分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64 | 2016-09-14 14:21:17 | 2016-09-14 14:23:33 | 136 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | KMS8 V3.1.exe |
|---|---|
| 文件大小 | 1025536 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | 7cf4fb3265b4faaaa1774f5493d69fbc |
| SHA1 | 64138b1797a05f93bda9258427cb8ef5bb1ecff9 |
| SHA256 | dc457322d941de70c95826df3536581aeb983d932fc5be2f976329a3d4bb9a61 |
| SHA512 | ac06445ad4e98ca3069b3eba90de04c74666294cdf5304d294f7930748d9cabf570f5918bc3dbfcaab81156675cf315c61c1743037d145709cdb55a796639e58 |
| CRC32 | FF91370F |
| Ssdeep | 24576:w9EhuGKLvEe2cjS8ZmeN7Wp9BSr9IBShKVzh3G2FEnWX:w9EhuG+ETcjTmo7seRYGw3G2L |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0074a001 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x000fc197 |
| 最低操作系统版本要求 | 5.0 |
| 编译时间 | 2014-07-06 19:16:46 |
| 图标 |  |
| 图标精确哈希值 | a1ae3b3cfb10378e86f791bca85721eb |
| 图标相似性哈希值 | c410277f1c47f0c709ad38fd4109d7a6 |
| 导出DLL库名称 | KMS8.exe |
版本信息
| FileVersion | |
|---|---|
| ProductVersion | |
| Translation |
PEiD 规则
| [u'ASProtect V2.X DLL -> Alexey Solodovnikov'] |
| [u'ASPack v2.12 -> Alexey Solodovnikov'] |
| [u'ASPack v2.12 -> Alexey Solodovnikov'] |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00211000 | 0x0008c600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 8.00 |
| .itext | 0x00212000 | 0x00002000 | 0x00000c00 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.55 |
| .data | 0x00214000 | 0x00014000 | 0x00003e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.92 |
| .bss | 0x00228000 | 0x000057bc | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .idata | 0x0022e000 | 0x00004000 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.82 |
| .didata | 0x00232000 | 0x00001000 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.19 |
| .edata | 0x00233000 | 0x00001000 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.04 |
| .tls | 0x00234000 | 0x00000040 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rdata | 0x00235000 | 0x00001000 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.21 |
| .reloc | 0x00236000 | 0x0002e000 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
| .rsrc | 0x00264000 | 0x000e6000 | 0x00056200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.99 |
| .ap | 0x0034a000 | 0x00012000 | 0x00011600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 6.71 |
| .adata | 0x0035c000 | 0x00001000 | 0x00000000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| COR | 0x00267a2c | 0x00003600 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.99 | data |
| COR | 0x00267a2c | 0x00003600 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.99 | data |
| DAT | 0x002dbbac | 0x00002c7c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| DAT | 0x002dbbac | 0x00002c7c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| DAT | 0x002dbbac | 0x00002c7c | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| PRO | 0x00331c28 | 0x00001000 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| XM | 0x00332c28 | 0x00000aab | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 0.00 | empty |
| RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_CURSOR | 0x00333e0c | 0x00000134 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x0034b894 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.17 | GLS_BINARY_LSB_FIRST |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_STRING | 0x00347da0 | 0x000002b4 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_RCDATA | 0x00348710 | 0x00000956 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_RCDATA | 0x00348710 | 0x00000956 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_RCDATA | 0x00348710 | 0x00000956 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_RCDATA | 0x00348710 | 0x00000956 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0.00 | empty |
| RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_GROUP_CURSOR | 0x003490e0 | 0x00000014 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0.00 | empty |
| RT_GROUP_ICON | 0x0034b800 | 0x00000092 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.90 | MS Windows icon resource - 10 icons, 48x48, 16-colors |
| RT_VERSION | 0x0034b6c0 | 0x00000140 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.00 | MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79 |
| RT_MANIFEST | 0x0034b3c4 | 0x000002fb | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.16 | XML document text |
导入
库: oleaut32.dll:
• 0x74b230 SysFreeString
库: advapi32.dll:
• 0x74b238 RegQueryValueExW
库: user32.dll:
• 0x74b240 MessageBoxA
库: user32.dll:
• 0x74b248 SetClassLongW
库: gdi32.dll:
• 0x74b250 UnrealizeObject
库: version.dll:
• 0x74b258 VerQueryValueW
库: advapi32.dll:
• 0x74b260 RegUnLoadKeyW
库: oleaut32.dll:
• 0x74b268 SafeArrayPtrOfIndex
库: oleaut32.dll:
• 0x74b270 GetErrorInfo
库: ole32.dll:
• 0x74b278 OleUninitialize
库: comctl32.dll:
• 0x74b280 InitializeFlatSB
库: user32.dll:
• 0x74b288 EnumDisplayMonitors
库: msvcrt.dll:
• 0x74b290 isxdigit
库: shell32.dll:
• 0x74b298 ShellExecuteW
库: winspool.drv:
• 0x74b2a0 OpenPrinterW
库: winspool.drv:
• 0x74b2a8 GetDefaultPrinterW
导出
| 序列 | 地址 | 名称 |
|---|---|---|
| 1 | 0x4613cc | TMethodImplementationIntercept |
.text
.itext
.data
.idata
.didata
.edata
.rdata
.reloc
.rsrc
.adata
`U`n"
G%GNgG
Y`,gl
T=8I4Q
98u*@
%;[Z\Z
#?o%q6
0YAdR
<(5@P
VVI($@Y
XWV#B
(v-I.
Dx&Lm.
KMS8.exe
TMethodImplementationIntercept
`z-HQ
T0$ bb
Xvr:^
1g)wb,?
]$t*nd
ESl#m
,dORj
|QS*6
fyqsw
GP.%O,
(wfTB
VirtualAlloc
VirtualFree
VirtualProtect
kernel32.dll
ExitProcess
user32.dll
MessageBoxA
wsprintfA
LOADER ERROR
The procedure entry point %s could not be located in the dynamic link library %s
The ordinal %u could not be located in the dynamic link library %s
kernel32.dll
GetProcAddress
GetModuleHandleA
LoadLibraryA
oleaut32.dll
advapi32.dll
user32.dll
user32.dll
gdi32.dll
version.dll
advapi32.dll
oleaut32.dll
oleaut32.dll
ole32.dll
comctl32.dll
user32.dll
msvcrt.dll
shell32.dll
winspool.drv
winspool.drv
SysFreeString
RegQueryValueExW
MessageBoxA
SetClassLongW
UnrealizeObject
VerQueryValueW
RegUnLoadKeyW
SafeArrayPtrOfIndex
GetErrorInfo
OleUninitialize
InitializeFlatSB
EnumDisplayMonitors
isxdigit
ShellExecuteW
OpenPrinterW
GetDefaultPrinterW
!P@D(
tOlwp
,1K=H'
LEC|pfcLGGc
MAINICON
VS_VERSION_INFO
StringFileInfo
040904E4
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
VarFileInfo
Translation
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | W32.Clod413.Trojan.ba40 | 20160913 |
| MicroWorld-eScan | Application.Tool.SIV | 20160914 |
| nProtect | 未发现病毒 | 20160914 |
| CMC | 未发现病毒 | 20160912 |
| CAT-QuickHeal | (Suspicious) - DNAScan | 20160913 |
| McAfee | Generic.dx!7CF4FB3265B4 | 20160914 |
| Malwarebytes | HackTool.KMS | 20160914 |
| Zillya | Trojan.Agent.Win32.584192 | 20160912 |
| TheHacker | 未发现病毒 | 20160911 |
| BitDefender | Application.Tool.SIV | 20160914 |
| K7GW | Unwanted-Program ( 004bf4e51 ) | 20160914 |
| K7AntiVirus | Unwanted-Program ( 004bf4e51 ) | 20160913 |
| TrendMicro | TROJ_SPNR.29H714 | 20160914 |
| Baidu | 未发现病毒 | 20160913 |
| F-Prot | 未发现病毒 | 20160914 |
| Symantec | Trojan.Gen.2 | 20160914 |
| TotalDefense | 未发现病毒 | 20160907 |
| TrendMicro-HouseCall | TROJ_SPNR.29H714 | 20160914 |
| Avast | 未发现病毒 | 20160914 |
| ClamAV | Win.Tool.Spnr-5 | 20160913 |
| Kaspersky | not-a-virus:RiskTool.Win32.ProcPatcher.aat | 20160914 |
| Alibaba | 未发现病毒 | 20160913 |
| NANO-Antivirus | Riskware.Win64.HackKMS.eaczdd | 20160913 |
| ViRobot | Trojan.Win32.S.Agent.1025536.A[h] | 20160913 |
| SUPERAntiSpyware | Trojan.Agent/Generic | 20160914 |
| Rising | Malware.Heuristic!ET (rdm+) | 20160914 |
| Ad-Aware | Application.Tool.SIV | 20160914 |
| Sophos | KMS Activator (PUA) | 20160914 |
| Comodo | UnclassifiedMalware | 20160912 |
| F-Secure | Application.Tool.SIV | 20160914 |
| DrWeb | 未发现病毒 | 20160914 |
| VIPRE | Trojan.Win32.Generic!BT | 20160914 |
| Invincea | generic.a | 20160912 |
| McAfee-GW-Edition | BehavesLike.Win32.Fujacks.fc | 20160913 |
| Emsisoft | 未发现病毒 | 20160914 |
| Cyren | W32/Trojan.SHMM-9220 | 20160914 |
| Jiangmin | RiskTool.ProcPatcher.q | 20160914 |
| Avira | 未发现病毒 | 20160914 |
| Antiy-AVL | Trojan/Win32.TSGeneric | 20160914 |
| Kingsoft | 未发现病毒 | 20160914 |
| Microsoft | 未发现病毒 | 20160914 |
| Arcabit | Application.Tool.SIV | 20160914 |
| AegisLab | Patched3.C.Gen|2|103!c | 20160914 |
| GData | Application.Tool.SIV | 20160914 |
| AhnLab-V3 | Trojan/Win32.Agent.R114193 | 20160913 |
| ALYac | 未发现病毒 | 20160914 |
| AVware | Trojan.Win32.Generic!BT | 20160914 |
| VBA32 | 未发现病毒 | 20160913 |
| Zoner | 未发现病毒 | 20160914 |
| ESET-NOD32 | a variant of Win32/HackKMS.P potentially unsafe | 20160914 |
| Tencent | 未发现病毒 | 20160914 |
| Yandex | 未发现病毒 | 20160913 |
| Ikarus | Trojan.Hijacker | 20160913 |
| Fortinet | 未发现病毒 | 20160914 |
| AVG | Patched4_c.KSH | 20160914 |
| Panda | 未发现病毒 | 20160913 |
| CrowdStrike | malicious_confidence_70% (W) | 20160725 |
| Qihoo-360 | Win32/Trojan.d54 | 20160914 |
访问主机纪录 (可点击查询WPING实时安全评级)
无主机纪录.
TCP
无TCP连接纪录.
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.69 | 52766 | 192.168.122.1 | 53 |
| 192.168.122.69 | 58396 | 192.168.122.1 | 53 |
| 192.168.122.69 | 63333 | 192.168.122.1 | 53 |
| 192.168.122.69 | 64810 | 192.168.122.1 | 53 |
| 192.168.122.69 | 65401 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.69 | 52766 | 192.168.122.1 | 53 |
| 192.168.122.69 | 58396 | 192.168.122.1 | 53 |
| 192.168.122.69 | 63333 | 192.168.122.1 | 53 |
| 192.168.122.69 | 64810 | 192.168.122.1 | 53 |
| 192.168.122.69 | 65401 | 192.168.122.1 | 53 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 7.491 seconds )
- 2.404 NetworkAnalysis
- 2.36 VirusTotal
- 1.388 Static
- 0.491 BehaviorAnalysis
- 0.425 peid
- 0.26 TargetInfo
- 0.109 Strings
- 0.025 AnalysisInfo
- 0.014 config_decoder
- 0.008 Debug
- 0.003 Dropped
- 0.002 Memory
- 0.002 ProcessMemory
Signatures ( 0.121 seconds )
- 0.023 antiav_detectreg
- 0.015 stealth_timeout
- 0.012 antiemu_wine_func
- 0.008 infostealer_ftp
- 0.007 antiav_detectfile
- 0.006 persistence_autorun
- 0.005 antianalysis_detectreg
- 0.005 banker_zeus_mutex
- 0.005 infostealer_im
- 0.005 infostealer_mail
- 0.004 infostealer_bitcoin
- 0.003 tinba_behavior
- 0.003 antivm_vbox_files
- 0.003 geodo_banking_trojan
- 0.002 betabot_behavior
- 0.002 disables_browser_warn
- 0.002 ransomware_files
- 0.001 antivm_vbox_libs
- 0.001 kibex_behavior
- 0.001 antivm_generic_scsi
- 0.001 shifu_behavior
- 0.001 antidbg_windows
- 0.001 antianalysis_detectfile
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 modify_proxy
- 0.001 browser_security
- 0.001 modify_uac_prompt
Reporting ( 1.819 seconds )
- 1.077 ReportPDF
- 0.729 ReportHTMLSummary
- 0.013 Malheur
| Task ID | 17813 |
|---|---|
| Mongo ID | 57d8ecef4d3bd045a8f49d93 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号