比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64 2016-09-18 09:40:26 2016-09-18 09:43:03 157 秒

魔盾分数

2.3

可疑的

文件详细信息

文件名 RsBackup.exe
文件大小 359064 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 787524b75ce2e55ed671a5cd596d2b36
SHA1 fbfc4ac0a6cab35b172d3c37185fbc647fcfa2f4
SHA256 6a242951c6ffa802d6d302f96c58c015d6543a034cf2bfe9d98fcee0a57b3b35
SHA512 460c08c2035bddffa8344782bda00be1eecd78ef41926554baa59a22578326c27f1c99a83dca820993512347a87a636052cea7f4bbe50af680fc0d392c2169ec
CRC32 578E3D61
Ssdeep 6144:ROZMpxjaTmNyvVcp6Hx9Ik5/RygTmCDoX364lgMyCVJMZM:baTmNyvVcp6Hx9Ik9DoX3LleCMZM
Yara 登录查看Yara规则
样本下载 提交漏报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
93.46.8.89 意大利
58.211.137.192 中国
23.44.155.27 美国
198.41.214.187 美国
117.18.237.29 亚洲太平洋地区
115.231.30.15 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.download.windowsupdate.com CNAME fg.download.windowsupdate.com.mwcname.com
CNAME ipv6microsoft.dlmix.ourdvs.com
A 183.134.9.63
A 115.231.20.47
A 122.228.22.104
A 115.231.30.15
A 183.131.67.41
A 183.131.168.143
A 115.231.22.28
A 122.228.22.178
A 115.231.156.74
A 183.134.20.57
CNAME 2-01-3cf7-0009.cdx.cedexis.net
A 183.131.208.34
A 115.231.158.27
A 122.228.237.147
ocsp.verisign.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27
ss.symcd.com
ocsp.msocsp.com A 198.41.214.185
CNAME hostedocsp.globalsign.com
A 198.41.214.186
A 198.41.214.187
A 198.41.215.183
A 198.41.215.182
A 198.41.215.185
A 198.41.214.183
A 198.41.215.184
A 198.41.215.186
A 198.41.214.184
sd.symcd.com
ocsp2.globalsign.com CNAME cdn.globalsigncdn.com
A 58.211.137.192
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.globalsign.com
s.symcd.com
ocsp.omniroot.com A 93.46.8.89
CNAME wac.BFDD.edgecastcdn.net

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00425928
声明校验值 0x0005c465
实际校验值 0x0005c465
最低操作系统版本要求 4.0
PDB路径 C:\DistributedAutoLink\Temp\CompileOutputDir\RsBackup.pdb
编译时间 2012-01-09 13:47:12
图标
图标精确哈希值 8cb03eaea0093ebd4ab591c4bb2335e3
图标相似性哈希值 15c6b57d5e5c386133d0f4c0537fc66e

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
SpecialBuild
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

微软证书验证 (Sign Tool)

SHA1 时间戳 有效性 错误
f369dcbce399bfed0e925c791d4bc2b218271f1e Mon Jan 09 13:48:00 2012
证书链 Certificate Chain 1
发行给 Class 3 Public Primary Certification Authority
发行人 Class 3 Public Primary Certification Authority
有效期 Wed Aug 02 075959 2028
SHA1 哈希 742c3192e607e424eb4549542be1bbc53e6174e2
证书链 Certificate Chain 2
发行给 VeriSign Class 3 Code Signing 2009-2 CA
发行人 Class 3 Public Primary Certification Authority
有效期 Tue May 21 075959 2019
SHA1 哈希 12d4872bc3ef019e7e0b6f132480ae29db5b1ca3
证书链 Certificate Chain 3
发行给 Beijing Rising Information Technology Corporation Limited
发行人 VeriSign Class 3 Code Signing 2009-2 CA
有效期 Mon Jul 23 075959 2012
SHA1 哈希 08c44bdde3e6563f92032d65e95bac0844c742e8
证书链 Timestamp Chain 1
发行给 Thawte Timestamping CA
发行人 Thawte Timestamping CA
有效期 Fri Jan 01 075959 2021
SHA1 哈希 be36a4562fb2ee05dbb3d32323adf445084ed656
证书链 Timestamp Chain 2
发行给 VeriSign Time Stamping Services CA
发行人 Thawte Timestamping CA
有效期 Wed Dec 04 075959 2013
SHA1 哈希 f46ac0c6efbb8c6a14f55f09e2d37df4c0de012d
证书链 Timestamp Chain 3
发行给 VeriSign Time Stamping Services Signer - G2
发行人 VeriSign Time Stamping Services CA
有效期 Fri Jun 15 075959 2012
SHA1 哈希 ada8aaa643ff7dc38dd40fa4c97ad559ff4846de

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x0003e688 0x0003f000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.55
.rdata 0x00040000 0x0000718e 0x00008000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.94
.data 0x00048000 0x0000455c 0x00003000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 3.48
.rsrc 0x0004d000 0x0000a438 0x0000b000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.46

覆盖

偏移量 0x00056000
大小 0x00001a98

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
RT_BITMAP 0x00053598 0x0000006c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 1.72 data
RT_BITMAP 0x00053598 0x0000006c LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 1.72 data
RT_ICON 0x000557d0 0x00000568 LANG_ENGLISH SUBLANG_ENGLISH_US 3.47 GLS_BINARY_LSB_FIRST
RT_ICON 0x000557d0 0x00000568 LANG_ENGLISH SUBLANG_ENGLISH_US 3.47 GLS_BINARY_LSB_FIRST
RT_ICON 0x000557d0 0x00000568 LANG_ENGLISH SUBLANG_ENGLISH_US 3.47 GLS_BINARY_LSB_FIRST
RT_ICON 0x000557d0 0x00000568 LANG_ENGLISH SUBLANG_ENGLISH_US 3.47 GLS_BINARY_LSB_FIRST
RT_ICON 0x000557d0 0x00000568 LANG_ENGLISH SUBLANG_ENGLISH_US 3.47 GLS_BINARY_LSB_FIRST
RT_ICON 0x000557d0 0x00000568 LANG_ENGLISH SUBLANG_ENGLISH_US 3.47 GLS_BINARY_LSB_FIRST
RT_DIALOG 0x000561d8 0x000000e2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.12 data
RT_DIALOG 0x000561d8 0x000000e2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.12 data
RT_DIALOG 0x000561d8 0x000000e2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.12 data
RT_DIALOG 0x000561d8 0x000000e2 LANG_ENGLISH SUBLANG_ENGLISH_US 3.12 data
RT_STRING 0x000570d8 0x0000035a LANG_ENGLISH SUBLANG_ENGLISH_US 3.14 data
RT_STRING 0x000570d8 0x0000035a LANG_ENGLISH SUBLANG_ENGLISH_US 3.14 data
RT_ACCELERATOR 0x000562c0 0x00000070 LANG_ENGLISH SUBLANG_ENGLISH_US 2.95 data
RT_GROUP_ICON 0x00055d38 0x0000005a LANG_ENGLISH SUBLANG_ENGLISH_US 2.87 MS Windows icon resource - 6 icons, 48x48, 16-colors
RT_VERSION 0x00056330 0x00000458 LANG_ENGLISH SUBLANG_ENGLISH_US 3.48 data
RT_MANIFEST 0x00056788 0x0000032b LANG_ENGLISH SUBLANG_ENGLISH_US 5.17 XML document text

导入

库: VERSION.dll:
0x440348 VerQueryValueW
0x44034c GetFileVersionInfoA
0x440354 VerQueryValueA
库: KERNEL32.dll:
0x44003c InterlockedExchange
0x440040 GetACP
0x440044 GetLocaleInfoA
0x440048 GetThreadLocale
0x44004c GetVersionExA
0x440058 SizeofResource
0x44005c LockResource
0x440060 LoadResource
0x440064 FindResourceA
0x440068 FindResourceExA
0x44006c WideCharToMultiByte
0x440074 GetCurrentProcess
0x440078 HeapFree
0x44007c GetProcessHeap
0x440080 HeapAlloc
0x44008c GetLocalTime
0x440090 lstrcpynA
0x440094 WriteFile
0x440098 SetFilePointer
0x44009c MoveFileA
0x4400a0 DeleteFileA
0x4400a4 SetFileAttributesA
0x4400a8 CloseHandle
0x4400ac GetFileSize
0x4400b0 CreateFileA
0x4400b4 GetCurrentThreadId
0x4400b8 GetCurrentProcessId
0x4400bc OutputDebugStringA
0x4400c0 GetTickCount
0x4400c4 GetProcAddress
0x4400c8 LoadLibraryA
0x4400cc ResumeThread
0x4400d0 SuspendThread
0x4400d4 GetFileAttributesA
0x4400dc lstrcmpiA
0x4400e0 SetThreadPriority
0x4400e4 MultiByteToWideChar
0x4400e8 CreateDirectoryA
0x4400f4 lstrlenW
0x4400f8 GetModuleHandleA
0x4400fc GetLastError
0x440100 FreeLibrary
0x440104 LoadLibraryExA
0x440108 IsDBCSLeadByte
0x44010c ReadFile
0x440110 GetDiskFreeSpaceA
0x440114 FindClose
0x440118 FindNextFileA
0x44011c FindFirstFileA
0x440120 GetTempPathA
0x440124 EndUpdateResourceA
0x440128 UpdateResourceA
0x44012c lstrcpynW
0x440134 GetCommandLineA
0x440138 CopyFileA
0x44013c lstrcmpiW
0x440140 CompareStringA
0x440144 CompareStringW
0x440150 GetStringTypeExA
0x440154 GetStringTypeExW
0x440158 RemoveDirectoryA
0x44015c lstrcatA
0x440160 GetUserDefaultLCID
0x440164 GetDateFormatA
0x440168 GetTimeFormatA
0x44017c GetStringTypeW
0x440180 GetStringTypeA
0x440184 SetStdHandle
0x440188 GetStdHandle
0x44018c SetHandleCount
0x440190 LCMapStringW
0x440194 LCMapStringA
0x4401a0 EnumSystemLocalesA
0x4401a8 TlsGetValue
0x4401ac TlsSetValue
0x4401b0 TlsFree
0x4401b4 GetCurrentThread
0x4401b8 TlsAlloc
0x4401bc GetCPInfo
0x4401c0 GetOEMCP
0x4401c4 TerminateProcess
0x4401c8 IsBadWritePtr
0x4401cc FatalAppExitA
0x4401d0 VirtualFree
0x4401d4 HeapCreate
0x4401d8 GetStartupInfoA
0x4401dc GetFileType
0x4401e0 SetEndOfFile
0x4401e8 VirtualQuery
0x4401ec GetSystemInfo
0x4401f0 VirtualAlloc
0x4401f4 VirtualProtect
0x4401f8 CreateThread
0x4401fc ExitThread
0x440200 ExitProcess
0x440204 RtlUnwind
0x440208 HeapSize
0x44020c HeapReAlloc
0x440210 HeapDestroy
0x440214 GetModuleFileNameA
0x440218 SetLastError
0x44021c GlobalAlloc
0x440220 lstrcpyA
0x440224 GlobalFree
0x440230 RaiseException
0x440234 lstrlenA
0x440238 GetLocaleInfoW
0x440240 Sleep
0x440244 lstrcmpA
0x440250 FlushFileBuffers
0x440254 IsBadCodePtr
0x440258 IsBadReadPtr
0x44025c IsValidCodePage
0x440260 IsValidLocale
0x440264 GetVersion
0x440268 GetTempFileNameA
库: USER32.dll:
0x440294 CharUpperW
0x440298 CharLowerW
0x44029c CharLowerA
0x4402a0 wsprintfW
0x4402a4 CharNextA
0x4402a8 PeekMessageA
0x4402ac GetMessageA
0x4402b0 TranslateMessage
0x4402b4 DispatchMessageA
0x4402b8 GetActiveWindow
0x4402c0 GetWindowTextA
0x4402c4 MessageBeep
0x4402c8 SetFocus
0x4402cc SetDlgItemTextA
0x4402d0 GetDlgItem
0x4402d4 CallWindowProcA
0x4402d8 SetForegroundWindow
0x4402dc MessageBoxA
0x4402e0 GetSystemMetrics
0x4402e4 LoadImageA
0x4402e8 wvsprintfA
0x4402ec IsWindow
0x4402f0 FindWindowA
0x4402f4 DefWindowProcA
0x4402f8 PostQuitMessage
0x4402fc DestroyWindow
0x440300 PostMessageA
0x440304 GetParent
0x440308 GetWindow
0x44030c GetWindowRect
0x440314 GetClientRect
0x440318 MapWindowPoints
0x44031c IsDialogMessageA
0x440320 SendMessageA
0x440324 SetWindowPos
0x440328 SetWindowTextA
0x44032c GetWindowLongA
0x440330 SetWindowLongA
0x440334 ShowWindow
0x440338 CharUpperA
0x44033c UnregisterClassA
0x440340 wsprintfA
库: ADVAPI32.dll:
0x440000 RegQueryInfoKeyA
0x440004 RegQueryValueExA
0x440008 RegOpenKeyExA
0x44000c RegDeleteKeyA
0x440010 RegSetValueExA
0x440014 RegEnumKeyExA
0x440018 RegCloseKey
0x44001c RegDeleteValueA
0x440020 RegCreateKeyExA
库: SHELL32.dll:
0x44027c SHBrowseForFolderA
库: ole32.dll:
0x44035c CoTaskMemFree
0x440360 CoInitialize
0x440364 CoTaskMemAlloc
0x440368 CoTaskMemRealloc
0x44036c CoCreateInstance
0x440370 CoUninitialize
库: OLEAUT32.dll:
0x440270 None
0x440274 None
库: SHLWAPI.dll:
0x440288 PathSkipRootA
0x44028c PathFileExistsA
库: COMCTL32.dll:
0x440028 PropertySheetA
.text
`.rdata
@.data
.rsrc
T$(Rj
u'SWj
VPQUj
B80o@
B80o@
B80o@
SUVWj
L$8Qj
WPVUj
VRSWj
D$0QPh
|$$t=j
|$,t?j
t^<<uZj
<'u!Wj
D$@Pj
s`UVh
|$(vL9|$$u%Sh
SVWUj
j@hp#D
VWumhp)D
t|hT)D
C*PjTVj
C+PjUVj
C,PjVVj
C-PjWVj
C.PjRVj
C/PjSVj
GWhN$C
jHh8?D
Dht?D
t-hX@D
D$ |@D
D$$ AD
D$@|@D
D$@|@D
D$@|@D
D$@|@D
D$@|@D
D$@|@D
D$@|@D
D$@|@D
D$ AD
D$(|@D
D$, AD
L$PQShXAD
T$ Rh
T$ Rh
L$ RUPj
D$0QhtRD
datapath
SOFTWARE\Rising\%s
[%04d-%02d-%02d][%02d:%02d:%02d:%03d]
2.log
[%04u]
[0x%08X]
[FATAL]
[ALERT]
[WAINNING]
[ACTION]
[DETAIL]
DEBUG
LOGNAME
RAV.INI
RS_DEBUG_VIEW
LOGSIZE
OUTPUT
LEVEL
%s\RSD%d
GetDLLObject
\RsLang.dll
Failed to InitAppPath.
Failed to get /subkey.
/SUBKEY
/lang
Label.dat
SETUP
ACTIONID
%s\setup.dat
%s\xmls\setup.xml
%s\%s
failed to find label.dat
ToInstall
Space
SYSTEM
Setup.exe
Failed to check %s
CHECK
%s\%s\%s
FILENAME
SOURCEPATH
FILES
NEEDSPACE
Failed to RsXMLSelVerify %s
%s\%s\%s.xml
Installed
COMPONENTS
Failed to load %s
rssetup.xml
Failed to get componet from %s
Failed to RsXMLSelVerify("%s")
%s\%s.xml
rssetup
UPDATE
Version
00.00.00.00
%s\backup.ini
%s\auto.ini
%s\temp.zip
%s\setup.tmp
%s\Label.dat
%s\compsver.inf
Setup
INSTALLPATH
%s\Backup\rsd\%s
%s\Backup\%s
%s\Data\%s\%s.ini
BACKUP
backrav
temp.ini
*?"<>|/
%s\%s%s.exe
\Backup\
\Compsver.inf
%s\data\%s\%s.ini
BackSave
TypeLib
Software
SECURITY
Hardware
Interface
FileType
Component Categories
CLSID
AppID
Delete
NoRemove
ForceRemove
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
&Validate=
&type=
&Time_OverTime=
&Time_Setup=
kernel32.dll
GetDiskFreeSpaceExA
Personal
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Desktop
\CompsVer.inf
\Update
__TEMP_CHANGE_VERSION_DOWN
FileVersion
%s\*.*
SETTING
Rav.ini
\NetConfig.ini
%s\%s.ini
c:\temp
__TEMP_CHANGE_VERSION_UP
VS_VERSION_INFO
\VarFileInfo\Translation
%d.%d.%d.%d
%s.%d
%s.0%d
bad cast
</%s>
<!--%s-->
standalone="%s"
encoding="%s"
version="%s"
<?xml
&#x%02X;
%s='%s'
%s="%s"
<![CDATA[
false
standalone="
encoding="
version="
raB3Ge
Error parsing CDATA.
Error null (0) or unexpected EOF found in input stream.
Error document empty.
Error parsing Declaration.
Error parsing Comment.
Error parsing Unknown.
Error reading end tag.
Error: empty tag.
Error reading Attributes.
Error reading Element value.
Failed to read Element name
Error parsing Element.
Memory allocation failed.
Failed to open file
Error
No error
&apos;
&quot;
&amp;
<?xml
standalone
encoding
version
UTF-8
1.1.3
Rav.tst
Unknown exception
CorExitProcess
mscoree.dll
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
Microsoft Visual C++ Runtime Library
Program:
<program name unknown>
Buffer overrun detected!
Unknown security failure detected!
`h````
(null)
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
e+000
GAIsProcessorFeaturePresent
KERNEL32
runtime error
Program:
InitializeCriticalSectionAndSpinCount
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
am/pm
Paraguay
Uruguay
Chile
Ecuador
Argentina
Colombia
Venezuela
Dominican Republic
South Africa
Panama
Luxembourg
Costa Rica
Switzerland
Guatemala
Canada
Spanish - Modern Sort
Australia
English
Austria
German
Belgium
Mexico
Spanish
Basque
Sweden
Swedish
Iceland
Icelandic
France
French
Finland
Finnish
Spain
Spanish - Traditional Sort
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
1#QNAN
1#INF
1#IND
1#SNAN
invalid string position
string too long
ios_base::eofbit set
ios_base::failbit set
ios_base::badbit set
the max length & max offset is limited by the sizeof the storing bits.
the max length is limited by the sizeof the storing bits.
<!--%s-->
.rstmp
failure to read input stream
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
C:\DistributedAutoLink\Temp\CompileOutputDir\RsBackup.pdb
VerQueryValueW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VERSION.dll
lstrlenA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
lstrcpyA
GlobalAlloc
SetLastError
GetModuleFileNameA
GetCommandLineA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetPrivateProfileIntA
GetPrivateProfileStringA
GetLocalTime
lstrcpynA
WriteFile
SetFilePointer
MoveFileA
DeleteFileA
SetFileAttributesA
CloseHandle
GetFileSize
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
OutputDebugStringA
GetTickCount
GetProcAddress
LoadLibraryA
ResumeThread
SuspendThread
GetFileAttributesA
WritePrivateProfileStringA
lstrcmpiA
SetThreadPriority
MultiByteToWideChar
CreateDirectoryA
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleHandleA
GetLastError
FreeLibrary
LoadLibraryExA
IsDBCSLeadByte
ReadFile
GetDiskFreeSpaceA
FindClose
FindNextFileA
FindFirstFileA
GetTempPathA
EndUpdateResourceA
UpdateResourceA
lstrcpynW
BeginUpdateResourceA
GetVersion
CopyFileA
lstrcmpiW
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
RemoveDirectoryA
lstrcatA
KERNEL32.dll
UnregisterClassA
CharUpperA
ShowWindow
SetWindowLongA
GetWindowLongA
SetWindowTextA
SetWindowPos
SendMessageA
IsDialogMessageA
MapWindowPoints
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
GetParent
PostMessageA
wsprintfA
DestroyWindow
PostQuitMessage
DefWindowProcA
FindWindowA
IsWindow
wvsprintfA
LoadImageA
GetSystemMetrics
MessageBoxA
SetForegroundWindow
CallWindowProcA
GetDlgItem
SetDlgItemTextA
SetFocus
MessageBeep
GetWindowTextA
GetWindowTextLengthA
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CharNextA
wsprintfW
CharLowerA
CharLowerW
CharUpperW
USER32.dll
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
ADVAPI32.dll
SHGetPathFromIDListA
SHBrowseForFolderA
SHELL32.dll
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
ole32.dll
OLEAUT32.dll
PathSkipRootA
PathFileExistsA
SHLWAPI.dll
DestroyPropertySheetPage
CreatePropertySheetPageA
InitCommonControlsEx
PropertySheetA
COMCTL32.dll
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
ExitProcess
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
SetEndOfFile
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
FatalAppExitA
IsBadWritePtr
TerminateProcess
GetOEMCP
GetCPInfo
TlsAlloc
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
SetStdHandle
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
GetTimeZoneInformation
SetConsoleCtrlHandler
GetLocaleInfoW
SetEnvironmentVariableA
Sleep
lstrcmpA
GetTempFileNameA
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
welcome Rising*youarelawless!y2a3n4g5Y6U7q8i@S9I0N#A.C%O(M-)<>ABI993JIEM,;'{jkliewaqlsiqomv.z^iwaql}-_=+)_(l;2j2f90aslkjflkasjas32092JKLSJFbASAUI/Z/A[/,./|@~`FS'.Z,MF920SDLAFJKAL9320QFFMmlajfl,.<>//|348q9729|fjlail3jo798,ksafa302-s;akfa;=_++-0-_))0-0-p23is
welcome Rising*youarelawless!y2a$n4g5Y6U7q8i@S9I0N#A.C%O(M-)<>ABI99*JIEM,;'{jkliewaqlsiqomv.z^iwaql}-_=+)_(l;2j@f90aslkjflkasjas6j09kJKLSJFbASAUI/Z/A[/,./|@~`FS'.Z,MF920SDLAFJKAL9320QFFMmlajfl,.<>//|348q9729|fjlail3jo798,ksafa302-s;akfa;=_++-0-_))0-0-p^bis
.?AVexception@@
.?AVbad_cast@@
.?AVbad_typeid@@
.?AV__non_rtti_object@@
.?AVtype_info@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVout_of_range@std@@
.?AVfacet@locale@std@@
.?AV_Locimp@locale@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
Copyright (c) 1992-2001 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVfileio_fails@@
1.1.3
need dictionary
incorrect data check
incorrect header check
invalid window size
unknown compression method
incompatible version
buffer error
insufficient memory
data error
stream error
file error
stream end
invalid bit length repeat
too many length or distance symbols
invalid stored block lengths
invalid block type
invalid distance code
invalid literal/length code
incomplete dynamic bit lengths tree
oversubscribed dynamic bit lengths tree
incomplete literal/length tree
oversubscribed literal/length tree
empty distance tree with lengths
incomplete distance tree
oversubscribed distance tree
wwwpwww
wwwwwwxw
wwwwwwwwwwww
wwwwwwwxp
wwwwwwww
wxtDDOp
tDDOp
wtDDOp
APPID
@REGISTRY
Module_Raw
Module
\StringFileInfo\%04x%04x\FileVersion
%d.%d.%d.%d
\StringFileInfo\%04x%04x\ProductVersion
(null)
RsBackup
MS Sans Serif
MS Shell Dlg
Select Path:
&Browser
Making Hard Disk Installation Backup can create the latest Rising Antivirus Software installation package, it will restore your current Rising Antivirus Software into a installation package,
MS Shell Dlg
The program has been created successfully. You can run this file to install the current version of Rising.
MS Shell Dlg
msctls_progress32
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
Beijing Rising Information Technology Co., Ltd.
FileDescription
Rising backup program
FileVersion
1.0.0.9
InternalName
Beijing Rising Information Technology Co., Ltd.
LegalCopyright
Copyright(C) 2011-2012 Beijing Rising Information Technology Co., Ltd. All Rights Reserved.
OriginalFilename
RsBackup.exe
ProductName
Rising Software Distribute System
ProductVersion
SpecialBuild
617136182722000
VarFileInfo
Translation
Installer Creation Tool
Latest Installer Creation Tool does not support simultaneous multiple user access. Please close other users' creation tool first.
3A fatal error has occurred. Click "Finish" to exit.
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20160827
MicroWorld-eScan 未发现病毒 20160827
nProtect 未发现病毒 20160827
CMC 未发现病毒 20160824
CAT-QuickHeal 未发现病毒 20160826
McAfee 未发现病毒 20160827
Malwarebytes 未发现病毒 20160827
Zillya 未发现病毒 20160826
K7AntiVirus 未发现病毒 20160827
BitDefender 未发现病毒 20160827
K7GW 未发现病毒 20160827
TheHacker 未发现病毒 20160826
TrendMicro 未发现病毒 20160827
Baidu 未发现病毒 20160827
F-Prot 未发现病毒 20160827
Symantec 未发现病毒 20160827
TotalDefense 未发现病毒 20160827
TrendMicro-HouseCall 未发现病毒 20160827
Avast 未发现病毒 20160827
ClamAV 未发现病毒 20160827
Kaspersky 未发现病毒 20160827
Alibaba 未发现病毒 20160826
NANO-Antivirus 未发现病毒 20160827
ViRobot 未发现病毒 20160827
SUPERAntiSpyware 未发现病毒 20160826
Rising 未发现病毒 20160827
Ad-Aware 未发现病毒 20160827
Emsisoft 未发现病毒 20160827
Comodo 未发现病毒 20160827
F-Secure 未发现病毒 20160827
DrWeb 未发现病毒 20160827
VIPRE 未发现病毒 20160827
Invincea 未发现病毒 20160826
McAfee-GW-Edition 未发现病毒 20160827
Sophos 未发现病毒 20160827
Cyren 未发现病毒 20160827
Jiangmin 未发现病毒 20160827
Avira 未发现病毒 20160827
Antiy-AVL 未发现病毒 20160827
Kingsoft 未发现病毒 20160827
Microsoft 未发现病毒 20160827
Arcabit 未发现病毒 20160827
AegisLab 未发现病毒 20160827
GData 未发现病毒 20160827
AhnLab-V3 未发现病毒 20160826
ALYac 未发现病毒 20160827
AVware 未发现病毒 20160827
VBA32 未发现病毒 20160826
Zoner 未发现病毒 20160827
ESET-NOD32 未发现病毒 20160827
Tencent 未发现病毒 20160827
Yandex 未发现病毒 20160826
Ikarus 未发现病毒 20160827
Fortinet 未发现病毒 20160827
AVG 未发现病毒 20160827
Panda 未发现病毒 20160827
CrowdStrike 未发现病毒 20160826
Qihoo-360 未发现病毒 20160827

进程树

RsBackup.exe, PID: 2692, 上一级进程 PID: 364
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
93.46.8.89 意大利
58.211.137.192 中国
23.44.155.27 美国
198.41.214.187 美国
117.18.237.29 亚洲太平洋地区
115.231.30.15 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 59209 115.231.30.15 www.download.windowsupdate.com 80
192.168.122.69 59225 117.18.237.29 ocsp.digicert.com 80
192.168.122.69 59228 117.18.237.29 ocsp.digicert.com 80
192.168.122.69 59218 178.255.83.1 80
192.168.122.69 59220 178.255.83.1 80
192.168.122.69 59222 178.255.83.1 80
192.168.122.69 59208 192.168.122.1 53
192.168.122.69 59219 198.41.214.187 ocsp.msocsp.com 80
192.168.122.69 59210 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59217 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59221 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59223 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59227 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59224 58.211.137.192 ocsp2.globalsign.com 80
192.168.122.69 59226 58.211.137.192 ocsp2.globalsign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 49321 192.168.122.1 53
192.168.122.69 50328 192.168.122.1 53
192.168.122.69 51809 192.168.122.1 53
192.168.122.69 52254 192.168.122.1 53
192.168.122.69 52512 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 53731 192.168.122.1 53
192.168.122.69 54419 192.168.122.1 53
192.168.122.69 57129 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 58738 192.168.122.1 53
192.168.122.69 59029 192.168.122.1 53
192.168.122.69 59349 192.168.122.1 53
192.168.122.69 60407 192.168.122.1 53
192.168.122.69 62204 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 65349 192.168.122.1 53
192.168.122.69 65386 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.download.windowsupdate.com CNAME fg.download.windowsupdate.com.mwcname.com
CNAME ipv6microsoft.dlmix.ourdvs.com
A 183.134.9.63
A 115.231.20.47
A 122.228.22.104
A 115.231.30.15
A 183.131.67.41
A 183.131.168.143
A 115.231.22.28
A 122.228.22.178
A 115.231.156.74
A 183.134.20.57
CNAME 2-01-3cf7-0009.cdx.cedexis.net
A 183.131.208.34
A 115.231.158.27
A 122.228.237.147
ocsp.verisign.com CNAME ocsp-ds.ws.symantec.com.edgekey.net
CNAME e8218.dscb1.akamaiedge.net
A 23.44.155.27
ss.symcd.com
ocsp.msocsp.com A 198.41.214.185
CNAME hostedocsp.globalsign.com
A 198.41.214.186
A 198.41.214.187
A 198.41.215.183
A 198.41.215.182
A 198.41.215.185
A 198.41.214.183
A 198.41.215.184
A 198.41.215.186
A 198.41.214.184
sd.symcd.com
ocsp2.globalsign.com CNAME cdn.globalsigncdn.com
A 58.211.137.192
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29
ocsp.globalsign.com
s.symcd.com
ocsp.omniroot.com A 93.46.8.89
CNAME wac.BFDD.edgecastcdn.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.69 59209 115.231.30.15 www.download.windowsupdate.com 80
192.168.122.69 59225 117.18.237.29 ocsp.digicert.com 80
192.168.122.69 59228 117.18.237.29 ocsp.digicert.com 80
192.168.122.69 59218 178.255.83.1 80
192.168.122.69 59220 178.255.83.1 80
192.168.122.69 59222 178.255.83.1 80
192.168.122.69 59208 192.168.122.1 53
192.168.122.69 59219 198.41.214.187 ocsp.msocsp.com 80
192.168.122.69 59210 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59217 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59221 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59223 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59227 23.44.155.27 ocsp.verisign.com 80
192.168.122.69 59224 58.211.137.192 ocsp2.globalsign.com 80
192.168.122.69 59226 58.211.137.192 ocsp2.globalsign.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.69 49321 192.168.122.1 53
192.168.122.69 50328 192.168.122.1 53
192.168.122.69 51809 192.168.122.1 53
192.168.122.69 52254 192.168.122.1 53
192.168.122.69 52512 192.168.122.1 53
192.168.122.69 52766 192.168.122.1 53
192.168.122.69 53731 192.168.122.1 53
192.168.122.69 54419 192.168.122.1 53
192.168.122.69 57129 192.168.122.1 53
192.168.122.69 58396 192.168.122.1 53
192.168.122.69 58738 192.168.122.1 53
192.168.122.69 59029 192.168.122.1 53
192.168.122.69 59349 192.168.122.1 53
192.168.122.69 60407 192.168.122.1 53
192.168.122.69 62204 192.168.122.1 53
192.168.122.69 63333 192.168.122.1 53
192.168.122.69 65349 192.168.122.1 53
192.168.122.69 65386 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86402
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 14 Jan 2016 00:22:10 GMT
If-None-Match: "0e59c9b614ed11:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEEhNCdUPKZdCUnK3l6oopVc%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEEhNCdUPKZdCUnK3l6oopVc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEEhNCdUPKZdCUnK3l6oopVc%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE%2FlB8ILcQ1m6ShHvICEEhNCdUPKZdCUnK3l6oopVc%3D HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYsTGl7at%2BFjHRU%2BpXehLM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV%2Bc%2FAZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEFYsTGl7at%2BFjHRU%2BpXehLM%3D HTTP/1.1
Cache-Control: max-age = 386960
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 21 Jan 2016 20:44:27 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com
URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1
Cache-Control: max-age = 311241
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 23:57:39 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQmECJms4f7i5EbxtN7NbzQCBwAdAQUUa8kJpz0aCJXgCYrO0ZiFXsezKUCE1oAAN43VPPQBXGCMiwAAQAA3jc%3D HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:30:15 GMT
If-None-Match: "77a3ed05d7337d023a726d1efae9caf1857cedc9"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1
Cache-Control: max-age = 311240
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 23:57:39 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X%2B%2BhEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18%2BP0%3D HTTP/1.1
Cache-Control: max-age = 603676
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 08:43:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQLqIKj6Gi5thHaqKC1ECU9aXsCRQQUmvMr2s%2BtT7YvuypISCoStxtCwSQCEQD0gtB5WgsdpjrFZePtaJt6 
GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQLqIKj6Gi5thHaqKC1ECU9aXsCRQQUmvMr2s%2BtT7YvuypISCoStxtCwSQCEQD0gtB5WgsdpjrFZePtaJt6 HTTP/1.1
Cache-Control: max-age = 334227
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:20:47 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
URL专业沙箱检测 -> http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFzeRE%2FrSZRDaFn%2BzErlAWw%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFzeRE%2FrSZRDaFn%2BzErlAWw%3D HTTP/1.1
Cache-Control: max-age = 533948
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 13:34:51 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: sd.symcd.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D 
GET /gsorganizationvalg2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBReGXQV%2FtqUV3SNMRE%2Bs25eR%2FvhjwQUXUayjcRLdBy77fVztjq3OI91nn4CEhEhyNkSBZL0u2zY4jc9udsWFw%3D%3D HTTP/1.1
Cache-Control: max-age = 180
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 08:12:59 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAIwaX55BLru0bCAsau57vM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJ9L2KGL92BpjF3kAtaDtxauTmhgQUPdNQpdagre7zSmAKZdMh1Pj41g8CEAIwaX55BLru0bCAsau57vM%3D HTTP/1.1
Cache-Control: max-age = 513914
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 04:05:14 GMT
If-None-Match: "56a44d7a-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM 
GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAS9O4UUM HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 06:40:24 GMT
If-None-Match: "1be626cf99d21b40b0ac46e272f28ef043bd829a"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAx5qUSwjBGVIJJhX%2BJrHYM%3D HTTP/1.1
Cache-Control: max-age = 500863
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 23 Jan 2016 22:46:14 GMT
If-None-Match: "56a402b6-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://sd.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFulHELau99g31whfW%2B6uJI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQMgSk4dLKWKRB%2B2DViUmQEUw3ggwQUDURcFlNEwYJ%2BHSCrJfQBY9i%2BeaUCEFulHELau99g31whfW%2B6uJI%3D HTTP/1.1
Cache-Control: max-age = 582766
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 03:09:24 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: sd.symcd.com
URL专业沙箱检测 -> http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEBkaMst1nJe4z6wRjdUSf0k%3D HTTP/1.1
Cache-Control: max-age = 584283
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 03:35:04 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: s.symcd.com
URL专业沙箱检测 -> http://ocsp2.globalsign.com/gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D 
GET /gsorganizationvalsha2g2/MFMwUTBPME0wSzAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCEhEhGuAGlWtDRHAtLRzCaILaCA%3D%3D HTTP/1.1
Cache-Control: max-age = 180
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 03:25:57 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAnmWtgHuEl7B0nUFWjWJtA%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAnmWtgHuEl7B0nUFWjWJtA%3D HTTP/1.1
Cache-Control: max-age = 510937
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 24 Jan 2016 01:36:05 GMT
If-None-Match: "56a42a85-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 57.449 seconds )

  • 53.429 NetworkAnalysis
  • 2.198 VirusTotal
  • 0.875 Static
  • 0.475 peid
  • 0.205 TargetInfo
  • 0.172 BehaviorAnalysis
  • 0.049 Strings
  • 0.024 AnalysisInfo
  • 0.01 config_decoder
  • 0.007 Debug
  • 0.002 Dropped
  • 0.002 Memory
  • 0.001 ProcessMemory

Signatures ( 0.103 seconds )

  • 0.022 antiav_detectreg
  • 0.009 infostealer_ftp
  • 0.009 md_domain_bl
  • 0.005 persistence_autorun
  • 0.005 stealth_timeout
  • 0.005 antiav_detectfile
  • 0.005 geodo_banking_trojan
  • 0.005 infostealer_im
  • 0.004 antianalysis_detectreg
  • 0.004 infostealer_bitcoin
  • 0.004 infostealer_mail
  • 0.004 ransomware_files
  • 0.003 network_torgateway
  • 0.002 tinba_behavior
  • 0.002 antivm_vbox_files
  • 0.002 disables_browser_warn
  • 0.002 network_http
  • 0.001 antiemu_wine_func
  • 0.001 betabot_behavior
  • 0.001 kibex_behavior
  • 0.001 antivm_generic_scsi
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 modify_proxy
  • 0.001 browser_security
  • 0.001 md_url_bl
  • 0.001 network_cnc_http

Reporting ( 1.489 seconds )

  • 0.907 ReportPDF
  • 0.57 ReportHTMLSummary
  • 0.012 Malheur
Task ID 18288
Mongo ID 57ddf1624d3bd0391814a679
Cuckoo release 1.4-Maldun