比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2024-04-19 23:33:17 2024-04-19 23:35:28 131 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 小苹果活动助手V1.64电脑版.exe
文件大小 1072424 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 50d761df8c4644c2b1b1babc343d8c45
SHA1 8085ba7e48150ce6a321eccbb0bb34c087f0fbe2
SHA256 b65786e4fa89673efb544a69fc1effa516fa19d8acb6658d63cba0de79ab8b45
SHA512 501ac1aa8042a1d4e0562f3ebec490a365c2bdce4e819011d95f06a01423555e20e89b2c141a5de0190d6204dcd69dabda4d87bdaeb0d2033b3c5b4a8cd11b45
CRC32 C0ABB90E
Ssdeep 24576:PMzNh6I63h1rl2OHmJYzp5zkDGNAf6a3X698VIn0sqbo+oX:QNhwhtl7O+zcyAfdVaqi
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.35.47.207 未知 中国
150.138.153.98 未知 中国
222.73.33.241 中国
23.221.77.93 美国
27.25.129.201 未知 中国
61.170.100.75 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.123xpg.com 未知 A 150.138.153.98
CNAME 123xpg.com.lk-b3abf5.cloud-scdn.com
note.youdao.com 未知 CNAME note.ntes53.netease.com
A 222.73.33.241
A 222.73.33.238
CNAME note.youdao.com.163jiasu.com
CNAME note.youdao.com.w.kunluncan.com
A 222.73.33.236
p1.meituan.net 未知 A 61.170.100.75
CNAME p1.meituan.net.a33471a8.cdnhwcxcy07.com
CNAME hcdnw3.meituan.global.v6.cdnhwctnm107.com
A 218.78.211.69
A 218.78.211.67
pic.imgdb.cn 未知 CNAME cdnslb.superbed.cc
A 101.35.47.207
A 101.43.106.216
A 129.211.5.65
x1.i.lencr.org CNAME crl.root-x1.letsencrypt.org.edgekey.net
CNAME e8652.dscx.akamaiedge.net
A 23.221.77.93
yz2.bangbanghuodong.com A 27.25.129.201
CNAME yz2.bangbanghuodong.com.cname.yunjiasu-cdn.net

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00754001
声明校验值 0x0010a59d
实际校验值 0x0010a59d
最低操作系统版本要求 4.0
编译时间 2023-10-01 21:56:43
载入哈希 8d58e6ed153dc16abaa3226fef76305b
图标
图标精确哈希值 211fa69c38071a8b172e9b4ce667dab3
图标相似性哈希值 61e8ba46097424ca37fb0efd2acb5732

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PEiD 规则

[u'ASProtect V2.X DLL -> Alexey Solodovnikov']
[u'ASPack v2.12 -> Alexey Solodovnikov']
[u'ASPack v2.12 -> Alexey Solodovnikov']

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
4a3d5c3ac28a6e229ccfa01f4cb3fb534a84e984 Sun Oct 01 22:13:32 2023
WinVerifyTrust returned error 0x800B010A
证书链 Certificate Chain 1
发行给 Sectigo Public Code Signing Root E46
发行人 AAA Certificate Services
有效期 Mon Jan 01 075959 2029
SHA1 哈希 b50cb42cacc0ebe698fe39cbd48b481a5a16851f
证书链 Certificate Chain 2
发行给 Sectigo Public Code Signing CA E36
发行人 Sectigo Public Code Signing Root E46
有效期 Sat Mar 22 075959 2036
SHA1 哈希 418293b3ee931f1452bca30e4a587e7124853e86
证书链 Certificate Chain 3
发行给
发行人 Sectigo Public Code Signing CA E36
有效期 Thu Sep 12 075959 2024
SHA1 哈希 fd3548518eb000bee93badef2cec261d48c4525f
证书链 Timestamp Chain 1
发行给 DigiCert Assured ID Root CA
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 080000 2031
SHA1 哈希 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
证书链 Timestamp Chain 2
发行给 DigiCert Trusted Root G4
发行人 DigiCert Assured ID Root CA
有效期 Mon Nov 10 075959 2031
SHA1 哈希 a99d5b79e9f1cda59cdab6373169d5353f5874c6
证书链 Timestamp Chain 3
发行给 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
发行人 DigiCert Trusted Root G4
有效期 Mon Mar 23 075959 2037
SHA1 哈希 b6c8af834d4e53b673c76872aa8c950c7c54df5f
证书链 Timestamp Chain 4
发行给 DigiCert Timestamp 2023
发行人 DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
有效期 Sat Oct 14 075959 2034
SHA1 哈希 66f02b32c2c2c90f825dceaa8ac9c64f199ccf40

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0020d000 0x00085400 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8.00
.rdata 0x0020e000 0x00084000 0x00053c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8.00
.data 0x00292000 0x000a3000 0x0000ac00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.99
.rsrc 0x00335000 0x0001f000 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.08
.aspack 0x00354000 0x0001a000 0x0001a000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 4.32
.adata 0x0036e000 0x00001000 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00

覆盖

偏移量 0x00101600
大小 0x00004728

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
TEXTINCLUDE 0x00335e38 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.19 data
TEXTINCLUDE 0x00335e38 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.19 data
TEXTINCLUDE 0x00335e38 0x00000151 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.19 data
WAVE 0x00335f8c 0x00001448 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 7.95 data
RT_CURSOR 0x00337958 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.79 data
RT_CURSOR 0x00337958 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.79 data
RT_CURSOR 0x00337958 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.79 data
RT_CURSOR 0x00337958 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.79 data
RT_CURSOR 0x00337958 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.79 data
RT_CURSOR 0x00337958 0x00000134 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 6.79 data
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_BITMAP 0x0033924c 0x00000144 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_ICON 0x00355674 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.74 GLS_BINARY_LSB_FIRST
RT_ICON 0x00355674 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.74 GLS_BINARY_LSB_FIRST
RT_ICON 0x00355674 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.74 GLS_BINARY_LSB_FIRST
RT_ICON 0x00355674 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.74 GLS_BINARY_LSB_FIRST
RT_ICON 0x00355674 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.74 GLS_BINARY_LSB_FIRST
RT_ICON 0x00355674 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.74 GLS_BINARY_LSB_FIRST
RT_ICON 0x00355674 0x00000468 LANG_NEUTRAL SUBLANG_NEUTRAL 4.74 GLS_BINARY_LSB_FIRST
RT_MENU 0x00351cb4 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_MENU 0x00351cb4 0x00000284 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_DIALOG 0x00352efc 0x0000018c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_STRING 0x00353944 0x00000024 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_GROUP_CURSOR 0x003539b8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_GROUP_CURSOR 0x003539b8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_GROUP_CURSOR 0x003539b8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_GROUP_CURSOR 0x003539b8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_GROUP_CURSOR 0x003539b8 0x00000022 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_GROUP_ICON 0x00355600 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00355600 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON 0x00355600 0x00000014 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 2.02 MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION 0x00355394 0x0000026c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.83 data

导入

库: kernel32.dll:
0x754fb8 GetProcAddress
0x754fbc GetModuleHandleA
0x754fc0 LoadLibraryA
库: rasapi32.dll:
0x75522e RasHangUpA
库: winmm.dll:
0x755236 midiStreamProperty
库: ws2_32.dll:
0x75523e gethostbyname
库: msvfw32.dll:
0x755246 DrawDibDraw
库: avifil32.dll:
0x75524e AVIStreamInfoA
库: user32.dll:
0x755256 CharNextA
库: gdi32.dll:
0x75525e CreateDCA
库: winspool.drv:
0x755266 ClosePrinter
库: comdlg32.dll:
0x75526e ChooseColorA
库: advapi32.dll:
0x755276 RegCreateKeyExA
库: shell32.dll:
0x75527e Shell_NotifyIconA
库: ole32.dll:
库: oleaut32.dll:
0x75528e VariantCopy
库: comctl32.dll:
0x755296 ImageList_Duplicate
库: oledlg.dll:
0x75529e None
库: wininet.dll:
0x7552a6 InternetCloseHandle
.text
.rdata
.data
.rsrc
.aspack
.adata
smh3GQ
{2:zw
feD2
weS2@
hGP;}
!aZ"-
uTC#0
qG0-'
pm'3E
(!CAF
gBa\,o
没有防病毒引擎扫描信息!

进程树

_____________________V1.64_________.exe, PID: 2556, 上一级进程 PID: 2200
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.35.47.207 未知 中国
150.138.153.98 未知 中国
222.73.33.241 中国
23.221.77.93 美国
27.25.129.201 未知 中国
61.170.100.75 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49166 101.35.47.207 pic.imgdb.cn 443
192.168.122.201 49167 101.35.47.207 pic.imgdb.cn 443
192.168.122.201 49170 101.35.47.207 pic.imgdb.cn 443
192.168.122.201 49171 101.35.47.207 pic.imgdb.cn 443
192.168.122.201 49161 150.138.153.98 www.123xpg.com 80
192.168.122.201 49162 150.138.153.98 www.123xpg.com 443
192.168.122.201 49163 222.73.33.241 note.youdao.com 80
192.168.122.201 49164 222.73.33.241 note.youdao.com 80
192.168.122.201 49168 23.221.77.93 x1.i.lencr.org 80
192.168.122.201 49169 23.221.77.93 x1.i.lencr.org 80
192.168.122.201 49172 27.25.129.201 yz2.bangbanghuodong.com 80
192.168.122.201 49165 61.170.100.75 p1.meituan.net 443
192.168.122.201 49160 72.246.244.137 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.123xpg.com 未知 A 150.138.153.98
CNAME 123xpg.com.lk-b3abf5.cloud-scdn.com
note.youdao.com 未知 CNAME note.ntes53.netease.com
A 222.73.33.241
A 222.73.33.238
CNAME note.youdao.com.163jiasu.com
CNAME note.youdao.com.w.kunluncan.com
A 222.73.33.236
p1.meituan.net 未知 A 61.170.100.75
CNAME p1.meituan.net.a33471a8.cdnhwcxcy07.com
CNAME hcdnw3.meituan.global.v6.cdnhwctnm107.com
A 218.78.211.69
A 218.78.211.67
pic.imgdb.cn 未知 CNAME cdnslb.superbed.cc
A 101.35.47.207
A 101.43.106.216
A 129.211.5.65
x1.i.lencr.org CNAME crl.root-x1.letsencrypt.org.edgekey.net
CNAME e8652.dscx.akamaiedge.net
A 23.221.77.93
yz2.bangbanghuodong.com A 27.25.129.201
CNAME yz2.bangbanghuodong.com.cname.yunjiasu-cdn.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49166 101.35.47.207 pic.imgdb.cn 443
192.168.122.201 49167 101.35.47.207 pic.imgdb.cn 443
192.168.122.201 49170 101.35.47.207 pic.imgdb.cn 443
192.168.122.201 49171 101.35.47.207 pic.imgdb.cn 443
192.168.122.201 49161 150.138.153.98 www.123xpg.com 80
192.168.122.201 49162 150.138.153.98 www.123xpg.com 443
192.168.122.201 49163 222.73.33.241 note.youdao.com 80
192.168.122.201 49164 222.73.33.241 note.youdao.com 80
192.168.122.201 49168 23.221.77.93 x1.i.lencr.org 80
192.168.122.201 49169 23.221.77.93 x1.i.lencr.org 80
192.168.122.201 49172 27.25.129.201 yz2.bangbanghuodong.com 80
192.168.122.201 49165 61.170.100.75 p1.meituan.net 443
192.168.122.201 49160 72.246.244.137 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52179 192.168.122.1 53
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 56270 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 59906 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53
192.168.122.201 65179 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.123xpg.com/pc.html 
GET /pc.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.123xpg.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://note.youdao.com/yws/public/note/f56ab35f25d6bb528cbdefef7e0ba21b?editorType=0 
GET /yws/public/note/f56ab35f25d6bb528cbdefef7e0ba21b?editorType=0 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Mobile Safari/537.36
Host: note.youdao.com
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://note.youdao.com/yws/public/note/813670a624029a4d2e877d7722e99941?editorType=0 
GET /yws/public/note/813670a624029a4d2e877d7722e99941?editorType=0 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Mobile Safari/537.36
Host: note.youdao.com
URL专业沙箱检测 -> http://x1.i.lencr.org/ 
GET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: x1.i.lencr.org
URL专业沙箱检测 -> http://yz2.bangbanghuodong.com/cfxpg.css 
GET /cfxpg.css HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: yz2.bangbanghuodong.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2024-04-19 23:33:40.947674+0800 192.168.122.201 49162 150.138.153.98 443 TLS 1.2 C=CN, O=sslTrus, CN=sslTrus (RSA) DV CA CN=www.123xpg.com 64:37:d1:2f:93:3a:9a:ce:78:10:a1:0e:bb:4f:9c:1d:64:ec:4a:2a
2024-04-19 23:33:42.401246+0800 192.168.122.201 49166 101.35.47.207 443 TLS 1.2 C=US, O=Let's Encrypt, CN=R3 CN=imgdb.cn 72:43:b0:a0:a5:4c:d2:a3:c5:18:e4:00:65:cf:28:02:71:71:ca:89
2024-04-19 23:33:42.396356+0800 192.168.122.201 49165 61.170.100.75 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 C=CN, ST=北京, L=北京, O=北京三快科技有限公司, CN=*.meituan.net 15:e3:f5:90:6c:e8:50:08:b3:75:22:34:8b:10:e0:18:35:09:9a:66
2024-04-19 23:33:42.406036+0800 192.168.122.201 49167 101.35.47.207 443 TLS 1.2 C=US, O=Let's Encrypt, CN=R3 CN=imgdb.cn 72:43:b0:a0:a5:4c:d2:a3:c5:18:e4:00:65:cf:28:02:71:71:ca:89

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 44.513 seconds )

  • 20.93 NetworkAnalysis
  • 11.553 Suricata
  • 5.465 VirusTotal
  • 4.382 BehaviorAnalysis
  • 1.279 Static
  • 0.44 TargetInfo
  • 0.416 peid
  • 0.033 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory
  • 0.002 config_decoder

Signatures ( 49.864 seconds )

  • 46.159 network_http
  • 1.671 proprietary_url_bl
  • 0.29 api_spamming
  • 0.222 process_interest
  • 0.213 stealth_timeout
  • 0.206 injection_createremotethread
  • 0.199 stealth_decoy_document
  • 0.142 vawtrak_behavior
  • 0.138 injection_runpe
  • 0.098 process_needed
  • 0.084 antiav_detectreg
  • 0.033 infostealer_ftp
  • 0.021 proprietary_domain_bl
  • 0.02 antivm_generic_scsi
  • 0.02 infostealer_im
  • 0.018 mimics_filetime
  • 0.018 antidbg_windows
  • 0.018 kovter_behavior
  • 0.018 antianalysis_detectreg
  • 0.016 reads_self
  • 0.013 antivm_generic_services
  • 0.012 antiemu_wine_func
  • 0.012 stealth_file
  • 0.012 antivm_generic_disk
  • 0.012 infostealer_browser_password
  • 0.012 anormaly_invoke_kills
  • 0.012 virus
  • 0.011 bootkit
  • 0.01 infostealer_mail
  • 0.009 hancitor_behavior
  • 0.008 antiav_detectfile
  • 0.007 geodo_banking_trojan
  • 0.006 anomaly_persistence_autorun
  • 0.005 antivm_vbox_libs
  • 0.005 infostealer_bitcoin
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.004 antivm_vbox_window
  • 0.004 stealth_network
  • 0.004 betabot_behavior
  • 0.004 kibex_behavior
  • 0.004 antivm_parallels_keys
  • 0.004 antivm_xen_keys
  • 0.004 darkcomet_regkeys
  • 0.003 antiav_avast_libs
  • 0.003 dridex_behavior
  • 0.003 proprietary_anomaly_massive_file_ops
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 exec_crash
  • 0.003 antisandbox_script_timer
  • 0.003 antivm_generic_diskreg
  • 0.003 antivm_vbox_files
  • 0.003 network_torgateway
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 infostealer_browser
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.002 proprietary_bad_drop
  • 0.002 network_cnc_http
  • 0.002 recon_fingerprint
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 network_anomaly
  • 0.001 antivm_vmware_libs
  • 0.001 sets_autoconfig_url
  • 0.001 kazybot_behavior
  • 0.001 ipc_namedpipe
  • 0.001 dyre_behavior
  • 0.001 shifu_behavior
  • 0.001 cerber_behavior
  • 0.001 bypass_firewall
  • 0.001 antidbg_devices
  • 0.001 antisandbox_productid
  • 0.001 antivm_xen_keys
  • 0.001 antivm_hyperv_keys
  • 0.001 antivm_vbox_acpi
  • 0.001 antivm_vbox_keys
  • 0.001 antivm_vmware_keys
  • 0.001 antivm_vpc_keys
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 proprietary_malicious_drop_executable_file_to_temp_folder
  • 0.001 proprietary_anomaly_invoke_vb_vba
  • 0.001 packer_armadillo_regkey
  • 0.001 rat_pcclient
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.635 seconds )

  • 0.555 ReportHTMLSummary
  • 0.08 Malheur
Task ID 744134
Mongo ID 66228fb37e769a7eca4b3e86
Cuckoo release 1.4-Maldun