恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-1	2019-06-20 01:33:18	2019-06-20 01:36:00	162 秒

魔盾分数

9.15

危险的

文件详细信息

文件名	csrss.exe
文件大小	13496320 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	88fa9aa47df560876c435648451025d1
SHA1	eb4b57f4e112937950389d968089a758fffb237d
SHA256	44a1b2ce4d39aec271f8e750b7eed2c9cad88549ab6d2e5399514b37bf7c731f
SHA512	8419030d618fa72389709f173bffa718fb32398999c0001aee67d69de0370c16e425b26d80a32e2000b498781780b6fb64f45a184d2d66e369e177b96a03f763
CRC32	58DF65CF
Ssdeep	196608:xk3hGpOJ2k3+FZ4DQH5alQ+3qgZ0YYbFDvViNB:0hGA4UU5D+3qgvYbFgNB
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
是	123.57.142.8	中国
否	14.215.158.24	中国
否	183.3.226.29	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
jq.qq.com	A 14.215.158.24
qm.qq.com	A 183.3.226.29

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x00496f98
声明校验值	0x00000000
最低操作系统版本要求	4.0
编译时间	2019-06-17 23:46:53
载入哈希	25643c902d7efbe182378c325743e581

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x000b642a	0x000b7000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.57
.rdata	0x000b8000	0x00ba5a22	0x00ba6000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	7.28
.data	0x00c5e000	0x00060b2a	0x0001c000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.40
.rsrc	0x00cbf000	0x00064b64	0x00065000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.21

导入

库: WINMM.dll:

• 0x4b8674 midiStreamOut

• 0x4b8678 midiOutPrepareHeader

• 0x4b867c waveOutUnprepareHeader

• 0x4b8680 waveOutPrepareHeader

• 0x4b8684 waveOutWrite

• 0x4b8688 waveOutPause

• 0x4b868c waveOutReset

• 0x4b8690 waveOutClose

• 0x4b8694 waveOutGetNumDevs

• 0x4b8698 midiStreamStop

• 0x4b869c midiOutReset

• 0x4b86a0 midiStreamClose

• 0x4b86a4 midiStreamRestart

• 0x4b86a8 waveOutOpen

• 0x4b86ac midiOutUnprepareHeader

• 0x4b86b0 midiStreamOpen

• 0x4b86b4 midiStreamProperty

• 0x4b86b8 waveOutRestart

库: WS2_32.dll:

• 0x4b86d0 closesocket

• 0x4b86d4 WSACleanup

• 0x4b86d8 WSAAsyncSelect

• 0x4b86dc accept

• 0x4b86e0 ntohs

• 0x4b86e4 ntohl

• 0x4b86e8 htons

• 0x4b86ec recvfrom

• 0x4b86f0 ioctlsocket

• 0x4b86f4 recv

• 0x4b86f8 inet_ntoa

• 0x4b86fc getpeername

库: KERNEL32.dll:

• 0x4b818c ReleaseMutex

• 0x4b8190 OpenFileMappingA

• 0x4b8194 UnmapViewOfFile

• 0x4b8198 MapViewOfFile

• 0x4b819c CreateFileMappingA

• 0x4b81a0 SetFilePointer

• 0x4b81a4 GetFileSize

• 0x4b81a8 TerminateProcess

• 0x4b81ac SetLastError

• 0x4b81b0 GetTimeZoneInformation

• 0x4b81b4 GetVersion

• 0x4b81b8 TerminateThread

• 0x4b81bc SuspendThread

• 0x4b81c0 GetACP

• 0x4b81c4 HeapSize

• 0x4b81c8 RaiseException

• 0x4b81cc GetLocalTime

• 0x4b81d0 GetSystemTime

• 0x4b81d4 RtlUnwind

• 0x4b81d8 GetStartupInfoA

• 0x4b81dc GetOEMCP

• 0x4b81e0 GetCPInfo

• 0x4b81e4 GetProcessVersion

• 0x4b81e8 SetErrorMode

• 0x4b81ec GlobalFlags

• 0x4b81f0 GetCurrentThread

• 0x4b81f4 GetFileTime

• 0x4b81f8 TlsGetValue

• 0x4b81fc LocalReAlloc

• 0x4b8200 TlsSetValue

• 0x4b8204 TlsFree

• 0x4b8208 GlobalHandle

• 0x4b820c TlsAlloc

• 0x4b8210 LocalAlloc

• 0x4b8214 lstrcmpA

• 0x4b8218 GlobalGetAtomNameA

• 0x4b821c GlobalAddAtomA

• 0x4b8220 GlobalFindAtomA

• 0x4b8224 GlobalDeleteAtom

• 0x4b8228 lstrcmpiA

• 0x4b822c SetEndOfFile

• 0x4b8230 UnlockFile

• 0x4b8234 LockFile

• 0x4b8238 FlushFileBuffers

• 0x4b823c DuplicateHandle

• 0x4b8240 lstrcpynA

• 0x4b8244 FileTimeToLocalFileTime

• 0x4b8248 FileTimeToSystemTime

• 0x4b824c LocalFree

• 0x4b8250 InterlockedDecrement

• 0x4b8254 InterlockedIncrement

• 0x4b8258 CreateMutexA

• 0x4b825c WideCharToMultiByte

• 0x4b8260 MultiByteToWideChar

• 0x4b8264 GetCurrentProcess

• 0x4b8268 GetWindowsDirectoryA

• 0x4b826c GetSystemDirectoryA

• 0x4b8270 CreateSemaphoreA

• 0x4b8274 ResumeThread

• 0x4b8278 ReleaseSemaphore

• 0x4b827c EnterCriticalSection

• 0x4b8280 LeaveCriticalSection

• 0x4b8284 GetProfileStringA

• 0x4b8288 WriteFile

• 0x4b828c WaitForMultipleObjects

• 0x4b8290 CreateFileA

• 0x4b8294 SetEvent

• 0x4b8298 FindResourceA

• 0x4b829c LoadResource

• 0x4b82a0 LockResource

• 0x4b82a4 ReadFile

• 0x4b82a8 RemoveDirectoryA

• 0x4b82ac GetModuleFileNameA

• 0x4b82b0 GetCurrentThreadId

• 0x4b82b4 ExitProcess

• 0x4b82b8 GlobalSize

• 0x4b82bc GlobalFree

• 0x4b82c0 DeleteCriticalSection

• 0x4b82c4 InitializeCriticalSection

• 0x4b82c8 lstrcatA

• 0x4b82cc lstrlenA

• 0x4b82d0 WinExec

• 0x4b82d4 lstrcpyA

• 0x4b82d8 FindNextFileA

• 0x4b82dc InterlockedExchange

• 0x4b82e0 GlobalReAlloc

• 0x4b82e4 HeapFree

• 0x4b82e8 HeapReAlloc

• 0x4b82ec GetProcessHeap

• 0x4b82f0 HeapAlloc

• 0x4b82f4 GetFullPathNameA

• 0x4b82f8 FreeLibrary

• 0x4b82fc LoadLibraryA

• 0x4b8300 GetLastError

• 0x4b8304 GetVersionExA

• 0x4b8308 WritePrivateProfileStringA

• 0x4b830c CreateThread

• 0x4b8310 CreateEventA

• 0x4b8314 Sleep

• 0x4b8318 ExpandEnvironmentStringsA

• 0x4b831c GlobalAlloc

• 0x4b8320 GlobalLock

• 0x4b8324 GlobalUnlock

• 0x4b8328 GetTempPathA

• 0x4b832c FindFirstFileA

• 0x4b8330 FindClose

• 0x4b8334 SetFileAttributesA

• 0x4b8338 GetFileAttributesA

• 0x4b833c MoveFileA

• 0x4b8340 DeleteFileA

• 0x4b8344 CopyFileA

• 0x4b8348 CreateDirectoryA

• 0x4b834c SetCurrentDirectoryA

• 0x4b8350 GetVolumeInformationA

• 0x4b8354 GetModuleHandleA

• 0x4b8358 GetProcAddress

• 0x4b835c MulDiv

• 0x4b8360 GetCommandLineA

• 0x4b8364 GetTickCount

• 0x4b8368 CreateProcessA

• 0x4b836c WaitForSingleObject

• 0x4b8370 CloseHandle

• 0x4b8374 UnhandledExceptionFilter

• 0x4b8378 FreeEnvironmentStringsA

• 0x4b837c FreeEnvironmentStringsW

• 0x4b8380 GetEnvironmentStrings

• 0x4b8384 GetEnvironmentStringsW

• 0x4b8388 SetHandleCount

• 0x4b838c GetStdHandle

• 0x4b8390 GetFileType

• 0x4b8394 GetEnvironmentVariableA

• 0x4b8398 HeapDestroy

• 0x4b839c HeapCreate

• 0x4b83a0 VirtualFree

• 0x4b83a4 SetEnvironmentVariableA

• 0x4b83a8 LCMapStringA

• 0x4b83ac LCMapStringW

• 0x4b83b0 VirtualAlloc

• 0x4b83b4 IsBadWritePtr

• 0x4b83b8 SetUnhandledExceptionFilter

• 0x4b83bc GetStringTypeA

• 0x4b83c0 GetStringTypeW

• 0x4b83c4 CompareStringA

• 0x4b83c8 CompareStringW

• 0x4b83cc IsBadReadPtr

• 0x4b83d0 IsBadCodePtr

• 0x4b83d4 SetStdHandle

库: USER32.dll:

• 0x4b83fc SetWindowRgn

• 0x4b8400 DestroyAcceleratorTable

• 0x4b8404 GetWindow

• 0x4b8408 GetActiveWindow

• 0x4b840c SetFocus

• 0x4b8410 IsIconic

• 0x4b8414 PeekMessageA

• 0x4b8418 SetMenu

• 0x4b841c GetMenu

• 0x4b8420 GetMessagePos

• 0x4b8424 ScreenToClient

• 0x4b8428 ChildWindowFromPointEx

• 0x4b842c CopyRect

• 0x4b8430 LoadBitmapA

• 0x4b8434 WinHelpA

• 0x4b8438 KillTimer

• 0x4b843c SetTimer

• 0x4b8440 CopyAcceleratorTableA

• 0x4b8444 GetKeyState

• 0x4b8448 TranslateAcceleratorA

• 0x4b844c IsWindowEnabled

• 0x4b8450 ShowWindow

• 0x4b8454 SystemParametersInfoA

• 0x4b8458 LoadImageA

• 0x4b845c EnumDisplaySettingsA

• 0x4b8460 ClientToScreen

• 0x4b8464 EnableMenuItem

• 0x4b8468 GetSubMenu

• 0x4b846c GetDlgCtrlID

• 0x4b8470 CreateAcceleratorTableA

• 0x4b8474 CreateMenu

• 0x4b8478 AppendMenuA

• 0x4b847c CreatePopupMenu

• 0x4b8480 DrawIconEx

• 0x4b8484 CreateIconFromResource

• 0x4b8488 CreateIconFromResourceEx

• 0x4b848c UnregisterClassA

• 0x4b8490 RegisterClipboardFormatA

• 0x4b8494 SetRectEmpty

• 0x4b8498 ReleaseCapture

• 0x4b849c GetCapture

• 0x4b84a0 SetCapture

• 0x4b84a4 GetScrollRange

• 0x4b84a8 SetScrollRange

• 0x4b84ac SetScrollPos

• 0x4b84b0 SetRect

• 0x4b84b4 InflateRect

• 0x4b84b8 IntersectRect

• 0x4b84bc DestroyIcon

• 0x4b84c0 PtInRect

• 0x4b84c4 OffsetRect

• 0x4b84c8 GetSysColorBrush

• 0x4b84cc LoadStringA

• 0x4b84d0 DeleteMenu

• 0x4b84d4 EnableWindow

• 0x4b84d8 RedrawWindow

• 0x4b84dc GetWindowLongA

• 0x4b84e0 SetWindowLongA

• 0x4b84e4 GetSysColor

• 0x4b84e8 SetActiveWindow

• 0x4b84ec SetCursorPos

• 0x4b84f0 LoadCursorA

• 0x4b84f4 SetCursor

• 0x4b84f8 GetDC

• 0x4b84fc FillRect

• 0x4b8500 IsRectEmpty

• 0x4b8504 ReleaseDC

• 0x4b8508 IsChild

• 0x4b850c DestroyMenu

• 0x4b8510 SetForegroundWindow

• 0x4b8514 GetWindowRect

• 0x4b8518 EqualRect

• 0x4b851c UpdateWindow

• 0x4b8520 ValidateRect

• 0x4b8524 InvalidateRect

• 0x4b8528 GetClientRect

• 0x4b852c GetFocus

• 0x4b8530 GetParent

• 0x4b8534 GetTopWindow

• 0x4b8538 PostMessageA

• 0x4b853c IsWindow

• 0x4b8540 SetParent

• 0x4b8544 DestroyCursor

• 0x4b8548 SendMessageA

• 0x4b854c SetWindowPos

• 0x4b8550 MessageBoxA

• 0x4b8554 GetCursorPos

• 0x4b8558 GetSystemMetrics

• 0x4b855c EmptyClipboard

• 0x4b8560 SetClipboardData

• 0x4b8564 OpenClipboard

• 0x4b8568 GetClipboardData

• 0x4b856c CloseClipboard

• 0x4b8570 wsprintfA

• 0x4b8574 WaitForInputIdle

• 0x4b8578 GetSystemMenu

• 0x4b857c DispatchMessageA

• 0x4b8580 GetMessageA

• 0x4b8584 WindowFromPoint

• 0x4b8588 DrawFocusRect

• 0x4b858c DrawEdge

• 0x4b8590 DrawFrameControl

• 0x4b8594 TranslateMessage

• 0x4b8598 LoadIconA

• 0x4b859c GetForegroundWindow

• 0x4b85a0 GetDesktopWindow

• 0x4b85a4 GetClassNameA

• 0x4b85a8 GetKeyboardState

• 0x4b85ac GetDlgItem

• 0x4b85b0 FindWindowExA

• 0x4b85b4 GetWindowTextA

• 0x4b85b8 DefWindowProcA

• 0x4b85bc GetClassInfoA

• 0x4b85c0 IsZoomed

• 0x4b85c4 IsWindowVisible

• 0x4b85c8 PostQuitMessage

• 0x4b85cc ModifyMenuA

• 0x4b85d0 GetWindowTextLengthA

• 0x4b85d4 CharUpperA

• 0x4b85d8 GetWindowDC

• 0x4b85dc BeginPaint

• 0x4b85e0 EndPaint

• 0x4b85e4 TabbedTextOutA

• 0x4b85e8 DrawTextA

• 0x4b85ec GrayStringA

• 0x4b85f0 DestroyWindow

• 0x4b85f4 CreateDialogIndirectParamA

• 0x4b85f8 EndDialog

• 0x4b85fc GetNextDlgTabItem

• 0x4b8600 GetWindowPlacement

• 0x4b8604 RegisterWindowMessageA

• 0x4b8608 GetLastActivePopup

• 0x4b860c GetMessageTime

• 0x4b8610 RemovePropA

• 0x4b8614 CallWindowProcA

• 0x4b8618 GetPropA

• 0x4b861c UnhookWindowsHookEx

• 0x4b8620 SetPropA

• 0x4b8624 GetClassLongA

• 0x4b8628 CallNextHookEx

• 0x4b862c SetWindowsHookExA

• 0x4b8630 CreateWindowExA

• 0x4b8634 GetMenuItemID

• 0x4b8638 GetMenuItemCount

• 0x4b863c RegisterClassA

• 0x4b8640 GetScrollPos

• 0x4b8644 AdjustWindowRectEx

• 0x4b8648 MapWindowPoints

• 0x4b864c SendDlgItemMessageA

• 0x4b8650 ScrollWindowEx

• 0x4b8654 IsDialogMessageA

• 0x4b8658 SetWindowTextA

• 0x4b865c MoveWindow

• 0x4b8660 CheckMenuItem

• 0x4b8664 SetMenuItemBitmaps

• 0x4b8668 GetMenuState

• 0x4b866c GetMenuCheckMarkDimensions

库: GDI32.dll:

• 0x4b8040 Escape

• 0x4b8044 ExtTextOutA

• 0x4b8048 TextOutA

• 0x4b804c RectVisible

• 0x4b8050 PtVisible

• 0x4b8054 GetViewportExtEx

• 0x4b8058 ExtSelectClipRgn

• 0x4b805c LineTo

• 0x4b8060 BitBlt

• 0x4b8064 CreateCompatibleDC

• 0x4b8068 Ellipse

• 0x4b806c Rectangle

• 0x4b8070 LPtoDP

• 0x4b8074 DPtoLP

• 0x4b8078 GetCurrentObject

• 0x4b807c RoundRect

• 0x4b8080 GetTextMetricsA

• 0x4b8084 GetTextExtentPoint32A

• 0x4b8088 GetDeviceCaps

• 0x4b808c GetSystemPaletteEntries

• 0x4b8090 CreateDIBitmap

• 0x4b8094 DeleteObject

• 0x4b8098 SelectClipRgn

• 0x4b809c CreatePolygonRgn

• 0x4b80a0 GetClipRgn

• 0x4b80a4 SetStretchBltMode

• 0x4b80a8 CreateRectRgnIndirect

• 0x4b80ac SetBkColor

• 0x4b80b0 MoveToEx

• 0x4b80b4 ExcludeClipRect

• 0x4b80b8 GetClipBox

• 0x4b80bc ScaleWindowExtEx

• 0x4b80c0 SetWindowExtEx

• 0x4b80c4 SetWindowOrgEx

• 0x4b80c8 ScaleViewportExtEx

• 0x4b80cc SetViewportExtEx

• 0x4b80d0 OffsetViewportOrgEx

• 0x4b80d4 StartPage

• 0x4b80d8 StartDocA

• 0x4b80dc DeleteDC

• 0x4b80e0 EndDoc

• 0x4b80e4 EndPage

• 0x4b80e8 CreateFontIndirectA

• 0x4b80ec GetStockObject

• 0x4b80f0 CreateSolidBrush

• 0x4b80f4 FillRgn

• 0x4b80f8 CreateRectRgn

• 0x4b80fc CombineRgn

• 0x4b8100 PatBlt

• 0x4b8104 CreatePen

• 0x4b8108 GetObjectA

• 0x4b810c SelectObject

• 0x4b8110 CreateBitmap

• 0x4b8114 CreateDCA

• 0x4b8118 CreateCompatibleBitmap

• 0x4b811c GetPolyFillMode

• 0x4b8120 GetStretchBltMode

• 0x4b8124 GetROP2

• 0x4b8128 GetBkColor

• 0x4b812c GetBkMode

• 0x4b8130 GetTextColor

• 0x4b8134 CreateRoundRectRgn

• 0x4b8138 SetViewportOrgEx

• 0x4b813c SetMapMode

• 0x4b8140 SetTextColor

• 0x4b8144 SetROP2

• 0x4b8148 SetPolyFillMode

• 0x4b814c SetBkMode

• 0x4b8150 RestoreDC

• 0x4b8154 SaveDC

• 0x4b8158 CreateEllipticRgn

• 0x4b815c PathToRegion

• 0x4b8160 EndPath

• 0x4b8164 BeginPath

• 0x4b8168 GetWindowOrgEx

• 0x4b816c GetViewportOrgEx

• 0x4b8170 GetWindowExtEx

• 0x4b8174 CreatePalette

• 0x4b8178 RealizePalette

• 0x4b817c SelectPalette

• 0x4b8180 GetDIBits

• 0x4b8184 StretchBlt

库: WINSPOOL.DRV:

• 0x4b86c0 OpenPrinterA

• 0x4b86c4 DocumentPropertiesA

• 0x4b86c8 ClosePrinter

库: ADVAPI32.dll:

• 0x4b8000 RegQueryValueExA

• 0x4b8004 RegOpenKeyExA

• 0x4b8008 RegSetValueExA

• 0x4b800c RegDeleteValueA

• 0x4b8010 RegDeleteKeyA

• 0x4b8014 RegQueryValueA

• 0x4b8018 RegCloseKey

• 0x4b801c InitializeSecurityDescriptor

• 0x4b8020 SetSecurityDescriptorDacl

• 0x4b8024 RegOpenKeyA

• 0x4b8028 RegEnumKeyA

• 0x4b802c RegCreateKeyExA

库: SHELL32.dll:

• 0x4b83ec Shell_NotifyIconA

• 0x4b83f0 ShellExecuteA

• 0x4b83f4 SHGetSpecialFolderPathA

库: ole32.dll:

• 0x4b8718 CLSIDFromString

• 0x4b871c OleUninitialize

• 0x4b8720 OleInitialize

库: OLEAUT32.dll:

• 0x4b83dc LoadTypeLib

• 0x4b83e0 RegisterTypeLib

• 0x4b83e4 UnRegisterTypeLib

库: COMCTL32.dll:

• 0x4b8034 None

• 0x4b8038 ImageList_Destroy

库: comdlg32.dll:

• 0x4b8704 ChooseColorA

• 0x4b8708 GetFileTitleA

• 0x4b870c GetSaveFileNameA

• 0x4b8710 GetOpenFileNameA

.text
`.rdata
@.data
.rsrc
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VMProtect begin
VMProtect end
VWPhL
VWPh|
VWQPh(
P hHsg
8`}<j
T$hVj
jjjjh

没有防病毒引擎扫描信息!

进程树

csrss.exe id: 2652
services.exe id: 428
- mscorsvw.exe id: 2488
- mscorsvw.exe id: 1964
iexplore.exe id: 2328

csrss.exe, PID: 2652, 上一级进程 PID: 2296

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

services.exe, PID: 428, 上一级进程 PID: 332

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2328, 上一级进程 PID: 2044

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

mscorsvw.exe, PID: 2488, 上一级进程 PID: 428

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

mscorsvw.exe, PID: 1964, 上一级进程 PID: 428

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
是	123.57.142.8	中国
否	14.215.158.24	中国
否	183.3.226.29	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	123.57.142.8	16688
192.168.122.201	49164	14.215.158.24 jq.qq.com	443
192.168.122.201	49165	183.3.226.29 qm.qq.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	61698	192.168.122.1	53
192.168.122.201	62233	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
jq.qq.com	A 14.215.158.24
qm.qq.com	A 183.3.226.29

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	123.57.142.8	16688
192.168.122.201	49164	14.215.158.24 jq.qq.com	443
192.168.122.201	49165	183.3.226.29 qm.qq.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	61698	192.168.122.1	53
192.168.122.201	62233	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://qm.qq.com/cgi-bin/qm/qr?k=zc0Z7gQP6CTy_LEug6Zn5cnP-Vx_Tbwf&authKey=p8U57s%2F6cl2KKPh1r8EcyACOlmPky1Xi7Ou75%2B2gT2iwPT54vtszwEeCZeEHOT0i&group_code=853395455	GET /cgi-bin/qm/qr?k=zc0Z7gQP6CTy_LEug6Zn5cnP-Vx_Tbwf&authKey=p8U57s%2F6cl2KKPh1r8EcyACOlmPky1Xi7Ou75%2B2gT2iwPT54vtszwEeCZeEHOT0i&group_code=853395455 HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: qm.qq.com Connection: Keep-Alive

URI

HTTP数据

URL专业沙箱检测 -> http://qm.qq.com/cgi-bin/qm/qr?k=zc0Z7gQP6CTy_LEug6Zn5cnP-Vx_Tbwf&authKey=p8U57s%2F6cl2KKPh1r8EcyACOlmPky1Xi7Ou75%2B2gT2iwPT54vtszwEeCZeEHOT0i&group_code=853395455

GET /cgi-bin/qm/qr?k=zc0Z7gQP6CTy_LEug6Zn5cnP-Vx_Tbwf&authKey=p8U57s%2F6cl2KKPh1r8EcyACOlmPky1Xi7Ou75%2B2gT2iwPT54vtszwEeCZeEHOT0i&group_code=853395455 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: qm.qq.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2019-06-20 01:34:30.534976+0800	192.168.122.201	49164	14.215.158.24	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=guangdong, L=shenzhen, O=Shenzhen Tencent Computer Systems Company Limited, CN=*.jq.qq.com	55:6b:a2:e9:3f:b6:bb:36:19:20:72:e0:9b:90:50:04:ac:09:27:8b

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 86.77 seconds )

35.406 Static
17.369 TargetInfo
15.513 Suricata
10.53 NetworkAnalysis
5.54 BehaviorAnalysis
1.794 VirusTotal
0.46 peid
0.096 AnalysisInfo
0.045 config_decoder
0.014 Strings
0.003 Memory

Signatures ( 4.074 seconds )

1.914 md_url_bl
0.311 api_spamming
0.261 stealth_timeout
0.233 stealth_decoy_document
0.186 antiav_detectreg
0.069 infostealer_ftp
0.067 injection_createremotethread
0.067 process_interest
0.047 injection_runpe
0.046 antivm_generic_scsi
0.045 vawtrak_behavior
0.041 antivm_vbox_libs
0.039 infostealer_im
0.038 antianalysis_detectreg
0.034 kovter_behavior
0.032 antivm_generic_services
0.03 antiemu_wine_func
0.029 stealth_file
0.028 anormaly_invoke_kills
0.028 process_needed
0.027 infostealer_browser_password
0.027 md_domain_bl
0.023 infostealer_mail
0.021 exec_crash
0.019 mimics_filetime
0.017 dridex_behavior
0.017 reads_self
0.017 antivm_generic_disk
0.017 virus
0.017 antiav_detectfile
0.014 bootkit
0.014 antisandbox_sunbelt_libs
0.012 antiav_avast_libs
0.012 geodo_banking_trojan
0.012 infostealer_bitcoin
0.011 antivm_vmware_libs
0.011 betabot_behavior
0.011 hancitor_behavior
0.01 antisandbox_sboxie_libs
0.01 antiav_bitdefender_libs
0.01 kibex_behavior
0.01 shifu_behavior
0.01 antivm_xen_keys
0.009 darkcomet_regkeys
0.009 ransomware_extensions
0.008 anomaly_persistence_autorun
0.008 antivm_parallels_keys
0.008 ransomware_files
0.007 antivm_generic_diskreg
0.007 antivm_vbox_files
0.006 network_http
0.006 recon_fingerprint
0.004 andromeda_behavior
0.004 maldun_suspicious
0.004 antisandbox_productid
0.004 disables_browser_warn
0.003 tinba_behavior
0.003 rat_nanocore
0.003 antivm_vmware_events
0.003 antidbg_windows
0.003 cryptowall_behavior
0.003 antivm_xen_keys
0.003 antivm_hyperv_keys
0.003 antivm_vbox_acpi
0.003 antivm_vbox_keys
0.003 antivm_vmware_keys
0.003 antivm_vpc_keys
0.003 network_torgateway
0.003 packer_armadillo_regkey
0.002 hawkeye_behavior
0.002 network_tor
0.002 Locky_behavior
0.002 heapspray_js
0.002 cerber_behavior
0.002 bypass_firewall
0.002 antidbg_devices
0.002 antivm_generic_bios
0.002 antivm_generic_system
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.002 network_cnc_http
0.002 rat_pcclient
0.002 recon_programs
0.001 malicious_write_executeable_under_temp_to_regrun
0.001 rat_luminosity
0.001 virtualcheck_js
0.001 injection_explorer
0.001 sets_autoconfig_url
0.001 stealth_network
0.001 ursnif_behavior
0.001 kazybot_behavior
0.001 ransomeware_modifies_desktop_wallpaper
0.001 dyre_behavior
0.001 encrypted_ioc
0.001 ispy_behavior
0.001 h1n1_behavior
0.001 antianalysis_detectfile
0.001 antivm_generic_cpu
0.001 antivm_vmware_files
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 codelux_behavior
0.001 malicious_drop_executable_file_to_temp_folder
0.001 malicous_targeted_flame
0.001 rat_spynet
0.001 stealth_modify_uac_prompt

Reporting ( 1.307 seconds )

0.996 ReportHTMLSummary
0.311 Malheur


Task ID	312242
Mongo ID	5d0a73022f8f2e424f5e2a39
Cuckoo release	1.4-Maldun