恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp03-1	2018-05-21 16:36:23	2018-05-21 16:38:48	145 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://www.hnkfjx.com/

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	117.23.56.212	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.hnkfjx.com	未知	A 117.23.56.212

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: Teng Zhi Neng
Country: CN
State: Guangxi
City: Qin Zhou
ZIP Code: 530000
Address: Qin Bei Qu Xin Tang Zhen Tan Zhong Cun Wei Na Da Cun 15Hao

Orginization: Teng Zhi Neng
Domain Name(s):
    HNKFJX.COM
    hnkfjx.com
Creation Date:
    2016-11-19 19:29:38
Updated Date:
    2017-11-20 08:39:52
    2018-04-20 07:50:10
Expiration Date:
    2018-11-19 19:29:38
Email(s):
    ken@oray.com
    1604005010@qq.com
    domain@idczh.com

Registrar(s):
    SHANGHAI BEST ORAY INFORMATION S&T CO., LTD.
Name Server(s):
    F1G1NS1.DNSPOD.NET
    F1G1NS2.DNSPOD.NET
    f1g1ns1.dnspod.net,f1g1ns2.dnspod.net
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

iexplore.exe id: 2120
- iexplore.exe id: 2384

iexplore.exe, PID: 2120, 上一级进程 PID: 1896

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2384, 上一级进程 PID: 2120

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	117.23.56.212	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	117.23.56.212 www.hnkfjx.com	80
192.168.122.201	49161	117.23.56.212 www.hnkfjx.com	80
192.168.122.201	49162	117.23.56.212 www.hnkfjx.com	80
192.168.122.201	49163	117.23.56.212 www.hnkfjx.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49651	192.168.122.1	53
192.168.122.201	52308	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.hnkfjx.com	未知	A 117.23.56.212

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	117.23.56.212 www.hnkfjx.com	80
192.168.122.201	49161	117.23.56.212 www.hnkfjx.com	80
192.168.122.201	49162	117.23.56.212 www.hnkfjx.com	80
192.168.122.201	49163	117.23.56.212 www.hnkfjx.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49651	192.168.122.1	53
192.168.122.201	52308	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://www.hnkfjx.com/	GET / HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=18&ved=0CCEQfjSk5oSWlUZFpKdURjRVVC&url=http%3A%2F%2Fwww.hnkfjx.com%2F&ei=blB2dllJcG5jTU5h&usg=AFQjSUJkRW1hQ2xObUR2 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.hnkfjx.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.hnkfjx.com/?vynufo=fkkft1	GET /?vynufo=fkkft1 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.hnkfjx.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.hnkfjx.com/?vynufo=fkkft1	GET /?vynufo=fkkft1 HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.hnkfjx.com Connection: Keep-Alive Cookie: PHPSESSID=uik2einh6su1t7hevherfsqdl1; sec_defend=5undefined70undefined1undefinedundefined9undefined9003733undefined72064549undefined5626undefined3040undefined2undefined5undefinedundefined0undefined829558110undefinedundefined0undefined4undefinedundefined2undefined25; sec_defend_time=1
URL专业沙箱检测 -> http://www.hnkfjx.com/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.hnkfjx.com Connection: Keep-Alive Cookie: PHPSESSID=uik2einh6su1t7hevherfsqdl1; sec_defend=5undefined70undefined1undefinedundefined9undefined9003733undefined72064549undefined5626undefined3040undefined2undefined5undefinedundefined0undefined829558110undefinedundefined0undefined4undefinedundefined2undefined25; sec_defend_time=1

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052120180522\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	6bd6d0668e432529de3baec1f338a611
SHA1	c9b758cdac5971429cb960d3373e8adbd2e060dc
SHA256	7dd55e3553450be73fc4b77634bb8369f613b283000ace9ff648ef83f0159851
CRC32	F4F76ACC
Ssdeep	6:qjyxXKi/R37ethFOllzGfUWlj48LNuO2ti3+anvFOllzGfUWln:qjRi3eTOMUifX3+udOMUi
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1	a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256	bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32	36F430F7
Ssdeep	384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
	下载提交魔盾安全分析

文件名	hnkfjx_com[1].htm
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\hnkfjx_com[1].htm
文件大小	15 字节
文件类型	UTF-8 Unicode text, with no line terminators
MD5	6aa156d6db0bf5f906a4aa62d054fb92
SHA1	471fe7a44c7d06019fcca088ba20b4d193042059
SHA256	80f846baccebefe14040368079f96fe8989e196d1d55c6e66b0c7020880fcf29
CRC32	BF610B55
Ssdeep	3:VHPFn:X
Yara	Rule to detect the no presence of any image Rule to detect the no presence of any attachment Rule to detect the no presence of any url
	下载提交魔盾安全分析显示文本
\xe6\xac\xa2\xe8\xbf\x8e\xe4\xbd\xbf\xe7\x94\xa8\xef\xbc\x81

文件名	RecoveryStore.{0B5DEAC3-5CD2-11E8-91CC-525400E1D82E}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0B5DEAC3-5CD2-11E8-91CC-525400E1D82E}.dat
文件大小	3584 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	9889afaaecd8739361909982f99a5dde
SHA1	0857937ec7ec354e5b862c848bf35c2c16109718
SHA256	713a761fcd181ed5955043203e01a5064e8a92452c64fa2b01b75d6cb95dec6f
CRC32	FEDA1BED
Ssdeep	12:rl0YmGF2BQrEg5+IaCrI017+F+DrEgmf+IaCy8qgQNlTqofRlmRleRl:rIBQ5/dGv/TQNlWoaa
	下载提交魔盾安全分析

文件名	{0B5DEAC4-5CD2-11E8-91CC-525400E1D82E}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B5DEAC4-5CD2-11E8-91CC-525400E1D82E}.dat
文件大小	4608 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	b190543fe5cef2a50554e37c161fcb83
SHA1	80ef711054942bd9b3b745e9a45bc0397d4de5a6
SHA256	882f603d2d8f75174b3fa3ba8f50f486ff814ae90e532f768d03460da5c41bd8
CRC32	0838EADC
Ssdeep	24:roJ6bAGcbmRNl1ogh0kIwbkVONl1oDh0kIwbkwj4:ri6bLcbIob7wbfom7wbE
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 42.342 seconds )

20.531 NetworkAnalysis
11.337 VirusTotal
7.405 Suricata
0.991 BehaviorAnalysis
0.919 Static
0.759 Dropped
0.301 AnalysisInfo
0.096 Debug
0.003 Memory

Signatures ( 2.291 seconds )

1.443 md_url_bl
0.247 md_bad_drop
0.129 antiav_detectreg
0.05 stealth_timeout
0.046 infostealer_ftp
0.037 api_spamming
0.028 antivm_generic_scsi
0.027 antianalysis_detectreg
0.026 infostealer_im
0.015 stealth_file
0.015 infostealer_mail
0.015 md_domain_bl
0.013 antivm_generic_services
0.009 antivm_generic_disk
0.008 mimics_filetime
0.008 antiav_detectfile
0.008 geodo_banking_trojan
0.007 betabot_behavior
0.007 kibex_behavior
0.007 vawtrak_behavior
0.006 persistence_autorun
0.006 virus
0.006 antivm_parallels_keys
0.006 antivm_xen_keys
0.006 darkcomet_regkeys
0.005 antiemu_wine_func
0.005 bootkit
0.005 infostealer_bitcoin
0.004 infostealer_browser_password
0.004 antidbg_windows
0.004 kovter_behavior
0.004 antivm_generic_diskreg
0.004 ransomware_files
0.004 recon_fingerprint
0.003 andromeda_behavior
0.003 hancitor_behavior
0.003 antivm_vbox_libs
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 rat_nanocore
0.002 antiav_avast_libs
0.002 dridex_behavior
0.002 injection_createremotethread
0.002 Locky_behavior
0.002 cryptowall_behavior
0.002 antisandbox_productid
0.002 antivm_xen_keys
0.002 antivm_hyperv_keys
0.002 antivm_vbox_acpi
0.002 antivm_vbox_keys
0.002 antivm_vmware_keys
0.002 antivm_vpc_keys
0.002 browser_security
0.002 bypass_firewall
0.002 network_torgateway
0.002 packer_armadillo_regkey
0.001 network_tor
0.001 rat_luminosity
0.001 stack_pivot
0.001 stealth_network
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 dyre_behavior
0.001 shifu_behavior
0.001 exec_crash
0.001 antivm_vmware_events
0.001 cerber_behavior
0.001 injection_runpe
0.001 antidbg_devices
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 ie_martian_children
0.001 modify_uac_prompt
0.001 recon_programs

Reporting ( 0.437 seconds )

0.437 ReportHTMLSummary


Task ID	162273
Mongo ID	5b0285cca093ef79931362bd
Cuckoo release	1.4-Maldun