比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp01-1 2018-05-22 10:45:28 2018-05-22 10:47:46 138 秒

魔盾分数

10.0

Symmi病毒

文件详细信息

文件名 PYG.dll
文件大小 714752 字节
文件类型 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5 87c91860b9e2bd8af1fdfaf288dfe444
SHA1 74307fb041997f473ccdae1d93535ae8673feac0
SHA256 ffa1f3a446154cab38db4885ea151a3562c506f33de371aa98229b9f30b3219f
SHA512 d0589a9731e93f7151dab5504b0e63fab3c065e081ea7a1de4c1574215c38f25bd4434db1519ca18fc9a11e20123b8e430f405dc58a613a8807b773648c2968c
CRC32 A826E4EC
Ssdeep 12288:cNUlQfHx1l7ZHkG1LwZhP43I6twe/j1jKp3KlLDLkcLsb3h/bJtgp1f9:cRHx9HvqZhw3I6i2pmczkcAzhcp1f9
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.215.239.90 未知 中国
122.227.164.214 未知 中国
140.205.60.79 未知 中国
180.153.105.153 未知 中国
180.153.105.162 未知 中国
183.3.226.92 未知 中国
222.186.49.224 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
bbs.chinapyg.com 未知 A 114.215.239.90
www.chinapyg.com 未知
tcss.qq.com 未知 CNAME x2.tcdn.qq.com
A 180.153.105.173
CNAME tcss.tcdn.qq.com
CNAME x2.tc.qq.com
A 180.153.105.161
CNAME tcss.tc.qq.com
A 180.153.105.159
A 180.153.105.162
A 180.153.105.153
A 180.153.105.147
A 180.153.105.155
A 180.153.105.156
A 180.153.105.172
s22.cnzz.com A 58.218.215.188
A 122.228.95.178
A 222.186.49.224
CNAME c.cnzz.com
A 117.71.17.64
A 122.227.164.214
CNAME all.cnzz.com.danuoyi.tbcache.com
discuz.gtimg.cn CNAME discuzstatic.tc.qq.com
CNAME discuzstatic.tcdn.qq.com
pingtcss.qq.com A 183.3.226.92
hzs1.cnzz.com A 140.205.60.79
CNAME z.cnzz.com
A 140.205.158.4
A 140.205.136.1
CNAME z1.cnzz.com
A 140.205.218.72
A 140.205.61.85
CNAME z.gds.cnzz.com
A 140.205.218.67
c.cnzz.com

摘要

登录查看详细行为信息

PE 信息

初始地址 0x10000000
入口地址 0x100cdb30
声明校验值 0x000b41f6
实际校验值 0x000aed6f
最低操作系统版本要求 5.0
PDB路径 d:\NsStudio\Tools\Baymax\PatchUi\res\x86\PYG.pdb
编译时间 2018-05-15 19:08:02
载入哈希 f0359419a68cba1662b3ce634b62f66e
导出DLL库名称 PYG.dll

版本信息

LegalCopyright
InternalName
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00001000 0x00050533 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 0.00
.rdata 0x00052000 0x00015b53 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.00
.data 0x00068000 0x00004dbc 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.Baymax0 0x0006d000 0x0005ee19 0x00000000 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.tls 0x000cc000 0x00000018 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 0.00
.Baymax1 0x000cd000 0x000a9820 0x000a9a00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.94
.reloc 0x00177000 0x000000ec 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 2.47
.rsrc 0x00178000 0x00004514 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4.01
.BaymaxN 0x0017d000 0x00004000 0x00004000 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 0.60

资源

名称 偏移量 大小 语言 子语言 熵(Entropy) 文件类型
BAYMAX 0x00178590 0x00003f42 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 data
RT_DIALOG 0x0017c4d4 0x00000040 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0.00 empty
RT_VERSION 0x00178140 0x000002f4 LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 3.62 data
RT_MANIFEST 0x00178434 0x0000015a LANG_ENGLISH SUBLANG_ENGLISH_US 4.80 ASCII text, with CRLF line terminators

导入

库: KERNEL32.dll:
0x10170000 TlsFree
库: USER32.dll:
0x10170008 GetWindow
库: SHELL32.dll:
0x10170010 ShellExecuteW
库: ole32.dll:
0x10170018 CoUninitialize
库: SHLWAPI.dll:
0x10170020 PathFileExistsW
库: GDI32.dll:
0x10170028 GetClipBox
库: KERNEL32.dll:
0x10170030 GetModuleFileNameW
库: KERNEL32.dll:
0x10170038 GetModuleHandleA
0x1017003c LoadLibraryA
0x10170040 LocalAlloc
0x10170044 LocalFree
0x10170048 GetModuleFileNameA
0x1017004c ExitProcess

导出

序列 地址 名称
1 0x10021e00
.text
`.rdata
@.data
.reloc
@.rsrc
@.BaymaxN
GetModuleFileNameA
user32.dll
USER32.dll
KERNEL32.dll
ole32.dll
ShellExecuteW
SHELL32.dll
^"G#-
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav HW32.Packed.808D 20180521
MicroWorld-eScan Gen:Variant.Symmi.85535 20180522
nProtect 未发现病毒 20180522
CMC 未发现病毒 20180521
CAT-QuickHeal 未发现病毒 20180521
McAfee GenericRXFJ-GO!87C91860B9E2 20180522
Cylance Unsafe 20180522
Zillya 未发现病毒 20180521
AegisLab Gen.Variant.Symmi!c 20180522
CrowdStrike malicious_confidence_90% (D) 20180418
K7GW 未发现病毒 20180521
K7AntiVirus 未发现病毒 20180521
TrendMicro 未发现病毒 20180522
Baidu 未发现病毒 20180521
NANO-Antivirus 未发现病毒 20180522
F-Prot 未发现病毒 20180522
Symantec Trojan.Gen.2 20180522
TotalDefense 未发现病毒 20180520
TrendMicro-HouseCall TROJ_GEN.R005H06EL18 20180521
Avast Win32:Malware-gen 20180521
ClamAV 未发现病毒 20180521
Kaspersky 未发现病毒 20180522
BitDefender Gen:Variant.Symmi.85535 20180522
Babable 未发现病毒 20180406
ViRobot 未发现病毒 20180521
Rising 未发现病毒 20180522
Ad-Aware Gen:Variant.Symmi.85535 20180522
Emsisoft Gen:Variant.Symmi.85535 (B) 20180522
Comodo 未发现病毒 20180521
F-Secure Gen:Variant.Symmi.85535 20180521
DrWeb 未发现病毒 20180522
VIPRE 未发现病毒 20180522
Invincea heuristic 20180503
McAfee-GW-Edition BehavesLike.Win32.Ramnit.jc 20180521
TheHacker 未发现病毒 20180516
Ikarus 未发现病毒 20180521
Cyren W32/Trojan.KHQU-1973 20180522
Jiangmin 未发现病毒 20180522
Webroot W32.Trojan.Gen 20180522
Avira 未发现病毒 20180521
Fortinet W32/GenericRXFJ.GO!tr 20180522
Antiy-AVL 未发现病毒 20180522
Kingsoft 未发现病毒 20180522
Endgame malicious (high confidence) 20180507
Arcabit Trojan.Symmi.D14E1F 20180521
SUPERAntiSpyware 未发现病毒 20180522
ZoneAlarm 未发现病毒 20180522
Avast-Mobile 未发现病毒 20180520
Microsoft 未发现病毒 20180522
Sophos 未发现病毒 20180522
AhnLab-V3 Malware/Win32.Generic.C1696325 20180521
ALYac Gen:Variant.Symmi.85535 20180522
AVware 未发现病毒 20180522
MAX malware (ai score=81) 20180522
VBA32 未发现病毒 20180521
Malwarebytes 未发现病毒 20180521
Panda Trj/GdSda.A 20180521
Zoner 未发现病毒 20180521
ESET-NOD32 未发现病毒 20180522
Tencent Win32.Trojan.Gen.Ecuj 20180522
Yandex 未发现病毒 20180518
SentinelOne static engine - malicious 20180225
eGambit Unsafe.AI_Score_64% 20180522
GData Gen:Variant.Symmi.85535 20180522
AVG Win32:Malware-gen 20180521
Paloalto 未发现病毒 20180522
Qihoo-360 未发现病毒 20180522

进程树

rundll32.exe, PID: 1760, 上一级进程 PID: 1872
iexplore.exe, PID: 264, 上一级进程 PID: 1760
iexplore.exe, PID: 2064, 上一级进程 PID: 264
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
114.215.239.90 未知 中国
122.227.164.214 未知 中国
140.205.60.79 未知 中国
180.153.105.153 未知 中国
180.153.105.162 未知 中国
183.3.226.92 未知 中国
222.186.49.224 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49164 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49194 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49195 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49196 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49184 122.227.164.214 s22.cnzz.com 80
192.168.122.201 49193 140.205.60.79 hzs1.cnzz.com 80
192.168.122.201 49187 180.153.105.153 tcss.qq.com 80
192.168.122.201 49183 180.153.105.162 tcss.qq.com 80
192.168.122.201 49189 180.153.105.162 tcss.qq.com 80
192.168.122.201 49191 180.153.105.162 tcss.qq.com 80
192.168.122.201 49190 183.3.226.92 pingtcss.qq.com 80
192.168.122.201 49192 222.186.49.224 s22.cnzz.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 51722 192.168.122.1 53
192.168.122.201 52966 192.168.122.1 53
192.168.122.201 53222 192.168.122.1 53
192.168.122.201 58559 192.168.122.1 53
192.168.122.201 60990 192.168.122.1 53
192.168.122.201 63650 192.168.122.1 53
192.168.122.201 63715 192.168.122.1 53
192.168.122.201 64841 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
bbs.chinapyg.com 未知 A 114.215.239.90
www.chinapyg.com 未知
tcss.qq.com 未知 CNAME x2.tcdn.qq.com
A 180.153.105.173
CNAME tcss.tcdn.qq.com
CNAME x2.tc.qq.com
A 180.153.105.161
CNAME tcss.tc.qq.com
A 180.153.105.159
A 180.153.105.162
A 180.153.105.153
A 180.153.105.147
A 180.153.105.155
A 180.153.105.156
A 180.153.105.172
s22.cnzz.com A 58.218.215.188
A 122.228.95.178
A 222.186.49.224
CNAME c.cnzz.com
A 117.71.17.64
A 122.227.164.214
CNAME all.cnzz.com.danuoyi.tbcache.com
discuz.gtimg.cn CNAME discuzstatic.tc.qq.com
CNAME discuzstatic.tcdn.qq.com
pingtcss.qq.com A 183.3.226.92
hzs1.cnzz.com A 140.205.60.79
CNAME z.cnzz.com
A 140.205.158.4
A 140.205.136.1
CNAME z1.cnzz.com
A 140.205.218.72
A 140.205.61.85
CNAME z.gds.cnzz.com
A 140.205.218.67
c.cnzz.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49163 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49164 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49194 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49195 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49196 114.215.239.90 bbs.chinapyg.com 80
192.168.122.201 49184 122.227.164.214 s22.cnzz.com 80
192.168.122.201 49193 140.205.60.79 hzs1.cnzz.com 80
192.168.122.201 49187 180.153.105.153 tcss.qq.com 80
192.168.122.201 49183 180.153.105.162 tcss.qq.com 80
192.168.122.201 49189 180.153.105.162 tcss.qq.com 80
192.168.122.201 49191 180.153.105.162 tcss.qq.com 80
192.168.122.201 49190 183.3.226.92 pingtcss.qq.com 80
192.168.122.201 49192 222.186.49.224 s22.cnzz.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 51722 192.168.122.1 53
192.168.122.201 52966 192.168.122.1 53
192.168.122.201 53222 192.168.122.1 53
192.168.122.201 58559 192.168.122.1 53
192.168.122.201 60990 192.168.122.1 53
192.168.122.201 63650 192.168.122.1 53
192.168.122.201 63715 192.168.122.1 53
192.168.122.201 64841 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://bbs.chinapyg.com/forum.php 
GET /forum.php HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: bbs.chinapyg.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.chinapyg.com/forum.php 
GET /forum.php HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.chinapyg.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.chinapyg.com/data/cache/forum.js?nVJ 
GET /data/cache/forum.js?nVJ HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: www.chinapyg.com
Connection: Keep-Alive
Cookie: u509_2132_saltkey=MT6IhUT9; u509_2132_lastvisit=1526953545; u509_2132_sid=gr7YE8; u509_2132_lastact=1526957145%09forum.php%09
URL专业沙箱检测 -> http://tcss.qq.com/ping.js?v=1nVJ 
GET /ping.js?v=1nVJ HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: tcss.qq.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://s22.cnzz.com/stat.php?id=1885420&web_id=1885420 
GET /stat.php?id=1885420&web_id=1885420 HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: s22.cnzz.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 
GET /cloud/scripts/discuz_tips.js?v=1 HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: discuz.gtimg.cn
Connection: Keep-Alive
URL专业沙箱检测 -> http://tcss.qq.com/icon/toss_13.gif 
GET /icon/toss_13.gif HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: tcss.qq.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://pingtcss.qq.com/pingd?dm=www.chinapyg.com&url=/forum.php&arg=-&rdm=-&rurl=-&adt=-&rarg=-&pvi=9041126194&si=s1033310229&ui=0&ty=1&rt=forum&md=index&pn=1&qq=000&r2=8887868&scr=800x600&scl=24-bit&lg=zh-cn&jv=1&pf=Win32&tz=-8&fl=12.0&ct=lan&ext=bc=0;adid=&r3=6540536 
GET /pingd?dm=www.chinapyg.com&url=/forum.php&arg=-&rdm=-&rurl=-&adt=-&rarg=-&pvi=9041126194&si=s1033310229&ui=0&ty=1&rt=forum&md=index&pn=1&qq=000&r2=8887868&scr=800x600&scl=24-bit&lg=zh-cn&jv=1&pf=Win32&tz=-8&fl=12.0&ct=lan&ext=bc=0;adid=&r3=6540536 HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: pingtcss.qq.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://tcss.qq.com/heatmap/68/ODg4Nzg2OA==.js?rand=686294336 
GET /heatmap/68/ODg4Nzg2OA==.js?rand=686294336 HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: tcss.qq.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=1885420&t=z 
GET /core.php?web_id=1885420&t=z HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: c.cnzz.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://hzs1.cnzz.com/stat.htm?id=1885420&r=&lg=zh-cn&ntime=none&cnzz_eid=801626758-1526956903-&showp=800x600&t=%E9%A3%98%E4%BA%91%E9%98%81%E5%AE%89%E5%85%A8%E8%AE%BA%E5%9D%9B-PYG%7C%E8%BD%AF%E4%BB%B6%E5%AE%89%E5%85%A8%7C%E7%A0%B4%E8%A7%A3%E8%BD%AF%E4%BB%B6%7C%E5%86%85%E8%B4%AD%E7%A0%B4%E8%A7%A3%7C%E7%A7%BB%E5%8A%A8%E5%AE%89%E5%85%A8%7Cchinapyg...&umuuid=1611d8121cc324-053ed0a4826e804-26596859-75300-1611d8121db5b0&h=1&rnd=728763403 
GET /stat.htm?id=1885420&r=&lg=zh-cn&ntime=none&cnzz_eid=801626758-1526956903-&showp=800x600&t=%E9%A3%98%E4%BA%91%E9%98%81%E5%AE%89%E5%85%A8%E8%AE%BA%E5%9D%9B-PYG%7C%E8%BD%AF%E4%BB%B6%E5%AE%89%E5%85%A8%7C%E7%A0%B4%E8%A7%A3%E8%BD%AF%E4%BB%B6%7C%E5%86%85%E8%B4%AD%E7%A0%B4%E8%A7%A3%7C%E7%A7%BB%E5%8A%A8%E5%AE%89%E5%85%A8%7Cchinapyg...&umuuid=1611d8121cc324-053ed0a4826e804-26596859-75300-1611d8121db5b0&h=1&rnd=728763403 HTTP/1.1
Accept: */*
Referer: http://www.chinapyg.com/forum.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: hzs1.cnzz.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://www.chinapyg.com/favicon.ico 
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.chinapyg.com
Connection: Keep-Alive
Cookie: u509_2132_saltkey=MT6IhUT9; u509_2132_lastvisit=1526953545; u509_2132_sid=gr7YE8; u509_2132_lastact=1526957145%09forum.php%09; CNZZDATA1885420=cnzz_eid%3D801626758-1526956903-%26ntime%3D1526956903; pgv_pvi=9041126194; pgv_info=ssi=s1033310229; UM_distinctid=1611d8121cc324-053ed0a4826e804-26596859-75300-1611d8121db5b0
URL专业沙箱检测 -> http://www.chinapyg.com/static/image/common/logo.png 
GET /static/image/common/logo.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.chinapyg.com
Connection: Keep-Alive
Cookie: u509_2132_saltkey=MT6IhUT9; u509_2132_lastvisit=1526953545; u509_2132_sid=gr7YE8; u509_2132_lastact=1526957145%09forum.php%09; CNZZDATA1885420=cnzz_eid%3D801626758-1526956903-%26ntime%3D1526956903; pgv_pvi=9041126194; pgv_info=ssi=s1033310229; UM_distinctid=1611d8121cc324-053ed0a4826e804-26596859-75300-1611d8121db5b0
URL专业沙箱检测 -> http://www.chinapyg.com/data/attachment/common/cf/100739hz2z00o7g8g4gvg2.png 
GET /data/attachment/common/cf/100739hz2z00o7g8g4gvg2.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.chinapyg.com
Connection: Keep-Alive
Cookie: u509_2132_saltkey=MT6IhUT9; u509_2132_lastvisit=1526953545; u509_2132_sid=gr7YE8; u509_2132_lastact=1526957145%09forum.php%09; CNZZDATA1885420=cnzz_eid%3D801626758-1526956903-%26ntime%3D1526956903; pgv_pvi=9041126194; pgv_info=ssi=s1033310229; UM_distinctid=1611d8121cc324-053ed0a4826e804-26596859-75300-1611d8121db5b0
URL专业沙箱检测 -> http://www.chinapyg.com/source/plugin/wechat/image/wechat_login.png 
GET /source/plugin/wechat/image/wechat_login.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.chinapyg.com
Connection: Keep-Alive
Cookie: u509_2132_saltkey=MT6IhUT9; u509_2132_lastvisit=1526953545; u509_2132_sid=gr7YE8; u509_2132_lastact=1526957145%09forum.php%09; CNZZDATA1885420=cnzz_eid%3D801626758-1526956903-%26ntime%3D1526956903; pgv_pvi=9041126194; pgv_info=ssi=s1033310229; UM_distinctid=1611d8121cc324-053ed0a4826e804-26596859-75300-1611d8121db5b0
URL专业沙箱检测 -> http://www.chinapyg.com/static/image/common/security.png 
GET /static/image/common/security.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.chinapyg.com
Connection: Keep-Alive
Cookie: u509_2132_saltkey=MT6IhUT9; u509_2132_lastvisit=1526953545; u509_2132_sid=gr7YE8; u509_2132_lastact=1526957145%09forum.php%09; CNZZDATA1885420=cnzz_eid%3D801626758-1526956903-%26ntime%3D1526956903; pgv_pvi=9041126194; pgv_info=ssi=s1033310229; UM_distinctid=1611d8121cc324-053ed0a4826e804-26596859-75300-1611d8121db5b0

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 stat[1].htm
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\stat[1].htm
文件大小 2 字节
文件类型 ASCII text, with no line terminators
MD5 444bcb3a3fcf8389296c49467f27e1d6
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
CRC32 79DCDD47
Ssdeep 3:V:V
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
ok
文件名 {500EE284-FF1E-11E7-912B-5254001C66F4}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{500EE284-FF1E-11E7-912B-5254001C66F4}.dat
文件大小 5632 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 803329c824f73b97b8e9bf1c24bd7f5b
SHA1 20924accd7029f9355051f90ba247ec16f78ee81
SHA256 dc156365dee745b08e78f9b19dd8157c02ccdddba56e0c09c5706a3d1b4d8df2
CRC32 375826C2
Ssdeep 24:rI1kGp8cWbwI09V12TJN8//Nl9oYzFrJKlcArPtq/bmwHiPZypNl9oYY0hs7:rSkG4wI07QTm1oYJlK6nJnoYY0y7
下载提交魔盾安全分析
文件名 test@www.chinapyg[2].txt
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@www.chinapyg[2].txt
文件大小 188 字节
文件类型 ASCII text
MD5 dc6d3039e1d378477eaa3777c54deee0
SHA1 3b74ca67722297976a9e7d3b6fe92b8db2832d07
SHA256 67a5c5bb751be8cc945e97f950657219709b86e4440184fd10c116aa7391eea5
CRC32 ECB49313
Ssdeep 3:F26EWX+oA3xIIEWTKvcX0FShe9S0W5wGWXVeQhWQRQvSSqTKvUVXJR2YShe9S0WA:TEWuoABIIXTlXQWuGW4QhWQ2vYTtVXfV
下载提交魔盾安全分析显示文本 
u509_2132_saltkey
MT6IhUT9
www.chinapyg.com/
9216
4090057344
30673161
1517662304
30643026
*
u509_2132_lastvisit
1526953545
www.chinapyg.com/
1024
4090057344
30673161
1517662304
30643026
*
文件名 toss_13[1].gif
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\toss_13[1].gif
文件大小 1207 字节
文件类型 GIF image data, version 89a, 69 x 20
MD5 31c7e16967183b716e1da3782964f205
SHA1 f832987872bdf65bcaf730ab04258b6ce43497d1
SHA256 21fdb028d84fe5cf53710480c01d5506aea9df827e85f95fd792e9d2b276aeda
CRC32 9B4FA7BB
Ssdeep 24:h0fvoBADHh/mwWj7dDOTlsOx2H8kvN6YjQsvd9DgQp586:hIAGDdmtlD803lx8s35
下载提交魔盾安全分析
文件名 test@www.chinapyg[1].txt
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@www.chinapyg[1].txt
文件大小 273 字节
文件类型 ASCII text
MD5 64043fb5b41057133d8377325cfa88f4
SHA1 ec7d5f7501a77390788279d1399b3666b94e189a
SHA256 3524dea38ba82c23edb7813cbe1b2f15ef3b61091d6f8c6205d079cbba8ba0bf
CRC32 97D6B99B
Ssdeep 6:TEWuoABIIXTlXQWuGW4QhWQ2vYTtVXf2qWuGW+nKSqTtVXdlEXnLQe5:TEWuESRXQWRW4JxYZ9fLWRW+KXZ9c3V
下载提交魔盾安全分析显示文本 
u509_2132_saltkey
MT6IhUT9
www.chinapyg.com/
9216
4090057344
30673161
1517662304
30643026
*
u509_2132_lastvisit
1526953545
www.chinapyg.com/
1024
4090057344
30673161
1517662304
30643026
*
u509_2132_sid
gr7YE8
www.chinapyg.com/
1024
634294912
30667328
1517812304
30643026
*
文件名 favicon[1].ico
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\favicon[1].ico
文件大小 26694 字节
文件类型 MS Windows icon resource - 8 icons, 48x48
MD5 6a3bfe5b5b78d8f33e4b9391d5dda303
SHA1 1c3b24f6139067b65c240db43e7384b02a6115db
SHA256 94aa451f779bfbafa7c9e2006fcf46647b09f7b006fded94b9d260e4bad28775
CRC32 5FF4A38D
Ssdeep 384:nN2jJU+qWWR50QYB1Mc8P5LHJTOexAsXk6S:nkjJUX5LYHx45LHdddXw
下载提交魔盾安全分析
文件名 stat[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\stat[1].php
文件大小 10983 字节
文件类型 ASCII text, with very long lines
MD5 c87893f014622528facf2c67cff71af4
SHA1 15ae8601ae009f5e8cdb3416d72be30ddd77d406
SHA256 22d63ac0d114e25f4e529fabedf01b32033bff83b80bddfe63c7499c268fa957
CRC32 96AFA729
Ssdeep 192:YfjklCOuxxxgsoyHijK/Va2mdhwOepS2g9RA25ywADwDPL+khu76BA3W:YfjklCOuxrho6LVaiOf9KeVLd86BA3W
下载提交魔盾安全分析显示文本 
(function(){function k(){this.c="1885420";this.ca="z";this.Z="";this.W="";this.Y="";this.C="1526956903";this.aa="hzs1.cnzz.com";this.X="";this.G="CNZZDATA"+this.c;this.F="_CNZZDbridge_"+this.c;this.P="_cnzz_CV"+this.c;this.R="CZ_UUID"+this.c;this.L="UM_distinctid";this.H="0";this.K={};this.a={};this.Aa()}function g(a,
b){try{var c=[];c.push("siteid=1885420");c.push("name="+f(a.name));c.push("msg="+f(a.message));c.push("r="+f(h.referrer));c.push("page="+f(e.location.href));c.push("agent="+f(e.navigator.userAgent));c.push("ex="+f(b));c.push("rnd="+Math.floor(2147483648*Math.random()));(new Image).src="http://jserr.cnzz.com/log.php?"+c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,m=decodeURIComponent,r=unescape;k.prototype={Aa:function(){try{this.ja(),this.V(),this.wa(),this.T(),this.za(),
this.w(),this.ua(),this.ta(),this.xa(),this.o(),this.sa(),this.va(),this.ya(),this.qa(),this.oa(),this.ra(),this.Ea(),e[this.F]=e[this.F]||{},this.pa("_cnzz_CV")}catch(a){g(a,"i failed")}},Ca:function(){try{var a=this;e._czc={push:function(){return a.M.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},oa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b++){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?
c[1]:String(c[1]);break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},Ea:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[object Array]"==={}.toString.call(e._czc))for(var a=e._czc,b=0,c=a.length;b<c;b++)this.M(a[b]);this.Ca()}}catch(d){g(d,"pP failed")}},M:function(a){try{if("[object Array]"==={}.toString.call(a))switch(a[0]){case "_trackPageview":if(a[1]){this.a.f="http://"+
e.location.host;"/"!==a[1].charAt(0)&&(this.a.f+="/");this.a.f+=a[1];if(""===a[2])this.a.g="";else if(a[2]){var b=a[2];"http"!==b.substr(0,4)&&(b="http://"+e.location.host,"/"!==a[2].charAt(0)&&(b+="/"),b+=a[2]);this.a.g=b}this.s() <truncated>
文件名 ping[1].js
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\ping[1].js
文件大小 8909 字节
文件类型 C source, ASCII text, with very long lines, with CRLF line terminators
MD5 e2b3471d4fd7be3ab2f3c03e103c1694
SHA1 6b5b6e9e5669593d9f08c994d6ac8196fb257233
SHA256 9761465ce143c901aa1fe76aa5c1a16bdb23b381c92fe9deb32bfc7f91238a19
CRC32 7DBC8907
Ssdeep 192:ZdpIm1UKli7QdEn4YNBas0wr2MfXZFFp89PCJaE2/KkcqsqAjOSgr7yWvj:ZdpImOKli7Qkba4r2MBN/P2/KkcwaO8O
Yara
  • Rule to detect the presence of an or several urls
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
  • Look for Base64 table
下载提交魔盾安全分析显示文本 
(function(){function m(a){this.url=[];this.init(a)}var g,k,e,d,s,t,p,u,v,n,w=0,q=0,r=0;m.prototype={init:function(a){a?d=a:d={};g=document;if(!d.statIframe&&window!=top)try{g=top.document}catch(b){}k=g.location;e=g.body},run:function(){"-"==l.get("pgv_pvi=",!0)&&(w=1);l.init();this.url.push(this.getDomainInfo());this.url.unshift("http://pingtcss.qq.com/pingd?");this.url.push(this.getRefInfo(d));try{navigator.cookieEnabled?this.url.push("&pvi="+l.setCookie("pgv_pvi",!0)):this.url.push("&pvi=NoCookie")}catch(a){this.url.push("&pvi=NoCookie")}this.url.push("&si="+
l.setCookie("ssi"));this.url.push(this.getInterfaceInfo());this.url.push(this.getMainEnvInfo());this.url.push(this.getExtendEnvInfo());d.extraParams?this.url.push("&ext="+d.extraParams+";bc="+q+x.getFinalStr()):this.url.push("&ext=bc="+q+x.getFinalStr());l.save();"undefined"==typeof _speedMark?this.url.push("&r3=0"):this.url.push("&r3="+(new Date-_speedMark));this.sendInfo(this.url.join(""));this.loadHotClick(this)},loadHotClick:function(a){var b="http://tcss.qq.com/heatmap/"+r%100+"/"+A.base64encode(r)+
".js?rand="+Math.round(2147483647*Math.abs(Math.random()-1))*(new Date).getUTCMilliseconds()%1E10;y.getScript({url:b,callback:function(){if("undefined"!=typeof _Cnf&&_Cnf.isValid&&"undefined"!=typeof _Cnf.url){var b=[];-1!=_Cnf.url.indexOf("|")?b=_Cnf.url.split("|"):b.push(_Cnf.url);a.inArray(b,t)&&y.getScript({url:"http://tcss.qq.com/ping_hotclick.js",callback:function(){(new hotclick(a)).watchClick()}})}}})},inArray:function(a,b){for(i=0;i<a.length&&a[i]!=b;i++);return i!=a.length},getInterfaceInfo:function(){var a=
"";d.discuzParams&&(a=d.discuzParams.ui?a+("&ui="+d.discuzParams.ui):a+"&ui=0",a=d.discuzParams.ty?a+("&ty="+d.discuzParams.ty):a+("&ty="+w),d.discuzParams.fi&&(a+="&fi="+d.discuzParams.fi),d.discuzParams.gi&&(a+="&gi="+d.discuzParams.gi),d.discuzParams.ti&&(a+="&ti="+d.discuzParams.ti),d.discuzParams.pi&&(a+="&pi="+d.discuzParams.pi),d.discuzParams.rt&&(a+="&rt="+d.discuzParams.rt),d.discuzParams.md&&(a+="&md="+d.discuzParams.md),d.discuz <truncated>
文件名 core[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\core[1].php
文件大小 762 字节
文件类型 HTML document, ASCII text, with very long lines, with no line terminators
MD5 8d54a2831d29df37964dfbfe965fefea
SHA1 cfe494e429035ef211d7e267ca7060d9a63378ce
SHA256 a4917345271c7b1922cfd4423cfb5c09531a09a6fa452c9ca4b64a723e4af8f1
CRC32 4C3F2CBB
Ssdeep 12:cRqm7HYAaTjj2hgWcnQOJRG7+La5+yIx7Gu2LB2o1wNJ/lgzVjuXiVcELnPXerTW:cRqjAYjj/WOqjlCp2LBZ18pyBVNjPcTW
下载提交魔盾安全分析显示文本 
!function(){var p,q,r,a=encodeURIComponent,b="1885420",c="",d="",e="online_v3.php",f="hzs1.cnzz.com",g="1",h="text",i="z",j="&#31449;&#38271;&#32479;&#35745;",k=window["_CNZZDbridge_"+b]["bobject"],l="http:",m="1",n=l+"//online.cnzz.com/online/"+e,o=[];o.push("id="+b),o.push("h="+f),o.push("on="+a(d)),o.push("s="+a(c)),n+="?"+o.join("&"),"0"===m&&k["callRequest"]([l+"//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["createScriptIcon"](n,"utf-8"):(q="z"==i?"http://www.cnzz.com/stat/website.php?web_id="+b:"http://quanjing.cnzz.com","pic"===h?(r=l+"//icon.cnzz.com/img/"+c+".gif",p="<a href='"+q+"' target=_blank title='"+j+"'><img border=0 hspace=0 vspace=0 src='"+r+"'></a>"):p="<a href='"+q+"' target=_blank title='"+j+"'>"+j+"</a>",k["createIcon"]([p])))}();
文件名 RecoveryStore.{500EE283-FF1E-11E7-912B-5254001C66F4}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{500EE283-FF1E-11E7-912B-5254001C66F4}.dat
文件大小 3584 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 358adb9eb37f932b1c56e5b52666c289
SHA1 e706ba76e2e8c2bd01b243d6806ac448231d1eec
SHA256 bd25f250abcdfc053618cdcf741cb71f3e481259597bed3951a20dac0b6d64a4
CRC32 EE7A47D1
Ssdeep 12:rl0YmGF2grEg5+IaCrI017+FtcDrEgmf+IaCy8qgQNlTqoeah1:rIg5/aoGv/TQNlWoeaL
下载提交魔盾安全分析
文件名 MSIMGSIZ.DAT
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小 16384 字节
文件类型 data
MD5 5e62fad7ea875f5269ae2fd5dd7334df
SHA1 f12e59c8e835930fb1bfe63320bc8b3473036902
SHA256 648e50d0b8d0d9e0e14ef1b860d86157ebd198e8cd23e4c5b064ebc0147dffbc
CRC32 10CEFF01
Ssdeep 48:jGQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:CBXHbbSrka5PIL8mJdcPzz76
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小 262144 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 fbe6ba880d1f6cadfd771536120f2c73
SHA1 34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256 a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
CRC32 E94B92FD
Ssdeep 768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
下载提交魔盾安全分析
文件名 discuz_tips[1].js
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\discuz_tips[1].js
文件大小 6173 字节
文件类型 ASCII text, with very long lines
MD5 046074ce46da501494e9e59591246043
SHA1 11bad0861643fdb2d4cb8979857d64ada4d45bc2
SHA256 d0fa1f0580412542e5273dfa432ac0a1fd47efca41c55b564da88b4889044b94
CRC32 6F07AD93
Ssdeep 192:JI2UdRzuf4xSMmER4a7TCmPln4+zow5dgceokjg:O2euESMZ1umdnTokdcoeg
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('b 1u;1U=E 2h();1U.2r=h(26){1K{b 1R=26.13(".");b Z="";b 1o="";1H(b i=0;i<1R.1a;i++){c(Z.1a>0)Z+=".";Z+=1R[i];1o+=" c (j("+Z+") ==\'k\') "+Z+" = E 2h(); "};c(1o!="")1A(1o)}1D(e){3c(e.3f)}};1U.2r(\'f\');f.1t=(h(){b 3e=0,K,1h,C,1c=a;h 2t(t){q=o.2P(\'q\'),1I=M;q.3b=t;q.1e=\'38-8\';q.37=P;q.1J=q.2s=h(){c(!1I&&(!a.1O||a.1O==="3a"||a.1O==="39")){1I=P;q.1J=q.2s=1G;c(q&&q.2v){q.2v.3g(q)}}};c(!K){K=o.2K(\'K\')[0]};K.2L(q)};h H(t,s,B){c(t.1M(\'?\')>-1){1h=\'&\'}R{1h=\'?\'};s=s||{};1H(C 3n s){c(s.3m(C)){1h+=2u(C)+"="+2u(s[C])+"&"}};b H=\'3p\';1c[H]=h(d){B(d);1K{3o 1c[H]}1D(e){} 1c[H]=1G};2t(t+1h+"B="+H);r H};r{19:H}}());f.V=h(x,p,1e,2j){b 1p=0,i=0,1s=M;c(j p===\'k\'||p===1G){p=2};x=x.3l();c(2j!==M){x=x.w(/&/g,\'&3i;\')};x=x.w(/</g,\'&3h;\').w(/>/g,\'&3k;\');b 1g={\'3j\':0,\'2i\':1,\'36\':2,\'2V\':2,\'2X\':3,\'2U\':4};c(p===0){1s=P};c(j p!==\'33\'){p=[].35(p);1H(i=0;i<p.1a;i++){c(1g[p[i]]===0){1s=P}R c(1g[p[i]]){1p=1p|1g[p[i]]}};p=1p};c(p&1g.2i){x=x.w(/\'/g,\'&#31;\')};c(!1s){x=x.w(/"/g,\'&2Y;\')};r x};f.1y=h(1j,2l,S){c(j(S)==\'k\'){S=2W;}R{S=S*1E};b 1k=E 1d();1k.3Y(1k.1r()+S);o.J=1j+\'=\'+42(2l)+\'; 1k=\'+1k.3M()};f.1v=h(1j){b 14=o.J.1M(1j);b 1N=o.J.1M(\';\',14);r 14==-1?\'\':3S(o.J.3R(14+1j.1a+1,(1N>14?1N:o.J.1a)))};f.$=h(18){r o.3P(18)};f.v=h(I,12,16,1L,Y,1i,G,T,z,n,17,1n,11,1q){a.I=I;a.G=G;a.12=12;a.16=16;a.1L=1L;a.Y=Y;a.1i=1i;a.2m=o.2q.2m;a.2n=o.2q.2n;a.1l=f.$(\'41\');1f=E 1d();a.t=\'22://1X.1Z.20.25/m/19?21=\'+1f.3W()+1f.3X();a.Q=\'\';a.A=\'\';a.O=\'\';a.X=\'\';a.T=T;c(j(o.2f)==\'k\'){a.29=o.1e}R{a.29=o.2f};c(L==\'2\'){a.17=17;a.1n=1n;a.11=11;a.1q=1q};a.z=z;a.n=n};f.v.D.2R=h(){c(L==\'2\'&&a.11==0){r M};c(L==\'2\'&&a.17==0){27=E 1d();28=f.1v(\'2p\');c(27.1r()<28){r M}};c(a.2T()){r M};b B=h(d){2k=E 1d <truncated>
文件名 ODg4Nzg2OA==[1].js
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ODg4Nzg2OA==[1].js
文件大小 41 字节
文件类型 ASCII text
MD5 9ecde87ade22c066a69bd6e1b01d9cc0
SHA1 db3ad4343aa919bf2c2df4e8825d8ad7b223aeef
SHA256 1333c8692bedafd682e76293add3b0698c423109718c146d682725c7e141b26c
CRC32 4F76FA3A
Ssdeep 3:qJYkvssBJczMAvD:qJD0s/cwKD
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
var _Cnf = {
	url: '',
	isValid: true
};
文件名 test@www.chinapyg[1].txt
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@www.chinapyg[1].txt
文件大小 92 字节
文件类型 ASCII text
MD5 b92b7e9c716c9e923cae9f6f3a14928e
SHA1 f9e923928ac3b35def9656e76cd006e7e7ea6de8
SHA256 00ac7f0148015164854ab45dacc4c5496a2922b2451f91a8c1980ba65449864e
CRC32 0BFA1F41
Ssdeep 3:F26EWX+oA3xIIEWTKvcX0FShe9S0W5w5:TEWuoABIIXTlXQWu5
下载提交魔盾安全分析显示文本 
u509_2132_saltkey
MT6IhUT9
www.chinapyg.com/
9216
4090057344
30673161
1517662304
30643026
*
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018012220180123\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 b0e1685f76a0882541a5f89afce881d8
SHA1 2fcc3484b73382c4bbdec3ae9b329154da2a5732
SHA256 f41d7757894c547b643e6dac444836d91a33ad605efdd5c66371e08c47f47f42
CRC32 4BA1D019
Ssdeep 6:qjyxXKbjqvK3KOfdG7xFCMKj4tT5lT3KO5xFCMKITO:qjRbjP3KwdG7Dge3T3KSDgI
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1 a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256 bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32 36F430F7
Ssdeep 384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
下载提交魔盾安全分析
文件名 forum[1].js
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\forum[1].js
文件大小 19423 字节
文件类型 ISO-8859 text, with very long lines, with no line terminators
MD5 12320ad245ec445c23dbeba9b12faba2
SHA1 6dd425c18166d0b1944ba8a66229e3dfa06b2991
SHA256 ec4f0f27388833951d4d16704581757289419f8939f4035058d8282023d82c45
CRC32 46770856
Ssdeep 384:YBF8Doh+orxKsB2rLbgwN3xAxsrRoEIxLHXc033J9y65Pajdw4pqb/7jnou6Emcn:g8DQ++wPbgwN3xAxsGLx3cany8PajdCJ
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 48.036 seconds )

  • 21.011 NetworkAnalysis
  • 11.044 VirusTotal
  • 8.236 Suricata
  • 2.687 Dropped
  • 2.417 BehaviorAnalysis
  • 1.279 TargetInfo
  • 0.829 Static
  • 0.331 peid
  • 0.186 AnalysisInfo
  • 0.011 Strings
  • 0.002 Debug
  • 0.002 Memory
  • 0.001 config_decoder

Signatures ( 2.877 seconds )

  • 1.538 md_url_bl
  • 0.207 antiav_detectreg
  • 0.117 stealth_timeout
  • 0.094 api_spamming
  • 0.078 decoy_document
  • 0.076 infostealer_ftp
  • 0.054 antivm_generic_scsi
  • 0.044 infostealer_im
  • 0.043 antianalysis_detectreg
  • 0.033 antivm_generic_disk
  • 0.032 mimics_filetime
  • 0.032 stealth_file
  • 0.029 md_domain_bl
  • 0.026 antivm_generic_services
  • 0.025 infostealer_mail
  • 0.023 bootkit
  • 0.023 reads_self
  • 0.023 virus
  • 0.022 antiav_detectfile
  • 0.019 md_bad_drop
  • 0.015 infostealer_bitcoin
  • 0.012 antiemu_wine_func
  • 0.011 betabot_behavior
  • 0.011 kibex_behavior
  • 0.011 geodo_banking_trojan
  • 0.01 hancitor_behavior
  • 0.01 dridex_behavior
  • 0.01 kovter_behavior
  • 0.01 antivm_xen_keys
  • 0.01 darkcomet_regkeys
  • 0.009 infostealer_browser_password
  • 0.009 antidbg_windows
  • 0.009 antivm_parallels_keys
  • 0.009 antivm_vbox_files
  • 0.008 vawtrak_behavior
  • 0.007 persistence_autorun
  • 0.007 antivm_generic_diskreg
  • 0.006 stealth_network
  • 0.006 antivm_vbox_libs
  • 0.006 recon_fingerprint
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.004 antiav_avast_libs
  • 0.004 injection_createremotethread
  • 0.004 ransomware_message
  • 0.004 shifu_behavior
  • 0.004 antisandbox_productid
  • 0.003 andromeda_behavior
  • 0.003 hawkeye_behavior
  • 0.003 rat_luminosity
  • 0.003 clickfraud_cookies
  • 0.003 antisandbox_sunbelt_libs
  • 0.003 heapspray_js
  • 0.003 exec_crash
  • 0.003 injection_runpe
  • 0.003 antidbg_devices
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 bypass_firewall
  • 0.003 disables_browser_warn
  • 0.003 network_http
  • 0.003 packer_armadillo_regkey
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 tinba_behavior
  • 0.002 virtualcheck_js
  • 0.002 sets_autoconfig_url
  • 0.002 Locky_behavior
  • 0.002 kazybot_behavior
  • 0.002 antisandbox_sboxie_libs
  • 0.002 dead_connect
  • 0.002 ipc_namedpipe
  • 0.002 antiav_bitdefender_libs
  • 0.002 cerber_behavior
  • 0.002 cryptowall_behavior
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_cpu
  • 0.002 antivm_generic_system
  • 0.002 browser_security
  • 0.002 network_torgateway
  • 0.002 rat_pcclient
  • 0.002 recon_programs
  • 0.001 network_anomaly
  • 0.001 antivm_vmware_libs
  • 0.001 antivm_vbox_window
  • 0.001 injection_explorer
  • 0.001 modifies_desktop_wallpaper
  • 0.001 dyre_behavior
  • 0.001 encrypted_ioc
  • 0.001 antivm_vmware_events
  • 0.001 ispy_behavior
  • 0.001 h1n1_behavior
  • 0.001 antisandbox_script_timer
  • 0.001 silverlight_js
  • 0.001 securityxploded_modules
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_vmware_files
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 modify_proxy
  • 0.001 codelux_behavior
  • 0.001 disables_system_restore
  • 0.001 modify_uac_prompt
  • 0.001 network_cnc_http
  • 0.001 sniffer_winpcap
  • 0.001 targeted_flame

Reporting ( 0.627 seconds )

  • 0.559 ReportHTMLSummary
  • 0.068 Malheur
Task ID 162430
Mongo ID 5b03850ebb7d5744ffff4255
Cuckoo release 1.4-Maldun