恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp03-1	2020-10-27 11:14:11	2020-10-27 11:16:19	128 秒

魔盾分数

10.0

Packer病毒

文件详细信息

文件名	毒霸垃圾清理.exe
文件大小	7427888 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	55b602ffa82f7c9f03237eb0be809495
SHA1	8af1a48fc7842fa97dfd9b9564d0c6757565ea89
SHA256	4e8248bfc36f9b8027716b040abb7c4e99df65fe4345ef34633da527c88070f4
SHA512	23aff36f18abee3de597f1472c90d85f759837d88d297136eefe2737f56d1ac0aed1857b16d84759108b8519f6c4d9e8a84e0f6421b00ddb0fb8a62ec9787413
CRC32	DF37796B
Ssdeep	196608:23ysHBjnvz/G+SsT/zoSYhmwNUbfRTt9TZbh:ij7G0T/zoXt+lTNt
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net CNAME a1983.dscd.akamai.net A 23.200.74.40 A 125.252.224.27
dl.ijinshan.com	A 183.134.67.134 A 183.134.67.145 A 183.134.67.143 CNAME dl.ijinshan.cmcm.com A 183.134.67.141 CNAME dl.ijinshan.com.bsgslb.cn CNAME zliebao.v.bsgslb.cn A 183.134.67.130 A 183.134.67.144 A 183.134.67.131 A 183.134.67.133 A 183.134.67.140 A 183.134.67.135

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x0040b0cc
声明校验值	0x0072495c
实际校验值	0x0072495c
最低操作系统版本要求	1.0
编译时间	1992-06-20 06:22:17
载入哈希	644aa49c6fb7e0ef7d928504737ef069
图标
图标精确哈希值	191a8586a03daf7bf7858b6a5c8f548f
图标相似性哈希值	b13e363b4a4d128764d3895c70c569ac

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

微软证书验证 (Sign Tool)

SHA1	时间戳	有效性	错误
bc61379e83588a9744e62ea35ca964c2163e66e7	Mon Oct 26 11:58:03 2020	否	WinVerifyTrust returned error 0x800B010D ,,

证书链	Certificate Chain 1
发行给	Root Agency
发行人	Root Agency
有效期	Sun Jan 01 075959 2040
SHA1 哈希	fee449ee0e3965a5246f000e87fde2a065fd89d4

证书链	Certificate Chain 2
发行给	qiuquan.cc
发行人	Root Agency
有效期	Fri Mar 18 000000 2089
SHA1 哈希	62f49b82004eb842009e010a6670bf44f1759371

证书链	Timestamp Chain 1
发行给	DigiCert Assured ID Root CA
发行人	DigiCert Assured ID Root CA
有效期	Mon Nov 10 080000 2031
SHA1 哈希	0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

证书链	Timestamp Chain 2
发行给	DigiCert Assured ID CA-1
发行人	DigiCert Assured ID Root CA
有效期	Wed Nov 10 080000 2021
SHA1 哈希	19a09b5a36f4dd99727df783c17a51231a56c117

证书链	Timestamp Chain 3
发行给	DigiCert Timestamp Responder
发行人	DigiCert Assured ID CA-1
有效期	Tue Oct 22 080000 2024
SHA1 哈希	614d271d9102e30169822487fde5de00a352b01d

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
CODE	0x00001000	0x0000a804	0x0000aa00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.67
DATA	0x0000c000	0x00000250	0x00000400	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	2.76
BSS	0x0000d000	0x00000e90	0x00000000	IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.idata	0x0000e000	0x00000978	0x00000a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	4.49
.tls	0x0000f000	0x00000008	0x00000000	IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.00
.rdata	0x00010000	0x00000018	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_SHARED\|IMAGE_SCN_MEM_READ	0.19
.reloc	0x00011000	0x00000914	0x00000000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_SHARED\|IMAGE_SCN_MEM_READ	0.00
.rsrc	0x00012000	0x00004d8c	0x00004e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_SHARED\|IMAGE_SCN_MEM_READ	6.65

覆盖

偏移量	0x00010c00
大小	0x00704b30

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
RT_ICON	0x00015974	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.70	GLS_BINARY_LSB_FIRST
RT_ICON	0x00015974	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.70	GLS_BINARY_LSB_FIRST
RT_ICON	0x00015974	0x00000468	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.70	GLS_BINARY_LSB_FIRST
RT_STRING	0x00016254	0x000000ae	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.05	data
RT_STRING	0x00016254	0x000000ae	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.05	data
RT_STRING	0x00016254	0x000000ae	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.05	data
RT_STRING	0x00016254	0x000000ae	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.05	data
RT_STRING	0x00016254	0x000000ae	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.05	data
RT_STRING	0x00016254	0x000000ae	LANG_NEUTRAL	SUBLANG_NEUTRAL	3.05	data
RT_RCDATA	0x00016304	0x0000002c	LANG_NEUTRAL	SUBLANG_NEUTRAL	4.57	data
RT_GROUP_ICON	0x00016330	0x00000030	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.08	MS Windows icon resource - 3 icons, 48x48
RT_VERSION	0x00016360	0x00000488	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.16	data
RT_MANIFEST	0x000167e8	0x000005a4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.08	XML 1.0 document, ASCII text, with CRLF line terminators

导入

库: kernel32.dll:

• 0x40e0b4 DeleteCriticalSection

• 0x40e0b8 LeaveCriticalSection

• 0x40e0bc EnterCriticalSection

• 0x40e0c0 InitializeCriticalSection

• 0x40e0c4 VirtualFree

• 0x40e0c8 VirtualAlloc

• 0x40e0cc LocalFree

• 0x40e0d0 LocalAlloc

• 0x40e0d4 WideCharToMultiByte

• 0x40e0d8 TlsSetValue

• 0x40e0dc TlsGetValue

• 0x40e0e0 MultiByteToWideChar

• 0x40e0e4 GetModuleHandleA

• 0x40e0e8 GetLastError

• 0x40e0ec GetCommandLineA

• 0x40e0f0 WriteFile

• 0x40e0f4 SetFilePointer

• 0x40e0f8 SetEndOfFile

• 0x40e0fc RtlUnwind

• 0x40e100 ReadFile

• 0x40e104 RaiseException

• 0x40e108 GetStdHandle

• 0x40e10c GetFileSize

• 0x40e110 GetSystemTime

• 0x40e114 GetFileType

• 0x40e118 ExitProcess

• 0x40e11c CreateFileA

• 0x40e120 CloseHandle

库: user32.dll:

• 0x40e128 MessageBoxA

库: oleaut32.dll:

• 0x40e130 VariantChangeTypeEx

• 0x40e134 VariantCopy

• 0x40e138 VariantClear

• 0x40e13c SysStringLen

• 0x40e140 SysAllocStringLen

库: advapi32.dll:

• 0x40e148 RegQueryValueExA

• 0x40e14c RegOpenKeyExA

• 0x40e150 RegCloseKey

• 0x40e154 OpenProcessToken

• 0x40e158 LookupPrivilegeValueA

库: kernel32.dll:

• 0x40e160 WriteFile

• 0x40e164 VirtualQuery

• 0x40e168 VirtualProtect

• 0x40e16c VirtualFree

• 0x40e170 VirtualAlloc

• 0x40e174 Sleep

• 0x40e178 SizeofResource

• 0x40e17c SetLastError

• 0x40e180 SetFilePointer

• 0x40e184 SetErrorMode

• 0x40e188 SetEndOfFile

• 0x40e18c RemoveDirectoryA

• 0x40e190 ReadFile

• 0x40e194 LockResource

• 0x40e198 LoadResource

• 0x40e19c LoadLibraryA

• 0x40e1a0 IsDBCSLeadByte

• 0x40e1a4 GetWindowsDirectoryA

• 0x40e1a8 GetVersionExA

• 0x40e1ac GetVersion

• 0x40e1b0 GetUserDefaultLangID

• 0x40e1b4 GetSystemInfo

• 0x40e1b8 GetSystemDirectoryA

• 0x40e1bc GetSystemDefaultLCID

• 0x40e1c0 GetProcAddress

• 0x40e1c4 GetModuleHandleA

• 0x40e1c8 GetModuleFileNameA

• 0x40e1cc GetLocaleInfoA

• 0x40e1d0 GetLastError

• 0x40e1d4 GetFullPathNameA

• 0x40e1d8 GetFileSize

• 0x40e1dc GetFileAttributesA

• 0x40e1e0 GetExitCodeProcess

• 0x40e1e4 GetEnvironmentVariableA

• 0x40e1e8 GetCurrentProcess

• 0x40e1ec GetCommandLineA

• 0x40e1f0 GetACP

• 0x40e1f4 InterlockedExchange

• 0x40e1f8 FormatMessageA

• 0x40e1fc FindResourceA

• 0x40e200 DeleteFileA

• 0x40e204 CreateProcessA

• 0x40e208 CreateFileA

• 0x40e20c CreateDirectoryA

• 0x40e210 CloseHandle

库: user32.dll:

• 0x40e218 TranslateMessage

• 0x40e21c SetWindowLongA

• 0x40e220 PeekMessageA

• 0x40e224 MsgWaitForMultipleObjects

• 0x40e228 MessageBoxA

• 0x40e22c LoadStringA

• 0x40e230 ExitWindowsEx

• 0x40e234 DispatchMessageA

• 0x40e238 DestroyWindow

• 0x40e23c CreateWindowExA

• 0x40e240 CallWindowProcA

• 0x40e244 CharPrevA

库: comctl32.dll:

• 0x40e24c InitCommonControls

库: advapi32.dll:

• 0x40e254 AdjustTokenPrivileges

`DATA
.idata
.rdata
P.reloc
P.rsrc
string
UhV%@
PhM,@
Ph|-@
Ph`.@
UWVSj
Uh49@
F$':@
|HtE=
,UT@@
,E B@
,UT@@
,E B@
Uh&C@
kernel32.dll
SetDefaultDllDirectories
SetDllDirectoryW
uxtheme.dll
userenv.dll
setupapi.dll
apphelp.dll
propsys.dll
dwmapi.dll
cryptbase.dll
oleacc.dll
version.dll
profapi.dll
comres.dll
clbcatq.dll
SetSearchPathMode
SetProcessDEPPolicy
Exception
EInOutError
ERangeError
EZeroDivide
EInvalidPointer
m/d/yy
mmmm d, yyyy
 AMPM
:mm:ss
Uhs`@
Uh k@
UhXo@
USERPROFILE
Uh`s@
Uh*t@
UhAu@
 hTu@
GetUserDefaultUILanguage
kernel32.dll
.DEFAULT\Control Panel\International
Locale
Control Panel\Desktop\ResourceLocale
[ExceptObject=nil]
Uhyx@
lzmadecompsmall: Compressed data is corrupted (%d)
lzmadecompsmall: %s
LzmaDecode failed (%d)
TSetupLanguageEntryA
Wow64DisableWow64FsRedirection
kernel32.dll
Wow64RevertWow64FsRedirection
shell32.dll
SeShutdownPrivilege
/SPAWNWND=
/Lang=
/HELP
 http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
For more detailed information, please visit http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Setup
InnoSetupLdrWindow
STATIC
/SL5="$%x,%d,%d,
Runtime error     at 00000000
Error
Inno Setup Setup Data (5.5.7)
Inno Setup Messages (5.5.3)
0123456789ABCDEFGHIJKLMNOPQRSTUV
kernel32.dll
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
WideCharToMultiByte
TlsSetValue
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCommandLineA
WriteFile
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetSystemTime
GetFileType
ExitProcess
CreateFileA
CloseHandle
user32.dll
MessageBoxA
oleaut32.dll
VariantChangeTypeEx
VariantCopy
VariantClear
SysStringLen
SysAllocStringLen
advapi32.dll
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
kernel32.dll
WriteFile
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
Sleep
SizeofResource
SetLastError
SetFilePointer
SetErrorMode
SetEndOfFile
RemoveDirectoryA
ReadFile
LockResource
LoadResource
LoadLibraryA
IsDBCSLeadByte
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetUserDefaultLangID
GetSystemInfo
GetSystemDirectoryA
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeProcess
GetEnvironmentVariableA
GetCurrentProcess
GetCommandLineA
GetACP
InterlockedExchange
FormatMessageA
FindResourceA
DeleteFileA
CreateProcessA
CreateFileA
CreateDirectoryA
CloseHandle
user32.dll
TranslateMessage
SetWindowLongA
PeekMessageA
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
ExitWindowsEx
DispatchMessageA
DestroyWindow
CreateWindowExA
CallWindowProcA
CharPrevA
comctl32.dll
InitCommonControls
advapi32.dll
AdjustTokenPrivileges
_H.0@t
c+7.s
MAINICON
December
Saturday
VS_VERSION_INFO
StringFileInfo
08040000
Comments
CompanyName
Kingsoft Corporation                                        
FileDescription
                                                 
FileVersion
2020.10.13.179      
LegalCopyright
 1998-2020 Kingsoft Corporation                                                          
ProductName
                                                      
ProductVersion
2020.10.13.179      
VarFileInfo
Translation

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20201027
Elastic	未发现病毒	20201012
MicroWorld-eScan	未发现病毒	20201027
CMC	未发现病毒	20201026
CAT-QuickHeal	未发现病毒	20201026
McAfee	未发现病毒	20201027
Cylance	未发现病毒	20201027
Zillya	未发现病毒	20201026
SUPERAntiSpyware	未发现病毒	20201023
Sangfor	未发现病毒	20201021
CrowdStrike	未发现病毒	20190702
Alibaba	未发现病毒	20190527
K7GW	未发现病毒	20201027
K7AntiVirus	未发现病毒	20201027
Arcabit	未发现病毒	20201026
Invincea	Mal/Packer	20201027
Baidu	未发现病毒	20190318
Cyren	W32/Heuristic-162!Eldorado	20201026
Symantec	未发现病毒	20201026
TotalDefense	未发现病毒	20201027
APEX	未发现病毒	20201025
Avast	未发现病毒	20201027
ClamAV	未发现病毒	20201026
Kaspersky	未发现病毒	20201027
BitDefender	未发现病毒	20201027
NANO-Antivirus	未发现病毒	20201027
Paloalto	未发现病毒	20201027
AegisLab	未发现病毒	20201027
Rising	未发现病毒	20201026
Ad-Aware	未发现病毒	20201027
Sophos	Mal/Packer	20201027
Comodo	未发现病毒	20201026
F-Secure	未发现病毒	20201027
DrWeb	未发现病毒	20201027
VIPRE	未发现病毒	20201027
TrendMicro	未发现病毒	20201027
McAfee-GW-Edition	未发现病毒	20201026
FireEye	未发现病毒	20201027
Emsisoft	未发现病毒	20201027
SentinelOne	未发现病毒	20201008
Jiangmin	未发现病毒	20201026
eGambit	Unsafe.AI_Score_90%	20201027
Avira	未发现病毒	20201027
MAX	未发现病毒	20201027
Antiy-AVL	未发现病毒	20201027
Kingsoft	未发现病毒	20201027
Microsoft	未发现病毒	20201027
ViRobot	未发现病毒	20201026
ZoneAlarm	未发现病毒	20201027
GData	未发现病毒	20201027
Cynet	未发现病毒	20201027
AhnLab-V3	未发现病毒	20201026
Acronis	未发现病毒	20201023
BitDefenderTheta	未发现病毒	20201023
ALYac	未发现病毒	20201027
TACHYON	未发现病毒	20201027
VBA32	未发现病毒	20201026
Malwarebytes	未发现病毒	20201027
Zoner	未发现病毒	20201026
ESET-NOD32	未发现病毒	20201027
TrendMicro-HouseCall	未发现病毒	20201027
Tencent	未发现病毒	20201027
Yandex	Packed/NSPack	20201024
Ikarus	未发现病毒	20201026
MaxSecure	未发现病毒	20201026
Fortinet	未发现病毒	20201027
Webroot	未发现病毒	20201027
AVG	未发现病毒	20201027
Cybereason	未发现病毒	20190616
Panda	未发现病毒	20201026
Qihoo-360	未发现病毒	20201027

进程树

__________________.exe id: 2320
- __________________.tmp id: 2448
  - __________________.exe id: 2512
    - __________________.tmp id: 2588
      - taskkill.exe id: 2648
      - taskkill.exe id: 2676
      - kcleaner.exe id: 2220
        
        kismain.exe id: 2532
        
        kxetray.exe id: 2616

__________________.exe, PID: 2320, 上一级进程 PID: 2168

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

__________________.tmp, PID: 2448, 上一级进程 PID: 2320

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

__________________.exe, PID: 2512, 上一级进程 PID: 2448

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

__________________.tmp, PID: 2588, 上一级进程 PID: 2512

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

taskkill.exe, PID: 2648, 上一级进程 PID: 2588

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

taskkill.exe, PID: 2676, 上一级进程 PID: 2588

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

kcleaner.exe, PID: 2220, 上一级进程 PID: 2588

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

kxetray.exe, PID: 2264, 上一级进程 PID: 2588

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

kismain.exe, PID: 2532, 上一级进程 PID: 2220

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

kxetray.exe, PID: 2616, 上一级进程 PID: 2532

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49170	183.134.67.133 dl.ijinshan.com	80
192.168.122.201	49171	183.134.67.133 dl.ijinshan.com	80
192.168.122.201	49165	23.200.74.40 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net CNAME a1983.dscd.akamai.net A 23.200.74.40 A 125.252.224.27
dl.ijinshan.com	A 183.134.67.134 A 183.134.67.145 A 183.134.67.143 CNAME dl.ijinshan.cmcm.com A 183.134.67.141 CNAME dl.ijinshan.com.bsgslb.cn CNAME zliebao.v.bsgslb.cn A 183.134.67.130 A 183.134.67.144 A 183.134.67.131 A 183.134.67.133 A 183.134.67.140 A 183.134.67.135

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49170	183.134.67.133 dl.ijinshan.com	80
192.168.122.201	49171	183.134.67.133 dl.ijinshan.com	80
192.168.122.201	49165	23.200.74.40 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://dl.ijinshan.com/duba/config/competing_pop_cloud_cfg.ini	GET /duba/config/competing_pop_cloud_cfg.ini HTTP/1.1 Host: dl.ijinshan.com User-Agent: Microsoft-ATL-Native/8.00
URL专业沙箱检测 -> http://dl.ijinshan.com/duba/config/ticket_cfg.ini	GET /duba/config/ticket_cfg.ini HTTP/1.1 Host: dl.ijinshan.com User-Agent: Microsoft-ATL-Native/8.00

URI

HTTP数据

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip

GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://dl.ijinshan.com/duba/config/competing_pop_cloud_cfg.ini

GET /duba/config/competing_pop_cloud_cfg.ini HTTP/1.1
Host: dl.ijinshan.com
User-Agent: Microsoft-ATL-Native/8.00

URL专业沙箱检测 -> http://dl.ijinshan.com/duba/config/ticket_cfg.ini

GET /duba/config/ticket_cfg.ini HTTP/1.1
Host: dl.ijinshan.com
User-Agent: Microsoft-ATL-Native/8.00

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 44.033 seconds )

25.251 BehaviorAnalysis
10.841 Suricata
3.074 Static
1.509 NetworkAnalysis
1.46 TargetInfo
1.332 VirusTotal
0.528 peid
0.015 Strings
0.011 config_decoder
0.01 AnalysisInfo
0.002 Memory

Signatures ( 25.498 seconds )

13.523 network_http
1.375 api_spamming
1.365 md_url_bl
1.026 stealth_decoy_document
1.014 stealth_timeout
0.598 antiav_detectreg
0.382 mimics_filetime
0.378 antiav_detectfile
0.333 infostealer_ftp
0.282 maldun_anomaly_massive_file_ops
0.263 infostealer_bitcoin
0.261 reads_self
0.225 stealth_file
0.22 antivm_vbox_libs
0.207 infostealer_im
0.198 antivm_generic_services
0.191 antivm_generic_scsi
0.181 bootkit
0.167 kovter_behavior
0.165 virus
0.154 antiemu_wine_func
0.154 antivm_generic_disk
0.151 antivm_vbox_files
0.147 infostealer_browser_password
0.142 antisandbox_sunbelt_libs
0.136 antiav_avast_libs
0.129 exec_crash
0.124 antianalysis_detectreg
0.118 infostealer_mail
0.111 antisandbox_sboxie_libs
0.106 antiav_bitdefender_libs
0.102 hancitor_behavior
0.071 antivm_vmware_libs
0.071 antidbg_devices
0.07 betabot_behavior
0.06 shifu_behavior
0.054 injection_createremotethread
0.053 kibex_behavior
0.053 rat_pcclient
0.051 network_tor
0.038 geodo_banking_trojan
0.036 antisandbox_sleep
0.034 injection_explorer
0.034 vawtrak_behavior
0.032 injection_runpe
0.031 antivm_xen_keys
0.031 darkcomet_regkeys
0.029 antivm_parallels_keys
0.028 andromeda_behavior
0.028 kazybot_behavior
0.028 antivm_vmware_files
0.027 codelux_behavior
0.025 hawkeye_behavior
0.025 infostealer_browser
0.024 sniffer_winpcap
0.023 maldun_anomaly_write_exe_and_obsfucate_extension
0.022 antivm_vmware_events
0.022 antivm_generic_diskreg
0.021 ransomware_extensions
0.021 recon_fingerprint
0.02 maldun_malicious_write_executeable_under_temp_to_regrun
0.02 antidbg_windows
0.017 cryptowall_behavior
0.017 network_tor_service
0.014 h1n1_behavior
0.014 antivm_vpc_files
0.014 banker_cridex
0.014 malicous_targeted_flame
0.013 Locky_behavior
0.013 ipc_namedpipe
0.013 maldun_anomaly_write_exe_and_dll_under_winroot_run
0.013 antisandbox_productid
0.013 ransomware_files
0.012 antianalysis_detectfile
0.011 antivm_vbox_keys
0.011 md_domain_bl
0.011 packer_armadillo_regkey
0.01 sets_autoconfig_url
0.01 bypass_firewall
0.01 antivm_xen_keys
0.01 antivm_hyperv_keys
0.01 antivm_vbox_acpi
0.01 antivm_vpc_keys
0.01 maldun_anomaly_invoke_vb_vba
0.009 ransomware_message
0.009 anomaly_persistence_autorun
0.009 securityxploded_modules
0.009 antisandbox_sunbelt_files
0.008 rat_luminosity
0.008 process_interest
0.008 downloader_cabby
0.007 disables_spdy
0.007 spreading_autoruninf
0.007 antivm_generic_cpu
0.007 antivm_generic_system
0.007 antivm_vbox_devices
0.007 bitcoin_opencl
0.006 disables_wfp
0.006 process_needed
0.006 antisandbox_fortinet_files
0.006 antisandbox_threattrack_files
0.006 antivm_generic_bios
0.005 antivm_vbox_window
0.004 antisandbox_script_timer
0.004 maldun_malicious_drop_executable_file_to_temp_folder
0.004 network_torgateway
0.003 tinba_behavior
0.003 rat_nanocore
0.003 office_dl_write_exe
0.003 office_write_exe
0.003 browser_needed
0.003 ransomware_file_modifications
0.003 anomaly_persistence_ads
0.003 antisandbox_cuckoo_files
0.003 antisandbox_joe_anubis_files
0.003 disables_browser_warn
0.002 antivm_directory_objects
0.002 anormaly_invoke_kills
0.002 cerber_behavior
0.002 antivm_vmware_devices
0.002 antivm_vmware_keys
0.002 browser_security
0.001 powershell_command
0.001 maldun_anomaly_heavy_create_suspended
0.001 upatre_behavior
0.001 stealth_childproc
0.001 stealth_hidden_window
0.001 dridex_behavior
0.001 anomaly_persistence_bootexecute
0.001 bcdedit_command
0.001 antisandbox_sboxie_objects
0.001 dead_link
0.001 debugs_self
0.001 deletes_shadow_copies
0.001 ransomeware_modifies_desktop_wallpaper
0.001 antiemu_wine_reg
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 modify_proxy
0.001 disables_system_restore
0.001 md_bad_drop
0.001 network_cnc_http
0.001 office_security
0.001 ransomware_radamant
0.001 rat_spynet
0.001 recon_programs
0.001 stealth_modify_uac_prompt

Reporting ( 0.803 seconds )

0.66 ReportHTMLSummary
0.143 Malheur


Task ID	583378
Mongo ID	5f9791777e769a0a8f08ec09
Cuckoo release	1.4-Maldun