恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp03-4	2018-04-10 13:46:08	2018-04-10 13:48:36	148 秒

魔盾分数

3.45

可疑的

文件详细信息

文件名	使用安卓手机充当KMS Server激活服务器.APK
文件大小	388660 字节
文件类型	Java archive data (JAR)
MD5	83255fa8d674e9c51784efcb910c55d9
SHA1	d61bbdc433e1e6e67c2908f168dd2bd4ae15fa50
SHA256	a9083435b67898ddb81ef5a04f9b39db7f488440266a391991c86f44593a5ffb
SHA512	46c56044ff8fb79aa10f0736fb866126abb5dfe1ce3b2c7797b60ba2482efa4951dea8191a6e114325891e807e4bc93217cd2911a3a458674a20f07e39622eb6
CRC32	2B92E677
Ssdeep	6144:qBzAJ8fTR16Ik7GuJlXcW0aItsuDiO2xFW3kahyFRVKKoXImcGDXStsHd:qBzAJ8f9U7LdVmde40VFRVHoXoq9
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	104.18.24.243	美国
否	117.18.232.200	亚洲太平洋地区
否	122.224.45.50	中国
否	210.65.144.178	中国台湾
否	65.55.186.115	美国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.microsoft.com	CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net
data.tvdownload.microsoft.com	A 65.55.186.115 CNAME data.tvdownload.windowsmedia.com.akadns.net
ocsp.msocsp.com	A 104.18.25.243 CNAME hostedocsp.globalsign.com CNAME ocsp.globalsign.cloud A 104.18.24.243
mscrl.microsoft.com	CNAME certrevoc.vo.msecnd.net CNAME cs9.wpc.v0cdn.net A 117.18.232.200
cdn.epg.tvdownload.microsoft.com	A 210.65.144.178 CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net CNAME a1683.d.akamai.net A 210.65.144.145 CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net

摘要

登录查看详细行为信息

没有可用的静态分析.

Y8SVk
?gGz^W
jR'Hv1
res/layout/activity_main.xml
res/menu/main.xml
!!res/drawable-mdpi/ic_launcher.png
!!res/drawable-hdpi/ic_launcher.png
""res/drawable-xhdpi/ic_launcher.png
##res/drawable-xxhdpi/ic_launcher.png
Hello world!
Settings
KmsServer
drawable
layout
dimen
string
style
ic_launcher
activity_main
activity_horizontal_margin
activity_vertical_margin
app_name
action_settings
hello_world
AppBaseTheme
AppTheme
toggleButton
kmsmsgid
com.laotou.kmsserver

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20180409
MicroWorld-eScan	未发现病毒	20180409
nProtect	未发现病毒	20180409
CMC	未发现病毒	20180409
CAT-QuickHeal	未发现病毒	20180409
McAfee	未发现病毒	20180409
Malwarebytes	未发现病毒	20180409
Zillya	未发现病毒	20180409
AegisLab	未发现病毒	20180409
TheHacker	未发现病毒	20180404
Alibaba	未发现病毒	20180409
K7GW	未发现病毒	20180409
K7AntiVirus	未发现病毒	20180409
Baidu	未发现病毒	20180409
F-Prot	未发现病毒	20180409
SymantecMobileInsight	未发现病毒	20180406
Symantec	未发现病毒	20180410
ESET-NOD32	未发现病毒	20180409
TrendMicro-HouseCall	未发现病毒	20180410
Avast	未发现病毒	20180410
ClamAV	未发现病毒	20180410
Kaspersky	未发现病毒	20180409
BitDefender	未发现病毒	20180410
NANO-Antivirus	未发现病毒	20180409
SUPERAntiSpyware	未发现病毒	20180409
Rising	未发现病毒	20180409
Ad-Aware	未发现病毒	20180410
Trustlook	未发现病毒	20180410
Emsisoft	未发现病毒	20180409
Comodo	未发现病毒	20180409
F-Secure	未发现病毒	20180409
DrWeb	未发现病毒	20180409
VIPRE	未发现病毒	20180410
TrendMicro	未发现病毒	20180410
McAfee-GW-Edition	未发现病毒	20180409
Sophos	未发现病毒	20180409
Cyren	未发现病毒	20180409
Jiangmin	未发现病毒	20180409
Webroot	未发现病毒	20180410
Avira	未发现病毒	20180409
Antiy-AVL	未发现病毒	20180410
Kingsoft	未发现病毒	20180410
Microsoft	未发现病毒	20180409
Arcabit	未发现病毒	20180410
ViRobot	未发现病毒	20180410
ZoneAlarm	未发现病毒	20180410
Avast-Mobile	未发现病毒	20180409
GData	未发现病毒	20180409
AhnLab-V3	未发现病毒	20180409
ALYac	未发现病毒	20180410
AVware	未发现病毒	20180410
MAX	未发现病毒	20180410
VBA32	未发现病毒	20180409
WhiteArmor	PUP.HighConfidence	20180408
Zoner	未发现病毒	20180410
Tencent	未发现病毒	20180410
Yandex	未发现病毒	20180408
Ikarus	未发现病毒	20180409
Fortinet	未发现病毒	20180409
AVG	未发现病毒	20180410
Panda	未发现病毒	20180409
Qihoo-360	未发现病毒	20180410

进程树

rundll32.exe id: 2308

cmd.exe, PID: 416, 上一级进程 PID: 2044

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

rundll32.exe, PID: 2308, 上一级进程 PID: 416

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	104.18.24.243	美国
否	117.18.232.200	亚洲太平洋地区
否	122.224.45.50	中国
否	210.65.144.178	中国台湾
否	65.55.186.115	美国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.204	49163	104.18.24.243 ocsp.msocsp.com	80
192.168.122.204	49165	117.18.232.200 mscrl.microsoft.com	80
192.168.122.204	49161	122.224.45.50 www.microsoft.com	80
192.168.122.204	49167	122.224.45.50 www.microsoft.com	80
192.168.122.204	49173	210.65.144.178 cdn.epg.tvdownload.microsoft.com	80
192.168.122.204	49162	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49166	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49168	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49169	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49170	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49171	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49172	65.55.186.115 data.tvdownload.microsoft.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.204	50721	192.168.122.1	53
192.168.122.204	52375	192.168.122.1	53
192.168.122.204	53539	192.168.122.1	53
192.168.122.204	57269	192.168.122.1	53
192.168.122.204	63709	192.168.122.1	53
192.168.122.204	64291	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.microsoft.com	CNAME e13678.ca.s.tl88.net A 122.224.45.50 CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net CNAME www.microsoft.com-c-3.edgekey.net
data.tvdownload.microsoft.com	A 65.55.186.115 CNAME data.tvdownload.windowsmedia.com.akadns.net
ocsp.msocsp.com	A 104.18.25.243 CNAME hostedocsp.globalsign.com CNAME ocsp.globalsign.cloud A 104.18.24.243
mscrl.microsoft.com	CNAME certrevoc.vo.msecnd.net CNAME cs9.wpc.v0cdn.net A 117.18.232.200
cdn.epg.tvdownload.microsoft.com	A 210.65.144.178 CNAME cdn.epg.tvdownload.windowsmedia.com.akadns.net CNAME a1683.d.akamai.net A 210.65.144.145 CNAME cdn.epg.tvdownload.microsoft.com.edgesuite.net

TCP

源地址	源端口	目标地址	目标端口
192.168.122.204	49163	104.18.24.243 ocsp.msocsp.com	80
192.168.122.204	49165	117.18.232.200 mscrl.microsoft.com	80
192.168.122.204	49161	122.224.45.50 www.microsoft.com	80
192.168.122.204	49167	122.224.45.50 www.microsoft.com	80
192.168.122.204	49173	210.65.144.178 cdn.epg.tvdownload.microsoft.com	80
192.168.122.204	49162	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49166	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49168	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49169	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49170	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49171	65.55.186.115 data.tvdownload.microsoft.com	443
192.168.122.204	49172	65.55.186.115 data.tvdownload.microsoft.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.204	50721	192.168.122.1	53
192.168.122.204	52375	192.168.122.1	53
192.168.122.204	53539	192.168.122.1	53
192.168.122.204	57269	192.168.122.1	53
192.168.122.204	63709	192.168.122.1	53
192.168.122.204	64291	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.microsoft.com/	GET / HTTP/1.1 Host: www.microsoft.com Connection: Close
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D	GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: max-age = 10800 Connection: Keep-Alive Accept: / If-Modified-Since: Wed, 06 Dec 2017 07:11:24 GMT If-None-Match: "a602f001a25d1ece86269d16668acccb0791bbc6" User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D	GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBQphfxhPb4vsBIPXkIOTJ7D1Z79fAQUCP4ln3TqhwTCvLuOqDhfM8bRbGUCEy0AAO%2FxE5PyQlBerOAAAAAA7%2FE%3D HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.msocsp.com
URL专业沙箱检测 -> http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl	GET /pki/mscorp/crl/Microsoft%20IT%20TLS%20CA%205.crl HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: mscrl.microsoft.com
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc	HEAD /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com
URL专业沙箱检测 -> http://cdn.epg.tvdownload.microsoft.com/broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc	GET /broadbanddata/Prod/1/805332787786/cn/ALL/131/null-cn_null_131_BBPkg.enc HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Thu, 09 Jul 2015 23:37:37 GMT User-Agent: Microsoft BITS/7.5 Host: cdn.epg.tvdownload.microsoft.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Protocol	SID	Signature	Category
2018-04-10 13:46:36.108546+0800	122.224.45.50	80	192.168.122.204	49161	TCP	2012692	ET POLICY Microsoft user-agent automated process response to automated request	A Network Trojan was detected
2018-04-10 13:46:41.756861+0800	122.224.45.50	80	192.168.122.204	49167	TCP	2012692	ET POLICY Microsoft user-agent automated process response to automated request	A Network Trojan was detected

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2018-04-10 13:46:37.571469+0800	192.168.122.204	49162	65.55.186.115	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2018-04-10 13:46:42.531290+0800	192.168.122.204	49168	65.55.186.115	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2018-04-10 13:46:47.490613+0800	192.168.122.204	49172	65.55.186.115	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5
2018-04-10 13:46:45.000774+0800	192.168.122.204	49170	65.55.186.115	443	TLSv1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=data.tvdownload.microsoft.com	a1:ca:16:54:fb:ba:28:d9:f4:a0:c3:b7:5b:b4:f5:2b:63:27:87:e5

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 18.462 seconds )

7.763 Suricata
6.154 NetworkAnalysis
1.441 AnalysisInfo
1.259 VirusTotal
0.981 TargetInfo
0.764 Debug
0.085 BehaviorAnalysis
0.01 Strings
0.005 Memory

Signatures ( 1.637 seconds )

1.457 md_url_bl
0.063 md_bad_drop
0.022 antiav_detectreg
0.014 md_domain_bl
0.011 disables_browser_warn
0.009 infostealer_ftp
0.005 persistence_autorun
0.005 antiav_detectfile
0.005 infostealer_im
0.004 antianalysis_detectreg
0.004 geodo_banking_trojan
0.004 ransomware_files
0.003 infostealer_bitcoin
0.003 infostealer_mail
0.003 ransomware_extensions
0.002 rat_nanocore
0.002 tinba_behavior
0.002 stealth_timeout
0.002 antivm_vbox_files
0.002 network_http
0.002 network_torgateway
0.001 api_spamming
0.001 betabot_behavior
0.001 kibex_behavior
0.001 antivm_generic_scsi
0.001 decoy_document
0.001 cerber_behavior
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 modify_proxy
0.001 browser_security

Reporting ( 0.0 seconds )


Task ID	147421
Mongo ID	5acc504fa093ef2d6cbdc891
Cuckoo release	1.4-Maldun