恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-1	2020-02-19 06:20:34	2020-02-19 06:21:37	63 秒

魔盾分数

4.575

可疑的

文件详细信息

文件名	病毒.zip ==> rehack.exe
文件大小	3677184 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	8d6fddb1c26d008ab377fe0740a5aee0
SHA1	ed651befabca1b2e50d7f187b320f22b2a52b023
SHA256	5ea85726ae5a3113b2c55e17bbe9e002a5ff2325b0aa1a15eadf419bc2b0dbb5
SHA512	140d31a4706dccde5762fcc51ff088d1bc9d157be43d42602658d8ee5af1e8751acbba50b680bc7d511370d13dc7de4bed0de5b53c76bdf8a087f4956428b79e
CRC32	2D80D080
Ssdeep	49152:X6vHe8Jaoyfd5iWoUmsOqkMnjKjVf7DIoCeTLHrpKCvKl0eUDiCTi2TzJ7B285B:X6vgoyxKtDBnrH+0ViCDzn285B
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
d3vngcy706h320.cloudfront.net	A 13.227.53.94 A 13.227.53.3 A 13.227.53.207 A 13.227.53.24
alt.springshirt.site	A 54.88.21.193
d2adi7hu49xk5t.cloudfront.net	A 13.225.100.52 A 13.225.100.230 A 13.225.100.120 A 13.225.100.14
rocketfiles3.pp.ua	A 185.26.122.76
trk.railquince.bid	CNAME 1jptv.voluumtrk2.com A 54.65.184.151 A 52.197.152.202
trk.guidewish.site	A 104.24.125.102 A 104.24.124.102
visit.polar-track.com	A 54.153.20.231 A 54.219.150.46 CNAME nostop.go2cloud.org
flake.creditcable.info	A 104.31.68.235 A 104.31.69.235
fonts.googleapis.com	A 203.208.41.71 A 203.208.41.70 A 203.208.41.73 A 203.208.41.72 A 203.208.41.78 A 203.208.41.66 A 203.208.41.68 A 203.208.41.67 A 203.208.41.69 A 203.208.41.64 A 203.208.41.65

摘要

登录查看详细行为信息

没有信息显示.

.text63
`_BSS
.rdata
@.reloc
B.FEMNNE
@.rsrc
@.data41
F\+RL
^dAt+
cGbQ_
hVP#N
WgD)3
U%`e?@
@kT`@
y"1<>
?cS.k
3l{uyr
1(4dV
Wtb$2
@*\VPe
;`,oL
lPY:-
od6s@
x^~g@
>G/)I)

没有防病毒引擎扫描信息!

进程树

rehack.exe id: 2816

cmd.exe, PID: 2744, 上一级进程 PID: 2332

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

rehack.exe, PID: 2816, 上一级进程 PID: 2744

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49171	104.24.124.102 trk.guidewish.site	80
192.168.122.201	49173	104.31.69.235 flake.creditcable.info	443
192.168.122.201	49165	13.225.100.14 d2adi7hu49xk5t.cloudfront.net	80
192.168.122.201	49162	13.227.53.24 d3vngcy706h320.cloudfront.net	80
192.168.122.201	49163	13.227.53.24 d3vngcy706h320.cloudfront.net	80
192.168.122.201	49169	185.26.122.76 rocketfiles3.pp.ua	80
192.168.122.201	49174	203.208.41.71 fonts.googleapis.com	443
192.168.122.201	49172	54.153.20.231 visit.polar-track.com	80
192.168.122.201	49170	54.65.184.151 trk.railquince.bid	80
192.168.122.201	49164	54.88.21.193 alt.springshirt.site	80
192.168.122.201	49167	54.88.21.193 alt.springshirt.site	80
192.168.122.201	49168	54.88.21.193 alt.springshirt.site	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49310	192.168.122.1	53
192.168.122.201	49608	192.168.122.1	53
192.168.122.201	49749	192.168.122.1	53
192.168.122.201	51856	192.168.122.1	53
192.168.122.201	58897	192.168.122.1	53
192.168.122.201	60905	192.168.122.1	53
192.168.122.201	62594	192.168.122.1	53
192.168.122.201	63681	192.168.122.1	53
192.168.122.201	64155	192.168.122.1	53
192.168.122.201	64725	192.168.122.1	53
192.168.122.201	64912	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
d3vngcy706h320.cloudfront.net	A 13.227.53.94 A 13.227.53.3 A 13.227.53.207 A 13.227.53.24
alt.springshirt.site	A 54.88.21.193
d2adi7hu49xk5t.cloudfront.net	A 13.225.100.52 A 13.225.100.230 A 13.225.100.120 A 13.225.100.14
rocketfiles3.pp.ua	A 185.26.122.76
trk.railquince.bid	CNAME 1jptv.voluumtrk2.com A 54.65.184.151 A 52.197.152.202
trk.guidewish.site	A 104.24.125.102 A 104.24.124.102
visit.polar-track.com	A 54.153.20.231 A 54.219.150.46 CNAME nostop.go2cloud.org
flake.creditcable.info	A 104.31.68.235 A 104.31.69.235
fonts.googleapis.com	A 203.208.41.71 A 203.208.41.70 A 203.208.41.73 A 203.208.41.72 A 203.208.41.78 A 203.208.41.66 A 203.208.41.68 A 203.208.41.67 A 203.208.41.69 A 203.208.41.64 A 203.208.41.65

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49171	104.24.124.102 trk.guidewish.site	80
192.168.122.201	49173	104.31.69.235 flake.creditcable.info	443
192.168.122.201	49165	13.225.100.14 d2adi7hu49xk5t.cloudfront.net	80
192.168.122.201	49162	13.227.53.24 d3vngcy706h320.cloudfront.net	80
192.168.122.201	49163	13.227.53.24 d3vngcy706h320.cloudfront.net	80
192.168.122.201	49169	185.26.122.76 rocketfiles3.pp.ua	80
192.168.122.201	49174	203.208.41.71 fonts.googleapis.com	443
192.168.122.201	49172	54.153.20.231 visit.polar-track.com	80
192.168.122.201	49170	54.65.184.151 trk.railquince.bid	80
192.168.122.201	49164	54.88.21.193 alt.springshirt.site	80
192.168.122.201	49167	54.88.21.193 alt.springshirt.site	80
192.168.122.201	49168	54.88.21.193 alt.springshirt.site	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49310	192.168.122.1	53
192.168.122.201	49608	192.168.122.1	53
192.168.122.201	49749	192.168.122.1	53
192.168.122.201	51856	192.168.122.1	53
192.168.122.201	58897	192.168.122.1	53
192.168.122.201	60905	192.168.122.1	53
192.168.122.201	62594	192.168.122.1	53
192.168.122.201	63681	192.168.122.1	53
192.168.122.201	64155	192.168.122.1	53
192.168.122.201	64725	192.168.122.1	53
192.168.122.201	64912	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://d3vngcy706h320.cloudfront.net/http://d3vngcy706h320.cloudfront.net/offer.php?affId=7512&trackingId=438119879&instId=7584&ho_trackingid=HO438119879&cc=DE&sb=x64&wv=7sp1&db=InternetExplorer&uac=1&cid=481e2c4cc1051f46813a74093c579c19&v=3&net=4.6.01590&ie=8%2e0%2e7601%2e17514&res=800x600&osd=1578&kid=hqmrb21bt4u51s9m5ch	GET http://d3vngcy706h320.cloudfront.net/offer.php?affId=7512&trackingId=438119879&instId=7584&ho_trackingid=HO438119879&cc=DE&sb=x64&wv=7sp1&db=InternetExplorer&uac=1&cid=481e2c4cc1051f46813a74093c579c19&v=3&net=4.6.01590&ie=8%2e0%2e7601%2e17514&res=800x600&osd=1578&kid=hqmrb21bt4u51s9m5ch HTTP/1.1 Host: d3vngcy706h320.cloudfront.net Connection: close Accept: / User-Agent:
URL专业沙箱检测 -> http://d3vngcy706h320.cloudfront.net/http://d3vngcy706h320.cloudfront.net/installer.php?affId=7512&instId=7584&ho_trackingid=HO4381198795e4c63529b965&trackingId=438119879&cc=CN&untracked=&uac=1&osd=1578&net=4.6.01590&cid=481e2c4cc1051f46813a74093c579c19&v=3&kid=hqmrb21bt4u51s9m5ch	POST http://d3vngcy706h320.cloudfront.net/installer.php?affId=7512&instId=7584&ho_trackingid=HO4381198795e4c63529b965&trackingId=438119879&cc=CN&untracked=&uac=1&osd=1578&net=4.6.01590&cid=481e2c4cc1051f46813a74093c579c19&v=3&kid=hqmrb21bt4u51s9m5ch HTTP/1.1 Host: d3vngcy706h320.cloudfront.net Connection: close Accept: / User-Agent: Content-Type: application/x-www-form-urlencoded Content-Length: 526 cid=481e2c4cc1051f46813a74093c579c19&uac=1&id[]=527259&id[]=527260&id[]=527261&id[]=527262&id[]=527263&id[]=527264&id[]=527265&id[]=527266&id[]=527267&id[]=527268&id[]=527269&id[]=453683&id[]=453684&id[]=453685&id[]=453686&id[]=686787&id[]=686788&id[]=686789&id[]=686790&id[]=2623143&id[]=2623144&id[]=2623145&id[]=2623146&id[]=3384996&id[]=3384997&id[]=3385028&id[]=3385029&id[]=1868&id[]=1877&id[]=1891&id[]=1892&id[]=1893&id[]=1898&id[]=1899&id[]=1900&id[]=3193&id[]=4064&id[]=3385036&id[]=3385037&id[]=3385038&id[]=3385039
URL专业沙箱检测 -> http://alt.springshirt.site/http://alt.springshirt.site/installer.php?affId=7512&instId=7584&ho_trackingid=HO4381198795e4c63529b965&trackingId=438119879&cc=CN&untracked=&uac=1&osd=1578&net=4.6.01590&cid=481e2c4cc1051f46813a74093c579c19&v=3&kid=hqmrb21bt4u51s9m5ch	POST http://alt.springshirt.site/installer.php?affId=7512&instId=7584&ho_trackingid=HO4381198795e4c63529b965&trackingId=438119879&cc=CN&untracked=&uac=1&osd=1578&net=4.6.01590&cid=481e2c4cc1051f46813a74093c579c19&v=3&kid=hqmrb21bt4u51s9m5ch HTTP/1.1 Host: alt.springshirt.site Connection: close Accept: / User-Agent: Content-Type: application/x-www-form-urlencoded Content-Length: 526 cid=481e2c4cc1051f46813a74093c579c19&uac=1&id[]=527259&id[]=527260&id[]=527261&id[]=527262&id[]=527263&id[]=527264&id[]=527265&id[]=527266&id[]=527267&id[]=527268&id[]=527269&id[]=453683&id[]=453684&id[]=453685&id[]=453686&id[]=686787&id[]=686788&id[]=686789&id[]=686790&id[]=2623143&id[]=2623144&id[]=2623145&id[]=2623146&id[]=3384996&id[]=3384997&id[]=3385028&id[]=3385029&id[]=1868&id[]=1877&id[]=1891&id[]=1892&id[]=1893&id[]=1898&id[]=1899&id[]=1900&id[]=3193&id[]=4064&id[]=3385036&id[]=3385037&id[]=3385038&id[]=3385039
URL专业沙箱检测 -> http://d2adi7hu49xk5t.cloudfront.net/normal_bg12.png	GET /normal_bg12.png HTTP/1.1 Accept: / Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: d2adi7hu49xk5t.cloudfront.net Connection: Keep-Alive
URL专业沙箱检测 -> http://alt.springshirt.site/report.php?typ=conversion&transId=438119879&affId=7512&instId=7584&ho_transId=HO4381198795e4c63529b965&s1=rocketfiles3.pp.ua&s2=2754&s3=&s4=Windows_10%7CFirefox&s5=1386338478&cid=481e2c4cc1051f46813a74093c579c19&uac=true&randid=0.05749125363121593	GET /report.php?typ=conversion&transId=438119879&affId=7512&instId=7584&ho_transId=HO4381198795e4c63529b965&s1=rocketfiles3.pp.ua&s2=2754&s3=&s4=Windows_10%7CFirefox&s5=1386338478&cid=481e2c4cc1051f46813a74093c579c19&uac=true&randid=0.05749125363121593 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: alt.springshirt.site
URL专业沙箱检测 -> http://alt.springshirt.site/report.php?typ=sys&affId=7512&instId=7584&ho_transId=HO4381198795e4c63529b965&transId=438119879&chk_s_b=&chk_s_v=LENOVO%20-%201&chk_c_ma=QEMU&chk_c_mo=Standard%20PC%20(i440FX%20+%20PIIX,%201996)&chk_mac=52:54:00:FF:13:A820:41:53:59:4E:FF&randid=0.7910368801918803	GET /report.php?typ=sys&affId=7512&instId=7584&ho_transId=HO4381198795e4c63529b965&transId=438119879&chk_s_b=&chk_s_v=LENOVO%20-%201&chk_c_ma=QEMU&chk_c_mo=Standard%20PC%20(i440FX%20+%20PIIX,%201996)&chk_mac=52:54:00:FF:13:A820:41:53:59:4E:FF&randid=0.7910368801918803 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: alt.springshirt.site
URL专业沙箱检测 -> http://rocketfiles3.pp.ua/config.zip	GET /config.zip HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: rocketfiles3.pp.ua Connection: Keep-Alive
URL专业沙箱检测 -> http://trk.railquince.bid/08e0b779-c1db-404a-b9a2-b4657d709f22	GET /08e0b779-c1db-404a-b9a2-b4657d709f22 HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: trk.railquince.bid Connection: Keep-Alive
URL专业沙箱检测 -> http://trk.guidewish.site/?affId=1852&cat=2&title=Download%20Setup&ext=yes&not=yes&cpalist=yes&cpalim=3&cpa=yes	GET /?affId=1852&cat=2&title=Download%20Setup&ext=yes&not=yes&cpalist=yes&cpalim=3&cpa=yes HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: trk.guidewish.site Connection: Keep-Alive
URL专业沙箱检测 -> http://visit.polar-track.com/aff_c?source=1852&offer_id=35&aff_id=1852&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=http%3A%2F%2Ftrk.guidewish.site%2F%3FaffId%3D1852%26cat%3D2%26title%3DDownload%2520Setup%26ext%3Dyes%26not%3Dno%26cpalist%3Dyes%26cpalim%3D3%26cpa%3Dyes%26noimp%3D1&aff_unique2=1852&aff_unique3=Download%20Setup&name=Download%20Setup&url=	GET /aff_c?source=1852&offer_id=35&aff_id=1852&aff_sub=&aff_sub2=&aff_sub3=&aff_sub4=&aff_sub5=&aff_unique1=http%3A%2F%2Ftrk.guidewish.site%2F%3FaffId%3D1852%26cat%3D2%26title%3DDownload%2520Setup%26ext%3Dyes%26not%3Dno%26cpalist%3Dyes%26cpalim%3D3%26cpa%3Dyes%26noimp%3D1&aff_unique2=1852&aff_unique3=Download%20Setup&name=Download%20Setup&url= HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: visit.polar-track.com Connection: Keep-Alive
URL专业沙箱检测 -> http://visit.polar-track.com/aff_r?offer_id=35&aff_id=1852&url=https%3A%2F%2Fflake.creditcable.info%2Fee2%2F%3Fc%3D10280568e68add5d99024283c19f8a%26url%3Dhttp%253A%252F%252Ftrk.guidewish.site%252F%253FaffId%253D1852%2526cat%253D2%2526title%253DDownload%252520Setup%2526ext%253Dyes%2526not%253Dno%2526cpalist%253Dyes%2526cpalim%253D3%2526cpa%253Dyes%2526noimp%253D1%26a%3D1852%26t%3DDownload%2BSetup%26s1%3D%26s2%3D%26s3%3D%26s4%3D%26s5%3D&urlauth=607750881874355682049086088511	GET /aff_r?offer_id=35&aff_id=1852&url=https%3A%2F%2Fflake.creditcable.info%2Fee2%2F%3Fc%3D10280568e68add5d99024283c19f8a%26url%3Dhttp%253A%252F%252Ftrk.guidewish.site%252F%253FaffId%253D1852%2526cat%253D2%2526title%253DDownload%252520Setup%2526ext%253Dyes%2526not%253Dno%2526cpalist%253Dyes%2526cpalim%253D3%2526cpa%253Dyes%2526noimp%253D1%26a%3D1852%26t%3DDownload%2BSetup%26s1%3D%26s2%3D%26s3%3D%26s4%3D%26s5%3D&urlauth=607750881874355682049086088511 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: visit.polar-track.com Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2020-02-19 06:21:31.185486+0800	192.168.122.201	49173	104.31.69.235	443	TLS 1.2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2	C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=sni.cloudflaressl.com	5a:31:5b:76:2d:dd:ea:fd:3b:ee:21:5a:c6:aa:a5:15:94:02:d6:4a
2020-02-19 06:21:32.616721+0800	192.168.122.201	49174	203.208.41.71	443	TLS 1.2	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.storage.googleapis.com	e7:bc:18:25:18:64:90:8f:64:3a:c8:f0:8d:f9:42:8c:76:55:29:37

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	rehack.exe
相关文件	C:\Users\test\AppData\Local\Temp\zip-tmp\rehack.exe
文件大小	3677184 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	8d6fddb1c26d008ab377fe0740a5aee0
SHA1	ed651befabca1b2e50d7f187b320f22b2a52b023
SHA256	5ea85726ae5a3113b2c55e17bbe9e002a5ff2325b0aa1a15eadf419bc2b0dbb5
CRC32	2D80D080
Ssdeep	49152:X6vHe8Jaoyfd5iWoUmsOqkMnjKjVf7DIoCeTLHrpKCvKl0eUDiCTi2TzJ7B285B:X6vgoyxKtDBnrH+0ViCDzn285B
	下载提交魔盾安全分析

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 27.231 seconds )

16.021 Suricata
6.869 NetworkAnalysis
1.681 VirusTotal
1.21 TargetInfo
1.164 BehaviorAnalysis
0.213 Dropped
0.054 AnalysisInfo
0.015 Strings
0.003 Memory
0.001 Static

Signatures ( 3.037 seconds )

2.227 md_url_bl
0.157 antiav_detectreg
0.056 infostealer_ftp
0.056 md_domain_bl
0.055 api_spamming
0.045 stealth_timeout
0.04 stealth_decoy_document
0.033 antianalysis_detectreg
0.032 infostealer_im
0.02 antivm_generic_scsi
0.018 stealth_file
0.018 infostealer_mail
0.015 antivm_generic_services
0.014 anormaly_invoke_kills
0.011 geodo_banking_trojan
0.008 kibex_behavior
0.008 kovter_behavior
0.008 antiav_detectfile
0.008 antivm_parallels_keys
0.008 antivm_xen_keys
0.007 antiemu_wine_func
0.007 dridex_behavior
0.007 heapspray_js
0.007 anomaly_persistence_autorun
0.007 infostealer_browser_password
0.007 darkcomet_regkeys
0.007 network_http
0.006 mimics_filetime
0.006 betabot_behavior
0.006 reads_self
0.006 infostealer_bitcoin
0.006 ransomware_extensions
0.006 ransomware_files
0.005 virtualcheck_js
0.005 antivm_generic_diskreg
0.004 bootkit
0.004 antivm_generic_disk
0.004 virus
0.004 network_torgateway
0.004 recon_fingerprint
0.003 tinba_behavior
0.003 antidbg_windows
0.003 hancitor_behavior
0.003 antisandbox_productid
0.003 antivm_vbox_files
0.003 antivm_vbox_keys
0.003 antivm_vmware_keys
0.003 antivm_vpc_keys
0.003 disables_browser_warn
0.002 antivm_vbox_libs
0.002 rat_nanocore
0.002 dead_connect
0.002 cerber_behavior
0.002 bypass_firewall
0.002 antivm_xen_keys
0.002 antivm_hyperv_keys
0.002 antivm_vbox_acpi
0.002 browser_security
0.002 modify_proxy
0.002 maldun_anormaly_invoke_vb_vba
0.002 md_bad_drop
0.002 network_cnc_http
0.002 packer_armadillo_regkey
0.001 network_tor
0.001 antiav_avast_libs
0.001 infostealer_browser
0.001 injection_createremotethread
0.001 stealth_network
0.001 ursnif_behavior
0.001 kazybot_behavior
0.001 antisandbox_sunbelt_libs
0.001 shifu_behavior
0.001 exec_crash
0.001 java_js
0.001 js_phish
0.001 silverlight_js
0.001 js_suspicious_redirect
0.001 antianalysis_detectfile
0.001 antidbg_devices
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 maldun_network_blacklist
0.001 rat_spynet
0.001 recon_programs
0.001 stealth_modify_uac_prompt

Reporting ( 1.407 seconds )

0.858 ReportHTMLSummary
0.549 Malheur


Task ID	513047
Mongo ID	5e4c63a82f8f2e0dfb6c7235
Cuckoo release	1.4-Maldun