恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp01-1	2017-12-15 10:30:18	2017-12-15 10:32:38	140 秒

魔盾分数

0.45

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://188.165.29.35

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	104.17.179.200	美国
否	117.18.237.29	亚洲太平洋地区
否	183.136.212.50	中国
是	188.165.29.35	立陶宛
否	2.16.4.147	欧洲
否	65.55.186.113	美国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.microsoft.com	CNAME e1863.ca2.s.tl88.net CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-2.edgekey.net A 183.136.212.50
data.tvdownload.microsoft.com	A 65.55.186.113 CNAME data.tvdownload.windowsmedia.com.akadns.net
ocsp.msocsp.com	CNAME hostedocsp.globalsign.com CNAME ocsp.globalsign.cloud A 104.17.178.200 A 104.17.177.200 A 104.17.179.200 A 104.17.175.200 A 104.17.176.200
cdn.epg.tvdownload.microsoft.com	A 2.16.4.147 CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net CNAME a1683.d.akamai.net A 2.16.4.139 CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

防病毒引擎/厂商	网站安全分析
CLEAN MX	Clean Site
VX Vault	Clean Site
ZDB Zeus	Clean Site
Tencent	Clean Site
MalwarePatrol	Clean Site
Netcraft	Unrated Site
desenmascara_me	Clean Site
PhishLabs	Unrated Site
Zerofox	Clean Site
K7AntiVirus	Clean Site
SecureBrain	Clean Site
SCUMWARE_org	Clean Site
Quttera	Clean Site
AegisLab WebGuard	Clean Site
MalwareDomainList	Clean Site
ZeusTracker	Clean Site
zvelo	Clean Site
Google Safebrowsing	Clean Site
ParetoLogic	Clean Site
Kaspersky	Unrated Site
BitDefender	Clean Site
Wepawet	Clean Site
Certly	Clean Site
G-Data	Clean Site
C-SIRT	Clean Site
OpenPhish	Clean Site
Websense ThreatSeeker	Unrated Site
CRDF	Clean Site
Webutation	Clean Site
Trustwave	Clean Site
Web Security Guard	Clean Site
Dr_Web	Clean Site
ADMINUSLabs	Clean Site
Malwarebytes hpHosts	Clean Site
Opera	Clean Site
AlienVault	Clean Site
Emsisoft	Clean Site
Malc0de Database	Clean Site
SpyEyeTracker	Clean Site
Phishtank	Clean Site
Malwared	Clean Site
Avira	Clean Site
CyberCrime	Clean Site
Antiy-AVL	Clean Site
FraudSense	Clean Site
malwares_com URL checker	Clean Site
Comodo Site Inspector	Clean Site
Malekal	Clean Site
ESET	Clean Site
Sophos	Unrated Site
Yandex Safebrowsing	Clean Site
Spam404	Clean Site
Nucleon	Clean Site
Malware Domain Blocklist	Clean Site
Blueliv	Clean Site
ZCloudsec	Clean Site
PalevoTracker	Clean Site
AutoShun	Unrated Site
ThreatHive	Clean Site
FraudScore	Clean Site
Rising	Clean Site
URLQuery	Unrated Site
StopBadware	Unrated Site
Sucuri SiteCheck	Clean Site
Fortinet	Clean Site
ZeroCERT	Clean Site
Baidu-International	Clean Site
securolytics	Clean Site

进程树

iexplore.exe id: 1356
- iexplore.exe id: 2356

iexplore.exe, PID: 1356, 上一级进程 PID: 300

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2356, 上一级进程 PID: 1356

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	104.17.179.200	美国
否	117.18.237.29	亚洲太平洋地区
否	183.136.212.50	中国
是	188.165.29.35	立陶宛
否	2.16.4.147	欧洲
否	65.55.186.113	美国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49176	104.17.179.200 ocsp.msocsp.com	80
192.168.122.201	49185	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	49174	183.136.212.50 www.microsoft.com	80
192.168.122.201	49178	183.136.212.50 www.microsoft.com	80
192.168.122.201	49163	188.165.29.35	80
192.168.122.201	49165	188.165.29.35	80
192.168.122.201	49166	188.165.29.35	80
192.168.122.201	49169	188.165.29.35	80
192.168.122.201	49170	188.165.29.35	80
192.168.122.201	49172	188.165.29.35	80
192.168.122.201	49184	2.16.4.147 cdn.epg.tvdownload.microsoft.com	80
192.168.122.201	49175	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49177	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49179	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49180	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49181	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49182	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49183	65.55.186.113 data.tvdownload.microsoft.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	51023	192.168.122.1	53
192.168.122.201	52576	192.168.122.1	53
192.168.122.201	54275	192.168.122.1	53
192.168.122.201	59418	192.168.122.1	53
192.168.122.201	59795	192.168.122.1	53
192.168.122.201	62669	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.microsoft.com	CNAME e1863.ca2.s.tl88.net CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-2.edgekey.net A 183.136.212.50
data.tvdownload.microsoft.com	A 65.55.186.113 CNAME data.tvdownload.windowsmedia.com.akadns.net
ocsp.msocsp.com	CNAME hostedocsp.globalsign.com CNAME ocsp.globalsign.cloud A 104.17.178.200 A 104.17.177.200 A 104.17.179.200 A 104.17.175.200 A 104.17.176.200
cdn.epg.tvdownload.microsoft.com	A 2.16.4.147 CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net CNAME a1683.d.akamai.net A 2.16.4.139 CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49176	104.17.179.200 ocsp.msocsp.com	80
192.168.122.201	49185	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	49174	183.136.212.50 www.microsoft.com	80
192.168.122.201	49178	183.136.212.50 www.microsoft.com	80
192.168.122.201	49163	188.165.29.35	80
192.168.122.201	49165	188.165.29.35	80
192.168.122.201	49166	188.165.29.35	80
192.168.122.201	49169	188.165.29.35	80
192.168.122.201	49170	188.165.29.35	80
192.168.122.201	49172	188.165.29.35	80
192.168.122.201	49184	2.16.4.147 cdn.epg.tvdownload.microsoft.com	80
192.168.122.201	49175	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49177	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49179	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49180	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49181	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49182	65.55.186.113 data.tvdownload.microsoft.com	443
192.168.122.201	49183	65.55.186.113 data.tvdownload.microsoft.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	51023	192.168.122.1	53
192.168.122.201	52576	192.168.122.1	53
192.168.122.201	54275	192.168.122.1	53
192.168.122.201	59418	192.168.122.1	53
192.168.122.201	59795	192.168.122.1	53
192.168.122.201	62669	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://188.165.29.35/	GET / HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0CCEQfjUW1hWWNsYU1RTGhPc0x3R1hqYVpkWGhJ&url=http%3A%2F%2F188.165.29.35&ei=b2ZRc2N5RUhNZFda&usg=AFQjZ0pKenJqY3lyQXp1 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 188.165.29.35 Connection: Keep-Alive
URL专业沙箱检测 -> http://188.165.29.35/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: 188.165.29.35 Connection: Keep-Alive
URL专业沙箱检测 -> http://188.165.29.35/cgi-sys/defaultwebpage.cgi	GET /cgi-sys/defaultwebpage.cgi HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 188.165.29.35 Connection: Keep-Alive
URL专业沙箱检测 -> http://188.165.29.35/img-sys/server_misconfigured.png	GET /img-sys/server_misconfigured.png HTTP/1.1 Accept: / Referer: http://188.165.29.35/cgi-sys/defaultwebpage.cgi Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 188.165.29.35 Connection: Keep-Alive
URL专业沙箱检测 -> http://188.165.29.35/img-sys/IP_changed.png	GET /img-sys/IP_changed.png HTTP/1.1 Accept: / Referer: http://188.165.29.35/cgi-sys/defaultwebpage.cgi Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 188.165.29.35 Connection: Keep-Alive
URL专业沙箱检测 -> http://188.165.29.35/img-sys/powered_by_cpanel.svg	GET /img-sys/powered_by_cpanel.svg HTTP/1.1 Accept: / Referer: http://188.165.29.35/cgi-sys/defaultwebpage.cgi Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: 188.165.29.35 Connection: Keep-Alive
URL专业沙箱检测 -> http://www.microsoft.com/	GET / HTTP/1.1 Host: www.microsoft.com Connection: Close
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D	GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc	HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc	GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT If-None-Match: "5a273847-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2017-12-15 10:30:41.394130+0800	183.136.212.50	80	192.168.122.201	49174	TCP	2012692	ET POLICY Microsoft user-agent automated process response to automated request	A Network Trojan was detected
2017-12-15 10:30:46.620565+0800	183.136.212.50	80	192.168.122.201	49178	TCP	2012692	ET POLICY Microsoft user-agent automated process response to automated request	A Network Trojan was detected

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2017-12-15 10:30:47.347568+0800	192.168.122.201	49179	65.55.186.113	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:30:48.848810+0800	192.168.122.201	49180	65.55.186.113	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:30:42.841612+0800	192.168.122.201	49175	65.55.186.113	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:30:45.380398+0800	192.168.122.201	49177	65.55.186.113	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:30:51.876558+0800	192.168.122.201	49182	65.55.186.113	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:30:53.359411+0800	192.168.122.201	49183	65.55.186.113	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:30:50.347083+0800	192.168.122.201	49181	65.55.186.113	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	{E307A604-E13F-11E7-A1F7-525400F9C664}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E307A604-E13F-11E7-A1F7-525400F9C664}.dat
文件大小	3584 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	a61f3e0c5f4bf1b1d73bd753e56036b6
SHA1	af060eca972f23eb8593fd0c688bc751ed468c85
SHA256	6618ff21f1357d31764c859dd09971d37d195cbfaaa3751e9c89373e1db5f4d1
CRC32	651A5C6D
Ssdeep	12:rl0YmGFOmrEgmfZ16FADrEgmfN1qY+/NlQ89o152iH8:rwmGdGSNl5o
	下载提交魔盾安全分析

文件名	IP_changed[1].png
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\IP_changed[1].png
文件大小	2939 字节
文件类型	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	ec081653bd4c836483e6d612588d18ec
SHA1	91c7e4cfa061808881575a875741773a949a9e0a
SHA256	b19da51b5e9c9b29cd8523d85d92e99e4812c891c394929c9bf67557f560672c
CRC32	1BE76BB7
Ssdeep	48:J1idCsL2m0v5bsBjj0E+x+4zE49dAUYAXyHw//o6JECAjLMpdOzTNV:DiIIb0VsBjj0E+s4zE49d3Wwn4CAjig
	下载提交魔盾安全分析

文件名	MSIMGSIZ.DAT
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小	16384 字节
文件类型	data
MD5	8a02772d4a0beb3747909c4f6482015f
SHA1	3df0480e44b8e795130da224c347c9952d66b2df
SHA256	ae27e74b8ce1034227f8a6e5788624a0382770755d3cb7115650774b1d665b41
CRC32	0D8E6589
Ssdeep	48:jGQhN7sXHWrVmqESaakad5PIy+9/8BrcVjdS6gP9Y4z7el:CBXHbbSrka5PIL8eJdcPTz76
	下载提交魔盾安全分析

文件名	RecoveryStore.{E307A603-E13F-11E7-A1F7-525400F9C664}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E307A603-E13F-11E7-A1F7-525400F9C664}.dat
文件大小	3584 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	6b63d93b1fb85faa7b4dd8e24aa6d99d
SHA1	8eeefd72f3e459d23d8113312fd9962a0bf83632
SHA256	24ab39f05a14a96ecdc8aba8ecf234548665a7656cfb0cbf1505a9cd65d2ac3a
CRC32	1A743A08
Ssdeep	12:rl0YmGF22rEg5+IaCrI017+F+DrEgmf+IaCy8qgQNlTqoXl2AlW:rI25/FGv/TQNlWoV2AA
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012017121520171216\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	6d1d1eee069aca79def75d39ea2368c9
SHA1	3e60fb549ff86b6ac608e79cea00e4ca535973d2
SHA256	16a594c297834221278d966877bd43cd28422c22c9f4a83b4d18bd536e55bfdb
CRC32	A13E35F6
Ssdeep	12:qjpmlNux3I1iJ1oTXh3I1iHopXh382G1pTXA:qjp9+wOXOdXS/XA
	下载提交魔盾安全分析

文件名	powered_by_cpanel[1].svg
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\powered_by_cpanel[1].svg
文件大小	5617 字节
文件类型	ASCII text, with very long lines
MD5	c47b4b5200566a2a496a11ba472ec5da
SHA1	3bd0da9a6ffd62217d3e781fa1356f40d9f91d4c
SHA256	179a9aa9fff4c52850d9ce34a4c435404ddfd4fefa8aab9a6eb4f47b83f922d9
CRC32	6536F04C
Ssdeep	96:BDol4IVL19t2mY5Ib0Va4FALs/k2eerILEKQhnEIsFGFB/aStUY0NuhHkzTUgCgM:BGjR19tU5Ib0tCY8jeSEptRPFESt70NW
	下载提交魔盾安全分析显示文本
<svg xmlns="http://www.w3.org/2000/svg" width="1516" height="320" viewBox="0 0 1137 240"><defs><clipPath id="a"><path d="M1095 0h41.578v42H1095zm0 0"/></clipPath></defs><path d="M89.69 59.102h67.802l-10.5 40.2c-1.605 5.6-4.605 10.1-9 13.5-4.402 3.4-9.504 5.096-15.3 5.096h-31.5c-7.2 0-13.55 2.102-19.05 6.3-5.505 4.2-9.353 9.904-11.552 17.103-1.4 5.4-1.55 10.5-.45 15.302 1.098 4.796 3.047 9.05 5.852 12.75 2.797 3.703 6.4 6.652 10.8 8.85 4.395 2.2 9.196 3.298 14.4 3.298h19.2c3.6 0 6.55 1.453 8.85 4.352 2.297 2.902 2.95 6.148 1.95 9.75l-12 44.398h-21c-14.4 0-27.653-3.148-39.75-9.45-12.102-6.3-22.153-14.648-30.15-25.05-8.003-10.395-13.452-22.246-16.35-35.547-2.903-13.3-2.55-26.95 1.05-40.953l1.2-4.5c2.597-9.602 6.648-18.45 12.148-26.55 5.5-8.098 12-15 19.5-20.7 7.5-5.7 15.85-10.148 25.05-13.352 9.2-3.195 18.797-4.796 28.8-4.796M123.89 240L182.99 18.602c1.598-5.598 4.598-10.098 9-13.5C196.388 1.7 201.484 0 207.288 0h62.7c14.403 0 27.65 3.148 39.75 9.45 12.098 6.3 22.15 14.655 30.153 25.05 7.997 10.402 13.5 22.254 16.5 35.55 3 13.305 2.594 26.954-1.202 40.95l-1.2 4.5c-2.6 9.602-6.597 18.45-12 26.55-5.398 8.098-11.847 15.052-19.347 20.848-7.5 5.805-15.855 10.305-25.05 13.5-9.203 3.204-18.8 4.805-28.8 4.805h-54.302l10.8-40.504c1.6-5.4 4.6-9.798 9-13.2 4.4-3.398 9.497-5.102 15.302-5.102h17.398c7.2 0 13.653-2.2 19.352-6.597 5.7-4.398 9.45-10.097 11.25-17.1 1.394-4.997 1.547-9.9.45-14.7-1.103-4.8-3.052-9.047-5.853-12.75-2.8-3.7-6.402-6.7-10.796-9-4.402-2.297-9.202-3.45-14.402-3.45H233.39l-43.8 162.903c-1.606 5.4-4.606 9.797-9 13.195-4.403 3.407-9.403 5.102-15 5.102h-41.7M497.984 121.8l.903-3.3c.398-1.598.148-2.95-.75-4.05-.903-1.095-2.153-1.65-3.75-1.65h-97.5c-4.2 0-8.004-.902-11.403-2.698-3.402-1.8-6.2-4.153-8.398-7.05-2.203-2.9-3.703-6.25-4.5-10.052-.8-3.797-.703-7.695.3-11.7l6-22.8h132c8.2 0 15.7 1.8 22.5 5.398 6.798 3.602 12.45 8.3 16.95 14.102 4.5 5.805 7.598 12.45 9.3 19.95 1.696 7.5 1.548 15.253-.448 23.25l-23.704 88.198c-2.398 9-7.25 16.305-14.547 21.903-7.304 5.602-15.652 8.403-25.05 8.403l-97.5-.305c-8.602 0-16.5-1.843-23.7-5.546-7.203-3.7-13.1-8.598-17.703-14.704-4.6-6.093-7.796-13.093-9.597-21-1.8-7.894-1.598-15.945.597-24.148l1.204-4.5c1.394-5.598 3.75-10.797 7.046-15.602 3.3-4.796 7.15-8.894 11.55-12.296 4.4-3.403 9.302-6.047 14.7-7.954 5.403-1.894 11.102-2.847 17.102-2.847h81.898l-6 22.5c-1.6 5.403-4.6 9.802-9 13.2-4.398 3.402-9.402 5.102-15 5.102h-36.597c-3.403 0-5.602 1.703-6.602 5.1-.598 2.2-.2 4.153 1.2 5.85 1.398 1.702 3.2 2.55 5.402 2.55h59.097c2.2 0 4.098-.602 5.704-1.8 1.597-1.2 2.593-2.798 3-4.802l.597-2.398 14.7-54.3M672.586 59.102c14.594 0 27.945 3.148 40.047 9.45 12.1 6.3 22.148 14.65 30.152 25.05 7.996 10.402 13.45 22.3 16.348 35.7 2.898 13.4 2.45 27.1-1.348 41.096l-15 56.403c-1.004 4.005-3.152 7.2-6.45 9.598-3.3 2.403-6.952 3.602-10.952 3.602h-32.4c-3.8 0-6.8-1.445-9-4.352-2.202-2.894-2.803-6.148-1.8-9.75l18-68.097c1.4-4.995 1.547-9.902.45-14.698-1.102-4.8-3.05-9.047-5.848-12.75-2.805-3.7-6.402-6.7-10.8-9-4.403-2.297-9.204-3.454-14.4-3.454h-33.6L606.882 226.8c-1 4.005-3.15 7.2-6.45 9.598-3.3 2.403-7.05 3.602-11.25 3.602h-32.097c-3.602 0-6.555-1.445-8.852-4.352-2.297-2.894-2.95-6.148-1.95-9.75l44.4-166.796h81.902M849.28 116.25c-2.397 1.902-4.1 4.352-5.096 7.352l-13.5 51c-.8 2.8-.3 5.398 1.5 7.796 1.8 2.403 4.2 3.602 7.2 3.602H963.58l-9.598 35.703c-1.605 5.4-4.605 9.797-9 13.195-4.402 3.407-9.406 5.102-15 5.102h-113.1c-8.204 0-15.704-1.75-22.5-5.25-6.802-3.496-12.45-8.195-16.95-14.102-4.5-5.894-7.606-12.597-9.3-20.097-1.697-7.5-1.45-15.152.75-22.948l18.3-68.102c1.996-7.395 5.097-14.2 9.3-20.398 4.2-6.2 9.15-11.5 14.848-15.903 5.7-4.395 12.098-7.845 19.2-10.348 7.097-2.5 14.448-3.75 22.05-3.75h80.102c8.2 0 15.7 1.796 22.5 5.398 6.796 3.602 12.45 8.3 16.95 14.102 4.5 5.8 7.546 12.5 9.147 20.097 1.603 7.605 1.4 15.3-.596 23.1l-5.403 20.4c-2.397 9.003-7.25 16.253-14.546 21.753-7.304 5.5-15.554 8.25-24.75 8.25h-90.6l6-22.203c1.397-5.398 4.296-9.797 8.698-13.2 4.398-3.398 9.496-5.1 15.3-5.1h36.602c3.4 0 5.594-1.696 6.598-5.098l1.2-4.5c.6-2.2.198-4.204-1.2-6-1.402-1.8-3.2-2.704-5.398-2.704h-55.8c-3 0-5.7.954-8.103 2.852M963.277 240l60.3-226.5c.993-3.996 3.153-7.246 6.454-9.75 3.298-2.496 7.048-3.75 11.25-3.75h32.1c3.792 0 6.85 1.453 9.15 4.352 2.29 2.902 2.95 6.148 1.95 9.75l-45 167.1c-2.21 8.802-5.75 16.798-10.652 24-4.906 7.196-10.7 13.35-17.398 18.446-6.71 5.102-14.153 9.106-22.352 12-8.203 2.907-16.8 4.352-25.8 4.352" fill="#ff6c2c"/><g clip-path="url(#a)"><path d="M1112.488 19.715h2.96c1.462 0 2.63-.38 3.513-1.137.892-.754 1.33-1.715 1.33-2.883 0-1.367-.392-2.347-1.18-2.937-.782-.594-2.02-.89-3.72-.89h-2.902zm11.87-4.13c0 1.462-.378 2.75-1.16 3.868-.776 1.12-1.858 1.957-3.268 2.504l6.51 10.8h-4.588l-5.66-9.68h-3.704v9.68h-4.04V8.396h7.13c3.03 0 5.25.593 6.66 1.777 1.422 1.183 2.12 2.988 2.12 5.414zm-26.03 4.977c0 3.157.793 6.102 2.383 8.844 1.59 2.746 3.75 4.907 6.49 6.485 2.75 1.575 5.69 2.364 8.82 2.364 3.17 0 6.12-.793 8.832-2.38 2.718-1.585 4.878-3.73 6.468-6.437 1.602-2.707 2.39-5.667 2.39-8.875 0-3.17-.788-6.117-2.382-8.832a17.746 17.746 0 0 0-6.43-6.464c-2.707-1.598-5.668-2.395-8.878-2.395-3.168 0-6.11.794-8.83 2.38-2.72 1.586-4.87 3.73-6.47 6.438-1.59 2.707-2.392 5.667-2.392 8.874zm-2.867 0c0-3.644.91-7.062 2.73-10.253 1.83-3.193 4.33-5.705 7.52-7.548A20.29 20.29 0 0 1 1116.02 0c3.652 0 7.07.91 10.26 2.734 3.19 1.825 5.7 4.329 7.54 7.52a20.298 20.298 0 0 1 2.758 10.309c0 3.59-.88 6.964-2.648 10.117-1.77 3.156-4.25 5.68-7.442 7.574-3.18 1.894-6.68 2.844-10.468 2.844-3.77 0-7.25-.946-10.442-2.828-3.187-1.887-5.68-4.41-7.45-7.563-1.776-3.152-2.667-6.535-2.667-10.145" fill="#ff6c2c"/></g></svg>

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	191d3d20f356bf520a7d1ed07b1bc08b
SHA1	bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256	d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32	BFF870C9
Ssdeep	384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
	下载提交魔盾安全分析

文件名	server_misconfigured[1].png
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\server_misconfigured[1].png
文件大小	3164 字节
文件类型	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
MD5	f79adaf00f83dc9757086cdbe8645ff0
SHA1	82f37b8be7668eab8e1a06de828cb336799c8134
SHA256	944120fb6962c7484d769d645e6d830850eead9394f6a84090aed489cfc0c41f
CRC32	E50AC1A0
Ssdeep	96:Dwv16puDMrlFNk5xU0hYktlcv2HnLKv+PGjd:Dw2uodCNyilconLQ+cd
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 20.288 seconds )

8.093 NetworkAnalysis
7.472 Suricata
2.334 VirusTotal
1.183 BehaviorAnalysis
1.141 Static
0.047 Dropped
0.014 AnalysisInfo
0.002 Debug
0.002 Memory

Signatures ( 2.475 seconds )

1.642 md_url_bl
0.174 antiav_detectreg
0.062 infostealer_ftp
0.056 stealth_timeout
0.043 md_bad_drop
0.042 api_spamming
0.036 antianalysis_detectreg
0.036 infostealer_im
0.031 antivm_generic_scsi
0.028 md_domain_bl
0.021 stealth_file
0.02 infostealer_mail
0.016 antivm_generic_services
0.011 antiav_detectfile
0.011 geodo_banking_trojan
0.01 antivm_generic_disk
0.009 betabot_behavior
0.009 mimics_filetime
0.009 kibex_behavior
0.009 antivm_xen_keys
0.008 persistence_autorun
0.008 vawtrak_behavior
0.008 antivm_parallels_keys
0.008 darkcomet_regkeys
0.007 bootkit
0.007 virus
0.007 infostealer_bitcoin
0.006 antiemu_wine_func
0.006 antivm_generic_diskreg
0.005 antidbg_windows
0.005 kovter_behavior
0.005 ransomware_extensions
0.005 ransomware_files
0.005 recon_fingerprint
0.004 andromeda_behavior
0.004 hancitor_behavior
0.004 infostealer_browser_password
0.004 antivm_vbox_files
0.003 dridex_behavior
0.003 injection_createremotethread
0.003 antivm_vbox_libs
0.003 antisandbox_productid
0.003 antivm_hyperv_keys
0.003 antivm_vbox_keys
0.003 antivm_vmware_keys
0.003 antivm_vpc_keys
0.003 bypass_firewall
0.003 disables_browser_warn
0.003 network_torgateway
0.002 tinba_behavior
0.002 rat_nanocore
0.002 antiav_avast_libs
0.002 stack_pivot
0.002 ransomware_message
0.002 Locky_behavior
0.002 antivm_vmware_events
0.002 cerber_behavior
0.002 injection_runpe
0.002 cryptowall_behavior
0.002 antivm_xen_keys
0.002 antivm_vbox_acpi
0.002 browser_security
0.002 packer_armadillo_regkey
0.002 recon_programs
0.001 hawkeye_behavior
0.001 network_tor
0.001 rat_luminosity
0.001 antivm_vbox_window
0.001 injection_explorer
0.001 stealth_network
0.001 antisandbox_sunbelt_libs
0.001 kazybot_behavior
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 dyre_behavior
0.001 shifu_behavior
0.001 exec_crash
0.001 ursnif_behavior
0.001 ispy_behavior
0.001 antianalysis_detectfile
0.001 antidbg_devices
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 antivm_vmware_files
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 codelux_behavior
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 ie_martian_children
0.001 modify_uac_prompt
0.001 rat_pcclient

Reporting ( 0.556 seconds )

0.556 ReportHTMLSummary


Task ID	122581
Mongo ID	5a333460bb7d5720df128e43
Cuckoo release	1.4-Maldun