分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-4 | 2019-08-19 19:34:24 | 2019-08-19 19:43:09 | 525 秒 |
文件名 | ZSsafe.exe |
---|---|
文件大小 | 3213573 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5 | 78cc1fbaa1a89984591c90218e9d8806 |
SHA1 | 400d6f503ba76129e9d2f9fe77c65f6cceb24f47 |
SHA256 | c1f8a2be52e1739a4d8475f97f73daeae71af56bcd5bf468862b38b5f7e4a10b |
SHA512 | 6e6c223906cd59206f28dbbfc28c52c955efe606ce51e330c6c79dda233d0779f0e806a117b298271be4f43f1c4148f7094ab0a92312e20486f9b028f356feef |
CRC32 | B6815DA2 |
Ssdeep | 49152:7fkH7Ag+ZNBaX5FvI6zZDQ6Y3eqa3rpq9nBmuT+xahqg2ryR7KmBS2RBokBF45ck:Dr9aX5l83f0rcBtTUao7yq27okBa5oA |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 101.227.102.88 | 中国 | |
否 | 122.114.130.31 | 中国 | |
否 | 123.58.180.101 | 中国 | |
否 | 123.58.180.39 | 中国 | |
否 | 125.88.182.231 | 中国 | |
否 | 36.27.212.88 | 中国 | |
否 | 47.52.160.236 | 加拿大 |
域名 | 安全评级 | 响应 |
---|---|---|
mojunxie521.blog.163.com |
A 123.58.180.101 A 123.58.180.39 |
|
blog.163.com | ||
www.mojunxie.win |
CNAME cp.renzhijia.com A 47.52.160.236 CNAME s4769071.my-cp-cdn.aikeba.com |
|
error.kangleweb.net |
CNAME kangleweb.net.wddun.com A 125.88.182.231 A 183.60.107.20 |
|
2018k.cn | 未知 |
CNAME 94907bf79bf1e6e6.360wzws.com A 36.27.212.88 |
b.bst.126.net | 未知 |
A 61.164.210.206 CNAME dd.bst.126.net.lxdns.com A 101.227.102.88 |
yuanlin.6600.org | 未知 | A 122.114.130.31 |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00401000 |
声明校验值 | 0x00000000 |
实际校验值 | 0x00315d2c |
最低操作系统版本要求 | 4.0 |
编译时间 | 1972-12-25 13:33:23 |
载入哈希 | 469b1bae2575baede5bf1f06a01b4767 |
LegalCopyright | |
---|---|
FileVersion | |
CompanyName | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.UPX1 | 0x00001000 | 0x001c6000 | 0x00000200 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 1.36 |
.UPX1 | 0x001c7000 | 0x0014ca75 | 0x001485b3 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.88 |
偏移量 | 0x0030e791 |
大小 | 0x00002174 |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | 未发现病毒 | 20190815 |
MicroWorld-eScan | Trojan.GenericKD.41522303 | 20190816 |
CMC | 未发现病毒 | 20190321 |
CAT-QuickHeal | Backdoor.FlyAgent | 20190814 |
Qihoo-360 | 未发现病毒 | 20190816 |
McAfee | Artemis!78CC1FBAA1A8 | 20190815 |
Cylance | Unsafe | 20190816 |
AegisLab | Trojan.Win32.Malicious.4!c | 20190816 |
K7AntiVirus | Adware ( 004b8bcf1 ) | 20190814 |
Alibaba | Backdoor:Win32/Inject.c6900bd2 | 20190527 |
K7GW | Adware ( 004b8bcf1 ) | 20190814 |
CrowdStrike | win/malicious_confidence_90% (W) | 20190212 |
Baidu | 未发现病毒 | 20190318 |
F-Prot | W32/RLPacked.B.gen!Eldorado | 20190816 |
Symantec | Trojan.Gen.6 | 20190816 |
ESET-NOD32 | a variant of Win32/Packed.FlyStudio potentially unwanted | 20190816 |
APEX | Malicious | 20190813 |
Paloalto | generic.ml | 20190816 |
ClamAV | 未发现病毒 | 20190815 |
GData | Win32.Application.PUPStudio.A | 20190816 |
Kaspersky | Trojan.Win32.Inject.alxmo | 20190815 |
BitDefender | Trojan.GenericKD.41522303 | 20190816 |
NANO-Antivirus | Trojan.Win32.Inject.fvbvcr | 20190816 |
SUPERAntiSpyware | 未发现病毒 | 20190809 |
Rising | PUF.Hacktool!1.B2A6 (CLASSIC) | 20190815 |
Endgame | malicious (high confidence) | 20190802 |
Emsisoft | Trojan.GenericKD.41522303 (B) | 20190815 |
Comodo | 未发现病毒 | 20190815 |
F-Secure | Trojan.TR/Dropper.Gen | 20190815 |
DrWeb | Trojan.Rootkit.22030 | 20190815 |
Zillya | 未发现病毒 | 20190815 |
Invincea | heuristic | 20190717 |
McAfee-GW-Edition | BehavesLike.Win32.Backdoor.wc | 20190815 |
Trapmine | malicious.high.ml.score | 20190522 |
FireEye | Generic.mg.78cc1fbaa1a89984 | 20190816 |
Sophos | Mal/Generic-S | 20190815 |
Ikarus | 未发现病毒 | 20190815 |
Cyren | W32/RLPacked.B.gen!Eldorado | 20190815 |
Jiangmin | 未发现病毒 | 20190813 |
Webroot | 未发现病毒 | 20190816 |
Avira | TR/Dropper.Gen | 20190815 |
MAX | 未发现病毒 | 20190816 |
Antiy-AVL | Trojan[Spy]/Win32.KeyLogger.dwl | 20190815 |
Kingsoft | 未发现病毒 | 20190816 |
Microsoft | Backdoor:Win32/FlyAgent.F | 20190815 |
Arcabit | Trojan.Generic.D279947F | 20190815 |
ViRobot | 未发现病毒 | 20190813 |
ZoneAlarm | Trojan.Win32.Inject.alxmo | 20190815 |
Avast-Mobile | 未发现病毒 | 20190815 |
AhnLab-V3 | Malware/Win32.Generic.C3401931 | 20190815 |
Acronis | suspicious | 20190815 |
VBA32 | Backdoor.FlyAgent | 20190815 |
ALYac | Trojan.GenericKD.41522303 | 20190815 |
TACHYON | 未发现病毒 | 20190816 |
Ad-Aware | Trojan.GenericKD.41522303 | 20190815 |
Malwarebytes | 未发现病毒 | 20190815 |
Panda | 未发现病毒 | 20190815 |
Zoner | 未发现病毒 | 20190815 |
Tencent | 未发现病毒 | 20190816 |
Yandex | Packed/RLPack | 20190811 |
SentinelOne | DFI - Malicious PE | 20190807 |
eGambit | 未发现病毒 | 20190816 |
Fortinet | W32/Autorun.BX!worm | 20190816 |
AVG | Win32:Malware-gen | 20190815 |
Cybereason | malicious.03ba76 | 20190616 |
Avast | Win32:Malware-gen | 20190815 |
MaxSecure | 未发现病毒 | 20190803 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 101.227.102.88 | 中国 | |
否 | 122.114.130.31 | 中国 | |
否 | 123.58.180.101 | 中国 | |
否 | 123.58.180.39 | 中国 | |
否 | 125.88.182.231 | 中国 | |
否 | 36.27.212.88 | 中国 | |
否 | 47.52.160.236 | 加拿大 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.204 | 49174 | 101.227.102.88 b.bst.126.net | 80 |
192.168.122.204 | 49175 | 122.114.130.31 yuanlin.6600.org | 80 |
192.168.122.204 | 49170 | 123.58.180.101 mojunxie521.blog.163.com | 80 |
192.168.122.204 | 49169 | 123.58.180.39 mojunxie521.blog.163.com | 80 |
192.168.122.204 | 49172 | 125.88.182.231 error.kangleweb.net | 443 |
192.168.122.204 | 49173 | 36.27.212.88 2018k.cn | 80 |
192.168.122.204 | 49176 | 36.27.212.88 2018k.cn | 80 |
192.168.122.204 | 49171 | 47.52.160.236 www.mojunxie.win | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.204 | 50629 | 192.168.122.1 | 53 |
192.168.122.204 | 54704 | 192.168.122.1 | 53 |
192.168.122.204 | 54838 | 192.168.122.1 | 53 |
192.168.122.204 | 55337 | 192.168.122.1 | 53 |
192.168.122.204 | 56990 | 192.168.122.1 | 53 |
192.168.122.204 | 58731 | 192.168.122.1 | 53 |
192.168.122.204 | 61462 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
mojunxie521.blog.163.com |
A 123.58.180.101 A 123.58.180.39 |
|
blog.163.com | ||
www.mojunxie.win |
CNAME cp.renzhijia.com A 47.52.160.236 CNAME s4769071.my-cp-cdn.aikeba.com |
|
error.kangleweb.net |
CNAME kangleweb.net.wddun.com A 125.88.182.231 A 183.60.107.20 |
|
2018k.cn | 未知 |
CNAME 94907bf79bf1e6e6.360wzws.com A 36.27.212.88 |
b.bst.126.net | 未知 |
A 61.164.210.206 CNAME dd.bst.126.net.lxdns.com A 101.227.102.88 |
yuanlin.6600.org | 未知 | A 122.114.130.31 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.204 | 49174 | 101.227.102.88 b.bst.126.net | 80 |
192.168.122.204 | 49175 | 122.114.130.31 yuanlin.6600.org | 80 |
192.168.122.204 | 49170 | 123.58.180.101 mojunxie521.blog.163.com | 80 |
192.168.122.204 | 49169 | 123.58.180.39 mojunxie521.blog.163.com | 80 |
192.168.122.204 | 49172 | 125.88.182.231 error.kangleweb.net | 443 |
192.168.122.204 | 49173 | 36.27.212.88 2018k.cn | 80 |
192.168.122.204 | 49176 | 36.27.212.88 2018k.cn | 80 |
192.168.122.204 | 49171 | 47.52.160.236 www.mojunxie.win | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.204 | 50629 | 192.168.122.1 | 53 |
192.168.122.204 | 54704 | 192.168.122.1 | 53 |
192.168.122.204 | 54838 | 192.168.122.1 | 53 |
192.168.122.204 | 55337 | 192.168.122.1 | 53 |
192.168.122.204 | 56990 | 192.168.122.1 | 53 |
192.168.122.204 | 58731 | 192.168.122.1 | 53 |
192.168.122.204 | 61462 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://mojunxie521.blog.163.com/blog/static/27250327320174622243849/ | GET /blog/static/27250327320174622243849/ HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: mojunxie521.blog.163.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://blog.163.com/login.do?err=403 | GET /login.do?err=403 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: blog.163.com Connection: Keep-Alive Cookie: NTESBLOGSI=EAD4F452D6AE695CA889DDA9D308706A.yqblog13-8010; usertrack=ezq0J11aizRymgU8A74eAg== |
URL专业沙箱检测 -> http://www.mojunxie.win/cansu521.txt | GET /cansu521.txt HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.mojunxie.win Connection: Keep-Alive |
URL专业沙箱检测 -> http://2018k.cn/api | GET /api HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 2018k.cn |
URL专业沙箱检测 -> http://2018k.cn/api/ | GET /api/ HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 2018k.cn |
URL专业沙箱检测 -> http://2018k.cn/api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&version=1.2.8.6 | GET /api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&version=1.2.8.6 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Accept: text/html, application/xhtml+xml, */* Accept-Encoding: gbk, GB2312 Accept-Language: zh-cn User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Host: 2018k.cn |
URL专业沙箱检测 -> http://b.bst.126.net/style/common/error/404.css | GET /style/common/error/404.css HTTP/1.1 Accept: */* Referer: http://blog.163.com/login.do?err=403 Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: b.bst.126.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://yuanlin.6600.org/cansu521.txt | GET /cansu521.txt HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: yuanlin.6600.org Connection: Keep-Alive |
URL专业沙箱检测 -> http://2018k.cn/api/checkVersion?id=2a14893fbe9c47eeb8468100fa248d1c&html=true.html | GET /api/checkVersion?id=2a14893fbe9c47eeb8468100fa248d1c&html=true.html HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 2018k.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://2018k.cn/api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&html=true.html | GET /api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&html=true.html HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 2018k.cn Connection: Keep-Alive |
URL专业沙箱检测 -> http://b.bst.126.net/style/common/error/images/sprite-404.png | GET /style/common/error/images/sprite-404.png HTTP/1.1 Accept: */* Referer: http://blog.163.com/login.do?err=403 Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: b.bst.126.net Connection: Keep-Alive |
URL专业沙箱检测 -> http://b.bst.126.net/style/common/error/images/newtip/nologin.png | GET /style/common/error/images/newtip/nologin.png HTTP/1.1 Accept: */* Referer: http://blog.163.com/login.do?err=403 Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: b.bst.126.net Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2019-08-19 19:42:53.002240+0800 | 192.168.122.204 | 49172 | 125.88.182.231 | 443 | TLS 1.2 | C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 | CN=error.kangleweb.net | 00:df:db:56:04:f8:1a:9f:8a:48:a1:d1:50:72:7c:6d:2b:93:b7:2a |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 356440 |
---|---|
Mongo ID | 5d5a8c4d2f8f2e56cfc9780c |
Cuckoo release | 1.4-Maldun |