分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-2 2017-12-14 09:10:39 2017-12-14 09:13:27 168 秒

魔盾分数

10.0

危险的

URL详细信息

URL
URL专业沙箱检测 -> http://gmgsecurity.com.br/bro/yah/validate.htm

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.17.177.200 美国
108.179.193.134 美国
117.18.237.29 亚洲太平洋地区
183.136.212.50 中国
65.55.186.113 美国
96.17.182.26 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
gmgsecurity.com.br A 108.179.193.134
www.gmgsecurity.com.br CNAME gmgsecurity.com.br
www.microsoft.com CNAME e1863.ca2.s.tl88.net
CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-2.edgekey.net
A 183.136.212.50
data.tvdownload.microsoft.com A 65.55.186.113
CNAME data.tvdownload.windowsmedia.com.akadns.net
ocsp.msocsp.com CNAME hostedocsp.globalsign.com
CNAME ocsp.globalsign.cloud
A 104.17.178.200
A 104.17.177.200
A 104.17.179.200
A 104.17.175.200
A 104.17.176.200
cdn.epg.tvdownload.microsoft.com CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net
A 96.17.182.33
CNAME a1683.d.akamai.net
CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net
A 96.17.182.26
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: BR
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    None
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    None

Registrar(s):
    None
Name Server(s):
    None
Referral URL(s):
    None
防病毒引擎/厂商 网站安全分析
CLEAN MX Clean Site
DNS8 Clean Site
MalwarePatrol Clean Site
ZDB Zeus Clean Site
Tencent Clean Site
Netcraft Unrated Site
desenmascara_me Clean Site
Dr_Web Clean Site
PhishLabs Unrated Site
Zerofox Clean Site
K7AntiVirus Clean Site
SecureBrain Clean Site
Virusdie External Site Scan Clean Site
SCUMWARE_org Malware Site
Quttera Clean Site
AegisLab WebGuard Clean Site
MalwareDomainList Clean Site
ZeusTracker Clean Site
zvelo Clean Site
Google Safebrowsing Phishing Site
Kaspersky Phishing Site
BitDefender Phishing Site
Certly Clean Site
G-Data Clean Site
C-SIRT Clean Site
OpenPhish Clean Site
Malware Domain Blocklist Clean Site
VX Vault Clean Site
Webutation Clean Site
Trustwave Clean Site
Web Security Guard Clean Site
CyRadar Malicious Site
ADMINUSLabs Clean Site
Malwarebytes hpHosts Clean Site
Opera Clean Site
AlienVault Clean Site
Emsisoft Clean Site
Malc0de Database Clean Site
Phishtank Clean Site
Malwared Clean Site
Avira Phishing Site
CyberCrime Clean Site
Antiy-AVL Clean Site
Forcepoint ThreatSeeker Phishing Site
FraudSense Clean Site
malwares_com URL checker Clean Site
Comodo Site Inspector Clean Site
Malekal Clean Site
ESET Clean Site
Sophos Malicious Site
Yandex Safebrowsing Clean Site
Spam404 Clean Site
Nucleon Clean Site
Sucuri SiteCheck Clean Site
Blueliv Clean Site
ZCloudsec Clean Site
AutoShun Unrated Site
ThreatHive Clean Site
FraudScore Clean Site
Rising Clean Site
URLQuery Clean Site
StopBadware Unrated Site
Fortinet Phishing Site
ZeroCERT Clean Site
Baidu-International Clean Site
securolytics Clean Site

进程树


iexplore.exe, PID: 2180, 上一级进程 PID: 1096
iexplore.exe, PID: 2332, 上一级进程 PID: 2180

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.17.177.200 美国
108.179.193.134 美国
117.18.237.29 亚洲太平洋地区
183.136.212.50 中国
65.55.186.113 美国
96.17.182.26 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49173 104.17.177.200 ocsp.msocsp.com 80
192.168.122.202 49163 108.179.193.134 gmgsecurity.com.br 80
192.168.122.202 49165 108.179.193.134 gmgsecurity.com.br 80
192.168.122.202 49183 117.18.237.29 ocsp.digicert.com 80
192.168.122.202 49170 183.136.212.50 www.microsoft.com 80
192.168.122.202 49176 183.136.212.50 www.microsoft.com 80
192.168.122.202 49171 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49174 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49177 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49178 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49179 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49180 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49181 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49182 96.17.182.26 cdn.epg.tvdownload.microsoft.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50040 192.168.122.1 53
192.168.122.202 56021 192.168.122.1 53
192.168.122.202 56039 192.168.122.1 53
192.168.122.202 56379 192.168.122.1 53
192.168.122.202 60614 192.168.122.1 53
192.168.122.202 60755 192.168.122.1 53
192.168.122.202 62411 192.168.122.1 53
192.168.122.202 65450 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
gmgsecurity.com.br A 108.179.193.134
www.gmgsecurity.com.br CNAME gmgsecurity.com.br
www.microsoft.com CNAME e1863.ca2.s.tl88.net
CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-2.edgekey.net
A 183.136.212.50
data.tvdownload.microsoft.com A 65.55.186.113
CNAME data.tvdownload.windowsmedia.com.akadns.net
ocsp.msocsp.com CNAME hostedocsp.globalsign.com
CNAME ocsp.globalsign.cloud
A 104.17.178.200
A 104.17.177.200
A 104.17.179.200
A 104.17.175.200
A 104.17.176.200
cdn.epg.tvdownload.microsoft.com CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net
A 96.17.182.33
CNAME a1683.d.akamai.net
CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net
A 96.17.182.26
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49173 104.17.177.200 ocsp.msocsp.com 80
192.168.122.202 49163 108.179.193.134 gmgsecurity.com.br 80
192.168.122.202 49165 108.179.193.134 gmgsecurity.com.br 80
192.168.122.202 49183 117.18.237.29 ocsp.digicert.com 80
192.168.122.202 49170 183.136.212.50 www.microsoft.com 80
192.168.122.202 49176 183.136.212.50 www.microsoft.com 80
192.168.122.202 49171 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49174 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49177 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49178 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49179 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49180 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49181 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.202 49182 96.17.182.26 cdn.epg.tvdownload.microsoft.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 50040 192.168.122.1 53
192.168.122.202 56021 192.168.122.1 53
192.168.122.202 56039 192.168.122.1 53
192.168.122.202 56379 192.168.122.1 53
192.168.122.202 60614 192.168.122.1 53
192.168.122.202 60755 192.168.122.1 53
192.168.122.202 62411 192.168.122.1 53
192.168.122.202 65450 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://gmgsecurity.com.br/bro/yah/validate.htm
GET /bro/yah/validate.htm HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=29&ved=0CCEQfjdUJveUZhR2hVZ3ppcGZP&url=http%3A%2F%2Fgmgsecurity.com.br%2Fbro%2Fyah%2Fvalidate.htm&ei=YXFiTlZORUNDenBZ&usg=AFQjV0tjWU1vdllQZUpp
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: gmgsecurity.com.br
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.gmgsecurity.com.br/bro/yah/validate.htm
GET /bro/yah/validate.htm HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=29&ved=0CCEQfjdUJveUZhR2hVZ3ppcGZP&url=http%3A%2F%2Fgmgsecurity.com.br%2Fbro%2Fyah%2Fvalidate.htm&ei=YXFiTlZORUNDenBZ&usg=AFQjV0tjWU1vdllQZUpp
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: www.gmgsecurity.com.br

URL专业沙箱检测 -> http://www.microsoft.com/
GET / HTTP/1.1
Host: www.microsoft.com
Connection: Close

URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT
If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com

URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc
HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: cdn.epg.tvdownload.microsoft.com

URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc
GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT
User-Agent: Microsoft BITS/7.5
Host: cdn.epg.tvdownload.microsoft.com

URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT
If-None-Match: "5a273847-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2017-12-14 09:11:55.907796+0800 183.136.212.50 80 192.168.122.202 49170 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected
2017-12-14 09:12:03.177822+0800 183.136.212.50 80 192.168.122.202 49176 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2017-12-14 09:12:01.521289+0800 192.168.122.202 49174 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-14 09:11:58.677666+0800 192.168.122.202 49171 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-14 09:12:04.028109+0800 192.168.122.202 49177 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-14 09:12:07.904312+0800 192.168.122.202 49180 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小 262144 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 fbe6ba880d1f6cadfd771536120f2c73
SHA1 34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256 a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
CRC32 E94B92FD
Ssdeep 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
下载提交魔盾安全分析
文件名 http_404[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\http_404[1]
文件大小 6426 字节
文件类型 HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 7f768c5df2afe99d9e50200d909d0618
SHA1 158b5974e2af5f0bfd9e87146d7f160e478f2b1f
SHA256 eb6857047ffc4031eff0d05358419b5d7c17dbd8c887767cdc7a79b8031ee331
CRC32 D9CB9C06
Ssdeep 48:up4daV4VkBXvLftC5JZ2Ox1a5TIm8Z3GUun3GFEUK083GBJe0hB4u01kpzkuKTFU:uBpbyJZ2OoqtZu36Hx0V0z7YuOCMnT+
魔盾安全分析结果 1.3分析时间:2016-11-17 08:00:41查看分析报告
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 191d3d20f356bf520a7d1ed07b1bc08b
SHA1 bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256 d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32 BFF870C9
Ssdeep 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
下载提交魔盾安全分析
文件名 MSIMGSIZ.DAT
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小 16384 字节
文件类型 data
MD5 133feee5310e20e4ba94e459bae8b3e4
SHA1 3683dd609fb29ed26d3f41f0f943914d29b6ffae
SHA256 7cbd32f4a41694695e78f9ac3af6fe2e8afca7dc966f7904fa498269572d68b6
CRC32 4F400BC6
Ssdeep 48:jGQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:CBXHbbSrka5PIL8mJdcPzz76
下载提交魔盾安全分析
文件名 bullet[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\bullet[1]
文件大小 3169 字节
文件类型 PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5 0c4c086dd852704e8eeb8ff83e3b73d1
SHA1 56bac3d2c88a83628134b36322e37deb6b00b1a1
SHA256 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
CRC32 51CC83D9
Ssdeep 48:VocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD2X+r0svw:VZ/I09Da01l+gmkyTt6Hk8nT2X+r0kw
下载提交魔盾安全分析
文件名 background_gradient[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\background_gradient[1]
文件大小 453 字节
文件类型 JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
MD5 20f0110ed5e4e0d5384a496e4880139b
SHA1 51f5fc61d8bf19100df0f8aadaa57fcd9c086255
SHA256 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
CRC32 C2D0CE77
Ssdeep 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
下载提交魔盾安全分析
文件名 httpErrorPagesScripts[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\httpErrorPagesScripts[1]
文件大小 8601 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5 e7ca76a3c9ee0564471671d500e3f0f3
SHA1 fe815ae0f865ec4c26e421bf0bd21bb09bc6f410
SHA256 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
CRC32 A7C34EF3
Ssdeep 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y
魔盾安全分析结果 4.0分析时间:2016-11-15 15:05:24查看分析报告
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
文件名 RecoveryStore.{9D2E6763-E06B-11E7-BCEA-5254005E164C}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9D2E6763-E06B-11E7-BCEA-5254005E164C}.dat
文件大小 3584 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 4196fb22df6ed805af9a2711ef71ec2a
SHA1 162e9330b388d9656d686a67eba1a7fbd08d1eb2
SHA256 c132b0eb7d903ea6f109573610f0245b4dc10a9b9c1abdcf1649242f699932e4
CRC32 4D3A50F9
Ssdeep 12:rl0YmGF2wQrEg5+IaCrI017+FOIDrEgmf+IaCy8qgQNlTqo3LP:rI35/KGv/TQNlWo3LP
下载提交魔盾安全分析
文件名 {9D2E6764-E06B-11E7-BCEA-5254005E164C}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9D2E6764-E06B-11E7-BCEA-5254005E164C}.dat
文件大小 4608 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 ef64aeba76142e0bd4fc0c30ae9e960a
SHA1 578aedcd34b01f3582ca6e4af4752398b5562fb4
SHA256 cf50302b86b123fde96d0e293727b2d8a3c8a15d6c6427a4ef919a9bdaa44a94
CRC32 A69B71CE
Ssdeep 12:rlfFucrEgmfR16FjdrEgmfR1qjNlYfOo3+/Nlj9o/akZDna+:rtGwdGENljowNlxo/aEna+
下载提交魔盾安全分析
文件名 errorPageStrings[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\errorPageStrings[1]
文件大小 1643 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 13216fa0f896b1b7c445fe9a54b5b998
SHA1 d343d35b45507640bc68487d4ad3afcb927ce950
SHA256 7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61
CRC32 3A14753A
Ssdeep 48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc
魔盾安全分析结果 4.0分析时间:2016-11-15 15:07:57查看分析报告
下载提交魔盾安全分析
文件名 down[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\down[1]
文件大小 3414 字节
文件类型 PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5 555e83ce7f5d280d7454af334571fb25
SHA1 47f78f68d72e3d9041acc9107a6b0d665f408385
SHA256 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
CRC32 9EA3279D
Ssdeep 96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe
下载提交魔盾安全分析
文件名 info_48[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\info_48[1]
文件大小 6993 字节
文件类型 PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
MD5 49e0ef03e74704089a60c437085db89e
SHA1 c2e7ab3ce114465ea7060f2ef738afcb3341a384
SHA256 caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
CRC32 4C99540A
Ssdeep 192:NS0tKg9E05THXQJBCnFux5TsRfb+Y0ObhD9Uc7:LXE05UBCFAORfK9S7b7
下载提交魔盾安全分析
文件名 ErrorPageTemplate[1]
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\ErrorPageTemplate[1]
文件大小 2226 字节
文件类型 UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5 9e7f4ae3f245c70af5b7dbe095647d30
SHA1 cbcffb08f72c10e3e2493ca0044872a7ebdc7215
SHA256 2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df
CRC32 08BB8CA5
Ssdeep 48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR
魔盾安全分析结果 4.0分析时间:2016-11-15 15:07:12查看分析报告
下载提交魔盾安全分析
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 45.786 seconds )

  • 23.521 NetworkAnalysis
  • 12.152 Suricata
  • 4.751 BehaviorAnalysis
  • 2.306 Static
  • 1.472 VirusTotal
  • 1.287 Dropped
  • 0.136 AnalysisInfo
  • 0.093 Debug
  • 0.068 Memory

Signatures ( 7.5 seconds )

  • 3.288 md_url_bl
  • 2.966 md_bad_drop
  • 0.261 antiav_detectreg
  • 0.101 infostealer_ftp
  • 0.08 infostealer_im
  • 0.076 stealth_timeout
  • 0.061 antianalysis_detectreg
  • 0.051 api_spamming
  • 0.045 antivm_generic_scsi
  • 0.034 stealth_file
  • 0.034 infostealer_mail
  • 0.034 md_domain_bl
  • 0.022 antivm_generic_services
  • 0.019 antiav_detectfile
  • 0.019 geodo_banking_trojan
  • 0.015 darkcomet_regkeys
  • 0.014 persistence_autorun
  • 0.014 antivm_parallels_keys
  • 0.012 mimics_filetime
  • 0.012 kibex_behavior
  • 0.012 antivm_generic_disk
  • 0.012 antivm_xen_keys
  • 0.012 disables_browser_warn
  • 0.012 ransomware_extensions
  • 0.011 betabot_behavior
  • 0.011 antivm_generic_diskreg
  • 0.011 infostealer_bitcoin
  • 0.01 ransomware_files
  • 0.009 vawtrak_behavior
  • 0.008 antiemu_wine_func
  • 0.008 bootkit
  • 0.008 virus
  • 0.008 antivm_vbox_files
  • 0.007 antidbg_windows
  • 0.007 kovter_behavior
  • 0.006 tinba_behavior
  • 0.006 infostealer_browser_password
  • 0.006 antivm_xen_keys
  • 0.006 bot_drive
  • 0.006 bot_drive2
  • 0.006 browser_security
  • 0.006 recon_fingerprint
  • 0.005 hancitor_behavior
  • 0.005 antivm_vbox_libs
  • 0.005 antisandbox_productid
  • 0.005 antivm_hyperv_keys
  • 0.005 bypass_firewall
  • 0.005 network_torgateway
  • 0.004 andromeda_behavior
  • 0.004 rat_nanocore
  • 0.004 antivm_vbox_acpi
  • 0.004 antivm_vbox_keys
  • 0.004 antivm_vmware_keys
  • 0.004 antivm_vpc_keys
  • 0.003 antiav_avast_libs
  • 0.003 dridex_behavior
  • 0.003 injection_createremotethread
  • 0.003 Locky_behavior
  • 0.003 ursnif_behavior
  • 0.003 cerber_behavior
  • 0.003 antianalysis_detectfile
  • 0.003 antidbg_devices
  • 0.003 antivm_generic_bios
  • 0.003 antivm_generic_cpu
  • 0.003 antivm_generic_system
  • 0.003 browser_addon
  • 0.003 packer_armadillo_regkey
  • 0.002 network_tor
  • 0.002 stack_pivot
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 shifu_behavior
  • 0.002 exec_crash
  • 0.002 antivm_vmware_events
  • 0.002 injection_runpe
  • 0.002 cryptowall_behavior
  • 0.002 banker_zeus_mutex
  • 0.002 codelux_behavior
  • 0.002 deepfreeze_mutex
  • 0.002 disables_system_restore
  • 0.002 ie_martian_children
  • 0.002 modify_uac_prompt
  • 0.002 recon_programs
  • 0.001 hawkeye_behavior
  • 0.001 persistence_bootexecute
  • 0.001 rat_luminosity
  • 0.001 network_anomaly
  • 0.001 antivm_vmware_libs
  • 0.001 antivm_vbox_window
  • 0.001 injection_explorer
  • 0.001 stealth_network
  • 0.001 modifies_desktop_wallpaper
  • 0.001 kazybot_behavior
  • 0.001 heapspray_js
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 dyre_behavior
  • 0.001 ispy_behavior
  • 0.001 antisandbox_sunbelt_files
  • 0.001 antisandbox_threattrack_files
  • 0.001 antivm_vmware_files
  • 0.001 bot_athenahttp
  • 0.001 bot_madness
  • 0.001 browser_helper_object
  • 0.001 disables_windows_defender
  • 0.001 maldun_blacklist
  • 0.001 modify_security_center_warnings
  • 0.001 office_security
  • 0.001 ransomware_radamant
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 targeted_flame

Reporting ( 1.068 seconds )

  • 1.068 ReportHTMLSummary
Task ID 122477
Mongo ID 5a31d07e2e06334c282674c8
Cuckoo release 1.4-Maldun