恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp01-1	2018-05-21 17:39:39	2018-05-21 17:41:59	140 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://yapkwww.cdn.anzhi.com/data1/apk/201805/10/b56b424f013d8279e53c7bfc49623e21_04681700.apk

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	183.136.200.35	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
yapkwww.cdn.anzhi.com	未知	A 183.136.200.35 CNAME yapkwww.cdn.anzhi.com.a.bdydns.com CNAME yapkwww.cdn.anzhi.com.spdydns.com CNAME opencdncloud.jomodns.com

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: han yuan
Country: CN
State: bei jing
City: bei jing
ZIP Code: 100000
Address: shang di shi jie

Orginization: bei jing li tian wu xian wang luo ji shu you xian gong si
Domain Name(s):
    ANZHI.COM
    anzhi.com
Creation Date:
    2003-07-11 08:10:36
Updated Date:
    2017-06-16 08:19:03
Expiration Date:
    2020-07-11 08:10:36
Email(s):
    abuse@ename.com
    hanhan111@gmail.com

Registrar(s):
    eName Technology Co.,Ltd.
Name Server(s):
    NS1.DNSV5.COM
    NS2.DNSV5.COM
    ns1.dnsv5.com
    ns2.dnsv5.com
Referral URL(s):
    None

防病毒引擎/厂商	网站安全分析

进程树

iexplore.exe id: 1552
- iexplore.exe id: 2280

iexplore.exe, PID: 1552, 上一级进程 PID: 1872

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2280, 上一级进程 PID: 1552

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	183.136.200.35	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	183.136.200.35 yapkwww.cdn.anzhi.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
yapkwww.cdn.anzhi.com	未知	A 183.136.200.35 CNAME yapkwww.cdn.anzhi.com.a.bdydns.com CNAME yapkwww.cdn.anzhi.com.spdydns.com CNAME opencdncloud.jomodns.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	183.136.200.35 yapkwww.cdn.anzhi.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://yapkwww.cdn.anzhi.com/data1/apk/201805/10/b56b424f013d8279e53c7bfc49623e21_04681700.apk	GET /data1/apk/201805/10/b56b424f013d8279e53c7bfc49623e21_04681700.apk HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=16&ved=0CCEQfjU0tvUlBUUXJkekJ2a09JaWdXQWlBY0tO&url=http%3A%2F%2Fyapkwww.cdn.anzhi.com%2Fdata1%2Fapk%2F201805%2F10%2Fb56b424f013d8279e53c7bfc49623e21_04681700.apk&ei=UmlsZ29jVFpFemVw&usg=AFQjd3pIT1loRnBuZWVh Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: yapkwww.cdn.anzhi.com Connection: Keep-Alive

URI

HTTP数据

URL专业沙箱检测 -> http://yapkwww.cdn.anzhi.com/data1/apk/201805/10/b56b424f013d8279e53c7bfc49623e21_04681700.apk

GET /data1/apk/201805/10/b56b424f013d8279e53c7bfc49623e21_04681700.apk HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=16&ved=0CCEQfjU0tvUlBUUXJkekJ2a09JaWdXQWlBY0tO&url=http%3A%2F%2Fyapkwww.cdn.anzhi.com%2Fdata1%2Fapk%2F201805%2F10%2Fb56b424f013d8279e53c7bfc49623e21_04681700.apk&ei=UmlsZ29jVFpFemVw&usg=AFQjd3pIT1loRnBuZWVh
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: yapkwww.cdn.anzhi.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	frameiconcache.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
文件大小	9148 字节
文件类型	data
MD5	e68c4bec159f7493a13d86b7d9074df5
SHA1	725c8ce3ba9bebc2a0844d61750794ba04c92746
SHA256	aff960513d890aaca6cfc7cf215538b734388dbdebdc8deb7743297d03311f62
CRC32	E0D01FBC
Ssdeep	12:vc6l1QF6vEMXAt+prwMk6IJFJy8JTX8JHK8JKcFn8J8YHK8Z6A1JoRyUZdpwpGeq:RqcEMXIgrARicaAVrrU
魔盾安全分析结果	2.0 分析时间：2016-11-17 08:00:32 查看分析报告
	下载提交魔盾安全分析

文件名	RecoveryStore.{E10744C3-5CDA-11E8-912A-5254001C66F4}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E10744C3-5CDA-11E8-912A-5254001C66F4}.dat
文件大小	5120 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	77150fff2ce8d085e862a96390f61e13
SHA1	fa332fe9e9816ab8a185a2b9a40cab467105f45e
SHA256	89db1d4a268605ed0f6f0fdbfd1f9201e10a5eb567c509ff136a8b2b6866bd38
CRC32	8E4895A5
Ssdeep	12:rl0oGF2zaTrEgmZ+IaCrI0CIc8GbiF2TrEg5+IaCrI0CI7uoeMiqI77vNlTqo7QD:rLzaTG5/k8yT5/OMkNlWo7QNlWo
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

文件名	{E10744C4-5CDA-11E8-912A-5254001C66F4}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E10744C4-5CDA-11E8-912A-5254001C66F4}.dat
文件大小	4096 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	1f1cc294e6f0504e927269e94b4e0fca
SHA1	f712c4855b0a4d833ddd6bbac4faa3e77d45b9e0
SHA256	15c76ef39437971f62f2931c5ba4e69dbc6c35530496ca5fc1bddbff39c5a1c4
CRC32	41BF5DA1
Ssdeep	12:rl0YmGFUhrEgm8GL7KFfNrEgm8Gz7qPNlCgrNl26ao:rChG8FG8JNlLrNlIo
	下载提交魔盾安全分析

文件名	JavaDeployReg.log
相关文件	C:\Users\test\AppData\Local\Temp\JavaDeployReg.log
文件大小	1068 字节
文件类型	ASCII text, with CRLF line terminators
MD5	848d5c71b2a1839c5427453449d5e70c
SHA1	242240421dacd08e98572c50dfe21689459f1a71
SHA256	e23449a59858eaf2f78a723f52cb90576c3bfb8f5ade662c24d066e151586711
CRC32	54DECBC5
Ssdeep	24:odn9LnnMm8uA8XlZQfU78Tc49PX/+1SfVG+V4:odn9LnnMruA8XlZQfU78Tc49PX/+AMB
	下载提交魔盾安全分析显示文本
[2017/06/01 16:29:23.649] Latest deploy version: [2017/06/01 16:29:23.649] 11.121.2 [2017/06/01 16:30:14.832] Latest deploy version: [2017/06/01 16:30:14.832] 11.121.2 [2017/06/01 16:40:25.052] Latest deploy version: [2017/06/01 16:40:25.052] 11.121.2 [2017/06/08 18:03:28.677] Latest deploy version: [2017/06/08 18:03:28.677] 11.121.2 [2017/06/08 18:15:11.176] Latest deploy version: [2017/06/08 18:15:11.176] 11.121.2 [2017/06/08 18:17:04.791] Latest deploy version: [2017/06/08 18:17:04.791] 11.121.2 [2017/09/01 16:11:55.188] Latest deploy version: [2017/09/01 16:11:55.188] 11.121.2 [2017/09/01 20:28:25.900] Latest deploy version: [2017/09/01 20:28:25.900] 11.121.2 [2017/09/01 22:02:42.198] Latest deploy version: [2017/09/01 22:02:42.198] 11.121.2 [2017/09/03 00:16:45.426] Latest deploy version: [2017/09/03 00:16:45.426] 11.121.2 [2017/09/03 11:22:53.307] Latest deploy version: [2017/09/03 11:22:53.307] 11.121.2 [2018/05/21 22:40:50.229] Latest deploy version: [2018/05/21 22:40:50.244] 11.121.2

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1	a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256	bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32	36F430F7
Ssdeep	384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 34.125 seconds )

21.072 NetworkAnalysis
7.432 Suricata
3.464 BehaviorAnalysis
1.122 VirusTotal
0.826 Static
0.182 AnalysisInfo
0.023 Dropped
0.002 Debug
0.002 Memory

Signatures ( 4.568 seconds )

1.254 md_url_bl
1.212 antiav_detectreg
0.377 infostealer_ftp
0.223 antianalysis_detectreg
0.212 infostealer_im
0.144 stealth_timeout
0.118 infostealer_mail
0.115 antivm_generic_scsi
0.106 api_spamming
0.083 antivm_generic_services
0.068 antivm_parallels_keys
0.068 antivm_xen_keys
0.056 darkcomet_regkeys
0.055 kibex_behavior
0.048 geodo_banking_trojan
0.046 antivm_generic_diskreg
0.039 betabot_behavior
0.024 antivm_vbox_keys
0.024 antivm_vmware_keys
0.023 antivm_vpc_keys
0.022 antivm_xen_keys
0.022 antivm_hyperv_keys
0.022 antivm_vbox_acpi
0.019 bypass_firewall
0.017 stealth_file
0.017 packer_armadillo_regkey
0.011 md_bad_drop
0.01 antiav_detectfile
0.009 md_domain_bl
0.008 antivm_generic_disk
0.007 mimics_filetime
0.006 persistence_autorun
0.005 antiemu_wine_func
0.005 bootkit
0.005 virus
0.005 infostealer_bitcoin
0.004 infostealer_browser_password
0.004 antidbg_windows
0.004 kovter_behavior
0.004 antiemu_wine_reg
0.004 antivm_vbox_files
0.004 ransomware_files
0.003 hancitor_behavior
0.003 antivm_vbox_libs
0.003 antisandbox_productid
0.003 disables_browser_warn
0.003 ransomware_extensions
0.003 recon_fingerprint
0.002 tinba_behavior
0.002 antiav_avast_libs
0.002 stack_pivot
0.002 dridex_behavior
0.002 injection_createremotethread
0.002 ransomware_message
0.002 vawtrak_behavior
0.002 injection_runpe
0.002 browser_security
0.002 network_torgateway
0.001 hawkeye_behavior
0.001 network_tor
0.001 rat_nanocore
0.001 webmail_phish
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 shifu_behavior
0.001 exec_crash
0.001 cerber_behavior
0.001 antidbg_devices
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 ie_martian_children
0.001 modify_uac_prompt
0.001 recon_programs

Reporting ( 0.377 seconds )

0.377 ReportHTMLSummary


Task ID	162295
Mongo ID	5b029495bb7d5735a8f7e876
Cuckoo release	1.4-Maldun