比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-08-19 11:32:54 2022-08-19 11:35:08 134 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 生死狙击爱尚辅助V15.5.rar ==> V155.exe
文件大小 8671232 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 08aa277b506b594bf4212933cbc56a7b
SHA1 f18d1ecd31314366a2c59c34d1ed83c839549419
SHA256 67cb55e2c29506b1df035eafb09412449753a63932f1363f208756d440e20d57
SHA512 17e3d360a8b2e331961f95759ec34c457b7b13f776324c42cabadf20ef02b04209495a4f8cdbc1321f97acbef40b400d9f77dd3ed2b457657ce90d0c5831673e
CRC32 F154A0DF
Ssdeep 98304:udF5ZqlG4082zfokp8prJB45SbWf+YFC2t7TZMtW1ywPZpHCZkdNcw:uDrzAlHB4Qaf+HQT2Wcasg
Yara 登录查看Yara规则
找不到该样本 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
115.223.11.149 中国
150.138.101.76 中国
220.181.135.250 中国
43.129.88.15 日本
59.54.253.95 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
asdata.ui10.net 未知 A 43.129.88.15
my.4399.com 未知 A 49.71.74.18
A 150.138.101.76
CNAME my.4399.com.lxdns.com
A 49.71.73.132
CNAME my.4399api.net
s1.img4399.com 未知 A 115.223.11.149
CNAME s1.img4399.com.wscdns.com
A 61.147.211.209
A 49.71.75.15
ptlogin.3304399.net 未知 A 59.54.253.95
A 101.227.98.111
CNAME ptlogin.3304399.net.lxdns.com
s19.cnzz.com 未知 A 220.181.135.250
CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com
s23.cnzz.com 未知

摘要

登录查看详细行为信息
没有信息显示.
YM0P_[yw
XCg@9
|%dD^f
N_M43m
KPcQx
*`- K
没有防病毒引擎扫描信息!

进程树

cmd.exe, PID: 2912, 上一级进程 PID: 2260
V155.exe, PID: 3044, 上一级进程 PID: 2912
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
115.223.11.149 中国
150.138.101.76 中国
220.181.135.250 中国
43.129.88.15 日本
59.54.253.95 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 115.223.11.149 s1.img4399.com 80
192.168.122.201 49165 115.223.11.149 s1.img4399.com 80
192.168.122.201 49162 150.138.101.76 my.4399.com 80
192.168.122.201 49170 150.138.101.76 my.4399.com 80
192.168.122.201 49175 150.138.101.76 my.4399.com 443
192.168.122.201 49172 220.181.135.250 s19.cnzz.com 443
192.168.122.201 49173 220.181.135.250 s19.cnzz.com 443
192.168.122.201 49159 23.33.32.227 80
192.168.122.201 49166 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49167 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49168 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49169 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49171 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49163 59.54.253.95 ptlogin.3304399.net 80
192.168.122.201 49174 59.54.253.95 ptlogin.3304399.net 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 51304 192.168.122.1 53
192.168.122.201 53118 192.168.122.1 53
192.168.122.201 53947 192.168.122.1 53
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 59277 192.168.122.1 53
192.168.122.201 60155 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53
192.168.122.201 63472 192.168.122.1 53

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 115.223.11.149 s1.img4399.com 80
192.168.122.201 49165 115.223.11.149 s1.img4399.com 80
192.168.122.201 49162 150.138.101.76 my.4399.com 80
192.168.122.201 49170 150.138.101.76 my.4399.com 80
192.168.122.201 49175 150.138.101.76 my.4399.com 443
192.168.122.201 49172 220.181.135.250 s19.cnzz.com 443
192.168.122.201 49173 220.181.135.250 s19.cnzz.com 443
192.168.122.201 49159 23.33.32.227 80
192.168.122.201 49166 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49167 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49168 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49169 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49171 43.129.88.15 asdata.ui10.net 80
192.168.122.201 49163 59.54.253.95 ptlogin.3304399.net 80
192.168.122.201 49174 59.54.253.95 ptlogin.3304399.net 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 51304 192.168.122.1 53
192.168.122.201 53118 192.168.122.1 53
192.168.122.201 53947 192.168.122.1 53
192.168.122.201 57526 192.168.122.1 53
192.168.122.201 59277 192.168.122.1 53
192.168.122.201 60155 192.168.122.1 53
192.168.122.201 63246 192.168.122.1 53
192.168.122.201 63472 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip 
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache
URL专业沙箱检测 -> http://my.4399.com/yxssjj/?from=news&newsrefer= 
GET /yxssjj/?from=news&newsrefer= HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: my.4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/css/base.css?v=2 
GET /resource/css/base.css?v=2 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ptlogin.3304399.net
Connection: Keep-Alive
URL专业沙箱检测 -> http://s1.img4399.com/base/js/jquery.min.1.7.2.js?20a4607 
GET /base/js/jquery.min.1.7.2.js?20a4607 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://s1.img4399.com/base/css/KS.css?20a4607 
GET /base/css/KS.css?20a4607 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://s1.img4399.com/base/css/ptunlogin.css 
GET /base/css/ptunlogin.css HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fhome%2Fcss%2Fglobal_server%2Cglobal_oserver%2Cglobal_footer%2Cglobal_sprite%2CageLimitDialog%3Bwebgame%2Fssjj%2Fnews%2Fcss%2Fptlogin%3Bwebgame%2Fhome%2Ffcm%2Fgame%2FwebFcmStyle.css&v=128cf2e 
GET /merge/?file=webgame%2Fhome%2Fcss%2Fglobal_server%2Cglobal_oserver%2Cglobal_footer%2Cglobal_sprite%2CageLimitDialog%3Bwebgame%2Fssjj%2Fnews%2Fcss%2Fptlogin%3Bwebgame%2Fhome%2Ffcm%2Fgame%2FwebFcmStyle.css&v=128cf2e HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/cs.txt 
GET //asjjdata/cs.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache
URL专业沙箱检测 -> http://asdata.ui10.net/asjjdata/gonggao/zxgg.html 
GET /asjjdata/gonggao/zxgg.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: asdata.ui10.net
Connection: Keep-Alive
URL专业沙箱检测 -> http://s1.img4399.com/webgame/home/js/init/PageWebTools.js?128cf2e 
GET /webgame/home/js/init/PageWebTools.js?128cf2e HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://s1.img4399.com/merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=128cf2e 
GET /merge/?file=webgame%2Fssjj%2Fnews%2Fcss%2Fssjj_news.css&v=128cf2e HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://s1.img4399.com/base/css/KS.css?20a4607 
GET /base/css/KS.css?20a4607 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
If-Modified-Since: Tue, 20 Nov 2012 02:13:11 GMT
If-None-Match: W/"50aae737-902"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/gonggao/gglx.txt 
GET //asjjdata/gonggao/gglx.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/banben.txt 
GET //asjjdata/banben.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/zdbanben.txt 
GET //asjjdata/zdbanben.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/tj.html?V15.5 
GET //asjjdata/tj.html?V15.5 HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: asdata.ui10.net
Connection: Keep-Alive
URL专业沙箱检测 -> http://s1.img4399.com/base/css/ue_common.css?20a4607 
GET /base/css/ue_common.css?20a4607 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: s1.img4399.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://asdata.ui10.net//asjjdata/gxdz.txt 
GET //asjjdata/gxdz.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Accept: */*
Host: asdata.ui10.net
Cache-Control: no-cache
URL专业沙箱检测 -> http://ptlogin.3304399.net/resource/css/base.css?v=2 
GET /resource/css/base.css?v=2 HTTP/1.1
Accept: */*
Referer: http://my.4399.com/yxssjj/?from=news&newsrefer=
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
If-Modified-Since: Sat, 02 Apr 2022 07:00:38 GMT
If-None-Match: "6247f496-e58d"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: ptlogin.3304399.net
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2022-08-19 11:33:24.241712+0800 192.168.122.201 49167 43.129.88.15 80 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation
2022-08-19 11:33:24.321668+0800 192.168.122.201 49168 43.129.88.15 80 TCP 2016879 ET POLICY Unsupported/Fake Windows NT Version 5.0 Potential Corporate Privacy Violation

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2022-08-19 11:33:24.921659+0800 192.168.122.201 49173 220.181.135.250 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 06:2c:fc:5d:c1:34:6d:ca:7c:4c:e6:5f:dd:15:d0:a5:ca:69:59:bf
2022-08-19 11:33:24.947773+0800 192.168.122.201 49172 220.181.135.250 443 TLS 1.2 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.cnzz.com 06:2c:fc:5d:c1:34:6d:ca:7c:4c:e6:5f:dd:15:d0:a5:ca:69:59:bf
2022-08-19 11:33:25.072586+0800 192.168.122.201 49175 150.138.101.76 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=*.4399.com 5e:f7:d4:f5:1a:87:36:b6:fb:1b:34:26:06:7a:26:d3:27:d9:8a:d6

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 V155.exe
相关文件
C:\Users\test\AppData\Local\Temp\rar-tmp\V155.exe
文件大小 8671232 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 08aa277b506b594bf4212933cbc56a7b
SHA1 f18d1ecd31314366a2c59c34d1ed83c839549419
SHA256 67cb55e2c29506b1df035eafb09412449753a63932f1363f208756d440e20d57
CRC32 F154A0DF
Ssdeep 98304:udF5ZqlG4082zfokp8prJB45SbWf+YFC2t7TZMtW1ywPZpHCZkdNcw:uDrzAlHB4Qaf+HQT2Wcasg
魔盾安全分析结果 10.0分析时间:2020-09-25 20:44:07查看分析报告
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 32.863 seconds )

  • 13.667 NetworkAnalysis
  • 10.937 Suricata
  • 4.881 BehaviorAnalysis
  • 1.898 TargetInfo
  • 1.107 VirusTotal
  • 0.349 Dropped
  • 0.011 AnalysisInfo
  • 0.011 Strings
  • 0.002 Memory

Signatures ( 52.347 seconds )

  • 48.838 network_http
  • 1.746 md_url_bl
  • 0.258 api_spamming
  • 0.209 stealth_timeout
  • 0.207 stealth_decoy_document
  • 0.119 antiav_detectreg
  • 0.105 infostealer_browser
  • 0.08 reads_self
  • 0.059 stealth_file
  • 0.056 antidbg_windows
  • 0.051 mimics_filetime
  • 0.046 infostealer_ftp
  • 0.043 infostealer_browser_password
  • 0.036 ipc_namedpipe
  • 0.034 bootkit
  • 0.026 infostealer_im
  • 0.025 antivm_generic_scsi
  • 0.025 antianalysis_detectreg
  • 0.018 antivm_generic_services
  • 0.018 md_domain_bl
  • 0.016 anormaly_invoke_kills
  • 0.015 antiav_detectfile
  • 0.015 infostealer_mail
  • 0.012 antivm_vbox_window
  • 0.01 virus
  • 0.01 infostealer_bitcoin
  • 0.009 dridex_behavior
  • 0.009 maldun_anomaly_massive_file_ops
  • 0.008 antivm_generic_disk
  • 0.008 antisandbox_script_timer
  • 0.008 kovter_behavior
  • 0.008 geodo_banking_trojan
  • 0.007 antiemu_wine_func
  • 0.007 antivm_vbox_libs
  • 0.007 betabot_behavior
  • 0.007 kibex_behavior
  • 0.006 stealth_network
  • 0.006 anomaly_persistence_autorun
  • 0.006 antivm_vbox_files
  • 0.006 antivm_xen_keys
  • 0.006 darkcomet_regkeys
  • 0.006 ransomware_extensions
  • 0.006 ransomware_files
  • 0.005 heapspray_js
  • 0.005 ransomeware_modifies_desktop_wallpaper
  • 0.005 shifu_behavior
  • 0.005 antivm_generic_diskreg
  • 0.005 antivm_parallels_keys
  • 0.004 maldun_malicious_write_executeable_under_temp_to_regrun
  • 0.004 maldun_anomaly_write_exe_and_obsfucate_extension
  • 0.004 sets_autoconfig_url
  • 0.004 exec_crash
  • 0.003 antiav_avast_libs
  • 0.003 virtualcheck_js
  • 0.003 ransomware_message
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 hancitor_behavior
  • 0.003 disables_browser_warn
  • 0.003 recon_fingerprint
  • 0.002 tinba_behavior
  • 0.002 hawkeye_behavior
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 stack_pivot
  • 0.002 antivm_vmware_libs
  • 0.002 clickfraud_cookies
  • 0.002 injection_createremotethread
  • 0.002 kazybot_behavior
  • 0.002 antisandbox_sboxie_libs
  • 0.002 antiav_bitdefender_libs
  • 0.002 dead_connect
  • 0.002 disables_wfp
  • 0.002 cerber_behavior
  • 0.002 securityxploded_modules
  • 0.002 bypass_firewall
  • 0.002 antidbg_devices
  • 0.002 antisandbox_productid
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 modify_proxy
  • 0.002 maldun_anomaly_invoke_vb_vba
  • 0.002 network_torgateway
  • 0.002 packer_armadillo_regkey
  • 0.002 rat_pcclient
  • 0.001 disables_spdy
  • 0.001 office_dl_write_exe
  • 0.001 office_write_exe
  • 0.001 network_anomaly
  • 0.001 rat_luminosity
  • 0.001 injection_explorer
  • 0.001 network_execute_http
  • 0.001 dyre_behavior
  • 0.001 maldun_anomaly_write_exe_and_dll_under_winroot_run
  • 0.001 java_js
  • 0.001 injection_runpe
  • 0.001 silverlight_js
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 stealth_modify_uac_prompt

Reporting ( 0.6 seconds )

  • 0.579 ReportHTMLSummary
  • 0.021 Malheur
Task ID 704740
Mongo ID 62ff0554dc327beba7e00de1
Cuckoo release 1.4-Maldun