恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp03-1	2021-04-17 07:25:50	2021-04-17 07:27:56	126 秒

魔盾分数

4.79

可疑的

URL详细信息

URL
URL专业沙箱检测 -> https://tv.blizzard.cn/award

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.gstatic.com	A 203.208.41.66
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net CNAME a1983.dscd.akamai.net A 23.203.63.170

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    blizzard.cn
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    shwzynet@service.netease.com

Registrar(s):
    阿里云计算有限公司（万网）
Name Server(s):
    ns6.nease.net
    ns5.nease.net
    ns4.nease.net
    ns1.nease.net
    ns3.nease.net
    ns2.nease.net
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

chrome.exe id: 2416
- chrome.exe id: 2816

chrome.exe, PID: 2416, 上一级进程 PID: 2160

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

chrome.exe, PID: 2816, 上一级进程 PID: 2416

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	203.208.41.66 www.gstatic.com	443
192.168.122.201	49212	23.203.63.170 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	63995	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.gstatic.com	A 203.208.41.66
acroipm.adobe.com	CNAME acroipm.adobe.com.edgesuite.net CNAME a1983.dscd.akamai.net A 23.203.63.170

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49162	203.208.41.66 www.gstatic.com	443
192.168.122.201	49212	23.203.63.170 acroipm.adobe.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	63995	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2021-04-17 07:26:08.711382+0800	192.168.122.201	49162	203.208.41.66	443	TLS 1.1	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.gstatic.com	36:ae:4f:16:79:a7:78:df:85:88:67:19:ae:c4:52:de:e4:11:9d:0a

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 27.206 seconds )

14.782 BehaviorAnalysis
10.831 Suricata
1.472 NetworkAnalysis
0.109 Static
0.01 AnalysisInfo
0.002 Memory

Signatures ( 6.747 seconds )

1.341 md_url_bl
0.951 api_spamming
0.908 stealth_timeout
0.571 mimics_filetime
0.342 antivm_generic_disk
0.334 stealth_file
0.315 virus
0.282 bootkit
0.208 antivm_generic_scsi
0.175 hancitor_behavior
0.131 antivm_generic_services
0.123 anormaly_invoke_kills
0.101 maldun_anomaly_massive_file_ops
0.089 injection_createremotethread
0.072 antiav_detectreg
0.071 stack_pivot
0.052 injection_runpe
0.047 antiav_detectfile
0.043 infostealer_bitcoin
0.035 infostealer_ftp
0.034 antivm_vbox_files
0.031 rat_luminosity
0.028 injection_explorer
0.028 antidbg_windows
0.023 ransomware_extensions
0.022 infostealer_im
0.02 vawtrak_behavior
0.02 antianalysis_detectreg
0.017 process_needed
0.015 antidbg_devices
0.015 ransomware_files
0.014 infostealer_mail
0.013 geodo_banking_trojan
0.011 kovter_behavior
0.01 ipc_namedpipe
0.01 infostealer_browser_password
0.01 md_domain_bl
0.009 ransomware_message
0.009 sets_autoconfig_url
0.008 hawkeye_behavior
0.008 securityxploded_modules
0.007 antivm_vbox_window
0.007 anomaly_persistence_autorun
0.007 h1n1_behavior
0.007 rat_pcclient
0.006 antiemu_wine_func
0.006 network_tor
0.006 betabot_behavior
0.006 antisandbox_script_timer
0.006 antivm_vmware_files
0.005 kibex_behavior
0.005 disables_wfp
0.005 antivm_parallels_keys
0.005 antivm_xen_keys
0.005 disables_browser_warn
0.004 antivm_vbox_libs
0.004 disables_spdy
0.004 TrickBotTaskDelete
0.004 deletes_self
0.003 tinba_behavior
0.003 rat_nanocore
0.003 antiav_avast_libs
0.003 kazybot_behavior
0.003 antisandbox_sunbelt_libs
0.003 ransomware_file_modifications
0.003 shifu_behavior
0.003 exec_crash
0.003 antianalysis_detectfile
0.003 antivm_generic_diskreg
0.003 antivm_vpc_files
0.003 banker_cridex
0.003 browser_security
0.003 codelux_behavior
0.002 removes_zoneid_ads
0.002 upatre_behavior
0.002 infostealer_browser
0.002 antisandbox_sboxie_libs
0.002 antiav_bitdefender_libs
0.002 cerber_behavior
0.002 sniffer_winpcap
0.002 antisandbox_productid
0.002 antisandbox_sunbelt_files
0.002 bot_drive
0.002 bot_drive2
0.002 browser_addon
0.002 darkcomet_regkeys
0.002 maldun_malicious_drop_executable_file_to_temp_folder
0.002 malicous_targeted_flame
0.002 network_torgateway
0.001 network_anomaly
0.001 antivm_vmware_libs
0.001 stealth_network
0.001 bypass_firewall
0.001 antisandbox_cuckoo_files
0.001 antisandbox_fortinet_files
0.001 antisandbox_joe_anubis_files
0.001 antisandbox_threattrack_files
0.001 antivm_generic_system
0.001 antivm_xen_keys
0.001 antivm_hyperv_keys
0.001 antivm_vbox_acpi
0.001 antivm_vbox_devices
0.001 antivm_vbox_keys
0.001 antivm_vmware_keys
0.001 antivm_vpc_keys
0.001 banker_zeus_mutex
0.001 bitcoin_opencl
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 ie_martian_children
0.001 maldun_anomaly_invoke_vb_vba
0.001 md_bad_drop
0.001 network_tor_service
0.001 ransomware_radamant
0.001 recon_fingerprint
0.001 stealth_modify_uac_prompt
0.001 stealth_web_history

Reporting ( 0.528 seconds )

0.528 ReportHTMLSummary


Task ID	630913
Mongo ID	607a1dc37e769a5ba10d80a3
Cuckoo release	1.4-Maldun