分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp01-3 2018-03-19 09:07:16 2018-03-19 09:09:34 138 秒

魔盾分数

0.45

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://www.dooland.com/static/js/jquery.min.js

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
27.148.139.192 中国
47.106.47.99 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.dooland.com A 47.106.47.99
www.microsoft.com CNAME e13678.ca.s.tl88.net
CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
A 27.148.139.192
CNAME www.microsoft.com-c-3.edgekey.net

摘要

登录查看详细行为信息

WHOIS 信息

Name: senhe li
Country: CN
State: guangdong
City: guangzhou
ZIP Code: 510623
Address: 23F,No.117,Longyi Road

Orginization: guangzhou huayue shuma keji youxian gongsi
Domain Name(s):
    DOOLAND.COM
    dooland.com
Creation Date:
    2007-07-23 01:54:18
Updated Date:
    2017-07-18 07:50:48
Expiration Date:
    2018-07-23 01:54:18
Email(s):
    DomainAbuse@service.aliyun.com
    lisenhe@gmail.com

Registrar(s):
    HiChina Zhicheng Technology Ltd.
Name Server(s):
    F1G1NS1.DNSPOD.NET
    F1G1NS2.DNSPOD.NET
Referral URL(s):
    None
防病毒引擎/厂商 网站安全分析
CLEAN MX Clean Site
DNS8 Clean Site
VX Vault Clean Site
ZDB Zeus Clean Site
Tencent Clean Site
Netcraft Unrated Site
desenmascara_me Clean Site
Dr_Web Clean Site
PhishLabs Unrated Site
Zerofox Clean Site
K7AntiVirus Clean Site
Virusdie External Site Scan Clean Site
SCUMWARE_org Clean Site
Quttera Clean Site
AegisLab WebGuard Clean Site
MalwareDomainList Clean Site
ZeusTracker Clean Site
zvelo Clean Site
Google Safebrowsing Clean Site
Kaspersky Clean Site
BitDefender Clean Site
Certly Clean Site
G-Data Clean Site
C-SIRT Clean Site
OpenPhish Clean Site
Malware Domain Blocklist Clean Site
MalwarePatrol Clean Site
Webutation Clean Site
Trustwave Clean Site
Web Security Guard Clean Site
CyRadar Clean Site
ADMINUSLabs Clean Site
Malwarebytes hpHosts Clean Site
Opera Clean Site
AlienVault Clean Site
Emsisoft Clean Site
Malc0de Database Clean Site
Spam404 Clean Site
Phishtank Clean Site
Malwared Clean Site
Avira Clean Site
NotMining Unrated Site
CyberCrime Clean Site
Antiy-AVL Clean Site
Forcepoint ThreatSeeker Clean Site
FraudSense Clean Site
malwares_com URL checker Clean Site
Comodo Site Inspector Clean Site
Malekal Clean Site
ESET Clean Site
Sophos Unrated Site
Yandex Safebrowsing Clean Site
SecureBrain Clean Site
Nucleon Clean Site
Sucuri SiteCheck Clean Site
Blueliv Clean Site
ZCloudsec Clean Site
AutoShun Unrated Site
ThreatHive Clean Site
FraudScore Clean Site
Rising Clean Site
URLQuery Unrated Site
StopBadware Unrated Site
Fortinet Clean Site
ZeroCERT Clean Site
Baidu-International Clean Site
securolytics Clean Site

进程树


iexplore.exe, PID: 272, 上一级进程 PID: 328
iexplore.exe, PID: 2280, 上一级进程 PID: 272

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
27.148.139.192 中国
47.106.47.99 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.203 49161 27.148.139.192 www.microsoft.com 80
192.168.122.203 49160 47.106.47.99 www.dooland.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.203 51159 192.168.122.1 53
192.168.122.203 51724 192.168.122.1 53
192.168.122.203 58808 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
www.dooland.com A 47.106.47.99
www.microsoft.com CNAME e13678.ca.s.tl88.net
CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
A 27.148.139.192
CNAME www.microsoft.com-c-3.edgekey.net

TCP

源地址 源端口 目标地址 目标端口
192.168.122.203 49161 27.148.139.192 www.microsoft.com 80
192.168.122.203 49160 47.106.47.99 www.dooland.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.203 51159 192.168.122.1 53
192.168.122.203 51724 192.168.122.1 53
192.168.122.203 58808 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://www.dooland.com/static/js/jquery.min.js
GET /static/js/jquery.min.js HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&ved=0CCEQfjVW9WSVFjdXNIVWNGZ2x4QkNPT2hL&url=http%3A%2F%2Fwww.dooland.com%2Fstatic%2Fjs%2Fjquery.min.js&ei=VXJVbFloZXl1SVBK&usg=AFQjQllmVFd0WXl4WUV1
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.dooland.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://www.microsoft.com/
GET / HTTP/1.1
Host: www.microsoft.com
Connection: Close

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp Source IP Source Port Destination IP Destination Port Protocol SID Signature Category
2018-03-19 09:07:40.409165+0800 27.148.139.192 80 192.168.122.203 49161 TCP 2012692 ET POLICY Microsoft user-agent automated process response to automated request A Network Trojan was detected

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 191d3d20f356bf520a7d1ed07b1bc08b
SHA1 bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256 d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32 BFF870C9
Ssdeep 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
下载提交魔盾安全分析
文件名 {DAB9FAE4-2B11-11E8-9EBD-52540093FBEC}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAB9FAE4-2B11-11E8-9EBD-52540093FBEC}.dat
文件大小 4096 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 b76944612a46f25dd0c9b2212f8e06b7
SHA1 59d589e6c7a7d333142a4a147f2431e45fdb69c5
SHA256 b950d0236ddb99d945bdff163c3914efcebe7f9b0691d0f729296ce4f5cb86c1
CRC32 0FA9C592
Ssdeep 12:rl0YmGFZrEgm8GL7KFukorEgm8Gz7qPNlCgrNl26ao:rfG8cG8JNlLrNlIo
下载提交魔盾安全分析
文件名 JavaDeployReg.log
相关文件
C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
文件大小 1068 字节
文件类型 ASCII text, with CRLF line terminators
MD5 5ed0d77ecd623de75157cd54e91c4000
SHA1 4f0d032faecd7e0b7c7c4811a13c37b69a7ac70a
SHA256 79d07bb17037085a0e5b0ecd1b66d35f7706c47a6d2a7e6aa873ed704b1664ea
CRC32 848AEFB1
Ssdeep 24:odn9LnnMm8uA8XlZQfU78Tc49PX/+1S5w8hx:odn9LnnMruA8XlZQfU78Tc49PX/+A2ex
下载提交魔盾安全分析显示文本
[2017/06/01 16:29:23.649] Latest deploy version:  
[2017/06/01 16:29:23.649] 11.121.2 
[2017/06/01 16:30:14.832] Latest deploy version:  
[2017/06/01 16:30:14.832] 11.121.2 
[2017/06/01 16:40:25.052] Latest deploy version:  
[2017/06/01 16:40:25.052] 11.121.2 
[2017/06/08 18:03:28.677] Latest deploy version:  
[2017/06/08 18:03:28.677] 11.121.2 
[2017/06/08 18:15:11.176] Latest deploy version:  
[2017/06/08 18:15:11.176] 11.121.2 
[2017/06/08 18:17:04.791] Latest deploy version:  
[2017/06/08 18:17:04.791] 11.121.2 
[2017/09/01 16:11:55.188] Latest deploy version:  
[2017/09/01 16:11:55.188] 11.121.2 
[2017/09/01 20:28:25.900] Latest deploy version:  
[2017/09/01 20:28:25.900] 11.121.2 
[2017/09/01 22:02:42.198] Latest deploy version:  
[2017/09/01 22:02:42.198] 11.121.2 
[2017/09/03 00:16:45.426] Latest deploy version:  
[2017/09/03 00:16:45.426] 11.121.2 
[2017/09/03 11:22:53.307] Latest deploy version:  
[2017/09/03 11:22:53.307] 11.121.2 
[2018/03/19 14:08:26.396] Latest deploy version:  
[2018/03/19 14:08:26.411] 11.121.2 
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
文件名 RecoveryStore.{DAB9FAE3-2B11-11E8-9EBD-52540093FBEC}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAB9FAE3-2B11-11E8-9EBD-52540093FBEC}.dat
文件大小 5120 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 5c75533f883ee0dc12cd6132d77cc9cf
SHA1 d585edc80ae846e705476ea000b88798cbf7b30e
SHA256 485a4557506c70de7a7eb091d76d55c2f3c7b6396d819309422569b1c4e64ec2
CRC32 5C7CD41A
Ssdeep 12:rl0oGF2qtaTrEgmZ+IaCrI0CIc8GbiF2orEg5+IaCrI0CI7uoeMiqI77vNlTqof3:rLqcTG5/k8yo5/OMkNlWofl6QNlWofl
下载提交魔盾安全分析
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 26.27 seconds )

  • 9.274 BehaviorAnalysis
  • 7.261 NetworkAnalysis
  • 7.088 Suricata
  • 1.358 Static
  • 1.121 VirusTotal
  • 0.141 AnalysisInfo
  • 0.023 Dropped
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 4.962 seconds )

  • 1.238 md_url_bl
  • 1.02 antiav_detectreg
  • 0.375 stealth_timeout
  • 0.349 infostealer_ftp
  • 0.313 antivm_generic_scsi
  • 0.266 api_spamming
  • 0.233 antivm_generic_services
  • 0.21 antianalysis_detectreg
  • 0.194 infostealer_im
  • 0.11 infostealer_mail
  • 0.055 antivm_parallels_keys
  • 0.054 darkcomet_regkeys
  • 0.053 kibex_behavior
  • 0.052 antivm_xen_keys
  • 0.04 geodo_banking_trojan
  • 0.038 betabot_behavior
  • 0.036 antivm_generic_diskreg
  • 0.03 md_bad_drop
  • 0.018 antivm_vbox_keys
  • 0.018 antivm_vmware_keys
  • 0.017 antivm_xen_keys
  • 0.017 antivm_hyperv_keys
  • 0.017 antivm_vbox_acpi
  • 0.017 antivm_vpc_keys
  • 0.017 bypass_firewall
  • 0.017 packer_armadillo_regkey
  • 0.015 stealth_file
  • 0.01 md_domain_bl
  • 0.009 antivm_generic_disk
  • 0.008 mimics_filetime
  • 0.008 antiav_detectfile
  • 0.006 bootkit
  • 0.006 persistence_autorun
  • 0.006 virus
  • 0.005 antiemu_wine_func
  • 0.005 kovter_behavior
  • 0.005 infostealer_bitcoin
  • 0.004 hancitor_behavior
  • 0.004 infostealer_browser_password
  • 0.004 antidbg_windows
  • 0.004 ransomware_files
  • 0.003 injection_createremotethread
  • 0.003 antivm_vbox_libs
  • 0.003 antiemu_wine_reg
  • 0.003 antivm_vbox_files
  • 0.003 ransomware_extensions
  • 0.003 recon_fingerprint
  • 0.002 tinba_behavior
  • 0.002 antiav_avast_libs
  • 0.002 dridex_behavior
  • 0.002 ransomware_message
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 vawtrak_behavior
  • 0.002 injection_runpe
  • 0.002 antisandbox_productid
  • 0.002 browser_security
  • 0.002 disables_browser_warn
  • 0.002 network_torgateway
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 rat_nanocore
  • 0.001 stack_pivot
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 ie_martian_children
  • 0.001 modify_uac_prompt
  • 0.001 recon_programs

Reporting ( 0.407 seconds )

  • 0.407 ReportHTMLSummary
Task ID 139045
Mongo ID 5aaf0dffbb7d5741ca731b2d
Cuckoo release 1.4-Maldun