File name: | 02322339_2 |
Full analysis: | https://app.any.run/tasks/08e9b64e-6f98-47b5-a2dc-b8b008ad3112 |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 01:05:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 27527EAE13155667B4DFF4F5CE8868F4 |
SHA1: | EB8200DEFD9CAC2087AED54EAF875F4184F9C7FB |
SHA256: | 9CD541BC6FB15931AED14CF8EC3E2FD797D27B9F53BEE069E3DB500394A300D4 |
SSDEEP: | 98304:a8tNw4DU2IIfn5P3NMdtRt0yYvI1hnf4icH:9waUcf5P3NMvsxEhfc |
.exe | | | Win32 Executable (generic) (3.6) |
---|---|---|
.exe | | | Generic Win/DOS Executable (1.6) |
.exe | | | DOS Executable Generic (1.5) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2020:06:08 13:09:44+02:00 |
PEType: | PE32 |
LinkerVersion: | 14.16 |
CodeSize: | 937472 |
InitializedDataSize: | 2706432 |
UninitializedDataSize: | - |
EntryPoint: | 0xa05fa |
OSVersion: | 5.1 |
ImageVersion: | - |
SubsystemVersion: | 5.1 |
Subsystem: | Windows GUI |
FileVersionNumber: | 2.2.30.608 |
ProductVersionNumber: | 2.2.30.608 |
FileFlagsMask: | 0x0017 |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | Chinese (Simplified) |
CharacterSet: | Unicode |
FileDescription: | 游戏微端 |
FileVersion: | 2.2.30.608 |
InternalName: | LiteGameBox2_externel |
LegalCopyright: | 版权所有 (C) 2008-2020 www.ludashi.com |
OriginalFileName: | LiteGameBox2 |
ProductName: | 游戏微端 |
ProductVersion: | 2.2.30.608 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2844 | "C:\Users\admin\AppData\Local\Temp\02322339_2.exe" | C:\Users\admin\AppData\Local\Temp\02322339_2.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: 游戏微端 Exit code: 0 Version: 2.2.30.608 | ||||
3552 | "C:\Users\admin\AppData\Roaming\LiteGameBox_cjzg\cjzg.exe" | C:\Users\admin\AppData\Roaming\LiteGameBox_cjzg\cjzg.exe | 02322339_2.exe | |
User: admin Integrity Level: MEDIUM Description: 游戏微端 Version: 2.2.30.608 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3552 | cjzg.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\main[1].css | text | |
MD5:20E9FAE94ECC9AFCA5DF709C77779FD9 | SHA256:F24041D254364DB93BDC9F89AB91B69FB9D7C407D597BEFD8411520AA94C49B3 | |||
2844 | 02322339_2.exe | C:\Users\admin\AppData\Local\Temp\LiteGameBox_cjzg\cjzg.ui | compressed | |
MD5:B3609F08A6396D2D04708659C3765BEA | SHA256:085ED74CF4FB045232D1A92E61E2545BD267E2A34AD1A78FA52FCEC68D5116D1 | |||
3552 | cjzg.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\upload[1].jpg | image | |
MD5:D90610CD6A6E62E838859A55F03FEBCA | SHA256:B2D3976CEBD782DF2ABDF828D4BC151D50256E0A017C4D49FF592D2E1A749AE7 | |||
2844 | 02322339_2.exe | C:\Users\admin\AppData\Roaming\LiteGameBox_cjzg\cjzg.exe | executable | |
MD5:27527EAE13155667B4DFF4F5CE8868F4 | SHA256:9CD541BC6FB15931AED14CF8EC3E2FD797D27B9F53BEE069E3DB500394A300D4 | |||
2844 | 02322339_2.exe | C:\Users\admin\AppData\Roaming\LiteGameBox_cjzg\cjzg.json | text | |
MD5:9228D77AE29BFE676B3622E6907BDFDD | SHA256:282C5F1C33FF6540C216AC5F3C7A6C91004A39ED3914D0ED7DFC113F5910D2EB | |||
2844 | 02322339_2.exe | C:\Users\admin\Desktop\裁决战歌.lnk | lnk | |
MD5:DF0B3EB05C64398C3A3865B90AE7B88F | SHA256:8C667CD56205ABE3B9DA79DADCE6091D4D3BE2E4D9E2EB734B305F330FC01CE7 | |||
2844 | 02322339_2.exe | C:\Users\admin\AppData\Roaming\LiteGameBox_cjzg\cjzg.ui | compressed | |
MD5:B3609F08A6396D2D04708659C3765BEA | SHA256:085ED74CF4FB045232D1A92E61E2545BD267E2A34AD1A78FA52FCEC68D5116D1 | |||
2844 | 02322339_2.exe | C:\Users\admin\AppData\Roaming\LiteGameBox_cjzg\裁决战歌.lnk | lnk | |
MD5:CE27E52A3BD261A6A32BE5016E55D30B | SHA256:C8AE319157F1FA6B2F45CDE678DF31A60697D66151D0B6593C375FD04D5C006D | |||
2844 | 02322339_2.exe | C:\Users\admin\AppData\Roaming\LiteGameBox_cjzg\cjzg.ico | image | |
MD5:D457462B6F5E9B765B9CF81DE0A5BC0A | SHA256:7C4F9503B42021B6F17FA48ED7819911C3062BC41849AD50314A20368387B265 | |||
3552 | cjzg.exe | C:\Users\admin\AppData\Local\Temp\LiteGameBox2Run_cjzg\cjzg.ui | compressed | |
MD5:B3609F08A6396D2D04708659C3765BEA | SHA256:085ED74CF4FB045232D1A92E61E2545BD267E2A34AD1A78FA52FCEC68D5116D1 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/main.css?t=202006121 | CN | text | 2.36 Kb | suspicious |
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/input_reg_act.png?t=20191021 | CN | image | 1.45 Kb | suspicious |
3552 | cjzg.exe | GET | 200 | 139.129.105.182:80 | http://wan.ludashi.com/micro/cjzg/index_lds.html?channel=mnds&from=mnds_wd_cjzg | CN | html | 3.04 Kb | unknown |
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/third_qq.png?t=20191021 | CN | image | 4.09 Kb | suspicious |
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/log_btn.png?t=20191021 | CN | image | 61.2 Kb | suspicious |
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/bg.png?t=20200105 | CN | image | 149 Kb | suspicious |
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/upload.jpg | CN | image | 37.0 Kb | suspicious |
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/nav.png | CN | image | 16.5 Kb | suspicious |
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/input_reg_code.png?t=20191021 | CN | image | 1.79 Kb | suspicious |
3552 | cjzg.exe | GET | 200 | 101.226.26.228:80 | http://cdn-file.ludashi.com/wan/micro/cjzg/assets_lds/third_weixin.png?t=20191021 | CN | image | 4.81 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3552 | cjzg.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3552 | cjzg.exe | 139.129.105.182:80 | wan.ludashi.com | Hangzhou Alibaba Advertising Co.,Ltd. | CN | unknown |
3552 | cjzg.exe | 120.27.82.56:80 | i.ludashi.com | Hangzhou Alibaba Advertising Co.,Ltd. | CN | unknown |
3552 | cjzg.exe | 180.163.121.216:80 | cdn-wan.ludashi.com | China Telecom (Group) | CN | unknown |
3552 | cjzg.exe | 101.226.26.228:80 | cdn-file.ludashi.com | China Telecom (Group) | CN | unknown |
3552 | cjzg.exe | 101.226.26.230:443 | cdn-file.ludashi.com | China Telecom (Group) | CN | unknown |
Domain | IP | Reputation |
---|---|---|
wan.ludashi.com |
| unknown |
cdn-file.ludashi.com |
| suspicious |
cdn-wan.ludashi.com |
| suspicious |
cdn-ssl-wan.ludashi.com |
| malicious |
ocsp.digicert.com |
| whitelisted |
status.rapidssl.com |
| shared |
i.ludashi.com |
| unknown |
dns.msftncsi.com |
| shared |