分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-1 2018-07-20 18:11:07 2018-07-20 18:13:39 152 秒

魔盾分数

10.0

Zpevdo病毒

文件详细信息

文件名 ntp2.exe
文件大小 888307 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5 61ccff02f9d36276df27fb9efac4d83b
SHA1 219c02166b70d6208244b74f3926793309756f86
SHA256 94667e6af65a184492db52d3ffd3757516e746f515300b0c6bda1e9f8befc62c
SHA512 0d14952f60f7dc4faec4f18c97aa2d32d7b5c4a73cde0456a1d154314527cf3926304bfc548bd72e74d368e31fcf5daa5c9444650818410201486bf208e21574
CRC32 80DAF209
Ssdeep 24576:EVtsAodAUUN6kidPBLnV9GUt4Gzv7b1w1fQssX9uD1TDKiw:SsAo3UNUdZLnV4jGzK1fGkD1lw
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
80.82.67.194 荷兰

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
api-rambler.com A 80.82.67.194

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00403217
声明校验值 0x000ddd0f
实际校验值 0x000ddd0f
最低操作系统版本要求 4.0
编译时间 2014-05-12 04:03:36
载入哈希 59a4a44a250c4cf4f2d9de2b3fe5d95f
图标
图标精确哈希值 5642c277638a98c845acc88573571251
图标相似性哈希值 3eb36951cff76a1942a440bf5088cce4

版本信息

LegalCopyright
FileVersion
CompanyName
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00005be2 0x00005c00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.48
.rdata 0x00007000 0x000011ce 0x00001200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.24
.data 0x00009000 0x0001a7d8 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.93
.ndata 0x00024000 0x00009000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.rsrc 0x0002d000 0x00001881 0x00001a00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.77

覆盖

偏移量 0x00009000
大小 0x000cfdf3

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_ICON 0x0002d370 0x00000468 LANG_ENGLISH SUBLANG_ENGLISH_US 4.28 GLS_BINARY_LSB_FIRST
RT_MENU 0x0002d85c 0x000002ae LANG_ENGLISH SUBLANG_ENGLISH_US 3.44 data
RT_MENU 0x0002d85c 0x000002ae LANG_ENGLISH SUBLANG_ENGLISH_US 3.44 data
RT_DIALOG 0x0002dd28 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_DIALOG 0x0002dd28 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_DIALOG 0x0002dd28 0x00000060 LANG_ENGLISH SUBLANG_ENGLISH_US 2.49 data
RT_STRING 0x0002deec 0x000000cc LANG_ENGLISH SUBLANG_ENGLISH_US 3.04 data
RT_STRING 0x0002deec 0x000000cc LANG_ENGLISH SUBLANG_ENGLISH_US 3.04 data
RT_ACCELERATOR 0x0002dfb8 0x00000050 LANG_ENGLISH SUBLANG_ENGLISH_US 2.93 data
RT_GROUP_ICON 0x0002e008 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US 1.92 MS Windows icon resource - 1 icon, 16x32
RT_VERSION 0x0002e01c 0x00000258 LANG_ENGLISH SUBLANG_ENGLISH_US 3.30 data
RT_MANIFEST 0x0002e57c 0x00000305 LANG_ENGLISH SUBLANG_ENGLISH_US 5.27 XML 1.0 document, ASCII text, with very long lines, with no line terminators
RT_MANIFEST 0x0002e57c 0x00000305 LANG_ENGLISH SUBLANG_ENGLISH_US 5.27 XML 1.0 document, ASCII text, with very long lines, with no line terminators

导入

库: KERNEL32.dll:
0x407060 GetTickCount
0x407064 GetFullPathNameA
0x407068 MoveFileA
0x407070 GetFileAttributesA
0x407074 GetLastError
0x407078 CreateDirectoryA
0x40707c SetFileAttributesA
0x407080 SearchPathA
0x407084 GetShortPathNameA
0x407088 CreateFileA
0x40708c GetFileSize
0x407090 GetModuleFileNameA
0x407094 ReadFile
0x407098 GetCurrentProcess
0x40709c CopyFileA
0x4070a0 ExitProcess
0x4070a8 Sleep
0x4070ac CloseHandle
0x4070b0 GetCommandLineA
0x4070b4 SetErrorMode
0x4070b8 LoadLibraryA
0x4070bc lstrlenA
0x4070c0 lstrcpynA
0x4070c4 GetDiskFreeSpaceA
0x4070c8 GlobalUnlock
0x4070cc GlobalLock
0x4070d0 CreateThread
0x4070d4 CreateProcessA
0x4070d8 RemoveDirectoryA
0x4070dc GetTempFileNameA
0x4070e0 lstrcpyA
0x4070e4 lstrcatA
0x4070e8 GetSystemDirectoryA
0x4070ec GetVersion
0x4070f0 GetProcAddress
0x4070f4 GlobalAlloc
0x4070f8 CompareFileTime
0x4070fc SetFileTime
0x407104 lstrcmpiA
0x407108 lstrcmpA
0x40710c WaitForSingleObject
0x407110 GlobalFree
0x407114 GetExitCodeProcess
0x407118 GetModuleHandleA
0x40711c GetTempPathA
0x407124 LoadLibraryExA
0x407128 FindFirstFileA
0x40712c FindNextFileA
0x407130 DeleteFileA
0x407134 SetFilePointer
0x407138 WriteFile
0x40713c FindClose
0x407144 MultiByteToWideChar
0x407148 MulDiv
0x407150 FreeLibrary
库: USER32.dll:
0x407174 CreateWindowExA
0x407178 EndDialog
0x40717c ScreenToClient
0x407180 GetWindowRect
0x407184 EnableMenuItem
0x407188 GetSystemMenu
0x40718c SetClassLongA
0x407190 IsWindowEnabled
0x407194 SetWindowPos
0x407198 GetSysColor
0x40719c GetWindowLongA
0x4071a0 SetCursor
0x4071a4 LoadCursorA
0x4071a8 CheckDlgButton
0x4071ac GetMessagePos
0x4071b0 LoadBitmapA
0x4071b4 CallWindowProcA
0x4071b8 IsWindowVisible
0x4071bc CloseClipboard
0x4071c0 GetDC
0x4071c8 RegisterClassA
0x4071cc TrackPopupMenu
0x4071d0 AppendMenuA
0x4071d4 CreatePopupMenu
0x4071d8 GetSystemMetrics
0x4071dc SetDlgItemTextA
0x4071e0 GetDlgItemTextA
0x4071e4 MessageBoxIndirectA
0x4071e8 CharPrevA
0x4071ec DispatchMessageA
0x4071f0 PeekMessageA
0x4071f4 ReleaseDC
0x4071f8 EnableWindow
0x4071fc InvalidateRect
0x407200 SendMessageA
0x407204 DefWindowProcA
0x407208 BeginPaint
0x40720c GetClientRect
0x407210 FillRect
0x407214 DrawTextA
0x407218 GetClassInfoA
0x40721c DialogBoxParamA
0x407220 CharNextA
0x407224 ExitWindowsEx
0x407228 DestroyWindow
0x40722c CreateDialogParamA
0x407230 SetTimer
0x407234 GetDlgItem
0x407238 wsprintfA
0x40723c SetForegroundWindow
0x407240 ShowWindow
0x407244 IsWindow
0x407248 LoadImageA
0x40724c SetWindowLongA
0x407250 SetClipboardData
0x407254 EmptyClipboard
0x407258 OpenClipboard
0x40725c EndPaint
0x407260 PostQuitMessage
0x407264 FindWindowExA
0x407268 SendMessageTimeoutA
0x40726c SetWindowTextA
库: GDI32.dll:
0x40703c SelectObject
0x407040 SetBkMode
0x407044 CreateFontIndirectA
0x407048 SetTextColor
0x40704c DeleteObject
0x407050 GetDeviceCaps
0x407054 CreateBrushIndirect
0x407058 SetBkColor
库: SHELL32.dll:
0x407160 SHBrowseForFolderA
0x407164 SHGetFileInfoA
0x407168 ShellExecuteA
0x40716c SHFileOperationA
库: ADVAPI32.dll:
0x407000 RegCloseKey
0x407004 RegOpenKeyExA
0x407008 RegDeleteKeyA
0x40700c RegDeleteValueA
0x407010 RegEnumValueA
0x407014 RegCreateKeyExA
0x407018 RegSetValueExA
0x40701c RegQueryValueExA
0x407020 RegEnumKeyA
库: COMCTL32.dll:
0x407028 ImageList_Create
0x40702c ImageList_AddMasked
0x407030 ImageList_Destroy
0x407034 None
库: ole32.dll:
0x407284 CoCreateInstance
0x407288 CoTaskMemFree
0x40728c OleInitialize
0x407290 OleUninitialize
库: VERSION.dll:
0x407278 GetFileVersionInfoA
0x40727c VerQueryValueA

.text
`.rdata
@.data
.ndata
.rsrc
Phts@
#VhB+@
u49-l7B
9-l7B
9-l7B
9-l7B
9-`7B
RichEdit
RichEdit20A
RichEd32
RichEd20
.DEFAULT\Control Panel\International
Control Panel\Desktop\ResourceLocale
Software\Microsoft\Windows\CurrentVersion
\Microsoft\Internet Explorer\Quick Launch
MulDiv
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
KERNEL32.dll
EndPaint
DrawTextA
FillRect
GetClientRect
BeginPaint
DefWindowProcA
SendMessageA
InvalidateRect
EnableWindow
ReleaseDC
GetDC
LoadImageA
SetWindowLongA
GetDlgItem
IsWindow
FindWindowExA
SendMessageTimeoutA
wsprintfA
ShowWindow
SetForegroundWindow
PostQuitMessage
SetWindowTextA
SetTimer
CreateDialogParamA
DestroyWindow
ExitWindowsEx
CharNextA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
USER32.dll
SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
GDI32.dll
SHFileOperationA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHELL32.dll
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
COMCTL32.dll
CoCreateInstance
OleUninitialize
OleInitialize
CoTaskMemFree
ole32.dll
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
Error writing temporary file. Make sure your temp folder is valid.
Error launching installer
SeShutdownPrivilege
~nsu.tmp
\Temp
NSIS Error
%u.%u%s%s
SHGetFolderPathA
SHFOLDER
SHAutoComplete
SHLWAPI
GetUserDefaultUILanguage
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyExA
ADVAPI32
MoveFileExA
GetDiskFreeSpaceExA
KERNEL32
*?|<>/":
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b0</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.0b0</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>
NullsoftInstaS
TCPVIEW(
Context
C&lose Connection
Ctrl+W
Ctrl+C
&File
Ctrl+W
C&lose Connection
Ctrl+C
Ctrl+S
Ctrl+A
E&xit
&Options
Ctrl+U
Ctrl+R
&Always On Top
&Font...
&View
&Update Speed
&1 second
&2 seconds
&5 seconds
Space
&Help
&About...
MS Shell Dlg
MS Shell Dlg
msctls_progress32
SysListView32
MS Shell Dlg
TCPView
Cannot find the specified path
Save (Ctrl+S)
Refresh (F5)
VS_VERSION_INFO
StringFileInfo
040904e4
CompanyName
Florian Balmer Inc.
FileDescription
sudoku
FileVersion
4.2.25.0
LegalCopyright
(c) Florian Balmer 2004-2011
ProductName
sudoku
ProductVersion
4.2.25.0
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20180719
MicroWorld-eScan 未发现病毒 20180720
CMC 未发现病毒 20180719
CAT-QuickHeal 未发现病毒 20180719
McAfee RDN/Generic PWS.y 20180720
Cylance 未发现病毒 20180720
Zillya 未发现病毒 20180719
AegisLab Troj.Spy.W32.Agent!c 20180720
TheHacker 未发现病毒 20180720
K7GW 未发现病毒 20180720
K7AntiVirus 未发现病毒 20180720
Invincea heuristic 20180717
Baidu 未发现病毒 20180717
NANO-Antivirus 未发现病毒 20180720
F-Prot 未发现病毒 20180720
Symantec Trojan Horse 20180720
ESET-NOD32 a variant of Generik.BGKPXPZ 20180720
TrendMicro-HouseCall TROJ_GEN.R002H07GJ18 20180720
Paloalto 未发现病毒 20180720
ClamAV 未发现病毒 20180720
Kaspersky HEUR:Trojan-Spy.Win32.Agent.gen 20180720
BitDefender 未发现病毒 20180720
Babable 未发现病毒 20180406
SUPERAntiSpyware 未发现病毒 20180720
Tencent 未发现病毒 20180720
Ad-Aware 未发现病毒 20180720
Sophos Mal/Generic-S 20180720
Comodo .UnclassifiedMalware 20180720
F-Secure 未发现病毒 20180720
DrWeb Trojan.MulDrop8.31121 20180720
VIPRE 未发现病毒 20180720
TrendMicro 未发现病毒 20180720
McAfee-GW-Edition BehavesLike.Win32.Dropper.cc 20180720
Emsisoft 未发现病毒 20180720
Ikarus 未发现病毒 20180719
Cyren W32/Trojan.UVWO-0971 20180720
Jiangmin 未发现病毒 20180720
Webroot 未发现病毒 20180720
Avira 未发现病毒 20180719
Antiy-AVL 未发现病毒 20180720
Kingsoft 未发现病毒 20180720
Microsoft Trojan:Win32/Zpevdo.A 20180720
Endgame 未发现病毒 20180711
Arcabit 未发现病毒 20180720
ViRobot Trojan.Win32.Z.Agent.888307 20180720
ZoneAlarm HEUR:Trojan-Spy.Win32.Agent.gen 20180720
Avast-Mobile 未发现病毒 20180720
GData Win32.Trojan.Agent.G2DC1Y 20180720
TACHYON 未发现病毒 20180719
AhnLab-V3 未发现病毒 20180720
ALYac 未发现病毒 20180720
AVware 未发现病毒 20180720
MAX malware (ai score=95) 20180720
VBA32 未发现病毒 20180719
Malwarebytes Backdoor.Bot 20180720
Panda 未发现病毒 20180719
Zoner 未发现病毒 20180719
Rising 未发现病毒 20180720
Yandex 未发现病毒 20180717
SentinelOne 未发现病毒 20180701
eGambit 未发现病毒 20180720
Fortinet 未发现病毒 20180720
AVG Win32:Malware-gen 20180720
Cybereason 未发现病毒 20180225
Avast Win32:Malware-gen 20180720
CrowdStrike malicious_confidence_90% (W) 20180530
Qihoo-360 Win32/Trojan.Spy.94c 20180720

进程树


ntp2.exe, PID: 1808, 上一级进程 PID: 1872
system.exe, PID: 812, 上一级进程 PID: 1808
cmd.exe, PID: 2068, 上一级进程 PID: 1808
system.exe, PID: 2140, 上一级进程 PID: 2068
cmd.exe, PID: 2244, 上一级进程 PID: 1808
system.exe, PID: 2316, 上一级进程 PID: 2244
dev4790.exe, PID: 2412, 上一级进程 PID: 1808
cmd.exe, PID: 2496, 上一级进程 PID: 1808
system.exe, PID: 2568, 上一级进程 PID: 2496
cmd.exe, PID: 2712, 上一级进程 PID: 1808
system.exe, PID: 2784, 上一级进程 PID: 2712
cmd.exe, PID: 2924, 上一级进程 PID: 1808
system.exe, PID: 2996, 上一级进程 PID: 2924
dev31B0.exe, PID: 1368, 上一级进程 PID: 1808
sudoku.exe, PID: 1164, 上一级进程 PID: 1368
ctfmon.exe, PID: 2172, 上一级进程 PID: 1164
sudoku.exe, PID: 2072, 上一级进程 PID: 1368
ctfmon.exe, PID: 2368, 上一级进程 PID: 2072
sudoku.exe, PID: 2416, 上一级进程 PID: 1368
sudoku.exe, PID: 2732, 上一级进程 PID: 1808

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
80.82.67.194 荷兰

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49180 80.82.67.194 api-rambler.com 443
192.168.122.201 49183 80.82.67.194 api-rambler.com 443
192.168.122.201 49198 80.82.67.194 api-rambler.com 443
192.168.122.201 49200 80.82.67.194 api-rambler.com 443
192.168.122.201 49202 80.82.67.194 api-rambler.com 443
192.168.122.201 49204 80.82.67.194 api-rambler.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 60990 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
api-rambler.com A 80.82.67.194

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49180 80.82.67.194 api-rambler.com 443
192.168.122.201 49183 80.82.67.194 api-rambler.com 443
192.168.122.201 49198 80.82.67.194 api-rambler.com 443
192.168.122.201 49200 80.82.67.194 api-rambler.com 443
192.168.122.201 49202 80.82.67.194 api-rambler.com 443
192.168.122.201 49204 80.82.67.194 api-rambler.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 60990 192.168.122.1 53

HTTP 请求

未发现HTTP请求.

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2018-07-20 18:11:56.340379+0800 192.168.122.201 49180 80.82.67.194 443 TLS 1.2 C=XX, L=Default City, O=Default Company Ltd C=XX, L=Default City, O=Default Company Ltd 79:b5:c2:28:22:ea:23:fc:61:ce:c9:e0:ce:6f:ea:49:69:9e:84:77
2018-07-20 18:12:08.777125+0800 192.168.122.201 49183 80.82.67.194 443 TLS 1.2 C=XX, L=Default City, O=Default Company Ltd C=XX, L=Default City, O=Default Company Ltd 79:b5:c2:28:22:ea:23:fc:61:ce:c9:e0:ce:6f:ea:49:69:9e:84:77
2018-07-20 18:12:22.534626+0800 192.168.122.201 49198 80.82.67.194 443 TLS 1.2 C=XX, L=Default City, O=Default Company Ltd C=XX, L=Default City, O=Default Company Ltd 79:b5:c2:28:22:ea:23:fc:61:ce:c9:e0:ce:6f:ea:49:69:9e:84:77
2018-07-20 18:13:08.618596+0800 192.168.122.201 49202 80.82.67.194 443 TLS 1.2 C=XX, L=Default City, O=Default Company Ltd C=XX, L=Default City, O=Default Company Ltd 79:b5:c2:28:22:ea:23:fc:61:ce:c9:e0:ce:6f:ea:49:69:9e:84:77
2018-07-20 18:13:21.727265+0800 192.168.122.201 49204 80.82.67.194 443 TLS 1.2 C=XX, L=Default City, O=Default Company Ltd C=XX, L=Default City, O=Default Company Ltd 79:b5:c2:28:22:ea:23:fc:61:ce:c9:e0:ce:6f:ea:49:69:9e:84:77
2018-07-20 18:12:45.575577+0800 192.168.122.201 49200 80.82.67.194 443 TLS 1.2 C=XX, L=Default City, O=Default Company Ltd C=XX, L=Default City, O=Default Company Ltd 79:b5:c2:28:22:ea:23:fc:61:ce:c9:e0:ce:6f:ea:49:69:9e:84:77

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 dev31B0.exe
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\dev31B0.exe
C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev31B0.tmp
文件大小 88896 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 2ec80e561f96a56cf31b1695bf9af3e1
SHA1 6682401cf005f640c4fd89285e6c945ef5c4b964
SHA256 ecc57821d762e3259f52e15187c770847ef3be2839b87f8db0cea647c1db4c76
CRC32 B4C958D6
Ssdeep 1536:oWGMsx0E7UFsgkn/PxZOE9frdK06+a1HkjPQJpasWvcd2OTqQIGjuIxps:K7Gk/5wQfrdo+2kjPwpx2WqQIGjX
下载提交魔盾安全分析
文件名 nsExec.dll
相关文件
C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsExec.dll
文件大小 6656 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 14f5984b926208de2aafb55dd9971d4a
SHA1 e5afe0b80568135d3e259c73f93947d758a7b980
SHA256 030bcfa82e3bb424835a5fa53a3ff17ab08557d3bbeea4815313036fc4bdafe1
CRC32 25B3696C
Ssdeep 96:k7GUaYNwCLuGFctpiKFlYJ8hH4RVHpwdEeY3kRlDr6dMqqyVgNJ38:Wygp3FcHi0xhYMR8dMqJVgN
下载提交魔盾安全分析
文件名 sudoku.prefs
相关文件
C:\Users\test\.fltk\fltk.org\sudoku.prefs
文件大小 10157 字节
文件类型 ASCII text
MD5 9ee26510bacff966b3d702b95367ae9f
SHA1 f81bd22ad26396bd9b379add908224c9454f7b4f
SHA256 86b5b1dbfb699460bba242e59941a15e13395bf8576cdb462e5337a8a2e919d7
CRC32 D1499A19
Ssdeep 192:SiQhXWG8/1ByehmuYhwfaiITxcRi3Kapy1Nf7:S5989sImHhwfaiMxcRi3Kapy1Nf7
下载提交魔盾安全分析显示文本
; FLTK preferences file format 1.0
; vendor: fltk.org
; application: sudoku

[.]

x:92
y:91
width:480
height:505
value0.0:8
state0.0:0
readonly0.0:0
test00.0:0
test10.0:0
test20.0:0
test30.0:0
test40.0:0
test50.0:0
test60.0:0
test70.0:0
value0.1:2
state0.1:0
readonly0.1:0
test00.1:0
test10.1:0
test20.1:0
test30.1:0
test40.1:0
test50.1:0
test60.1:0
test70.1:0
value0.2:3
state0.2:3
readonly0.2:1
test00.2:0
test10.2:0
test20.2:0
test30.2:0
test40.2:0
test50.2:0
test60.2:0
test70.2:0
value0.3:5
state0.3:0
readonly0.3:0
test00.3:0
test10.3:0
test20.3:0
test30.3:0
test40.3:0
test50.3:0
test60.3:0
test70.3:0
value0.4:9
state0.4:0
readonly0.4:0
test00.4:0
test10.4:0
test20.4:0
test30.4:0
test40.4:0
test50.4:0
test60.4:0
test70.4:0
value0.5:1
state0.5:1
readonly0.5:1
test00.5:0
test10.5:0
test20.5:0
test30.5:0
test40.5:0
test50.5:0
test60.5:0
test70.5:0
value0.6:7
state0.6:7
readonly0.6:1
test00.6:0
test10.6:0
test20.6:0
test30.6:0
test40.6:0
test50.6:0
test60.6:0
test70.6:0
value0.7:4
state0.7:4
readonly0.7:1
test00.7:0
test10.7:0
test20.7:0
test30.7:0
test40.7:0
test50.7:0
test60.7:0
test70.7:0
value0.8:6
state0.8:6
readonly0.8:1
test00.8:0
test10.8:0
test20.8:0
test30.8:0
test40.8:0
test50.8:0
test60.8:0
test70.8:0
value1.0:6
state1.0:6
readonly1.0:1
test01.0:0
test11.0:0
test21.0:0
test31.0:0
test41.0:0
test51.0:0
test61.0:0
test71.0:0
value1.1:4
state1.1:4
readonly1.1:1
test01.1:0
test11.1:0
test21.1:0
test31.1:0
test41.1:0
test51.1:0
test61.1:0
test71.1:0
value1.2:9
state1.2:9
readonly1.2:1
test01.2:0
test11.2:0
test21.2:0
test31.2:0
test41.2:0
test51.2:0
test61.2:0
test71.2:0
value1.3:7
state1.3:0
readonly1.3:0
test01.3:0
test11.3:0
test21.3:0
test31.3:0
test41.3:0
test51.3:0
test61.3:0
test71.3:0
value1.4:8
state1.4:0
readonly1.4:0
test01.4:0
test11.4:0
test21.4:0
test31.4:0
test41.4:0
test51.4:0
test61.4:0
test71.4:0
value1.5:2
state1.5:2
readonly1.5:1
test01.5:0
test11.5:0
test21.5:0
test31.5:0
test41.5:0
test51.5:0
test61.5:0
test71.5:0
value1.6:1
state1.6:1
readonly1.6:1
test01.6:0
test11.6:0
test21.6:0
test31 <truncated>
文件名 726914A4.dll
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\726914A4.dll
C:\Users\test\AppData\Local\Temp\msi5279.tmp\726914A4.dll
C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\api-ms-win-core-synch-l1-2-0.dll
文件大小 89600 字节
文件类型 PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5 1df9d1021c675c1b1f3b121a1fe79e20
SHA1 f70f3409d2149a118a041882aa3d6170aec3e510
SHA256 10822279f1b6245265169b19dbba6549ce3e2c4ac6f58bfc869fcae563cce0c4
CRC32 2978BA6A
Ssdeep 1536:9SngN/U9vLqYBXWd3Fz7czK0wXxF0G1WiTgTYs25I7tHLsWNcdFrur312Gq:mik9BXWd3Fd0wOYLs6Fir312V
下载提交魔盾安全分析
文件名 sudoku.lnk
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sudoku.lnk
文件大小 1158 字节
文件类型 MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, Icon number=0, ctime=Sun Dec 31 15:54:17 1600, mtime=Sun Dec 31 15:54:17 1600, atime=Sun Dec 31 15:54:17 1600, length=0, window=hide
MD5 5e7720c18e8b1fb76411fcaa07f1fc72
SHA1 c2968d285efeb405f9305a6d1d76d718b8fda819
SHA256 d84f0c9ae7d8fae9ab724d74b90ff7da3ba2068f1db48c01787c8d3feccaec42
CRC32 8A4B717F
Ssdeep 12:8TGY9/tpf7GovHSLcrO2VSEC4mc++mtml1MJ8+M4gbNfBZH4t2YZqI0GX:8Npz9MsOLR4Y+ckql8JDdq
下载提交魔盾安全分析
文件名 ntuser.dat
相关文件
C:\Users\test\AppData\Roaming\ntuser.dat
文件大小 179 字节
文件类型 data
MD5 880ac583175fe607b6295abd5ffc9776
SHA1 7377381457901457d1c6f6234bfdcc265a1e3971
SHA256 f10ddb66531e0168d0c20fc67134658b0861f6b6bc507f204b989766ec4091ea
CRC32 9B6CD5B4
Ssdeep 3:2LZ1tBahU6dxA3B5Wk83c3VMPQICZZjnSnmgqIGQlM1KohfAqyDDp/y02DLB+:8HapdxMC3c366ZjnSnmQGc0Koh4tnp/D
下载提交魔盾安全分析
文件名 ntuser.dat
相关文件
C:\Users\test\AppData\Roaming\ntuser.dat
文件大小 179 字节
文件类型 data
MD5 f54cd5f81f2ac330ea6e3153ac7ad3bd
SHA1 0f3f94780aafd1b66b3442bc34ec4ec7762dacde
SHA256 2c9d978a0bdd2c24de17c6739629ab83081a4ca4594490f4f1446869c916c6b3
CRC32 7B0A0B98
Ssdeep 3:LWsJ/R7bDheZrLmLh+4sh8qHlCD44wxSSfq528YZFJ3Epo1bzM+LyNQTfX9OTyI:PX7bDqWL84zqFCPsQ2hZDEpo1XM++QTW
下载提交魔盾安全分析
文件名 sudoku.exe
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\sudoku.exe
文件大小 185856 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 1cfcbf83d8fc09b05040150e960971fe
SHA1 716e5b57139f8a1d89c087eb181a7430ae3a4879
SHA256 ad321dd6c21e8b764aab5396658f173b8bd3a8de206fb110b03204f07084f35a
CRC32 0FD815C8
Ssdeep 3072:pNafGO3JVrs7hoeUBisfnrTn37KFHrFIPQ4rGLVBJJAKInue9n:7agWeKDT7KFLFIYIGLsKzK
下载提交魔盾安全分析
文件名 ntuser.dat
相关文件
C:\Users\test\AppData\Roaming\ntuser.dat
文件大小 179 字节
文件类型 data
MD5 284d134cfeae271e1b065a15a322067b
SHA1 584e7815f7a11ef4de9f5bb14b33e6d64b1eaeb8
SHA256 43d53071391b1886bca2c6da1a29cecd177c6b59788c76ab3e58360f708b1a8e
CRC32 CEFAD4C1
Ssdeep 3:RkO1h0Rxp1Cmw1zEUY3hmsjgdFaeLS6EQgAvuEsnHvT2Cbz3ZKqWb6ktwsQEcHSF:1wCmE9Y3PjgCeOQgKuFvT2Cbz3ZK1tZz
下载提交魔盾安全分析
文件名 common.dat
相关文件
C:\Users\test\AppData\Local\Temp\msi5279.tmp\common.dat
C:\Users\test\AppData\Roaming\Microsoft\Games\sudoku\common.dat
文件大小 133136 字节
文件类型 data
MD5 83ffe677465a10c9d70c29720113e145
SHA1 3f903ad170f51e28a172618d640c23429ea304aa
SHA256 e62178c17c9fb09ef9088d271854b74bc19666bdc783f14191322a198d1612ab
CRC32 97A77166
Ssdeep 3072:prpvVmlnnkJIk3UwLm16u2BptNcbGnh6UfRBjphzpF:fvVmlkJ73U56Bpq8RBjHdF
下载提交魔盾安全分析
文件名 4563268.cmd
相关文件
C:\Users\test\AppData\Local\Temp\4563268.cmd
C:\Users\test\AppData\Local\Temp\3855021.cmd
文件大小 61 字节
文件类型 ASCII text
MD5 256058088776c46eaa14621523240ddf
SHA1 25b48042f797f45018c486144edfe375d0415830
SHA256 b87babd5234c608b9c4634ea70151dd61201013611c79a6d8302c8fd1070cc71
CRC32 93AAB81A
Ssdeep 3:GfLqF7ckspNPfeXbn:GfLqFhsWn
下载提交魔盾安全分析显示文本
:l
ping -n 5 127.0.0.1
del /f /q %1
if exist %1 goto l
del %0
文件名 nsProcess.dll
相关文件
C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\nsProcess.dll
文件大小 4608 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 faa7f034b38e729a983965c04cc70fc1
SHA1 df8bda55b498976ea47d25d8a77539b049dab55e
SHA256 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
CRC32 3CD28811
Ssdeep 48:iYXzAm8HGJLvwM8GJFd6I7W4JtT2bxNNAa4GsNf+CJ8aYqmtlKdgAtgma1QvtCSJ:lz2mJkpGR6GY74GQ1YqmstgGCtR
下载提交魔盾安全分析
文件名 ntuser.dat
相关文件
C:\Users\test\AppData\Roaming\ntuser.dat
文件大小 179 字节
文件类型 data
MD5 768430d6f3d5841f52217289250db9f3
SHA1 922df4cf0aaae6f5134c9b763cc1bb027f8f68ed
SHA256 9c031ea46bc0100553e776fec19f6522f3a7090c816efc3bb791f1ec1e34a899
CRC32 94434576
Ssdeep 3:yvwh8I8Ki0a7IQaBMWAyDGvNM2szdhAEFoMCXX5MXXt85WBw2KUeFcfYf:pK0a7IQXWAy92uhjHCH5MXXQWBw9a8
下载提交魔盾安全分析
文件名 ntuser.dat
相关文件
C:\Users\test\AppData\Roaming\ntuser.dat
文件大小 1251 字节
文件类型 data
MD5 0ff881e5321172197d87d344f70e5d71
SHA1 fc5a4c8471652811976b29a09b064559a594703c
SHA256 91ae2b7db2c1b7069023a9450924db3b6a11619e19c1688bb3752a53fe66196b
CRC32 C01D9634
Ssdeep 24:anLlscXhNGHMBjAszOVLqGWQvDUojc09Z4gHI6+XBn4XvWCSrkqlREwU9u:aKcXiaVOhqGWQvoog0jVHA4/2rnDxt
下载提交魔盾安全分析
文件名 dev4790.exe
相关文件
C:\Users\test\AppData\Local\Temp\msi5279.tmp\dev4790.exe
文件大小 87872 字节
文件类型 PE32 executable (console) Intel 80386, for MS Windows
MD5 5822c0018beadd0509e238bc9e42b4e4
SHA1 7c5651046fb458300ddabe0c133719102409426c
SHA256 f8910ba2cfe8d8e55aa6be15a494280513fdf508d339f386a6d89f781308482a
CRC32 C0640FB1
Ssdeep 1536:nUgVpFmYBzeJGB85UsreEPCs0EuMCJNq35e00RhYJX5sWt6cdQk2S8OwKx0MP8sv:nHpzUGBKjKEr0tHJNGeBoXBbQk2S8OwM
下载提交魔盾安全分析
文件名 ntuser.dat
相关文件
C:\Users\test\AppData\Roaming\ntuser.dat
文件大小 179 字节
文件类型 data
MD5 4fee34ed9106ed5ba87248b0d9cc2580
SHA1 94e394a60ea4d932bc43845ab9ec60ff030f0464
SHA256 7e622705d703b9fe8607e9e4a5d7be5af22bd93445f7a19ea078f92d4226f30a
CRC32 F387E7A1
Ssdeep 3:eeptjHMqoFDqX8cKcWEKGhrA8Xn36UVORHmbWaUOuedYYHw4u5Yeov+Y0kwDen:e2tjS1Lc3WEKGhrTXn36UgiPSYHxu5Yn
下载提交魔盾安全分析
文件名 226ECBD4.dat
相关文件
C:\Users\test\AppData\Local\Temp\msi5279.tmp\226ECBD4.dat
文件大小 133128 字节
文件类型 data
MD5 e4f80f3e5d74e562be9c17816a906404
SHA1 40c15099dee01bc75cddeae08571f9e6a6cd4090
SHA256 37dca613ce767c2472228737a0adb334b8322b243561c911ffa7be8ff36cae04
CRC32 EFC39776
Ssdeep 3072:7ACPz3RdfIFcqCy45U6c3Su0Sf0199sSjQSIc9Z:XzBdfRq4RM0Sf0XrQS19Z
下载提交魔盾安全分析
文件名 system.exe
相关文件
C:\Users\test\AppData\Local\Temp\msi5279.tmp\system.exe
文件大小 476672 字节
文件类型 PE32 executable (console) Intel 80386, for MS Windows
MD5 885e9eb42889ca547f4e3515dcde5d3d
SHA1 d4206fc233e3a708b54439e1c2bc12b48a755ed1
SHA256 b3a70d388488c34dd5c767692eccc9effed36b8e7c1ee03ace1bd27123a2e6d6
CRC32 1BAE18F7
Ssdeep 12288:WfX18uyXxIAs5mi7hTgKc7A8+CFBDGyBoZ2lnek:WfX18uGxIQi79kcJCFBDGyD5ek
下载提交魔盾安全分析
文件名 System.dll
相关文件
C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\System.dll
文件大小 11264 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 a436db0c473a087eb61ff5c53c34ba27
SHA1 65ea67e424e75f5065132b539c8b2eda88aa0506
SHA256 75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49
CRC32 C8485E15
Ssdeep 192:aVL7iZJX76BisO7+UZEw+Rl59pV8ghsVJ39dx8T:d7NsOpZsfLMJ39e
魔盾安全分析结果 0.5分析时间:2016-09-16 23:16:13查看分析报告
下载提交魔盾安全分析
文件名 adobesystem.log
相关文件
C:\Users\test\AppData\Roaming\adobesystem.log
文件大小 0 字节
文件类型 empty
MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32 00000000
Ssdeep 3::
魔盾安全分析结果 6.0分析时间:2016-05-08 17:55:55查看分析报告
文件名 source.zip
相关文件
C:\Users\test\AppData\Local\Temp\msi5279.tmp\source.zip
文件大小 183089 字节
文件类型 7-zip archive data, version 0.2
MD5 b1a62d8ba61f63b279f6369174f91b4e
SHA1 1773f577e87653b02f24cac38dfc0d55b91cf9c5
SHA256 0ad955014507eae9575fa7c6de763208920aeb0f66767726e3ed481a509a220a
CRC32 5ECFA82A
Ssdeep 3072:vG6fMeY3qXio97+HcnNW9URMyLRpR61px0/lZ9E0CPxOKk1QMQei:jOSDM9URMyLRL6qO7PxODQbn
下载提交魔盾安全分析
文件名 ExecCmd.dll
相关文件
C:\Users\test\AppData\Local\Temp\nsyB8F4.tmp\ExecCmd.dll
文件大小 4608 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 b9380b0bea8854fd9f93cc1fda0dfeac
SHA1 edb8d58074e098f7b5f0d158abedc7fc53638618
SHA256 1f4bd9c9376fe1b6913baeca7fb6df6467126f27c9c2fe038206567232a0e244
CRC32 5070EFF5
Ssdeep 48:ifXNtGNjFizsU35iej7luiwa28mDJmDKUOMQH0glay/Aa4r/:5Fef5iej5txKJKenlV4r/
下载提交魔盾安全分析
文件名 tools.zip
相关文件
C:\Users\test\AppData\Local\Temp\msi5279.tmp\tools.zip
文件大小 447359 字节
文件类型 7-zip archive data, version 0.2
MD5 d37c4e3b0dbb005606b86e5c2bb92f80
SHA1 2f9e7f9ca2cf3a1707a6249e0aa5683c046826c1
SHA256 190804757d5487f287af051e4a74975a10a4d7fbc5a9c27d02122c37321edf05
CRC32 9B91D20C
Ssdeep 6144:64OPc9li9xCpJZcEKd5VFXr+U7Hbll1+kYGmaHgn71GVSgu+GVQIIxsogvcmD/qf:LicNvcbXFX5rrYfnZGUfQa0M2T
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 36.677 seconds )

  • 11.762 NetworkAnalysis
  • 11.257 VirusTotal
  • 7.402 Suricata
  • 3.34 BehaviorAnalysis
  • 1.42 TargetInfo
  • 0.81 Static
  • 0.347 peid
  • 0.188 AnalysisInfo
  • 0.135 Dropped
  • 0.012 Strings
  • 0.002 Debug
  • 0.001 Memory
  • 0.001 config_decoder

Signatures ( 2.164 seconds )

  • 0.516 antidbg_windows
  • 0.162 api_spamming
  • 0.144 decoy_document
  • 0.139 packer_themida
  • 0.127 antivm_vbox_window
  • 0.096 antisandbox_script_timer
  • 0.096 stealth_timeout
  • 0.084 antiav_detectreg
  • 0.082 browser_needed
  • 0.066 injection_explorer
  • 0.052 md_bad_drop
  • 0.033 infostealer_ftp
  • 0.03 antiemu_wine_func
  • 0.029 stealth_file
  • 0.029 antivm_vbox_libs
  • 0.028 antivm_generic_disk
  • 0.025 mimics_filetime
  • 0.024 kovter_behavior
  • 0.023 infostealer_browser_password
  • 0.023 virus
  • 0.022 reads_self
  • 0.02 bootkit
  • 0.019 infostealer_im
  • 0.017 antianalysis_detectreg
  • 0.014 antivm_generic_scsi
  • 0.013 antiav_avast_libs
  • 0.013 exec_crash
  • 0.013 antiav_detectfile
  • 0.012 hancitor_behavior
  • 0.011 infostealer_mail
  • 0.01 antisandbox_sunbelt_libs
  • 0.01 md_url_bl
  • 0.009 infostealer_browser
  • 0.009 infostealer_bitcoin
  • 0.008 antisandbox_sboxie_libs
  • 0.008 md_domain_bl
  • 0.007 antivm_vmware_libs
  • 0.007 antivm_generic_services
  • 0.007 antiav_bitdefender_libs
  • 0.006 ransomware_message
  • 0.005 injection_createremotethread
  • 0.005 kibex_behavior
  • 0.005 persistence_autorun
  • 0.005 antivm_vbox_files
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.004 antisandbox_sleep
  • 0.004 sets_autoconfig_url
  • 0.004 betabot_behavior
  • 0.004 ipc_namedpipe
  • 0.004 injection_runpe
  • 0.004 securityxploded_modules
  • 0.004 antivm_parallels_keys
  • 0.004 antivm_xen_keys
  • 0.004 geodo_banking_trojan
  • 0.004 darkcomet_regkeys
  • 0.003 vawtrak_behavior
  • 0.003 recon_fingerprint
  • 0.002 rat_nanocore
  • 0.002 disables_spdy
  • 0.002 tinba_behavior
  • 0.002 disables_wfp
  • 0.002 antidbg_devices
  • 0.002 antisandbox_productid
  • 0.002 antivm_generic_diskreg
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 office_dl_write_exe
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 office_write_exe
  • 0.001 rat_luminosity
  • 0.001 kazybot_behavior
  • 0.001 shifu_behavior
  • 0.001 cerber_behavior
  • 0.001 antivm_xen_keys
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 bypass_firewall
  • 0.001 codelux_behavior
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 recon_programs

Reporting ( 0.606 seconds )

  • 0.535 ReportHTMLSummary
  • 0.071 Malheur
Task ID 171252
Mongo ID 5b51b606bb7d574885061ffe
Cuckoo release 1.4-Maldun