分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
URL | win7-sp1-x64-shaapp01-3 | 2018-03-19 09:07:16 | 2018-03-19 09:09:34 | 138 秒 |
URL |
---|
URL专业沙箱检测 -> http://www.dooland.com/static/js/jquery.min.js |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 27.148.139.192 | 中国 | |
否 | 47.106.47.99 | 中国 |
Name: senhe li Country: CN State: guangdong City: guangzhou ZIP Code: 510623 Address: 23F,No.117,Longyi Road Orginization: guangzhou huayue shuma keji youxian gongsi Domain Name(s): DOOLAND.COM dooland.com Creation Date: 2007-07-23 01:54:18 Updated Date: 2017-07-18 07:50:48 Expiration Date: 2018-07-23 01:54:18 Email(s): DomainAbuse@service.aliyun.com lisenhe@gmail.com Registrar(s): HiChina Zhicheng Technology Ltd. Name Server(s): F1G1NS1.DNSPOD.NET F1G1NS2.DNSPOD.NET Referral URL(s): None
防病毒引擎/厂商 | 网站安全分析 |
---|---|
CLEAN MX | Clean Site |
DNS8 | Clean Site |
VX Vault | Clean Site |
ZDB Zeus | Clean Site |
Tencent | Clean Site |
Netcraft | Unrated Site |
desenmascara_me | Clean Site |
Dr_Web | Clean Site |
PhishLabs | Unrated Site |
Zerofox | Clean Site |
K7AntiVirus | Clean Site |
Virusdie External Site Scan | Clean Site |
SCUMWARE_org | Clean Site |
Quttera | Clean Site |
AegisLab WebGuard | Clean Site |
MalwareDomainList | Clean Site |
ZeusTracker | Clean Site |
zvelo | Clean Site |
Google Safebrowsing | Clean Site |
Kaspersky | Clean Site |
BitDefender | Clean Site |
Certly | Clean Site |
G-Data | Clean Site |
C-SIRT | Clean Site |
OpenPhish | Clean Site |
Malware Domain Blocklist | Clean Site |
MalwarePatrol | Clean Site |
Webutation | Clean Site |
Trustwave | Clean Site |
Web Security Guard | Clean Site |
CyRadar | Clean Site |
ADMINUSLabs | Clean Site |
Malwarebytes hpHosts | Clean Site |
Opera | Clean Site |
AlienVault | Clean Site |
Emsisoft | Clean Site |
Malc0de Database | Clean Site |
Spam404 | Clean Site |
Phishtank | Clean Site |
Malwared | Clean Site |
Avira | Clean Site |
NotMining | Unrated Site |
CyberCrime | Clean Site |
Antiy-AVL | Clean Site |
Forcepoint ThreatSeeker | Clean Site |
FraudSense | Clean Site |
malwares_com URL checker | Clean Site |
Comodo Site Inspector | Clean Site |
Malekal | Clean Site |
ESET | Clean Site |
Sophos | Unrated Site |
Yandex Safebrowsing | Clean Site |
SecureBrain | Clean Site |
Nucleon | Clean Site |
Sucuri SiteCheck | Clean Site |
Blueliv | Clean Site |
ZCloudsec | Clean Site |
AutoShun | Unrated Site |
ThreatHive | Clean Site |
FraudScore | Clean Site |
Rising | Clean Site |
URLQuery | Unrated Site |
StopBadware | Unrated Site |
Fortinet | Clean Site |
ZeroCERT | Clean Site |
Baidu-International | Clean Site |
securolytics | Clean Site |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 27.148.139.192 | 中国 | |
否 | 47.106.47.99 | 中国 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.203 | 49161 | 27.148.139.192 www.microsoft.com | 80 |
192.168.122.203 | 49160 | 47.106.47.99 www.dooland.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.203 | 51159 | 192.168.122.1 | 53 |
192.168.122.203 | 51724 | 192.168.122.1 | 53 |
192.168.122.203 | 58808 | 192.168.122.1 | 53 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.203 | 49161 | 27.148.139.192 www.microsoft.com | 80 |
192.168.122.203 | 49160 | 47.106.47.99 www.dooland.com | 80 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.203 | 51159 | 192.168.122.1 | 53 |
192.168.122.203 | 51724 | 192.168.122.1 | 53 |
192.168.122.203 | 58808 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://www.dooland.com/static/js/jquery.min.js | GET /static/js/jquery.min.js HTTP/1.1 Accept: */* Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&ved=0CCEQfjVW9WSVFjdXNIVWNGZ2x4QkNPT2hL&url=http%3A%2F%2Fwww.dooland.com%2Fstatic%2Fjs%2Fjquery.min.js&ei=VXJVbFloZXl1SVBK&usg=AFQjQllmVFd0WXl4WUV1 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.dooland.com Connection: Keep-Alive |
URL专业沙箱检测 -> http://www.microsoft.com/ | GET / HTTP/1.1 Host: www.microsoft.com Connection: Close |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-03-19 09:07:40.409165+0800 | 27.148.139.192 | 80 | 192.168.122.203 | 49161 | TCP | 2012692 | ET POLICY Microsoft user-agent automated process response to automated request | A Network Trojan was detected |
No TLS
No Suricata HTTP
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
文件大小 | 65536 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
CRC32 | BFF870C9 |
Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
下载 提交魔盾安全分析 |
文件名 | {DAB9FAE4-2B11-11E8-9EBD-52540093FBEC}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAB9FAE4-2B11-11E8-9EBD-52540093FBEC}.dat
|
文件大小 | 4096 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | b76944612a46f25dd0c9b2212f8e06b7 |
SHA1 | 59d589e6c7a7d333142a4a147f2431e45fdb69c5 |
SHA256 | b950d0236ddb99d945bdff163c3914efcebe7f9b0691d0f729296ce4f5cb86c1 |
CRC32 | 0FA9C592 |
Ssdeep | 12:rl0YmGFZrEgm8GL7KFukorEgm8Gz7qPNlCgrNl26ao:rfG8cG8JNlLrNlIo |
下载 提交魔盾安全分析 |
文件名 | JavaDeployReg.log |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
|
文件大小 | 1068 字节 |
文件类型 | ASCII text, with CRLF line terminators |
MD5 | 5ed0d77ecd623de75157cd54e91c4000 |
SHA1 | 4f0d032faecd7e0b7c7c4811a13c37b69a7ac70a |
SHA256 | 79d07bb17037085a0e5b0ecd1b66d35f7706c47a6d2a7e6aa873ed704b1664ea |
CRC32 | 848AEFB1 |
Ssdeep | 24:odn9LnnMm8uA8XlZQfU78Tc49PX/+1S5w8hx:odn9LnnMruA8XlZQfU78Tc49PX/+A2ex |
下载 提交魔盾安全分析 显示文本 | |
[2017/06/01 16:29:23.649] Latest deploy version: [2017/06/01 16:29:23.649] 11.121.2 [2017/06/01 16:30:14.832] Latest deploy version: [2017/06/01 16:30:14.832] 11.121.2 [2017/06/01 16:40:25.052] Latest deploy version: [2017/06/01 16:40:25.052] 11.121.2 [2017/06/08 18:03:28.677] Latest deploy version: [2017/06/08 18:03:28.677] 11.121.2 [2017/06/08 18:15:11.176] Latest deploy version: [2017/06/08 18:15:11.176] 11.121.2 [2017/06/08 18:17:04.791] Latest deploy version: [2017/06/08 18:17:04.791] 11.121.2 [2017/09/01 16:11:55.188] Latest deploy version: [2017/09/01 16:11:55.188] 11.121.2 [2017/09/01 20:28:25.900] Latest deploy version: [2017/09/01 20:28:25.900] 11.121.2 [2017/09/01 22:02:42.198] Latest deploy version: [2017/09/01 22:02:42.198] 11.121.2 [2017/09/03 00:16:45.426] Latest deploy version: [2017/09/03 00:16:45.426] 11.121.2 [2017/09/03 11:22:53.307] Latest deploy version: [2017/09/03 11:22:53.307] 11.121.2 [2018/03/19 14:08:26.396] Latest deploy version: [2018/03/19 14:08:26.411] 11.121.2 |
文件名 | index.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
文件大小 | 32768 字节 |
文件类型 | Internet Explorer cache file version Ver 5.2 |
MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
CRC32 | B451CA0B |
Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
下载 提交魔盾安全分析 |
文件名 | RecoveryStore.{DAB9FAE3-2B11-11E8-9EBD-52540093FBEC}.dat |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAB9FAE3-2B11-11E8-9EBD-52540093FBEC}.dat
|
文件大小 | 5120 字节 |
文件类型 | Composite Document File V2 Document, Cannot read section info |
MD5 | 5c75533f883ee0dc12cd6132d77cc9cf |
SHA1 | d585edc80ae846e705476ea000b88798cbf7b30e |
SHA256 | 485a4557506c70de7a7eb091d76d55c2f3c7b6396d819309422569b1c4e64ec2 |
CRC32 | 5C7CD41A |
Ssdeep | 12:rl0oGF2qtaTrEgmZ+IaCrI0CIc8GbiF2orEg5+IaCrI0CI7uoeMiqI77vNlTqof3:rLqcTG5/k8yo5/OMkNlWofl6QNlWofl |
下载 提交魔盾安全分析 |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 139045 |
---|---|
Mongo ID | 5aaf0dffbb7d5741ca731b2d |
Cuckoo release | 1.4-Maldun |