恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp01-1	2017-12-15 17:08:27	2017-12-15 17:10:45	138 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://jlvhtqvudtz

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	104.17.176.200	美国
否	117.18.237.29	亚洲太平洋地区
否	27.148.137.244	中国
否	65.55.5.170	美国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.microsoft.com	CNAME e1863.ca2.s.tl88.net CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net A 27.148.137.244 CNAME www.microsoft.com-c-2.edgekey.net
data.tvdownload.microsoft.com	CNAME data.tvdownload.windowsmedia.com.akadns.net A 65.55.5.170
ocsp.msocsp.com	CNAME hostedocsp.globalsign.com CNAME ocsp.globalsign.cloud A 104.17.178.200 A 104.17.177.200 A 104.17.179.200 A 104.17.175.200 A 104.17.176.200
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    None
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    None

Registrar(s):
    None
Name Server(s):
    None
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

iexplore.exe id: 2064
- iexplore.exe id: 2308

iexplore.exe, PID: 2064, 上一级进程 PID: 300

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2308, 上一级进程 PID: 2064

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	104.17.176.200	美国
否	117.18.237.29	亚洲太平洋地区
否	27.148.137.244	中国
否	65.55.5.170	美国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49167	104.17.176.200 ocsp.msocsp.com	80
192.168.122.201	49175	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	49165	27.148.137.244 www.microsoft.com	80
192.168.122.201	49169	27.148.137.244 www.microsoft.com	80
192.168.122.201	49166	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49168	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49170	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49171	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49172	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49173	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49174	65.55.5.170 data.tvdownload.microsoft.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49230	192.168.122.1	53
192.168.122.201	59418	192.168.122.1	53
192.168.122.201	59795	192.168.122.1	53
192.168.122.201	61817	192.168.122.1	53
192.168.122.201	62669	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.microsoft.com	CNAME e1863.ca2.s.tl88.net CNAME www.microsoft.com-c-2.edgekey.net.globalredir.akadns.net A 27.148.137.244 CNAME www.microsoft.com-c-2.edgekey.net
data.tvdownload.microsoft.com	CNAME data.tvdownload.windowsmedia.com.akadns.net A 65.55.5.170
ocsp.msocsp.com	CNAME hostedocsp.globalsign.com CNAME ocsp.globalsign.cloud A 104.17.178.200 A 104.17.177.200 A 104.17.179.200 A 104.17.175.200 A 104.17.176.200
ocsp.digicert.com	CNAME cs9.wac.phicdn.net A 117.18.237.29

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49167	104.17.176.200 ocsp.msocsp.com	80
192.168.122.201	49175	117.18.237.29 ocsp.digicert.com	80
192.168.122.201	49165	27.148.137.244 www.microsoft.com	80
192.168.122.201	49169	27.148.137.244 www.microsoft.com	80
192.168.122.201	49166	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49168	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49170	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49171	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49172	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49173	65.55.5.170 data.tvdownload.microsoft.com	443
192.168.122.201	49174	65.55.5.170 data.tvdownload.microsoft.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49230	192.168.122.1	53
192.168.122.201	59418	192.168.122.1	53
192.168.122.201	59795	192.168.122.1	53
192.168.122.201	61817	192.168.122.1	53
192.168.122.201	62669	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.microsoft.com/	GET / HTTP/1.1 Host: www.microsoft.com Connection: Close
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D	GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1 Cache-Control: max-age = 172800 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT If-None-Match: "5a273847-1d7" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com

URI

HTTP数据

URL专业沙箱检测 -> http://www.microsoft.com/

GET / HTTP/1.1
Host: www.microsoft.com
Connection: Close

URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D

GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT
If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.msocsp.com

URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1
Cache-Control: max-age = 172800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 06 Dec 2017 00:22:31 GMT
If-None-Match: "5a273847-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2017-12-15 17:08:55.697418+0800	27.148.137.244	80	192.168.122.201	49169	TCP	2012692	ET POLICY Microsoft user-agent automated process response to automated request	A Network Trojan was detected
2017-12-15 17:08:51.086924+0800	27.148.137.244	80	192.168.122.201	49165	TCP	2012692	ET POLICY Microsoft user-agent automated process response to automated request	A Network Trojan was detected

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2017-12-15 17:08:54.812412+0800	192.168.122.201	49168	65.55.5.170	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 17:08:52.363622+0800	192.168.122.201	49166	65.55.5.170	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 17:08:59.999914+0800	192.168.122.201	49174	65.55.5.170	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 17:08:56.953829+0800	192.168.122.201	49171	65.55.5.170	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2017-12-15 17:08:58.000834+0800	192.168.122.201	49172	65.55.5.170	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	191d3d20f356bf520a7d1ed07b1bc08b
SHA1	bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256	d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32	BFF870C9
Ssdeep	384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
	下载提交魔盾安全分析

文件名	noConnect[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\noConnect[1]
文件大小	8230 字节
文件类型	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
MD5	3cb8faccd5de434d415ab75c17e8fd86
SHA1	098b04b7237860874db38b22830387937aeb5073
SHA256	6976c426e3ac66d66303c114b22b2b41109a7de648ba55ffc3e5a53bd0db09e7
CRC32	F9D26F41
Ssdeep	192:SSDS0tKg9E05TKPzo6BmMSpEJH8x07oLKsiF+2MxNdcNyVE:tJXE05g/uEJH8m7oLKLo2MxncUVE
	下载提交魔盾安全分析

文件名	dnserror[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\dnserror[1]
文件大小	5880 字节
文件类型	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	4f118ed39d89f270a49fb32ac9629eb5
SHA1	615b8e7223c36c962c93fad268748d9eb9fcad0c
SHA256	817c7650f5eaa0b4d4fc607a3fd139916a312004b1decf1f07eaba72e49f144c
CRC32	4CAD5B88
Ssdeep	48:uqUPr/ZV4VWBXvyK4nZ1a5TImPW/wu21kpD8uKZAXaaEglZB4OxukNm00+M0UMxT:u7pJEQNIwu2ktlZ+7020nENqoSr
魔盾安全分析结果	1.3 分析时间：2016-11-15 15:07:39 查看分析报告
	下载提交魔盾安全分析

文件名	{828D36E4-E177-11E7-A1F7-525400F9C664}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{828D36E4-E177-11E7-A1F7-525400F9C664}.dat
文件大小	4608 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	64eb12cd779b58795375ee153ec25c2c
SHA1	871cf8fc9426b663f43723c0f468711e097773b2
SHA256	bf0770884b557aac40ebc595c5a9bc31e1ff1d12a7365a735048a149871848dd
CRC32	A7E070C0
Ssdeep	12:rlfFm+ZrEgmfR16FoxDrEgmfR1qjNlYfOo4Nlj9ocrU:rK+G9GENljo4Nlxoo
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

文件名	favcenter[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favcenter[1]
文件大小	3366 字节
文件类型	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	25d76ee5fb5b890f2cc022d94a42fe19
SHA1	62c180ec01ff2c30396fb1601004123f56b10d2f
SHA256	07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b
CRC32	7FE3FBCC
Ssdeep	96:RZ/I09Da01l+gmkyTt6Hk8nT1ny5y3iw+BT:RS0tKg9E05T1yIyw6
	下载提交魔盾安全分析

文件名	errorPageStrings[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\errorPageStrings[1]
文件大小	1643 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	13216fa0f896b1b7c445fe9a54b5b998
SHA1	d343d35b45507640bc68487d4ad3afcb927ce950
SHA256	7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61
CRC32	3A14753A
Ssdeep	48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:07:57 查看分析报告
	下载提交魔盾安全分析

文件名	httpErrorPagesScripts[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\httpErrorPagesScripts[1]
文件大小	8601 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5	e7ca76a3c9ee0564471671d500e3f0f3
SHA1	fe815ae0f865ec4c26e421bf0bd21bb09bc6f410
SHA256	58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
CRC32	A7C34EF3
Ssdeep	192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:05:24 查看分析报告
	下载提交魔盾安全分析

文件名	tools[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\tools[1]
文件大小	3560 字节
文件类型	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
MD5	6f20ba58551e13cfd87ec059327effd0
SHA1	b326a89ee587636bad7ad52aa944dc314fc6a6e2
SHA256	62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b
CRC32	6793DDC5
Ssdeep	96:CXHt+JcNgOSiS4XsAYNpf2ESNOSMpLvmlC:2oONgOLPXsAYnpSymlC
	下载提交魔盾安全分析

文件名	background_gradient[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\background_gradient[1]
文件大小	453 字节
文件类型	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
MD5	20f0110ed5e4e0d5384a496e4880139b
SHA1	51f5fc61d8bf19100df0f8aadaa57fcd9c086255
SHA256	1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
CRC32	C2D0CE77
Ssdeep	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
	下载提交魔盾安全分析

文件名	RecoveryStore.{828D36E3-E177-11E7-A1F7-525400F9C664}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{828D36E3-E177-11E7-A1F7-525400F9C664}.dat
文件大小	3584 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	bd276cf37eabae36f86a72aed6b787dc
SHA1	54d4b0f5dd4528bd1bb613691cea3c47c3de3c0f
SHA256	3281f8845d044b6be5fc446142b44f3e207cacc41c7182442eae9c7a77dce72b
CRC32	A2100B94
Ssdeep	12:rl0YmGF2MrEg5+IaCrI017+FADrEgmf+IaCy8qgQNlTqonJ+Wsm:rIM5/TGv/TQNlWoJ+Wsm
	下载提交魔盾安全分析

文件名	down[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\down[1]
文件大小	3414 字节
文件类型	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5	555e83ce7f5d280d7454af334571fb25
SHA1	47f78f68d72e3d9041acc9107a6b0d665f408385
SHA256	70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
CRC32	9EA3279D
Ssdeep	96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe
	下载提交魔盾安全分析

文件名	ErrorPageTemplate[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\ErrorPageTemplate[1]
文件大小	2226 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	9e7f4ae3f245c70af5b7dbe095647d30
SHA1	cbcffb08f72c10e3e2493ca0044872a7ebdc7215
SHA256	2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df
CRC32	08BB8CA5
Ssdeep	48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:07:12 查看分析报告
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 19.282 seconds )

8.486 Suricata
8.22 NetworkAnalysis
1.383 VirusTotal
1.088 BehaviorAnalysis
0.079 Dropped
0.014 Static
0.009 AnalysisInfo
0.002 Memory
0.001 Debug

Signatures ( 2.683 seconds )

1.871 md_url_bl
0.172 antiav_detectreg
0.064 infostealer_ftp
0.053 stealth_timeout
0.041 api_spamming
0.036 antianalysis_detectreg
0.036 infostealer_im
0.032 md_bad_drop
0.029 antivm_generic_scsi
0.021 infostealer_mail
0.021 md_domain_bl
0.017 stealth_file
0.016 antiav_detectfile
0.014 antivm_generic_services
0.012 geodo_banking_trojan
0.011 infostealer_bitcoin
0.011 ransomware_extensions
0.009 betabot_behavior
0.009 kibex_behavior
0.009 antivm_parallels_keys
0.009 antivm_xen_keys
0.008 mimics_filetime
0.008 antivm_generic_disk
0.008 vawtrak_behavior
0.008 darkcomet_regkeys
0.007 persistence_autorun
0.007 antivm_vbox_files
0.006 virus
0.006 antivm_generic_diskreg
0.005 antiemu_wine_func
0.005 bootkit
0.005 shifu_behavior
0.005 ransomware_files
0.005 recon_fingerprint
0.004 andromeda_behavior
0.004 infostealer_browser_password
0.004 antidbg_windows
0.004 kovter_behavior
0.004 network_torgateway
0.003 hancitor_behavior
0.003 antivm_vbox_libs
0.003 antisandbox_productid
0.003 antivm_hyperv_keys
0.003 antivm_vbox_acpi
0.003 antivm_vbox_keys
0.003 antivm_vmware_keys
0.003 antivm_vpc_keys
0.003 disables_browser_warn
0.003 packer_armadillo_regkey
0.002 tinba_behavior
0.002 network_tor
0.002 rat_nanocore
0.002 antiav_avast_libs
0.002 injection_createremotethread
0.002 Locky_behavior
0.002 antivm_vmware_events
0.002 cerber_behavior
0.002 cryptowall_behavior
0.002 antidbg_devices
0.002 antivm_xen_keys
0.002 browser_security
0.002 bypass_firewall
0.001 hawkeye_behavior
0.001 rat_luminosity
0.001 stack_pivot
0.001 dridex_behavior
0.001 antisandbox_sunbelt_libs
0.001 kazybot_behavior
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 dyre_behavior
0.001 exec_crash
0.001 ursnif_behavior
0.001 ispy_behavior
0.001 injection_runpe
0.001 antianalysis_detectfile
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 antivm_vmware_files
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 codelux_behavior
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 ie_martian_children
0.001 modify_security_center_warnings
0.001 modify_uac_prompt
0.001 office_security
0.001 rat_pcclient
0.001 recon_programs

Reporting ( 0.603 seconds )

0.603 ReportHTMLSummary


Task ID	122616
Mongo ID	5a3391aebb7d5720df129901
Cuckoo release	1.4-Maldun