分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp01-3 2018-05-21 11:41:18 2018-05-21 11:43:37 139 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://love.cuiyusi.com
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
117.18.237.29 亚洲太平洋地区
120.52.19.100 未知 中国
23.43.75.27 未知 荷兰
42.81.4.97 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
love.cuiyusi.com 未知 A 120.52.19.100
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29
crl3.digicert.com
ocsp2.digicert.com CNAME e8218.dscb1.akamaiedge.net
CNAME ocsp-ds.ws.symantec.com.edgekey.net
A 23.43.75.27
cdn.static.runoob.com 未知 CNAME cdn.static.runoob.com.w.kunlunno.com
A 42.81.4.97

摘要

登录查看详细行为信息

WHOIS 信息

Name: Ding Fu Yang
Country: cn
State: YN
City: Da Li
ZIP Code: 425600
Address: Yun Nan Sheng Da Li Bai Zu Zi

Orginization: Yang Ding Fu
Domain Name(s):
    CUIYUSI.COM
    cuiyusi.com
Creation Date:
    2017-11-09 12:52:47
    2017-11-09 12:52:46
Updated Date:
    2018-01-02 14:07:45
    2017-11-09 12:52:46
Expiration Date:
    2018-11-09 12:52:47
    2018-11-09 12:52:46
Email(s):
    westabuse@gmail.com
    45302461@qq.com
    westdomain@gmail.com

Registrar(s):
    Chengdu west dimension digital technology Co., LTD
Name Server(s):
    NS1.360WZB.COM
    NS2.360WZB.COM
    ns1.360wzb.com
    ns2.360wzb.com
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树

iexplore.exe, PID: 1944, 上一级进程 PID: 1980
iexplore.exe, PID: 2280, 上一级进程 PID: 1944
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
117.18.237.29 亚洲太平洋地区
120.52.19.100 未知 中国
23.43.75.27 未知 荷兰
42.81.4.97 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.203 49184 104.84.150.156 80
192.168.122.203 49162 117.18.237.29 ocsp.digicert.com 80
192.168.122.203 49160 120.52.19.100 love.cuiyusi.com 80
192.168.122.203 49161 120.52.19.100 love.cuiyusi.com 443
192.168.122.203 49165 120.52.19.100 love.cuiyusi.com 443
192.168.122.203 49174 120.52.19.100 love.cuiyusi.com 443
192.168.122.203 49181 120.52.19.100 love.cuiyusi.com 443
192.168.122.203 49166 23.43.75.27 ocsp2.digicert.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.203 51929 192.168.122.1 53
192.168.122.203 54547 192.168.122.1 53
192.168.122.203 54554 192.168.122.1 53
192.168.122.203 58800 192.168.122.1 53
192.168.122.203 59476 192.168.122.1 53
192.168.122.203 59541 192.168.122.1 53
192.168.122.203 63585 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
love.cuiyusi.com 未知 A 120.52.19.100
ocsp.digicert.com CNAME cs9.wac.phicdn.net
A 117.18.237.29
crl3.digicert.com
ocsp2.digicert.com CNAME e8218.dscb1.akamaiedge.net
CNAME ocsp-ds.ws.symantec.com.edgekey.net
A 23.43.75.27
cdn.static.runoob.com 未知 CNAME cdn.static.runoob.com.w.kunlunno.com
A 42.81.4.97

TCP

源地址 源端口 目标地址 目标端口
192.168.122.203 49184 104.84.150.156 80
192.168.122.203 49162 117.18.237.29 ocsp.digicert.com 80
192.168.122.203 49160 120.52.19.100 love.cuiyusi.com 80
192.168.122.203 49161 120.52.19.100 love.cuiyusi.com 443
192.168.122.203 49165 120.52.19.100 love.cuiyusi.com 443
192.168.122.203 49174 120.52.19.100 love.cuiyusi.com 443
192.168.122.203 49181 120.52.19.100 love.cuiyusi.com 443
192.168.122.203 49166 23.43.75.27 ocsp2.digicert.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.203 51929 192.168.122.1 53
192.168.122.203 54547 192.168.122.1 53
192.168.122.203 54554 192.168.122.1 53
192.168.122.203 58800 192.168.122.1 53
192.168.122.203 59476 192.168.122.1 53
192.168.122.203 59541 192.168.122.1 53
192.168.122.203 63585 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://love.cuiyusi.com/ 
GET / HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&ved=0CCEQfjQnZSRkpNZ3dZSGJCeE90&url=http%3A%2F%2Flove.cuiyusi.com&ei=UFdPUE9zbldtck9K&usg=AFQjZnhha2ZhVkJnZHJF
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: love.cuiyusi.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAWAJn8G8pVTNI4cGFpe7i4%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAWAJn8G8pVTNI4cGFpe7i4%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
URL专业沙箱检测 -> http://ocsp2.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEAbQ4rziEIrGrFfUvc3V9vg%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJrF0xYA49jC3D83fgDGesaUkzIQQUf9OZ86BHDjEAVlYijrfMnt3KAYoCEAbQ4rziEIrGrFfUvc3V9vg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.digicert.com
URL专业沙箱检测 -> http://crl.microsoft.com/pki/crl/products/tspca.crl 
GET /pki/crl/products/tspca.crl HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 24 May 2014 05:04:54 GMT
If-None-Match: "8ab194b3d77cf1:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.microsoft.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2018-05-21 11:41:35.699575+0800 192.168.122.203 49161 120.52.19.100 443 TLS 1.2 C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA CN=love.cuiyusi.com 93:09:15:e4:b5:bb:39:f8:53:52:12:46:42:d7:87:7d:5d:14:76:ed

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 {D234D8E4-5CA8-11E8-AF8E-525400B07C72}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D234D8E4-5CA8-11E8-AF8E-525400B07C72}.dat
文件大小 4608 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 51076f76693d76995389620e06293a62
SHA1 6dfd9ec79490a87fefee11671a5133f07aee0ab0
SHA256 fc6a59cf6d2b63ffac6affec7cbeef23840d2d11f85e35c6df200d7a7c4299ad
CRC32 6C5B891D
Ssdeep 24:rqVOy9NlNo4oWkB3+9gxWkeHls2CJTNl08oODvpWkB3+9gxf:rQ7bo4oWkBO9g4keHlsXroUxWkBO9gh
下载提交魔盾安全分析
文件名 832C35EF43D189FA1C867E37EA4A793C
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\832C35EF43D189FA1C867E37EA4A793C
文件大小 471 字节
文件类型 data
MD5 33035d2665cbce72d384bd2fa0e21c82
SHA1 8e1fc9072a24b31f78ba5ebb7d1b4dcbe8b6295b
SHA256 472a4d28a1e8b8f35af32eb9647a59c8201dfeb91c990ca60f6ebcb2bb99eea7
CRC32 644C5879
Ssdeep 12:JrY5WG05kGgLWGwQRdESEO3+3P7AOOXWYp4s8yb0:JrYYG0uGFGjdESEOuDAOOXWYp9b0
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1 a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256 bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32 36F430F7
Ssdeep 384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
下载提交魔盾安全分析
文件名 RecoveryStore.{D234D8E3-5CA8-11E8-AF8E-525400B07C72}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D234D8E3-5CA8-11E8-AF8E-525400B07C72}.dat
文件大小 3584 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 1f7ea4c353a295179ec1af17cd96bfb6
SHA1 66bae9245e82942393d74f88d44f35111e6d0190
SHA256 8b9c76096f30d6015402ea2d27af3582724e4199bf60bb8b6f6e33592d4236c8
CRC32 0975E66B
Ssdeep 12:rl0YmGF2OrEg5+IaCrI017+FeEDrEgmf+IaCy8qgQNlTqo:rIO5/iGv/TQNlWo
下载提交魔盾安全分析
文件名 photoswipe.min[1].js
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\photoswipe.min[1].js
文件大小 31726 字节
文件类型 ASCII text, with very long lines
MD5 f5cd6479c4e4682545a9603e6b50c741
SHA1 e3267f5ae23f00c1ae052d019f12787296e34afc
SHA256 5299510acf6fe0a5d526f558fa9f914a8e50e2294051787b9298f220fe687727
CRC32 23800AAF
Ssdeep 768:KCfLRayhv9kIT5nDRi1+eqjRtTinLo3KG6ewgPkdHHt:KCMyRT5nDQIeqWnLo3B6DgPMt
Yara
  • Rule to detect the presence of an or several urls
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
/*! PhotoSwipe - v4.1.1 - 2015-12-24
* http://photoswipe.com
* Copyright (c) 2015 Dmitry Semenov; */
!function(a,b){"function"==typeof define&&define.amd?define(b):"object"==typeof exports?module.exports=b():a.PhotoSwipe=b()}(this,function(){"use strict";var a=function(a,b,c,d){var e={features:null,bind:function(a,b,c,d){var e=(d?"remove":"add")+"EventListener";b=b.split(" ");for(var f=0;f<b.length;f++)b[f]&&a[e](b[f],c,!1)},isArray:function(a){return a instanceof Array},createEl:function(a,b){var c=document.createElement(b||"div");return a&&(c.className=a),c},getScrollY:function(){var a=window.pageYOffset;return void 0!==a?a:document.documentElement.scrollTop},unbind:function(a,b,c){e.bind(a,b,c,!0)},removeClass:function(a,b){var c=new RegExp("(\\s|^)"+b+"(\\s|$)");a.className=a.className.replace(c," ").replace(/^\s\s*/,"").replace(/\s\s*$/,"")},addClass:function(a,b){e.hasClass(a,b)||(a.className+=(a.className?" ":"")+b)},hasClass:function(a,b){return a.className&&new RegExp("(^|\\s)"+b+"(\\s|$)").test(a.className)},getChildByClass:function(a,b){for(var c=a.firstChild;c;){if(e.hasClass(c,b))return c;c=c.nextSibling}},arraySearch:function(a,b,c){for(var d=a.length;d--;)if(a[d][c]===b)return d;return-1},extend:function(a,b,c){for(var d in b)if(b.hasOwnProperty(d)){if(c&&a.hasOwnProperty(d))continue;a[d]=b[d]}},easing:{sine:{out:function(a){return Math.sin(a*(Math.PI/2))},inOut:function(a){return-(Math.cos(Math.PI*a)-1)/2}},cubic:{out:function(a){return--a*a*a+1}}},detectFeatures:function(){if(e.features)return e.features;var a=e.createEl(),b=a.style,c="",d={};if(d.oldIE=document.all&&!document.addEventListener,d.touch="ontouchstart"in window,window.requestAnimationFrame&&(d.raf=window.requestAnimationFrame,d.caf=window.cancelAnimationFrame),d.pointerEvent=navigator.pointerEnabled||navigator.msPointerEnabled,!d.pointerEvent){var f=navigator.userAgent;if(/iP(hone|od)/.test(navigator.platform)){var g=navigator.appVersion.match(/OS (\d+)_(\d+)_?(\d+)?/);g&&g.length>0&&(g=parseInt(g[1],10),g>=1&&8>g&&(d.isOldIOSPhone= <truncated>
文件名 832C35EF43D189FA1C867E37EA4A793C
相关文件
C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\832C35EF43D189FA1C867E37EA4A793C
文件大小 428 字节
文件类型 data
MD5 f649d2d4cea98a9ecf654ef6a97cbfc3
SHA1 a6a2608e06aeab5e4d817ea9d9816e483c29200b
SHA256 70c4f3bccf0d2c7f6f977cdf504ccd1cb384fb04362ca2ad0fa4d10db467690a
CRC32 F0BF8B02
Ssdeep 6:kKB/G2kPlBcPXlRNQAUMivhClroFwgLR3wUslealW+KElllRKwoMokqI:U2ksQxMiv8sFwgpsleJAKwoMo8
下载提交魔盾安全分析
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 32.698 seconds )

  • 20.876 NetworkAnalysis
  • 7.525 Suricata
  • 1.202 VirusTotal
  • 1.188 Static
  • 1.128 BehaviorAnalysis
  • 0.613 Dropped
  • 0.162 AnalysisInfo
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 2.127 seconds )

  • 1.308 md_url_bl
  • 0.148 antiav_detectreg
  • 0.074 stealth_timeout
  • 0.061 api_spamming
  • 0.054 infostealer_ftp
  • 0.032 antivm_generic_scsi
  • 0.032 antianalysis_detectreg
  • 0.031 infostealer_im
  • 0.025 stealth_file
  • 0.021 md_domain_bl
  • 0.017 infostealer_mail
  • 0.016 antivm_generic_services
  • 0.012 antiav_detectfile
  • 0.011 antivm_generic_disk
  • 0.01 betabot_behavior
  • 0.01 kibex_behavior
  • 0.01 md_bad_drop
  • 0.009 mimics_filetime
  • 0.009 vawtrak_behavior
  • 0.009 geodo_banking_trojan
  • 0.008 antivm_xen_keys
  • 0.008 infostealer_bitcoin
  • 0.007 antiemu_wine_func
  • 0.007 bootkit
  • 0.007 dridex_behavior
  • 0.007 persistence_autorun
  • 0.007 virus
  • 0.007 antivm_parallels_keys
  • 0.007 darkcomet_regkeys
  • 0.006 stealth_network
  • 0.006 kovter_behavior
  • 0.006 antivm_vbox_files
  • 0.005 andromeda_behavior
  • 0.005 heapspray_js
  • 0.005 shifu_behavior
  • 0.005 infostealer_browser_password
  • 0.005 antidbg_windows
  • 0.005 antivm_generic_diskreg
  • 0.004 hancitor_behavior
  • 0.004 antivm_vbox_libs
  • 0.004 ransomware_extensions
  • 0.004 ransomware_files
  • 0.004 recon_fingerprint
  • 0.003 hawkeye_behavior
  • 0.003 clickfraud_cookies
  • 0.003 virtualcheck_js
  • 0.003 ransomware_message
  • 0.003 Locky_behavior
  • 0.003 antisandbox_productid
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 disables_browser_warn
  • 0.002 tinba_behavior
  • 0.002 network_tor
  • 0.002 rat_nanocore
  • 0.002 antiav_avast_libs
  • 0.002 injection_createremotethread
  • 0.002 antisandbox_sunbelt_libs
  • 0.002 kazybot_behavior
  • 0.002 dead_connect
  • 0.002 exec_crash
  • 0.002 antivm_vmware_events
  • 0.002 cerber_behavior
  • 0.002 cryptowall_behavior
  • 0.002 antidbg_devices
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 bypass_firewall
  • 0.002 network_torgateway
  • 0.002 packer_armadillo_regkey
  • 0.001 upatre_behavior
  • 0.001 rat_luminosity
  • 0.001 stack_pivot
  • 0.001 network_anomaly
  • 0.001 antivm_vmware_libs
  • 0.001 antivm_vbox_window
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 dyre_behavior
  • 0.001 java_js
  • 0.001 ispy_behavior
  • 0.001 injection_runpe
  • 0.001 silverlight_js
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 antivm_vmware_files
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 codelux_behavior
  • 0.001 ie_martian_children
  • 0.001 modify_uac_prompt
  • 0.001 rat_pcclient
  • 0.001 recon_programs

Reporting ( 0.393 seconds )

  • 0.393 ReportHTMLSummary
Task ID 162205
Mongo ID 5b024091bb7d5735a7f7c21f
Cuckoo release 1.4-Maldun