分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-01-15 23:44:27 | 2019-01-15 23:47:04 | 157 秒 |
魔盾分数
10.0
危险的
文件详细信息
| 文件名 | XHJ-V15.exe |
|---|---|
| 文件大小 | 10161802 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5 | c9855033ae829415b3c58e040af2c413 |
| SHA1 | b5387a24b960aeb22bc05668a59b7c01d1988053 |
| SHA256 | 84d530b12c194bc6ef84aa9015ef66a9063aeb50d0a9deeec053714749a33d40 |
| SHA512 | 1a96e96f7acdeff51b5404c9697ebf9f264ee2d1f89e35d918fe5a26d800453a228cac2bde9ba416be51dc4a0250e0fe3f96bdc1e8ea677994354c77b3789342 |
| CRC32 | 28E4CEF2 |
| Ssdeep | 196608:abXn+eU41LBjVnnlv1YFa4IhenFhAwd+XWiDGPxmWBJcbGw9PajelZX:abX+21tJnlv4a4B/4XWCGPUWTcNajAZX |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 120.41.45.215 | 中国 | |
| 否 | 47.74.245.159 | 未知 | 加拿大 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| localhost.ptlogin2.qq.com | A 127.0.0.1 | |
| 2018.ip138.com | A 120.41.45.215 | |
| www.mssmz.pw | 未知 |
CNAME sing.cname.ltd A 47.74.245.159 CNAME singer.vip.cname.ltd |
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x00401b90 |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x009b3590 |
| 最低操作系统版本要求 | 4.0 |
| 编译时间 | 2013-06-09 12:25:37 |
| 载入哈希 | 82bda8502023c6a780a99a89a90a3713 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x000071d0 | 0x00007200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.51 |
| .rdata | 0x00009000 | 0x0000111c | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.52 |
| .data | 0x0000b000 | 0x0000e6e5 | 0x00002200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 3.22 |
| .rsrc | 0x0001a000 | 0x00002964 | 0x00002a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.97 |
覆盖
| 偏移量 | 0x0001c964 |
| 大小 | 0x00994526 |
导入
库: KERNEL32.dll:
• 0x409000 HeapAlloc
• 0x409004 HeapReAlloc
• 0x409008 HeapFree
• 0x40900c IsBadReadPtr
• 0x409010 GetModuleFileNameA
• 0x409014 CreateFileA
• 0x409018 GetFileSize
• 0x40901c SetFilePointer
• 0x409020 ReadFile
• 0x409024 GetTickCount
• 0x409028 GetTempPathA
• 0x40902c CloseHandle
• 0x409030 ExitProcess
• 0x409034 SetFileAttributesA
• 0x409038 DeleteFileA
• 0x40903c WaitForSingleObject
• 0x409040 CreateProcessA
• 0x409044 GetStartupInfoA
• 0x409048 GetCommandLineA
• 0x40904c DeleteCriticalSection
• 0x409050 GetModuleHandleA
• 0x409054 CreateThread
• 0x409058 WriteFile
• 0x40905c GetProcessHeap
库: USER32.dll:
• 0x40908c PeekMessageA
• 0x409090 TranslateMessage
• 0x409094 DispatchMessageA
• 0x409098 wsprintfA
• 0x40909c MessageBoxA
• 0x4090a0 GetMessageA
库: MSVCRT.dll:
• 0x409064 strrchr
• 0x409068 _ftol
• 0x40906c malloc
• 0x409070 free
• 0x409074 calloc
• 0x409078 ??2@YAPAXI@Z
• 0x40907c ??3@YAXPAX@Z
库: SHLWAPI.dll:
• 0x409084 PathFileExistsA
.text
`.rdata
@.data
.rsrc
F `E@
L$ RUPj
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
CreateFileA
GetFileSize
SetFilePointer
ReadFile
GetTickCount
GetTempPathA
CloseHandle
WriteFile
SetFileAttributesA
DeleteFileA
WaitForSingleObject
CreateProcessA
GetStartupInfoA
GetCommandLineA
KERNEL32.dll
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
USER32.dll
??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr
_ftol
malloc
calloc
MSVCRT.dll
PathFileExistsA
SHLWAPI.dll
GDI32.dll
CreateThread
DeleteCriticalSection
error
program internal error number is %d. (0x%Xh)
%s%x.tmp
blackmoon
ERROR
1.1.3
1.1.3
1.1.3
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
need dictionary
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
invalid literal/length code
invalid distance code
O(uckHr
O(uckHr
!&d*4
DEFAULT_ICON
VS_VERSION_INFO
StringFileInfo
080404B0
CompanyName
3.8.3.0
FileDescription
FileVersion
3.8.3.0
InternalName
LegalCopyright
OriginalFilename
ProductName
XHJ-3.8.3
ProductVersion
3.8.3.0
VarFileInfo
Translation
进程树
-
XHJ-V15.exe id: 2440
-
5ce11b.tmp id: 2516
- steamwebhelperr.exe id: 1640
-
5ce0dc.tmp id: 2544
- XHJ-Client.exe id: 2948
-
5ce11b.tmp id: 2516
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 120.41.45.215 | 中国 | |
| 否 | 47.74.245.159 | 未知 | 加拿大 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49164 | 120.41.45.215 2018.ip138.com | 80 |
| 192.168.122.201 | 49165 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49166 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49167 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49172 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49173 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49174 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49175 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49176 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49177 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49178 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49179 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49180 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49181 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49182 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49183 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49184 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49185 | 47.74.245.159 www.mssmz.pw | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 53932 | 192.168.122.1 | 53 |
| 192.168.122.201 | 58181 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61698 | 192.168.122.1 | 53 |
| 192.168.122.201 | 62233 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| localhost.ptlogin2.qq.com | A 127.0.0.1 | |
| 2018.ip138.com | A 120.41.45.215 | |
| www.mssmz.pw | 未知 |
CNAME sing.cname.ltd A 47.74.245.159 CNAME singer.vip.cname.ltd |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49164 | 120.41.45.215 2018.ip138.com | 80 |
| 192.168.122.201 | 49165 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49166 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49167 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49172 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49173 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49174 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49175 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49176 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49177 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49178 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49179 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49180 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49181 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49182 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49183 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49184 | 47.74.245.159 www.mssmz.pw | 80 |
| 192.168.122.201 | 49185 | 47.74.245.159 www.mssmz.pw | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 53932 | 192.168.122.1 | 53 |
| 192.168.122.201 | 58181 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61698 | 192.168.122.1 | 53 |
| 192.168.122.201 | 62233 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://2018.ip138.com/ic.asp | GET /ic.asp HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 2018.ip138.com |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/connect/api.php | GET /app/XHJ_Free/control/connect/api.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: */* Accept-Language: zh-cn Referer: http://www.mssmz.pw/app/XHJ_Free/control/connect/api.php User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: www.mssmz.pw |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/connect/api.php?token=30951342149285402642 | GET /app/XHJ_Free/control/connect/api.php?token=30951342149285402642 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: */* Accept-Language: zh-cn Referer: http://www.mssmz.pw/app/XHJ_Free/control/connect/api.php?token=30951342149285402642 User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: www.mssmz.pw |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/program/XHJ-Client.rar | GET /app/XHJ_Free/program/XHJ-Client.rar HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0(compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322) Range: bytes=0- Host: www.mssmz.pw Cache-Control: no-cache |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/pak/pak_free.rar | GET /app/XHJ_Free/pak/pak_free.rar HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0(compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322) Range: bytes=0- Host: www.mssmz.pw Cache-Control: no-cache |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php | GET /app/XHJ_Free/control/ui/index.php HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/layui/css/layui.css | GET /app/XHJ_Free/control/ui/layui/css/layui.css HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: text/css,*/*;q=0.1 Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/css/form.css | GET /app/XHJ_Free/control/ui/css/form.css HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: text/css,*/*;q=0.1 Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/css/shuibo.css | GET /app/XHJ_Free/control/ui/css/shuibo.css HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: text/css,*/*;q=0.1 Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/layui/layui.js | GET /app/XHJ_Free/control/ui/layui/layui.js HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: */* Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/js/form.js | GET /app/XHJ_Free/control/ui/js/form.js HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: */* Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/js/pak.js | GET /app/XHJ_Free/control/ui/js/pak.js HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: */* Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/js/shuibo.js | GET /app/XHJ_Free/control/ui/js/shuibo.js HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: */* Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/images/pubg.png | GET /app/XHJ_Free/control/ui/images/pubg.png HTTP/1.1 Host: www.mssmz.pw Accept: */* Accept-Encoding: deflate, gzip, null Accept-Language: zh-cn Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/css/form.css User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/images/zxh.png | GET /app/XHJ_Free/control/ui/images/zxh.png HTTP/1.1 Host: www.mssmz.pw Accept: */* Accept-Encoding: deflate, gzip, null Accept-Language: zh-cn Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/css/form.css User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/images/guanbi.png | GET /app/XHJ_Free/control/ui/images/guanbi.png HTTP/1.1 Host: www.mssmz.pw Accept: */* Accept-Encoding: deflate, gzip, null Accept-Language: zh-cn Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/css/form.css User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/layui/lay/modules/layer.js | GET /app/XHJ_Free/control/ui/layui/lay/modules/layer.js HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: */* Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/layui/css/modules/layer/default/layer.css?v=3.1.1 | GET /app/XHJ_Free/control/ui/layui/css/modules/layer/default/layer.css?v=3.1.1 HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: text/css,*/*;q=0.1 Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
| URL专业沙箱检测 -> http://www.mssmz.pw/app/XHJ_Free/control/ui/layui/lay/modules/jquery.js | GET /app/XHJ_Free/control/ui/layui/lay/modules/jquery.js HTTP/1.1 Host: www.mssmz.pw Accept-Encoding: deflate, gzip, null Accept: */* Referer: http://www.mssmz.pw/app/XHJ_Free/control/ui/index.php Accept-Language: zh-cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.2171.99 Safari/537.36 |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2019-01-15 23:45:09.129676+0800 | 192.168.122.201 | 49166 | 47.74.245.159 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
| 2019-01-15 23:45:10.882172+0800 | 192.168.122.201 | 49167 | 47.74.245.159 | 80 | TCP | 2016879 | ET POLICY Unsupported/Fake Windows NT Version 5.0 | Potential Corporate Privacy Violation |
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | XHJ-Client.rar |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\XHJ-Client.rar
|
| 文件大小 | 1058822 字节 |
| 文件类型 | RAR archive data, v1d, os: Win32 |
| MD5 | d92bb9c4ac2a73d9886312ebd2a613c5 |
| SHA1 | 2745a357cb49ef89cfbb0961737fab121e6dbe29 |
| SHA256 | 9e33eae5f5bcfa0fdfcb44401bf957931ab7e7b7b685a008312f7c3f109e6cec |
| CRC32 | ECDD2D07 |
| Ssdeep | 12288:T/LkOqEdHngEXYlMhZQnY/5PmWQKM37DnYRbSZVtVMna8xZP46XOcqqlOTcZbhLX:zLqEdjox5DY1WVDsHa6r8Tyb4goA |
| 下载 提交魔盾安全分析 |
| 文件名 | temporaryfile |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\6087703\TemporaryFile\temporaryfile
|
| 文件大小 | 1379328 字节 |
| 文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5 | 28405b17acd506845c6ec1683c1db681 |
| SHA1 | 679dd49b72d59feb454d5ce7b3c6e9fb4f59824a |
| SHA256 | 5d3a3799f1488a919a1104a9bae6d743ad51f348e1eb49a8bdd3554ac7a3bc38 |
| CRC32 | C4507CB6 |
| Ssdeep | 24576:bFSgCo4HndybLZIOGRA1R0y9u+CW4t800PYONDGh7Ca+fCud:bFyo4H0bSBAP59u+s0tDCf+fDd |
| 下载 提交魔盾安全分析 |
| 文件名 | node.RAR |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Temp\node.RAR
|
| 文件大小 | 5511713 字节 |
| 文件类型 | RAR archive data, v87, flags: Archive volume, Locked, Solid, |
| MD5 | 21b0ecdd0d4d06f90698bfcf7f1d8ad4 |
| SHA1 | d8246ced08b187ee655522445928e15077a13362 |
| SHA256 | cc303edefa6a7da2a2b58f3313febc067434e2aef019636eab794b942ad5c480 |
| CRC32 | 16558E50 |
| Ssdeep | 98304:sfuk0THsg+qhVYBqjVYqJjiKugyyVXkFlMqoV5GDaJRlhHH82N1TahYJ1f41cutk:sfljKhKq5HxZVUEpV5GD0NHv12hiEt3U |
| 下载 提交魔盾安全分析 |
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 80.176 seconds )
- 23.721 Static
- 21.663 NetworkAnalysis
- 15.519 Suricata
- 11.217 TargetInfo
- 4.727 BehaviorAnalysis
- 2.277 VirusTotal
- 0.441 Dropped
- 0.435 peid
- 0.129 AnalysisInfo
- 0.029 config_decoder
- 0.015 Strings
- 0.003 Memory
Signatures ( 4.665 seconds )
- 2.569 md_url_bl
- 0.37 md_bad_drop
- 0.293 api_spamming
- 0.238 stealth_timeout
- 0.213 stealth_decoy_document
- 0.131 process_interest
- 0.124 injection_createremotethread
- 0.086 injection_runpe
- 0.081 vawtrak_behavior
- 0.055 process_needed
- 0.039 antiav_detectreg
- 0.033 stealth_file
- 0.031 md_domain_bl
- 0.022 kovter_behavior
- 0.02 antiemu_wine_func
- 0.02 antivm_vbox_libs
- 0.019 infostealer_browser_password
- 0.018 mimics_filetime
- 0.018 infostealer_ftp
- 0.014 antiav_detectfile
- 0.012 bootkit
- 0.012 reads_self
- 0.012 virus
- 0.011 infostealer_im
- 0.01 exec_crash
- 0.01 antivm_generic_disk
- 0.01 infostealer_bitcoin
- 0.008 anomaly_persistence_autorun
- 0.007 antiav_avast_libs
- 0.007 antisandbox_sunbelt_libs
- 0.007 geodo_banking_trojan
- 0.007 ransomware_files
- 0.006 hancitor_behavior
- 0.006 antivm_vbox_files
- 0.006 infostealer_mail
- 0.006 network_http
- 0.006 ransomware_extensions
- 0.005 antivm_vmware_libs
- 0.005 antisandbox_sboxie_libs
- 0.005 antiav_bitdefender_libs
- 0.004 webmail_phish
- 0.004 antivm_vbox_window
- 0.004 sets_autoconfig_url
- 0.004 stealth_network
- 0.004 antisandbox_script_timer
- 0.004 securityxploded_modules
- 0.003 tinba_behavior
- 0.003 office_dl_write_exe
- 0.003 dridex_behavior
- 0.003 antivm_generic_services
- 0.003 ransomware_message
- 0.003 betabot_behavior
- 0.003 ipc_namedpipe
- 0.003 antivm_generic_scsi
- 0.003 disables_browser_warn
- 0.003 network_torgateway
- 0.002 rat_nanocore
- 0.002 disables_spdy
- 0.002 infostealer_browser
- 0.002 injection_explorer
- 0.002 browser_needed
- 0.002 network_execute_http
- 0.002 generic_phish
- 0.002 kibex_behavior
- 0.002 anormaly_invoke_kills
- 0.002 disables_wfp
- 0.002 cerber_behavior
- 0.002 secure_login_phish
- 0.002 antivm_parallels_keys
- 0.002 antivm_xen_keys
- 0.002 browser_security
- 0.002 modify_proxy
- 0.002 network_cnc_http
- 0.001 hawkeye_behavior
- 0.001 network_tor
- 0.001 wscript_downloader_http
- 0.001 office_write_exe
- 0.001 network_document_http
- 0.001 network_anomaly
- 0.001 ursnif_behavior
- 0.001 kazybot_behavior
- 0.001 dyre_behavior
- 0.001 shifu_behavior
- 0.001 antivm_generic_diskreg
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 codelux_behavior
- 0.001 darkcomet_regkeys
- 0.001 targeted_flame
- 0.001 maldun_blacklist
- 0.001 rat_pcclient
- 0.001 recon_fingerprint
- 0.001 stealth_modify_uac_prompt
Reporting ( 1.135 seconds )
- 0.924 ReportHTMLSummary
- 0.211 Malheur
| Task ID | 230972 |
|---|---|
| Mongo ID | 5c3e00f72f8f2e52b806ee14 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号