分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp01-2 | 2018-05-22 09:53:02 | 2018-05-22 09:55:21 | 139 秒 |
文件名 | 荒野小迪辅助V1.4.exe |
---|---|
文件大小 | 1515520 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | b3cfa0e80bad2716b1a17aa6d4e085ab |
SHA1 | 5cb993a09b5c92f9a302b1d6c950c55057a28d0a |
SHA256 | 3ddf360bb5b22191ceea48aeabbb10cdead2f2a72821f3877dc5b57103f8b23a |
SHA512 | 0a95f3bf1ad3db77c4b268c9051266ea75e1c0f754f264536b416df8b1996761fbd6b44c0196ad25f9ae74d28bbd9969bc7276f995aad6d39357a56a997c9d5a |
CRC32 | 8602D5DB |
Ssdeep | 24576:r6KsaYJK9GYSCZRyxgA77sp5xEVEFzioAF26FTEInVeGbPdb+hba8fg/zmHfjiP0:rMoGrCZRyiAXwnwvoY9F4DGbPC9fuz+h |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 59.110.185.116 | 未知 | 中国 |
否 | 59.110.185.127 | 未知 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
xddh.oss-cn-beijing.aliyuncs.com | 未知 | A 59.110.185.127 |
xdms.oss-cn-beijing.aliyuncs.com | 未知 | A 59.110.185.116 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x0061f86b |
声明校验值 | 0x00000000 |
实际校验值 | 0x0018028c |
最低操作系统版本要求 | 5.0 |
编译时间 | 2018-05-20 17:53:07 |
载入哈希 | 8f31095220b1605f7b376ac192a7f43a |
图标 | |
图标精确哈希值 | 6fa49d83cf505e43b1e72e636239ff76 |
图标相似性哈希值 | c1fd735250e97dde9605af75014ebbf4 |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000ae086 | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 0.00 |
.rdata | 0x000b0000 | 0x0001b13a | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 0.00 |
.data | 0x000cc000 | 0x0004b24a | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.vmp0 | 0x00118000 | 0x000e60cb | 0x00000000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
.vmp1 | 0x001ff000 | 0x00159c56 | 0x0015a000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.94 |
.rsrc | 0x00359000 | 0x000167f9 | 0x00017000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.82 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x0035ed9c | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.74 | dBase III DBT, version number 0, next free block index 40 |
RT_ICON | 0x0035ed9c | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.74 | dBase III DBT, version number 0, next free block index 40 |
RT_ICON | 0x0035ed9c | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.74 | dBase III DBT, version number 0, next free block index 40 |
RT_ICON | 0x0035ed9c | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.74 | dBase III DBT, version number 0, next free block index 40 |
RT_ICON | 0x0035ed9c | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.74 | dBase III DBT, version number 0, next free block index 40 |
RT_ICON | 0x0035ed9c | 0x00010828 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.74 | dBase III DBT, version number 0, next free block index 40 |
RT_GROUP_ICON | 0x0036f618 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x0036f618 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_GROUP_ICON | 0x0036f618 | 0x00000014 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 2.02 | MS Windows icon resource - 1 icon, 16x16, 16 colors |
RT_MANIFEST | 0x0036f62c | 0x000001cd | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.08 | XML 1.0 document, ASCII text, with very long lines, with no line terminators |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 59.110.185.116 | 未知 | 中国 |
否 | 59.110.185.127 | 未知 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49161 | 59.110.185.116 xdms.oss-cn-beijing.aliyuncs.com | 80 |
192.168.122.202 | 49160 | 59.110.185.127 xddh.oss-cn-beijing.aliyuncs.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 52449 | 192.168.122.1 | 53 |
192.168.122.202 | 63580 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
xddh.oss-cn-beijing.aliyuncs.com | 未知 | A 59.110.185.127 |
xdms.oss-cn-beijing.aliyuncs.com | 未知 | A 59.110.185.116 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 49161 | 59.110.185.116 xdms.oss-cn-beijing.aliyuncs.com | 80 |
192.168.122.202 | 49160 | 59.110.185.127 xddh.oss-cn-beijing.aliyuncs.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.202 | 52449 | 192.168.122.1 | 53 |
192.168.122.202 | 63580 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://xddh.oss-cn-beijing.aliyuncs.com/PZ.txt | GET /PZ.txt HTTP/1.1 User-Agent: HTTPREAD Host: xddh.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache |
URL专业沙箱检测 -> http://xddh.oss-cn-beijing.aliyuncs.com/LRE.dll | GET /LRE.dll HTTP/1.1 User-Agent: HTTPREAD Host: xddh.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache |
URL专业沙箱检测 -> http://xddh.oss-cn-beijing.aliyuncs.com/Moon.txt | GET /Moon.txt HTTP/1.1 User-Agent: HTTPREAD Host: xddh.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache |
URL专业沙箱检测 -> http://xdms.oss-cn-beijing.aliyuncs.com/MS.txt | GET /MS.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: xdms.oss-cn-beijing.aliyuncs.com Cache-Control: no-cache |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-05-22 09:53:18.466181+0800 | 192.168.122.202 | 49161 | 59.110.185.116 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
2018-05-22 09:53:16.708915+0800 | 59.110.185.127 | 80 | 192.168.122.202 | 49160 | TCP | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
No TLS
No Suricata HTTP
文件名 | Moon.dll |
---|---|
相关文件 |
C:\Users\test\Desktop\Moon\Moon.dll
|
文件大小 | 152424 字节 |
文件类型 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows |
MD5 | 6a22f0dbf53994c20c63fed1fb8eab2c |
SHA1 | a4cb7172435352965165c8c3691855f92b837087 |
SHA256 | 9159c210bc679ffb7dd50ba218822c75d00753a135d390e33d40a567c29dcc43 |
CRC32 | D363E346 |
Ssdeep | 1536:u6uaPRWYhsleoDJKvrcVYbWNNHsn5ez6TUskHgs+X0vngaMbtbTNQuYrYF:uDjDJZYHn4zukwuCbtbTNQuYrYF |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 162415 |
---|---|
Mongo ID | 5b0378adbb7d5744ffff4172 |
Cuckoo release | 1.4-Maldun |