分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-shaapp03-1 | 2024-04-19 12:27:18 | 2024-04-19 12:29:31 | 133 秒 |
文件名 | 命运2pVE.exe |
---|---|
文件大小 | 946688 字节 |
文件类型 | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
MD5 | b0f1c52755094166cf8c389073fe3924 |
SHA1 | b815b504f8cb31289ddec0a19c07b9b077b617a6 |
SHA256 | 64376b9d8c50c204e1c7d300543c23de6bb788116a05e503959868e40087db68 |
SHA512 | 4d4275ceafd5c2f4c30eefd18811d6df32fe025290f2a2bb829d25199f8c7c552d0b7f85d738cb3b231d25d253753b6f31c60f890b84e1d9842d44bd4d74ab5f |
CRC32 | 3710AB80 |
Ssdeep | 24576:/vywqk2OB9HWjrd6mecsdDFAIPn+FFWGeYJXKE6ERxGQII:nywqAtWZ6dD6ImFw4NAyxl |
Yara | 登录查看Yara规则 |
找不到该样本 提交漏报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 124.222.107.56 | 中国 | |
否 | 49.71.75.195 | 中国 |
域名 | 安全评级 | 响应 |
---|---|---|
www.ip138.com | 未知 |
CNAME www.ip138.com.lxdns.com A 49.71.75.195 A 114.230.204.92 |
2024.ip138.com | 未知 | CNAME 2024.ip138.com.wswebpic.com |
初始地址 | 0x00400000 |
---|---|
入口地址 | 0x00686290 |
声明校验值 | 0x000f3861 |
实际校验值 | 0x000f3861 |
最低操作系统版本要求 | 4.0 |
编译时间 | 2024-04-13 11:34:53 |
载入哈希 | a3c7d185f42d83ec68a8615dc81190e1 |
图标 | |
图标精确哈希值 | 06f97597538e2cedb47ea17f8839f07f |
图标相似性哈希值 | 39647e4d26f73c7c7843071b76111468 |
LegalCopyright | |
---|---|
FileVersion | |
Comments | |
ProductName | |
ProductVersion | |
FileDescription | |
Translation |
[u'UPX 2.93 - 3.00 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser'] |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
UPX0 | 0x00001000 | 0x001a1000 | 0x00000000 | IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.00 |
UPX1 | 0x001a2000 | 0x000e5000 | 0x000e5000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 8.00 |
.rsrc | 0x00287000 | 0x00002000 | 0x00001e00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 5.22 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
TEXTINCLUDE | 0x00281548 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.41 | data |
TEXTINCLUDE | 0x00281548 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.41 | data |
TEXTINCLUDE | 0x00281548 | 0x00000151 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.41 | data |
RT_CURSOR | 0x00281a38 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.91 | data |
RT_CURSOR | 0x00281a38 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.91 | data |
RT_CURSOR | 0x00281a38 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.91 | data |
RT_CURSOR | 0x00281a38 | 0x000000b4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 6.91 | data |
RT_BITMAP | 0x00281aec | 0x00000144 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.34 | Sendmail frozen configuration - version \013\207\213co\372\234\\363\244Jt\035\025\236\254\024\201\332\2657\002\215o>\205|\331\244\244\231\223\254\007w\262z\216,\357\034\312&>S\023\247\217\372\310?\003\343 |
RT_ICON | 0x00287528 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.78 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4291019716, next used block 4291019716 |
RT_ICON | 0x00287528 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.78 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4291019716, next used block 4291019716 |
RT_ICON | 0x00287528 | 0x000010a8 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 4.78 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4291019716, next used block 4291019716 |
RT_DIALOG | 0x00283288 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.11 | data |
RT_DIALOG | 0x00283288 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.11 | data |
RT_DIALOG | 0x00283288 | 0x000000e2 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.11 | data |
RT_STRING | 0x0028336c | 0x000001c4 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 7.45 | data |
RT_GROUP_CURSOR | 0x00283558 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.03 | data |
RT_GROUP_CURSOR | 0x00283558 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.03 | data |
RT_GROUP_CURSOR | 0x00283558 | 0x00000022 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 5.03 | data |
RT_GROUP_ICON | 0x002885d4 | 0x00000014 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 1.94 | MS Windows icon resource - 1 icon, 32x32 |
RT_VERSION | 0x002885ec | 0x00000240 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 3.83 | data |
RT_MANIFEST | 0x00288830 | 0x00000298 | LANG_NEUTRAL | SUBLANG_NEUTRAL | 5.09 | XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 124.222.107.56 | 中国 | |
否 | 49.71.75.195 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49166 | 124.222.107.56 | 6886 |
192.168.122.201 | 49160 | 23.48.32.11 | 80 |
192.168.122.201 | 49162 | 49.71.75.195 www.ip138.com | 80 |
192.168.122.201 | 49163 | 49.71.75.195 www.ip138.com | 443 |
192.168.122.201 | 49165 | 49.71.75.195 www.ip138.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
www.ip138.com | 未知 |
CNAME www.ip138.com.lxdns.com A 49.71.75.195 A 114.230.204.92 |
2024.ip138.com | 未知 | CNAME 2024.ip138.com.wswebpic.com |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49166 | 124.222.107.56 | 6886 |
192.168.122.201 | 49160 | 23.48.32.11 | 80 |
192.168.122.201 | 49162 | 49.71.75.195 www.ip138.com | 80 |
192.168.122.201 | 49163 | 49.71.75.195 www.ip138.com | 443 |
192.168.122.201 | 49165 | 49.71.75.195 www.ip138.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 56270 | 192.168.122.1 | 53 |
192.168.122.201 | 59401 | 192.168.122.1 | 53 |
192.168.122.201 | 59906 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
URL专业沙箱检测 -> http://www.ip138.com/ | GET / HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://www.ip138.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36 Host: www.ip138.com |
URL专业沙箱检测 -> http://2024.ip138.com/ | GET / HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Language: zh-cn Referer: http://2024.ip138.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: 2024.ip138.com |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
无警报
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2024-04-19 12:27:55.868111+0800 | 192.168.122.201 | 49163 | 49.71.75.195 | 443 | TLSv1 | C=US, O=DigiCert Inc, CN=DigiCert Basic RSA CN CA G2 | C=CN, ST=福建省, L=厦门市, O=网宿科技股份有限公司厦门分公司, CN=default.chinanetcenter.com | 80:bb:c2:18:e3:78:a9:76:40:45:87:2d:2d:95:8b:0b:76:0b:d0:43 |
No Suricata HTTP
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 744115 |
---|---|
Mongo ID | 6621f3ae7e769a7c1b16ec43 |
Cuckoo release | 1.4-Maldun |