分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
URL win7-sp1-x64-shaapp01-1 2018-05-21 17:45:08 2018-05-21 17:47:30 142 秒

魔盾分数

1.25

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://xuanpai.sinaapp.com/tiaosepan/tiaose.php
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
140.205.61.85 未知 中国
202.108.35.235 未知 中国
222.186.49.134 未知 中国
58.218.215.188 未知 中国

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
xuanpai.sinaapp.com 未知 CNAME t0.applinzi.com
A 202.108.35.235
A 202.108.35.250
s22.cnzz.com A 58.218.215.188
CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com
A 222.186.49.134
hzs1.cnzz.com A 140.205.60.79
CNAME z.cnzz.com
A 140.205.158.4
A 140.205.136.1
CNAME z1.cnzz.com
A 140.205.218.72
A 140.205.61.85
CNAME z.gds.cnzz.com
A 140.205.218.67
c.cnzz.com

摘要

登录查看详细行为信息

WHOIS 信息

Name: Gu Haiyan
Country: CN
State: beijingshi
City: haidianqu
ZIP Code: 100080
Address: 20F, Ideal Plaza, 58 North 4th Ring West Road, Haidian, Beijing

Orginization: SINA.COM TECHNOLOGY(CHINA)CO.,LTD
Domain Name(s):
    SINAAPP.COM
    sinaapp.com
Creation Date:
    2009-06-29 03:20:07
    2009-06-28 16:00:00
Updated Date:
    2017-06-08 12:48:10
    2016-09-27 05:15:31
Expiration Date:
    2021-06-29 03:20:07
    2021-06-28 16:00:00
Email(s):
    supervision@xinnet.com
    domainname@staff.sina.com.cn

Registrar(s):
    XINNET TECHNOLOGY CORPORATION
Name Server(s):
    NS1.SINAAPP.COM
    NS2.SINAAPP.COM
    NS3.SINAAPP.COM
    NS4.SINAAPP.COM
    ns1.sinaapp.com
    ns2.sinaapp.com
    ns3.sinaapp.com
    ns4.sinaapp.com
    ns12.xincache.com
Referral URL(s):
    None
没有防病毒引擎扫描信息!

进程树

iexplore.exe, PID: 1960, 上一级进程 PID: 1872
iexplore.exe, PID: 2252, 上一级进程 PID: 1960
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
140.205.61.85 未知 中国
202.108.35.235 未知 中国
222.186.49.134 未知 中国
58.218.215.188 未知 中国

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 140.205.61.85 hzs1.cnzz.com 80
192.168.122.201 49160 202.108.35.235 xuanpai.sinaapp.com 80
192.168.122.201 49165 202.108.35.235 xuanpai.sinaapp.com 80
192.168.122.201 49162 222.186.49.134 s22.cnzz.com 80
192.168.122.201 49163 58.218.215.188 s22.cnzz.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52966 192.168.122.1 53
192.168.122.201 53222 192.168.122.1 53
192.168.122.201 60990 192.168.122.1 53
192.168.122.201 63715 192.168.122.1 53
192.168.122.201 64841 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
xuanpai.sinaapp.com 未知 CNAME t0.applinzi.com
A 202.108.35.235
A 202.108.35.250
s22.cnzz.com A 58.218.215.188
CNAME all.cnzz.com.danuoyi.tbcache.com
CNAME c.cnzz.com
A 222.186.49.134
hzs1.cnzz.com A 140.205.60.79
CNAME z.cnzz.com
A 140.205.158.4
A 140.205.136.1
CNAME z1.cnzz.com
A 140.205.218.72
A 140.205.61.85
CNAME z.gds.cnzz.com
A 140.205.218.67
c.cnzz.com

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49164 140.205.61.85 hzs1.cnzz.com 80
192.168.122.201 49160 202.108.35.235 xuanpai.sinaapp.com 80
192.168.122.201 49165 202.108.35.235 xuanpai.sinaapp.com 80
192.168.122.201 49162 222.186.49.134 s22.cnzz.com 80
192.168.122.201 49163 58.218.215.188 s22.cnzz.com 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 52966 192.168.122.1 53
192.168.122.201 53222 192.168.122.1 53
192.168.122.201 60990 192.168.122.1 53
192.168.122.201 63715 192.168.122.1 53
192.168.122.201 64841 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://xuanpai.sinaapp.com/tiaosepan/tiaose.php 
GET /tiaosepan/tiaose.php HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=12&ved=0CCEQfjcVBVbkpJeXhSbUd2WHRRVUpuS1hjbWFO&url=http%3A%2F%2Fxuanpai.sinaapp.com%2Ftiaosepan%2Ftiaose.php&ei=T01lZHR5VEdZVHVh&usg=AFQjeXVpWm1YaEJQdmlQ
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: xuanpai.sinaapp.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://xuanpai.sinaapp.com/tiaosepan/tiaosepan.css 
GET /tiaosepan/tiaosepan.css HTTP/1.1
Accept: */*
Referer: http://xuanpai.sinaapp.com/tiaosepan/tiaose.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: xuanpai.sinaapp.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://s22.cnzz.com/stat.php?id=4644814&web_id=4644814 
GET /stat.php?id=4644814&web_id=4644814 HTTP/1.1
Accept: */*
Referer: http://xuanpai.sinaapp.com/tiaosepan/tiaose.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: s22.cnzz.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=4644814&t=z 
GET /core.php?web_id=4644814&t=z HTTP/1.1
Accept: */*
Referer: http://xuanpai.sinaapp.com/tiaosepan/tiaose.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: c.cnzz.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://hzs1.cnzz.com/stat.htm?id=4644814&r=&lg=zh-cn&ntime=none&cnzz_eid=6517598-1526894446-&showp=800x600&t=%E7%8E%84%E6%B4%BE%E5%8F%8D%E6%8A%84%E8%A2%AD%E8%B0%83%E8%89%B2%E7%9B%982.0%E7%89%88&umuuid=16382fc2073138-03166faa311c038-26596859-75300-16382fc216d53&h=1&rnd=1105481455 
GET /stat.htm?id=4644814&r=&lg=zh-cn&ntime=none&cnzz_eid=6517598-1526894446-&showp=800x600&t=%E7%8E%84%E6%B4%BE%E5%8F%8D%E6%8A%84%E8%A2%AD%E8%B0%83%E8%89%B2%E7%9B%982.0%E7%89%88&umuuid=16382fc2073138-03166faa311c038-26596859-75300-16382fc216d53&h=1&rnd=1105481455 HTTP/1.1
Accept: */*
Referer: http://xuanpai.sinaapp.com/tiaosepan/tiaose.php
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: hzs1.cnzz.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://xuanpai.sinaapp.com/favicon.ico 
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: xuanpai.sinaapp.com
Connection: Keep-Alive
Cookie: UM_distinctid=16382fc2073138-03166faa311c038-26596859-75300-16382fc216d53; CNZZDATA4644814=cnzz_eid%3D6517598-1526894446-%26ntime%3D1526894446

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0aee387ca0a52dcdd8f8a29ea76edb42
SHA1 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256 c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32 B451CA0B
Ssdeep 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果 2.0分析时间:2016-11-06 20:10:20查看分析报告
下载提交魔盾安全分析
文件名 index.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052120180522\index.dat
文件大小 32768 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 355fb932bcc78e4b730dca805344a669
SHA1 4dda0b16362be6cb934b047ca33fcf5dba74b71c
SHA256 ff45238c12261eab29d0ed035480c7e7fa1d6dede62727d2f2c78ead959b1e72
CRC32 BFEE4A5B
Ssdeep 6:qjyxXKxM1f3NpFsk5GfUWlTldda3bIOj3NdFsk5GfUWltlddr:qjRxY3tsLUiTcbJ3lsLUild
下载提交魔盾安全分析
文件名 tiaosepan[1].css
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\tiaosepan[1].css
文件大小 1035 字节
文件类型 ASCII text
MD5 29197bfc6014e57279f890db71608816
SHA1 0f6d65dcfc09b20eb7046cd0af86d720652d0115
SHA256 e5b71edf8d885fcc9e0eb51585457bfbc45c604157aabd15b43270057a3e4123
CRC32 33C8A94C
Ssdeep 12:UFgMn/flZOUHsuCS7yDxNSwnacdFsrPCS0HKNcd45hADWys0dNMTefnaVTnwkx2d:UaU/ZeWa/eZ0qeWIzdka0S7mVhs
下载提交魔盾安全分析显示文本 
body { border:0;padding:0;font:11pt sans-serif}
body > h1 {margin:0 0 0.5em 0;font:1em sans-serif;background-color:#def}
body > div {padding:2px}
p {margin-top:0}
.ins {color:green;background:#dfd;text-decoration:none;
/*padding: 3px 0;*/
}
.del {
	color:red;background:#fdd;text-decoration:none;
     
    /*width: 50%;*/
}
#params {margin:1em 0;font: 14px sans-serif}
.panecontainer > p {margin:0;border:1px solid #bcd;border-bottom:none;padding:1px 3px;background:#def;font:14px sans-serif}
.panecontainer > p + div {margin:0;padding:2px 0 2px 2px;border:1px solid #bcd;border-top:none}
.pane {margin:0;padding:0;border:0;width:100%;min-height:20em;overflow:auto;font:12px monospace}
#htmldiff {color:red}
#htmldiff.onlyDeletions ins {display:none}
#htmldiff.onlyInsertions del {display:none}

.same{

	color:red;background:fdd;text-decoration:none;
    line-height: 30px;
    font-size: 14px;
}

 


ins {	color: green;background-color: #cfc;	text-decoration: none;}

del {	color:rgba(35, 32, 32, 0.67);	background-color:#FEC8C8;}
文件名 favicon[2].ico
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\favicon[2].ico
文件大小 9662 字节
文件类型 MS Windows icon resource - 1 icon, 48x48
MD5 2c0a23032cf2d06511475714ed81b69c
SHA1 75b78584da6636d0839043ba833868dc60fafb30
SHA256 7e06159cbd19700fb60151c1231ed929028b533f17ab0ef85099382e5536f13f
CRC32 003466AD
Ssdeep 24:9z/gUUz44444MUUz44444XUUz44444VpyOOObG8IDDiDDDDKOOOyOOOOikDTw+el:9rKSDtigLY5r/nVGYi/9vrICvgjgED
下载提交魔盾安全分析
文件名 stat[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\stat[1].php
文件大小 10983 字节
文件类型 ASCII text, with very long lines
MD5 82aafbc5dba4d78ba146b33a8701d069
SHA1 d3b3d949696bbcf5b8a1cf3b0659bef1863aab20
SHA256 6b814689776d7c02b9c20cd350a78a81d00750724d5dabaf79d1e05feb9c3f0d
CRC32 1EEB8A6E
Ssdeep 192:wfjkcCOuxxxgsoyHijK/Va2mdhwOepS2g9RA25ywADwDPL+khu76BA3W:wfjkcCOuxrho6LVaiOf9KeVLd86BA3W
下载提交魔盾安全分析显示文本 
(function(){function k(){this.c="4644814";this.ca="z";this.Z="";this.W="";this.Y="";this.C="1526894446";this.aa="hzs1.cnzz.com";this.X="";this.G="CNZZDATA"+this.c;this.F="_CNZZDbridge_"+this.c;this.P="_cnzz_CV"+this.c;this.R="CZ_UUID"+this.c;this.L="UM_distinctid";this.H="0";this.K={};this.a={};this.Aa()}function g(a,
b){try{var c=[];c.push("siteid=4644814");c.push("name="+f(a.name));c.push("msg="+f(a.message));c.push("r="+f(h.referrer));c.push("page="+f(e.location.href));c.push("agent="+f(e.navigator.userAgent));c.push("ex="+f(b));c.push("rnd="+Math.floor(2147483648*Math.random()));(new Image).src="http://jserr.cnzz.com/log.php?"+c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,m=decodeURIComponent,r=unescape;k.prototype={Aa:function(){try{this.ja(),this.V(),this.wa(),this.T(),this.za(),
this.w(),this.ua(),this.ta(),this.xa(),this.o(),this.sa(),this.va(),this.ya(),this.qa(),this.oa(),this.ra(),this.Ea(),e[this.F]=e[this.F]||{},this.pa("_cnzz_CV")}catch(a){g(a,"i failed")}},Ca:function(){try{var a=this;e._czc={push:function(){return a.M.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},oa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b++){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?
c[1]:String(c[1]);break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},Ea:function(){try{if("undefined"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=this.c;if("[object Array]"==={}.toString.call(e._czc))for(var a=e._czc,b=0,c=a.length;b<c;b++)this.M(a[b]);this.Ca()}}catch(d){g(d,"pP failed")}},M:function(a){try{if("[object Array]"==={}.toString.call(a))switch(a[0]){case "_trackPageview":if(a[1]){this.a.f="http://"+
e.location.host;"/"!==a[1].charAt(0)&&(this.a.f+="/");this.a.f+=a[1];if(""===a[2])this.a.g="";else if(a[2]){var b=a[2];"http"!==b.substr(0,4)&&(b="http://"+e.location.host,"/"!==a[2].charAt(0)&&(b+="/"),b+=a[2]);this.a.g=b}this.s() <truncated>
文件名 index.dat
相关文件
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小 65536 字节
文件类型 Internet Explorer cache file version Ver 5.2
MD5 0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1 a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256 bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32 36F430F7
Ssdeep 384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
下载提交魔盾安全分析
文件名 stat[1].htm
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\stat[1].htm
文件大小 2 字节
文件类型 ASCII text, with no line terminators
MD5 444bcb3a3fcf8389296c49467f27e1d6
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
CRC32 79DCDD47
Ssdeep 3:V:V
Yara
  • Rule to detect the no presence of any url
  • Rule to detect the no presence of any attachment
  • Rule to detect the no presence of any image
下载提交魔盾安全分析显示文本 
ok
文件名 RecoveryStore.{A5C78E03-5CDB-11E8-912A-5254001C66F4}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A5C78E03-5CDB-11E8-912A-5254001C66F4}.dat
文件大小 3584 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 e74632b198a21a8ee4e7a6a792c360c6
SHA1 c8b3ed3034fac2efd00f92c1027143d66fd96e43
SHA256 d7ccae91d71d0a27d251525ab352b5038751854b86e07be9c332ab8749b076f1
CRC32 3101E648
Ssdeep 12:rl0YmGF2gUrEg5+IaCrI017+FkDrEgmf+IaCy8qgQNlTqo+:rI35/jGv/TQNlWo
下载提交魔盾安全分析
文件名 core[1].php
相关文件
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\core[1].php
文件大小 2548 字节
文件类型 HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5 ca29c467646484a6544d15df883a9619
SHA1 b71aee2e043d965dddb5edc44c42e144caa53e81
SHA256 2013d5bab3bca3724f13315153c887e743d29224867e31e4eff9852ddd58a6bb
CRC32 BCDECE67
Ssdeep 48:AAQj/ul7D+pyVjkTBi2k+oGfrgo+ufW+Emz7jUprCntFar5Tr5FNSLHiFs5vE:Gql+s8BntW+Em5/Gr5Fa0N
下载提交魔盾安全分析显示文本 
!function(){var p,q,r,a=encodeURIComponent,b="4644814",c="",d="",e="online_v3.php",f="hzs1.cnzz.com",g="1",h="text",i="z",j="&#31449;&#38271;&#32479;&#35745;",k=window["_CNZZDbridge_"+b]["bobject"],l="http:",m="1",n=l+"//online.cnzz.com/online/"+e,o=[];o.push("id="+b),o.push("h="+f),o.push("on="+a(d)),o.push("s="+a(c)),n+="?"+o.join("&"),"0"===m&&k["callRequest"]([l+"//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["createScriptIcon"](n,"utf-8"):(q="z"==i?"http://www.cnzz.com/stat/website.php?web_id="+b:"http://quanjing.cnzz.com","pic"===h?(r=l+"//icon.cnzz.com/img/"+c+".gif",p="<a href='"+q+"' target=_blank title='"+j+"'><img border=0 hspace=0 vspace=0 src='"+r+"'></a>"):p="<a href='"+q+"' target=_blank title='"+j+"'>"+j+"</a>",k["createIcon"]([p])))}();(function(){function n(){this.c()}var p=[],e=document,g=window,m=encodeURIComponent,q="unknow",l=null;n.prototype={c:function(){if(!1===this.d())return!1;var a;this.a(e,"mousedown",this.b);a=g.navigator.userAgent;l=e.documentElement&&0!==e.documentElement.clientHeight?e.documentElement:e.body;a=a?a.toLowerCase().replace(/-/g,""):"";for(var b="netscape;se 1.;se 2.;saayaa;360se;tencent;qqbrowser;mqqbrowser;maxthon;myie;theworld;konqueror;firefox;chrome;safari;msie 5.0;msie 5.5;msie 6.0;msie 7.0;msie 8.0;msie 9.0;msie 10.0;Mozilla;opera".split(";"),
d=0;d<b.length;d+=1)if(-1!==a.indexOf(b[d])){q=b[d];break}},a:function(a,b,d){a.addEventListener?a.addEventListener(b,d,!1):a.attachEvent?a.attachEvent("on"+b,d):a["on"+b]=d},b:function(a){a||(a=g[a]);var b=a.target||a.srcElement;"IMG"===b.tagName&&(b=b.parentNode);var b="A"===b.tagName?1:0,d=a.which||a.button,k=a.clientX;a=a.clientY;var f=g.pageYOffset||l.scrollTop,k=k+(g.pageXOffset||l.scrollLeft);a+=f;var f=l.clientWidth||g.innerWidth,r=g.location.href,c=[];c.push("id=4644814");c.push("x="+
k);c.push("y="+a);c.push("w="+f);c.push("s="+g.screen.width+"x"+g.screen.height);c.push("b="+q);c.push("c="+d);c.push("r="+m(e.referrer));c.push("a="+b);c.push("p="+m(r));c.push("random="+m(Date()));var b=c.join("&"),h=new Image;h.o <truncated>
文件名 {A5C78E04-5CDB-11E8-912A-5254001C66F4}.dat
相关文件
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5C78E04-5CDB-11E8-912A-5254001C66F4}.dat
文件大小 5632 字节
文件类型 Composite Document File V2 Document, Cannot read section info
MD5 c1fe3f9012d741a889b61b80be707424
SHA1 1e14d254097d6f69d7e78c4c64102a567437df18
SHA256 907dff091dcf455e7ae6ac8b1f7d430f50cb1d4ca5e5935d9098dc408aab793f
CRC32 1CCC8976
Ssdeep 24:rIMqsG18UcpXPqX/kqXP/qXT6/Nl5oLXwHq5Nl5oLXGpX2:rPRGFcJaDiOxobQ0obGJ2
下载提交魔盾安全分析
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 44.577 seconds )

  • 23.087 NetworkAnalysis
  • 11.279 VirusTotal
  • 7.407 Suricata
  • 1.253 BehaviorAnalysis
  • 0.792 Static
  • 0.569 Dropped
  • 0.186 AnalysisInfo
  • 0.002 Debug
  • 0.002 Memory

Signatures ( 2.113 seconds )

  • 1.395 md_url_bl
  • 0.146 antiav_detectreg
  • 0.062 stealth_timeout
  • 0.051 infostealer_ftp
  • 0.046 api_spamming
  • 0.036 antivm_generic_scsi
  • 0.03 antianalysis_detectreg
  • 0.03 infostealer_im
  • 0.018 antivm_generic_services
  • 0.017 infostealer_mail
  • 0.017 md_domain_bl
  • 0.016 stealth_file
  • 0.012 md_bad_drop
  • 0.01 antivm_generic_disk
  • 0.009 mimics_filetime
  • 0.009 antiav_detectfile
  • 0.008 betabot_behavior
  • 0.008 kibex_behavior
  • 0.008 geodo_banking_trojan
  • 0.007 vawtrak_behavior
  • 0.007 antivm_parallels_keys
  • 0.007 antivm_xen_keys
  • 0.007 darkcomet_regkeys
  • 0.006 antiemu_wine_func
  • 0.006 bootkit
  • 0.006 persistence_autorun
  • 0.006 virus
  • 0.006 infostealer_bitcoin
  • 0.005 kovter_behavior
  • 0.005 antivm_generic_diskreg
  • 0.005 ransomware_extensions
  • 0.005 ransomware_files
  • 0.005 recon_fingerprint
  • 0.004 andromeda_behavior
  • 0.004 hancitor_behavior
  • 0.004 infostealer_browser_password
  • 0.004 antidbg_windows
  • 0.004 antivm_vbox_files
  • 0.003 dridex_behavior
  • 0.003 injection_createremotethread
  • 0.003 antivm_vbox_libs
  • 0.003 antisandbox_productid
  • 0.003 disables_browser_warn
  • 0.003 network_torgateway
  • 0.003 packer_armadillo_regkey
  • 0.002 tinba_behavior
  • 0.002 rat_nanocore
  • 0.002 antiav_avast_libs
  • 0.002 stack_pivot
  • 0.002 ransomware_message
  • 0.002 Locky_behavior
  • 0.002 antivm_vmware_events
  • 0.002 injection_runpe
  • 0.002 cryptowall_behavior
  • 0.002 antivm_xen_keys
  • 0.002 antivm_hyperv_keys
  • 0.002 antivm_vbox_acpi
  • 0.002 antivm_vbox_keys
  • 0.002 antivm_vmware_keys
  • 0.002 antivm_vpc_keys
  • 0.002 browser_security
  • 0.002 bypass_firewall
  • 0.001 hawkeye_behavior
  • 0.001 network_tor
  • 0.001 rat_luminosity
  • 0.001 injection_explorer
  • 0.001 stealth_network
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 kazybot_behavior
  • 0.001 antisandbox_sboxie_libs
  • 0.001 antiav_bitdefender_libs
  • 0.001 dyre_behavior
  • 0.001 shifu_behavior
  • 0.001 exec_crash
  • 0.001 ispy_behavior
  • 0.001 cerber_behavior
  • 0.001 antidbg_devices
  • 0.001 antivm_generic_bios
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_generic_system
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 ie_martian_children
  • 0.001 modify_uac_prompt
  • 0.001 rat_pcclient
  • 0.001 rat_spynet
  • 0.001 recon_programs
  • 0.001 whois_create

Reporting ( 0.398 seconds )

  • 0.398 ReportHTMLSummary
Task ID 162296
Mongo ID 5b0295e6bb7d5735b1f7b7a1
Cuckoo release 1.4-Maldun