比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp03-1 2020-10-27 20:04:46 2020-10-27 20:07:03 137 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 CCleaner Professional v5.46.6652.zip ==> CCleaner.exe
文件大小 13797712 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7218480ce5f9bc51d88e3d6dda49c0ff
SHA1 b297348fb1c6b0969317c712ebc90960d6a52428
SHA256 9081dfc8f89b2d1c11b7980b2b62585a71ced37d19e16bb7067b448e576a2e42
SHA512 fbda05f43687e65bc1855f88511b129ecfe61d0ca4c54204811c393e728d83c04e9a1416c26532e1f3d4b3b1b636b7821613727bee9cdfa1e43ca6e95b1490f5
CRC32 A961A380
Ssdeep 196608:iTdq1L0bgnlgfR6W0XKpVdWeyrqNlGkA9cfSB+:iTA1L0slggrCByrqNa+5
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155
analytics.ff.avast.com CNAME analytics.ns1.ff.avast.com
A 5.62.53.212
A 5.62.53.229
license.piriform.com CNAME f3.shared.global.fastly.net
A 151.101.110.109
watson.microsoft.com CNAME legacy.umwatsonrouting.trafficmanager.net
A 52.147.198.201
CNAME skypedataprdcoleus16.cloudapp.net

摘要

登录查看详细行为信息
没有信息显示.
F11'1:
g:VT\
Q^+}Q3C
没有防病毒引擎扫描信息!

进程树

cmd.exe, PID: 2448, 上一级进程 PID: 2256
CCleaner.exe, PID: 2516, 上一级进程 PID: 2448
CCleaner64.exe, PID: 2632, 上一级进程 PID: 2516
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 151.101.110.109 license.piriform.com 443
192.168.122.201 49159 23.218.94.163 acroipm.adobe.com 80
192.168.122.201 49163 5.62.53.212 analytics.ff.avast.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
acroipm.adobe.com CNAME acroipm.adobe.com.edgesuite.net
A 23.218.94.163
CNAME a1983.dscd.akamai.net
A 23.218.94.155
analytics.ff.avast.com CNAME analytics.ns1.ff.avast.com
A 5.62.53.212
A 5.62.53.229
license.piriform.com CNAME f3.shared.global.fastly.net
A 151.101.110.109
watson.microsoft.com CNAME legacy.umwatsonrouting.trafficmanager.net
A 52.147.198.201
CNAME skypedataprdcoleus16.cloudapp.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 151.101.110.109 license.piriform.com 443
192.168.122.201 49159 23.218.94.163 acroipm.adobe.com 80
192.168.122.201 49163 5.62.53.212 analytics.ff.avast.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52207 192.168.122.1 53
192.168.122.201 53125 192.168.122.1 53
192.168.122.201 59401 192.168.122.1 53
192.168.122.201 65178 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2020-10-27 20:05:16.665348+0800 192.168.122.201 49164 151.101.110.109 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3 C=US, ST=California, L=San Francisco, O=Fastly, Inc., CN=f3.shared.global.fastly.net c8:69:64:4e:52:7e:24:65:ee:27:d9:a5:a2:1b:c2:e2:0e:ff:25:f9
2020-10-27 20:05:16.607230+0800 192.168.122.201 49163 5.62.53.212 443 TLS 1.1 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA C=GB, L=London, O=Avast plc, OU=Certificates, CN=*.avast.com 65:eb:5b:5a:f7:6b:81:c9:fa:53:ee:77:76:12:95:6b:c5:7c:0f:fa

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 CCleaner.exe
相关文件
C:\Users\test\AppData\Local\Temp\zip-tmp\CCleaner Professional v5.46.6652\CCleaner.exe
文件大小 13797712 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 7218480ce5f9bc51d88e3d6dda49c0ff
SHA1 b297348fb1c6b0969317c712ebc90960d6a52428
SHA256 9081dfc8f89b2d1c11b7980b2b62585a71ced37d19e16bb7067b448e576a2e42
CRC32 A961A380
Ssdeep 196608:iTdq1L0bgnlgfR6W0XKpVdWeyrqNlGkA9cfSB+:iTA1L0slggrCByrqNa+5
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 22.52 seconds )

  • 10.697 Suricata
  • 4.05 BehaviorAnalysis
  • 3.071 TargetInfo
  • 2.556 VirusTotal
  • 1.566 NetworkAnalysis
  • 0.543 Dropped
  • 0.016 AnalysisInfo
  • 0.012 Strings
  • 0.007 Static
  • 0.002 Memory

Signatures ( 3.488 seconds )

  • 1.321 md_url_bl
  • 0.421 antiav_detectreg
  • 0.218 api_spamming
  • 0.171 stealth_decoy_document
  • 0.161 stealth_timeout
  • 0.152 infostealer_ftp
  • 0.086 antianalysis_detectreg
  • 0.086 infostealer_im
  • 0.056 antivm_generic_scsi
  • 0.049 infostealer_mail
  • 0.036 mimics_filetime
  • 0.033 antiav_detectfile
  • 0.031 reads_self
  • 0.03 antivm_generic_services
  • 0.027 anormaly_invoke_kills
  • 0.027 virus
  • 0.025 bootkit
  • 0.025 stealth_file
  • 0.024 maldun_anomaly_massive_file_ops
  • 0.024 kibex_behavior
  • 0.023 infostealer_bitcoin
  • 0.022 antivm_xen_keys
  • 0.022 darkcomet_regkeys
  • 0.021 antivm_parallels_keys
  • 0.02 geodo_banking_trojan
  • 0.019 betabot_behavior
  • 0.017 md_domain_bl
  • 0.017 recon_fingerprint
  • 0.016 hancitor_behavior
  • 0.014 infostealer_browser_password
  • 0.014 kovter_behavior
  • 0.014 antivm_generic_diskreg
  • 0.014 antivm_vbox_files
  • 0.012 antiemu_wine_func
  • 0.012 infostealer_browser
  • 0.011 antisandbox_productid
  • 0.01 antisandbox_sunbelt_libs
  • 0.009 antiav_avast_libs
  • 0.008 antisandbox_sboxie_libs
  • 0.008 antivm_vbox_keys
  • 0.007 injection_createremotethread
  • 0.007 antiav_bitdefender_libs
  • 0.007 anomaly_persistence_autorun
  • 0.007 bypass_firewall
  • 0.007 antivm_xen_keys
  • 0.007 antivm_hyperv_keys
  • 0.007 antivm_vbox_acpi
  • 0.007 antivm_vmware_keys
  • 0.007 antivm_vpc_keys
  • 0.007 packer_armadillo_regkey
  • 0.006 shifu_behavior
  • 0.006 antidbg_devices
  • 0.006 recon_programs
  • 0.005 antivm_generic_bios
  • 0.005 antivm_generic_system
  • 0.004 network_tor
  • 0.004 antivm_generic_disk
  • 0.004 injection_runpe
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.004 rat_pcclient
  • 0.003 antivm_vbox_libs
  • 0.003 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.003 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.003 ipc_namedpipe
  • 0.003 network_http
  • 0.002 tinba_behavior
  • 0.002 hawkeye_behavior
  • 0.002 rat_nanocore
  • 0.002 rat_luminosity
  • 0.002 kazybot_behavior
  • 0.002 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.002 exec_crash
  • 0.002 antivm_vmware_files
  • 0.002 disables_browser_warn
  • 0.002 codelux_behavior
  • 0.002 network_torgateway
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 antivm_vmware_libs
  • 0.001 anomaly_reset_winsock
  • 0.001 creates_largekey
  • 0.001 dyre_behavior
  • 0.001 encrypted_ioc
  • 0.001 creates_nullvalue
  • 0.001 cerber_behavior
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vpc_files
  • 0.001 antiemu_wine_reg
  • 0.001 banker_cridex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 maldun_anomaly_invoke_vb_vba
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 network_tor_service

Reporting ( 0.626 seconds )

  • 0.585 ReportHTMLSummary
  • 0.041 Malheur
Task ID 583404
Mongo ID 5f980da07e769a0a8f08ee36
Cuckoo release 1.4-Maldun