分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp03-4 | 2018-04-10 13:46:08 | 2018-04-10 13:48:36 | 148 秒 |
文件名 | 使用安卓手机充当KMS Server激活服务器.APK |
---|---|
文件大小 | 388660 字节 |
文件类型 | Java archive data (JAR) |
MD5 | 83255fa8d674e9c51784efcb910c55d9 |
SHA1 | d61bbdc433e1e6e67c2908f168dd2bd4ae15fa50 |
SHA256 | a9083435b67898ddb81ef5a04f9b39db7f488440266a391991c86f44593a5ffb |
SHA512 | 46c56044ff8fb79aa10f0736fb866126abb5dfe1ce3b2c7797b60ba2482efa4951dea8191a6e114325891e807e4bc93217cd2911a3a458674a20f07e39622eb6 |
CRC32 | 2B92E677 |
Ssdeep | 6144:qBzAJ8fTR16Ik7GuJlXcW0aItsuDiO2xFW3kahyFRVKKoXImcGDXStsHd:qBzAJ8f9U7LdVmde40VFRVHoXoq9 |
Yara | 登录查看Yara规则 |
样本下载 提交漏报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.18.24.243 | 美国 | |
否 | 117.18.232.200 | 亚洲太平洋地区 | |
否 | 122.224.45.50 | 中国 | |
否 | 210.65.144.178 | 中国台湾 | |
否 | 65.55.186.115 | 美国 |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20180409 |
MicroWorld-eScan | 未发现病毒 | 20180409 |
nProtect | 未发现病毒 | 20180409 |
CMC | 未发现病毒 | 20180409 |
CAT-QuickHeal | 未发现病毒 | 20180409 |
McAfee | 未发现病毒 | 20180409 |
Malwarebytes | 未发现病毒 | 20180409 |
Zillya | 未发现病毒 | 20180409 |
AegisLab | 未发现病毒 | 20180409 |
TheHacker | 未发现病毒 | 20180404 |
Alibaba | 未发现病毒 | 20180409 |
K7GW | 未发现病毒 | 20180409 |
K7AntiVirus | 未发现病毒 | 20180409 |
Baidu | 未发现病毒 | 20180409 |
F-Prot | 未发现病毒 | 20180409 |
SymantecMobileInsight | 未发现病毒 | 20180406 |
Symantec | 未发现病毒 | 20180410 |
ESET-NOD32 | 未发现病毒 | 20180409 |
TrendMicro-HouseCall | 未发现病毒 | 20180410 |
Avast | 未发现病毒 | 20180410 |
ClamAV | 未发现病毒 | 20180410 |
Kaspersky | 未发现病毒 | 20180409 |
BitDefender | 未发现病毒 | 20180410 |
NANO-Antivirus | 未发现病毒 | 20180409 |
SUPERAntiSpyware | 未发现病毒 | 20180409 |
Rising | 未发现病毒 | 20180409 |
Ad-Aware | 未发现病毒 | 20180410 |
Trustlook | 未发现病毒 | 20180410 |
Emsisoft | 未发现病毒 | 20180409 |
Comodo | 未发现病毒 | 20180409 |
F-Secure | 未发现病毒 | 20180409 |
DrWeb | 未发现病毒 | 20180409 |
VIPRE | 未发现病毒 | 20180410 |
TrendMicro | 未发现病毒 | 20180410 |
McAfee-GW-Edition | 未发现病毒 | 20180409 |
Sophos | 未发现病毒 | 20180409 |
Cyren | 未发现病毒 | 20180409 |
Jiangmin | 未发现病毒 | 20180409 |
Webroot | 未发现病毒 | 20180410 |
Avira | 未发现病毒 | 20180409 |
Antiy-AVL | 未发现病毒 | 20180410 |
Kingsoft | 未发现病毒 | 20180410 |
Microsoft | 未发现病毒 | 20180409 |
Arcabit | 未发现病毒 | 20180410 |
ViRobot | 未发现病毒 | 20180410 |
ZoneAlarm | 未发现病毒 | 20180410 |
Avast-Mobile | 未发现病毒 | 20180409 |
GData | 未发现病毒 | 20180409 |
AhnLab-V3 | 未发现病毒 | 20180409 |
ALYac | 未发现病毒 | 20180410 |
AVware | 未发现病毒 | 20180410 |
MAX | 未发现病毒 | 20180410 |
VBA32 | 未发现病毒 | 20180409 |
WhiteArmor | PUP.HighConfidence | 20180408 |
Zoner | 未发现病毒 | 20180410 |
Tencent | 未发现病毒 | 20180410 |
Yandex | 未发现病毒 | 20180408 |
Ikarus | 未发现病毒 | 20180409 |
Fortinet | 未发现病毒 | 20180409 |
AVG | 未发现病毒 | 20180410 |
Panda | 未发现病毒 | 20180409 |
Qihoo-360 | 未发现病毒 | 20180410 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 104.18.24.243 | 美国 | |
否 | 117.18.232.200 | 亚洲太平洋地区 | |
否 | 122.224.45.50 | 中国 | |
否 | 210.65.144.178 | 中国台湾 | |
否 | 65.55.186.115 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.204 | 49163 | 104.18.24.243 ocsp.msocsp.com | 80 |
192.168.122.204 | 49165 | 117.18.232.200 mscrl.microsoft.com | 80 |
192.168.122.204 | 49161 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.204 | 49167 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.204 | 49173 | 210.65.144.178 cdn.epg.tvdownload.microsoft.com | 80 |
192.168.122.204 | 49162 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49166 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49168 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49169 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49170 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49171 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49172 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.204 | 50721 | 192.168.122.1 | 53 |
192.168.122.204 | 52375 | 192.168.122.1 | 53 |
192.168.122.204 | 53539 | 192.168.122.1 | 53 |
192.168.122.204 | 57269 | 192.168.122.1 | 53 |
192.168.122.204 | 63709 | 192.168.122.1 | 53 |
192.168.122.204 | 64291 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.204 | 49163 | 104.18.24.243 ocsp.msocsp.com | 80 |
192.168.122.204 | 49165 | 117.18.232.200 mscrl.microsoft.com | 80 |
192.168.122.204 | 49161 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.204 | 49167 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.204 | 49173 | 210.65.144.178 cdn.epg.tvdownload.microsoft.com | 80 |
192.168.122.204 | 49162 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49166 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49168 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49169 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49170 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49171 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
192.168.122.204 | 49172 | 65.55.186.115 data.tvdownload.microsoft.com | 443 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.204 | 50721 | 192.168.122.1 | 53 |
192.168.122.204 | 52375 | 192.168.122.1 | 53 |
192.168.122.204 | 53539 | 192.168.122.1 | 53 |
192.168.122.204 | 57269 | 192.168.122.1 | 53 |
192.168.122.204 | 63709 | 192.168.122.1 | 53 |
192.168.122.204 | 64291 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D | GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: */* If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com |
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D | GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com |
URL专业沙箱检测 -> http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl | GET /pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: mscrl.microsoft.com |
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc | GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-04-10 13:46:36.108546+0800 | 122.224.45.50 | 80 | 192.168.122.204 | 49161 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
2018-04-10 13:46:41.756861+0800 | 122.224.45.50 | 80 | 192.168.122.204 | 49167 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2018-04-10 13:46:37.571469+0800 | 192.168.122.204 | 49162 | 65.55.186.115 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2018-04-10 13:46:42.531290+0800 | 192.168.122.204 | 49168 | 65.55.186.115 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2018-04-10 13:46:47.490613+0800 | 192.168.122.204 | 49172 | 65.55.186.115 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
2018-04-10 13:46:45.000774+0800 | 192.168.122.204 | 49170 | 65.55.186.115 | 443 | TLSv1 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com | a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 147421 |
---|---|
Mongo ID | 5acc504fa093ef2d6cbdc891 |
Cuckoo release | 1.4-Maldun |