分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp01-2 | 2018-03-24 09:10:36 | 2018-03-24 09:13:05 | 149 秒 |
文件名 | expressvpn_6.5.1.3605.exe |
---|---|
文件大小 | 25491712 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 15e962297483472130e8367fca6d2ef1 |
SHA1 | 90cc20712db9d7956b55e283e6b39ba2b2788535 |
SHA256 | c4e815cf040819b29b43405977a30bf749d2ee8ae09b9a7dad9011d904cbdd81 |
SHA512 | 75b6e3c27156715aa19dffbdc8f82c85e922efd5c4a07c2f9f8208b5460f478b6a81d700e6a8d1a73536c42515143fe8dffa027255ec20c01fb1b7788fdcf298 |
CRC32 | B091CE9F |
Ssdeep | 786432:i0liK/0UVaH7lDnSCV74IcugFmKDDBOl+0yq6L:HB00C7lDP74I1WmKTUk |
Yara | 登录查看Yara规则 |
样本下载 提交漏报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.16.91.188 | 美国 | |
否 | 117.18.237.29 | 亚洲太平洋地区 |
域名 | 安全评级 | 响应 |
---|---|---|
crt.comodoca.com |
A 104.16.92.188 CNAME crt.comodoca.com.cdn.cloudflare.net A 104.16.90.188 A 104.16.91.188 A 104.16.93.188 A 104.16.89.188 |
|
ocsp.digicert.com |
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0042e1fd |
声明校验值 | 0x0185cc4c |
实际校验值 | 0x0185cc4c |
最低操作系统版本要求 | 5.1 |
PDB路径 | C:\build\work\eca3d12b\wix3\build\ship\x86\burn.pdb |
编译时间 | 2017-05-01 22:33:52 |
载入哈希 | 945b38293d63de197023e59f28a06bb8 |
图标 | |
图标精确哈希值 | 7afc4835c274d97cb3c14bdf33c92032 |
图标相似性哈希值 | 7dacd6c800b3cb402fe38f3b3f972f75 |
LegalCopyright | |
---|---|
InternalName | |
FileVersion | |
CompanyName | |
ProductName | |
ProductVersion | |
FileDescription | |
OriginalFilename | |
Translation |
SHA1 | 时间戳 | 有效性 | 错误 |
---|---|---|---|
None | Wed Feb 07 16:46:59 2018 | 无 |
证书链 | Certificate Chain 1 |
发行给 | AddTrust External CA Root |
发行人 | AddTrust External CA Root |
有效期 | Sat May 30 184838 2020 |
SHA1 哈希 | 02faf3e291435468607857694df5e45b68851868 |
证书链 | Certificate Chain 2 |
发行给 | COMODO RSA Certification Authority |
发行人 | AddTrust External CA Root |
有效期 | Sat May 30 184838 2020 |
SHA1 哈希 | f5ad0bcc1ad56cd150725b1c866c30ad92ef21b0 |
证书链 | Certificate Chain 3 |
发行给 | COMODO RSA Code Signing CA |
发行人 | COMODO RSA Certification Authority |
有效期 | Tue May 09 075959 2028 |
SHA1 哈希 | b69e752bbe88b4458200a7c0f4f5b3cce6f35b47 |
证书链 | Certificate Chain 4 |
发行给 | Express Vpn LLC |
发行人 | COMODO RSA Code Signing CA |
有效期 | Thu Jan 21 075959 2021 |
SHA1 哈希 | bb0304c1ff6dc0384701dd88363c2f1a1d5c8aeb |
证书链 | Timestamp Chain 1 |
发行给 | UTN-USERFirst-Object |
发行人 | UTN-USERFirst-Object |
有效期 | Wed Jul 10 024036 2019 |
SHA1 哈希 | e12dfb4b41d7d9c32b30514bac1d81d8385e2d46 |
证书链 | Timestamp Chain 2 |
发行给 | COMODO SHA-256 Time Stamping Signer |
发行人 | UTN-USERFirst-Object |
有效期 | Wed Jul 10 024036 2019 |
SHA1 哈希 | 36527d4fa26a68f9eb4596f1d99abb2c0ea76dfa |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00049a67 | 0x00049c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.56 |
.rdata | 0x0004b000 | 0x0001ec60 | 0x0001ee00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.11 |
.data | 0x0006a000 | 0x00001730 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.15 |
.wixburn | 0x0006c000 | 0x00000038 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.75 |
.tls | 0x0006d000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.rsrc | 0x0006e000 | 0x0005d7cc | 0x0005d800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 2.72 |
.reloc | 0x000cc000 | 0x00003dec | 0x00003e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.79 |
偏移量 | 0x000cb200 |
大小 | 0x01784700 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
RT_ICON | 0x00086770 | 0x00042028 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.31 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 33554431, next used block 33554431 |
RT_MESSAGETABLE | 0x000c8798 | 0x00002840 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.07 | data |
RT_GROUP_ICON | 0x000cafd8 | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.56 | MS Windows icon resource - 6 icons, 16x16 |
RT_VERSION | 0x000cb034 | 0x000002c4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.30 | data |
RT_MANIFEST | 0x000cb2f8 | 0x000004d2 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.31 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20180322 |
MicroWorld-eScan | 未发现病毒 | 20180322 |
nProtect | 未发现病毒 | 20180322 |
CMC | 未发现病毒 | 20180322 |
CAT-QuickHeal | 未发现病毒 | 20180322 |
McAfee | 未发现病毒 | 20180322 |
Cylance | 未发现病毒 | 20180322 |
SUPERAntiSpyware | 未发现病毒 | 20180322 |
TheHacker | 未发现病毒 | 20180319 |
K7GW | 未发现病毒 | 20180322 |
K7AntiVirus | 未发现病毒 | 20180322 |
Invincea | 未发现病毒 | 20180121 |
Baidu | 未发现病毒 | 20180322 |
F-Prot | 未发现病毒 | 20180322 |
Symantec | 未发现病毒 | 20180322 |
ESET-NOD32 | 未发现病毒 | 20180322 |
TrendMicro-HouseCall | 未发现病毒 | 20180322 |
Avast | 未发现病毒 | 20180322 |
ClamAV | 未发现病毒 | 20180322 |
Kaspersky | 未发现病毒 | 20180322 |
BitDefender | 未发现病毒 | 20180322 |
NANO-Antivirus | 未发现病毒 | 20180322 |
Paloalto | 未发现病毒 | 20180322 |
ViRobot | 未发现病毒 | 20180322 |
Tencent | 未发现病毒 | 20180322 |
Ad-Aware | 未发现病毒 | 20180322 |
Sophos | 未发现病毒 | 20180322 |
Comodo | 未发现病毒 | 20180322 |
F-Secure | 未发现病毒 | 20180322 |
DrWeb | 未发现病毒 | 20180322 |
VIPRE | 未发现病毒 | 20180322 |
TrendMicro | 未发现病毒 | 20180322 |
McAfee-GW-Edition | 未发现病毒 | 20180322 |
Emsisoft | 未发现病毒 | 20180322 |
SentinelOne | 未发现病毒 | 20180225 |
Cyren | 未发现病毒 | 20180322 |
Jiangmin | 未发现病毒 | 20180322 |
Webroot | 未发现病毒 | 20180322 |
Avira | 未发现病毒 | 20180322 |
Fortinet | 未发现病毒 | 20180322 |
Antiy-AVL | 未发现病毒 | 20180322 |
Kingsoft | 未发现病毒 | 20180322 |
Endgame | 未发现病毒 | 20180316 |
Arcabit | 未发现病毒 | 20180322 |
AegisLab | 未发现病毒 | 20180322 |
ZoneAlarm | 未发现病毒 | 20180322 |
Avast-Mobile | 未发现病毒 | 20180322 |
Microsoft | 未发现病毒 | 20180322 |
AhnLab-V3 | 未发现病毒 | 20180322 |
ALYac | 未发现病毒 | 20180322 |
AVware | 未发现病毒 | 20180322 |
MAX | 未发现病毒 | 20180322 |
VBA32 | 未发现病毒 | 20180322 |
Malwarebytes | 未发现病毒 | 20180322 |
WhiteArmor | 未发现病毒 | 20180223 |
Zoner | 未发现病毒 | 20180322 |
Rising | 未发现病毒 | 20180322 |
Yandex | 未发现病毒 | 20180322 |
Ikarus | 未发现病毒 | 20180322 |
eGambit | 未发现病毒 | 20180322 |
GData | 未发现病毒 | 20180322 |
AVG | 未发现病毒 | 20180322 |
Cybereason | 未发现病毒 | 20180225 |
Panda | 未发现病毒 | 20180321 |
CrowdStrike | 未发现病毒 | 20170201 |
Qihoo-360 | 未发现病毒 | 20180322 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.16.91.188 | 美国 | |
否 | 117.18.237.29 | 亚洲太平洋地区 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49158 | 104.16.91.188 crt.comodoca.com | 80 |
192.168.122.202 | 49168 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49159 | 178.255.83.1 | 80 |
192.168.122.202 | 49160 | 178.255.83.1 | 80 |
192.168.122.202 | 49161 | 178.255.83.1 | 80 |
192.168.122.202 | 49167 | 65.200.22.9 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 51930 | 192.168.122.1 | 53 |
192.168.122.202 | 51997 | 192.168.122.1 | 53 |
192.168.122.202 | 53717 | 192.168.122.1 | 53 |
192.168.122.202 | 54930 | 192.168.122.1 | 53 |
192.168.122.202 | 57729 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
crt.comodoca.com |
A 104.16.92.188 CNAME crt.comodoca.com.cdn.cloudflare.net A 104.16.90.188 A 104.16.91.188 A 104.16.93.188 A 104.16.89.188 |
|
ocsp.digicert.com |
CNAME cs9.wac.phicdn.net A 117.18.237.29 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49158 | 104.16.91.188 crt.comodoca.com | 80 |
192.168.122.202 | 49168 | 117.18.237.29 ocsp.digicert.com | 80 |
192.168.122.202 | 49159 | 178.255.83.1 | 80 |
192.168.122.202 | 49160 | 178.255.83.1 | 80 |
192.168.122.202 | 49161 | 178.255.83.1 | 80 |
192.168.122.202 | 49167 | 65.200.22.9 | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 51930 | 192.168.122.1 | 53 |
192.168.122.202 | 51997 | 192.168.122.1 | 53 |
192.168.122.202 | 53717 | 192.168.122.1 | 53 |
192.168.122.202 | 54930 | 192.168.122.1 | 53 |
192.168.122.202 | 57729 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://crt.comodoca.com/COMODORSAAddTrustCA.crt | GET /COMODORSAAddTrustCA.crt HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: crt.comodoca.com |
URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1 Cache-Control: max-age = 462303 Connection: Keep-Alive Accept: */* If-Modified-Since: Tue, 30 May 2017 14:10:49 GMT User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.usertrust.com |
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEC58h8wOk0pS%2FpT9HLfNNK8%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com |
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEQDjB%2Fbx%2BsdCPmwAM2qUEFsX | GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSSdxXdG447ymkRNPVViULv3rkBzQQUKZFg%2F4pN%2Buv5pmq4z%2FnmS71JzhICEQDjB%2Fbx%2BsdCPmwAM2qUEFsX HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.comodoca.com |
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 02 Sep 2017 10:30:03 GMT If-None-Match: "59aa882b-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
文件名 | progressbar.png |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\progressbar.png
|
文件大小 | 139 字节 |
文件类型 | PNG image data, 4 x 28, 8-bit/color RGBA, non-interlaced |
MD5 | 6ad97b79dcee4ccc8099cddaa0c3541e |
SHA1 | a94be2c46de7927a02a11059b8e4a844c528f7d2 |
SHA256 | e6db7240e6f628c670db07c07ecf5c55e171b413487aa9c7e5427f31255bf468 |
CRC32 | FB59EAE3 |
Ssdeep | 3:yionv//thPlJjt778W3MLts7CX9/gh/rywOxGhakLTrcFe/l2up:6v/lhPOwMR/ChmFp4r/l2up |
下载 提交魔盾安全分析 |
文件名 | expressvpn_6.5.1.3605.exe |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\{B6EBC473-EE69-40A6-964E-5DD7C8A0F8EE}\.cr\expressvpn_6.5.1.3605.exe
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.be\ExpressVPN_6.5.1.3605.exe
|
文件大小 | 947856 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 8ffc184ff9bba97578593331bfcddd38 |
SHA1 | c6adae30de913595fabd3c2c0442a86163b0c660 |
SHA256 | 697f47a48e806558440574b12fcf4c6b46f27a86cd71b7e3dd30f5f021aaef83 |
CRC32 | 885E1078 |
Ssdeep | 12288:h79g/k9Ygb25zyaaEqrHqm/AkP7yrjlIX5g8v:jgwYgb25FJsqIAkTx |
下载 提交魔盾安全分析 |
文件名 | logo.png |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\logo.png
|
文件大小 | 8148 字节 |
文件类型 | PNG image data, 211 x 43, 8-bit/color RGBA, non-interlaced |
MD5 | 06b448ef3db3dc6ef6557fad768e8211 |
SHA1 | 7b9fc89fad2273a4ff568dac9ad75ea92391389f |
SHA256 | 95ce59c408c9165a692e3f96c0ea714fb8db6271bb6ab8ad94d1ece0ba747ab1 |
CRC32 | 54137EA0 |
Ssdeep | 192:eq4W+FWz31wbgQjlcf0mox1GY/hRtfKyVKRgP:14W+Fm3mbgQjLmA7pRMyVKRgP |
下载 提交魔盾安全分析 |
文件名 | BootstrapperApplicationData.xml |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\BootstrapperApplicationData.xml
|
文件大小 | 12502 字节 |
文件类型 | XML 1.0 document, Little-endian UTF-16 Unicode text, with very long lines, with CRLF line terminators |
MD5 | 2459fcadd4eca84cea848fb01c888e9c |
SHA1 | 47001170aa469ff755c6edc1430a0c3a7f047c9e |
SHA256 | 1f3c36ab79f3f0818c62813886baac52bca06f6ea57f9fcc82c379cb1aad1aa3 |
CRC32 | EFAEF290 |
Ssdeep | 192:X0suuKTOkYfa+B56CX7beEgodQXJHGtmjMCv8wsJkSY/cWna:X0suuKKJOZ/wd |
下载 提交魔盾安全分析 显示文本 | |
\xff\xfe<\x00?\x00x\x00m\x00l\x00 \x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00=\x00"\x001\x00.\x000\x00"\x00 \x00e\x00n\x00c\x00o\x00d\x00i\x00n\x00g\x00=\x00"\x00u\x00t\x00f\x00-\x001\x006\x00"\x00?\x00>\x00 \x00 \x00<\x00B\x00o\x00o\x00t\x00s\x00t\x00r\x00a\x00p\x00p\x00e\x00r\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00D\x00a\x00t\x00a\x00 \x00x\x00m\x00l\x00n\x00s\x00=\x00"\x00h\x00t\x00t\x00p\x00:\x00/\x00/\x00s\x00c\x00h\x00e\x00m\x00a\x00s\x00.\x00m\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00.\x00c\x00o\x00m\x00/\x00w\x00i\x00x\x00/\x002\x000\x001\x000\x00/\x00B\x00o\x00o\x00t\x00s\x00t\x00r\x00a\x00p\x00p\x00e\x00r\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00D\x00a\x00t\x00a\x00"\x00>\x00 \x00 \x00 \x00 \x00<\x00W\x00i\x00x\x00B\x00a\x00l\x00C\x00o\x00n\x00d\x00i\x00t\x00i\x00o\x00n\x00 \x00C\x00o\x00n\x00d\x00i\x00t\x00i\x00o\x00n\x00=\x00"\x00V\x00e\x00r\x00s\x00i\x00o\x00n\x00N\x00T\x00 \x00&\x00g\x00t\x00;\x00=\x00 \x00v\x006\x00.\x001\x00"\x00 \x00M\x00e\x00s\x00s\x00a\x00g\x00e\x00=\x00"\x00T\x00h\x00i\x00s\x00 \x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00 \x00o\x00f\x00 \x00E\x00x\x00p\x00r\x00e\x00s\x00s\x00V\x00P\x00N\x00 \x00r\x00e\x00q\x00u\x00i\x00r\x00e\x00s\x00 \x00W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x007\x00 \x00o\x00r\x00 \x00n\x00e\x00w\x00e\x00r\x00.\x00 \x00P\x00l\x00e\x00a\x00s\x00e\x00 \x00u\x00p\x00d\x00a\x00t\x00e\x00 \x00y\x00o\x00u\x00r\x00 \x00o\x00p\x00e\x00r\x00a\x00t\x00i\x00n\x00g\x00 \x00s\x00y\x00s\x00t\x00e\x00m\x00 \x00a\x00n\x00d\x00 \x00t\x00r\x00y\x00 \x00a\x00g\x00a\x00i\x00n\x00,\x00 \x00o\x00r\x00 \x00s\x00i\x00g\x00n\x00 \x00i\x00n\x00 \x00t\x00o\x00 \x00y\x00o\x00u\x00r\x00 \x00E\x00x\x00p\x00r\x00e\x00s\x00s\x00V\x00P\x00N\x00 \x00a\x00c\x00c\x00o\x00u\x00n\x00t\x00 \x00a\x00n\x00d\x00 \x00d\x00o\x00w\x00n\x00l\x00o\x00a\x00d\x00 \x00a\x00 \x00c\x00o\x00m\x00p\x00a\x00t\x00i\x00b\x00l\x00e\x00 \x00v\x00e\x00r\x00s\x00i\x00o\x00n\x00.\x00"\x00 \x00/\x00>\x00 \x00 \x00 \x00 \x00<\x00W\x00i\x00x\x00B\x00u\x00n\x00d\x00l\x00e\x00P\x00r\x00o\x00p\x00e\x00r\x00t\x00i\x00e\x00s\x00 \x00D\x00i\x00s\x00p\x00l\x00a\x00y\x00N\x00a\x00m\x00e\x00=\x00"\x00E\x00x\x00p\x00r\x00e\x00s\x00s\x00V\x00P\x00N\x00"\x00 \x00L\x00o\x00g\x00P\x00a\x00t\x00h\x00V\x00a\x00r\x00i\x00a\x00b\x00l\x00e\x00=\x00"\x00W\x00i\x00x\x00B\x00u\x00n\x00d\x00l\x00e\x00L\x00o\x00g\x00"\x00 \x00C\x00o\x00m\x00p\x00r\x00e\x00s\x00s\x00e\x00d\x00=\x00"\x00n\x00o\x00"\x00 \x00I\x00d\x00=\x00"\x00{\x00e\x008\x007\x00d\x000\x00e\x00c\x00a\x00-\x00d\x00c\x009\x003\x00-\x004\x00f\x005\x005\x00-\x00b\x00f\x007\x004\x00-\x000\x00d\x001\x005\x005\x00d\x008\x00c\x006\x00f\x000\x007\x00}\x00"\x00 \x00U\x00p\x00g\x00r\x00a\x00d\x00e\x00C\x00o\x00d\x00e\x00=\x00"\x00{\x000\x007\x008\x004\x00A\x00A\x004\x00E\x00-\x006\x00E\x006\x00C\x00-\x004\x008\x00B\x006\x00-\x008\x006\x009\x004\x00-\x00E\x00E\x009\x001\x007\x00C\x007\x005\x007\x00B\x00A\x007\x00}\x00"\x00 \x00P\x00e\x00r\x00M\x00a\x00c\x00h\x00i\x00n\x00e\x00=\x00"\x00y\x00e\x00s\x00"\x00 \x00/\x00>\x00 \x00 \x00 \x00 \x00<\x00W\x00i\x00x\x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00P\x00r\x00o\x00p\x00e\x00r\x00t\x00i\x00e\x00s\x00 \x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00=\x00"\x00N\x00e\x00t\x00F\x00x\x004\x005\x00R\x00e\x00d\x00i\x00s\x00t\x00"\x00 \x00V\x00i\x00t\x00a\x00l\x00=\x00"\x00y\x00e\x00s\x00"\x00 \x00D\x00i\x00s\x00p\x00l\x00a\x00y\x00N\x00a\x00m\x00e\x00=\x00"\x00M\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00 \x00.\x00N\x00E\x00T\x00 \x00F\x00r\x00a\x00m\x00e\x00w\x00o\x00r\x00k\x00 \x004\x00.\x005\x00"\x00 \x00D\x00e\x00s\x00c\x00r\x00i\x00p\x00t\x00i\x00o\x00n\x00=\x00"\x00M\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00 \x00.\x00N\x00E\x00T\x00 \x00F\x00r\x00a\x00m\x00e\x00w\x00o\x00r\x00k\x00 \x004\x00.\x005\x00 \x00S\x00e\x00t\x00u\x00p\x00"\x00 \x00D\x00o\x00w\x00n\x00l\x00o\x00a\x00d\x00S\x00i\x00z\x00e\x00=\x00"\x005\x000\x003\x005\x002\x004\x000\x008\x00"\x00 \x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00S\x00i\x00z\x00e\x00=\x00"\x005\x000\x003\x005\x002\x004\x000\x008\x00"\x00 \x00I\x00n\x00s\x00t\x00a\x00l\x00l\x00e\x00d\x00S\x00i\x00z\x00e\x00=\x00"\x005\x000\x003\x005\x002\x004\x000\x008\x00"\x00 \x00P\x00a\x00c\x00k\x00a\x00g\x00e\x00T\x00y\x00p\x00e\x00=\x00"\x00E\x00x\x00e\x00"\x00 \x00P\x00e\x00r\x00m\x00a\x00n\x00e\x00n\x00t\x00=\x00"\x00y\x00e\x00s\x00"\x00 \x00L\x00o\x00g\x00P\x00a\x00t\x00h\x00V\x00a\x00r\x00i\x00a\x00b\x00l\x00e\x00=\x00"\x00N\x00e\x00t\x00F\x00x\x004\x005\x00F\x00u\x00l\x00l\x00L\x00o\x00g\x00"\x00 \x00R\x00o\x00l\x00l\x00b\x00a\x00c\x00k\x00L\x00o\x00g\x00P\x00a\x00t\x00h\x00V\x00a\x00r\x00i\x00a\x00b\x00l\x00e\x00=\x00"\x00W\x00i\x00x\x00B\x00u\x00n\x00d\x00l\x00e\x00R\x00o\x00l\x00l\x00b\x00a\x00c\x00k\x00L\x00o\x00g\x00_\x00N\x00e\x00t\x00F\x00x\x004\x005\x00R\x00e\x00d\x00i\x00s\x00t\x00"\x00 \x00C\x00o\x00m\x00p\x00r\x00e\x00s\x00s\x00e\x00d\x00=\x00"\x00n\x00o\x00"\x00 \x00D\x00i\x00s\x00p\x00l\x00a\x00y\x00I\x00n\x00t\x00e\x00r\x00n\x00a\x00l\x00U\x00I\x00=\x00"\x00n\x00o\x00"\x00 \x00V\x00e\x00r\x00s\x00i\x00o\x00n\x00=\x00"\x004\x00.\x005\x00.\x005\x000\x007\x000\x009\x00.\x001\x007\x009\x002\x009\x00"\x00 \x00C\x00 <truncated> |
文件名 | thm.wxl |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\thm.wxl
|
文件大小 | 4341 字节 |
文件类型 | XML 1.0 document, ASCII text, with CRLF line terminators |
MD5 | 456115cdd9653c7eb2cf908e10604c8e |
SHA1 | 69e86aa83d1b1c4359481801c2f47c9dbcc62f16 |
SHA256 | ee1ec6b339057fccaff2a3f114edb316a182a9e4c2bd71d7231d020e2c0c07bb |
CRC32 | C94CF361 |
Ssdeep | 96:8LuTh1wBHbTxmOeup/veMoZnZgoVOBq9LP:grpoZn5 |
下载 提交魔盾安全分析 显示文本 | |
<?xml version="1.0" encoding="utf-8"?> <!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. --> <WixLocalization Culture="en-us" Language="1033" xmlns="http://schemas.microsoft.com/wix/2006/localization"> <String Id="Caption">[WixBundleName] Setup</String> <String Id="Title">[WixBundleName]</String> <String Id="InstallHeader">Thanks for choosing ExpressVPN</String> <String Id="InstallMessage">Click "Install" to begin.</String> <String Id="InstallVersion">Version [WixBundleVersion]</String> <String Id="ConfirmCancelMessage">Are you sure you want to cancel?</String> <String Id="ExecuteUpgradeRelatedBundleMessage">Previous version</String> <String Id="HelpHeader">Setup Help</String> <String Id="HelpText">/install | /repair | /uninstall | /layout [directory] - installs, repairs, uninstalls or creates a complete local copy of the bundle in directory. Install is the default. /passive | /quiet - displays minimal UI with no prompts or displays no UI and no prompts. By default UI and all prompts are displayed. /norestart - suppress any attempts to restart. By default UI will prompt before restart. /log log.txt - logs to a specific file. By default a log file is created in %TEMP%.</String> <String Id="HelpCloseButton">&Close</String> <String Id="InstallLicenseLinkText">[WixBundleName] <a href="#">license terms</a>.</String> <String Id="InstallAcceptCheckbox">I &agree to the license terms and conditions</String> <String Id="InstallOptionsButton">&Options</String> <String Id="InstallInstallButton">&Install</String> <String Id="InstallCloseButton">&Cancel</String> <String Id="OptionsHeader">Change Folder</String> <String Id="OptionsLocationLabel">Install location:</String> <String Id="OptionsBrowseButton">&Browse</String> <String Id="OptionsOkButton">&OK</String> <truncated> |
文件名 | wixstdba.dll |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\wixstdba.dll
|
文件大小 | 175616 字节 |
文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
MD5 | d4740d4ef04b7cfe4e93b5d44c8c22a4 |
SHA1 | 212b4d1e36479a2d9c2ddd896761826629ba5151 |
SHA256 | f5a7bb3bbf9fa41cef4b77a3e43b392013a75905475831287bf2ba22a4bf5ac8 |
CRC32 | 13396299 |
Ssdeep | 3072:/VkP05227feUpV+TqGCvA4a+Go56nyQqy4hY63OcF8/EQM/I6k+WxhD4g/I:/Vy2FYTqGSJ56ny7y4hT1G4p |
下载 提交魔盾安全分析 |
文件名 | thm.xml |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\{6FAA1F20-30F5-4054-AEE5-96769D3CDA32}\.ba\thm.xml
|
文件大小 | 8808 字节 |
文件类型 | XML 1.0 document, ASCII text, with CRLF line terminators |
MD5 | 180bc42ba9553eea7b7a9858cc3b7551 |
SHA1 | 9f28f9b199187ee4434f6433bdb2e843cf833e37 |
SHA256 | 0bd08a3cd08e56ee71d5f60ddbdb226ad671d0e26a59c7cca5ca935761dd5d29 |
CRC32 | 9139FB0D |
Ssdeep | 96:8LaHdjzZmzmoL+Bq5YqmM4lxawSdXd8bnA0IflkQwQTBqb2RJdbm9LMrPO8pjzTH:lH5zZmzmo5EbYMi5m8p |
下载 提交魔盾安全分析 显示文本 | |
<?xml version="1.0" encoding="utf-8"?> <!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. --> <Theme xmlns="http://wixtoolset.org/schemas/thmutil/2010"> <Window Width="667" Height="438" HexStyle="100a0000" FontId="0">#(loc.Caption)</Window> <Font Id="0" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font> <Font Id="1" Height="-24" Weight="500" Foreground="000000">Segoe UI</Font> <Font Id="2" Height="-22" Weight="500" Foreground="666666">Segoe UI</Font> <Font Id="3" Height="-12" Weight="500" Foreground="000000" Background="FFFFFF">Segoe UI</Font> <Font Id="4" Height="-12" Weight="500" Foreground="ff0000" Background="FFFFFF" Underline="yes">Segoe UI</Font> <Font Id="5" Height="-15" Weight="500" Foreground="484848">Segoe UI</Font> <Font Id="6" Height="-20" Weight="500" Foreground="484848">Segoe UI</Font> <Font Id="7" Height="-15" Weight="500" Foreground="484848" Background="FFFFFF">Segoe UI</Font> <Image X="228" Y="51" Width="211" Height="43" ImageFile="logo.png" Visible="yes"/> <!-- <Text X="0" Y="134" Width="-11" Height="64" FontId="6" Visible="no" DisablePrefix="yes" Center="yes">#(loc.Title)</Text> --> <Page Name="Help"> <Text X="0" Y="134" Width="-11" Height="30" FontId="6" DisablePrefix="yes" Center="yes">#(loc.HelpHeader)</Text> <Text X="0" Y="195" Width="-11" Height="-35" FontId="3" DisablePrefix="yes" Center="yes">#(loc.HelpText)</Text> <Button Name="HelpCancelButton" X="-20" Y="-30" Width="150" Height="50" TabStop="yes" FontId="5">#(loc.HelpCloseButton)</Button> </Page> <Page Name="Install"> <Text X="0" Y="134" Width="0" Height="30" FontId="6" Center="yes">#(loc.InstallHeader)</Text> <Text X="0" Y="195" Width="0" Height="40" FontId="5" Center="yes">#(loc.InstallMessage)</Text> <Button Name="Opt <truncated> |
文件名 | ExpressVPN_20171124185040.log |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\ExpressVPN_20171124185040.log
|
文件大小 | 7144 字节 |
文件类型 | ASCII text, with CRLF line terminators |
MD5 | 9d71b53f0c8c88e10b85579326ddc579 |
SHA1 | 4ee6760b94dc640cf1531d7d542b44a9b25e4ff6 |
SHA256 | 20794b08635d420bb0c11a85a7d125a36f73952f6457cb22104d5cfc8185b4af |
CRC32 | 14D69DEB |
Ssdeep | 96:Y/JB5GziB0WCZhIu+JC+nmwCINftCLmNBQl6ZTv9IVG4pfqKWzqrgaTpynvIn6pD:vgMB2w4 |
下载 提交魔盾安全分析 显示文本 | |
[0860:0864][2017-11-24T18:50:40]i001: Burn v3.11.0.1701, Windows v6.1 (Build 7601: Service Pack 1), path: C:\Users\test\AppData\Local\Temp\{B6EBC473-EE69-40A6-964E-5DD7C8A0F8EE}\.cr\expressvpn_6.5.1.3605.exe [0860:0864][2017-11-24T18:50:40]i000: Initializing string variable 'InstallFolder' to value '[ProgramFilesFolder]ExpressVPN' [0860:0864][2017-11-24T18:50:40]i009: Command Line: '-burn.clean.room=C:\Users\test\AppData\Local\Temp\expressvpn_6.5.1.3605.exe -burn.filehandle.attached=252 -burn.filehandle.self=260' [0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\test\AppData\Local\Temp\expressvpn_6.5.1.3605.exe' [0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\test\AppData\Local\Temp\' [0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\test\AppData\Local\Temp\ExpressVPN_20171124185040.log' [0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleName' to value 'ExpressVPN' [0860:0864][2017-11-24T18:50:40]i000: Setting string variable 'WixBundleManufacturer' to value 'ExpressVPN' [0860:08BC][2017-11-24T18:50:41]i000: Setting numeric variable 'WixStdBALanguageId' to value 1033 [0860:08BC][2017-11-24T18:50:41]i000: Setting version variable 'WixBundleFileVersion' to value '6.5.1.3605' [0860:0864][2017-11-24T18:50:41]i100: Detect begin, 7 packages [0860:0864][2017-11-24T18:50:41]i000: Setting string variable 'NETFRAMEWORK45' to value '394806' [0860:0864][2017-11-24T18:50:41]i000: Setting version variable 'PCADMVERSION' to value '6.1.7600.16385' [0860:0864][2017-11-24T18:50:41]i000: Product or related product not found: {E5B9C3E5-889C-4F22-A959-F4B8D6CD7830} [0860:0864][2017-11-24T18:50:41]i000: Setting version variable 'PreviousVersion' to value '0.0.0.0' [0860:0864][2017-11-24T18:50:41]i000: Product or related product not found: {2410107C-0F71-483F-AC07-3C51602C578A} [0860:0864][2017-11-24T18:50:41]i000: Setting version var <truncated> |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 141370 |
---|---|
Mongo ID | 5ab5a653bb7d57684c2f9a6d |
Cuckoo release | 1.4-Maldun |