分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-hpdapp01-1 2017-12-15 10:53:18 2017-12-15 10:55:45 147 秒

魔盾分数

2.85

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://dl.urndf.com/download/%CE%A2%D0%C5_18@27440.exe
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.17.177.200 美国
117.18.237.29 亚洲太平洋地区
120.26.127.170 中国
122.228.74.170 中国
183.136.212.50 中国
23.219.38.8 美国
65.55.186.113 美国
199.239.182.200 美国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
dl.urndf.com A 120.26.127.170
cl.urndf.com A 122.228.74.170
CNAME cl.urndf.com.w.kunlunea.com
A 124.112.127.83
www.microsoft.com CNAME e1863.ca2.s.tl88.net
CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-2.edgekey.net
A 183.136.212.50
data.tvdownload.microsoft.com A 65.55.186.113
CNAME data.tvdownload.windowsmedia.com.akadns.net
ocsp.msocsp.com CNAME hostedocsp.globalsign.com
CNAME ocsp.globalsign.cloud
A 104.17.178.200
A 104.17.177.200
A 104.17.179.200
A 104.17.175.200
A 104.17.176.200
cdn.epg.tvdownload.microsoft.com CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net
CNAME a1683.d.akamai.net
CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net
A 23.219.38.8
A 23.219.38.35
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

摘要

登录查看详细行为信息

WHOIS 信息

Name: Nexperian Holding Limited
Country: CN
State: Zhejiang
City: Hangzhou
ZIP Code: 311121
Address: Le Jia International No.999 Liang Mu Road Yuhang District

Orginization: Nexperian Holding Limited
Domain Name(s):
    URNDF.COM
    urndf.com
Creation Date:
    2016-10-14 09:35:43
Updated Date:
    2017-09-21 06:08:22
Expiration Date:
    2018-10-14 09:35:43
Email(s):
    DomainAbuse@service.aliyun.com
    YuMing@YinSiBaoHu.AliYun.com

Registrar(s):
    HiChina Zhicheng Technology Ltd.
Name Server(s):
    DNS10.HICHINA.COM
    DNS9.HICHINA.COM
Referral URL(s):
    None
防病毒引擎/厂商 网站安全分析
CLEAN MX Clean Site
DNS8 Clean Site
MalwarePatrol Clean Site
ZDB Zeus Clean Site
Tencent Clean Site
Netcraft Unrated Site
desenmascara_me Clean Site
Dr_Web Clean Site
PhishLabs Unrated Site
Zerofox Clean Site
K7AntiVirus Clean Site
SecureBrain Clean Site
Virusdie External Site Scan Clean Site
SCUMWARE_org Clean Site
Quttera Clean Site
AegisLab WebGuard Clean Site
MalwareDomainList Clean Site
ZeusTracker Clean Site
zvelo Clean Site
Google Safebrowsing Clean Site
Kaspersky Unrated Site
BitDefender Clean Site
Certly Clean Site
G-Data Clean Site
C-SIRT Clean Site
OpenPhish Clean Site
Malware Domain Blocklist Clean Site
VX Vault Clean Site
Webutation Clean Site
Trustwave Clean Site
Web Security Guard Clean Site
CyRadar Clean Site
ADMINUSLabs Clean Site
Malwarebytes hpHosts Clean Site
Opera Clean Site
AlienVault Clean Site
Emsisoft Clean Site
Malc0de Database Clean Site
Phishtank Clean Site
Malwared Clean Site
Avira Clean Site
CyberCrime Clean Site
Antiy-AVL Clean Site
Forcepoint ThreatSeeker Unrated Site
FraudSense Clean Site
malwares_com URL checker Clean Site
Comodo Site Inspector Clean Site
Malekal Clean Site
ESET Clean Site
Sophos Unrated Site
Yandex Safebrowsing Malware Site
Spam404 Clean Site
Nucleon Clean Site
Sucuri SiteCheck Clean Site
Blueliv Clean Site
ZCloudsec Clean Site
AutoShun Unrated Site
ThreatHive Clean Site
FraudScore Clean Site
Rising Clean Site
URLQuery Unrated Site
StopBadware Unrated Site
Fortinet Malware Site
ZeroCERT Clean Site
Baidu-International Clean Site
securolytics Clean Site

进程树

iexplore.exe, PID: 2164, 上一级进程 PID: 1236
iexplore.exe, PID: 2324, 上一级进程 PID: 2164
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
104.17.177.200 美国
117.18.237.29 亚洲太平洋地区
120.26.127.170 中国
122.228.74.170 中国
183.136.212.50 中国
23.219.38.8 美国
65.55.186.113 美国
199.239.182.200 美国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49171 104.17.177.200 ocsp.msocsp.com 80
192.168.122.201 49182 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 49162 120.26.127.170 dl.urndf.com 80
192.168.122.201 49163 122.228.74.170 cl.urndf.com 80
192.168.122.201 49169 183.136.212.50 www.microsoft.com 80
192.168.122.201 49173 183.136.212.50 www.microsoft.com 80
192.168.122.201 49181 23.219.38.8 cdn.epg.tvdownload.microsoft.com 80
192.168.122.201 49170 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49172 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49174 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49175 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49176 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49177 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49178 65.55.186.113 data.tvdownload.microsoft.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49198 192.168.122.1 53
192.168.122.201 54830 192.168.122.1 53
192.168.122.201 60313 192.168.122.1 53
192.168.122.201 60701 192.168.122.1 53
192.168.122.201 61636 192.168.122.1 53
192.168.122.201 61836 192.168.122.1 53
192.168.122.201 63248 192.168.122.1 53
192.168.122.201 64412 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
dl.urndf.com A 120.26.127.170
cl.urndf.com A 122.228.74.170
CNAME cl.urndf.com.w.kunlunea.com
A 124.112.127.83
www.microsoft.com CNAME e1863.ca2.s.tl88.net
CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-2.edgekey.net
A 183.136.212.50
data.tvdownload.microsoft.com A 65.55.186.113
CNAME data.tvdownload.windowsmedia.com.akadns.net
ocsp.msocsp.com CNAME hostedocsp.globalsign.com
CNAME ocsp.globalsign.cloud
A 104.17.178.200
A 104.17.177.200
A 104.17.179.200
A 104.17.175.200
A 104.17.176.200
cdn.epg.tvdownload.microsoft.com CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net
CNAME a1683.d.akamai.net
CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net
A 23.219.38.8
A 23.219.38.35
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49171 104.17.177.200 ocsp.msocsp.com 80
192.168.122.201 49182 117.18.237.29 ocsp.digicert.com 80
192.168.122.201 49162 120.26.127.170 dl.urndf.com 80
192.168.122.201 49163 122.228.74.170 cl.urndf.com 80
192.168.122.201 49169 183.136.212.50 www.microsoft.com 80
192.168.122.201 49173 183.136.212.50 www.microsoft.com 80
192.168.122.201 49181 23.219.38.8 cdn.epg.tvdownload.microsoft.com 80
192.168.122.201 49170 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49172 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49174 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49175 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49176 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49177 65.55.186.113 data.tvdownload.microsoft.com 443
192.168.122.201 49178 65.55.186.113 data.tvdownload.microsoft.com 443

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 49198 192.168.122.1 53
192.168.122.201 54830 192.168.122.1 53
192.168.122.201 60313 192.168.122.1 53
192.168.122.201 60701 192.168.122.1 53
192.168.122.201 61636 192.168.122.1 53
192.168.122.201 61836 192.168.122.1 53
192.168.122.201 63248 192.168.122.1 53
192.168.122.201 64412 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://dl.urndf.com/download/%CE%A2%D0%C5_18@27440.exe 
GET /download/%CE%A2%D0%C5_18@27440.exe HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=29&ved=0CCEQfjT2RLTVhiV3FvZVRPUU5udmZFWG9Md0VG&url=http%3A%2F%2Fdl.urndf.com%2Fdownload%2F%25CE%25A2%25D0%25C5_18%4027440.exe&ei=d0RvbXVTUEJvdGVj&usg=AFQjS3NrU3R3TFVNbWlT
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: dl.urndf.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://cl.urndf.com/download/%CE%A2%D0%C5_18@27440.exe 
GET /download/%CE%A2%D0%C5_18@27440.exe HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=29&ved=0CCEQfjT2RLTVhiV3FvZVRPUU5udmZFWG9Md0VG&url=http%3A%2F%2Fdl.urndf.com%2Fdownload%2F%25CE%25A2%25D0%25C5_18%4027440.exe&ei=d0RvbXVTUEJvdGVj&usg=AFQjS3NrU3R3TFVNbWlT
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: cl.urndf.com
URL专业沙箱检测 -> http://www.microsoft.com/ 
GET / HTTP/1.1
Host: www.microsoft.com
Connection: Close
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D 
GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT
If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc 
HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.5
Host: cdn.epg.tvdownload.microsoft.com
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc 
GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT
User-Agent: Microsoft BITS/7.5
Host: cdn.epg.tvdownload.microsoft.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT
If-None-Match: "5a273847-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2017-12-15 10:54:09.942213+0800 183.136.212.50 80 192.168.122.201 49169 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected
2017-12-15 10:54:16.143018+0800 183.136.212.50 80 192.168.122.201 49173 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected
2017-12-15 10:53:45.117402+0800 122.228.74.170 80 192.168.122.201 49163 TCP 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2017-12-15 10:54:12.231796+0800 192.168.122.201 49170 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:54:14.836577+0800 192.168.122.201 49172 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:54:19.216100+0800 192.168.122.201 49176 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:54:20.675944+0800 192.168.122.201 49177 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 10:54:16.882590+0800 192.168.122.201 49174 65.55.186.113 443 TLSv1 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 {1D229EA4-E143-11E7-AB96-52540022444F}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1D229EA4-E143-11E7-AB96-52540022444F}.dat
文件大小 4096 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 089bf1aab2a18edec6def45eb415551a
SHA1 159ca85d0a526deac5d12cf2013903a86c179ca9
SHA256 c04ff8443a183d6f7e69c225174367fb3766143932f0eaffac06a0637c2ccf84
CRC32 8411D503
Ssdeep 12:rl0YmGFczrEgm8GL7KFsrEgm8Gz7qPNlCgrNl26ao:roG8cG8JNlLrNlIo
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
文件名 RecoveryStore.{1D229EA3-E143-11E7-AB96-52540022444F}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1D229EA3-E143-11E7-AB96-52540022444F}.dat
文件大小 5120 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 324829590171e57b6a48a1e0e4980e83
SHA1 659952cb4464647bb28d8fb61ef79d348ccb7f02
SHA256 814a37aa75ab41707c74fcbd54fe87c89ae34a41a1371f7e59128506cab74392
CRC32 DA84E198
Ssdeep 12:rl0oGF2WTrEgmZ+IaCrI0CIc8GbiF2FrEg5+IaCrI0CI7uoeMiqI77vNlTqoIMI5:rLWTG5/k8yF5/OMkNlWoI/QNlWoI
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 191d3d20f356bf520a7d1ed07b1bc08b
SHA1 bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256 d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32 BFF870C9
Ssdeep 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
下载提交魔盾安全分析
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 29.244 seconds )

  • 12.403 Suricata
  • 11.467 NetworkAnalysis
  • 2.179 Static
  • 2.019 VirusTotal
  • 1.015 BehaviorAnalysis
  • 0.094 AnalysisInfo
  • 0.042 Debug
  • 0.022 Dropped
  • 0.003 Memory

Signatures ( 3.758 seconds )

  • 2.589 md_url_bl
  • 0.341 md_bad_drop
  • 0.188 antiav_detectreg
  • 0.069 infostealer_ftp
  • 0.051 stealth_timeout
  • 0.039 antianalysis_detectreg
  • 0.039 infostealer_im
  • 0.037 api_spamming
  • 0.034 md_domain_bl
  • 0.03 antivm_generic_scsi
  • 0.022 infostealer_mail
  • 0.021 stealth_file
  • 0.015 antivm_generic_services
  • 0.014 antiav_detectfile
  • 0.012 geodo_banking_trojan
  • 0.011 antivm_generic_disk
  • 0.01 kibex_behavior
  • 0.01 persistence_autorun
  • 0.009 mimics_filetime
  • 0.009 antivm_parallels_keys
  • 0.009 antivm_xen_keys
  • 0.009 darkcomet_regkeys
  • 0.009 infostealer_bitcoin
  • 0.008 betabot_behavior
  • 0.007 antiemu_wine_func
  • 0.007 virus
  • 0.007 ransomware_files
  • 0.006 bootkit
  • 0.006 antivm_generic_diskreg
  • 0.006 antivm_vbox_files
  • 0.006 ransomware_extensions
  • 0.005 infostealer_browser_password
  • 0.005 antidbg_windows
  • 0.005 kovter_behavior
  • 0.005 recon_fingerprint
  • 0.004 hancitor_behavior
  • 0.004 disables_browser_warn
  • 0.004 network_torgateway
  • 0.003 tinba_behavior
  • 0.003 rat_nanocore
  • 0.003 dridex_behavior
  • 0.003 antivm_vbox_libs
  • 0.003 antisandbox_productid
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 browser_security
  • 0.003 bypass_firewall
  • 0.003 packer_armadillo_regkey
  • 0.002 antiav_avast_libs
  • 0.002 stack_pivot
  • 0.002 injection_createremotethread
  • 0.002 vawtrak_behavior
  • 0.002 cerber_behavior
  • 0.002 injection_runpe
  • 0.002 antidbg_devices
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_system
  • 0.002 recon_programs
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 persistence_bootexecute
  • 0.001 antivm_vbox_window
  • 0.001 stealth_network
  • 0.001 modifies_desktop_wallpaper
  • 0.001 Locky_behavior
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 ursnif_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 ie_martian_children
  • 0.001 maldun_blacklist
  • 0.001 modify_security_center_warnings
  • 0.001 modify_uac_prompt
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 targeted_flame
  • 0.001 whois_create

Reporting ( 0.726 seconds )

  • 0.726 ReportHTMLSummary
Task ID 122585
Mongo ID 5a3339da2e06334c28269117
Cuckoo release 1.4-Maldun