比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64 2016-09-06 14:52:27 2016-09-06 14:53:46 79 秒

魔盾分数

2.8

可疑的

文件详细信息

文件名 IMENUI.EXE
文件大小 80240 字节
文件类型 PE32+ executable (GUI) x86-64, for MS Windows
MD5 4e0edca0084de6f20a3e85030254d9d3
SHA1 1c3fdc19179a0e1f7707a427c38168e6f954d789
SHA256 e59f09d451ac16bbba22f4ca178208da1a3bbf5fb2610d99feeabccf329d4eed
SHA512 2a91119147eba581b68511e03a88e32b6a18a9e7f2d99010a00a9bc0cb2889b4f130dac126f174bca3dd34f9fd3adae0b849b6066635387e21afa656453b0aff
CRC32 203E0109
Ssdeep 1536:rPGwccZdRsQy+qKdLR2WLPKKcBBX/zdxIm23eY6JOpJ2zIBNcEq9rHUs8:rtcsdRsQy+qigR0l3etJOpwzKcEq9os8
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
58.211.137.192 中国
23.44.155.27 美国
198.41.215.185 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ss.symcd.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27
ocsp.msocsp.com A 198.41.214.185
CNAME hostedocsp.globalsign.com
A 198.41.214.186
A 198.41.214.187
A 198.41.215.183
A 198.41.215.182
A 198.41.215.185
A 198.41.214.183
A 198.41.215.184
A 198.41.215.186
A 198.41.214.184
ocsp.verisign.com
sd.symcd.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x140000000
入口地址 0x1400089b8
声明校验值 0x00015259
实际校验值 0x00015259
最低操作系统版本要求 5.2
PDB路径 t:\ime\x64\ship\0\imenui.pdb\x0064\ship\0\imenui.exe\bbtopt\imenuiO.pdb
编译时间 2010-01-21 16:16:33

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
LegalTrademarks
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
f4d4592283e2fcaa76acc454db7ab89d00a015ce Thu Jan 21 16:36:51 2010
证书链 Certificate Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Certificate Chain 2
发行给 Microsoft Code Signing PCA
发行人 Microsoft Root Authority
有效期 Sat Aug 25 150000 2012
SHA1 哈希 3036e3b25b88a55b86fc90e6e9eaad5081445166
证书链 Certificate Chain 3
发行给 Microsoft Corporation
发行人 Microsoft Code Signing PCA
有效期 Tue Mar 08 064029 2011
SHA1 哈希 9617094a1cfb59ae7c1f7dfdb6739e4e7c40508f
证书链 Timestamp Chain 1
发行给 Microsoft Root Authority
发行人 Microsoft Root Authority
有效期 Thu Dec 31 150000 2020
SHA1 哈希 a43489159a520f0d93d032ccaf37e7fe20a8b419
证书链 Timestamp Chain 2
发行给 Microsoft Timestamping PCA
发行人 Microsoft Root Authority
有效期 Sun Sep 15 150000 2019
SHA1 哈希 3ea99a60058275e0ed83b892a909449f8c33b245
证书链 Timestamp Chain 3
发行给 Microsoft Time-Stamp Service
发行人 Microsoft Timestamping PCA
有效期 Fri Jul 26 031115 2013
SHA1 哈希 4d6f357f0e6434da97b1afc540fb6fdd0e85a89f

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00009e09 0x0000a000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.12
.rdata 0x0000b000 0x000055a8 0x00005600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.08
.data 0x00011000 0x00000f58 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.89
.pdata 0x00012000 0x00001128 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.30
.rsrc 0x00014000 0x00000920 0x00000a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.38
.reloc 0x00015000 0x00000174 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 4.33

覆盖

偏移量 0x00012200
大小 0x00001770

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_VERSION 0x000140a0 0x00000488 LANG_ENGLISH SUBLANG_ENGLISH_US 3.47 data
RT_MANIFEST 0x00014528 0x000003f8 LANG_NEUTRAL SUBLANG_DEFAULT 5.14 ASCII text, with very long lines, with CRLF line terminators

导入

库: KERNEL32.dll:
0x14000b000 CompareStringW
0x14000b008 GetModuleHandleW
0x14000b010 GetVersionExW
0x14000b018 GetProcAddress
0x14000b020 GetModuleFileNameW
0x14000b028 lstrlenW
0x14000b030 DeleteCriticalSection
0x14000b040 LeaveCriticalSection
0x14000b048 EnterCriticalSection
0x14000b050 RtlCaptureContext
0x14000b058 RtlLookupFunctionEntry
0x14000b060 RtlVirtualUnwind
0x14000b068 IsDebuggerPresent
0x14000b078 GetCurrentProcess
0x14000b080 TerminateProcess
0x14000b088 GetStartupInfoW
0x14000b090 Sleep
0x14000b098 LoadLibraryW
0x14000b0a0 HeapAlloc
0x14000b0a8 HeapFree
0x14000b0b0 GetProcessHeap
0x14000b0b8 GetSystemTimeAsFileTime
0x14000b0c0 GetCurrentProcessId
0x14000b0c8 GetCurrentThreadId
0x14000b0d0 GetTickCount
0x14000b0d8 QueryPerformanceCounter
0x14000b0e0 VirtualProtect
0x14000b0e8 UnhandledExceptionFilter
0x14000b0f0 CreateProcessW
0x14000b0f8 CloseHandle
库: USER32.dll:
0x14000b108 GetMessageW
0x14000b110 LoadCursorW
0x14000b118 DispatchMessageW
0x14000b120 RegisterClassExW
0x14000b128 GetWindowLongPtrW
0x14000b130 SetWindowLongPtrW
0x14000b138 DefWindowProcW
0x14000b140 DestroyWindow
0x14000b148 CreateWindowExW
0x14000b150 UnregisterClassW
0x14000b158 TranslateMessage
0x14000b160 SetTimer
0x14000b168 PostQuitMessage
0x14000b170 KillTimer
0x14000b178 DestroyIcon
0x14000b180 PostMessageW
0x14000b188 IsWindow
0x14000b190 GetClassInfoExW
库: ADVAPI32.dll:
0x14000b1a0 RegDeleteKeyW
0x14000b1a8 RegEnumKeyExW
0x14000b1b0 RegCloseKey
0x14000b1b8 RegSetValueExW
0x14000b1c0 RegCreateKeyExW
0x14000b1c8 RegOpenKeyExW
0x14000b1d0 DeregisterEventSource
0x14000b1d8 ReportEventW
0x14000b1e0 RegisterEventSourceW
0x14000b1e8 GetTokenInformation
0x14000b1f0 IsValidSid
0x14000b1f8 GetSidSubAuthorityCount
0x14000b200 GetSidSubAuthority
0x14000b208 OpenProcessToken
0x14000b210 RegQueryValueExW
库: ole32.dll:
0x14000b220 CoCreateInstance
0x14000b228 CoRevokeClassObject
0x14000b230 CoRegisterClassObject
0x14000b238 CoUninitialize
0x14000b240 CoInitialize
库: MSVCR90.dll:
0x14000b250 __setusermatherr
0x14000b258 _commode
0x14000b260 _fmode
0x14000b268 _encode_pointer
0x14000b270 __set_app_type
0x14000b278 _unlock
0x14000b280 __dllonexit
0x14000b288 _configthreadlocale
0x14000b290 _onexit
0x14000b298 _decode_pointer
0x14000b2a0 __crt_debugger_hook
0x14000b2a8 ?terminate@@YAXXZ
0x14000b2b8 _initterm_e
0x14000b2c0 __wgetmainargs
0x14000b2c8 _initterm
0x14000b2d0 _wcmdln
0x14000b2d8 exit
0x14000b2e0 _cexit
0x14000b2e8 _exit
0x14000b2f0 _XcptFilter
0x14000b2f8 __C_specific_handler
0x14000b300 _lock
0x14000b308 _amsg_exit
0x14000b310 vswprintf_s
0x14000b320 _CxxThrowException
0x14000b350 memmove_s
0x14000b358 _vsnwprintf_s
0x14000b360 wcsncpy_s
0x14000b368 wcsncat_s
0x14000b370 ??2@YAPEAX_K@Z
0x14000b378 __CxxFrameHandler3
0x14000b380 ??3@YAXPEAX@Z
0x14000b388 memset
库: MSVCP90.dll:
库: OLEAUT32.dll:
0x14000b3e8 None
0x14000b3f0 None
0x14000b3f8 None
库: SHELL32.dll:
0x14000b408 Shell_NotifyIconW
0x14000b410 ExtractIconExW
.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
t:\ime\x64\ship\0\imenui.pdb
64\ship\0\imenui.exe\bbtopt\imenuiO.pdb
SetProcessDPIAware
vector<T> too long
+HeapSetInformation
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
SHELL32.dll
OLEAUT32.dll
MSVCP90.dll
MSVCR90.dll
ole32.dll
ADVAPI32.dll
USER32.dll
KERNEL32.dll
CompareStringW
GetModuleHandleW
GetVersionExW
GetProcAddress
GetModuleFileNameW
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
Sleep
LoadLibraryW
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
UnhandledExceptionFilter
CreateProcessW
CloseHandle
GetMessageW
LoadCursorW
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
DestroyWindow
CreateWindowExW
UnregisterClassW
TranslateMessage
SetTimer
PostQuitMessage
KillTimer
DestroyIcon
PostMessageW
IsWindow
GetClassInfoExW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
RegQueryValueExW
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize
CoInitialize
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_configthreadlocale
_onexit
_decode_pointer
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_initterm_e
__wgetmainargs
_initterm
_wcmdln
_cexit
_exit
_XcptFilter
__C_specific_handler
_lock
_amsg_exit
vswprintf_s
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
??0exception@std@@QEAA@XZ
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
memmove_s
_vsnwprintf_s
wcsncpy_s
wcsncat_s
??2@YAPEAX_K@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
memset
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
Shell_NotifyIconW
ExtractIconExW
.?AVCClassFactory@ComutilLocal@@
.?AUIClassFactory@@
.?AUIUnknown@@
.?AV?$comptr@VCClassFactory@ComutilLocal@@@Comutil@@
.?AVCNuiWindow@@
.?AV?$comptr@VCNuiWindow@@@Comutil@@
.?AVCNuiWndServer@@
.?AV?$comptr@UIUnknown@@@Comutil@@
.?AV?$comptr@VCNuiWndServer@@@Comutil@@
.?AV?$comptr@VCImeNotificationUI@@@Comutil@@
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVCImeNotificationUI@@
.?AUIImeNotificationUI@@
.?AVCImeNuiCmdExecProcess@@
.?AUIImeNuiCmdExecProcess@@
.?AUIImeNuiCommandProcedure@@
.?AV?$comptr@VCImeNuiCmdExecProcess@@@Comutil@@
.?AVCImeNuiCmdCustomHandler@@
.?AUIImeNuiCmdCustomHandler@@
.?AV?$comptr@VCImeNuiCmdCustomHandler@@@Comutil@@
.?AV?$comptr@UIImeNotificationUIEventHandler@@@Comutil@@
.?AV?$comptr@UIImeNotificationIcon@@@Comutil@@
.?AV?$comptr@UIImeNotificationMessage@@@Comutil@@
.?AVCImeNuiCmdCloseIcon@@
.?AUIImeNuiCmdCloseIcon@@
.?AV?$comptr@VCImeNuiCmdCloseIcon@@@Comutil@@
.?AV?$comptr@VCImeNotificationIcon@@@Comutil@@
.?AV?$comptr@VCNuiWndNotifyIconServer@@@Comutil@@
.?AV?$comptr@VCImeNotificationMessage@@@Comutil@@
.?AV?$comlist_elemment@UIImeNuiCommandProcedure@@@Comutil@@
.?AV?$comlist_elemment@VCImeNotificationMessage@@@Comutil@@
.?AVCImeNotificationIcon@@
.?AUIImeNotificationIcon@@
.?AVCImeNotificationMessage@@
.?AUIImeNotificationMessage@@
.?AVCNuiWndNotifyIconServer@@
.?AVtype_info@@
.?AV_com_error@@
</asmv3:application></assembly>
zw9gj
ime14.imenotificationui.server
CurVer
VersionIndependentProgID
ProgID
ThreadingModel
InProcServer32
LocalServer32
CLSID
ImeNui
user32.dll
/UnRegServer
/RegServer
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
ime14.imenotificationui.notifyiconserver
kernel32.dll
InsecureQI
Software\Microsoft\Security
Software\Policies\Microsoft\Security
CLSIDInterfaceTest
%s %s %s
%d.%d.%d.%d
Wversion.dll
InprocServer32
{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}
EnableLUA
Software\Microsoft\Windows\CurrentVersion\Policies\System
VS_VERSION_INFO
StringFileInfo
000004b0
CompanyName
Microsoft Corporation
FileDescription
Microsoft Office IME 2010
FileVersion
14.0.4734.1000
InternalName
imenui.exe
LegalCopyright
All rights reserved.
LegalTrademarks
Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(R) is a registered trademark of Microsoft Corporation.
OriginalFilename
imenui.exe
ProductName
Microsoft Office IME 2010
ProductVersion
14.0.4734.1000
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160423
MicroWorld-eScan 未发现病毒 20160425
nProtect 未发现病毒 20160422
CMC 未发现病毒 20160421
CAT-QuickHeal 未发现病毒 20160423
McAfee 未发现病毒 20160425
Malwarebytes 未发现病毒 20160425
VIPRE 未发现病毒 20160425
SUPERAntiSpyware 未发现病毒 20160425
TheHacker 未发现病毒 20160424
BitDefender 未发现病毒 20160425
K7GW 未发现病毒 20160423
K7AntiVirus 未发现病毒 20160424
Baidu 未发现病毒 20160422
F-Prot 未发现病毒 20160425
Symantec 未发现病毒 20160425
ESET-NOD32 未发现病毒 20160425
TrendMicro-HouseCall 未发现病毒 20160425
Avast 未发现病毒 20160425
ClamAV 未发现病毒 20160425
GData 未发现病毒 20160425
Kaspersky 未发现病毒 20160425
Alibaba 未发现病毒 20160425
NANO-Antivirus 未发现病毒 20160425
ViRobot 未发现病毒 20160425
Rising 未发现病毒 20160425
Ad-Aware 未发现病毒 20160425
Sophos 未发现病毒 20160425
Comodo 未发现病毒 20160425
F-Secure 未发现病毒 20160425
DrWeb 未发现病毒 20160425
Zillya 未发现病毒 20160425
TrendMicro 未发现病毒 20160425
McAfee-GW-Edition 未发现病毒 20160425
Emsisoft 未发现病毒 20160425
Cyren 未发现病毒 20160425
Avira 未发现病毒 20160424
Antiy-AVL 未发现病毒 20160425
Kingsoft 未发现病毒 20160425
Arcabit 未发现病毒 20160425
AegisLab 未发现病毒 20160425
Microsoft 未发现病毒 20160425
AhnLab-V3 未发现病毒 20160425
ALYac 未发现病毒 20160425
AVware 未发现病毒 20160424
VBA32 未发现病毒 20160423
Panda 未发现病毒 20160424
Zoner 未发现病毒 20160425
Tencent 未发现病毒 20160425
Yandex 未发现病毒 20160424
Ikarus 未发现病毒 20160424
Fortinet 未发现病毒 20160425
AVG 未发现病毒 20160425
Baidu-International 未发现病毒 20160424
Qihoo-360 未发现病毒 20160425

进程树

IMENUI.EXE, PID: 2496, 上一级进程 PID: 2596
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
58.211.137.192 中国
23.44.155.27 美国
198.41.215.185 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53449 178.255.83.1 80
192.168.122.69 53451 178.255.83.1 80
192.168.122.69 53456 178.255.83.1 80
192.168.122.69 53450 198.41.215.185 ocsp.msocsp.com 80
192.168.122.69 53446 23.32.241.24 80
192.168.122.69 53448 23.44.155.27 ss.symcd.com 80
192.168.122.69 53452 23.44.155.27 ss.symcd.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 49557 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 53093 192.168.122.1 53
192.168.122.69 55110 192.168.122.1 53
192.168.122.69 57235 192.168.122.1 53
192.168.122.69 58105 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 59966 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 65112 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 138 192.168.122.255 138
192.168.122.69 52512 224.0.0.252 5355
192.168.122.69 53197 224.0.0.252 5355
192.168.122.69 54165 224.0.0.252 5355
192.168.122.69 54309 224.0.0.252 5355
192.168.122.69 54419 224.0.0.252 5355
192.168.122.69 55303 224.0.0.252 5355
192.168.122.69 57511 224.0.0.252 5355
192.168.122.69 58738 224.0.0.252 5355
192.168.122.69 58967 224.0.0.252 5355
192.168.122.69 59029 224.0.0.252 5355
192.168.122.69 60581 224.0.0.252 5355
192.168.122.69 60637 224.0.0.252 5355
192.168.122.69 60895 224.0.0.252 5355
192.168.122.69 62204 224.0.0.252 5355
192.168.122.69 62771 224.0.0.252 5355
192.168.122.69 64260 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 52.169.179.91 123
192.168.122.70 5355 192.168.122.69 53197
192.168.122.70 5355 192.168.122.69 64810

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
ss.symcd.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27
ocsp.msocsp.com A 198.41.214.185
CNAME hostedocsp.globalsign.com
A 198.41.214.186
A 198.41.214.187
A 198.41.215.183
A 198.41.215.182
A 198.41.215.185
A 198.41.214.183
A 198.41.215.184
A 198.41.215.186
A 198.41.214.184
ocsp.verisign.com
sd.symcd.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 53449 178.255.83.1 80
192.168.122.69 53451 178.255.83.1 80
192.168.122.69 53456 178.255.83.1 80
192.168.122.69 53450 198.41.215.185 ocsp.msocsp.com 80
192.168.122.69 53446 23.32.241.24 80
192.168.122.69 53448 23.44.155.27 ss.symcd.com 80
192.168.122.69 53452 23.44.155.27 ss.symcd.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 49557 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 53093 192.168.122.1 53
192.168.122.69 55110 192.168.122.1 53
192.168.122.69 57235 192.168.122.1 53
192.168.122.69 58105 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 59966 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 65112 192.168.122.1 53
192.168.122.69 137 192.168.122.255 137
192.168.122.69 138 192.168.122.255 138
192.168.122.69 52512 224.0.0.252 5355
192.168.122.69 53197 224.0.0.252 5355
192.168.122.69 54165 224.0.0.252 5355
192.168.122.69 54309 224.0.0.252 5355
192.168.122.69 54419 224.0.0.252 5355
192.168.122.69 55303 224.0.0.252 5355
192.168.122.69 57511 224.0.0.252 5355
192.168.122.69 58738 224.0.0.252 5355
192.168.122.69 58967 224.0.0.252 5355
192.168.122.69 59029 224.0.0.252 5355
192.168.122.69 60581 224.0.0.252 5355
192.168.122.69 60637 224.0.0.252 5355
192.168.122.69 60895 224.0.0.252 5355
192.168.122.69 62204 224.0.0.252 5355
192.168.122.69 62771 224.0.0.252 5355
192.168.122.69 64260 224.0.0.252 5355
192.168.122.69 64810 224.0.0.252 5355
192.168.122.69 50619 239.255.255.250 1900
192.168.122.69 123 52.169.179.91 123
192.168.122.70 5355 192.168.122.69 53197
192.168.122.70 5355 192.168.122.69 64810

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.msftncsi.com/ncsi.txt 
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftncsi.com
URL专业沙箱检测 -> http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYsTGl7at%2BFjHRU%2BpXehLM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYsTGl7at%2BFjHRU%2BpXehLM%3D HTTP/1.1
Cache-Control: max-age = 386960
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 21 Jan 2016 20:44:27 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com
URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1
Cache-Control: max-age = 311241
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 23:57:39 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:30:15 GMT
If-None-Match: "77a3ed05d7337d023a726d1efae9caf1857cedc9"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1
Cache-Control: max-age = 311240
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 23:57:39 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D HTTP/1.1
Cache-Control: max-age = 603676
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 08:43:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQLqIKj6Gi5thHaqKC1ECU9aXsCRQQUmvMr2s%2BtT7YvuypISCoStxtCwSQCEQD0gtB5WgsdpjrFZePtaJt6 
GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQLqIKj6Gi5thHaqKC1ECU9aXsCRQQUmvMr2s%2BtT7YvuypISCoStxtCwSQCEQD0gtB5WgsdpjrFZePtaJt6 HTTP/1.1
Cache-Control: max-age = 334227
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:20:47 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 17.574 seconds )

  • 15.129 NetworkAnalysis
  • 0.926 VirusTotal
  • 0.638 Static
  • 0.476 peid
  • 0.23 TargetInfo
  • 0.11 BehaviorAnalysis
  • 0.022 AnalysisInfo
  • 0.021 Strings
  • 0.01 config_decoder
  • 0.007 Debug
  • 0.002 Dropped
  • 0.002 Memory
  • 0.001 ProcessMemory

Signatures ( 0.076 seconds )

  • 0.016 antiav_detectreg
  • 0.008 infostealer_ftp
  • 0.005 persistence_autorun
  • 0.005 antiav_detectfile
  • 0.004 geodo_banking_trojan
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_im
  • 0.003 stealth_timeout
  • 0.003 antianalysis_detectreg
  • 0.003 infostealer_mail
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 betabot_behavior
  • 0.001 mimics_filetime
  • 0.001 stealth_file
  • 0.001 kibex_behavior
  • 0.001 shifu_behavior
  • 0.001 antivm_generic_disk
  • 0.001 vawtrak_behavior
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 ransomware_files

Reporting ( 4.704 seconds )

  • 4.025 ReportPDF
  • 0.668 ReportHTMLSummary
  • 0.011 Malheur
Task ID 16170
Mongo ID 57ce68114d3bd048e49828be
Cuckoo release 1.4-Maldun