比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2018-08-08 21:25:15 2018-08-08 21:27:57 162 秒

魔盾分数

2.75

可疑的

文件详细信息

文件名 梦神-枪林弹雨2.2.exe
文件大小 2347008 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 520e352861194c1e0a12f00f0c93a143
SHA1 6ed776cf8072275bf181cf4f6e8c06c980b691f6
SHA256 64db7a78a92d75a5f73798671d1a4bbbc8e8a6364b80ffe0e992b74ebf42e61e
SHA512 a23a696fd710c32e5068137b7096ca6c06f5057b0a83c5f62efa686cc8669dd3a48b87be796a48d7ca2651149cc2f1aaad3b20ec27e8e15d7d0777716bd276f3
CRC32 09671A3D
Ssdeep 49152:qGE8BTK4sCvuLp9Evgyxq+s8KuqGaX0ToIBAUZLYJ:jFThsCGLPnyx5JBAUZLe
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
119.23.59.239 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.2018k.cn A 119.23.59.239
2018k.cn

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x004c82ea
声明校验值 0x00000000
实际校验值 0x00242c43
最低操作系统版本要求 4.0
编译时间 2018-08-07 11:48:34
载入哈希 a0b98e23de824b3e0490ff3ae868da92

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000ebac3 0x000ec000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.58
.rdata 0x000ed000 0x001270c8 0x00128000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.19
.data 0x00215000 0x0006d62a 0x00020000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 5.00
.rsrc 0x00283000 0x000073a4 0x00008000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.24

导入

库: WINMM.dll:
0x4ed700 waveOutWrite
0x4ed704 waveOutPause
0x4ed708 waveOutReset
0x4ed70c waveOutClose
0x4ed710 midiStreamRestart
0x4ed714 midiStreamClose
0x4ed718 midiOutReset
0x4ed71c midiStreamStop
0x4ed720 midiStreamOut
0x4ed724 midiStreamProperty
0x4ed728 midiStreamOpen
0x4ed730 waveOutOpen
0x4ed734 waveOutGetNumDevs
库: WS2_32.dll:
0x4ed74c inet_ntoa
0x4ed750 WSAStartup
0x4ed754 select
0x4ed758 send
0x4ed75c closesocket
0x4ed760 WSAAsyncSelect
0x4ed764 recvfrom
0x4ed768 ioctlsocket
0x4ed76c recv
0x4ed770 getpeername
0x4ed774 accept
0x4ed778 WSACleanup
库: RASAPI32.dll:
0x4ed428 RasHangUpA
库: KERNEL32.dll:
0x4ed19c GetSystemDirectoryA
0x4ed1a0 MultiByteToWideChar
0x4ed1a4 SetLastError
0x4ed1ac GetVersion
0x4ed1b0 GetTempFileNameA
0x4ed1b8 WideCharToMultiByte
0x4ed1c4 GetSystemInfo
0x4ed1cc lstrcmpiA
0x4ed1d0 GetACP
0x4ed1d4 LocalFree
0x4ed1d8 FormatMessageA
0x4ed1e0 lstrcpynA
0x4ed1e4 DuplicateHandle
0x4ed1e8 FlushFileBuffers
0x4ed1ec LockFile
0x4ed1f0 UnlockFile
0x4ed1f4 SetEndOfFile
0x4ed1f8 GetThreadLocale
0x4ed1fc GlobalDeleteAtom
0x4ed200 GlobalFindAtomA
0x4ed204 GlobalAddAtomA
0x4ed208 GlobalGetAtomNameA
0x4ed20c lstrcmpA
0x4ed210 LocalAlloc
0x4ed214 TlsAlloc
0x4ed218 GlobalHandle
0x4ed21c TlsFree
0x4ed220 TlsSetValue
0x4ed224 LocalReAlloc
0x4ed228 TlsGetValue
0x4ed22c GetFileTime
0x4ed230 GetCurrentThread
0x4ed234 GlobalFlags
0x4ed238 SetErrorMode
0x4ed23c GetProcessVersion
0x4ed240 GetCPInfo
0x4ed244 GetOEMCP
0x4ed248 GetStartupInfoA
0x4ed24c RtlUnwind
0x4ed250 GetSystemTime
0x4ed254 GetLocalTime
0x4ed258 RaiseException
0x4ed25c HeapSize
0x4ed260 SetStdHandle
0x4ed264 GetFileType
0x4ed27c SetHandleCount
0x4ed280 GetStdHandle
0x4ed288 HeapDestroy
0x4ed28c HeapCreate
0x4ed290 VirtualFree
0x4ed298 LCMapStringA
0x4ed29c LCMapStringW
0x4ed2a0 VirtualAlloc
0x4ed2a4 IsBadWritePtr
0x4ed2ac GetStringTypeA
0x4ed2b0 GetStringTypeW
0x4ed2b4 CompareStringA
0x4ed2b8 CompareStringW
0x4ed2bc IsBadReadPtr
0x4ed2c0 IsBadCodePtr
0x4ed2c4 TerminateProcess
0x4ed2c8 GetCurrentProcess
0x4ed2cc GetFileSize
0x4ed2d0 SetFilePointer
0x4ed2d8 Process32First
0x4ed2dc Process32Next
0x4ed2e0 CreateSemaphoreA
0x4ed2e4 ResumeThread
0x4ed2e8 ReleaseSemaphore
0x4ed2f4 GetProfileStringA
0x4ed2f8 WriteFile
0x4ed300 CreateFileA
0x4ed304 SetEvent
0x4ed308 FindResourceA
0x4ed30c LoadResource
0x4ed310 LockResource
0x4ed314 ReadFile
0x4ed318 GetModuleFileNameA
0x4ed31c GetCurrentThreadId
0x4ed320 ExitProcess
0x4ed324 GlobalSize
0x4ed328 GlobalFree
0x4ed334 lstrcatA
0x4ed338 lstrlenA
0x4ed33c WinExec
0x4ed340 lstrcpyA
0x4ed344 FindNextFileA
0x4ed348 GlobalReAlloc
0x4ed34c HeapFree
0x4ed350 HeapReAlloc
0x4ed354 GetProcessHeap
0x4ed358 HeapAlloc
0x4ed35c GetFullPathNameA
0x4ed360 FreeLibrary
0x4ed364 LoadLibraryA
0x4ed368 GetLastError
0x4ed36c GetVersionExA
0x4ed374 CreateThread
0x4ed378 CreateEventA
0x4ed37c Sleep
0x4ed380 GlobalAlloc
0x4ed384 GlobalLock
0x4ed388 GlobalUnlock
0x4ed38c GetTempPathA
0x4ed390 FindFirstFileA
0x4ed394 FindClose
0x4ed398 GetFileAttributesA
0x4ed39c DeleteFileA
0x4ed3a8 GetModuleHandleA
0x4ed3ac GetProcAddress
0x4ed3b0 MulDiv
0x4ed3b4 GetCommandLineA
0x4ed3b8 GetTickCount
0x4ed3bc CreateProcessA
0x4ed3c0 WaitForSingleObject
0x4ed3c4 CloseHandle
0x4ed3c8 InterlockedExchange
库: USER32.dll:
0x4ed43c CharNextA
0x4ed444 MapDialogRect
0x4ed448 LoadStringA
0x4ed44c GetSysColorBrush
0x4ed450 GetNextDlgGroupItem
0x4ed454 PostThreadMessageA
0x4ed458 IsDialogMessageA
0x4ed45c ScrollWindowEx
0x4ed460 SendDlgItemMessageA
0x4ed464 MapWindowPoints
0x4ed468 AdjustWindowRectEx
0x4ed46c GetScrollPos
0x4ed470 RegisterClassA
0x4ed474 GetMenuItemCount
0x4ed478 GetMenuItemID
0x4ed47c CreateWindowExA
0x4ed480 SetWindowsHookExA
0x4ed484 CallNextHookEx
0x4ed488 GetClassLongA
0x4ed48c SetPropA
0x4ed490 UnhookWindowsHookEx
0x4ed494 GetPropA
0x4ed498 CallWindowProcA
0x4ed49c RemovePropA
0x4ed4a0 GetMessageTime
0x4ed4a4 GetLastActivePopup
0x4ed4ac GetWindowPlacement
0x4ed4b0 GetNextDlgTabItem
0x4ed4b4 EndDialog
0x4ed4bc DestroyWindow
0x4ed4c0 GrayStringA
0x4ed4c4 DrawTextA
0x4ed4c8 TabbedTextOutA
0x4ed4cc EndPaint
0x4ed4d0 BeginPaint
0x4ed4d4 GetWindowDC
0x4ed4d8 CharUpperA
0x4ed4e0 GetForegroundWindow
0x4ed4e4 SetWindowTextA
0x4ed4e8 GetWindowTextA
0x4ed4ec FindWindowExA
0x4ed4f0 GetDlgItem
0x4ed4f4 GetClassNameA
0x4ed4f8 GetDesktopWindow
0x4ed4fc LoadIconA
0x4ed500 TranslateMessage
0x4ed504 DrawFrameControl
0x4ed508 DrawEdge
0x4ed50c DrawFocusRect
0x4ed510 WindowFromPoint
0x4ed514 GetMessageA
0x4ed518 DispatchMessageA
0x4ed51c SetRectEmpty
0x4ed52c DrawIconEx
0x4ed530 CreatePopupMenu
0x4ed538 ModifyMenuA
0x4ed53c CreateMenu
0x4ed544 GetDlgCtrlID
0x4ed548 GetSubMenu
0x4ed54c EnableMenuItem
0x4ed550 ClientToScreen
0x4ed558 LoadImageA
0x4ed560 ShowWindow
0x4ed564 IsWindowEnabled
0x4ed56c GetKeyState
0x4ed574 PostQuitMessage
0x4ed578 IsZoomed
0x4ed57c GetClassInfoA
0x4ed580 DefWindowProcA
0x4ed584 GetSystemMenu
0x4ed588 DeleteMenu
0x4ed58c GetMenu
0x4ed590 SetMenu
0x4ed594 PeekMessageA
0x4ed598 IsIconic
0x4ed59c SetFocus
0x4ed5a0 GetActiveWindow
0x4ed5a4 GetWindow
0x4ed5ac SetWindowRgn
0x4ed5b0 GetMessagePos
0x4ed5b4 ScreenToClient
0x4ed5bc CopyRect
0x4ed5c0 LoadBitmapA
0x4ed5c4 WinHelpA
0x4ed5c8 KillTimer
0x4ed5cc SetTimer
0x4ed5d0 ReleaseCapture
0x4ed5d4 GetCapture
0x4ed5d8 SetCapture
0x4ed5dc GetScrollRange
0x4ed5e0 SetScrollRange
0x4ed5e4 SetScrollPos
0x4ed5e8 SetRect
0x4ed5ec IntersectRect
0x4ed5f0 DestroyIcon
0x4ed5f4 PtInRect
0x4ed5f8 OffsetRect
0x4ed5fc IsWindowVisible
0x4ed600 EnableWindow
0x4ed604 RedrawWindow
0x4ed608 GetWindowLongA
0x4ed60c SetWindowLongA
0x4ed610 GetSysColor
0x4ed614 SetActiveWindow
0x4ed618 SetCursorPos
0x4ed61c LoadCursorA
0x4ed620 SetCursor
0x4ed624 GetDC
0x4ed628 FillRect
0x4ed62c IsRectEmpty
0x4ed630 ReleaseDC
0x4ed634 IsChild
0x4ed638 DestroyMenu
0x4ed63c SetForegroundWindow
0x4ed640 GetWindowRect
0x4ed644 EqualRect
0x4ed648 UpdateWindow
0x4ed64c ValidateRect
0x4ed650 InvalidateRect
0x4ed654 GetClientRect
0x4ed658 GetFocus
0x4ed65c GetParent
0x4ed660 GetTopWindow
0x4ed664 PostMessageA
0x4ed668 IsWindow
0x4ed66c SetParent
0x4ed670 DestroyCursor
0x4ed674 SendMessageA
0x4ed678 SetWindowPos
0x4ed67c MessageBeep
0x4ed680 MessageBoxA
0x4ed684 GetCursorPos
0x4ed688 GetSystemMetrics
0x4ed68c EmptyClipboard
0x4ed690 SetClipboardData
0x4ed694 OpenClipboard
0x4ed698 GetClipboardData
0x4ed69c CloseClipboard
0x4ed6a0 wsprintfA
0x4ed6a4 WaitForInputIdle
0x4ed6a8 UnregisterClassA
0x4ed6ac GetMenuState
0x4ed6b0 SetMenuItemBitmaps
0x4ed6b4 CheckMenuItem
0x4ed6b8 AppendMenuA
0x4ed6bc MoveWindow
0x4ed6c0 InflateRect
库: GDI32.dll:
0x4ed03c CreateRectRgn
0x4ed040 CombineRgn
0x4ed044 PatBlt
0x4ed048 CreatePen
0x4ed04c GetObjectA
0x4ed050 SelectObject
0x4ed054 CreateBitmap
0x4ed058 CreateDCA
0x4ed060 GetPolyFillMode
0x4ed064 GetStretchBltMode
0x4ed068 GetROP2
0x4ed06c GetBkColor
0x4ed070 GetBkMode
0x4ed074 GetTextColor
0x4ed078 CreateRoundRectRgn
0x4ed07c CreateEllipticRgn
0x4ed080 PathToRegion
0x4ed084 EndPath
0x4ed088 BeginPath
0x4ed08c GetWindowOrgEx
0x4ed090 GetViewportOrgEx
0x4ed094 GetWindowExtEx
0x4ed098 GetDIBits
0x4ed09c SetViewportOrgEx
0x4ed0a0 OffsetViewportOrgEx
0x4ed0a4 SetViewportExtEx
0x4ed0a8 ScaleViewportExtEx
0x4ed0ac SetWindowOrgEx
0x4ed0b0 SetWindowExtEx
0x4ed0b4 ScaleWindowExtEx
0x4ed0b8 GetClipBox
0x4ed0bc ExcludeClipRect
0x4ed0c0 FillRgn
0x4ed0c4 MoveToEx
0x4ed0c8 LineTo
0x4ed0cc CreateSolidBrush
0x4ed0d0 ExtSelectClipRgn
0x4ed0d4 GetViewportExtEx
0x4ed0d8 PtVisible
0x4ed0dc RectVisible
0x4ed0e0 TextOutA
0x4ed0e4 ExtTextOutA
0x4ed0e8 Escape
0x4ed0ec GetTextMetricsA
0x4ed0f0 GetMapMode
0x4ed0f4 SetBkColor
0x4ed0fc CreateDIBSection
0x4ed100 SetPixel
0x4ed104 ExtCreateRegion
0x4ed108 SetStretchBltMode
0x4ed10c GetClipRgn
0x4ed110 CreatePolygonRgn
0x4ed114 SelectClipRgn
0x4ed118 DeleteObject
0x4ed11c CreateDIBitmap
0x4ed124 CreatePalette
0x4ed128 StretchBlt
0x4ed12c SelectPalette
0x4ed130 GetStockObject
0x4ed134 CreateFontIndirectA
0x4ed138 EndPage
0x4ed13c EndDoc
0x4ed140 DeleteDC
0x4ed144 StartDocA
0x4ed148 StartPage
0x4ed14c BitBlt
0x4ed150 SetMapMode
0x4ed154 SetTextColor
0x4ed158 SetROP2
0x4ed15c SetPolyFillMode
0x4ed160 SetBkMode
0x4ed164 RestoreDC
0x4ed168 SaveDC
0x4ed16c GetPixel
0x4ed170 CreateCompatibleDC
0x4ed174 Ellipse
0x4ed178 Rectangle
0x4ed17c LPtoDP
0x4ed180 DPtoLP
0x4ed184 GetCurrentObject
0x4ed188 RoundRect
0x4ed190 GetDeviceCaps
0x4ed194 RealizePalette
库: WINSPOOL.DRV:
0x4ed73c ClosePrinter
0x4ed740 DocumentPropertiesA
0x4ed744 OpenPrinterA
库: comdlg32.dll:
0x4ed780 GetFileTitleA
0x4ed784 GetSaveFileNameA
0x4ed788 GetOpenFileNameA
0x4ed78c ChooseColorA
库: ADVAPI32.dll:
0x4ed000 RegCreateKeyExA
0x4ed004 RegOpenKeyA
0x4ed008 RegQueryValueA
0x4ed00c RegCreateKeyA
0x4ed010 RegSetValueExA
0x4ed014 RegOpenKeyExA
0x4ed018 RegQueryValueExA
0x4ed01c RegCloseKey
库: SHELL32.dll:
0x4ed430 ShellExecuteA
0x4ed434 Shell_NotifyIconA
库: ole32.dll:
0x4ed798 OleFlushClipboard
0x4ed79c CoRevokeClassObject
0x4ed7b4 CoGetClassObject
0x4ed7b8 CoTaskMemFree
0x4ed7bc CoTaskMemAlloc
0x4ed7c0 CLSIDFromProgID
0x4ed7c4 OleInitialize
0x4ed7c8 OleUninitialize
0x4ed7cc CLSIDFromString
库: OLEAUT32.dll:
0x4ed3d0 SafeArrayAccessData
0x4ed3d8 SafeArrayGetDim
0x4ed3dc SafeArrayGetUBound
0x4ed3e0 VariantChangeType
0x4ed3e4 VariantClear
0x4ed3e8 VariantCopy
0x4ed3ec SysAllocString
0x4ed3f0 SafeArrayCreate
0x4ed3f4 SafeArrayGetLBound
0x4ed3fc SysAllocStringLen
0x4ed400 UnRegisterTypeLib
0x4ed404 RegisterTypeLib
0x4ed408 LoadTypeLib
0x4ed410 SysFreeString
0x4ed414 SysStringLen
库: COMCTL32.dll:
0x4ed024 None
0x4ed028 ImageList_GetIcon
0x4ed02c ImageList_Duplicate
0x4ed030 ImageList_Read
0x4ed034 ImageList_Destroy
库: oledlg.dll:
0x4ed7d4 None
库: WININET.dll:
0x4ed6c8 InternetCloseHandle
0x4ed6cc InternetOpenA
0x4ed6d4 InternetCrackUrlA
0x4ed6d8 HttpOpenRequestA
0x4ed6dc HttpSendRequestA
0x4ed6e0 HttpQueryInfoA
0x4ed6e4 InternetReadFile
0x4ed6e8 InternetConnectA
0x4ed6ec InternetSetOptionA
.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
没有防病毒引擎扫描信息!

进程树

______-____________2.2.exe, PID: 1888, 上一级进程 PID: 1896
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
119.23.59.239 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 119.23.59.239 www.2018k.cn 80
192.168.122.201 49161 119.23.59.239 www.2018k.cn 80
192.168.122.201 49162 119.23.59.239 www.2018k.cn 80
192.168.122.201 49165 119.23.59.239 www.2018k.cn 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 57651 192.168.122.1 53
192.168.122.201 65281 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.2018k.cn A 119.23.59.239
2018k.cn

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49160 119.23.59.239 www.2018k.cn 80
192.168.122.201 49161 119.23.59.239 www.2018k.cn 80
192.168.122.201 49162 119.23.59.239 www.2018k.cn 80
192.168.122.201 49165 119.23.59.239 www.2018k.cn 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 57651 192.168.122.1 53
192.168.122.201 65281 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.2018k.cn/api/checkVersion?id=3d1e3d9ffaf34608a9c1060b2f2b5c4b&version=1.0 
GET /api/checkVersion?id=3d1e3d9ffaf34608a9c1060b2f2b5c4b&version=1.0 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: www.2018k.cn
Cache-Control: no-cache
URL专业沙箱检测 -> http://www.2018k.cn/api/checkVersion?id=c83e647b91024a82851ff9620239b288&version=2.2 
GET /api/checkVersion?id=c83e647b91024a82851ff9620239b288&version=2.2 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: www.2018k.cn
Cache-Control: no-cache
URL专业沙箱检测 -> http://2018k.cn/assets/orther/updateLogo.png 
GET /assets/orther/updateLogo.png HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: 2018k.cn
Cache-Control: no-cache
URL专业沙箱检测 -> http://www.2018k.cn/api/checkVersion?id=c83e647b91024a82851ff9620239b288&html=true 
GET /api/checkVersion?id=c83e647b91024a82851ff9620239b288&html=true HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.2018k.cn
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2018-08-08 21:27:36.840731+0800 192.168.122.201 49165 119.23.59.239 80 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation
2018-08-08 21:25:52.925122+0800 192.168.122.201 49160 119.23.59.239 80 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 navcancl[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\navcancl[1]
文件大小 2716 字节
文件类型 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 62d05660b732343d28afa32d84871132
SHA1 af1308bd1901940cec73da4ff919d9f4e9301644
SHA256 f7a799f8356f190f7e776353ed9625e62a99b0bf46445d99a924f36289be1529
CRC32 9D1842C4
Ssdeep 48:upU0dVeLVGBXvrVa4n/1a5TImNe/G7pKX:urp8Ea/aCpi
下载提交魔盾安全分析
文件名 bullet[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\bullet[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\bullet[1]
文件大小 3169 字节
文件类型 PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5 0c4c086dd852704e8eeb8ff83e3b73d1
SHA1 56bac3d2c88a83628134b36322e37deb6b00b1a1
SHA256 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
CRC32 51CC83D9
Ssdeep 48:VocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD2X+r0svw:VZ/I09Da01l+gmkyTt6Hk8nT2X+r0kw
下载提交魔盾安全分析
文件名 down[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\down[1]
文件大小 3414 字节
文件类型 PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5 555e83ce7f5d280d7454af334571fb25
SHA1 47f78f68d72e3d9041acc9107a6b0d665f408385
SHA256 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
CRC32 9EA3279D
Ssdeep 96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe
下载提交魔盾安全分析
文件名 background_gradient[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\background_gradient[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\background_gradient[1]
文件大小 453 字节
文件类型 JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
MD5 20f0110ed5e4e0d5384a496e4880139b
SHA1 51f5fc61d8bf19100df0f8aadaa57fcd9c086255
SHA256 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
CRC32 C2D0CE77
Ssdeep 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
下载提交魔盾安全分析
文件名 dnserrordiagoff_webOC[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\dnserrordiagoff_webOC[1]
文件大小 6652 字节
文件类型 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 7a7e59cb3e94bbb7bc2c605b22497039
SHA1 468fc1fc17c76f066d2404776cd5f3609550bf50
SHA256 530c4c65c94c60d5253eeb1db979334b753502c19b3e09242179a60084280443
CRC32 10A6E7FF
Ssdeep 48:uqUPr/ZV4V/NXvL7VQnD5YLc1a5TImPm3WgMucB32U+v32FEUKRuc1kpTcVKhAY+:u4tds1YLjNKDhc1x+vSHpAV2ptlO
下载提交魔盾安全分析
文件名 httpErrorPagesScripts[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\httpErrorPagesScripts[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\httpErrorPagesScripts[1]
文件大小 8601 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5 e7ca76a3c9ee0564471671d500e3f0f3
SHA1 fe815ae0f865ec4c26e421bf0bd21bb09bc6f410
SHA256 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
CRC32 A7C34EF3
Ssdeep 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y
魔盾安全分析结果 4.0分析时间:2016-11-15 15:05:24查看分析报告
下载提交魔盾安全分析
文件名 errorPageStrings[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\errorPageStrings[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\errorPageStrings[1]
文件大小 1643 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 13216fa0f896b1b7c445fe9a54b5b998
SHA1 d343d35b45507640bc68487d4ad3afcb927ce950
SHA256 7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61
CRC32 3A14753A
Ssdeep 48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc
魔盾安全分析结果 4.0分析时间:2016-11-15 15:07:57查看分析报告
下载提交魔盾安全分析
文件名 info_48[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\info_48[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\info_48[1]
文件大小 6993 字节
文件类型 PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
MD5 49e0ef03e74704089a60c437085db89e
SHA1 c2e7ab3ce114465ea7060f2ef738afcb3341a384
SHA256 caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
CRC32 4C99540A
Ssdeep 192:NS0tKg9E05THXQJBCnFux5TsRfb+Y0ObhD9Uc7:LXE05UBCFAORfK9S7b7
下载提交魔盾安全分析
文件名 ErrorPageTemplate[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[2]
文件大小 2226 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 9e7f4ae3f245c70af5b7dbe095647d30
SHA1 cbcffb08f72c10e3e2493ca0044872a7ebdc7215
SHA256 2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df
CRC32 08BB8CA5
Ssdeep 48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR
魔盾安全分析结果 4.0分析时间:2016-11-15 15:07:12查看分析报告
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 37.562 seconds )

  • 11.956 Suricata
  • 9.074 Static
  • 8.314 NetworkAnalysis
  • 6.057 TargetInfo
  • 0.862 BehaviorAnalysis
  • 0.657 peid
  • 0.444 AnalysisInfo
  • 0.108 Dropped
  • 0.065 Debug
  • 0.015 Strings
  • 0.007 config_decoder
  • 0.003 Memory

Signatures ( 3.741 seconds )

  • 2.172 md_url_bl
  • 0.908 md_bad_drop
  • 0.13 antiav_detectreg
  • 0.049 stealth_timeout
  • 0.048 infostealer_ftp
  • 0.04 api_spamming
  • 0.032 decoy_document
  • 0.028 infostealer_im
  • 0.027 antivm_generic_scsi
  • 0.027 antianalysis_detectreg
  • 0.017 md_domain_bl
  • 0.016 infostealer_mail
  • 0.014 antivm_generic_services
  • 0.012 antiav_detectfile
  • 0.01 antidbg_windows
  • 0.01 geodo_banking_trojan
  • 0.008 persistence_autorun
  • 0.008 infostealer_bitcoin
  • 0.008 ransomware_extensions
  • 0.008 ransomware_files
  • 0.007 kibex_behavior
  • 0.007 antivm_xen_keys
  • 0.007 network_http
  • 0.006 betabot_behavior
  • 0.006 mimics_filetime
  • 0.006 antivm_generic_disk
  • 0.006 antivm_parallels_keys
  • 0.006 darkcomet_regkeys
  • 0.005 antivm_vbox_files
  • 0.004 bootkit
  • 0.004 reads_self
  • 0.004 stealth_file
  • 0.004 virus
  • 0.004 antivm_generic_diskreg
  • 0.004 disables_browser_warn
  • 0.003 antiemu_wine_func
  • 0.003 rat_nanocore
  • 0.003 tinba_behavior
  • 0.003 antivm_vbox_libs
  • 0.003 network_torgateway
  • 0.003 recon_fingerprint
  • 0.002 hancitor_behavior
  • 0.002 antiav_avast_libs
  • 0.002 dridex_behavior
  • 0.002 antivm_vbox_window
  • 0.002 heapspray_js
  • 0.002 infostealer_browser_password
  • 0.002 cerber_behavior
  • 0.002 kovter_behavior
  • 0.002 antisandbox_productid
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 modify_proxy
  • 0.002 browser_security
  • 0.002 bypass_firewall
  • 0.002 packer_armadillo_regkey
  • 0.001 network_tor
  • 0.001 network_anomaly
  • 0.001 virtualcheck_js
  • 0.001 stealth_network
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 dyre_behavior
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 ursnif_behavior
  • 0.001 vawtrak_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 antianalysis_detectfile
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 modify_uac_prompt
  • 0.001 network_cnc_http
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_hide_notifications

Reporting ( 1.103 seconds )

  • 0.712 ReportHTMLSummary
  • 0.391 Malheur
Task ID 174157
Mongo ID 5b6af04b2e063307b4e4058a
Cuckoo release 1.4-Maldun