恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp01-1	2018-05-22 10:41:00	2018-05-22 10:43:17	137 秒

魔盾分数

0.0

正常的

文件详细信息

文件名	QQScLauncher.exe
文件大小	62200 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	7a08effa5c1dbe120abff2612db17c32
SHA1	bc89306c0f827e18e818f355280fe9077b9a6c29
SHA256	fe69122b4d957590a33a119481e75a313a3b9cda3be9f0dda0fc2c0249d7aaab
SHA512	2c89a180803f813f784025b1c49db907c75406389eb28d6748bf444650993e1e4708072575a6637da9fb17467cf4e1b6c1beebf3e3ee891af9a03dbcc473b9f7
CRC32	2D049377
Ssdeep	768:dJ0mU6Rk9ar2A9uo6Vkp+SKYyN7vaBa0bFDRGLpTHypaZsHJu1p23+zj:TUUk9k9iukSaErDY1TpZ/m0
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x004017fc
声明校验值	0x0001d206
实际校验值	0x0001d206
最低操作系统版本要求	5.1
PDB路径	R:\TempView\Output\BinFinal\QQScLauncher.pdb
编译时间	2018-05-17 16:28:50
载入哈希	a2c8a8fefebfd8a0ee9473f734210806
图标
图标精确哈希值	bf99df3556aeb620e552d085ba314dcf
图标相似性哈希值	5d08e4bd5fdacd1f8677e641686e06fc

版本信息

LegalCopyright
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
Translation

微软证书验证 (Sign Tool)

SHA1	时间戳	有效性	错误
67cc929a51faaa0b55a1654499bd5b548899292c	Thu May 17 16:53:58 2018	是	无

证书链	Certificate Chain 1
发行给	VeriSign Class 3 Public Primary Certification Authority - G5
发行人	VeriSign Class 3 Public Primary Certification Authority - G5
有效期	Thu Jul 17 075959 2036
SHA1 哈希	4eb6d578499b1ccf5f581ead56be3d9b6744a5e5

证书链	Certificate Chain 2
发行给	VeriSign Class 3 Code Signing 2010 CA
发行人	VeriSign Class 3 Public Primary Certification Authority - G5
有效期	Sat Feb 08 075959 2020
SHA1 哈希	495847a93187cfb8c71f840cb7b41497ad95c64f

证书链	Certificate Chain 3
发行给	Tencent Technology(Shenzhen) Company Limited
发行人	VeriSign Class 3 Code Signing 2010 CA
有效期	Fri Mar 29 075959 2019
SHA1 哈希	c57b841b09620ea6278e62af20963faec8f9e03d

证书链	Timestamp Chain 1
发行给	Thawte Timestamping CA
发行人	Thawte Timestamping CA
有效期	Fri Jan 01 075959 2021
SHA1 哈希	be36a4562fb2ee05dbb3d32323adf445084ed656

证书链	Timestamp Chain 2
发行给	Symantec Time Stamping Services CA - G2
发行人	Thawte Timestamping CA
有效期	Thu Dec 31 075959 2020
SHA1 哈希	6c07453ffdda08b83707c09b82fb3d15f35336b1

证书链	Timestamp Chain 3
发行给	Symantec Time Stamping Services Signer - G4
发行人	Symantec Time Stamping Services CA - G2
有效期	Wed Dec 30 075959 2020
SHA1 哈希	65439929b67973eb192d6ff243e6767adf0834e4

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0000133a	0x00001400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.19
.rdata	0x00003000	0x00001040	0x00001200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.31
.data	0x00005000	0x00000404	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	1.78
.gfids	0x00006000	0x00000050	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	0.39
.rsrc	0x00007000	0x00008d10	0x00008e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.33
.reloc	0x00010000	0x0000025c	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	4.50

覆盖

偏移量	0x0000c000
大小	0x000032f8

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x0000ede8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.67	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000ede8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.67	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000ede8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.67	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000ede8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.67	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000ede8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.67	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000ede8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.67	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000ede8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.67	GLS_BINARY_LSB_FIRST
RT_ICON	0x0000ede8	0x00000468	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.67	GLS_BINARY_LSB_FIRST
RT_MENU	0x0000f250	0x0000004a	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.71	data
RT_DIALOG	0x0000f29c	0x000000fa	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.38	data
RT_STRING	0x0000f398	0x00000050	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.21	data
RT_ACCELERATOR	0x0000f3e8	0x00000010	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	1.80	data
RT_GROUP_ICON	0x0000f3f8	0x00000076	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.80	MS Windows icon resource - 8 icons, 16x16, 16 colors
RT_VERSION	0x0000f470	0x00000270	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.57	data
RT_MANIFEST	0x0000f6e0	0x0000062f	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.14	XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators

导入

库: KERNEL32.dll:

• 0x403008 FindFirstFileW

• 0x40300c FindClose

• 0x403010 GetModuleFileNameW

• 0x403014 CloseHandle

• 0x403018 IsDebuggerPresent

• 0x40301c InitializeSListHead

• 0x403020 GetSystemTimeAsFileTime

• 0x403024 GetCurrentThreadId

• 0x403028 GetStartupInfoW

• 0x40302c CreateProcessW

• 0x403030 GetCurrentProcessId

• 0x403034 QueryPerformanceCounter

• 0x403038 IsProcessorFeaturePresent

• 0x40303c TerminateProcess

• 0x403040 GetCurrentProcess

• 0x403044 SetUnhandledExceptionFilter

• 0x403048 UnhandledExceptionFilter

• 0x40304c GetModuleHandleW

库: USER32.dll:

• 0x403054 ReleaseDC

• 0x403058 FindWindowW

• 0x40305c SendMessageW

• 0x403060 GetDC

库: GDI32.dll:

• 0x403000 GetDeviceCaps

库: VCRUNTIME140.dll:

• 0x403068 _except_handler4_common

• 0x40306c _CxxThrowException

• 0x403070 wcsrchr

• 0x403074 memset

• 0x403078 __std_exception_destroy

• 0x40307c __std_exception_copy

库: api-ms-win-crt-runtime-l1-1-0.dll:

• 0x4030a8 exit

• 0x4030ac _initterm_e

• 0x4030b0 _initterm

• 0x4030b4 _initialize_onexit_table

• 0x4030b8 _exit

• 0x4030bc _crt_atexit

• 0x4030c0 _controlfp_s

• 0x4030c4 terminate

• 0x4030c8 _get_wide_winmain_command_line

• 0x4030cc _initialize_wide_environment

• 0x4030d0 _c_exit

• 0x4030d4 _register_onexit_function

• 0x4030d8 _configure_wide_argv

• 0x4030dc _register_thread_local_exe_atexit_callback

• 0x4030e0 _set_app_type

• 0x4030e4 _seh_filter_exe

• 0x4030e8 __p___wargv

• 0x4030ec __p___argc

• 0x4030f0 _cexit

库: api-ms-win-crt-string-l1-1-0.dll:

• 0x403108 wcsncmp

• 0x40310c wcslen

库: api-ms-win-crt-stdio-l1-1-0.dll:

• 0x4030f8 __p__commode

• 0x4030fc _set_fmode

• 0x403100 __stdio_common_vswprintf_s

库: api-ms-win-crt-math-l1-1-0.dll:

• 0x4030a0 __setusermatherr

库: api-ms-win-crt-locale-l1-1-0.dll:

• 0x403098 _configthreadlocale

库: api-ms-win-crt-heap-l1-1-0.dll:

• 0x403084 _callnewh

• 0x403088 malloc

• 0x40308c free

• 0x403090 _set_new_mode

.text
`.rdata
@.data
.gfids
@.rsrc
@.reloc
D$ Pj
Unknown exception
bad allocation
bad array new length
R:\TempView\Output\BinFinal\QQScLauncher.pdb
.text$mn
.idata$5
.00cfg
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIAC
.CRT$XIZ
.CRT$XPA
.CRT$XPZ
.CRT$XTA
.CRT$XTZ
.rdata
.rdata$r
.rdata$sxdata
.rdata$zzzdbg
.rtc$IAA
.rtc$IZZ
.rtc$TAA
.rtc$TZZ
.xdata$x
.idata$2
.idata$3
.idata$4
.idata$6
.data
.data$r
.gfids$y
.rsrc$01
.rsrc$02
CreateProcessW
CloseHandle
FindFirstFileW
FindClose
GetModuleFileNameW
KERNEL32.dll
FindWindowW
SendMessageW
GetDC
ReleaseDC
USER32.dll
GetDeviceCaps
GDI32.dll
memset
wcsrchr
_except_handler4_common
__std_exception_copy
__std_exception_destroy
_CxxThrowException
VCRUNTIME140.dll
__p___argc
__p___wargv
wcsncmp
__stdio_common_vswprintf_s
wcslen
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_callnewh
malloc
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
.?AVbad_alloc@std@@
.?AVexception@std@@
.?AVbad_array_new_length@std@@
.?AVtype_info@@
333333
6OWWWZ[]
'cmqrmc%
'rrrrrrrrrrrrrr)
drrrrrrrrrrrrrrd
lrrrrrrrrrrrrrrm
qrIGEGrrrrrrrrrr
rrEEDErrrrrrrrrr
qrEDDDrrrrrrrrrr
mrEDDDrrrrrrrrro
giDDDDGEEGHJKLhf
@EDDDDDDDDDDDDDDDDDDD@
;DDDDDC>31..13>CDDDDE<
5WWWWWWWWWW4
(+****+*****)
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><asmv3:application><asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></asmv3:windowsSettings></asmv3:application><ms_compatibility:compatibility xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" xmlns="urn:schemas-microsoft-com:compatibility.v1"><ms_compatibility:application xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1"><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></ms_compatibility:supportedOS><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></ms_compatibility:supportedOS><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></ms_compatibility:supportedOS><ms_compatibility:supportedOS xmlns:ms_compatibility="urn:schemas-microsoft-com:compatibility.v1" Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></ms_compatibility:supportedOS></ms_compatibility:application></ms_compatibility:compatibility></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
3$3*30363
040P0x0
@/uin:
/quicklunch:
qqexchangewnd_shortcut_prefix_%s
5B3838F5-0C81-46D9-A4C0-6EA28CA3E942
QQ.exe
QQProtect\Bin\QQProtect.exe
dpigetter_wndname_%s
dpigetter_wndclass
&File
iE&xit
&Help
h&About ...
About
System
QQScLauncher Version 1.0
Copyright (C) 2011
QQScLauncher
QQSCLAUNCHER
VS_VERSION_INFO
StringFileInfo
080404b0
CompanyName
Tencent
FileDescription
FileVersion
9.0.3.23743
LegalCopyright
Copyright (C) 1999-2018 Tencent. All Rights Reserved
ProductName
ProductVersion
9.0.3.23743
VarFileInfo
Translation

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20180521
MicroWorld-eScan	未发现病毒	20180521
nProtect	未发现病毒	20180521
CMC	未发现病毒	20180521
CAT-QuickHeal	未发现病毒	20180521
ALYac	未发现病毒	20180521
Cylance	未发现病毒	20180521
VIPRE	未发现病毒	20180521
TheHacker	未发现病毒	20180516
K7GW	未发现病毒	20180521
K7AntiVirus	未发现病毒	20180521
TrendMicro	未发现病毒	20180521
Baidu	未发现病毒	20180521
NANO-Antivirus	未发现病毒	20180521
F-Prot	未发现病毒	20180521
Symantec	未发现病毒	20180521
TotalDefense	未发现病毒	20180520
TrendMicro-HouseCall	未发现病毒	20180521
Paloalto	未发现病毒	20180521
ClamAV	未发现病毒	20180521
Kaspersky	未发现病毒	20180521
BitDefender	未发现病毒	20180521
Babable	未发现病毒	20180406
ViRobot	未发现病毒	20180521
AegisLab	未发现病毒	20180521
Rising	未发现病毒	20180521
Ad-Aware	未发现病毒	20180521
Sophos	未发现病毒	20180521
Comodo	未发现病毒	20180521
F-Secure	未发现病毒	20180521
DrWeb	未发现病毒	20180521
Zillya	未发现病毒	20180521
Invincea	未发现病毒	20180503
McAfee-GW-Edition	未发现病毒	20180521
Emsisoft	未发现病毒	20180521
Ikarus	未发现病毒	20180521
Cyren	未发现病毒	20180521
Jiangmin	未发现病毒	20180521
Webroot	未发现病毒	20180521
Avira	未发现病毒	20180521
Fortinet	未发现病毒	20180521
Antiy-AVL	未发现病毒	20180521
Kingsoft	未发现病毒	20180521
Endgame	未发现病毒	20180507
Arcabit	未发现病毒	20180521
SUPERAntiSpyware	未发现病毒	20180521
ZoneAlarm	未发现病毒	20180521
Avast-Mobile	未发现病毒	20180520
Microsoft	未发现病毒	20180521
AhnLab-V3	未发现病毒	20180521
McAfee	未发现病毒	20180521
AVware	未发现病毒	20180521
MAX	未发现病毒	20180521
VBA32	未发现病毒	20180521
Malwarebytes	未发现病毒	20180521
Panda	未发现病毒	20180521
Zoner	未发现病毒	20180521
ESET-NOD32	未发现病毒	20180521
Tencent	未发现病毒	20180521
Yandex	未发现病毒	20180518
SentinelOne	未发现病毒	20180225
eGambit	未发现病毒	20180521
GData	未发现病毒	20180521
AVG	未发现病毒	20180521
Avast	未发现病毒	20180521
Qihoo-360	未发现病毒	20180521

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49158	23.35.171.27	80
192.168.122.201	49159	23.35.171.27	80
192.168.122.201	49163	96.7.54.88	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53
192.168.122.201	64841	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49158	23.35.171.27	80
192.168.122.201	49159	23.35.171.27	80
192.168.122.201	49163	96.7.54.88	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53
192.168.122.201	64841	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.verisign.com
URL专业沙箱检测 -> http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFIEi5yKZ%2BKPDMjMdYE93Fo%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFIEi5yKZ%2BKPDMjMdYE93Fo%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: sf.symcd.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl	GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com

URI

HTTP数据

URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com

URL专业沙箱检测 -> http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFIEi5yKZ%2BKPDMjMdYE93Fo%3D

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFIEi5yKZ%2BKPDMjMdYE93Fo%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com

URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl

GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 11.357 seconds )

7.859 Suricata
1.172 VirusTotal
0.646 NetworkAnalysis
0.625 TargetInfo
0.486 Static
0.384 peid
0.174 AnalysisInfo
0.006 Strings
0.002 Debug
0.002 Memory
0.001 BehaviorAnalysis

Signatures ( 1.426 seconds )

1.357 md_url_bl
0.011 antiav_detectreg
0.005 persistence_autorun
0.005 antiav_detectfile
0.005 infostealer_ftp
0.004 geodo_banking_trojan
0.004 md_domain_bl
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_im
0.003 md_bad_drop
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 disables_browser_warn
0.002 infostealer_mail
0.002 network_http
0.001 rat_nanocore
0.001 betabot_behavior
0.001 cerber_behavior
0.001 bot_drive
0.001 bot_drive2
0.001 modify_proxy
0.001 browser_security

Reporting ( 0.464 seconds )

0.433 ReportHTMLSummary
0.031 Malheur


Task ID	162426
Mongo ID	5b0383d5bb7d574506ff4202
Cuckoo release	1.4-Maldun