分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-1 2019-05-22 14:28:25 2019-05-22 14:30:44 139 秒

魔盾分数

6.7625

危险的

文件详细信息

文件名 LEAGUESKIN_9.10.4.zip ==> LOLPRO 9.10.4.exe
文件大小 458240 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 950e9d80f05039faa47017b921e6aa7e
SHA1 b562454eb98e63310c12b2903f9d7f53e621aa58
SHA256 39fa953c266078174a755772175a9e5a8e95bdefe0aa5b076c59d04aade903fd
SHA512 207dc88e912ad7c55c0848ec6adce76665091396353f2efb90a7382f4d150963174de8839672387b5436ae9ea6f2b3e1a151c4afa77d848751679f36ecd25e6f
CRC32 5176DFFC
Ssdeep 6144:CnqiAFBpq2hfBvBWMYjHapr6g0RZiQeA3DLRba6XCqjO+dnkUpgwaO7xEPe:aDoqMYjHLDReA3Dda6XCOO+Npg81EPe
Yara 登录查看Yara规则
样本下载 提交误报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
106.11.249.143 未知 中国
106.11.92.14 未知 中国
106.120.159.126 未知 中国
116.207.100.254 未知 中国
140.249.60.199 未知 中国
180.149.131.146 未知 中国
180.153.105.162 未知 中国
180.163.198.48 未知 中国
194.15.36.194 未知 未知
203.119.129.115 未知 中国
222.186.49.229 未知 中国
23.224.87.219 未知 美国
47.75.54.182 未知 加拿大
59.63.247.231 未知 中国
61.184.215.226 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
s.modskinpro.com A 194.15.36.194
www.uucom.cc 未知 A 47.75.54.182
www.qqtn.com 未知 A 61.184.215.226
CNAME www.qqtn.com.w.kunlunar.com
img.alicdn.com A 117.21.234.253
A 125.77.167.253
A 116.207.100.254
A 125.77.167.254
A 117.21.234.254
CNAME img.alicdn.com.danuoyi.alicdn.com
A 122.228.4.253
A 27.155.69.119
A 122.228.4.254
A 27.155.69.118
ossweb-img.qq.com CNAME ossweb-img.x2.sched.dcloudstc.com
A 180.153.105.195
CNAME ossweb-img.tc.qq.com
A 180.153.105.161
CNAME ossweb-img.qq.com.tc.qq.com
A 180.153.105.162
push.zhanzhang.baidu.com CNAME share.jomodns.com
A 180.163.198.48
hm.baidu.com CNAME hm.e.shifen.com
A 106.120.159.126
api.share.baidu.com CNAME api.share.n.shifen.com
A 180.149.131.146
s95.cnzz.com A 140.249.61.246
A 121.207.229.180
A 58.218.215.188
CNAME all.cnzz.com.danuoyi.tbcache.com
A 140.249.61.248
A 140.249.60.233
A 121.207.229.179
CNAME c.cnzz.com
A 58.218.215.120
A 59.63.247.231
A 122.246.20.207
A 140.249.60.199
A 58.215.145.77
A 122.246.20.208
A 59.63.247.232
A 222.186.49.228
A 222.186.49.229
A 58.215.145.188
z4.cnzz.com CNAME z.cnzz.com
A 203.119.129.115
CNAME z.gds.cnzz.com
c.cnzz.com
cnzz.mmstat.com CNAME gm.gds.mmstat.com
A 106.11.249.143
CNAME gm.mmstat.com
icon.cnzz.com CNAME icon.cnzz.com.danuoyi.tbcache.com
pcookie.cnzz.com A 106.11.92.14
CNAME pcookie.gds.taobao.com
CNAME pcookie.taobao.com
www.keke.la 未知 CNAME gtm-cn-v0h131ms40f.gtm-a3b1.com
A 23.224.87.219
CNAME nocdn.16tx.cn

摘要

登录查看详细行为信息
没有信息显示.
LEAGUESKIN_9.10.4/Data.lol
b%r}W
G@Qtc*<
;!T"SvZD
]1V<7
G2]4jr
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20190416
MicroWorld-eScan 未发现病毒 20190417
CMC 未发现病毒 20190321
CAT-QuickHeal 未发现病毒 20190416
McAfee 未发现病毒 20190417
Cylance 未发现病毒 20190417
TheHacker 未发现病毒 20190411
Alibaba 未发现病毒 20190402
K7GW 未发现病毒 20190417
K7AntiVirus 未发现病毒 20190417
TrendMicro 未发现病毒 20190417
Baidu 未发现病毒 20190318
Babable 未发现病毒 20180918
F-Prot 未发现病毒 20190417
Symantec 未发现病毒 20190416
ESET-NOD32 未发现病毒 20190417
TrendMicro-HouseCall 未发现病毒 20190417
Paloalto 未发现病毒 20190417
ClamAV 未发现病毒 20190416
Kaspersky 未发现病毒 20190417
BitDefender 未发现病毒 20190417
NANO-Antivirus 未发现病毒 20190417
ViRobot 未发现病毒 20190417
SUPERAntiSpyware 未发现病毒 20190410
Avast 未发现病毒 20190417
Tencent 未发现病毒 20190417
Endgame 未发现病毒 20190403
Trustlook 未发现病毒 20190417
Sophos 未发现病毒 20190417
Comodo 未发现病毒 20190417
F-Secure 未发现病毒 20190416
DrWeb 未发现病毒 20190417
Zillya 未发现病毒 20190416
Invincea 未发现病毒 20190313
McAfee-GW-Edition 未发现病毒 20190416
Trapmine 未发现病毒 20190325
FireEye 未发现病毒 20190417
Emsisoft 未发现病毒 20190417
Ikarus 未发现病毒 20190416
Cyren 未发现病毒 20190417
Jiangmin 未发现病毒 20190417
Webroot 未发现病毒 20190417
Avira 未发现病毒 20190417
Antiy-AVL 未发现病毒 20190417
Kingsoft 未发现病毒 20190417
Microsoft 未发现病毒 20190417
Arcabit 未发现病毒 20190417
AegisLab 未发现病毒 20190417
ZoneAlarm 未发现病毒 20190417
Avast-Mobile 未发现病毒 20190415
GData 未发现病毒 20190417
TACHYON 未发现病毒 20190417
AhnLab-V3 未发现病毒 20190417
Acronis 未发现病毒 20190415
VBA32 未发现病毒 20190416
ALYac 未发现病毒 20190417
MAX 未发现病毒 20190417
Ad-Aware 未发现病毒 20190417
Malwarebytes 未发现病毒 20190417
Zoner 未发现病毒 20190417
Rising 未发现病毒 20190417
Yandex 未发现病毒 20190416
SentinelOne 未发现病毒 20190407
eGambit 未发现病毒 20190417
Fortinet 未发现病毒 20190417
AVG 未发现病毒 20190417
Cybereason 未发现病毒 20190417
Panda 未发现病毒 20190416
CrowdStrike 未发现病毒 20190212
Qihoo-360 未发现病毒 20190417

进程树


cmd.exe, PID: 2684, 上一级进程 PID: 2296
LOLPRO 9.10.4.exe, PID: 2804, 上一级进程 PID: 2684
ffhID3B9uDbm.exe, PID: 1204, 上一级进程 PID: 2804

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
106.11.249.143 未知 中国
106.11.92.14 未知 中国
106.120.159.126 未知 中国
116.207.100.254 未知 中国
140.249.60.199 未知 中国
180.149.131.146 未知 中国
180.153.105.162 未知 中国
180.163.198.48 未知 中国
194.15.36.194 未知 未知
203.119.129.115 未知 中国
222.186.49.229 未知 中国
23.224.87.219 未知 美国
47.75.54.182 未知 加拿大
59.63.247.231 未知 中国
61.184.215.226 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 65013 106.11.249.143 cnzz.mmstat.com 80
192.168.122.201 65015 106.11.92.14 pcookie.cnzz.com 80
192.168.122.201 64018 106.120.159.126 hm.baidu.com 80
192.168.122.201 49174 116.207.100.254 img.alicdn.com 443
192.168.122.201 65014 140.249.60.199 s95.cnzz.com 80
192.168.122.201 64017 180.149.131.146 api.share.baidu.com 80
192.168.122.201 49176 180.153.105.162 ossweb-img.qq.com 80
192.168.122.201 49175 180.163.198.48 push.zhanzhang.baidu.com 80
192.168.122.201 61926 192.168.122.1 53
192.168.122.201 64016 192.168.122.1 53
192.168.122.201 65012 192.168.122.1 53
192.168.122.201 49164 194.15.36.194 s.modskinpro.com 80
192.168.122.201 64020 203.119.129.115 z4.cnzz.com 80
192.168.122.201 61927 222.186.49.229 s95.cnzz.com 80
192.168.122.201 65017 23.224.87.219 www.keke.la 80
192.168.122.201 65018 23.224.87.219 www.keke.la 443
192.168.122.201 49165 47.75.54.182 www.uucom.cc 80
192.168.122.201 49166 47.75.54.182 www.uucom.cc 80
192.168.122.201 64019 59.63.247.231 s95.cnzz.com 80
192.168.122.201 49167 61.184.215.226 www.qqtn.com 80
192.168.122.201 49168 61.184.215.226 www.qqtn.com 80
192.168.122.201 49169 61.184.215.226 www.qqtn.com 80
192.168.122.201 49170 61.184.215.226 www.qqtn.com 443
192.168.122.201 49171 61.184.215.226 www.qqtn.com 443
192.168.122.201 49172 61.184.215.226 www.qqtn.com 443
192.168.122.201 49173 61.184.215.226 www.qqtn.com 443
192.168.122.201 49177 61.184.215.226 www.qqtn.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52453 192.168.122.1 53
192.168.122.201 53698 192.168.122.1 53
192.168.122.201 53863 192.168.122.1 53
192.168.122.201 53932 192.168.122.1 53
192.168.122.201 55638 192.168.122.1 53
192.168.122.201 57570 192.168.122.1 53
192.168.122.201 58181 192.168.122.1 53
192.168.122.201 58463 192.168.122.1 53
192.168.122.201 60192 192.168.122.1 53
192.168.122.201 60285 192.168.122.1 53
192.168.122.201 60410 192.168.122.1 53
192.168.122.201 61372 192.168.122.1 53
192.168.122.201 61698 192.168.122.1 53
192.168.122.201 62233 192.168.122.1 53
192.168.122.201 65422 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
s.modskinpro.com A 194.15.36.194
www.uucom.cc 未知 A 47.75.54.182
www.qqtn.com 未知 A 61.184.215.226
CNAME www.qqtn.com.w.kunlunar.com
img.alicdn.com A 117.21.234.253
A 125.77.167.253
A 116.207.100.254
A 125.77.167.254
A 117.21.234.254
CNAME img.alicdn.com.danuoyi.alicdn.com
A 122.228.4.253
A 27.155.69.119
A 122.228.4.254
A 27.155.69.118
ossweb-img.qq.com CNAME ossweb-img.x2.sched.dcloudstc.com
A 180.153.105.195
CNAME ossweb-img.tc.qq.com
A 180.153.105.161
CNAME ossweb-img.qq.com.tc.qq.com
A 180.153.105.162
push.zhanzhang.baidu.com CNAME share.jomodns.com
A 180.163.198.48
hm.baidu.com CNAME hm.e.shifen.com
A 106.120.159.126
api.share.baidu.com CNAME api.share.n.shifen.com
A 180.149.131.146
s95.cnzz.com A 140.249.61.246
A 121.207.229.180
A 58.218.215.188
CNAME all.cnzz.com.danuoyi.tbcache.com
A 140.249.61.248
A 140.249.60.233
A 121.207.229.179
CNAME c.cnzz.com
A 58.218.215.120
A 59.63.247.231
A 122.246.20.207
A 140.249.60.199
A 58.215.145.77
A 122.246.20.208
A 59.63.247.232
A 222.186.49.228
A 222.186.49.229
A 58.215.145.188
z4.cnzz.com CNAME z.cnzz.com
A 203.119.129.115
CNAME z.gds.cnzz.com
c.cnzz.com
cnzz.mmstat.com CNAME gm.gds.mmstat.com
A 106.11.249.143
CNAME gm.mmstat.com
icon.cnzz.com CNAME icon.cnzz.com.danuoyi.tbcache.com
pcookie.cnzz.com A 106.11.92.14
CNAME pcookie.gds.taobao.com
CNAME pcookie.taobao.com
www.keke.la 未知 CNAME gtm-cn-v0h131ms40f.gtm-a3b1.com
A 23.224.87.219
CNAME nocdn.16tx.cn

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 65013 106.11.249.143 cnzz.mmstat.com 80
192.168.122.201 65015 106.11.92.14 pcookie.cnzz.com 80
192.168.122.201 64018 106.120.159.126 hm.baidu.com 80
192.168.122.201 49174 116.207.100.254 img.alicdn.com 443
192.168.122.201 65014 140.249.60.199 s95.cnzz.com 80
192.168.122.201 64017 180.149.131.146 api.share.baidu.com 80
192.168.122.201 49176 180.153.105.162 ossweb-img.qq.com 80
192.168.122.201 49175 180.163.198.48 push.zhanzhang.baidu.com 80
192.168.122.201 61926 192.168.122.1 53
192.168.122.201 64016 192.168.122.1 53
192.168.122.201 65012 192.168.122.1 53
192.168.122.201 49164 194.15.36.194 s.modskinpro.com 80
192.168.122.201 64020 203.119.129.115 z4.cnzz.com 80
192.168.122.201 61927 222.186.49.229 s95.cnzz.com 80
192.168.122.201 65017 23.224.87.219 www.keke.la 80
192.168.122.201 65018 23.224.87.219 www.keke.la 443
192.168.122.201 49165 47.75.54.182 www.uucom.cc 80
192.168.122.201 49166 47.75.54.182 www.uucom.cc 80
192.168.122.201 64019 59.63.247.231 s95.cnzz.com 80
192.168.122.201 49167 61.184.215.226 www.qqtn.com 80
192.168.122.201 49168 61.184.215.226 www.qqtn.com 80
192.168.122.201 49169 61.184.215.226 www.qqtn.com 80
192.168.122.201 49170 61.184.215.226 www.qqtn.com 443
192.168.122.201 49171 61.184.215.226 www.qqtn.com 443
192.168.122.201 49172 61.184.215.226 www.qqtn.com 443
192.168.122.201 49173 61.184.215.226 www.qqtn.com 443
192.168.122.201 49177 61.184.215.226 www.qqtn.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52453 192.168.122.1 53
192.168.122.201 53698 192.168.122.1 53
192.168.122.201 53863 192.168.122.1 53
192.168.122.201 53932 192.168.122.1 53
192.168.122.201 55638 192.168.122.1 53
192.168.122.201 57570 192.168.122.1 53
192.168.122.201 58181 192.168.122.1 53
192.168.122.201 58463 192.168.122.1 53
192.168.122.201 60192 192.168.122.1 53
192.168.122.201 60285 192.168.122.1 53
192.168.122.201 60410 192.168.122.1 53
192.168.122.201 61372 192.168.122.1 53
192.168.122.201 61698 192.168.122.1 53
192.168.122.201 62233 192.168.122.1 53
192.168.122.201 65422 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://s.modskinpro.com/location.php
GET /location.php HTTP/1.1
Connection: Keep-Alive
User-Agent: Agent
Host: s.modskinpro.com

URL专业沙箱检测 -> http://www.uucom.cc/
GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.uucom.cc
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.uucom.cc/templets/default/images/logo.gif
GET /templets/default/images/logo.gif HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.uucom.cc
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/css/index.css
GET /skin/new2013/css/index.css HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.qqtn.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/css/reset.css
GET /skin/new2013/css/reset.css HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.qqtn.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/css/soft.css
GET /skin/new2013/css/soft.css HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.qqtn.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/css/skin1/skin.css
GET /skin/new2013/css/skin1/skin.css HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.qqtn.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://ossweb-img.qq.com/images/lol/web201310/skin/big17004.jpg
GET /images/lol/web201310/skin/big17004.jpg HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: ossweb-img.qq.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://push.zhanzhang.baidu.com/push.js
GET /push.js HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: push.zhanzhang.baidu.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.qqtn.com/skin/new2013/images/rexbg.gif
GET /skin/new2013/images/rexbg.gif HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.qqtn.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://api.share.baidu.com/s.gif?l=http://www.uucom.cc/
GET /s.gif?l=http://www.uucom.cc/ HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: api.share.baidu.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://hm.baidu.com/hm.js?936e3ffc538a5b333b5c84f10f4b17e9
GET /hm.js?936e3ffc538a5b333b5c84f10f4b17e9 HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://s95.cnzz.com/stat.php?id=1256910094&show=pic
GET /stat.php?id=1256910094&show=pic HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: s95.cnzz.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://z4.cnzz.com/stat.htm?id=1256910094&r=&lg=zh-cn&ntime=none&cnzz_eid=776027644-1558502325-&showp=800x600&p=http%3A%2F%2Fwww.uucom.cc%2F&t=UU%E8%8B%B1%E9%9B%84%E8%81%94%E7%9B%9F%E7%9A%AE%E8%82%A4%E4%BF%AE%E6%94%B9%E5%99%A8&umuuid=168743fcf4043d-0ecd11a8ca41ad-26596859-75300-168743fcf5fa46&h=1&rnd=46575363
GET /stat.htm?id=1256910094&r=&lg=zh-cn&ntime=none&cnzz_eid=776027644-1558502325-&showp=800x600&p=http%3A%2F%2Fwww.uucom.cc%2F&t=UU%E8%8B%B1%E9%9B%84%E8%81%94%E7%9B%9F%E7%9A%AE%E8%82%A4%E4%BF%AE%E6%94%B9%E5%99%A8&umuuid=168743fcf4043d-0ecd11a8ca41ad-26596859-75300-168743fcf5fa46&h=1&rnd=46575363 HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: z4.cnzz.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=1256910094&show=pic&t=z
GET /core.php?web_id=1256910094&show=pic&t=z HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: c.cnzz.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=800x600&vl=365&et=0&fl=24.0&ja=1&ln=zh-cn&lo=0&rnd=326005334&si=936e3ffc538a5b333b5c84f10f4b17e9&v=1.2.50&lv=1&sn=5261&ct=!!&tt=UU%E8%8B%B1%E9%9B%84%E8%81%94%E7%9B%9F%E7%9A%AE%E8%82%A4%E4%BF%AE%E6%94%B9%E5%99%A8
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=800x600&vl=365&et=0&fl=24.0&ja=1&ln=zh-cn&lo=0&rnd=326005334&si=936e3ffc538a5b333b5c84f10f4b17e9&v=1.2.50&lv=1&sn=5261&ct=!!&tt=UU%E8%8B%B1%E9%9B%84%E8%81%94%E7%9B%9F%E7%9A%AE%E8%82%A4%E4%BF%AE%E6%94%B9%E5%99%A8 HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=1C2D5E181C7F32E5

URL专业沙箱检测 -> http://cnzz.mmstat.com/9.gif?abc=1&rnd=962914004
GET /9.gif?abc=1&rnd=962914004 HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: cnzz.mmstat.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://icon.cnzz.com/img/pic.gif
GET /img/pic.gif HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: icon.cnzz.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://pcookie.cnzz.com/app.gif?&cna=ZNprFUN03HgCAXTnnrQQv5Yq
GET /app.gif?&cna=ZNprFUN03HgCAXTnnrQQv5Yq HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pcookie.cnzz.com

URL专业沙箱检测 -> http://www.uucom.cc/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.uucom.cc
Connection: Keep-Alive
Cookie: UM_distinctid=168743fcf4043d-0ecd11a8ca41ad-26596859-75300-168743fcf5fa46; Hm_lvt_936e3ffc538a5b333b5c84f10f4b17e9=1548138566; Hm_lpvt_936e3ffc538a5b333b5c84f10f4b17e9=1548138566; CNZZDATA1256910094=776027644-1558502325-%7C1558502325

URL专业沙箱检测 -> http://www.keke.la/
GET / HTTP/1.1
Accept: */*
Referer: http://www.uucom.cc/
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.keke.la
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2019-05-22 14:29:50.028134+0800 192.168.122.201 49173 61.184.215.226 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 OU=Domain Control Validated, CN=*.qqtn.com 2c:96:b9:9d:2c:a6:71:7a:95:7a:aa:da:63:cc:0b:9e:a6:38:5c:f6
2019-05-22 14:29:50.024606+0800 192.168.122.201 49171 61.184.215.226 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 OU=Domain Control Validated, CN=*.qqtn.com 2c:96:b9:9d:2c:a6:71:7a:95:7a:aa:da:63:cc:0b:9e:a6:38:5c:f6
2019-05-22 14:29:50.028281+0800 192.168.122.201 49174 116.207.100.254 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com 01:af:58:f7:9a:f4:0a:47:9b:01:ab:b7:d4:66:57:9e:f2:d7:56:bd
2019-05-22 14:29:50.026176+0800 192.168.122.201 49172 61.184.215.226 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 OU=Domain Control Validated, CN=*.qqtn.com 2c:96:b9:9d:2c:a6:71:7a:95:7a:aa:da:63:cc:0b:9e:a6:38:5c:f6
2019-05-22 14:29:50.022840+0800 192.168.122.201 49170 61.184.215.226 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 OU=Domain Control Validated, CN=*.qqtn.com 2c:96:b9:9d:2c:a6:71:7a:95:7a:aa:da:63:cc:0b:9e:a6:38:5c:f6
2019-05-22 14:30:00.954921+0800 192.168.122.201 65018 23.224.87.219 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=keke.la 0e:d1:cd:7c:a2:44:08:f8:5e:89:59:36:19:00:2c:84:5b:1c:50:54

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 LOLPRO 9.10.4.exe
相关文件
C:\Users\test\AppData\Local\Temp\zip-tmp\LEAGUESKIN_9.10.4\x2fLOLPRO 9.10.4.exe
文件大小 458240 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 950e9d80f05039faa47017b921e6aa7e
SHA1 b562454eb98e63310c12b2903f9d7f53e621aa58
SHA256 39fa953c266078174a755772175a9e5a8e95bdefe0aa5b076c59d04aade903fd
CRC32 5176DFFC
Ssdeep 6144:CnqiAFBpq2hfBvBWMYjHapr6g0RZiQeA3DLRba6XCqjO+dnkUpgwaO7xEPe:aDoqMYjHLDReA3Dda6XCOO+Npg81EPe
魔盾安全分析结果 3.0分析时间:2019-04-17 22:34:22查看分析报告
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 50.4 seconds )

  • 26.706 NetworkAnalysis
  • 15.528 Suricata
  • 5.069 BehaviorAnalysis
  • 1.745 AnalysisInfo
  • 0.928 TargetInfo
  • 0.371 VirusTotal
  • 0.03 Dropped
  • 0.018 Strings
  • 0.003 Memory
  • 0.002 Static

Signatures ( 6.297 seconds )

  • 2.585 md_url_bl
  • 0.651 antiav_detectreg
  • 0.251 api_spamming
  • 0.227 infostealer_ftp
  • 0.204 stealth_timeout
  • 0.197 mimics_filetime
  • 0.166 stealth_decoy_document
  • 0.138 antianalysis_detectreg
  • 0.13 infostealer_im
  • 0.113 infostealer_browser
  • 0.112 reads_self
  • 0.098 stealth_file
  • 0.073 md_domain_bl
  • 0.071 infostealer_mail
  • 0.068 bootkit
  • 0.063 virus
  • 0.059 injection_createremotethread
  • 0.059 maldun_suspicious
  • 0.056 antivm_generic_disk
  • 0.041 antivm_generic_scsi
  • 0.04 injection_runpe
  • 0.036 process_interest
  • 0.034 kibex_behavior
  • 0.034 antiav_detectfile
  • 0.034 antivm_parallels_keys
  • 0.033 ipc_namedpipe
  • 0.032 antivm_xen_keys
  • 0.032 darkcomet_regkeys
  • 0.031 infostealer_browser_password
  • 0.029 geodo_banking_trojan
  • 0.028 hancitor_behavior
  • 0.028 recon_fingerprint
  • 0.027 infostealer_bitcoin
  • 0.026 ransomware_extensions
  • 0.025 betabot_behavior
  • 0.023 malicious_write_executeable_under_temp_to_regrun
  • 0.022 vawtrak_behavior
  • 0.021 antivm_generic_diskreg
  • 0.018 antisandbox_productid
  • 0.017 ransomware_files
  • 0.015 antivm_generic_services
  • 0.015 process_needed
  • 0.014 anormaly_invoke_kills
  • 0.014 antivm_vbox_files
  • 0.012 antivm_vbox_keys
  • 0.011 securityxploded_modules
  • 0.011 antivm_vmware_keys
  • 0.01 bypass_firewall
  • 0.01 antivm_xen_keys
  • 0.01 antivm_hyperv_keys
  • 0.01 antivm_vbox_acpi
  • 0.01 antivm_vpc_keys
  • 0.01 packer_armadillo_regkey
  • 0.009 rat_luminosity
  • 0.009 ransomware_message
  • 0.009 anomaly_persistence_autorun
  • 0.009 antivm_generic_bios
  • 0.009 antivm_generic_cpu
  • 0.009 antivm_generic_system
  • 0.009 recon_programs
  • 0.008 sets_autoconfig_url
  • 0.008 kovter_behavior
  • 0.007 injection_explorer
  • 0.007 network_http
  • 0.006 tinba_behavior
  • 0.006 hawkeye_behavior
  • 0.006 h1n1_behavior
  • 0.006 antidbg_devices
  • 0.005 network_tor
  • 0.005 disables_wfp
  • 0.004 rat_nanocore
  • 0.004 disables_spdy
  • 0.004 network_cnc_http
  • 0.004 network_torgateway
  • 0.004 rat_pcclient
  • 0.003 antiemu_wine_func
  • 0.003 antivm_vbox_libs
  • 0.003 office_dl_write_exe
  • 0.003 shifu_behavior
  • 0.003 disables_browser_warn
  • 0.002 office_write_exe
  • 0.002 kazybot_behavior
  • 0.002 antidbg_windows
  • 0.002 cerber_behavior
  • 0.002 sniffer_winpcap
  • 0.002 antianalysis_detectfile
  • 0.002 antivm_vmware_files
  • 0.002 bot_drive
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 codelux_behavior
  • 0.002 md_bad_drop
  • 0.001 antiav_avast_libs
  • 0.001 dridex_behavior
  • 0.001 antisandbox_sleep
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 exec_crash
  • 0.001 antisandbox_fortinet_files
  • 0.001 antisandbox_sunbelt_files
  • 0.001 antivm_vpc_files
  • 0.001 antiemu_wine_reg
  • 0.001 banker_cridex
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 maldun_network_blacklist
  • 0.001 network_tor_service
  • 0.001 ransomware_radamant
  • 0.001 rat_spynet
  • 0.001 recon_checkip
  • 0.001 stealth_modify_uac_prompt

Reporting ( 1.584 seconds )

  • 0.983 ReportHTMLSummary
  • 0.601 Malheur
Task ID 294856
Mongo ID 5ce4ecf22f8f2e08110dfe21
Cuckoo release 1.4-Maldun