比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2024-04-19 10:20:07 2024-04-19 10:22:27 140 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 SVIP极速.exe
文件大小 11720885 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 34755796f68f3a89e6ee4bdb681c7a5e
SHA1 1c55a2b9a2e428da3c9eb67c4fb8c9cede03ee80
SHA256 58ff2b269025cb6edad0f9df9814a6fd28ea9aaf32cb495292d5a54acf6551f1
SHA512 7e6c4e50a7484f2321f1a6ff9df2aa56445dddea25f13d73480e7bbac5d0db1602b2e9b2c78bbb807f12e85d64eff7f9e7a45a538bb462858af85feb4d467d1e
CRC32 000E7BDA
Ssdeep 196608:HcA49Oq5nVYAfzeuVB5jA4+p6RNAr0Tb1AcQiBI/ac8e7mObBs6pr92c5U:HY/FzeuVB5kUDOqgdu8tU
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.80.30.41 中国
172.247.44.245 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
zh-hans.ipshu.com 未知 A 114.80.30.41
CNAME zh-hans.ipshu.com.cname4450.yjs-cdn.com
CNAME zh-hans.ipshu.com.a.bdydns.com
CNAME opencdnka.jomodns.com
gf.mspoint.xyz A 172.247.44.245

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00495d56
声明校验值 0x00000000
实际校验值 0x00b2f413
最低操作系统版本要求 4.0
编译时间 2020-04-20 16:27:23
载入哈希 48865db6b12ce71fbf2f83a8a6542ad8
导出DLL库名称 \x38\x3667\x37\x36\x34\x31\x31\x31

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x000a4cab 0x000a4e00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.69
.rdata 0x000a6000 0x0001859b 0x00018600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 5.63
.data 0x000bf000 0x00004758 0x00001c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.44
flag_dat 0x000c4000 0x00000013 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.11
.rsrc 0x000c5000 0x0008aaac 0x0008ac00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7.62

覆盖

偏移量 0x0014faac
大小 0x009dde09

导入

库: SHLWAPI.dll:
0x4a6594 StrCmpNA
0x4a6598 StrPBrkW
0x4a659c StrCmpIW
0x4a65a0 wnsprintfW
0x4a65a4 StrStrA
0x4a65a8 PathMatchSpecW
0x4a65ac StrToIntExW
0x4a65b0 StrCpyNW
0x4a65b4 StrStrW
0x4a65b8 StrStrIW
0x4a65bc StrRChrW
0x4a65c0 StrChrW
0x4a65c4 StrCmpNW
0x4a65c8 StrCmpNIA
0x4a65cc StrCmpNIW
库: KERNEL32.dll:
0x4a616c GetCommandLineW
0x4a6170 TerminateJobObject
0x4a6174 GetExitCodeProcess
0x4a6178 ResumeThread
0x4a6180 CreateJobObjectW
0x4a6184 GetOverlappedResult
0x4a6188 ConnectNamedPipe
0x4a618c GetProcessId
0x4a6190 GetShortPathNameW
0x4a6194 WriteFile
0x4a6198 LoadLibraryExW
0x4a61a0 CreateNamedPipeA
0x4a61a4 SetFilePointer
0x4a61a8 DuplicateHandle
0x4a61ac CreatePipe
0x4a61b0 CreateThread
0x4a61bc lstrcmpA
0x4a61c0 LocalFree
0x4a61c4 GetVersionExW
0x4a61c8 CreateMutexA
0x4a61cc WideCharToMultiByte
0x4a61d0 CreateFileA
0x4a61d4 GetFileSizeEx
0x4a61d8 DeleteFileW
0x4a61dc VirtualFree
0x4a61e0 GetModuleHandleW
0x4a61e4 WriteConsoleW
0x4a61e8 GetDiskFreeSpaceExW
0x4a61ec GetDriveTypeW
0x4a61fc WinExec
0x4a6200 WriteProcessMemory
0x4a6204 Process32NextW
0x4a6208 Process32FirstW
0x4a6218 HeapReAlloc
0x4a6220 LockResource
0x4a6224 LoadResource
0x4a6228 SizeofResource
0x4a622c FindResourceW
0x4a6230 GetExitCodeThread
0x4a6238 GetCurrentThreadId
0x4a623c RemoveDirectoryW
0x4a6240 MoveFileW
0x4a6244 CopyFileW
0x4a6248 GetProcessTimes
0x4a624c SetSystemPowerState
0x4a6250 SetEndOfFile
0x4a6254 GetLogicalDrives
0x4a6258 FormatMessageW
0x4a6268 SetFilePointerEx
0x4a6274 DefineDosDeviceW
0x4a6278 VirtualAlloc
0x4a627c QueryDosDeviceW
0x4a6280 SleepEx
0x4a6284 OpenThread
0x4a6288 WaitNamedPipeW
0x4a628c GlobalMemoryStatus
0x4a6290 InterlockedExchange
0x4a6294 GetACP
0x4a6298 GetLocaleInfoA
0x4a629c GetVersion
0x4a62a8 ReleaseSemaphore
0x4a62ac ResetEvent
0x4a62b0 DisconnectNamedPipe
0x4a62b8 GetDiskFreeSpaceW
0x4a62bc lstrcmpiA
0x4a62c0 lstrcpyA
0x4a62c4 lstrcpynA
0x4a62cc SetLocalTime
0x4a62d4 GlobalAddAtomA
0x4a62e0 CreateHardLinkW
0x4a62e4 VirtualProtect
0x4a62e8 GetConsoleWindow
0x4a62f0 AllocConsole
0x4a62f4 GetFullPathNameW
0x4a62fc LCMapStringA
0x4a6300 GetFileSize
0x4a6304 EnumResourceNamesW
0x4a6308 GetTempPathW
0x4a630c LCMapStringW
0x4a6314 SetVolumeLabelW
0x4a6318 GetLongPathNameW
0x4a631c SetFileAttributesW
0x4a6320 SetFileTime
0x4a632c SetFileValidData
0x4a6330 TerminateThread
0x4a6334 GlobalDeleteAtom
0x4a6338 OpenEventW
0x4a633c SetThreadPriority
0x4a6340 CreateNamedPipeW
0x4a6344 CreateMailslotW
0x4a6348 OpenMutexW
0x4a634c CreateSemaphoreW
0x4a6350 OpenSemaphoreW
0x4a6354 Beep
0x4a6358 FindFirstFileW
0x4a635c VirtualQueryEx
0x4a6360 GetThreadContext
0x4a6364 SetThreadContext
0x4a6368 VirtualProtectEx
0x4a6370 GetStringTypeW
0x4a6374 GetStringTypeA
0x4a6378 GetCPInfo
0x4a637c GetOEMCP
0x4a6380 GetStartupInfoA
0x4a6384 SetHandleCount
0x4a6388 GetCommandLineA
0x4a6398 GetModuleFileNameA
0x4a639c IsBadWritePtr
0x4a63a0 HeapCreate
0x4a63a4 HeapDestroy
0x4a63a8 MultiByteToWideChar
0x4a63ac GetSystemInfo
0x4a63b0 VirtualQuery
0x4a63b4 TlsGetValue
0x4a63b8 TlsSetValue
0x4a63bc TlsFree
0x4a63c0 TlsAlloc
0x4a63c4 GetFileType
0x4a63c8 SetStdHandle
0x4a63cc HeapSize
0x4a63d0 GetVersionExA
0x4a63d4 RtlUnwind
0x4a63d8 ReadProcessMemory
0x4a63dc GlobalAlloc
0x4a63e0 GlobalLock
0x4a63e4 GlobalUnlock
0x4a63e8 GlobalFree
0x4a63ec LoadLibraryW
0x4a63f0 WaitForSingleObject
0x4a63f4 ExitProcess
0x4a63f8 lstrcatA
0x4a63fc CreateDirectoryW
0x4a6400 CreateProcessW
0x4a6404 FindNextFileW
0x4a6408 FlushFileBuffers
0x4a640c FindFirstVolumeW
0x4a6410 CreateFileW
0x4a6414 DeviceIoControl
0x4a6418 FindNextVolumeW
0x4a641c FindVolumeClose
0x4a6424 GetModuleHandleA
0x4a6428 IsBadCodePtr
0x4a642c CompareStringA
0x4a6430 CompareStringW
0x4a6434 GetProcessHeap
0x4a6438 HeapFree
0x4a643c GetModuleFileNameW
0x4a6440 SearchPathW
0x4a6444 CreateFileMappingA
0x4a6448 OpenFileMappingA
0x4a644c TerminateProcess
0x4a6450 UnmapViewOfFile
0x4a6458 SetErrorMode
0x4a645c GetStdHandle
0x4a6460 LoadLibraryA
0x4a6464 GetProcAddress
0x4a6468 CreateFiber
0x4a6470 DeleteFiber
0x4a6474 SwitchToFiber
0x4a6478 GetLocaleInfoW
0x4a647c GetCurrentProcess
0x4a6484 Sleep
0x4a6490 GetCurrentProcessId
0x4a6494 OpenFileMappingW
0x4a6498 GetLastError
0x4a649c SetLastError
0x4a64a0 CreateMutexW
0x4a64a4 CreateEventW
0x4a64a8 CreateFileMappingW
0x4a64ac MapViewOfFile
0x4a64b4 SetEvent
0x4a64bc OpenProcess
0x4a64c0 ReleaseMutex
0x4a64c8 HeapAlloc
0x4a64cc lstrlenA
0x4a64d0 lstrcpynW
0x4a64d4 lstrcatW
0x4a64d8 lstrcpyW
0x4a64dc lstrcmpW
0x4a64e0 lstrcmpiW
0x4a64e4 FindClose
0x4a64e8 ReadFile
0x4a64ec CloseHandle
0x4a64f8 MulDiv
0x4a64fc GetTickCount
0x4a6500 GetStartupInfoW
0x4a6504 FreeLibrary
0x4a6508 lstrlenW
0x4a650c RaiseException
0x4a6510 IsBadReadPtr
库: USER32.dll:
0x4a65d4 DrawEdge
0x4a65d8 DrawIconEx
0x4a65dc GetFocus
0x4a65e0 GetActiveWindow
0x4a65e4 CreateDialogParamW
0x4a65e8 FindWindowExW
0x4a65ec EnumWindows
0x4a65f0 UpdateWindow
0x4a65f4 IsChild
0x4a65f8 SetScrollInfo
0x4a65fc ScrollWindow
0x4a6600 MessageBoxTimeoutW
0x4a6604 SetCapture
0x4a6608 ReleaseCapture
0x4a660c ShowCursor
0x4a6610 DrawIcon
0x4a6614 SetMenu
0x4a6618 CreateMenu
0x4a661c LoadBitmapW
0x4a6620 SetWindowRgn
0x4a6628 FindWindowW
0x4a662c LoadStringA
0x4a6630 WindowFromPoint
0x4a6638 CharUpperA
0x4a663c IsWindowVisible
0x4a6640 GetWindowInfo
0x4a6644 CopyImage
0x4a6648 DestroyCursor
0x4a664c GetClipboardData
0x4a6650 IsWindowEnabled
0x4a6658 PtInRect
0x4a665c LoadImageW
0x4a6660 SwitchToThisWindow
0x4a6664 GetClassNameW
0x4a6668 MessageBoxW
0x4a666c IsRectEmpty
0x4a6670 EnumChildWindows
0x4a6674 OpenClipboard
0x4a6678 EmptyClipboard
0x4a667c SetClipboardData
0x4a6680 CloseClipboard
0x4a6684 SetCursorPos
0x4a6688 FindWindowExA
0x4a668c GetForegroundWindow
0x4a6690 AttachThreadInput
0x4a6694 IsDialogMessageW
0x4a6698 GetSysColor
0x4a669c DestroyIcon
0x4a66a0 LoadCursorW
0x4a66a4 SetCursor
0x4a66b0 SetFocus
0x4a66b4 SetScrollPos
0x4a66b8 GetScrollInfo
0x4a66bc GetWindowDC
0x4a66c0 IsIconic
0x4a66c4 GetMessageW
0x4a66c8 RegisterClassExW
0x4a66d0 SetParent
0x4a66d4 BeginPaint
0x4a66d8 EndPaint
0x4a66e0 GetMenu
0x4a66e4 GetMenuItemCount
0x4a66e8 DialogBoxParamW
0x4a66ec DefWindowProcW
0x4a66f0 LoadMenuW
0x4a66f4 RemoveMenu
0x4a66f8 InsertMenuW
0x4a66fc EnumDisplayDevicesW
0x4a6704 InvalidateRect
0x4a6708 GetDlgItemTextW
0x4a670c FillRect
0x4a6710 RedrawWindow
0x4a6714 CallWindowProcW
0x4a6718 GetKeyState
0x4a671c EndDialog
0x4a6724 GetSubMenu
0x4a6728 GetMenuItemID
0x4a672c GetMenuStringW
0x4a6730 ModifyMenuW
0x4a6734 UnregisterHotKey
0x4a6738 RegisterHotKey
0x4a673c LockWorkStation
0x4a6740 mouse_event
0x4a6748 UnhookWindowsHookEx
0x4a674c SetWindowsHookExW
0x4a6750 GetAsyncKeyState
0x4a6754 PostQuitMessage
0x4a6758 CallNextHookEx
0x4a675c GetKeyboardState
0x4a6760 keybd_event
0x4a6768 ExitWindowsEx
0x4a676c SendMessageTimeoutW
0x4a6770 IsWindow
0x4a6774 ScreenToClient
0x4a677c OffsetRect
0x4a6780 CharUpperW
0x4a6784 SetThreadDesktop
0x4a6788 SwitchDesktop
0x4a678c CloseDesktop
0x4a6790 GetCursorPos
0x4a6794 CreatePopupMenu
0x4a6798 TrackPopupMenu
0x4a679c DestroyMenu
0x4a67a0 wsprintfA
0x4a67a4 LoadStringW
0x4a67a8 AppendMenuW
0x4a67ac FindWindowA
0x4a67b0 GetLastInputInfo
0x4a67b4 PeekMessageW
0x4a67b8 TranslateMessage
0x4a67bc DispatchMessageW
0x4a67c4 WaitForInputIdle
0x4a67c8 GetSystemMenu
0x4a67cc EnableMenuItem
0x4a67d0 GetWindowLongW
0x4a67d4 GetClientRect
0x4a67d8 wsprintfW
0x4a67dc DrawTextW
0x4a67e0 GetSystemMetrics
0x4a67e4 ShowScrollBar
0x4a67e8 EnableWindow
0x4a67ec GetDesktopWindow
0x4a67f0 SetActiveWindow
0x4a67f4 SetForegroundWindow
0x4a67f8 BringWindowToTop
0x4a67fc GetWindowTextW
0x4a6800 SetWindowTextW
0x4a6804 ClientToScreen
0x4a6808 MoveWindow
0x4a680c CreateWindowExW
0x4a6810 SetWindowLongW
0x4a6814 GetDlgCtrlID
0x4a6818 GetParent
0x4a681c LoadIconW
0x4a6820 ReleaseDC
0x4a6824 GetDC
0x4a6828 SetDlgItemTextW
0x4a682c DestroyWindow
0x4a6830 GetDlgItem
0x4a6834 SetWindowPos
0x4a6838 ShowWindow
0x4a683c GetWindowRect
0x4a6840 KillTimer
0x4a6844 SetTimer
0x4a6848 SendMessageW
0x4a684c PostMessageW
0x4a6850 OpenDesktopW
库: GDI32.dll:
0x4a60e8 RealizePalette
0x4a60ec GetDIBits
0x4a60f0 CreateDCA
0x4a60f8 GetDeviceCaps
0x4a60fc CreateCompatibleDC
0x4a6100 BitBlt
0x4a6104 DeleteDC
0x4a6108 CreateSolidBrush
0x4a610c AddFontResourceW
0x4a6110 GetStockObject
0x4a6114 SelectObject
0x4a6118 SetBkMode
0x4a611c SetTextColor
0x4a6120 SelectPalette
0x4a6124 Polyline
0x4a6128 GetTextMetricsW
0x4a612c Rectangle
0x4a6130 CreateBitmap
0x4a6134 CreatePen
0x4a6138 Ellipse
0x4a613c CreateEllipticRgn
0x4a6140 SetBkColor
0x4a6144 ExtTextOutW
0x4a6148 GetBkColor
0x4a614c CreateFontW
0x4a6150 CreateRectRgn
0x4a6154 GetPixel
0x4a6158 CombineRgn
0x4a615c StretchBlt
0x4a6160 GetObjectW
0x4a6164 DeleteObject
库: ADVAPI32.dll:
0x4a6000 OpenSCManagerW
0x4a600c OpenProcessToken
0x4a601c SetTokenInformation
0x4a6024 DuplicateTokenEx
0x4a6028 GetTokenInformation
0x4a602c StartServiceW
0x4a6030 OpenServiceW
0x4a6034 CreateServiceW
0x4a6038 CloseServiceHandle
0x4a603c DeleteService
0x4a6040 ControlService
0x4a6044 SetServiceStatus
0x4a6054 SetSecurityInfo
0x4a6058 SetEntriesInAclW
0x4a605c GetSecurityInfo
0x4a6060 RegCloseKey
0x4a6064 RegCreateKeyExW
0x4a6074 RegQueryValueExW
0x4a6078 RegSetValueExW
0x4a607c RegDeleteValueW
0x4a6088 RegDeleteKeyW
0x4a608c RegQueryValueExA
0x4a6090 RegOpenKeyExW
0x4a6094 RegEnumKeyExW
0x4a6098 RegEnumValueW
0x4a609c RegQueryInfoKeyW
0x4a60a0 RegSetValueExA
0x4a60a4 RegOpenKeyExA
0x4a60ac SetEntriesInAclA
0x4a60b8 RegUnLoadKeyW
0x4a60bc RegLoadKeyW
0x4a60c0 RegSaveKeyExW
0x4a60c4 CryptDestroyHash
0x4a60c8 CryptReleaseContext
0x4a60cc CryptGetHashParam
0x4a60d0 CryptHashData
0x4a60d4 CryptCreateHash
0x4a60e0 FreeSid
库: SHELL32.dll:
0x4a6568 SHChangeNotify
0x4a656c SHAppBarMessage
0x4a6574 SHBrowseForFolderW
0x4a6578 Shell_NotifyIconW
0x4a657c DragAcceptFiles
0x4a6580 SHFileOperationW
0x4a6584 ShellExecuteExW
0x4a658c DragQueryFileW
库: VERSION.dll:
0x4a6858 GetFileVersionInfoW
0x4a685c VerQueryValueW
库: SETUPAPI.dll:
0x4a6528 CM_Get_Parent
0x4a6544 CM_Locate_DevNodeW
0x4a6558 SetupDiChangeState

导出

序列 地址 名称
1 0x485ae9 LoadEnvi
2 0x4049bd MemoryCompare
3 0x40499e MemoryCopy
4 0x4049e4 MemorySet
5 0x404aeb WndProc1
6 0x4027a6 WndProc1_
7 0x404af0 WndProc2
8 0x4027c1 WndProc2_
9 0x404af5 WndProc3
10 0x4027dc WndProc3_
.text
`.rdata
@.data
.rsrc
M0+E(hru
@h|iJ
@htiJ
PShhiJ
Ethuu
PShXiJ
VhxjJ
VhTjJ
Vh<jJ
t%h(lJ
WVhPlJ
SSPhPmJ
VhlnJ
VhXnJ
1AAf=Z
VhdoJ
VhHoJ
Vh$oJ
PSShH
PhdqJ
uHVh4qJ
PSShH
EPPSSSSh
QPPSh
SVWh\rJ
PhprJ
PhpsJ
Ph0tJ
Ph(tJ
uhh(uJ
uhh|tJ
uhhttJ
E`hhtJ
EhPh\tJ
uhhTtJ
uhhLtJ
PhLuJ
t#hPuJ
EpPhxvJ
PhlvJ
EpPh`vJ
PhPvJ
PhDvJ
uph<vJ
PhtwJ
r<f=9
u@hx|J
u@f="
udhp|J
Phh|J
udh`|J
udhT|J
udhH|J
udh@|J
udh8|J
udh0|J
EX,|J
udhx|J
EdPh$|J
EdPh|{J
EdPhx{J
udht{J
udhp{J
udhl{J
udhd{J
Ph\{J
PhT{J
PhP{J
EdPhD{J
udh<{J
udh4{J
udh,{J
EdPh {J
FFf=:
t.f=*
t(f=@
Wh0zJ
uHhpyJ
SSSh`yJ
VhTyJ
VhLyJ
t*f=&
PhdxJ
EpPhtwJ
PhPxJ
uth@xJ
WhhiJ
PECMD.EXE DOWN
VVVPVPh
Vh0zJ
t*f=~
t$f=;
PWWWWh
PhtwJ
:u1f=@
tRf=;
YYj\j
F,f5
YuRVWh
t3f='
t7f='
t"f='
u"f=A
t<f=U
r&f=9
~:PQh
PSSSSh
PSSSSh
t+f=*
没有防病毒引擎扫描信息!

进程树

SVIP______.exe, PID: 2608, 上一级进程 PID: 2260
cmd.exe, PID: 2744, 上一级进程 PID: 2608
sg.tmp, PID: 2828, 上一级进程 PID: 2608
下载器_1.0.0_兼容模式-多文件.exe, PID: 3040, 上一级进程 PID: 2608
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.80.30.41 中国
172.247.44.245 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 104.124.1.137 80
192.168.122.201 49165 114.80.30.41 zh-hans.ipshu.com 443
192.168.122.201 49168 172.247.44.245 gf.mspoint.xyz 8810
192.168.122.201 49169 172.247.44.245 gf.mspoint.xyz 8810

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53118 192.168.122.1 53
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
zh-hans.ipshu.com 未知 A 114.80.30.41
CNAME zh-hans.ipshu.com.cname4450.yjs-cdn.com
CNAME zh-hans.ipshu.com.a.bdydns.com
CNAME opencdnka.jomodns.com
gf.mspoint.xyz A 172.247.44.245

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 104.124.1.137 80
192.168.122.201 49165 114.80.30.41 zh-hans.ipshu.com 443
192.168.122.201 49168 172.247.44.245 gf.mspoint.xyz 8810
192.168.122.201 49169 172.247.44.245 gf.mspoint.xyz 8810

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 53118 192.168.122.1 53
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://gf.mspoint.xyz:8810/ping 
GET /ping HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Language: zh-cn
Referer: http://gf.mspoint.xyz:8810/ping
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Host: gf.mspoint.xyz:8810
URL专业沙箱检测 -> http://gf.mspoint.xyz:8810/api/user/ws?ExeID=65f2b02642698bcbe5b89e9d&DevID=847be10a6cd4095c01b741d62c23f1b8&IP=114.80.207.43 
GET /api/user/ws?ExeID=65f2b02642698bcbe5b89e9d&DevID=847be10a6cd4095c01b741d62c23f1b8&IP=114.80.207.43 HTTP/1.1
Host: gf.mspoint.xyz:8810
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Version: 13
Sec-WebSocket-Key: P4WeKuLT9z6xKVaeQqXksg==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Edg/100.0.1185.36

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2024-04-19 10:20:55.068254+0800 192.168.122.201 49165 114.80.30.41 443 TLSv1 C=CN, O=TrustAsia Technologies, Inc., CN=TrustAsia RSA DV TLS CA G2 CN=zh-hans.ipshu.com 31:e3:be:86:80:47:ae:10:46:e9:f3:46:d3:92:cf:7d:5a:6c:2b:52

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 48.248 seconds )

  • 20.171 Static
  • 12.888 NetworkAnalysis
  • 10.945 Suricata
  • 2.584 TargetInfo
  • 1.281 BehaviorAnalysis
  • 0.328 peid
  • 0.024 config_decoder
  • 0.012 Strings
  • 0.011 AnalysisInfo
  • 0.004 Memory

Signatures ( 39.849 seconds )

  • 37.702 network_http
  • 1.38 proprietary_url_bl
  • 0.078 api_spamming
  • 0.074 antiav_detectreg
  • 0.068 stealth_timeout
  • 0.064 stealth_decoy_document
  • 0.031 mimics_filetime
  • 0.031 stealth_file
  • 0.028 infostealer_ftp
  • 0.024 ransomware_extensions
  • 0.02 reads_self
  • 0.017 bootkit
  • 0.017 antiav_detectfile
  • 0.017 infostealer_im
  • 0.015 virus
  • 0.014 antivm_generic_scsi
  • 0.014 antianalysis_detectreg
  • 0.013 antivm_generic_disk
  • 0.012 proprietary_domain_bl
  • 0.011 antivm_generic_services
  • 0.01 infostealer_bitcoin
  • 0.009 antivm_vbox_libs
  • 0.009 anormaly_invoke_kills
  • 0.009 kovter_behavior
  • 0.009 infostealer_mail
  • 0.008 infostealer_browser_password
  • 0.008 ransomware_files
  • 0.007 antiemu_wine_func
  • 0.007 antidbg_windows
  • 0.007 hancitor_behavior
  • 0.006 anomaly_persistence_autorun
  • 0.006 antivm_vbox_files
  • 0.006 geodo_banking_trojan
  • 0.005 exec_crash
  • 0.004 proprietary_malicious_write_executeable_under_temp_to_regrun
  • 0.004 proprietary_anomaly_massive_file_ops
  • 0.004 betabot_behavior
  • 0.004 kibex_behavior
  • 0.003 proprietary_anomaly_write_exe_and_obsfucate_extension
  • 0.003 antiav_avast_libs
  • 0.003 injection_createremotethread
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 antisandbox_sboxie_libs
  • 0.003 antiav_bitdefender_libs
  • 0.003 antivm_generic_diskreg
  • 0.003 antivm_parallels_keys
  • 0.003 antivm_xen_keys
  • 0.003 darkcomet_regkeys
  • 0.003 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.002 tinba_behavior
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 proprietary_anomaly_write_exe_and_dll_under_winroot_run
  • 0.002 infostealer_browser
  • 0.002 antivm_vmware_libs
  • 0.002 ransomware_message
  • 0.002 sets_autoconfig_url
  • 0.002 ipc_namedpipe
  • 0.002 shifu_behavior
  • 0.002 securityxploded_modules
  • 0.002 antidbg_devices
  • 0.002 disables_browser_warn
  • 0.002 network_cnc_http
  • 0.002 network_torgateway
  • 0.002 rat_pcclient
  • 0.002 recon_fingerprint
  • 0.001 proprietary_anomaly_terminated_process
  • 0.001 hawkeye_behavior
  • 0.001 disables_spdy
  • 0.001 rat_luminosity
  • 0.001 antivm_vbox_window
  • 0.001 stealth_network
  • 0.001 kazybot_behavior
  • 0.001 heapspray_js
  • 0.001 disables_wfp
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 antisandbox_script_timer
  • 0.001 bypass_firewall
  • 0.001 antianalysis_detectfile
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_files
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 proprietary_anomaly_invoke_vb_vba
  • 0.001 proprietary_bad_drop
  • 0.001 packer_armadillo_regkey

Reporting ( 0.654 seconds )

  • 0.581 ReportHTMLSummary
  • 0.073 Malheur
Task ID 744111
Mongo ID 6621d5eedc327b65446233c5
Cuckoo release 1.4-Maldun