分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp01-2 2018-03-16 11:11:03 2018-03-16 11:13:24 141 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> https://www.artisan.com.tw/
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
122.224.45.50 未知 中国
172.217.161.136 美国
172.217.161.142 美国
172.217.161.174 未知 美国
172.217.31.238 美国
210.200.219.241 未知 中国台湾
216.58.197.110 未知 美国
216.58.199.110 未知 美国
216.58.221.238 未知 美国
31.13.95.36 未知 爱尔兰

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.artisan.com.tw 未知 A 210.200.219.241
www.googletagmanager.com A 172.217.161.136
CNAME www-googletagmanager.l.google.com
www.facebook.com A 31.13.95.36
CNAME star-mini.c10r.facebook.com
www.youtube.com 未知 A 172.217.31.238
A 216.58.203.46
A 216.58.199.110
A 216.58.221.238
A 216.58.197.110
A 172.217.161.142
A 172.217.24.206
A 216.58.220.206
A 216.58.200.14
CNAME youtube-ui.l.google.com
A 172.217.161.174
www.microsoft.com 未知 CNAME e13678.ca.s.tl88.net
A 122.224.45.50
CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-3.edgekey.net

摘要

登录查看详细行为信息

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    artisan.com.tw
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    P_LING0129@YAHOO.COM.TW

Registrar(s):
    None
Name Server(s):
    None
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树

iexplore.exe, PID: 2160, 上一级进程 PID: 856
iexplore.exe, PID: 2412, 上一级进程 PID: 2160
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
122.224.45.50 未知 中国
172.217.161.136 美国
172.217.161.142 美国
172.217.161.174 未知 美国
172.217.31.238 美国
210.200.219.241 未知 中国台湾
216.58.197.110 未知 美国
216.58.199.110 未知 美国
216.58.221.238 未知 美国
31.13.95.36 未知 爱尔兰

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49193 122.224.45.50 www.microsoft.com 80
192.168.122.202 49161 178.255.83.1 80
192.168.122.202 49162 178.255.83.1 80
192.168.122.202 49160 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49171 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49172 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49173 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49174 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49175 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49180 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49181 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49182 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49183 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49184 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49197 67.131.44.58 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 51930 192.168.122.1 53
192.168.122.202 51997 192.168.122.1 53
192.168.122.202 53717 192.168.122.1 53
192.168.122.202 54930 192.168.122.1 53
192.168.122.202 55046 192.168.122.1 53
192.168.122.202 56664 192.168.122.1 53
192.168.122.202 57729 192.168.122.1 53
192.168.122.202 59884 192.168.122.1 53
192.168.122.202 65289 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.artisan.com.tw 未知 A 210.200.219.241
www.googletagmanager.com A 172.217.161.136
CNAME www-googletagmanager.l.google.com
www.facebook.com A 31.13.95.36
CNAME star-mini.c10r.facebook.com
www.youtube.com 未知 A 172.217.31.238
A 216.58.203.46
A 216.58.199.110
A 216.58.221.238
A 216.58.197.110
A 172.217.161.142
A 172.217.24.206
A 216.58.220.206
A 216.58.200.14
CNAME youtube-ui.l.google.com
A 172.217.161.174
www.microsoft.com 未知 CNAME e13678.ca.s.tl88.net
A 122.224.45.50
CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
CNAME www.microsoft.com-c-3.edgekey.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.202 49193 122.224.45.50 www.microsoft.com 80
192.168.122.202 49161 178.255.83.1 80
192.168.122.202 49162 178.255.83.1 80
192.168.122.202 49160 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49171 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49172 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49173 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49174 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49175 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49180 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49181 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49182 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49183 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49184 210.200.219.241 www.artisan.com.tw 443
192.168.122.202 49197 67.131.44.58 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.202 51930 192.168.122.1 53
192.168.122.202 51997 192.168.122.1 53
192.168.122.202 53717 192.168.122.1 53
192.168.122.202 54930 192.168.122.1 53
192.168.122.202 55046 192.168.122.1 53
192.168.122.202 56664 192.168.122.1 53
192.168.122.202 57729 192.168.122.1 53
192.168.122.202 59884 192.168.122.1 53
192.168.122.202 65289 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1
Cache-Control: max-age = 462303
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 30 May 2017 14:10:49 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.usertrust.com
URL专业沙箱检测 -> http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.comodoca.com
URL专业沙箱检测 -> http://www.microsoft.com/ 
GET / HTTP/1.1
Host: www.microsoft.com
Connection: Close
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl 
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2018-03-16 11:11:27.999800+0800 122.224.45.50 80 192.168.122.202 49193 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2018-03-16 11:11:20.604688+0800 192.168.122.202 49160 210.200.219.241 443 TLS 1.2 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA OU=Domain Control Validated, OU=PositiveSSL, CN=www.artisan.com.tw 45:b9:ba:ee:a4:6a:ec:73:cf:3b:4f:44:8d:68:d3:e2:c3:e4:02:af

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小 262144 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 fbe6ba880d1f6cadfd771536120f2c73
SHA1 34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256 a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
CRC32 E94B92FD
Ssdeep 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
下载提交魔盾安全分析
文件名 5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
文件大小 727 字节
文件类型 data
MD5 343a0c2a4c99ae17a56d25b77687b4b4
SHA1 16683195a32cec974e624c7ce6175bacb0c03f06
SHA256 a4e6ef17bdbc9ecaff6ed842181d92561f6b46f1fc07aaf05f710c697b05d0ad
CRC32 7938CEBF
Ssdeep 12:5oTXaNmX5tZvGvpWaNEqmpP8lLNiz1Om/q71Nps7Ea68br6M6AcpD8WAz2/UYJqR:5SKEXPZvGvpFhrBw43ZNps7X68br65AL
下载提交魔盾安全分析
文件名 5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
文件大小 400 字节
文件类型 data
MD5 a0b0057e1e91b09799d276c6b149b897
SHA1 96d698f58b5035567d091bd4986ea1e9cca2995b
SHA256 bdca72dd6b2e2a2ab4dffe3c5190fa9dec72cfe589d3167b7bc094cf13e46733
CRC32 790F8EA2
Ssdeep 6:kK577le4LrCBqeFpivhClroFJZCrnZ23YcqQmF3ODSld+8m0VowpgGa4n:xwQCMeFpiv8sFSU3vq3OKa0VFpe4
下载提交魔盾安全分析
文件名 logo[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\logo[1].png
文件大小 12669 字节
文件类型 PNG image data, 205 x 50, 8-bit/color RGBA, non-interlaced
MD5 ddc46efc5fb69c88980f52e3088e7cb5
SHA1 65f1b3c6dcc909b9a403eb6738bb839b3a670d64
SHA256 86f5f55b0c7787a29ad4f7323ccdbd254ab8990a753b11ea683e19cd7b44b9ad
CRC32 DAFB8BB9
Ssdeep 192:krIAOL7Mtxx8CRLzw5ktNm8WJYnMqVFmSjAXOGAl+TrKp9mLjlcxQWCFqNm0L:kPOL72x98knm8Og6WkTrog14pL
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 191d3d20f356bf520a7d1ed07b1bc08b
SHA1 bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256 d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32 BFF870C9
Ssdeep 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
下载提交魔盾安全分析
文件名 5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
文件大小 471 字节
文件类型 data
MD5 b74e020b8474f831279734d54c89ddbb
SHA1 5d5a96f0031d54ef2c00da6074614f966ba3888b
SHA256 a7b6b5573ba9e1eb81d0acf126ffbb8ea02d0700e45c261e68d6eec93636c74d
CRC32 3C6387F6
Ssdeep 12:JAEmaNmX5JyWx/jaNEqmuqyg7c7gIDVD0DaOfxPf:JAEVEXZx/OhJQc7n4xX
下载提交魔盾安全分析
文件名 5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
文件大小 398 字节
文件类型 data
MD5 617efedaf2aa68e082609428ce947824
SHA1 71ecfcc97a17bc3c4f6d31778f835acd3aa2794f
SHA256 48fa2d407c180e8c65aedb8a3df7432d613de944a7b69b86c831489d424c2682
CRC32 7C442E41
Ssdeep 6:kKBfoF7le4Ltgt1XlRNXJMMivhClroFdB5Pwcblle284/rmzlTLO1OyI7dn:T5DXJMMiv8sFd/Hle9KMlTLO1OyIx
下载提交魔盾安全分析
文件名 RecoveryStore.{A87774A3-28C7-11E8-97F6-525400819FEB}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A87774A3-28C7-11E8-97F6-525400819FEB}.dat
文件大小 3584 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 72cc06df06dacafd631a5e835bcf62fe
SHA1 b1735c32364c214e0e70892e12ece90fb0b369bd
SHA256 1651f54cf3c3a702362451380be80f1e82a5f7f9b29d63e113cab6f05c4c5f00
CRC32 95A01668
Ssdeep 12:rl0YmGF2QSrEg5+IaCrI017+FvDrEgmf+IaCy8qgQNlTqo6F:rI15/IGv/TQNlWo6
下载提交魔盾安全分析
文件名 WebResource[2].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\WebResource[2].gif
文件大小 162 字节
文件类型 GIF image data, version 89a, 7 x 9
MD5 fdbb83eb74abcaddd72ac11baa234be4
SHA1 6d535bfdc7b89b7b06c25c54e2519fa556301fb9
SHA256 d344628798297c452aa3662d940540204530c2097b4d2c9c7f65b9f30bb125fc
CRC32 83CE14AE
Ssdeep 3:CKhXbGlf7QIIKKKt83//zylqrBg6F/ljVTzEle:IZQAK2CX5rWYFqle
下载提交魔盾安全分析
文件名 {A87774A4-28C7-11E8-97F6-525400819FEB}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A87774A4-28C7-11E8-97F6-525400819FEB}.dat
文件大小 159232 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 35eedbcfab5cd51b1fe13d8d4fe231f9
SHA1 2a0b772244026e48184cebc0e55a76b57fb09070
SHA256 0dd69dd769fcfd111eb477e58ac3d561ac02726fe9cf1b53ea61f63eaac39d99
CRC32 73B8478F
Ssdeep 1536:QTJSlkpbORFk3+ZkHCL3pE01otfwawAV3A17brfgxEWIOuMP7icRQhw:Q8lkpbObr1Oq1LfMI8P7V
下载提交魔盾安全分析
文件名 WebResource[1].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\WebResource[1].gif
文件大小 161 字节
文件类型 GIF image data, version 89a, 7 x 9
MD5 9a70b3bc37a45465afbc97fe58b236e5
SHA1 fba758b7cf5adcaa3b63896754c50a6f13a7e40e
SHA256 b8acae9ef7eb744febbbe8b653528a92f531319c336f7619a62e774672ad024e
CRC32 D2AAFE85
Ssdeep 3:CKhXbGlf7QIIKKKt83//zylqrBg7MoBUmUNqhf+kfe:IZQAK2CX5rW7vUNaK
下载提交魔盾安全分析
文件名 MSIMGSIZ.DAT
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小 16384 字节
文件类型 data
MD5 deedaf40b0e9d40edaa5faaea37176ca
SHA1 c77a8f6c867be0a4461125607af6129185b3a494
SHA256 0324d1337e041fd011e4a9fbd52004218139f4c5134940dbe31a30cb338fead2
CRC32 2D029F84
Ssdeep 48:jGQhN7sXHWrVmqESaakad5PIy+938SrcVjdSbPgPdoLz7el:CBXHbbSrka5PID8zJdZPQz76
下载提交魔盾安全分析
文件名 WebResource[1].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\WebResource[1].gif
文件大小 176 字节
文件类型 GIF image data, version 89a, 11 x 9
MD5 08e605c416063ee87b5d1fdf500d7fbb
SHA1 8412dd57258e3d62eb9ef9ea627396357e3f073e
SHA256 d832aede8fb1b940b216dd2062ca32a0e4b0bbe4805a012aa1593e09e520c769
CRC32 A1A0303C
Ssdeep 3:CCc3fBdggmRiI1P+3//zylqr1l5OzsOFkMM4ouon:Lc3M4ISX5r1qFk/4c
下载提交魔盾安全分析
文件名 link_icon04[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\link_icon04[1].png
文件大小 1717 字节
文件类型 PNG image data, 21 x 20, 8-bit/color RGBA, non-interlaced
MD5 6875d83ba27b8dce823ac86fbe7fa75d
SHA1 29cba235c82e48f7d74aea7ddaf54c38850c2b15
SHA256 5340e2d5821f800e5d0957d68f34a8402bdcb570eeb4fe888186de4bcfb2501f
CRC32 E832C5ED
Ssdeep 48:wqQinNuihJ0qIJ3lAloQ2I7Q3YBRNUSh6:BBNryqcAlf2aQO6
下载提交魔盾安全分析
文件名 link_icon01[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\link_icon01[1].png
文件大小 1793 字节
文件类型 PNG image data, 21 x 20, 8-bit/color RGBA, non-interlaced
MD5 ffc8c8488fb2708ea69be45491096e1e
SHA1 dc7070eb3284d5d354ceee811c30ff220beb8d80
SHA256 005410a3413435bc880aebe9559bb8a6009ea70f1ac817f577495523d377b8ae
CRC32 8B411EDD
Ssdeep 48:wqQinNuiOJzqIJ3lAlSexuv9fbt9bRYEldFAVKpsc:BBNYZqcAlxxK9BhloVysc
下载提交魔盾安全分析
文件名 link_icon03[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\link_icon03[1].png
文件大小 1801 字节
文件类型 PNG image data, 21 x 20, 8-bit/color RGBA, non-interlaced
MD5 39f1736c46cc517879544c4afb395c91
SHA1 9aba69dd0b4cd1f4ac4ea475c19af4d3d352b4f5
SHA256 bf6d4268c530c374864b7233f14abb6b8a69820ed2ebd2223c0051d748e02d66
CRC32 9F9079E1
Ssdeep 24:y1he91WwylZ82lYSqMHiOqi6gAiyVFghiNT3ouyJ3V7AsqC8GcJMasnovCOpDR5j:wqQinNui1JwqIJ3lAlr9rDR5wC93Y8
下载提交魔盾安全分析
文件名 fb_icon[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\fb_icon[1].png
文件大小 2156 字节
文件类型 PNG image data, 21 x 20, 8-bit/color RGBA, non-interlaced
MD5 6c2c8acec2aaad10000ea41fc39af220
SHA1 565ec96069f7247c851bcd00b34ef8686afb9f67
SHA256 beb9bd07483f22a920cd8ecc3286e098d5cbf6c908ee66393fd2c31b065ea9b9
CRC32 B312734A
Ssdeep 48:wqQinNuiUJ/qIJ3lAlKbTpmVr3IDFAtz/4D:BBNWhqcAlKbTpmVrWa0
下载提交魔盾安全分析
文件名 line_icon[1].png
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\line_icon[1].png
文件大小 2225 字节
文件类型 PNG image data, 21 x 20, 8-bit/color RGBA, non-interlaced
MD5 22a203a7bccd7fef6f80b9a426cb9c54
SHA1 9af8075b6c6659603747862fa5a85f5070b74ac6
SHA256 06974c598333accef01e5e3d1970c4c9824eebc71333fc256648d051743a19d2
CRC32 289726BC
Ssdeep 48:wqQinNui6XvJrqIJ3lAlQOq7jTar0wnEF9tlVabiN36b0g:BBN4vZqcAlQbTaoiEFLlRI9
下载提交魔盾安全分析
文件名 WebResource[1].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\WebResource[1].gif
文件大小 176 字节
文件类型 GIF image data, version 89a, 11 x 9
MD5 0fbd5c158dfc94209d2055adbf3462d5
SHA1 8b7e5c21065768c00745e374e17a8fcc9200754a
SHA256 ba7252ff330628763f48cda286d9e5f689bd8b73378390eae749758e452e1535
CRC32 62252639
Ssdeep 3:CCc3fBdggmRiI1P+3//zylqr1l5wHElUvBQTAhZnE:Lc3M4ISX5r1oHEl2mAPE
下载提交魔盾安全分析
文件名 WebResource[1].axd
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\WebResource[1].axd
文件大小 39694 字节
文件类型 ASCII text, with very long lines, with CRLF line terminators
MD5 126c7edc1e408794f30dc6005bcb3f27
SHA1 0e160945fdb9f1a136081cbd1711ddbb156469d6
SHA256 bdc22ee84c4f8f6b747a90fc33f374a008105155b1b69f64608823fa466e89f2
CRC32 1F130201
Ssdeep 768:gZ3H0yEU9bPwnOzPmY1yeB7AztRk54RiPipoBVq6/8ur5xdIV0i6Q:gBMswnOrmY1yeB7AztRk54R0eUq6/8uK
下载提交魔盾安全分析显示文本 
( function (){Iu=3; if (typeof(window.RadAjaxNamespace)=="\165ndefine\x64" || typeof(window.RadAjaxNamespace.Version)=="\x75\x6edefine\x64" || window.RadAjaxNamespace.Version<Iu){window.RadAjaxNamespace= {Version:Iu,IsAsyncResponse: false ,LoadingPanels:{} ,ExistingScripts:{} ,ov:{}} ; RadAjaxNamespace.EventManager= {Ov:null,lv:function (){try {if (this.Ov==null){ this.Ov=[]; RadAjaxNamespace.EventManager.Add(window,"\165nload",this.iv); }}catch (e){RadAjaxNamespace.OnError(e);}} ,Add:function (Iv,Ib,ow,clientID){try { this.lv(); if (Iv==null || ow==null){return false; }if (Iv.addEventListener && !window.opera){Iv.addEventListener(Ib,ow, true); this.Ov[this.Ov.length]= {Iv:Iv,Ib:Ib,ow:ow,clientID:clientID } ; return true; }if (Iv.addEventListener && window.opera){Iv.addEventListener(Ib,ow, false); this.Ov[this.Ov.length]= {Iv:Iv,Ib:Ib,ow:ow,clientID:clientID } ; return true; }if (Iv.attachEvent && Iv.attachEvent("o\x6e"+Ib,ow)){ this.Ov[this.Ov.length]= {Iv:Iv,Ib:Ib,ow:ow,clientID:clientID } ; return true; }return false; }catch (e){RadAjaxNamespace.OnError(e);}} ,iv:function (){try {if (RadAjaxNamespace.EventManager.Ov){for (var i=0; i<RadAjaxNamespace.EventManager.Ov.length; i++){with (RadAjaxNamespace.EventManager.Ov[i]){if (Iv.removeEventListener)Iv.removeEventListener(Ib,ow, false); else if (Iv.detachEvent)Iv.detachEvent("\157\x6e"+Ib,ow); }}RadAjaxNamespace.EventManager.Ov=null; }}catch (e){RadAjaxNamespace.OnError(e);}} ,Ow:function (id){try {if (RadAjaxNamespace.EventManager.Ov){for (var i=0; i<RadAjaxNamespace.EventManager.Ov.length; i++){with (RadAjaxNamespace.EventManager.Ov[i]){if (clientID+""==id+""){if (Iv.removeEventListener)Iv.removeEventListener(Ib,ow, false); else if (Iv.detachEvent)Iv.detachEvent("\x6fn"+Ib,ow); }}}}}catch (e){RadAjaxNamespace.OnError(e);}}} ; RadAjaxNamespace.EventManager.Add(window,"\x6coad", function (){var lw=document.getElementsByTagName("scr\x69\x70t"); for (var i=0; i<lw.length; i++){var iw=lw[i]; if (iw.src!="")RadAjaxNamespace.ExistingScripts[iw.src]= true; }} ); RadAja <truncated>
文件名 WebResource[1].axd
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\WebResource[1].axd
文件大小 87574 字节
文件类型 ASCII text, with very long lines, with no line terminators
MD5 1c7e9134fbe6de8fb6c6ff12cb88d704
SHA1 40a162c94c73a9319928e2f8626cfe9bb6ae9a8d
SHA256 55a0f07cf2a577c76c219f10750987d77f1811579108dd6eca2b6650e90db2b1
CRC32 305A00A9
Ssdeep 1536:3Pjh14QQsiVXKwGKC0C2TNjl3CsQ2Z5ebkuqSueFbY16iPrEv32N:fN14QQsiIlKHBNjcsQmSLbY1NPOe
下载提交魔盾安全分析显示文本 
if (typeof(window["\x52adCalendar\x4eamespac\x65"])=="undefined"){window["\x52adCalenda\x72\x4eame\x73\x70a\x63\x65"]= {} ; }RadCalendarNamespace.GregorianCalendar= {O: 3,o: 1,I: 2,A: 0,U: 36524,Z: 146097,z: 1461,W: 365,w: 3652059,V: [0,31,59,90,120,151,181,212,243,273,304,334,365],v: [0,31,60,91,121,152,182,213,244,274,305,335,366],T: .315537897600000e15,t: 86400000,S: 3600000,R: 60000,r: 1000,Q: .864000000000e12,P: .36000000000e11,N: 10000,n: 600000000,M: 10000000,L: 9999,l:function (){var K,k,J; switch (arguments.length){case 1:var J=arguments[0]; if ("objec\x74"!=typeof(J)){ throw new Error("\x55nsupported\x20\x69npu\x74\x20fo\x72\x6dat"); }if (J.getDate){K=J.getFullYear(); k=J.getMonth()+1; J=J.getDate(); }else if (3==J.length){K=J[0]; k=J[1]; J=J[2]; }else { throw new Error("Unsu\x70\160\x6f\162te\x64\x20inp\x75\164 f\x6f\162ma\x74"); }break; case 3:K=arguments[0]; k=arguments[1]; J=arguments[2]; break; default: throw new Error("\125n\x73\x75pport\x65\x64 inp\x75\164 \x66\x6frma\x74"); break; }K=parseInt(K); if (isNaN(K)){ throw new Error("Inva\x6cid YEAR"); }k=parseInt(k); if (isNaN(k)){ throw new Error("\x49\x6evalid\x20MONTH"); }J=parseInt(J); if (isNaN(J)){ throw new Error("\x49nvalid D\x41\x54E"); }return [K,k,J]; } ,H:function (){var h=this.l.apply(null,arguments); var K=h[0]; var k=h[1]; var G=h[2]; return (this.g(K,k,G)*this.Q); } ,F:function (f){var y=this.D(f,0); var C=this.D(f,2); var c=this.D(f,3); return [y,C,c]; } ,g:function (K,k,G){if (K<1 || K>this.L) throw new Error("\x59\x65\x61r is \x6fut of ra\x6ege [1.\x2e\x39999\x5d\056"); if (k<1 || k>12) throw new Error("\x4donth \x69\x73 out\x20\x6ff r\x61\156g\x65\x20[1.\x2e\x312]\x2e"); var B=((K%4==0) && ((K%100!=0) || (K%400==0))); var o0=B?this.v: this.V; var O0=o0[k]-o0[k-1]; if (G<1 || G>O0) throw new Error("Day \x69\x73 out \x6f\x66 ra\x6e\147e\x20\x66or \x74\150e\x20\x63u\x72rent \x6d\x6fnt\x68\056"); var l0=K-1; var i0=l0*this.W+this.I0(l0/4)-this.I0(l0/100)+this.I0(l0/400)+o0[k-1]+G-1; return i0; } ,D:function (f,o1){var O1=this.I0(f/thi <truncated>
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 34.438 seconds )

  • 21.112 NetworkAnalysis
  • 9.397 Suricata
  • 2.152 BehaviorAnalysis
  • 1.29 VirusTotal
  • 0.213 Static
  • 0.161 AnalysisInfo
  • 0.109 Dropped
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 2.696 seconds )

  • 1.684 md_url_bl
  • 0.155 antiav_detectreg
  • 0.11 stealth_timeout
  • 0.096 api_spamming
  • 0.057 infostealer_ftp
  • 0.048 md_domain_bl
  • 0.04 antivm_generic_scsi
  • 0.033 antianalysis_detectreg
  • 0.033 infostealer_im
  • 0.022 md_bad_drop
  • 0.021 antivm_generic_services
  • 0.018 stealth_file
  • 0.018 infostealer_mail
  • 0.014 mimics_filetime
  • 0.014 antivm_generic_disk
  • 0.014 antiav_detectfile
  • 0.013 stealth_network
  • 0.01 bootkit
  • 0.01 clickfraud_cookies
  • 0.01 modifies_desktop_wallpaper
  • 0.01 heapspray_js
  • 0.01 infostealer_bitcoin
  • 0.009 betabot_behavior
  • 0.009 virus
  • 0.009 geodo_banking_trojan
  • 0.008 dridex_behavior
  • 0.008 kibex_behavior
  • 0.008 antivm_xen_keys
  • 0.008 darkcomet_regkeys
  • 0.007 antiemu_wine_func
  • 0.007 vawtrak_behavior
  • 0.007 antivm_parallels_keys
  • 0.006 virtualcheck_js
  • 0.006 persistence_autorun
  • 0.006 kovter_behavior
  • 0.006 antivm_vbox_files
  • 0.006 ransomware_extensions
  • 0.006 ransomware_files
  • 0.006 recon_fingerprint
  • 0.005 hancitor_behavior
  • 0.005 infostealer_browser_password
  • 0.005 antivm_generic_diskreg
  • 0.004 andromeda_behavior
  • 0.004 shifu_behavior
  • 0.004 antidbg_windows
  • 0.003 hawkeye_behavior
  • 0.003 internet_dropper
  • 0.003 antiav_avast_libs
  • 0.003 upatre_behavior
  • 0.003 network_anomaly
  • 0.003 ransomware_message
  • 0.003 antivm_vbox_libs
  • 0.003 antisandbox_productid
  • 0.003 disables_browser_warn
  • 0.003 network_torgateway
  • 0.003 packer_armadillo_regkey
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 injection_createremotethread
  • 0.002 Locky_behavior
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 kazybot_behavior
  • 0.002 dead_connect
  • 0.002 antivm_vmware_events
  • 0.002 cerber_behavior
  • 0.002 cryptowall_behavior
  • 0.002 antidbg_devices
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 bypass_firewall
  • 0.002 rat_pcclient
  • 0.002 recon_programs
  • 0.001 network_tor
  • 0.001 rat_luminosity
  • 0.001 stack_pivot
  • 0.001 antivm_vmware_libs
  • 0.001 injection_explorer
  • 0.001 kelihos_behavior
  • 0.001 sets_autoconfig_url
  • 0.001 antisandbox_sboxie_libs
  • 0.001 ipc_namedpipe
  • 0.001 antiav_bitdefender_libs
  • 0.001 dyre_behavior
  • 0.001 exec_crash
  • 0.001 java_js
  • 0.001 js_phish
  • 0.001 ispy_behavior
  • 0.001 injection_runpe
  • 0.001 silverlight_js
  • 0.001 securityxploded_modules
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 ie_martian_children
  • 0.001 modify_uac_prompt
  • 0.001 rat_spynet
  • 0.001 sniffer_winpcap
  • 0.001 targeted_flame

Reporting ( 0.47 seconds )

  • 0.47 ReportHTMLSummary
Task ID 138504
Mongo ID 5aab3681bb7d5741c9732fa8
Cuckoo release 1.4-Maldun