恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2020-10-27 19:49:58	2020-10-27 19:50:44	46 秒

魔盾分数

0.7

正常的

文件详细信息

文件名	PixelmonBL-F4S.jar
文件大小	10950438 字节
文件类型	Zip archive data, at least v2.0 to extract
MD5	9ef9f203aefc710b1eca12432b231f30
SHA1	bf20cfc8b6f0374e353b729745ea6e1c30a9b7b0
SHA256	40c66e7be1ffb6bb3fd582b34ea248033a73f2296ee355586f8062cfece41810
SHA512	e9230a8a96de82e802c72e0d3fa4013e213b83d9c053c71025f5f8aad263fddf3c0342062d6d6d938df26d90eb288f8208053252b42d14d57a21b24d9ac32d7d
CRC32	777BE96C
Ssdeep	196608:KPSB0AM0YXWgA5+BTu9trp9ay+p9jyEXhxWzXS/jodHasoGBdP02EUMR+:d0AMIHp9V+plHWDCXcXT
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 23.218.94.163 CNAME a1983.dscd.akamai.net A 23.218.94.155
watson.microsoft.com	A 104.42.151.234 CNAME legacy.umwatsonrouting.trafficmanager.net CNAME skypedataprdcolwus16.cloudapp.net

摘要

登录查看详细行为信息

F1~6F
)$b4b

没有防病毒引擎扫描信息!

进程树

java.exe id: 2384

搜索
java.exe (2384)

java.exe, PID: 2384, 上一级进程 PID: 2184

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49161	104.42.151.234 watson.microsoft.com	80
192.168.122.201	49160	23.218.94.155 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net A 23.218.94.163 CNAME a1983.dscd.akamai.net A 23.218.94.155
watson.microsoft.com	A 104.42.151.234 CNAME legacy.umwatsonrouting.trafficmanager.net CNAME skypedataprdcolwus16.cloudapp.net

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49161	104.42.151.234 watson.microsoft.com	80
192.168.122.201	49160	23.218.94.155 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://watson.microsoft.com/StageOne/AcroRd32_exe/11_0_0_379/505fd19e/AcroRd32_dll/11_0_0_379/505fd190/c0000005/000d2b25.htm?LCID=2052&OS=6.1.7601.2.00010100.1.0.1.17514&SM=QEMU&SPN=Standard%20PC%20(i440FX%20+%20PIIX_%201996)&BV=Bochs&MID=418354EE-9703-4A5C-8802-E77B54791961	GET /StageOne/AcroRd32_exe/11_0_0_379/505fd19e/AcroRd32_dll/11_0_0_379/505fd190/c0000005/000d2b25.htm?LCID=2052&OS=6.1.7601.2.00010100.1.0.1.17514&SM=QEMU&SPN=Standard%20PC%20(i440FX%20+%20PIIX_%201996)&BV=Bochs&MID=418354EE-9703-4A5C-8802-E77B54791961 HTTP/1.1 Connection: Keep-Alive User-Agent: MSDW Host: watson.microsoft.com

URI

HTTP数据

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip

GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://watson.microsoft.com/StageOne/AcroRd32_exe/11_0_0_379/505fd19e/AcroRd32_dll/11_0_0_379/505fd190/c0000005/000d2b25.htm?LCID=2052&OS=6.1.7601.2.00010100.1.0.1.17514&SM=QEMU&SPN=Standard%20PC%20(i440FX%20+%20PIIX_%201996)&BV=Bochs&MID=418354EE-9703-4A5C-8802-E77B54791961

GET /StageOne/AcroRd32_exe/11_0_0_379/505fd19e/AcroRd32_dll/11_0_0_379/505fd190/c0000005/000d2b25.htm?LCID=2052&OS=6.1.7601.2.00010100.1.0.1.17514&SM=QEMU&SPN=Standard%20PC%20(i440FX%20+%20PIIX_%201996)&BV=Bochs&MID=418354EE-9703-4A5C-8802-E77B54791961 HTTP/1.1
Connection: Keep-Alive
User-Agent: MSDW
Host: watson.microsoft.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2020-10-27 19:50:29.954886+0800	192.168.122.201	49161	104.42.151.234	80	TCP	2018170	ET POLICY Application Crash Report Sent to Microsoft	Potential Corporate Privacy Violation

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 17.203 seconds )

11.221 Suricata
2.072 TargetInfo
1.862 VirusTotal
1.359 NetworkAnalysis
0.558 BehaviorAnalysis
0.099 Static
0.019 Strings
0.011 AnalysisInfo
0.002 Memory

Signatures ( 9.045 seconds )

7.381 network_http
1.384 md_url_bl
0.029 infostealer_browser
0.027 api_spamming
0.023 reads_self
0.02 stealth_timeout
0.018 stealth_decoy_document
0.015 mimics_filetime
0.014 stealth_file
0.012 antiav_detectreg
0.011 infostealer_browser_password
0.011 md_domain_bl
0.009 ipc_namedpipe
0.008 bootkit
0.008 antiav_detectfile
0.006 infostealer_ftp
0.005 anomaly_persistence_autorun
0.005 infostealer_bitcoin
0.004 antiav_bitdefender_libs
0.004 geodo_banking_trojan
0.004 infostealer_im
0.004 ransomware_extensions
0.004 ransomware_files
0.003 antivm_vbox_files
0.002 tinba_behavior
0.002 antivm_generic_disk
0.002 cerber_behavior
0.002 virus
0.002 antianalysis_detectreg
0.002 disables_browser_warn
0.002 infostealer_mail
0.002 network_torgateway
0.001 antiemu_wine_func
0.001 network_tor
0.001 rat_nanocore
0.001 stack_pivot
0.001 injection_createremotethread
0.001 betabot_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 kovter_behavior
0.001 hancitor_behavior
0.001 antidbg_devices
0.001 bot_drive
0.001 bot_drive2
0.001 browser_security
0.001 modify_proxy
0.001 maldun_malicious_drop_executable_file_to_temp_folder
0.001 md_bad_drop
0.001 maldun_network_blacklist
0.001 network_cnc_http
0.001 stealth_modify_uac_prompt

Reporting ( 0.525 seconds )

0.484 ReportHTMLSummary
0.041 Malheur


Task ID	583403
Mongo ID	5f9809ba7e769a0a8d08e168
Cuckoo release	1.4-Maldun