恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-1	2020-01-18 14:57:56	2020-01-18 15:00:07	131 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	821.rtf
文件大小	128873 字节
文件类型	Rich Text Format data, unknown version
MD5	9a35427d4f3e213ea92f079709cdc719
SHA1	87a1dbce96992efe122677271a965cbc45ef9b24
SHA256	821fe64be78021c90fa784ce0974c58c3541edcb181f4671ead4fce302d58258
SHA512	035517373f18a6ff6db5e7aa7a17f93392702464f9b407d7900daeee4f83192357e3abb26a4ce0eb62d2c7e42de0306410c2f73ca87424109b082c3f88a77627
CRC32	97272DC9
Ssdeep	1536:essIAnJiYC8t9+TeZdu4BkBEx2kPwFlb7qJtnms:e+AJiYC8RnD
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
bit.ly	A 67.199.248.11 A 67.199.248.10

摘要

登录查看详细行为信息

没有可用的静态分析.

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20200117
TotalDefense	未发现病毒	20200117
MicroWorld-eScan	未发现病毒	20200116
FireEye	未发现病毒	20200117
CAT-QuickHeal	Exp.RTF.Obfus.Gen	20200117
ALYac	未发现病毒	20200117
Malwarebytes	未发现病毒	20200117
VIPRE	未发现病毒	20200117
SUPERAntiSpyware	未发现病毒	20200112
Sangfor	Malware	20200114
K7AntiVirus	未发现病毒	20200117
K7GW	Trojan ( 655333331 )	20200117
BitDefenderTheta	未发现病毒	20200113
F-Prot	未发现病毒	20200117
ESET-NOD32	probably a variant of Win32/Exploit.CVE-2017-11882.E	20200117
Baidu	未发现病毒	20190318
TrendMicro-HouseCall	Trojan.W97M.CVE201711882.SMKIP	20200117
Avast	Other:Malware-gen [Trj]	20200117
ClamAV	未发现病毒	20200117
GData	Script.Trojan-Downloader.MalRTF.B	20200117
Kaspersky	HEUR:Exploit.MSOffice.Generic	20200117
BitDefender	未发现病毒	20200117
NANO-Antivirus	Exploit.Rtf.Heuristic-rtf.dinbqn	20200117
ViRobot	未发现病毒	20200117
Tencent	Office.Exploit.Generic.Htlt	20200117
Ad-Aware	未发现病毒	20200117
Sophos	Troj/RtfExp-EP	20200117
Comodo	未发现病毒	20200117
F-Secure	Exploit.EXP/CVE-2017-11882.jindo	20200117
DrWeb	未发现病毒	20200117
Zillya	未发现病毒	20200117
TrendMicro	Trojan.W97M.CVE201711882.SMKIP	20200117
McAfee-GW-Edition	Exploit-GAN!9A35427D4F3E	20200117
CMC	未发现病毒	20190321
Emsisoft	未发现病毒	20200117
Cyren	RTF/CVE-2017-11882.B.gen!Camelot	20200117
Jiangmin	heur:Exploit.ShellCode.Gen	20200117
Avira	EXP/CVE-2017-11882.jindo	20200117
Antiy-AVL	Trojan[Exploit]/RTF.Obscure.Gen	20200116
Kingsoft	未发现病毒	20200117
Microsoft	Trojan:Win32/Skeeyah.A!rfn	20200117
Arcabit	未发现病毒	20200117
AegisLab	Trojan.Multi.Generic.4!c	20200117
ZoneAlarm	HEUR:Exploit.MSOffice.Generic	20200117
Avast-Mobile	未发现病毒	20200117
TACHYON	Trojan-Exploit/RTF.CVE-2017-11882	20200117
AhnLab-V3	RTF/Malform-A.Gen	20200117
McAfee	Exploit-GAN!9A35427D4F3E	20200117
MAX	未发现病毒	20200117
VBA32	未发现病毒	20200117
Zoner	Probably RTFBadSpacing	20200116
Rising	Exploit.Nemucod!1.BC52 (CLASSIC)	20200117
Yandex	未发现病毒	20200117
Ikarus	Exploit.Office.Doc	20200117
MaxSecure	未发现病毒	20200117
Fortinet	RTF/CVE_2017_11882.SD!exploit	20200117
AVG	Other:Malware-gen [Trj]	20200117
Panda	未发现病毒	20200117
Qihoo-360	susp.rtf.objupdate.gen	20200117

进程树

WINWORD.EXE id: 2644
- splwow64.exe id: 2792

WINWORD.EXE, PID: 2644, 上一级进程 PID: 2332

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

splwow64.exe, PID: 2792, 上一级进程 PID: 2644

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	67.199.248.11 bit.ly	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	64912	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
bit.ly	A 67.199.248.11 A 67.199.248.10

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	67.199.248.11 bit.ly	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	64912	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://bit.ly/2P8hdXw	GET /2P8hdXw HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: bit.ly Connection: Keep-Alive

URI

HTTP数据

URL专业沙箱检测 -> http://bit.ly/2P8hdXw

GET /2P8hdXw HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: bit.ly
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 28.284 seconds )

16.55 Suricata
5.418 BehaviorAnalysis
2.798 Strings
1.605 NetworkAnalysis
1.42 VirusTotal
0.38 TargetInfo
0.061 AnalysisInfo
0.049 Static
0.003 Memory

Signatures ( 5.431 seconds )

1.948 md_url_bl
0.61 infostealer_browser
0.588 antiav_detectreg
0.245 api_spamming
0.224 stealth_decoy_document
0.203 stealth_timeout
0.202 infostealer_ftp
0.131 stealth_file
0.125 antianalysis_detectreg
0.12 mimics_filetime
0.113 infostealer_im
0.101 infostealer_browser_password
0.088 ipc_namedpipe
0.073 bootkit
0.064 infostealer_mail
0.044 antivm_generic_scsi
0.03 kibex_behavior
0.029 antivm_parallels_keys
0.029 antivm_xen_keys
0.029 darkcomet_regkeys
0.026 geodo_banking_trojan
0.025 recon_fingerprint
0.022 betabot_behavior
0.021 md_domain_bl
0.02 antivm_generic_diskreg
0.017 antivm_generic_services
0.017 antisandbox_productid
0.015 anormaly_invoke_kills
0.015 antiav_detectfile
0.011 antivm_vbox_keys
0.011 antivm_vmware_keys
0.01 bypass_firewall
0.01 antivm_hyperv_keys
0.01 antivm_vpc_keys
0.01 infostealer_bitcoin
0.01 maldun_anormaly_invoke_vb_vba
0.009 anomaly_persistence_autorun
0.009 antivm_xen_keys
0.009 antivm_vbox_acpi
0.009 packer_armadillo_regkey
0.008 antivm_generic_bios
0.008 antivm_generic_cpu
0.008 antivm_generic_system
0.007 antivm_generic_disk
0.007 virus
0.006 antivm_vbox_files
0.006 network_http
0.006 ransomware_extensions
0.006 ransomware_files
0.005 kovter_behavior
0.004 antiemu_wine_func
0.004 disables_browser_warn
0.004 office_martian_children
0.003 tinba_behavior
0.003 maldun_anomaly_massive_file_ops
0.003 antidbg_windows
0.003 hancitor_behavior
0.003 md_bad_drop
0.003 network_torgateway
0.002 network_tor
0.002 rat_nanocore
0.002 stack_pivot
0.002 injection_createremotethread
0.002 cerber_behavior
0.002 antidbg_devices
0.002 browser_security
0.002 modify_proxy
0.002 network_cnc_http
0.001 hawkeye_behavior
0.001 antivm_vbox_libs
0.001 ransomware_dmalocker
0.001 antiav_avast_libs
0.001 maldun_malicious_write_executeable_under_temp_to_regrun
0.001 rat_luminosity
0.001 anomaly_persistence_bootexecute
0.001 maldun_anomaly_write_exe_and_obsfucate_extension
0.001 sets_autoconfig_url
0.001 ursnif_behavior
0.001 kazybot_behavior
0.001 antisandbox_sunbelt_libs
0.001 ransomeware_modifies_desktop_wallpaper
0.001 shifu_behavior
0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
0.001 injection_runpe
0.001 antianalysis_detectfile
0.001 antivm_vmware_files
0.001 antivm_vmware_mutexes
0.001 antiemu_wine_reg
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 codelux_behavior
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 malicous_targeted_flame
0.001 maldun_network_blacklist
0.001 rat_pcclient
0.001 rat_spynet
0.001 stealth_hide_notifications
0.001 stealth_modify_uac_prompt

Reporting ( 1.209 seconds )

1.07 ReportHTMLSummary
0.139 Malheur


Task ID	488308
Mongo ID	5e22ad3a2f8f2e4bee63739c
Cuckoo release	1.4-Maldun