分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-hpdapp03-1 | 2018-03-14 10:25:38 | 2018-03-14 10:28:00 | 142 秒 |
URL |
---|
URL专业沙箱检测 -> http://amazonaws.com |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 101.96.10.72 | 中国 | |
否 | 122.224.45.50 | 中国 | |
否 | 52.85.158.16 | 美国 | |
否 | 54.239.26.209 | 美国 | |
否 | 72.21.210.29 | 美国 |
Name: Legal Department Country: US State: WA City: Seattle ZIP Code: 98108-1226 Address: PO BOX 81226 Orginization: Amazon.com, Inc. Domain Name(s): AMAZONAWS.COM amazonaws.com Creation Date: 2005-08-18 02:10:45 2005-08-17 19:10:45-0700 Updated Date: 2018-03-08 21:43:34 2018-03-08 13:19:02-0800 Expiration Date: 2020-01-16 04:59:59 2020-01-15 00:00:00-0800 Email(s): abusecomplaints@markmonitor.com hostmaster@amazon.com abuse@amazonaws.com Registrar(s): MarkMonitor, Inc. Name Server(s): R1.AMAZONAWS.COM R2.AMAZONAWS.COM U1.AMAZONAWS.COM U2.AMAZONAWS.COM r1.amazonaws.com u2.amazonaws.com r2.amazonaws.com u1.amazonaws.com Referral URL(s): None
防病毒引擎/厂商 | 网站安全分析 |
---|---|
CLEAN MX | Clean Site |
DNS8 | Clean Site |
VX Vault | Clean Site |
ZDB Zeus | Clean Site |
Tencent | Clean Site |
Netcraft | Unrated Site |
desenmascara_me | Clean Site |
Dr_Web | Clean Site |
PhishLabs | Unrated Site |
Zerofox | Clean Site |
K7AntiVirus | Clean Site |
Virusdie External Site Scan | Clean Site |
SCUMWARE_org | Clean Site |
Quttera | Clean Site |
AegisLab WebGuard | Clean Site |
MalwareDomainList | Clean Site |
ZeusTracker | Clean Site |
zvelo | Clean Site |
Google Safebrowsing | Clean Site |
Kaspersky | Clean Site |
BitDefender | Clean Site |
Certly | Clean Site |
G-Data | Clean Site |
C-SIRT | Clean Site |
OpenPhish | Clean Site |
Malware Domain Blocklist | Clean Site |
MalwarePatrol | Clean Site |
Webutation | Clean Site |
Trustwave | Clean Site |
Web Security Guard | Clean Site |
CyRadar | Clean Site |
ADMINUSLabs | Clean Site |
Malwarebytes hpHosts | Clean Site |
Opera | Clean Site |
AlienVault | Clean Site |
Emsisoft | Clean Site |
Malc0de Database | Clean Site |
Spam404 | Clean Site |
Phishtank | Clean Site |
Malwared | Clean Site |
Avira | Clean Site |
NotMining | Unrated Site |
CyberCrime | Clean Site |
Antiy-AVL | Clean Site |
Forcepoint ThreatSeeker | Clean Site |
FraudSense | Clean Site |
malwares_com URL checker | Clean Site |
Comodo Site Inspector | Clean Site |
Malekal | Clean Site |
ESET | Clean Site |
Sophos | Unrated Site |
Yandex Safebrowsing | Clean Site |
SecureBrain | Clean Site |
Nucleon | Clean Site |
Sucuri SiteCheck | Clean Site |
Blueliv | Clean Site |
ZCloudsec | Clean Site |
AutoShun | Unrated Site |
ThreatHive | Clean Site |
FraudScore | Clean Site |
Rising | Clean Site |
URLQuery | Unrated Site |
StopBadware | Unrated Site |
Fortinet | Clean Site |
ZeroCERT | Clean Site |
Baidu-International | Clean Site |
securolytics | Clean Site |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
是 | 101.96.10.72 | 中国 | |
否 | 122.224.45.50 | 中国 | |
否 | 52.85.158.16 | 美国 | |
否 | 54.239.26.209 | 美国 | |
否 | 72.21.210.29 | 美国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 101.96.10.72 | 80 |
192.168.122.201 | 49165 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.201 | 49163 | 52.85.158.16 x.ss2.us | 80 |
192.168.122.201 | 49161 | 54.239.26.209 aws.amazon.com | 80 |
192.168.122.201 | 49162 | 54.239.26.209 aws.amazon.com | 443 |
192.168.122.201 | 49167 | 54.239.26.209 aws.amazon.com | 443 |
192.168.122.201 | 49160 | 72.21.210.29 amazonaws.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 58027 | 192.168.122.1 | 53 |
192.168.122.201 | 59793 | 192.168.122.1 | 53 |
192.168.122.201 | 60316 | 192.168.122.1 | 53 |
192.168.122.201 | 60407 | 192.168.122.1 | 53 |
192.168.122.201 | 60455 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49164 | 101.96.10.72 | 80 |
192.168.122.201 | 49165 | 122.224.45.50 www.microsoft.com | 80 |
192.168.122.201 | 49163 | 52.85.158.16 x.ss2.us | 80 |
192.168.122.201 | 49161 | 54.239.26.209 aws.amazon.com | 80 |
192.168.122.201 | 49162 | 54.239.26.209 aws.amazon.com | 443 |
192.168.122.201 | 49167 | 54.239.26.209 aws.amazon.com | 443 |
192.168.122.201 | 49160 | 72.21.210.29 amazonaws.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 58027 | 192.168.122.1 | 53 |
192.168.122.201 | 59793 | 192.168.122.1 | 53 |
192.168.122.201 | 60316 | 192.168.122.1 | 53 |
192.168.122.201 | 60407 | 192.168.122.1 | 53 |
192.168.122.201 | 60455 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://amazonaws.com/ | GET / HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=22&ved=0CCEQfjbHN0SUl0blpBYVJDaXd0QmxC&url=http%3A%2F%2Famazonaws.com&ei=TXNLYU5UVnhrWmdV&usg=AFQjZXFvRndUZHFwTVhG Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: amazonaws.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://aws.amazon.com/ | GET / HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=22&ved=0CCEQfjbHN0SUl0blpBYVJDaXd0QmxC&url=http%3A%2F%2Famazonaws.com&ei=TXNLYU5UVnhrWmdV&usg=AFQjZXFvRndUZHFwTVhG Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Connection: Keep-Alive Host: aws.amazon.com |
URL专业沙箱检测 -> http://x.ss2.us/x.cer | GET /x.cer HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: x.ss2.us |
URL专业沙箱检测 -> http://101.96.10.72/x.ss2.us/x.cer | GET /x.ss2.us/x.cer HTTP/1.1 Connection: Keep-Alive Accept: */* User-Agent: Microsoft-CryptoAPI/6.1 Host: 101.96.10.72 |
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-03-14 10:26:03.045476+0800 | 122.224.45.50 | 80 | 192.168.122.201 | 49165 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
---|---|---|---|---|---|---|---|---|
2018-03-14 10:25:55.173355+0800 | 192.168.122.201 | 49162 | 54.239.26.209 | 443 | TLS 1.2 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | CN=aws.amazon.com | 00:c8:2b:4a:a3:c5:76:b7:8a:0c:43:56:46:20:52:73:e3:ea:34:c4 |
No Suricata HTTP
文件名 | invalidcert[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\invalidcert[1]
|
文件大小 | 4754 字节 |
文件类型 | HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 0f9f1ca3f50fbf885ca57019b99ba7b7 |
SHA1 | 22e3b33279e2aad973922839c2518898dbdeb3cf |
SHA256 | 2af130e2ecc3c69f6fa7d78501aec8091a4a1ffd1212893c7b0faaf4a9622c2d |
CRC32 | 0E642371 |
Ssdeep | 48:R3WIysIprQU1YVPlSIXh1cns5PFkiGjUpgXowHMzhCFKiAQVu21kpD8VK6Atefc5:UJsUDls5PFkiGjUp4oW4XwVBkPs+/oLy |
下载 提交魔盾安全分析 |
文件名 | invalidcert[2] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\invalidcert[2]
|
文件大小 | 3127 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | b525b5b56443da423ca00841c1c06979 |
SHA1 | 0fb8c426efed05043a69221d0b021aacc39d141e |
SHA256 | 81742eb16bc5d08b785e0569e1588616d81ee8e923e72243e553d14b503326a7 |
CRC32 | 27AD2EBC |
Ssdeep | 96:Si9yo3+bI1hDXxbLUh2XXyFyyU2vPMOggynJ+yVylcw:S8yo3+bI1hDBbLUh2XXyFyyU2vPMOggZ |
下载 提交魔盾安全分析 |
文件名 | errorPageStrings[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\errorPageStrings[1]
|
文件大小 | 1643 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 13216fa0f896b1b7c445fe9a54b5b998 |
SHA1 | d343d35b45507640bc68487d4ad3afcb927ce950 |
SHA256 | 7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61 |
CRC32 | 3A14753A |
Ssdeep | 48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:57 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | green_shield[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\green_shield[1]
|
文件大小 | 3501 字节 |
文件类型 | PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced |
MD5 | 254d388ce19d84a54fd44571e049e6a6 |
SHA1 | 51ca725642f679978f5880278e5cac5ca4f70fae |
SHA256 | c686babc034f53a24a1206019e958ba8fc879216fd7b6a4b972f188535341227 |
CRC32 | 265B0B9C |
Ssdeep | 96:5SDZ/I09Da01l+gmkyTt6Hk8nTkN9D6ZB+:5SDS0tKg9E05TkN92ZE |
下载 提交魔盾安全分析 |
文件名 | {FB62D004-272E-11E8-8D49-52540055321F}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB62D004-272E-11E8-8D49-52540055321F}.dat
|
文件大小 | 5632 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | e72387b5b97d6bab53f4c184aabacdf6 |
SHA1 | d566b7889e628a0f18d76829ccf1d635b256f594 |
SHA256 | 5eded5dfc9bb7393a05e40d294c2255ac0a9ad3e430f810fce3fe2d058162edd |
CRC32 | A41F01B1 |
Ssdeep | 24:rIV3HxGuoq9dkYq9d2yq9dD/jtdnNlVouzNlVouaqwQMO:rO3HxGm+fKtfloGoJBQMO |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | red_shield_48[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\red_shield_48[1]
|
文件大小 | 7005 字节 |
文件类型 | PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced |
MD5 | f413dd8a75b81a154a1fd5e4c4a0a782 |
SHA1 | 667f7e3da51ca3417a1feb66d238466423c9487d |
SHA256 | f2afc04a24c9d89d3c2f0d73f8cd6fb6b65adbe333196c3f99cc7d6868847ceb |
CRC32 | D96BDACF |
Ssdeep | 192:8SDS0tKg9E05Tz045xhOwZtbiFHsrC3rlTqpHbW:7JXE05d5xhOwtGsSTqpHC |
下载 提交魔盾安全分析 |
文件名 | ErrorPageTemplate[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\ErrorPageTemplate[1]
|
文件大小 | 2226 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
MD5 | 9e7f4ae3f245c70af5b7dbe095647d30 |
SHA1 | cbcffb08f72c10e3e2493ca0044872a7ebdc7215 |
SHA256 | 2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df |
CRC32 | 08BB8CA5 |
Ssdeep | 48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:12 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | httpErrorPagesScripts[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\httpErrorPagesScripts[1]
|
文件大小 | 8601 字节 |
文件类型 | UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators |
MD5 | e7ca76a3c9ee0564471671d500e3f0f3 |
SHA1 | fe815ae0f865ec4c26e421bf0bd21bb09bc6f410 |
SHA256 | 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c |
CRC32 | A7C34EF3 |
Ssdeep | 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y |
魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:05:24 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | RecoveryStore.{FB62D003-272E-11E8-8D49-52540055321F}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB62D003-272E-11E8-8D49-52540055321F}.dat
|
文件大小 | 3584 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | df11cf8c596f949372cc629741899db5 |
SHA1 | 7e8aa3c7e36cf599060a028e9d269a35c9d97704 |
SHA256 | 13c82215b78023ab709e13b4e537652151046fed8798566a95c7eae77f3d6173 |
CRC32 | 5511A926 |
Ssdeep | 12:rl0YmGF2grEg5+IaCrI017+FCDrEgmf+IaCy8qgQNlTqo0LqLiL:rIg5/5Gv/TQNlWo |
下载 提交魔盾安全分析 |
文件名 | red_shield[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\red_shield[1]
|
文件大小 | 3508 字节 |
文件类型 | PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced |
MD5 | 87de5d9a3403e1d7635885cbaa52389d |
SHA1 | 50b32c5966331e3e27bef987fd1da0129423d348 |
SHA256 | 21d03f19c4b1c12db2feb8fb3a373d7e378976ecdfb64efb300204edc8947d3d |
CRC32 | 15814E36 |
Ssdeep | 96:5SDZ/I09Da01l+gmkyTt6Hk8nTzVcxkZFd/:5SDS0tKg9E05TJcxi |
下载 提交魔盾安全分析 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
CRC32 | BFF870C9 |
Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
下载 提交魔盾安全分析 |
文件名 | background_gradient_red[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\background_gradient_red[1]
|
文件大小 | 868 字节 |
文件类型 | JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x800, frames 3 |
MD5 | 337038e78cf3c521402fc7352bdd5ea6 |
SHA1 | 017eaf48983c31ae36b5de5de4db36bf953b3136 |
SHA256 | fbc23311fb5eb53c73a7ca6bfc93e8fa3530b07100a128b4905f8fb7cb145b61 |
CRC32 | C08DA614 |
Ssdeep | 24:vk9YMW80o0XxDuLHeOWXG4OZ7DAJuLHenX36n8R0O3kwd2q:M9YM3uERAq8uyJdB |
下载 提交魔盾安全分析 |
文件名 | down[1] |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\down[1]
|
文件大小 | 3414 字节 |
文件类型 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced |
MD5 | 555e83ce7f5d280d7454af334571fb25 |
SHA1 | 47f78f68d72e3d9041acc9107a6b0d665f408385 |
SHA256 | 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880 |
CRC32 | 9EA3279D |
Ssdeep | 96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 137523 |
---|---|
Mongo ID | 5aa888daa093ef3ab203b8ff |
Cuckoo release | 1.4-Maldun |