\x00N\x00"\x00 \x00L\x00o\x00g\x00P\x00a\x00t\x00h\x00V\x00a\x00r\x00i\x00a\x00b\x00l\x00e\x00=\x00"\x00W\x00i\x00x\x00B\x00u\x00n\x00d\x00l\x00e\x00L\x00o\x00g\x00"\x00 \x00C\x00o\x00m\x00p\x00r\x00e\x00s\x00s\x00e\x00d\x00=\x00"\x00n\x00o\x00"\x00 \x00I\x00d\x00=\x00"\x00{\x00e\x008\x007\x00d\x000\x00e\x00c\x00a\x00-\x00d\x00c\x009\x003\x00-\x004\x00f\x005\x005\x00-\x00b\x00f\x007\x004\x00-\x000\x00d\x001\x005\x005\x00d\x008\x00c\x006\x00f\x000\x007\x00}\x00"\x00 \x00U\x00p\x00g\x00r\x00a\x00d\x00e\x00C\x00o\x00d\x00e\x00=\x00"\x00{\x000\x007\x008\x004\x00A\x00A\x004\x00E\x00-\x006\x00E\x006\x00C\x00-\x004\x008\x00B\x006\x00-\x008\x006\x009\x004\x00-\x00E\x00E\x009\x001\x007\x00C\x007\x005\x007\x00B\x00A\x007\x00}\x00"\x00 \x00P\x00e\x00r\x00M\x00a\x00c\x00h\x00i\x00n\x00e\x00=\x00"\x00y\x00e\x00s\x00"\x00 \x00/\x00>\x00
\x00
\x00 \x00 \x00<\x00W\x00i\x00x\x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00P\x00r\x00o\x00p\x00e\x00r\x00t\x00i\x00e\x00s\x00 \x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00=\x00"\x00N\x00e\x00t\x00F\x00x\x004\x005\x00R\x00e\x00d\x00i\x00s\x00t\x00"\x00 \x00V\x00i\x00t\x00a\x00l\x00=\x00"\x00y\x00e\x00s\x00"\x00 \x00D\x00i\x00s\x00p\x00l\x00a\x00y\x00N\x00a\x00m\x00e\x00=\x00"\x00M\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00 \x00.\x00N\x00E\x00T\x00 \x00F\x00r\x00a\x00m\x00e\x00w\x00o\x00r\x00k\x00 \x004\x00.\x005\x00"\x00 \x00D\x00e\x00s\x00c\x00r\x00i\x00p\x00t\x00i\x00o\x00n\x00=\x00"\x00M\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00 \x00.\x00N\x00E\x00T\x00 \x00F\x00r\x00a\x00m\x00e\x00w\x00o\x00r\x00k\x00 \x004\x00.\x005\x00 \x00S\x00e\x00t\x00u\x00p\x00"\x00 \x00D\x00o\x00w\x00n\x00l\x00o\x00a\x00d\x00S\x00i\x00z\x00e\x00=\x00"\x005\x000\x003\x005\x002\x004\x000\x008\x00"\x00 \x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00S\x00i\x00z\x00e\x00=\x00"\x005\x000\x003\x005\x002\x004\x000\x008\x00"\x00 \x00I\x00n\x00s\x00t\x00a\x00l\x00l\x00e\x00d\x00S\x00i\x00z\x00e\x00=\x00"\x005\x000\x003\x005\x002\x004\x000\x008\x00"\x00 \x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00T\x00y\x00p\x00e\x00=\x00"\x00E\x00x\x00e\x00"\x00 \x00P\x00e\x00r\x00m\x00a\x00n\x00e\x00n\x00t\x00=\x00"\x00y\x00e\x00s\x00"\x00 \x00L\x00o\x00g\x00P\x00a\x00t\x00h\x00V\x00a\x00r\x00i\x00a\x00b\x00l\x00e\x00=\x00"\x00N\x00e\x00t\x00F\x00x\x004\x005\x00F\x00u\x00l\x00l\x00L\x00o\x00g\x00"\x00 \x00R\x00o\x00l\x00l\x00b\x00a\x00c\x00k\x00L\x00o\x00g\x00P\x00a\x00t\x00h\x00V\x00a\x00r\x00i\x00a\x00b\x00l\x00e\x00=\x00"\x00W\x00i\x00x\x00B\x00u\x00n\x00d\x00l\x00e\x00R\x00o\x00l\x00l\x00b\x00a\x00c\x00k\x00L\x00o\x00g\x00_\x00N\x00e\x00t\x00F\x00x\x004\x005\x00R\x00e\x00d\x00i\x00s\x00t\x00"\x00 \x00C\x00o\x00m\x00p\x00r\x00e\x00s\x00s\x00e\x00d\x00=\x00"\x00n\x00o\x00"\x00 \x00D\x00i\x00s\x00p\x00l\x00a\x00y\x00I\x00n\x00t\x00e\x00r\x00n\x00a\x00l\x00U\x00I\x00=\x00"\x00n\x00o\x00"\x00 \x00V\x00e\x00r\x00s\x00i\x00o\x00n\x00=\x00"\x004\x00.\x005\x00.\x005\x000\x007\x000\x009\x00.\x001\x007\x009\x002\x009\x00"\x00 \x00C\x00 <truncated> |
|
| 文件名 | thm.wxl |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\thm.wxl
|
| 文件大小 | 4341 字节 |
| 文件类型 | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | 456115cdd9653c7eb2cf908e10604c8e |
| SHA1 | 69e86aa83d1b1c4359481801c2f47c9dbcc62f16 |
| SHA256 | ee1ec6b339057fccaff2a3f114edb316a182a9e4c2bd71d7231d020e2c0c07bb |
| CRC32 | C94CF361 |
| Ssdeep | 96:8LuTh1wBHbTxmOeup/veMoZnZgoVOBq9LP:grpoZn5 |
| 下载 提交魔盾安全分析 显示文本 | |
<?xml version="1.0" encoding="utf-8"?> <!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. --> <WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization"> <String Id="Caption">[WixBundleName] Setup</String> <String Id="Title">[WixBundleName]</String> <String Id="InstallHeader">Thanks for choosing ExpressVPN</String> <String Id="InstallMessage">Click "Install" to begin.</String> <String Id="InstallVersion">Version [WixBundleVersion]</String> <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String> <String Id="ExecuteUpgradeRelatedBundleMessage">Previous version</String> <String Id="HelpHeader">Setup Help</String> <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or creates a complete local copy of the bundle in directory. Install is the default. /passive | /quiet - displays minimal UI with no prompts or displays no UI and no prompts. By default UI and all prompts are displayed. /norestart - suppress any attempts to restart. By default UI will prompt before restart. /log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String> <String Id="HelpCloseButton">&Close</String> <String Id="InstallLicenseLinkText">[WixBundleName] <a href="#">license terms</a>.</String> <String Id="InstallAcceptCheckbox">I &agree to the license terms and conditions</String> <String Id="InstallOptionsButton">&Options</String> <String Id="InstallInstallButton">&Install</String> <String Id="InstallCloseButton">&Cancel</String> <String Id="OptionsHeader">Change Folder</String> <String Id="OptionsLocationLabel">Install location:</String> <String Id="OptionsBrowseButton">&Browse</String> <String Id="OptionsOkButton">&OK</String> <truncated> |
|
| 文件名 | wixstdba.dll |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\wixstdba.dll
|
| 文件大小 | 175616 字节 |
| 文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
| MD5 | d4740d4ef04b7cfe4e93b5d44c8c22a4 |
| SHA1 | 212b4d1e36479a2d9c2ddd896761826629ba5151 |
| SHA256 | f5a7bb3bbf9fa41cef4b77a3e43b392013a75905475831287bf2ba22a4bf5ac8 |
| CRC32 | 13396299 |
| Ssdeep | 3072:/VkP05227feUpV+TqGCvA4a+Go56nyQqy4hY63OcF8/EQM/I6k+WxhD4g/I:/Vy2FYTqGSJ56ny7y4hT1G4p |
| 下载 提交魔盾安全分析 |
| 文件名 | thm.xml |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\thm.xml
|
| 文件大小 | 8808 字节 |
| 文件类型 | XML 1.0 document, ASCII text, with CRLF line terminators |
| MD5 | 180bc42ba9553eea7b7a9858cc3b7551 |
| SHA1 | 9f28f9b199187ee4434f6433bdb2e843cf833e37 |
| SHA256 | 0bd08a3cd08e56ee71d5f60ddbdb226ad671d0e26a59c7cca5ca935761dd5d29 |
| CRC32 | 9139FB0D |
| Ssdeep | 96:8LaHdjzZmzmoL+Bq5YqmM4lxawSdXd8bnA0IflkQwQTBqb2RJdbm9LMrPO8pjzTH:lH5zZmzmo5EbYMi5m8p |
| 下载 提交魔盾安全分析 显示文本 | |
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
<Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010">
<Window Width="667" Height="438" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window>
<Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>
<Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font>
<Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font>
<Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font>
<Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font>
<Font Id="5" Height="-15" Weight="500" Foreground="484848">Segoe UI</Font>
<Font Id="6" Height="-20" Weight="500" Foreground="484848">Segoe UI</Font>
<Font Id="7" Height="-15" Weight="500" Foreground="484848" Background="FFFFFF">Segoe UI</Font>
<Image X="228" Y="51" Width="211" Height="43" ImageFile="logo.png" Visible="yes"/>
<!--
<Text X="0" Y="134" Width="-11" Height="64" FontId="6" Visible="no" DisablePrefix="yes" Center="yes">#(loc.Title)</Text>
-->
<Page Name="Help">
<Text X="0" Y="134" Width="-11" Height="30" FontId="6" DisablePrefix="yes" Center="yes">#(loc.HelpHeader)</Text>
<Text X="0" Y="195" Width="-11" Height="-35" FontId="3" DisablePrefix="yes" Center="yes">#(loc.HelpText)</Text>
<Button Name="HelpCancelButton" X="-20" Y="-30" Width="150" Height="50" TabStop="yes" FontId="5">#(loc.HelpCloseButton)</Button>
</Page>
<Page Name="Install">
<Text X="0" Y="134" Width="0" Height="30" FontId="6" Center="yes">#(loc.InstallHeader)</Text>
<Text X="0" Y="195" Width="0" Height="40" FontId="5" Center="yes">#(loc.InstallMessage)</Text>
<Button Name="Opt <truncated> |
|
| 文件名 | ExpressVPN_20171124185040.log |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\ExpressVPN_20171124185040.log
|
| 文件大小 | 7144 字节 |
| 文件类型 | ASCII text, with CRLF line terminators |
| MD5 | 9d71b53f0c8c88e10b85579326ddc579 |
| SHA1 | 4ee6760b94dc640cf1531d7d542b44a9b25e4ff6 |
| SHA256 | 20794b08635d420bb0c11a85a7d125a36f73952f6457cb22104d5cfc8185b4af |
| CRC32 | 14D69DEB |
| Ssdeep | 96:Y/JB5GziB0WCZhIu+JC+nmwCINftCLmNBQl6ZTv9IVG4pfqKWzqrgaTpynvIn6pD:vgMB2w4 |
| 下载 提交魔盾安全分析 显示文本 | |
[0860:0864][2017-11-24T18:50:40]i001: Burn v3.11.0.1701, Windows v6.1 (Build 7601: Service Pack 1), path: C:\Users\test\AppData\Local\Temp\{B6EBC473-EE69-40A6-964E-5DD7C8A0F8EE}\.cr\expressvpn_6.5.1.3605.exe
[0860:0864][2017-11-24T18:50:40]i000: Initializing string variable 'InstallFolder' to value '[ProgramFilesFolder]ExpressVPN'
[0860:0864][2017-11-24T18:50:40]i009: Command Line: '-burn.clean.room=C:\Users\test\AppData\Local\Temp\expressvpn_6.5.1.3605.exe -burn.filehandle.attached=252 -burn.filehandle.self=260'
[0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\test\AppData\Local\Temp\expressvpn_6.5.1.3605.exe'
[0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\test\AppData\Local\Temp\'
[0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\test\AppData\Local\Temp\ExpressVPN_20171124185040.log'
[0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleName' to value 'ExpressVPN'
[0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleManufacturer' to value 'ExpressVPN'
[0860:08BC][2017-11-24T18:50:41]i000: Setting numeric variable 'WixStdBALanguageId' to value 1033
[0860:08BC][2017-11-24T18:50:41]i000: Setting version variable 'WixBundleFileVersion' to value '6.5.1.3605'
[0860:0864][2017-11-24T18:50:41]i100: Detect begin, 7 packages
[0860:0864][2017-11-24T18:50:41]i000: Setting string variable 'NETFRAMEWORK45' to value '394806'
[0860:0864][2017-11-24T18:50:41]i000: Setting version variable 'PCADMVERSION' to value '6.1.7600.16385'
[0860:0864][2017-11-24T18:50:41]i000: Product or related product not found: {E5B9C3E5-889C-4F22-A959-F4B8D6CD7830}
[0860:0864][2017-11-24T18:50:41]i000: Setting version variable 'PreviousVersion' to value '0.0.0.0'
[0860:0864][2017-11-24T18:50:41]i000: Product or related product not found: {2410107C-0F71-483F-AC07-3C51602C578A}
[0860:0864][2017-11-24T18:50:41]i000: Setting version var <truncated> |
|
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 41.151 seconds )
- 20.418 TargetInfo
- 9.074 Static
- 7.316 Suricata
- 1.624 VirusTotal
- 1.249 NetworkAnalysis
- 0.825 BehaviorAnalysis
- 0.335 peid
- 0.186 AnalysisInfo
- 0.073 Dropped
- 0.039 config_decoder
- 0.009 Strings
- 0.002 Debug
- 0.001 Memory
Signatures ( 1.726 seconds )
- 1.318 md_url_bl
- 0.052 antiav_detectreg
- 0.038 stealth_timeout
- 0.031 api_spamming
- 0.026 decoy_document
- 0.02 infostealer_ftp
- 0.014 antivm_generic_disk
- 0.013 antisandbox_sleep
- 0.012 infostealer_im
- 0.011 mimics_filetime
- 0.011 virus
- 0.011 antianalysis_detectreg
- 0.01 bootkit
- 0.01 infostealer_browser
- 0.01 md_domain_bl
- 0.009 stealth_file
- 0.008 antiav_detectfile
- 0.008 md_bad_drop
- 0.007 antidbg_windows
- 0.007 infostealer_mail
- 0.005 rat_luminosity
- 0.005 antivm_generic_scsi
- 0.005 geodo_banking_trojan
- 0.005 infostealer_bitcoin
- 0.004 ransomware_message
- 0.004 infostealer_browser_password
- 0.004 persistence_autorun
- 0.004 ransomware_extensions
- 0.004 ransomware_files
- 0.003 antivm_generic_services
- 0.003 antivm_vbox_libs
- 0.003 ipc_namedpipe
- 0.003 kibex_behavior
- 0.003 securityxploded_modules
- 0.003 antivm_vbox_files
- 0.002 antiemu_wine_func
- 0.002 tinba_behavior
- 0.002 sets_autoconfig_url
- 0.002 betabot_behavior
- 0.002 kovter_behavior
- 0.002 antivm_parallels_keys
- 0.002 antivm_xen_keys
- 0.002 darkcomet_regkeys
- 0.002 disables_browser_warn
- 0.002 network_http
- 0.002 network_torgateway
- 0.001 network_tor
- 0.001 rat_nanocore
- 0.001 hancitor_behavior
- 0.001 antiav_avast_libs
- 0.001 disables_spdy
- 0.001 injection_createremotethread
- 0.001 antivm_vbox_window
- 0.001 antisandbox_sunbelt_libs
- 0.001 exec_crash
- 0.001 disables_wfp
- 0.001 cerber_behavior
- 0.001 antidbg_devices
- 0.001 antisandbox_productid
- 0.001 antivm_generic_diskreg
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 modify_proxy
- 0.001 browser_security
- 0.001 rat_pcclient
- 0.001 recon_fingerprint
Reporting ( 0.0 seconds )
| Task ID | 141370 |
|---|---|
| Mongo ID | 5ab5a653bb7d57684c2f9a6d |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号