分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-08-16 10:30:20 | 2019-08-16 10:33:03 | 163 秒 |
文件名 | ZSsafe.exe |
---|---|
文件大小 | 3213573 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 78cc1fbaa1a89984591c90218e9d8806 |
SHA1 | 400d6f503ba76129e9d2f9fe77c65f6cceb24f47 |
SHA256 | c1f8a2be52e1739a4d8475f97f73daeae71af56bcd5bf468862b38b5f7e4a10b |
SHA512 | 6e6c223906cd59206f28dbbfc28c52c955efe606ce51e330c6c79dda233d0779f0e806a117b298271be4f43f1c4148f7094ab0a92312e20486f9b028f356feef |
CRC32 | B6815DA2 |
Ssdeep | 49152:7fkH7Ag+ZNBaX5FvI6zZDQ6Y3eqa3rpq9nBmuT+xahqg2ryR7KmBS2RBokBF45ck:Dr9aX5l83f0rcBtTUao7yq27okBa5oA |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 119.23.59.239 | 中国 | |
否 | 122.114.130.31 | 中国 | |
否 | 123.58.180.39 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
mojunxie521.blog.163.com |
A 123.58.180.101 A 123.58.180.39 |
|
2018k.cn | A 119.23.59.239 | |
yuanlin.6600.org | A 122.114.130.31 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00401000 |
声明校验值 | 0x00000000 |
实际校验值 | 0x00315d2c |
最低操作系统版本要求 | 4.0 |
编译时间 | 1972-12-25 13:33:23 |
载入哈希 | 469b1bae2575baede5bf1f06a01b4767 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.UPX1 | 0x00001000 | 0x001c6000 | 0x00000200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 1.36 |
.UPX1 | 0x001c7000 | 0x0014ca75 | 0x001485b3 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.88 |
偏移量 | 0x0030e791 |
大小 | 0x00002174 |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20190815 |
MicroWorld-eScan | Trojan.GenericKD.41522303 | 20190816 |
CMC | 未发现病毒 | 20190321 |
CAT-QuickHeal | Backdoor.FlyAgent | 20190814 |
McAfee | Artemis!78CC1FBAA1A8 | 20190815 |
Cylance | Unsafe | 20190816 |
SUPERAntiSpyware | 未发现病毒 | 20190809 |
K7AntiVirus | Adware ( 004b8bcf1 ) | 20190814 |
BitDefender | Trojan.GenericKD.41522303 | 20190816 |
K7GW | Adware ( 004b8bcf1 ) | 20190814 |
CrowdStrike | win/malicious_confidence_90% (W) | 20190212 |
Baidu | 未发现病毒 | 20190318 |
F-Prot | W32/RLPacked.B.gen!Eldorado | 20190816 |
Symantec | Trojan.Gen.6 | 20190816 |
ESET-NOD32 | a variant of Win32/Packed.FlyStudio potentially unwanted | 20190816 |
APEX | Malicious | 20190813 |
Paloalto | generic.ml | 20190816 |
ClamAV | 未发现病毒 | 20190815 |
Kaspersky | Trojan.Win32.Inject.alxmo | 20190815 |
Alibaba | Backdoor:Win32/Inject.c6900bd2 | 20190527 |
NANO-Antivirus | Trojan.Win32.Inject.fvbvcr | 20190816 |
ViRobot | 未发现病毒 | 20190813 |
Avast | Win32:Malware-gen | 20190815 |
Tencent | 未发现病毒 | 20190816 |
Endgame | malicious (high confidence) | 20190802 |
Sophos | Mal/Generic-S | 20190815 |
Comodo | 未发现病毒 | 20190815 |
F-Secure | Trojan.TR/Dropper.Gen | 20190815 |
DrWeb | Trojan.Rootkit.22030 | 20190815 |
Zillya | 未发现病毒 | 20190815 |
Invincea | heuristic | 20190717 |
McAfee-GW-Edition | BehavesLike.Win32.Backdoor.wc | 20190815 |
Trapmine | malicious.high.ml.score | 20190522 |
FireEye | Generic.mg.78cc1fbaa1a89984 | 20190816 |
Emsisoft | Trojan.GenericKD.41522303 (B) | 20190815 |
SentinelOne | DFI - Malicious PE | 20190807 |
Cyren | W32/RLPacked.B.gen!Eldorado | 20190815 |
Jiangmin | 未发现病毒 | 20190813 |
Webroot | 未发现病毒 | 20190816 |
Avira | TR/Dropper.Gen | 20190815 |
Fortinet | W32/Autorun.BX!worm | 20190816 |
Antiy-AVL | Trojan[Spy]/Win32.KeyLogger.dwl | 20190815 |
Kingsoft | 未发现病毒 | 20190816 |
Arcabit | Trojan.Generic.D279947F | 20190815 |
AegisLab | Trojan.Win32.Malicious.4!c | 20190816 |
ZoneAlarm | Trojan.Win32.Inject.alxmo | 20190815 |
Avast-Mobile | 未发现病毒 | 20190815 |
Microsoft | Backdoor:Win32/FlyAgent.F | 20190815 |
TACHYON | 未发现病毒 | 20190816 |
AhnLab-V3 | Malware/Win32.Generic.C3401931 | 20190815 |
Acronis | suspicious | 20190815 |
VBA32 | Backdoor.FlyAgent | 20190815 |
ALYac | Trojan.GenericKD.41522303 | 20190815 |
MAX | 未发现病毒 | 20190816 |
Ad-Aware | Trojan.GenericKD.41522303 | 20190815 |
Malwarebytes | 未发现病毒 | 20190815 |
Zoner | 未发现病毒 | 20190815 |
Rising | PUF.Hacktool!1.B2A6 (CLASSIC) | 20190815 |
Yandex | Packed/RLPack | 20190811 |
Ikarus | 未发现病毒 | 20190815 |
eGambit | 未发现病毒 | 20190816 |
GData | Win32.Application.PUPStudio.A | 20190816 |
MaxSecure | 未发现病毒 | 20190803 |
AVG | Win32:Malware-gen | 20190815 |
Cybereason | malicious.03ba76 | 20190616 |
Panda | 未发现病毒 | 20190815 |
Qihoo-360 | 未发现病毒 | 20190816 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 119.23.59.239 | 中国 | |
否 | 122.114.130.31 | 中国 | |
否 | 123.58.180.39 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49170 | 119.23.59.239 2018k.cn | 80 |
192.168.122.201 | 49172 | 119.23.59.239 2018k.cn | 80 |
192.168.122.201 | 49171 | 122.114.130.31 yuanlin.6600.org | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 53932 | 192.168.122.1 | 53 |
192.168.122.201 | 58181 | 192.168.122.1 | 53 |
192.168.122.201 | 61698 | 192.168.122.1 | 53 |
192.168.122.201 | 62233 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
mojunxie521.blog.163.com |
A 123.58.180.101 A 123.58.180.39 |
|
2018k.cn | A 119.23.59.239 | |
yuanlin.6600.org | A 122.114.130.31 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49170 | 119.23.59.239 2018k.cn | 80 |
192.168.122.201 | 49172 | 119.23.59.239 2018k.cn | 80 |
192.168.122.201 | 49171 | 122.114.130.31 yuanlin.6600.org | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 53932 | 192.168.122.1 | 53 |
192.168.122.201 | 58181 | 192.168.122.1 | 53 |
192.168.122.201 | 61698 | 192.168.122.1 | 53 |
192.168.122.201 | 62233 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://2018k.cn/api | GET /api HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 2018k.cn |
URL专业沙箱检测 -> http://2018k.cn/api/ | GET /api/ HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 2018k.cn |
URL专业沙箱检测 -> http://yuanlin.6600.org/cansu521.txt | GET /cansu521.txt HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: yuanlin.6600.org Connection: Keep-Alive |
URL专业沙箱检测 -> http://2018k.cn/api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&version=1.2.8.6 | GET /api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&version=1.2.8.6 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 2018k.cn |
URL专业沙箱检测 -> http://2018k.cn/api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&html=true.html | GET /api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&html=true.html HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 2018k.cn Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
No TLS
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 355134 |
---|---|
Mongo ID | 5d5616a52f8f2e29f3d82a01 |
Cuckoo release | 1.4-Maldun |