分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp01-1 | 2018-03-12 22:18:07 | 2018-03-12 22:20:36 | 149 秒 |
魔盾分数
0.45
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> https://fa.cc52.cc/app.php/56 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 101.96.10.73 | 中国 | |
| 否 | 117.18.237.29 | 亚洲太平洋地区 | |
| 否 | 122.224.45.50 | 中国 | |
| 否 | 183.131.217.120 | 中国 | |
| 否 | 23.59.139.27 | 美国 |
域名解析 (可点击查询WPING实时安全评级)
摘要
登录查看详细行为信息WHOIS 信息
Name: linliang
Country: CN
State: zhejiang
City: hangzhou
ZIP Code: 318000
Address: jiangxiamiaoshanjingjikaifaqu
Orginization: linliang
Domain Name(s):
CC52.CC
cc52.cc
Creation Date:
2017-06-21 23:40:20
Updated Date:
2017-06-22 05:20:19
2017-06-21 23:40:20
Expiration Date:
2018-06-21 23:40:20
Email(s):
abuse@22.cn
2331313766@qq.com
Registrar(s):
22NET, INC.
Name Server(s):
NS5.DNSDUN.NET
NS6.DNSDUN.COM
ns6.dnsdun.com
ns5.dnsdun.net
Referral URL(s):
None
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 101.96.10.73 | 中国 | |
| 否 | 117.18.237.29 | 亚洲太平洋地区 | |
| 否 | 122.224.45.50 | 中国 | |
| 否 | 183.131.217.120 | 中国 | |
| 否 | 23.59.139.27 | 美国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49176 | 101.96.10.73 | 80 |
| 192.168.122.201 | 49161 | 117.18.237.29 ocsp.digicert.com | 80 |
| 192.168.122.201 | 49174 | 122.224.45.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49160 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49164 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49165 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49168 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49169 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49170 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49171 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49172 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49162 | 23.59.139.27 ocsp2.digicert.com | 80 |
| 192.168.122.201 | 49175 | 63.130.76.74 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 58719 | 192.168.122.1 | 53 |
| 192.168.122.201 | 60313 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61636 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61836 | 192.168.122.1 | 53 |
| 192.168.122.201 | 63248 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64412 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49176 | 101.96.10.73 | 80 |
| 192.168.122.201 | 49161 | 117.18.237.29 ocsp.digicert.com | 80 |
| 192.168.122.201 | 49174 | 122.224.45.50 www.microsoft.com | 80 |
| 192.168.122.201 | 49160 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49164 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49165 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49168 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49169 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49170 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49171 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49172 | 183.131.217.120 fa.cc52.cc | 443 |
| 192.168.122.201 | 49162 | 23.59.139.27 ocsp2.digicert.com | 80 |
| 192.168.122.201 | 49175 | 63.130.76.74 | 80 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 58719 | 192.168.122.1 | 53 |
| 192.168.122.201 | 60313 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61636 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61836 | 192.168.122.1 | 53 |
| 192.168.122.201 | 63248 | 192.168.122.1 | 53 |
| 192.168.122.201 | 64412 | 192.168.122.1 | 53 |
HTTP 请求
| URI | HTTP数据 |
|---|---|
| URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAWAJn8G8pVTNI4cGFpe7i4%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAWAJn8G8pVTNI4cGFpe7i4%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.digicert.com |
| URL专业沙箱检测 -> http://ocsp2.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEA5j7sqz72%2FLH9UXrjVAErA%3D | GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEA5j7sqz72%2FLH9UXrjVAErA%3D HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp2.digicert.com |
| URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
| URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl | GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com |
| URL专业沙箱检测 -> http://101.96.10.73/crl.microsoft.com/pki/crl/products/tspca.crl | GET /crl.microsoft.com/pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: */* If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: 101.96.10.73 |
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
|---|---|---|---|---|---|---|---|---|
| 2018-03-12 22:19:00.612346+0800 | 122.224.45.50 | 80 | 192.168.122.201 | 49174 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2018-03-12 22:18:44.238612+0800 | 192.168.122.201 | 49164 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
| 2018-03-12 22:18:44.798569+0800 | 192.168.122.201 | 49170 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
| 2018-03-12 22:18:44.238012+0800 | 192.168.122.201 | 49165 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
| 2018-03-12 22:18:44.836744+0800 | 192.168.122.201 | 49169 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
| 2018-03-12 22:18:44.817803+0800 | 192.168.122.201 | 49171 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
| 2018-03-12 22:18:44.837987+0800 | 192.168.122.201 | 49168 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
| 2018-03-12 22:18:45.812907+0800 | 192.168.122.201 | 49172 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
| 2018-03-12 22:18:35.839752+0800 | 192.168.122.201 | 49160 | 183.131.217.120 | 443 | TLS 1.2 | C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA | CN=fa.cc52.cc | 94:91:a0:ea:4a:9e:b4:2b:57:e9:55:02:d4:19:81:6f:46:03:4c:40 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | qrcode[1].png |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\qrcode[1].png
|
| 文件大小 | 305 字节 |
| 文件类型 | PNG image data, 99 x 99, 1-bit colormap, non-interlaced |
| MD5 | bdf67fdecc25c7c7eea47f92aded2821 |
| SHA1 | a840935ee8525f9e5582378c159e68312e812df2 |
| SHA256 | e0d130c2819b9fffb984195de10fc54847db93bea417ea14e11e86b238c1098e |
| CRC32 | C8368FBC |
| Ssdeep | 6:6v/lhPFJ+EjVFkI0rZMPsioBwZoqTzCPn/6VOfnRYod+QtUDHjBp:6v/7dJLVSIGMUioBwNXCX6Jod+Qk |
| 下载 提交魔盾安全分析 |
| 文件名 | swiper-3.3.1.min[1].css |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\swiper-3.3.1.min[1].css
|
| 文件大小 | 16909 字节 |
| 文件类型 | ASCII text, with very long lines, with no line terminators |
| MD5 | e3c03ee54bc5b9c9ba4bf634710b435f |
| SHA1 | 72af5e00f4783e008bd7df9c6cfac852523b384b |
| SHA256 | 41d2fb807091cfbdb2240df38e17c275f6871a47e73494e9cd7e04a822944a3a |
| CRC32 | 9D7885EF |
| Ssdeep | 192:C0GpaNCOurfg5WHmXgyXyzSHF68EB0SwD:C52CZfgWHfyXyzSl68ie |
| 下载 提交魔盾安全分析 显示文本 | |
.swiper-container{margin:0 auto;position:relative;overflow:hidden;z-index:1}.swiper-container-no-flexbox .swiper-slide{float:left}.swiper-container-vertical>.swiper-wrapper{-webkit-box-orient:vertical;-moz-box-orient:vertical;-ms-flex-direction:column;-webkit-flex-direction:column;flex-direction:column}.swiper-wrapper{position:relative;width:100%;height:100%;z-index:1;display:-webkit-box;display:-moz-box;display:-ms-flexbox;display:-webkit-flex;display:flex;-webkit-transition-property:-webkit-transform;-moz-transition-property:-moz-transform;-o-transition-property:-o-transform;-ms-transition-property:-ms-transform;transition-property:transform;-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box}.swiper-container-android .swiper-slide,.swiper-wrapper{-webkit-transform:translate3d(0,0,0);-moz-transform:translate3d(0,0,0);-o-transform:translate(0,0);-ms-transform:translate3d(0,0,0);transform:translate3d(0,0,0)}.swiper-container-multirow>.swiper-wrapper{-webkit-box-lines:multiple;-moz-box-lines:multiple;-ms-flex-wrap:wrap;-webkit-flex-wrap:wrap;flex-wrap:wrap}.swiper-container-free-mode>.swiper-wrapper{-webkit-transition-timing-function:ease-out;-moz-transition-timing-function:ease-out;-ms-transition-timing-function:ease-out;-o-transition-timing-function:ease-out;transition-timing-function:ease-out;margin:0 auto}.swiper-slide{-webkit-flex-shrink:0;-ms-flex:0 0 auto;flex-shrink:0;width:100%;height:100%;position:relative}.swiper-container-autoheight,.swiper-container-autoheight .swiper-slide{height:auto}.swiper-container-autoheight .swiper-wrapper{-webkit-box-align:start;-ms-flex-align:start;-webkit-align-items:flex-start;align-items:flex-start;-webkit-transition-property:-webkit-transform,height;-moz-transition-property:-moz-transform;-o-transition-property:-o-transform;-ms-transition-property:-ms-transform;transition-property:transform,height}.swiper-container .swiper-notification{position:absolute;left:0;top:0;pointer-events:none;opacity:0;z-index:-1000}.swiper-wp8-horizontal{-ms-touch- <truncated> |
|
| 文件名 | left[1].png |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\left[1].png
|
| 文件大小 | 29497 字节 |
| 文件类型 | PNG image data, 312 x 1118, 8-bit/color RGBA, non-interlaced |
| MD5 | c9bfe9ae78db992700fa282df9a85481 |
| SHA1 | e281407f181a501d5fdae0ca321e4ce2db6a6c9e |
| SHA256 | 6c5bdae08256c1ed2d3642b799089b3fe34dc8f023f8a7305ac951d4eddb658c |
| CRC32 | 86706770 |
| Ssdeep | 768:6vjA6/bWySPhDgjPT8N5SCVtcN8sYzer+zR3XgrLtzmdPVwkL0vhfJm2L+:6v3DWlDgMN5SCVtcasger+zR3XkLdiPl |
| 下载 提交魔盾安全分析 |
| 文件名 | ab[1].css |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\ab[1].css
|
| 文件大小 | 4280 字节 |
| 文件类型 | ASCII text, with very long lines, with no line terminators |
| MD5 | 43282413756970c85421b281f358dabd |
| SHA1 | a429e7558496c2fdcdaa451bdbd7d4b5960e2030 |
| SHA256 | 39ec9bc2fb9f2b2e81d124067bd051bfc7ed086fb91b8c13e8ac248ef9ffa142 |
| CRC32 | 1A563812 |
| Ssdeep | 48:G8K8Etwjqr8Yg9vJ8HaV15AG0ZGvpdMhxywsMgxVmwE:G8HfWr8pLiar5AxAcxRgTmF |
| 下载 提交魔盾安全分析 显示文本 | |
nav{padding-top:.3rem}.nav_left{width:2.1rem;height:2.1rem}.nav_left img{margin-left:.1rem;margin-top:.1rem}.nav_right{margin-top:.23rem;font-size:.34rem}.nav_right p:nth-of-type(1){color:black}.nav_right p:nth-of-type(2){font-size:.3rem;margin-top:.1rem}.downApk,.down_open{width:2rem;color:#2302ff;border:solid 1px #002bff;font-weight:600}.con_top{margin:.3rem auto}.swiper-wrapper{height:auto}.ip{margin-left:.3rem;font-size:.4rem;margin-bottom:.2rem}.c_border{margin:.4rem 0 .4rem 0;width:100%;height:1px;background:#e1e1e1}.xing{display:inline-block;width:.22rem;height:.22rem;background:url(https://www.3futu.com/ios10bus/ios/img/star.png) no-repeat;background-size:100%}.xx{display:inline-block;width:.22rem;height:.22rem;background:url(ala.png) no-repeat;background-size:100%}.xin{display:inline-block;width:.22rem;height:.22rem;background:url(al.png) no-repeat;background-size:100%}.box h3{text-overflow:ellipsis;white-space:nowrap;overflow:hidden;font-size:.34rem}.boxx p{color:#848484;font-size:.3rem;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.box p.xi{text-overflow:ellipsis;white-space:nowrap;overflow:hidden;height:.4rem;font-size:.3rem;margin:.1rem 0 0 0}.box p.wen{padding-right:.3rem}.boxx{margin-bottom:.5rem}.pl{width:100%;text-align:center;margin-bottom:.2rem;color:#318de2 !important;font-weight:500;font-size:.3rem}.b_border{margin:.4rem 0 .2rem 0;width:100%;height:1px;background:#e1e1e1}.zhixian{display:inline-block;width:77%;height:2px;background:#e1e1e1}.yin{width:90%;display:inline-block;height:2px;background:rgba(85,85,85,0.52)}.yin1{width:10%;display:inline-block;height:2px;background:rgba(85,85,85,0.52)}.yin2{width:8%;display:inline-block;height:2px;background:rgba(85,85,85,0.52)}.yin3{width:4%;display:inline-block;height:2px;background:rgba(85,85,85,0.52)}.yin4{width:10%;display:inline-block;height:2px;background:rgba(85,85,85,0.52)}.fen{font-size:.2rem;color:#848484}.content_border{margin:.2rem 0 .2rem 0}.boxx img{width:1.4rem;height:1.4rem;background-size:100% 100%;border-radius:21px;flo <truncated> |
|
| 文件名 | 1519444267[1].png |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\1519444267[1].png
|
| 文件大小 | 17714 字节 |
| 文件类型 | PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced |
| MD5 | 885b6e5a6a32dbb57fc4bca3dc78cfce |
| SHA1 | 833a92a9efb8393871173533c16f926ec9cc1885 |
| SHA256 | d0c56a798b8a5f6516facffaccc9843f5e39fa0ab1ec163395230be022bb0213 |
| CRC32 | C0C46B5A |
| Ssdeep | 384:A3J3e2pG5ynn1oG5SwQ9LmNq0X9vAwP9gBQ/+MQ6zT4z9q:AQ282MmND6BQCo |
| 下载 提交魔盾安全分析 |
| 文件名 | right[1].png |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\right[1].png
|
| 文件大小 | 31022 字节 |
| 文件类型 | PNG image data, 312 x 1118, 8-bit/color RGBA, non-interlaced |
| MD5 | 5fb8b1db346371b5f012853906b977e4 |
| SHA1 | ee782d368ada458aebb291badb6c5c6740e7fde3 |
| SHA256 | c4efb350d2f5dfc1365beb221c4cf8416996cd00b201f3d0220a609bb2530be2 |
| CRC32 | 84D72104 |
| Ssdeep | 384:A2YUjHGRaHS4Nxxf1Q+cgQi7q7nCe+xGBm/R5mLQGd5KYj4gzNf+TpnbKuo4mMEB:AHU7WA3rdjHEpgGA/R5m8UPqnb+4mtB |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
|
| 文件大小 | 262144 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | fbe6ba880d1f6cadfd771536120f2c73 |
| SHA1 | 34b1a30160c6c7675a5c69b62d98661ab7a494bb |
| SHA256 | a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01 |
| CRC32 | E94B92FD |
| Ssdeep | 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi |
| 下载 提交魔盾安全分析 |
| 文件名 | B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
|
| 文件大小 | 430 字节 |
| 文件类型 | data |
| MD5 | 8759195d81832b2be188e56e4147a954 |
| SHA1 | 139d5e681aa67977743205495f4bda2a0b5c35f1 |
| SHA256 | 099ee3c358e2c377408020333d61c760bf4179bf46a03bef21d74522248aa149 |
| CRC32 | E061B1E7 |
| Ssdeep | 6:kKTxVFebXlRNfOAUMivhClroFH7q0yNXImolv9RUuQ2vmLl2km4D3iBq94B4N:FYmxMiv8sFbq0yNYmc3Q2N4DlxN |
| 下载 提交魔盾安全分析 |
| 文件名 | {33BF9084-2600-11E8-AB96-52540022444F}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33BF9084-2600-11E8-AB96-52540022444F}.dat
|
| 文件大小 | 4608 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 4a03fc830241c4beda1cccc611cf16db |
| SHA1 | c1a0c962a0b125ee4de103c10f1aabffbdcb7007 |
| SHA256 | fba6c68fcb12ce661174d3bea90ade84d0593b1a5bb89effb72a5bbc1faa074d |
| CRC32 | EAAA3C15 |
| Ssdeep | 12:rlfFDrEgmfR16FVorEgmf91qjNlYfOo3+/Nlk89oWDHacYp:r3GcoGwNljowNlk8oWDHac8 |
| 下载 提交魔盾安全分析 |
| 文件名 | B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_28699ABAC9273C08DCF1E93A8F6BFD1D
|
| 文件大小 | 471 字节 |
| 文件类型 | data |
| MD5 | 99f7fb1f66874c8cd10c06563366732f |
| SHA1 | 3d02cc05020f6bfb4a3149baa60758418069ad6a |
| SHA256 | 898c80587689d1c31f31c517de5ab4243adf41a9b8670ecdbdda5f2071a0cff2 |
| CRC32 | 551F652F |
| Ssdeep | 12:JD2+Rj5J72+nfLNmHFO/mcGcO5GPtM52UIjDRAiQC4H7JTfhEGvq:JD2+Rjf72+fLII/pGDGa5hIxAiQBprvq |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018031320180314\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 326143e2839ff8c31daf1bfe4f07b8b1 |
| SHA1 | 0cfa7c17a73e0900e7c051ea6ba91421f5e51460 |
| SHA256 | 9031b4c9ca3e0cab2df920fef11cb98377560a280680d66f1f0b6d4f76c27bf3 |
| CRC32 | A0AD1D6F |
| Ssdeep | 6:qjyxXKH73QCAE/FV1jI2CUNg43QCAjvFV1jIziGC4I:qjRb3QyV1jI2CL43QtV1jIziGC4 |
| 下载 提交魔盾安全分析 |
| 文件名 | favicon[1].ico |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favicon[1].ico
|
| 文件大小 | 4286 字节 |
| 文件类型 | MS Windows icon resource - 1 icon, 32x32 |
| MD5 | 9d19b98438b96d139b43e1e6d441e32f |
| SHA1 | e37d17917843be88154106b1e5affdb6c93a6de6 |
| SHA256 | 6aac95fe3e9eb52e4d062c5ca61437015f9a66c040935a5086406fc28e8c29d0 |
| CRC32 | 26199F24 |
| Ssdeep | 96:ilJctr1PBmwW9f7uQQWh3aE+DjsbnI62+iz:KJctrVlcPthO+a |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
| SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
| SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
| CRC32 | BFF870C9 |
| Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
| 下载 提交魔盾安全分析 |
| 文件名 | MSIMGSIZ.DAT |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
|
| 文件大小 | 16384 字节 |
| 文件类型 | data |
| MD5 | 10c04f115efd9a1f9f76b3a16d63c69c |
| SHA1 | 94d6402f52e08da43362b477116f1b407516834e |
| SHA256 | 4118da3dc6872a13a9fff71e17d1fb9311f2a44e3fc3924fc1485e4280f461a9 |
| CRC32 | D611F2B0 |
| Ssdeep | 48:jGQhN7sXHWrVmdkESaakad5PIy+9/8JrcVj9S6gPdYNz7el:CBXHbnSbka5PIL8mJ9cPSz76 |
| 下载 提交魔盾安全分析 |
| 文件名 | RecoveryStore.{33BF9083-2600-11E8-AB96-52540022444F}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33BF9083-2600-11E8-AB96-52540022444F}.dat
|
| 文件大小 | 3584 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 47e26ee8477fe91db25f28c2a92c0aa4 |
| SHA1 | 09b767d47802f423a521cf92ade77aca727f8181 |
| SHA256 | 906cf07d45389358b07c07b60a3fcd8d7e3cb37c9b0cd842aabc5b92cef94906 |
| CRC32 | 533E94AB |
| Ssdeep | 12:rl0YmGF2QrEg5+IaCrI017+FSDrEgmf+IaCy8qgQNlTqoDDIAWot:rIQ5/xGv/TQNlWo/nWot |
| 下载 提交魔盾安全分析 |
| 文件名 | FC96E45960361B9478DE014EA26A25DA |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC96E45960361B9478DE014EA26A25DA
|
| 文件大小 | 432 字节 |
| 文件类型 | data |
| MD5 | cf4dcc6a1787d38d9bca91ebda20403e |
| SHA1 | c1e5cfd196c51e830b7f533b4e062f402b340fcf |
| SHA256 | dc126b3dc2596c09bc8947a8d91439a720a3adc95b08190caea7278cc9cbfb2a |
| CRC32 | A54B4944 |
| Ssdeep | 6:kKJ7rJbXlRNQAUMivhClroFwgLR3wUslealW+KElllwjT32ywebrq9tuUOi:ZPQxMiv8sFwgpsleJpj7bwemL |
| 下载 提交魔盾安全分析 |
| 文件名 | FC96E45960361B9478DE014EA26A25DA |
|---|---|
| 相关文件 |
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC96E45960361B9478DE014EA26A25DA
|
| 文件大小 | 471 字节 |
| 文件类型 | data |
| MD5 | 862d5cb58aff47e0a4e549e23725440e |
| SHA1 | 085c7c3fd575b6ce403a8967988d56750298b239 |
| SHA256 | a0b74869ac81221cf51387c9a64f58c190a9e38dbbf17b5920232c12d2381265 |
| CRC32 | 848B7DCA |
| Ssdeep | 12:JrY5V5k8f023LhzZ/LjxBFwB6iCDKE7LiW:JrYTu8f0GlZTjZwLCVLiW |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 37.826 seconds )
- 20.111 NetworkAnalysis
- 12.026 Suricata
- 2.27 Static
- 1.858 BehaviorAnalysis
- 1.087 VirusTotal
- 0.296 AnalysisInfo
- 0.135 Dropped
- 0.04 Debug
- 0.003 Memory
Signatures ( 4.299 seconds )
- 2.263 md_url_bl
- 0.734 md_bad_drop
- 0.252 antiav_detectreg
- 0.108 stealth_timeout
- 0.094 infostealer_ftp
- 0.086 api_spamming
- 0.054 infostealer_im
- 0.053 antianalysis_detectreg
- 0.051 antivm_generic_scsi
- 0.03 stealth_file
- 0.03 infostealer_mail
- 0.03 md_domain_bl
- 0.026 antivm_generic_services
- 0.024 antiav_detectfile
- 0.02 antivm_generic_disk
- 0.019 mimics_filetime
- 0.016 infostealer_bitcoin
- 0.015 betabot_behavior
- 0.015 geodo_banking_trojan
- 0.014 kibex_behavior
- 0.014 vawtrak_behavior
- 0.014 virus
- 0.013 bootkit
- 0.013 antivm_xen_keys
- 0.012 antivm_parallels_keys
- 0.012 darkcomet_regkeys
- 0.01 antiemu_wine_func
- 0.01 persistence_autorun
- 0.009 dridex_behavior
- 0.009 antivm_generic_diskreg
- 0.009 antivm_vbox_files
- 0.008 hancitor_behavior
- 0.008 kovter_behavior
- 0.008 ransomware_extensions
- 0.008 ransomware_files
- 0.008 recon_fingerprint
- 0.007 andromeda_behavior
- 0.007 shifu_behavior
- 0.007 infostealer_browser_password
- 0.006 antidbg_windows
- 0.005 ransomware_message
- 0.005 stealth_network
- 0.005 antivm_vbox_libs
- 0.005 antisandbox_productid
- 0.005 disables_browser_warn
- 0.004 injection_createremotethread
- 0.004 Locky_behavior
- 0.004 cryptowall_behavior
- 0.004 antidbg_devices
- 0.004 antivm_xen_keys
- 0.004 antivm_hyperv_keys
- 0.004 antivm_vbox_acpi
- 0.004 antivm_vbox_keys
- 0.004 antivm_vmware_keys
- 0.004 antivm_vpc_keys
- 0.004 bypass_firewall
- 0.004 network_torgateway
- 0.004 packer_armadillo_regkey
- 0.003 tinba_behavior
- 0.003 hawkeye_behavior
- 0.003 network_tor
- 0.003 rat_nanocore
- 0.003 antiav_avast_libs
- 0.003 stack_pivot
- 0.003 kazybot_behavior
- 0.003 antivm_vmware_events
- 0.003 cerber_behavior
- 0.003 injection_runpe
- 0.003 browser_security
- 0.003 recon_programs
- 0.002 rat_luminosity
- 0.002 sets_autoconfig_url
- 0.002 antisandbox_sunbelt_libs
- 0.002 antisandbox_sboxie_libs
- 0.002 dead_connect
- 0.002 antiav_bitdefender_libs
- 0.002 dyre_behavior
- 0.002 exec_crash
- 0.002 antivm_generic_bios
- 0.002 antivm_generic_cpu
- 0.002 antivm_generic_system
- 0.002 ie_martian_children
- 0.002 rat_pcclient
- 0.001 persistence_bootexecute
- 0.001 network_anomaly
- 0.001 antivm_vmware_libs
- 0.001 clickfraud_cookies
- 0.001 antivm_vbox_window
- 0.001 injection_explorer
- 0.001 modifies_desktop_wallpaper
- 0.001 ipc_namedpipe
- 0.001 chimera_behavior
- 0.001 ursnif_behavior
- 0.001 ispy_behavior
- 0.001 h1n1_behavior
- 0.001 securityxploded_modules
- 0.001 antianalysis_detectfile
- 0.001 antivm_vmware_files
- 0.001 banker_cridex
- 0.001 banker_zeus_mutex
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 codelux_behavior
- 0.001 disables_system_restore
- 0.001 disables_windows_defender
- 0.001 maldun_blacklist
- 0.001 modify_security_center_warnings
- 0.001 modify_uac_prompt
- 0.001 network_tor_service
- 0.001 office_security
- 0.001 rat_spynet
- 0.001 sniffer_winpcap
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 targeted_flame
- 0.001 whois_create
Reporting ( 0.617 seconds )
- 0.617 ReportHTMLSummary
| Task ID | 136835 |
|---|---|
| Mongo ID | 5aa68cea2e06336c5f1e7003 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号