分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2018-08-08 21:25:15 | 2018-08-08 21:27:57 | 162 秒 |
文件名 | 梦神-枪林弹雨2.2.exe |
---|---|
文件大小 | 2347008 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 520e352861194c1e0a12f00f0c93a143 |
SHA1 | 6ed776cf8072275bf181cf4f6e8c06c980b691f6 |
SHA256 | 64db7a78a92d75a5f73798671d1a4bbbc8e8a6364b80ffe0e992b74ebf42e61e |
SHA512 | a23a696fd710c32e5068137b7096ca6c06f5057b0a83c5f62efa686cc8669dd3a48b87be796a48d7ca2651149cc2f1aaad3b20ec27e8e15d7d0777716bd276f3 |
CRC32 | 09671A3D |
Ssdeep | 49152:qGE8BTK4sCvuLp9Evgyxq+s8KuqGaX0ToIBAUZLYJ:jFThsCGLPnyx5JBAUZLe |
Yara | 登录查看Yara规则 |
样本下载 提交漏报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 119.23.59.239 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
www.2018k.cn | A 119.23.59.239 | |
2018k.cn |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x004c82ea |
声明校验值 | 0x00000000 |
实际校验值 | 0x00242c43 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2018-08-07 11:48:34 |
载入哈希 | a0b98e23de824b3e0490ff3ae868da92 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000ebac3 | 0x000ec000 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.58 |
.rdata | 0x000ed000 | 0x001270c8 | 0x00128000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.19 |
.data | 0x00215000 | 0x0006d62a | 0x00020000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.00 |
.rsrc | 0x00283000 | 0x000073a4 | 0x00008000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.24 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 119.23.59.239 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 119.23.59.239 www.2018k.cn | 80 |
192.168.122.201 | 49161 | 119.23.59.239 www.2018k.cn | 80 |
192.168.122.201 | 49162 | 119.23.59.239 www.2018k.cn | 80 |
192.168.122.201 | 49165 | 119.23.59.239 www.2018k.cn | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 57651 | 192.168.122.1 | 53 |
192.168.122.201 | 65281 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
www.2018k.cn | A 119.23.59.239 | |
2018k.cn |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49160 | 119.23.59.239 www.2018k.cn | 80 |
192.168.122.201 | 49161 | 119.23.59.239 www.2018k.cn | 80 |
192.168.122.201 | 49162 | 119.23.59.239 www.2018k.cn | 80 |
192.168.122.201 | 49165 | 119.23.59.239 www.2018k.cn | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 57651 | 192.168.122.1 | 53 |
192.168.122.201 | 65281 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://www.2018k.cn/api/checkVersion?id=3d1e3d9ffaf34608a9c1060b2f2b5c4b&version=1.0 | GET /api/checkVersion?id=3d1e3d9ffaf34608a9c1060b2f2b5c4b&version=1.0 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: www.2018k.cn Cache-Control: no-cache |
URL专业沙箱检测 -> http://www.2018k.cn/api/checkVersion?id=c83e647b91024a82851ff9620239b288&version=2.2 | GET /api/checkVersion?id=c83e647b91024a82851ff9620239b288&version=2.2 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: www.2018k.cn Cache-Control: no-cache |
URL专业沙箱检测 -> http://2018k.cn/assets/orther/updateLogo.png | GET /assets/orther/updateLogo.png HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: */* Host: 2018k.cn Cache-Control: no-cache |
URL专业沙箱检测 -> http://www.2018k.cn/api/checkVersion?id=c83e647b91024a82851ff9620239b288&html=true | GET /api/checkVersion?id=c83e647b91024a82851ff9620239b288&html=true HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.2018k.cn Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-08-08 21:27:36.840731+0800 | 192.168.122.201 | 49165 | 119.23.59.239 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
2018-08-08 21:25:52.925122+0800 | 192.168.122.201 | 49160 | 119.23.59.239 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
No TLS
No Suricata HTTP
文件名 | navcancl[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\navcancl[1]
|
文件大小 | 2716 字节 |
文件类型 | HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 62d05660b732343d28afa32d84871132 |
SHA1 | af1308bd1901940cec73da4ff919d9f4e9301644 |
SHA256 | f7a799f8356f190f7e776353ed9625e62a99b0bf46445d99a924f36289be1529 |
CRC32 | 9D1842C4 |
Ssdeep | 48:upU0dVeLVGBXvrVa4n/1a5TImNe/G7pKX:urp8Ea/aCpi |
下载 提交魔盾安全分析 |
文件名 | bullet[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\bullet[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\bullet[1]
|
文件大小 | 3169 字节 |
文件类型 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced |
MD5 | 0c4c086dd852704e8eeb8ff83e3b73d1 |
SHA1 | 56bac3d2c88a83628134b36322e37deb6b00b1a1 |
SHA256 | 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16 |
CRC32 | 51CC83D9 |
Ssdeep | 48:VocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD2X+r0svw:VZ/I09Da01l+gmkyTt6Hk8nT2X+r0kw |
下载 提交魔盾安全分析 |
文件名 | down[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\down[1]
|
文件大小 | 3414 字节 |
文件类型 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced |
MD5 | 555e83ce7f5d280d7454af334571fb25 |
SHA1 | 47f78f68d72e3d9041acc9107a6b0d665f408385 |
SHA256 | 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880 |
CRC32 | 9EA3279D |
Ssdeep | 96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe |
下载 提交魔盾安全分析 |
文件名 | background_gradient[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\background_gradient[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\background_gradient[1]
|
文件大小 | 453 字节 |
文件类型 | JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3 |
MD5 | 20f0110ed5e4e0d5384a496e4880139b |
SHA1 | 51f5fc61d8bf19100df0f8aadaa57fcd9c086255 |
SHA256 | 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b |
CRC32 | C2D0CE77 |
Ssdeep | 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi |
下载 提交魔盾安全分析 |
文件名 | dnserrordiagoff_webOC[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\dnserrordiagoff_webOC[1]
|
文件大小 | 6652 字节 |
文件类型 | HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 7a7e59cb3e94bbb7bc2c605b22497039 |
SHA1 | 468fc1fc17c76f066d2404776cd5f3609550bf50 |
SHA256 | 530c4c65c94c60d5253eeb1db979334b753502c19b3e09242179a60084280443 |
CRC32 | 10A6E7FF |
Ssdeep | 48:uqUPr/ZV4V/NXvL7VQnD5YLc1a5TImPm3WgMucB32U+v32FEUKRuc1kpTcVKhAY+:u4tds1YLjNKDhc1x+vSHpAV2ptlO |
下载 提交魔盾安全分析 |
文件名 | httpErrorPagesScripts[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\httpErrorPagesScripts[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\httpErrorPagesScripts[1]
|
文件大小 | 8601 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators |
MD5 | e7ca76a3c9ee0564471671d500e3f0f3 |
SHA1 | fe815ae0f865ec4c26e421bf0bd21bb09bc6f410 |
SHA256 | 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c |
CRC32 | A7C34EF3 |
Ssdeep | 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:05:24 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | errorPageStrings[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\errorPageStrings[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\errorPageStrings[1]
|
文件大小 | 1643 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 13216fa0f896b1b7c445fe9a54b5b998 |
SHA1 | d343d35b45507640bc68487d4ad3afcb927ce950 |
SHA256 | 7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61 |
CRC32 | 3A14753A |
Ssdeep | 48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:57 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | info_48[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\info_48[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\info_48[1]
|
文件大小 | 6993 字节 |
文件类型 | PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced |
MD5 | 49e0ef03e74704089a60c437085db89e |
SHA1 | c2e7ab3ce114465ea7060f2ef738afcb3341a384 |
SHA256 | caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff |
CRC32 | 4C99540A |
Ssdeep | 192:NS0tKg9E05THXQJBCnFux5TsRfb+Y0ObhD9Uc7:LXE05UBCFAORfK9S7b7 |
下载 提交魔盾安全分析 |
文件名 | ErrorPageTemplate[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[1]
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[2]
|
文件大小 | 2226 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 9e7f4ae3f245c70af5b7dbe095647d30 |
SHA1 | cbcffb08f72c10e3e2493ca0044872a7ebdc7215 |
SHA256 | 2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df |
CRC32 | 08BB8CA5 |
Ssdeep | 48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:12 查看分析报告 |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 174157 |
---|---|
Mongo ID | 5b6af04b2e063307b4e4058a |
Cuckoo release | 1.4-Maldun |