分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-05-22 14:28:25 | 2019-05-22 14:30:44 | 139 秒 |
文件名 | LEAGUESKIN_9.10.4.zip ==> LOLPRO 9.10.4.exe |
---|---|
文件大小 | 458240 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 950e9d80f05039faa47017b921e6aa7e |
SHA1 | b562454eb98e63310c12b2903f9d7f53e621aa58 |
SHA256 | 39fa953c266078174a755772175a9e5a8e95bdefe0aa5b076c59d04aade903fd |
SHA512 | 207dc88e912ad7c55c0848ec6adce76665091396353f2efb90a7382f4d150963174de8839672387b5436ae9ea6f2b3e1a151c4afa77d848751679f36ecd25e6f |
CRC32 | 5176DFFC |
Ssdeep | 6144:CnqiAFBpq2hfBvBWMYjHapr6g0RZiQeA3DLRba6XCqjO+dnkUpgwaO7xEPe:aDoqMYjHLDReA3Dda6XCOO+Npg81EPe |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 106.11.249.143 | 未知 | 中国 |
否 | 106.11.92.14 | 未知 | 中国 |
否 | 106.120.159.126 | 未知 | 中国 |
否 | 116.207.100.254 | 未知 | 中国 |
否 | 140.249.60.199 | 未知 | 中国 |
否 | 180.149.131.146 | 未知 | 中国 |
否 | 180.153.105.162 | 未知 | 中国 |
否 | 180.163.198.48 | 未知 | 中国 |
否 | 194.15.36.194 | 未知 | 未知 |
否 | 203.119.129.115 | 未知 | 中国 |
否 | 222.186.49.229 | 未知 | 中国 |
否 | 23.224.87.219 | 未知 | 美国 |
否 | 47.75.54.182 | 未知 | 加拿大 |
否 | 59.63.247.231 | 未知 | 中国 |
否 | 61.184.215.226 | 未知 | 中国 |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20190416 |
MicroWorld-eScan | 未发现病毒 | 20190417 |
CMC | 未发现病毒 | 20190321 |
CAT-QuickHeal | 未发现病毒 | 20190416 |
McAfee | 未发现病毒 | 20190417 |
Cylance | 未发现病毒 | 20190417 |
TheHacker | 未发现病毒 | 20190411 |
Alibaba | 未发现病毒 | 20190402 |
K7GW | 未发现病毒 | 20190417 |
K7AntiVirus | 未发现病毒 | 20190417 |
TrendMicro | 未发现病毒 | 20190417 |
Baidu | 未发现病毒 | 20190318 |
Babable | 未发现病毒 | 20180918 |
F-Prot | 未发现病毒 | 20190417 |
Symantec | 未发现病毒 | 20190416 |
ESET-NOD32 | 未发现病毒 | 20190417 |
TrendMicro-HouseCall | 未发现病毒 | 20190417 |
Paloalto | 未发现病毒 | 20190417 |
ClamAV | 未发现病毒 | 20190416 |
Kaspersky | 未发现病毒 | 20190417 |
BitDefender | 未发现病毒 | 20190417 |
NANO-Antivirus | 未发现病毒 | 20190417 |
ViRobot | 未发现病毒 | 20190417 |
SUPERAntiSpyware | 未发现病毒 | 20190410 |
Avast | 未发现病毒 | 20190417 |
Tencent | 未发现病毒 | 20190417 |
Endgame | 未发现病毒 | 20190403 |
Trustlook | 未发现病毒 | 20190417 |
Sophos | 未发现病毒 | 20190417 |
Comodo | 未发现病毒 | 20190417 |
F-Secure | 未发现病毒 | 20190416 |
DrWeb | 未发现病毒 | 20190417 |
Zillya | 未发现病毒 | 20190416 |
Invincea | 未发现病毒 | 20190313 |
McAfee-GW-Edition | 未发现病毒 | 20190416 |
Trapmine | 未发现病毒 | 20190325 |
FireEye | 未发现病毒 | 20190417 |
Emsisoft | 未发现病毒 | 20190417 |
Ikarus | 未发现病毒 | 20190416 |
Cyren | 未发现病毒 | 20190417 |
Jiangmin | 未发现病毒 | 20190417 |
Webroot | 未发现病毒 | 20190417 |
Avira | 未发现病毒 | 20190417 |
Antiy-AVL | 未发现病毒 | 20190417 |
Kingsoft | 未发现病毒 | 20190417 |
Microsoft | 未发现病毒 | 20190417 |
Arcabit | 未发现病毒 | 20190417 |
AegisLab | 未发现病毒 | 20190417 |
ZoneAlarm | 未发现病毒 | 20190417 |
Avast-Mobile | 未发现病毒 | 20190415 |
GData | 未发现病毒 | 20190417 |
TACHYON | 未发现病毒 | 20190417 |
AhnLab-V3 | 未发现病毒 | 20190417 |
Acronis | 未发现病毒 | 20190415 |
VBA32 | 未发现病毒 | 20190416 |
ALYac | 未发现病毒 | 20190417 |
MAX | 未发现病毒 | 20190417 |
Ad-Aware | 未发现病毒 | 20190417 |
Malwarebytes | 未发现病毒 | 20190417 |
Zoner | 未发现病毒 | 20190417 |
Rising | 未发现病毒 | 20190417 |
Yandex | 未发现病毒 | 20190416 |
SentinelOne | 未发现病毒 | 20190407 |
eGambit | 未发现病毒 | 20190417 |
Fortinet | 未发现病毒 | 20190417 |
AVG | 未发现病毒 | 20190417 |
Cybereason | 未发现病毒 | 20190417 |
Panda | 未发现病毒 | 20190416 |
CrowdStrike | 未发现病毒 | 20190212 |
Qihoo-360 | 未发现病毒 | 20190417 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 106.11.249.143 | 未知 | 中国 |
否 | 106.11.92.14 | 未知 | 中国 |
否 | 106.120.159.126 | 未知 | 中国 |
否 | 116.207.100.254 | 未知 | 中国 |
否 | 140.249.60.199 | 未知 | 中国 |
否 | 180.149.131.146 | 未知 | 中国 |
否 | 180.153.105.162 | 未知 | 中国 |
否 | 180.163.198.48 | 未知 | 中国 |
否 | 194.15.36.194 | 未知 | 未知 |
否 | 203.119.129.115 | 未知 | 中国 |
否 | 222.186.49.229 | 未知 | 中国 |
否 | 23.224.87.219 | 未知 | 美国 |
否 | 47.75.54.182 | 未知 | 加拿大 |
否 | 59.63.247.231 | 未知 | 中国 |
否 | 61.184.215.226 | 未知 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 65013 | 106.11.249.143 cnzz.mmstat.com | 80 |
192.168.122.201 | 65015 | 106.11.92.14 pcookie.cnzz.com | 80 |
192.168.122.201 | 64018 | 106.120.159.126 hm.baidu.com | 80 |
192.168.122.201 | 49174 | 116.207.100.254 img.alicdn.com | 443 |
192.168.122.201 | 65014 | 140.249.60.199 s95.cnzz.com | 80 |
192.168.122.201 | 64017 | 180.149.131.146 api.share.baidu.com | 80 |
192.168.122.201 | 49176 | 180.153.105.162 ossweb-img.qq.com | 80 |
192.168.122.201 | 49175 | 180.163.198.48 push.zhanzhang.baidu.com | 80 |
192.168.122.201 | 61926 | 192.168.122.1 | 53 |
192.168.122.201 | 64016 | 192.168.122.1 | 53 |
192.168.122.201 | 65012 | 192.168.122.1 | 53 |
192.168.122.201 | 49164 | 194.15.36.194 s.modskinpro.com | 80 |
192.168.122.201 | 64020 | 203.119.129.115 z4.cnzz.com | 80 |
192.168.122.201 | 61927 | 222.186.49.229 s95.cnzz.com | 80 |
192.168.122.201 | 65017 | 23.224.87.219 www.keke.la | 80 |
192.168.122.201 | 65018 | 23.224.87.219 www.keke.la | 443 |
192.168.122.201 | 49165 | 47.75.54.182 www.uucom.cc | 80 |
192.168.122.201 | 49166 | 47.75.54.182 www.uucom.cc | 80 |
192.168.122.201 | 64019 | 59.63.247.231 s95.cnzz.com | 80 |
192.168.122.201 | 49167 | 61.184.215.226 www.qqtn.com | 80 |
192.168.122.201 | 49168 | 61.184.215.226 www.qqtn.com | 80 |
192.168.122.201 | 49169 | 61.184.215.226 www.qqtn.com | 80 |
192.168.122.201 | 49170 | 61.184.215.226 www.qqtn.com | 443 |
192.168.122.201 | 49171 | 61.184.215.226 www.qqtn.com | 443 |
192.168.122.201 | 49172 | 61.184.215.226 www.qqtn.com | 443 |
192.168.122.201 | 49173 | 61.184.215.226 www.qqtn.com | 443 |
192.168.122.201 | 49177 | 61.184.215.226 www.qqtn.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52453 | 192.168.122.1 | 53 |
192.168.122.201 | 53698 | 192.168.122.1 | 53 |
192.168.122.201 | 53863 | 192.168.122.1 | 53 |
192.168.122.201 | 53932 | 192.168.122.1 | 53 |
192.168.122.201 | 55638 | 192.168.122.1 | 53 |
192.168.122.201 | 57570 | 192.168.122.1 | 53 |
192.168.122.201 | 58181 | 192.168.122.1 | 53 |
192.168.122.201 | 58463 | 192.168.122.1 | 53 |
192.168.122.201 | 60192 | 192.168.122.1 | 53 |
192.168.122.201 | 60285 | 192.168.122.1 | 53 |
192.168.122.201 | 60410 | 192.168.122.1 | 53 |
192.168.122.201 | 61372 | 192.168.122.1 | 53 |
192.168.122.201 | 61698 | 192.168.122.1 | 53 |
192.168.122.201 | 62233 | 192.168.122.1 | 53 |
192.168.122.201 | 65422 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 65013 | 106.11.249.143 cnzz.mmstat.com | 80 |
192.168.122.201 | 65015 | 106.11.92.14 pcookie.cnzz.com | 80 |
192.168.122.201 | 64018 | 106.120.159.126 hm.baidu.com | 80 |
192.168.122.201 | 49174 | 116.207.100.254 img.alicdn.com | 443 |
192.168.122.201 | 65014 | 140.249.60.199 s95.cnzz.com | 80 |
192.168.122.201 | 64017 | 180.149.131.146 api.share.baidu.com | 80 |
192.168.122.201 | 49176 | 180.153.105.162 ossweb-img.qq.com | 80 |
192.168.122.201 | 49175 | 180.163.198.48 push.zhanzhang.baidu.com | 80 |
192.168.122.201 | 61926 | 192.168.122.1 | 53 |
192.168.122.201 | 64016 | 192.168.122.1 | 53 |
192.168.122.201 | 65012 | 192.168.122.1 | 53 |
192.168.122.201 | 49164 | 194.15.36.194 s.modskinpro.com | 80 |
192.168.122.201 | 64020 | 203.119.129.115 z4.cnzz.com | 80 |
192.168.122.201 | 61927 | 222.186.49.229 s95.cnzz.com | 80 |
192.168.122.201 | 65017 | 23.224.87.219 www.keke.la | 80 |
192.168.122.201 | 65018 | 23.224.87.219 www.keke.la | 443 |
192.168.122.201 | 49165 | 47.75.54.182 www.uucom.cc | 80 |
192.168.122.201 | 49166 | 47.75.54.182 www.uucom.cc | 80 |
192.168.122.201 | 64019 | 59.63.247.231 s95.cnzz.com | 80 |
192.168.122.201 | 49167 | 61.184.215.226 www.qqtn.com | 80 |
192.168.122.201 | 49168 | 61.184.215.226 www.qqtn.com | 80 |
192.168.122.201 | 49169 | 61.184.215.226 www.qqtn.com | 80 |
192.168.122.201 | 49170 | 61.184.215.226 www.qqtn.com | 443 |
192.168.122.201 | 49171 | 61.184.215.226 www.qqtn.com | 443 |
192.168.122.201 | 49172 | 61.184.215.226 www.qqtn.com | 443 |
192.168.122.201 | 49173 | 61.184.215.226 www.qqtn.com | 443 |
192.168.122.201 | 49177 | 61.184.215.226 www.qqtn.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 52453 | 192.168.122.1 | 53 |
192.168.122.201 | 53698 | 192.168.122.1 | 53 |
192.168.122.201 | 53863 | 192.168.122.1 | 53 |
192.168.122.201 | 53932 | 192.168.122.1 | 53 |
192.168.122.201 | 55638 | 192.168.122.1 | 53 |
192.168.122.201 | 57570 | 192.168.122.1 | 53 |
192.168.122.201 | 58181 | 192.168.122.1 | 53 |
192.168.122.201 | 58463 | 192.168.122.1 | 53 |
192.168.122.201 | 60192 | 192.168.122.1 | 53 |
192.168.122.201 | 60285 | 192.168.122.1 | 53 |
192.168.122.201 | 60410 | 192.168.122.1 | 53 |
192.168.122.201 | 61372 | 192.168.122.1 | 53 |
192.168.122.201 | 61698 | 192.168.122.1 | 53 |
192.168.122.201 | 62233 | 192.168.122.1 | 53 |
192.168.122.201 | 65422 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://s.modskinpro.com/location.php | GET /location.php HTTP/1.1 Connection: Keep-Alive User-Agent: Agent Host: s.modskinpro.com |
URL专业沙箱检测 -> http://www.uucom.cc/ | GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.uucom.cc Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.uucom.cc/templets/default/images/logo.gif | GET /templets/default/images/logo.gif HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.uucom.cc Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/css/index.css | GET /skin/new2013/css/index.css HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.qqtn.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/css/reset.css | GET /skin/new2013/css/reset.css HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.qqtn.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/css/soft.css | GET /skin/new2013/css/soft.css HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.qqtn.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/css/skin1/skin.css | GET /skin/new2013/css/skin1/skin.css HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.qqtn.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://ossweb-img.qq.com/images/lol/web201310/skin/big17004.jpg | GET /images/lol/web201310/skin/big17004.jpg HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ossweb-img.qq.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://push.zhanzhang.baidu.com/push.js | GET /push.js HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: push.zhanzhang.baidu.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/images/rexbg.gif | GET /skin/new2013/images/rexbg.gif HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.qqtn.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://api.share.baidu.com/s.gif?l=http://www.uucom.cc/ | GET /s.gif?l=http://www.uucom.cc/ HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: api.share.baidu.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://hm.baidu.com/hm.js?936e3ffc538a5b333b5c84f10f4b17e9 | GET /hm.js?936e3ffc538a5b333b5c84f10f4b17e9 HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: hm.baidu.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://s95.cnzz.com/stat.php?id=1256910094&show=pic | GET /stat.php?id=1256910094&show=pic HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s95.cnzz.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://z4.cnzz.com/stat.htm?id=1256910094&r=&lg=zh-cn&ntime=none&cnzz_eid=776027644-1558502325-&showp=800x600&p=http%3A%2F%2Fwww.uucom.cc%2F&t=UU%E8%8B%B1%E9%9B%84%E8%81%94%E7%9B%9F%E7%9A%AE%E8%82%A4%E4%BF%AE%E6%94%B9%E5%99%A8&umuuid=168743fcf4043d-0ecd11a8ca41ad-26596859-75300-168743fcf5fa46&h=1&rnd=46575363 | GET /stat.htm?id=1256910094&r=&lg=zh-cn&ntime=none&cnzz_eid=776027644-1558502325-&showp=800x600&p=http%3A%2F%2Fwww.uucom.cc%2F&t=UU%E8%8B%B1%E9%9B%84%E8%81%94%E7%9B%9F%E7%9A%AE%E8%82%A4%E4%BF%AE%E6%94%B9%E5%99%A8&umuuid=168743fcf4043d-0ecd11a8ca41ad-26596859-75300-168743fcf5fa46&h=1&rnd=46575363 HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: z4.cnzz.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=1256910094&show=pic&t=z | GET /core.php?web_id=1256910094&show=pic&t=z HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: c.cnzz.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=800x600&vl=365&et=0&fl=24.0&ja=1&ln=zh-cn&lo=0&rnd=326005334&si=936e3ffc538a5b333b5c84f10f4b17e9&v=1.2.50&lv=1&sn=5261&ct=!!&tt=UU%E8%8B%B1%E9%9B%84%E8%81%94%E7%9B%9F%E7%9A%AE%E8%82%A4%E4%BF%AE%E6%94%B9%E5%99%A8 | GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=800x600&vl=365&et=0&fl=24.0&ja=1&ln=zh-cn&lo=0&rnd=326005334&si=936e3ffc538a5b333b5c84f10f4b17e9&v=1.2.50&lv=1&sn=5261&ct=!!&tt=UU%E8%8B%B1%E9%9B%84%E8%81%94%E7%9B%9F%E7%9A%AE%E8%82%A4%E4%BF%AE%E6%94%B9%E5%99%A8 HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: hm.baidu.com Connection: Keep-Alive Cookie: HMACCOUNT=1C2D5E181C7F32E5 |
URL专业沙箱检测 -> http://cnzz.mmstat.com/9.gif?abc=1&rnd=962914004 | GET /9.gif?abc=1&rnd=962914004 HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: cnzz.mmstat.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://icon.cnzz.com/img/pic.gif | GET /img/pic.gif HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: icon.cnzz.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://pcookie.cnzz.com/app.gif?&cna=ZNprFUN03HgCAXTnnrQQv5Yq | GET /app.gif?&cna=ZNprFUN03HgCAXTnnrQQv5Yq HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: pcookie.cnzz.com |
URL专业沙箱检测 -> http://www.uucom.cc/favicon.ico | GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.uucom.cc Connection: Keep-Alive Cookie: UM_distinctid=168743fcf4043d-0ecd11a8ca41ad-26596859-75300-168743fcf5fa46; Hm_lvt_936e3ffc538a5b333b5c84f10f4b17e9=1548138566; Hm_lpvt_936e3ffc538a5b333b5c84f10f4b17e9=1548138566; CNZZDATA1256910094=776027644-1558502325-%7C1558502325 |
URL专业沙箱检测 -> http://www.keke.la/ | GET / HTTP/1.1 Accept: */* Referer: http://www.uucom.cc/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.keke.la Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2019-05-22 14:29:50.028134+0800 | 192.168.122.201 | 49173 | 61.184.215.226 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | OU=Domain Control Validated, CN=*.qqtn.com | 2c:96:b9:9d:2c:a6:71:7a:95:7a:aa:da:63:cc:0b:9e:a6:38:5c:f6 |
2019-05-22 14:29:50.024606+0800 | 192.168.122.201 | 49171 | 61.184.215.226 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | OU=Domain Control Validated, CN=*.qqtn.com | 2c:96:b9:9d:2c:a6:71:7a:95:7a:aa:da:63:cc:0b:9e:a6:38:5c:f6 |
2019-05-22 14:29:50.028281+0800 | 192.168.122.201 | 49174 | 116.207.100.254 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com | 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd |
2019-05-22 14:29:50.026176+0800 | 192.168.122.201 | 49172 | 61.184.215.226 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | OU=Domain Control Validated, CN=*.qqtn.com | 2c:96:b9:9d:2c:a6:71:7a:95:7a:aa:da:63:cc:0b:9e:a6:38:5c:f6 |
2019-05-22 14:29:50.022840+0800 | 192.168.122.201 | 49170 | 61.184.215.226 | 443 | TLS 1.2 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | OU=Domain Control Validated, CN=*.qqtn.com | 2c:96:b9:9d:2c:a6:71:7a:95:7a:aa:da:63:cc:0b:9e:a6:38:5c:f6 |
2019-05-22 14:30:00.954921+0800 | 192.168.122.201 | 65018 | 23.224.87.219 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=keke.la | 0e:d1:cd:7c:a2:44:08:f8:5e:89:59:36:19:00:2c:84:5b:1c:50:54 |
No Suricata HTTP
文件名 | LOLPRO 9.10.4.exe |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\zip-tmp\LEAGUESKIN_9.10.4\x2fLOLPRO 9.10.4.exe
|
文件大小 | 458240 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 950e9d80f05039faa47017b921e6aa7e |
SHA1 | b562454eb98e63310c12b2903f9d7f53e621aa58 |
SHA256 | 39fa953c266078174a755772175a9e5a8e95bdefe0aa5b076c59d04aade903fd |
CRC32 | 5176DFFC |
Ssdeep | 6144:CnqiAFBpq2hfBvBWMYjHapr6g0RZiQeA3DLRba6XCqjO+dnkUpgwaO7xEPe:aDoqMYjHLDReA3Dda6XCOO+Npg81EPe |
魔盾安全分析结果 | 3.0 分析时间:2019-04-17 22:34:22 查看分析报告 |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 294856 |
---|---|
Mongo ID | 5ce4ecf22f8f2e08110dfe21 |
Cuckoo release | 1.4-Maldun |