恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp01-2	2020-04-03 15:08:02	2020-04-03 15:10:32	150 秒

魔盾分数

10.0

危险的

URL详细信息

URL
URL专业沙箱检测 -> http://fget-career.com

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
fget-career.com	A 72.26.218.70

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: Super Privacy Service LTD c/o Dynadot
Country: US
State: California
City: San Mateo
ZIP Code: 94401
Address: PO Box 701

Orginization: None
Domain Name(s):
    FGET-CAREER.COM
Creation Date:
    2016-06-07 13:50:07
    2016-06-07 13:50:07
Updated Date:
    2019-12-10 21:00:38
    2019-12-10 21:00:38
Expiration Date:
    2020-06-07 13:50:07
    2020-06-07 13:50:07
Email(s):
    abuse@dynadot.com
    fget-career.com@superprivacyservice.com

Registrar(s):
    DYNADOT LLC
Name Server(s):
    NS1.FGET-CAREER.COM
    NS2.FGET-CAREER.COM
    NS3.FGET-CAREER.COM
    NS4.FGET-CAREER.COM
    NS5.FGET-CAREER.COM
    NS6.FGET-CAREER.COM
    NS7.FGET-CAREER.COM
    NS8.FGET-CAREER.COM
    ns1.fget-career.com
    ns2.fget-career.com
    ns3.fget-career.com
    ns4.fget-career.com
    ns5.fget-career.com
    ns6.fget-career.com
    ns7.fget-career.com
    ns8.fget-career.com
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

iexplore.exe id: 2656

搜索
iexplore.exe (2656)

iexplore.exe, PID: 2656, 上一级进程 PID: 2320

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.202	49160	72.26.218.70 fget-career.com	80
192.168.122.202	49161	72.26.218.70 fget-career.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.202	55264	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
fget-career.com	A 72.26.218.70

TCP

源地址	源端口	目标地址	目标端口
192.168.122.202	49160	72.26.218.70 fget-career.com	80
192.168.122.202	49161	72.26.218.70 fget-career.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.202	55264	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://fget-career.com/	GET / HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: fget-career.com Connection: Keep-Alive
URL专业沙箱检测 -> http://fget-career.com/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: fget-career.com Connection: Keep-Alive Cookie: btst=242d6e3251b83cd5935275a97f3028cb\|180.164.178.26\|1585897727\|1585897727\|0\|1\|0; snkz=180.164.178.26

URI

HTTP数据

URL专业沙箱检测 -> http://fget-career.com/

GET / HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: fget-career.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://fget-career.com/favicon.ico

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: fget-career.com
Connection: Keep-Alive
Cookie: btst=242d6e3251b83cd5935275a97f3028cb|180.164.178.26|1585897727|1585897727|0|1|0; snkz=180.164.178.26

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2020-04-03 15:08:48.209191+0800	72.26.218.70	80	192.168.122.202	49160	TCP	2018141	ET TROJAN Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz	A Network Trojan was detected

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 22.492 seconds )

15.491 Suricata
4.241 NetworkAnalysis
2.207 Static
0.403 VirusTotal
0.138 AnalysisInfo
0.007 BehaviorAnalysis
0.005 Memory

Signatures ( 2.134 seconds )

1.991 md_url_bl
0.021 md_domain_bl
0.019 antiav_detectreg
0.011 anomaly_persistence_autorun
0.008 antiav_detectfile
0.007 infostealer_ftp
0.006 ransomware_files
0.005 geodo_banking_trojan
0.005 infostealer_im
0.005 ransomware_extensions
0.004 tinba_behavior
0.004 antianalysis_detectreg
0.004 infostealer_bitcoin
0.003 rat_nanocore
0.003 cerber_behavior
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.003 network_torgateway
0.002 betabot_behavior
0.002 browser_security
0.002 md_bad_drop
0.001 network_tor
0.001 anomaly_persistence_bootexecute
0.001 ursnif_behavior
0.001 kazybot_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antianalysis_detectfile
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 ie_martian_children
0.001 maldun_network_blacklist
0.001 stealth_modify_uac_prompt
0.001 whois_create

Reporting ( 0.837 seconds )

0.837 ReportHTMLSummary


Task ID	533964
Mongo ID	5e86e1862f8f2e1bd2539a97
Cuckoo release	1.4-Maldun