恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp03-1	2018-03-19 10:13:38	2018-03-19 10:15:58	140 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://dlc2.pconline.com.cn/intf/riyuetongxing/downLoadTool2.jsp?masterId=625330&ipType=1&riYueToken=ihUheemQ

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
是	101.96.10.73	中国
否	104.192.110.216	美国
否	122.224.45.50	中国
否	180.163.251.149	中国
否	219.136.244.121	中国
否	61.147.234.59	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
dlc2.pconline.com.cn	A 219.136.244.121 CNAME dlc2.pconline.com.cn.cdn20.com
ftp.pconline.com.cn	A 218.92.219.92 CNAME ftp.pconline.com.cn.fastcdn.com A 61.147.221.62 A 61.147.234.57 A 61.147.234.60 CNAME nxnop012.flxdns.com A 218.92.219.100 A 61.147.221.61 A 61.147.234.58 A 218.92.219.102 A 61.147.234.59 A 218.92.219.83
ocsp.startssl.com	A 104.192.110.216
ocsp1.wosign.com	A 180.163.251.149 A 36.110.213.84
www.microsoft.com	CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    pconline.com.cn
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    dns@pconline.com.cn

Registrar(s):
    北京中科三方网络技术有限公司*
Name Server(s):
    ns.pc.com.cn
    ns2.pc.com.cn
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

iexplore.exe id: 1396
- iexplore.exe id: 2268

iexplore.exe, PID: 1396, 上一级进程 PID: 284

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2268, 上一级进程 PID: 1396

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
是	101.96.10.73	中国
否	104.192.110.216	美国
否	122.224.45.50	中国
否	180.163.251.149	中国
否	219.136.244.121	中国
否	61.147.234.59	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49169	101.96.10.73	80
192.168.122.201	49162	104.192.110.216 ocsp.startssl.com	80
192.168.122.201	49164	122.224.45.50 www.microsoft.com	80
192.168.122.201	49168	173.205.7.34	80
192.168.122.201	49163	180.163.251.149 ocsp1.wosign.com	80
192.168.122.201	49160	219.136.244.121 dlc2.pconline.com.cn	80
192.168.122.201	49161	61.147.234.59 ftp.pconline.com.cn	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	50907	192.168.122.1	53
192.168.122.201	54844	192.168.122.1	53
192.168.122.201	58027	192.168.122.1	53
192.168.122.201	59793	192.168.122.1	53
192.168.122.201	60316	192.168.122.1	53
192.168.122.201	60455	192.168.122.1	53
192.168.122.201	64169	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
dlc2.pconline.com.cn	A 219.136.244.121 CNAME dlc2.pconline.com.cn.cdn20.com
ftp.pconline.com.cn	A 218.92.219.92 CNAME ftp.pconline.com.cn.fastcdn.com A 61.147.221.62 A 61.147.234.57 A 61.147.234.60 CNAME nxnop012.flxdns.com A 218.92.219.100 A 61.147.221.61 A 61.147.234.58 A 218.92.219.102 A 61.147.234.59 A 218.92.219.83
ocsp.startssl.com	A 104.192.110.216
ocsp1.wosign.com	A 180.163.251.149 A 36.110.213.84
www.microsoft.com	CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49169	101.96.10.73	80
192.168.122.201	49162	104.192.110.216 ocsp.startssl.com	80
192.168.122.201	49164	122.224.45.50 www.microsoft.com	80
192.168.122.201	49168	173.205.7.34	80
192.168.122.201	49163	180.163.251.149 ocsp1.wosign.com	80
192.168.122.201	49160	219.136.244.121 dlc2.pconline.com.cn	80
192.168.122.201	49161	61.147.234.59 ftp.pconline.com.cn	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	50907	192.168.122.1	53
192.168.122.201	54844	192.168.122.1	53
192.168.122.201	58027	192.168.122.1	53
192.168.122.201	59793	192.168.122.1	53
192.168.122.201	60316	192.168.122.1	53
192.168.122.201	60455	192.168.122.1	53
192.168.122.201	64169	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://dlc2.pconline.com.cn/intf/riyuetongxing/downLoadTool2.jsp?masterId=625330&ipType=1&riYueToken=ihUheemQ	GET /intf/riyuetongxing/downLoadTool2.jsp?masterId=625330&ipType=1&riYueToken=ihUheemQ HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=19&ved=0CCEQfjUXVZWVZTeUNZSENDV3hGeFZaZnp1&url=http%3A%2F%2Fdlc2.pconline.com.cn%2Fintf%2Friyuetongxing%2FdownLoadTool2.jsp%3FmasterId%3D625330%26ipType%3D1%26riYueToken%3DihUheemQ&ei=elNJZUFic2loVkd2&usg=AFQjVUlZQkpFWXJLQlh0 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: dlc2.pconline.com.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://dlc2.pconline.com.cn/filedown7_625330_27714114/ihUheemQ/pconline1482317794034_2200006253307714114.exe	GET /filedown7_625330_27714114/ihUheemQ/pconline1482317794034_2200006253307714114.exe HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=19&ved=0CCEQfjUXVZWVZTeUNZSENDV3hGeFZaZnp1&url=http%3A%2F%2Fdlc2.pconline.com.cn%2Fintf%2Friyuetongxing%2FdownLoadTool2.jsp%3FmasterId%3D625330%26ipType%3D1%26riYueToken%3DihUheemQ&ei=elNJZUFic2loVkd2&usg=AFQjVUlZQkpFWXJLQlh0 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: dlc2.pconline.com.cn Connection: Keep-Alive Cookie: JSESSIONID=abcq4IMValGFfhEVmc8iw
URL专业沙箱检测 -> http://ftp.pconline.com.cn/1985fd6e86d98473bc561be813ffba12/pub/download/201010/maldner/terminator/pconline1482317794034_2200006253307714114.exe	GET /1985fd6e86d98473bc561be813ffba12/pub/download/201010/maldner/terminator/pconline1482317794034_2200006253307714114.exe HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=19&ved=0CCEQfjUXVZWVZTeUNZSENDV3hGeFZaZnp1&url=http%3A%2F%2Fdlc2.pconline.com.cn%2Fintf%2Friyuetongxing%2FdownLoadTool2.jsp%3FmasterId%3D625330%26ipType%3D1%26riYueToken%3DihUheemQ&ei=elNJZUFic2loVkd2&usg=AFQjVUlZQkpFWXJLQlh0 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ftp.pconline.com.cn Connection: Keep-Alive Cookie: dlc=180.175.177.100
URL专业沙箱检测 -> http://ocsp.startssl.com/ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICBxnChTDpOzY%3D	GET /ca/MEgwRjBEMEIwQDAJBgUrDgMCGgUABBRBc6bT2N9qzRkeiWvn5WI5MHBpNQQUTgvvGqRAW6UXaYcwyjRoQ9BBrvICBxnChTDpOzY%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.startssl.com
URL专业沙箱检测 -> http://ocsp1.wosign.com/ca1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwinUuszX0zOc4yUA1%2Besb7TlGXgQU4WbPDtHxs0u3BiAU%2FocS1fb%2B%2Bz4CECtr1lRZ1wzY4hOxxBE74hM%3D	GET /ca1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwinUuszX0zOc4yUA1%2Besb7TlGXgQU4WbPDtHxs0u3BiAU%2FocS1fb%2B%2Bz4CECtr1lRZ1wzY4hOxxBE74hM%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp1.wosign.com
URL专业沙箱检测 -> http://ocsp1.wosign.com/ca1/code4/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTxdFH46T38ExwqWGvTIB%2F0Q8lfhgQUzE2s0AvbxBP5kgX1ZvJWyUPU0UACEBnbVxrnUlqee8itYOQ%2BzTQ%3D	GET /ca1/code4/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTxdFH46T38ExwqWGvTIB%2F0Q8lfhgQUzE2s0AvbxBP5kgX1ZvJWyUPU0UACEBnbVxrnUlqee8itYOQ%2BzTQ%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp1.wosign.com
URL专业沙箱检测 -> http://www.microsoft.com/	GET / HTTP/1.1 Host: www.microsoft.com Connection: Close
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl	GET /pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: crl.microsoft.com
URL专业沙箱检测 -> http://101.96.10.73/crl.microsoft.com/pki/crl/products/tspca.crl	GET /crl.microsoft.com/pki/crl/products/tspca.crl HTTP/1.1 Cache-Control: max-age = 900 Connection: Keep-Alive Accept: / If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT If-None-Match: "8ab194b3d77cf1:0" User-Agent: Microsoft-CryptoAPI/6.1 Host: 101.96.10.73

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2018-03-19 10:14:03.036507+0800	122.224.45.50	80	192.168.122.201	49164	TCP	2012692	ET POLICY Microsoft user-agent automated process response to automated request	A Network Trojan was detected
2018-03-19 10:13:52.762407+0800	61.147.234.59	80	192.168.122.201	49161	TCP	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	191d3d20f356bf520a7d1ed07b1bc08b
SHA1	bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a
SHA256	d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788
CRC32	BFF870C9
Ssdeep	384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小	262144 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	fbe6ba880d1f6cadfd771536120f2c73
SHA1	34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256	a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
CRC32	E94B92FD
Ssdeep	768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

文件名	3CD99F6CD2961AEFAF9D21EA27618F63_EF7940E5C0809C9194F2666B93244ED1
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3CD99F6CD2961AEFAF9D21EA27618F63_EF7940E5C0809C9194F2666B93244ED1
文件大小	1811 字节
文件类型	data
MD5	6498316d3453129f558b76b14514174f
SHA1	332a6b3b64c499c921eab38a4c6a276f2267883e
SHA256	82fe3109644e4253d0b67064f3e4e479d95c8261a13b78b3e9d7d42827de953f
CRC32	D5DD108D
Ssdeep	48:SIcv8cbbU2BRcxdfrXIcv8cUCRMXsau4Zolx1avG39N:SzvzbUuMrXzv8CRMc4Z6SvK
	下载提交魔盾安全分析

文件名	BC3EBA4E46329F29E449DFA191208FBF_4CA79D185532E6CE94989220364ED7A6
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC3EBA4E46329F29E449DFA191208FBF_4CA79D185532E6CE94989220364ED7A6
文件大小	1760 字节
文件类型	data
MD5	af3e1762db91779b8253ed5bae2e5f93
SHA1	766fac3763ee5ed6d9345b77c5c708a924cc1039
SHA256	1df28829ab82baa9eb3c9485e913dbe3ef89e3f2a4386b99e6e129d8a57f67e6
CRC32	414F8D7D
Ssdeep	48:uTVI80rSkDkNoa+CKRHjIXGuLrFYL+Ld36f8bgum:uTVIZ+kDkNoa+C04veL4d3k
	下载提交魔盾安全分析

文件名	86CEDE2B6248A0C08B5055411CCAA50F_E5842B40986A12283AA4CFA26C326629
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\86CEDE2B6248A0C08B5055411CCAA50F_E5842B40986A12283AA4CFA26C326629
文件大小	1510 字节
文件类型	data
MD5	4c9855631bf2c736bb051a2b839914cf
SHA1	5e52f9e478c172766a78823cf39ed1536f68577b
SHA256	8362dcb8665829704e3a5f78096bfc65f1449a367acaf5394ba02a8900c61cda
CRC32	0B5C8AE8
Ssdeep	24:Nsai6A3rtb4psmLjyAsvV5QKaxK7tg99SdpuP5mJ+W/B0InJxLNzgda:uau3ujyAsvQKaxCS9jW+aRxLF7
	下载提交魔盾安全分析

文件名	{22E4DE84-2B1B-11E8-8D49-52540055321F}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22E4DE84-2B1B-11E8-8D49-52540055321F}.dat
文件大小	4096 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	96edad7d94430e33b883a8d9bbe44513
SHA1	1a76c492ddb839c0070e8918001d79cebcc26874
SHA256	ea0d4bac92dc4a49aeaaf209f00d67b028db31675d35454f4a9a6a781d1682cd
CRC32	835E1AE6
Ssdeep	12:rl0YmGFerEgm8GL7KFFrEgm8Gz7qPNlCgrNl26ao:rsG8VG8JNlLrNlIo
	下载提交魔盾安全分析

文件名	BC3EBA4E46329F29E449DFA191208FBF_4CA79D185532E6CE94989220364ED7A6
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC3EBA4E46329F29E449DFA191208FBF_4CA79D185532E6CE94989220364ED7A6
文件大小	464 字节
文件类型	data
MD5	612fa16ee8e054cb736842a07450777a
SHA1	d1c0a2989ddb99078d3048ef1223d9036d2c906a
SHA256	ffacc4c7ec80b53d04f894be111d75fe51f7682ede3af808aa4e46ffe2a7e1c4
CRC32	DC6F338C
Ssdeep	12:3Q3lxA5CS+8u41XksFLoqaAeqACLYvNAlEbnd:QlxFS+8u4VRoHAbcGEbnd
	下载提交魔盾安全分析

文件名	JavaDeployReg.log
相关文件	C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
文件大小	1068 字节
文件类型	ASCII text, with CRLF line terminators
MD5	3fb67af9684c4092a11e69936ef5fce9
SHA1	17bbd621e775c1b659c31c0463da820459407392
SHA256	4180cc8df536a9a4acf5a789982ea6503943ae9abd4e60e1b663ab1d0474c243
CRC32	62E041E8
Ssdeep	24:odn9LnnMm8uA8XlZQfU78Tc49PX/+1S8KP:odn9LnnMruA8XlZQfU78Tc49PX/+AJP
	下载提交魔盾安全分析显示文本
[2017/06/01 16:29:23.649] Latest deploy version: [2017/06/01 16:29:23.649] 11.121.2 [2017/06/01 16:30:14.832] Latest deploy version: [2017/06/01 16:30:14.832] 11.121.2 [2017/06/01 16:40:25.052] Latest deploy version: [2017/06/01 16:40:25.052] 11.121.2 [2017/06/08 18:03:28.677] Latest deploy version: [2017/06/08 18:03:28.677] 11.121.2 [2017/06/08 18:15:11.176] Latest deploy version: [2017/06/08 18:15:11.176] 11.121.2 [2017/06/08 18:17:04.791] Latest deploy version: [2017/06/08 18:17:04.791] 11.121.2 [2017/09/01 16:11:55.188] Latest deploy version: [2017/09/01 16:11:55.188] 11.121.2 [2017/09/01 20:28:25.900] Latest deploy version: [2017/09/01 20:28:25.900] 11.121.2 [2017/09/01 22:02:42.198] Latest deploy version: [2017/09/01 22:02:42.198] 11.121.2 [2017/09/03 00:16:45.426] Latest deploy version: [2017/09/03 00:16:45.426] 11.121.2 [2017/09/03 11:22:53.307] Latest deploy version: [2017/09/03 11:22:53.307] 11.121.2 [2018/03/19 14:14:50.432] Latest deploy version: [2018/03/19 14:14:50.432] 11.121.2

文件名	RecoveryStore.{22E4DE83-2B1B-11E8-8D49-52540055321F}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22E4DE83-2B1B-11E8-8D49-52540055321F}.dat
文件大小	5120 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	6504817fac9488b3d97b5863d8116f54
SHA1	bea0fd10fac568fe7d2d83c63ba3628d153d648e
SHA256	06ad78887ad78e7d09e3ae29dd044599029a87357e9cbb951f6a09262435484a
CRC32	2F123A50
Ssdeep	12:rl0oGF2UbaTrEgmZ+IaCrI0CIc8GbiF2U7rEg5+IaCrI0CI7uoeMiqI77vNlTqoh:rLNTG5/k8yI5/OMkNlWoeQNlWo
	下载提交魔盾安全分析

文件名	3CD99F6CD2961AEFAF9D21EA27618F63_EF7940E5C0809C9194F2666B93244ED1
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3CD99F6CD2961AEFAF9D21EA27618F63_EF7940E5C0809C9194F2666B93244ED1
文件大小	504 字节
文件类型	data
MD5	104b1e79c95e015f1c0bc3b4d8614b28
SHA1	61135ccfff6c12842fa69e7629bc03bb86708963
SHA256	eb5f95728247784f6af3004eb42009f1ed5bd7890a340e802ade07c7e7c1a4d9
CRC32	40EF67DB
Ssdeep	12:mUJ9XEll7iv8sFF5nB7CuIAAFbAlnZ13mRpPSlwrM/:9DXEllsvPztI/FbAnZ13IPS1/
	下载提交魔盾安全分析

文件名	test@pconline.com[1].txt
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@pconline.com[1].txt
文件大小	83 字节
文件类型	ASCII text
MD5	3cb29892d4138cfe2c9ce07313aaf34b
SHA1	53b50b5ca3dfd4e429631909129b786be653f7bd
SHA256	fbb939a313ecc06de4c909f7282ca646b8bf038ad07c27a3f5b00a9ad50a4f57
CRC32	C240FB24
Ssdeep	3:xdVbSVUQ92L7M9JTyBYOzTIXhryvX:xGVHmAPylTqhry/
	下载提交魔盾安全分析显示文本
dlc 180.175.177.100 pconline.com.cn/ 1024 625291264 30654516 2526295824 30654281 *

文件名	86CEDE2B6248A0C08B5055411CCAA50F_E5842B40986A12283AA4CFA26C326629
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\86CEDE2B6248A0C08B5055411CCAA50F_E5842B40986A12283AA4CFA26C326629
文件大小	508 字节
文件类型	data
MD5	b22087909d77c3cd201e81e1ba743a73
SHA1	5d7c9a4434f62f438999fa3c0b976581cde0d551
SHA256	1c7e6f877a3e9bb4bc4b73cbadcecc7a329c6c38d90f6b5131c1c9fdd9f3c8f7
CRC32	ED00976C
Ssdeep	12:KgOiQFBEllliv8sFnU/eslOmgF5pUrNr2gmKB/:rUBEllevUeskmgF5pUrNbj
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 25.953 seconds )

9.854 NetworkAnalysis
7.478 Suricata
6.921 BehaviorAnalysis
1.231 VirusTotal
0.237 AnalysisInfo
0.107 Static
0.085 Dropped
0.038 Debug
0.002 Memory

Signatures ( 5.738 seconds )

1.541 md_url_bl
1.069 antiav_detectreg
0.528 md_bad_drop
0.366 infostealer_ftp
0.297 stealth_timeout
0.237 antivm_generic_scsi
0.228 antianalysis_detectreg
0.226 api_spamming
0.203 infostealer_im
0.168 antivm_generic_services
0.115 infostealer_mail
0.057 antivm_parallels_keys
0.057 antivm_xen_keys
0.057 darkcomet_regkeys
0.056 kibex_behavior
0.042 geodo_banking_trojan
0.041 betabot_behavior
0.038 antivm_generic_diskreg
0.028 md_domain_bl
0.02 stealth_file
0.02 antivm_vbox_keys
0.02 antivm_vmware_keys
0.019 antivm_xen_keys
0.019 antivm_vbox_acpi
0.019 antivm_vpc_keys
0.018 antivm_hyperv_keys
0.018 bypass_firewall
0.018 packer_armadillo_regkey
0.014 antivm_generic_disk
0.012 dridex_behavior
0.012 mimics_filetime
0.01 antiav_detectfile
0.009 bootkit
0.009 virus
0.008 antiemu_wine_func
0.007 stealth_network
0.007 kovter_behavior
0.007 infostealer_bitcoin
0.006 dead_connect
0.006 infostealer_browser_password
0.006 persistence_autorun
0.005 hancitor_behavior
0.005 antidbg_windows
0.004 hawkeye_behavior
0.004 webmail_phish
0.004 antivm_vbox_libs
0.004 antivm_vbox_files
0.004 ransomware_extensions
0.004 ransomware_files
0.004 recon_fingerprint
0.003 antiav_avast_libs
0.003 injection_createremotethread
0.003 kazybot_behavior
0.003 shifu_behavior
0.003 vawtrak_behavior
0.003 antiemu_wine_reg
0.002 tinba_behavior
0.002 stack_pivot
0.002 ransomware_message
0.002 antisandbox_sunbelt_libs
0.002 generic_phish
0.002 exec_crash
0.002 injection_runpe
0.002 secure_login_phish
0.002 antisandbox_productid
0.002 disables_browser_warn
0.002 network_torgateway
0.001 andromeda_behavior
0.001 network_tor
0.001 rat_nanocore
0.001 antivm_vmware_libs
0.001 Locky_behavior
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 ispy_behavior
0.001 cerber_behavior
0.001 antidbg_devices
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 browser_security
0.001 ie_martian_children
0.001 maldun_blacklist
0.001 modify_uac_prompt
0.001 rat_pcclient
0.001 recon_programs

Reporting ( 0.522 seconds )

0.522 ReportHTMLSummary


Task ID	139061
Mongo ID	5aaf1dada093ef3ab20404a7
Cuckoo release	1.4-Maldun