恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp01-1	2018-05-21 17:50:07	2018-05-21 17:52:29	142 秒

魔盾分数

3.65

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://xuanpai.sinaapp.com

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	114.80.182.232	未知	中国
否	122.227.164.214	未知	中国
否	123.56.139.60	未知	中国
否	14.116.224.36	未知	中国
否	140.205.218.67	未知	中国
否	183.131.24.41	未知	中国
否	192.35.177.64	未知	美国
否	202.108.35.235	未知	中国
否	202.108.35.250	未知	中国
否	58.218.215.188	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
xuanpai.sinaapp.com	未知	CNAME t0.applinzi.com A 202.108.35.235 A 202.108.35.250
lib.sinaapp.com	A 14.116.224.35 CNAME lib2.sinaapp.com A 14.116.224.36
www.xuanpai.com	未知	CNAME xuanpai.sinaapp.com
s84.cnzz.com	未知	A 58.218.215.188 A 122.228.95.178 CNAME c.cnzz.com A 117.71.17.64 A 222.186.49.134 A 122.227.164.214 CNAME all.cnzz.com.danuoyi.tbcache.com
tjs.sjs.sinajs.cn	未知	A 114.80.182.233 A 114.80.182.232 A 114.80.182.226 CNAME jsimgopen.gslb.sinaedge.com CNAME ww1.sinaimg.cn.w.alikunlun.com A 114.80.182.229 A 114.80.182.230 CNAME tplanet.sinajs.cn CNAME kln.grid.sinaedge.com
static.lianzai.com	未知	CNAME lianzai-static.b0.aicdn.com CNAME nm.ctn.aicdn.com A 183.131.24.41
hzs1.cnzz.com	A 140.205.60.79 CNAME z.cnzz.com A 140.205.158.4 A 140.205.136.1 CNAME z1.cnzz.com A 140.205.218.72 A 140.205.61.85 CNAME z.gds.cnzz.com A 140.205.218.67
c.cnzz.com
blog.lianzai.com	未知	A 123.56.139.60
apps.identrust.com	A 192.35.177.64 CNAME apps.digsigtrust.com

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: Gu Haiyan
Country: CN
State: beijingshi
City: haidianqu
ZIP Code: 100080
Address: 20F, Ideal Plaza, 58 North 4th Ring West Road, Haidian, Beijing

Orginization: SINA.COM TECHNOLOGY(CHINA)CO.,LTD
Domain Name(s):
    SINAAPP.COM
    sinaapp.com
Creation Date:
    2009-06-29 03:20:07
    2009-06-28 16:00:00
Updated Date:
    2017-06-08 12:48:10
    2016-09-27 05:15:31
Expiration Date:
    2021-06-29 03:20:07
    2021-06-28 16:00:00
Email(s):
    supervision@xinnet.com
    domainname@staff.sina.com.cn

Registrar(s):
    XINNET TECHNOLOGY CORPORATION
Name Server(s):
    NS1.SINAAPP.COM
    NS2.SINAAPP.COM
    NS3.SINAAPP.COM
    NS4.SINAAPP.COM
    ns1.sinaapp.com
    ns2.sinaapp.com
    ns3.sinaapp.com
    ns4.sinaapp.com
    ns12.xincache.com
Referral URL(s):
    None

防病毒引擎/厂商	网站安全分析
CLEAN MX	Clean Site
DNS8	Clean Site
VX Vault	Clean Site
ZDB Zeus	Clean Site
Tencent	Clean Site
Netcraft	Unrated Site
desenmascara_me	Clean Site
Dr_Web	Clean Site
PhishLabs	Unrated Site
Zerofox	Clean Site
K7AntiVirus	Clean Site
Virusdie External Site Scan	Clean Site
SCUMWARE_org	Clean Site
Quttera	Clean Site
AegisLab WebGuard	Clean Site
MalwareDomainList	Clean Site
ZeusTracker	Clean Site
zvelo	Clean Site
Google Safebrowsing	Clean Site
Kaspersky	Unrated Site
BitDefender	Clean Site
Certly	Clean Site
G-Data	Clean Site
C-SIRT	Clean Site
OpenPhish	Clean Site
Malware Domain Blocklist	Clean Site
MalwarePatrol	Clean Site
Webutation	Clean Site
Trustwave	Clean Site
Web Security Guard	Clean Site
CyRadar	Clean Site
ADMINUSLabs	Clean Site
Malwarebytes hpHosts	Clean Site
Opera	Clean Site
AlienVault	Clean Site
Emsisoft	Clean Site
Malc0de Database	Clean Site
Spam404	Clean Site
Phishtank	Clean Site
Malwared	Clean Site
Avira	Clean Site
NotMining	Unrated Site
CyberCrime	Clean Site
Antiy-AVL	Clean Site
Forcepoint ThreatSeeker	Clean Site
FraudSense	Clean Site
malwares_com URL checker	Clean Site
Comodo Site Inspector	Clean Site
Malekal	Clean Site
ESET	Clean Site
Sophos	Unrated Site
Yandex Safebrowsing	Clean Site
SecureBrain	Clean Site
Nucleon	Clean Site
Sucuri SiteCheck	Clean Site
Blueliv	Clean Site
ZCloudsec	Clean Site
AutoShun	Unrated Site
ThreatHive	Clean Site
FraudScore	Clean Site
Rising	Clean Site
URLQuery	Clean Site
StopBadware	Unrated Site
Fortinet	Clean Site
ZeroCERT	Clean Site
Baidu-International	Clean Site
securolytics	Clean Site

进程树

iexplore.exe id: 1604
- iexplore.exe id: 2284
- iexplore.exe id: 2836

iexplore.exe, PID: 1604, 上一级进程 PID: 1872

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2284, 上一级进程 PID: 1604

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2836, 上一级进程 PID: 1604

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	114.80.182.232	未知	中国
否	122.227.164.214	未知	中国
否	123.56.139.60	未知	中国
否	14.116.224.36	未知	中国
否	140.205.218.67	未知	中国
否	183.131.24.41	未知	中国
否	192.35.177.64	未知	美国
否	202.108.35.235	未知	中国
否	202.108.35.250	未知	中国
否	58.218.215.188	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49166	114.80.182.232 tjs.sjs.sinajs.cn	80
192.168.122.201	49175	123.56.139.60 blog.lianzai.com	443
192.168.122.201	49177	123.56.139.60 blog.lianzai.com	443
192.168.122.201	49163	14.116.224.36 lib.sinaapp.com	80
192.168.122.201	49176	192.35.177.64 apps.identrust.com	80
192.168.122.201	49160	202.108.35.235 xuanpai.sinaapp.com	80
192.168.122.201	49164	202.108.35.250 xuanpai.sinaapp.com	80
192.168.122.201	49167	202.108.35.250 xuanpai.sinaapp.com	80
192.168.122.201	49168	202.108.35.250 xuanpai.sinaapp.com	80
192.168.122.201	49172	202.108.35.250 xuanpai.sinaapp.com	80
192.168.122.201	49165	58.218.215.188 s84.cnzz.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	51722	192.168.122.1	53
192.168.122.201	52846	192.168.122.1	53
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	53222	192.168.122.1	53
192.168.122.201	55895	192.168.122.1	53
192.168.122.201	58559	192.168.122.1	53
192.168.122.201	59602	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53
192.168.122.201	63650	192.168.122.1	53
192.168.122.201	63715	192.168.122.1	53
192.168.122.201	64841	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
xuanpai.sinaapp.com	未知	CNAME t0.applinzi.com A 202.108.35.235 A 202.108.35.250
lib.sinaapp.com	A 14.116.224.35 CNAME lib2.sinaapp.com A 14.116.224.36
www.xuanpai.com	未知	CNAME xuanpai.sinaapp.com
s84.cnzz.com	未知	A 58.218.215.188 A 122.228.95.178 CNAME c.cnzz.com A 117.71.17.64 A 222.186.49.134 A 122.227.164.214 CNAME all.cnzz.com.danuoyi.tbcache.com
tjs.sjs.sinajs.cn	未知	A 114.80.182.233 A 114.80.182.232 A 114.80.182.226 CNAME jsimgopen.gslb.sinaedge.com CNAME ww1.sinaimg.cn.w.alikunlun.com A 114.80.182.229 A 114.80.182.230 CNAME tplanet.sinajs.cn CNAME kln.grid.sinaedge.com
static.lianzai.com	未知	CNAME lianzai-static.b0.aicdn.com CNAME nm.ctn.aicdn.com A 183.131.24.41
hzs1.cnzz.com	A 140.205.60.79 CNAME z.cnzz.com A 140.205.158.4 A 140.205.136.1 CNAME z1.cnzz.com A 140.205.218.72 A 140.205.61.85 CNAME z.gds.cnzz.com A 140.205.218.67
c.cnzz.com
blog.lianzai.com	未知	A 123.56.139.60
apps.identrust.com	A 192.35.177.64 CNAME apps.digsigtrust.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49166	114.80.182.232 tjs.sjs.sinajs.cn	80
192.168.122.201	49175	123.56.139.60 blog.lianzai.com	443
192.168.122.201	49177	123.56.139.60 blog.lianzai.com	443
192.168.122.201	49163	14.116.224.36 lib.sinaapp.com	80
192.168.122.201	49176	192.35.177.64 apps.identrust.com	80
192.168.122.201	49160	202.108.35.235 xuanpai.sinaapp.com	80
192.168.122.201	49164	202.108.35.250 xuanpai.sinaapp.com	80
192.168.122.201	49167	202.108.35.250 xuanpai.sinaapp.com	80
192.168.122.201	49168	202.108.35.250 xuanpai.sinaapp.com	80
192.168.122.201	49172	202.108.35.250 xuanpai.sinaapp.com	80
192.168.122.201	49165	58.218.215.188 s84.cnzz.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	51722	192.168.122.1	53
192.168.122.201	52846	192.168.122.1	53
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	53222	192.168.122.1	53
192.168.122.201	55895	192.168.122.1	53
192.168.122.201	58559	192.168.122.1	53
192.168.122.201	59602	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53
192.168.122.201	63650	192.168.122.1	53
192.168.122.201	63715	192.168.122.1	53
192.168.122.201	64841	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://xuanpai.sinaapp.com/	GET / HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=12&ved=0CCEQfjSmhQVkdkb25OQ0puYlR6SkVGQkh4&url=http%3A%2F%2Fxuanpai.sinaapp.com&ei=a1FTVll2Y3ZLVlps&usg=AFQjdWZZZ0xLTFpGZUtz Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: xuanpai.sinaapp.com Connection: Keep-Alive
URL专业沙箱检测 -> http://lib.sinaapp.com/js/jquery/1.8.3/jquery.min.js	GET /js/jquery/1.8.3/jquery.min.js HTTP/1.1 Accept: / Referer: http://xuanpai.sinaapp.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: lib.sinaapp.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.xuanpai.com/css/global.css	GET /css/global.css HTTP/1.1 Accept: / Referer: http://xuanpai.sinaapp.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.xuanpai.com Connection: Keep-Alive
URL专业沙箱检测 -> http://tjs.sjs.sinajs.cn/open/api/js/wb.js	GET /open/api/js/wb.js HTTP/1.1 Accept: / Referer: http://xuanpai.sinaapp.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: tjs.sjs.sinajs.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://s84.cnzz.com/stat.php?id=4644814&web_id=4644814	GET /stat.php?id=4644814&web_id=4644814 HTTP/1.1 Accept: / Referer: http://xuanpai.sinaapp.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: s84.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.xuanpai.com/css/img/menu_bg.png	GET /css/img/menu_bg.png HTTP/1.1 Accept: / Referer: http://xuanpai.sinaapp.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.xuanpai.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.xuanpai.com/images/xuanpaicode.jpg	GET /images/xuanpaicode.jpg HTTP/1.1 Accept: / Referer: http://xuanpai.sinaapp.com/ Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.xuanpai.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.xuanpai.com/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: www.xuanpai.com Connection: Keep-Alive
URL专业沙箱检测 -> http://apps.identrust.com/roots/dstrootcax3.p7c	GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2018-05-21 17:50:36.087912+0800	192.168.122.201	49175	123.56.139.60	443	TLS 1.2	C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3	CN=blog.lianzai.com	88:28:8c:d6:10:5b:69:c5:e9:02:66:2a:05:08:2b:a7:d0:ec:f5:16

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	{6806AAA1-5CDC-11E8-912A-5254001C66F4}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6806AAA1-5CDC-11E8-912A-5254001C66F4}.dat
文件大小	5632 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	6a0838bf832a6a64423940c320ccb4e8
SHA1	643e0b926f6fb9fc36b8e654158e324b70032cec
SHA256	c66763c0630f311d4158bc55302b0f488d8482f5e56fa5e1163311ff766e069a
CRC32	3B829741
Ssdeep	24:rAxGTw/NlJo1aG8Hb/sDv2q9dPq9dxY7Mjq9d7PhtaJNlJo1E/sDf73:rUGcBo1aRbivBQjuRBZA7o1Eij3
	下载提交魔盾安全分析

文件名	errorPageStrings[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\errorPageStrings[1]
文件大小	1643 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	13216fa0f896b1b7c445fe9a54b5b998
SHA1	d343d35b45507640bc68487d4ad3afcb927ce950
SHA256	7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61
CRC32	3A14753A
Ssdeep	48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:07:57 查看分析报告
	下载提交魔盾安全分析

文件名	green_shield[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\green_shield[1]
文件大小	3501 字节
文件类型	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	254d388ce19d84a54fd44571e049e6a6
SHA1	51ca725642f679978f5880278e5cac5ca4f70fae
SHA256	c686babc034f53a24a1206019e958ba8fc879216fd7b6a4b972f188535341227
CRC32	265B0B9C
Ssdeep	96:5SDZ/I09Da01l+gmkyTt6Hk8nTkN9D6ZB+:5SDS0tKg9E05TkN92ZE
	下载提交魔盾安全分析

文件名	xuanpaicode[1].jpg
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\xuanpaicode[1].jpg
文件大小	53299 字节
文件类型	PNG image data, 700 x 213, 8-bit/color RGB, non-interlaced
MD5	b26c9d5cfb588c2547c3f0e280dc30bb
SHA1	f9a59ed87d3cf2bf77e2ed3260d8aa6b70c9ba52
SHA256	a8834a79c5aa75bdcc98b68650a960c09e8d348e58a353c86dac68b9ba4dcf03
CRC32	51C79093
Ssdeep	768:xckz1b9Mh68kB+nAyy0XmTo+P0EvU2bVT90cpjDbbwbUmgr/U2UYCP8YTxZ8SjnG:6mFSZXK10Ecwj04Dbbj7+YUPTx3igC/
	下载提交魔盾安全分析

文件名	red_shield_48[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\red_shield_48[1]
文件大小	7005 字节
文件类型	PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced
MD5	f413dd8a75b81a154a1fd5e4c4a0a782
SHA1	667f7e3da51ca3417a1feb66d238466423c9487d
SHA256	f2afc04a24c9d89d3c2f0d73f8cd6fb6b65adbe333196c3f99cc7d6868847ceb
CRC32	D96BDACF
Ssdeep	192:8SDS0tKg9E05Tz045xhOwZtbiFHsrC3rlTqpHbW:7JXE05d5xhOwtGsSTqpHC
	下载提交魔盾安全分析

文件名	httpErrorPagesScripts[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\httpErrorPagesScripts[1]
文件大小	8601 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5	e7ca76a3c9ee0564471671d500e3f0f3
SHA1	fe815ae0f865ec4c26e421bf0bd21bb09bc6f410
SHA256	58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
CRC32	A7C34EF3
Ssdeep	192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:05:24 查看分析报告
	下载提交魔盾安全分析

文件名	invalidcert[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\invalidcert[1]
文件大小	4754 字节
文件类型	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	0f9f1ca3f50fbf885ca57019b99ba7b7
SHA1	22e3b33279e2aad973922839c2518898dbdeb3cf
SHA256	2af130e2ecc3c69f6fa7d78501aec8091a4a1ffd1212893c7b0faaf4a9622c2d
CRC32	0E642371
Ssdeep	48:R3WIysIprQU1YVPlSIXh1cns5PFkiGjUpgXowHMzhCFKiAQVu21kpD8VK6Atefc5:UJsUDls5PFkiGjUp4oW4XwVBkPs+/oLy
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

文件名	down[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\down[1]
文件大小	3414 字节
文件类型	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5	555e83ce7f5d280d7454af334571fb25
SHA1	47f78f68d72e3d9041acc9107a6b0d665f408385
SHA256	70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
CRC32	9EA3279D
Ssdeep	96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe
	下载提交魔盾安全分析

文件名	favicon[1].ico
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\favicon[1].ico
文件大小	9662 字节
文件类型	MS Windows icon resource - 1 icon, 48x48
MD5	2c0a23032cf2d06511475714ed81b69c
SHA1	75b78584da6636d0839043ba833868dc60fafb30
SHA256	7e06159cbd19700fb60151c1231ed929028b533f17ab0ef85099382e5536f13f
CRC32	003466AD
Ssdeep	24:9z/gUUz44444MUUz44444XUUz44444VpyOOObG8IDDiDDDDKOOOyOOOOikDTw+el:9rKSDtigLY5r/nVGYi/9vrICvgjgED
	下载提交魔盾安全分析

文件名	invalidcert[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\invalidcert[1]
文件大小	3127 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	b525b5b56443da423ca00841c1c06979
SHA1	0fb8c426efed05043a69221d0b021aacc39d141e
SHA256	81742eb16bc5d08b785e0569e1588616d81ee8e923e72243e553d14b503326a7
CRC32	27AD2EBC
Ssdeep	96:Si9yo3+bI1hDXxbLUh2XXyFyyU2vPMOggynJ+yVylcw:S8yo3+bI1hDBbLUh2XXyFyyU2vPMOggZ
	下载提交魔盾安全分析

文件名	stat[1].php
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\stat[1].php
文件大小	10983 字节
文件类型	ASCII text, with very long lines
MD5	ff1f35252d1e570498bb62df46821e22
SHA1	c0e541e3683a7cbe0f027850f946ed73295ab50d
SHA256	ac56b348a36d4d77b9b8999b892a22d720bd2a915f7ba87a5ecfc0095f178b78
CRC32	266EEF00
Ssdeep	192:KfjkcCOuxxxgsoyHijK/Va2mdhwOepS2g9RA25ywADwDPL+khu76BA3W:KfjkcCOuxrho6LVaiOf9KeVLd86BA3W
	下载提交魔盾安全分析显示文本
(function(){function k(){this.c="4644814";this.ca="z";this.Z="";this.W="";this.Y="";this.C="1526893113";this.aa="hzs1.cnzz.com";this.X="";this.G="CNZZDATA"+this.c;this.F="_CNZZDbridge_"+this.c;this.P="_cnzz_CV"+this.c;this.R="CZ_UUID"+this.c;this.L="UM_distinctid";this.H="0";this.K={};this.a={};this.Aa()}function g(a, b){try{var c=[];c.push("siteid=4644814");c.push("name="+f(a.name));c.push("msg="+f(a.message));c.push("r="+f(h.referrer));c.push("page="+f(e.location.href));c.push("agent="+f(e.navigator.userAgent));c.push("ex="+f(b));c.push("rnd="+Math.floor(2147483648*Math.random()));(new Image).src="http://jserr.cnzz.com/log.php?"+c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,m=decodeURIComponent,r=unescape;k.prototype={Aa:function(){try{this.ja(),this.V(),this.wa(),this.T(),this.za(), this.w(),this.ua(),this.ta(),this.xa(),this.o(),this.sa(),this.va(),this.ya(),this.qa(),this.oa(),this.ra(),this.Ea(),e[this.F]=e[this.F]\|\|{},this.pa("_cnzz_CV")}catch(a){g(a,"i failed")}},Ca:function(){try{var a=this;e._czc={push:function(){return a.M.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},oa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b++){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])? c[1]:String(c[1]);break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},Ea:function(){try{if("undefined"===typeof e._cz_account\|\|e._cz_account===this.c){e._cz_account=this.c;if("[object Array]"==={}.toString.call(e._czc))for(var a=e._czc,b=0,c=a.length;b<c;b++)this.M(a[b]);this.Ca()}}catch(d){g(d,"pP failed")}},M:function(a){try{if("[object Array]"==={}.toString.call(a))switch(a[0]){case "_trackPageview":if(a[1]){this.a.f="http://"+ e.location.host;"/"!==a[1].charAt(0)&&(this.a.f+="/");this.a.f+=a[1];if(""===a[2])this.a.g="";else if(a[2]){var b=a[2];"http"!==b.substr(0,4)&&(b="http://"+e.location.host,"/"!==a[2].charAt(0)&&(b+="/"),b+=a[2]);this.a.g=b}this.s() <truncated>

文件名	wb[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\wb[1].js
文件大小	34498 字节
文件类型	UTF-8 Unicode text, with very long lines, with no line terminators
MD5	a529ba54a619035353081f4c92ed4398
SHA1	fddbafd3e6cdf811a65951c71c9fbf30c9e46414
SHA256	b01e8a7c878711f6b2e5091d9d616cbcd8489110fcb8fa2d19994f4d96e85602
CRC32	83BDABBB
Ssdeep	768:UKUQdYBY0q9GgFeSH0u2OLLHVPtcLPS/S0UoXQqqPJInMiSg/lLTcRi:qsea0u1LLHVPtcLPS/S0UOgJIzlLTH
Yara	Rule to detect the presence of an or several urls Rule to detect the no presence of any attachment Rule to detect the no presence of any image
	下载提交魔盾安全分析显示文本
(function(){var STK=(function(){var that={};var errorList=[];that.inc=function(ns,undepended){return true};that.register=function(ns,maker){var NSList=ns.split(".");var step=that;var k=null;while(k=NSList.shift()){if(NSList.length){if(step[k]===undefined){step[k]={}}step=step[k]}else{if(step[k]===undefined){try{step[k]=maker(that)}catch(exp){errorList.push(exp)}}}}};that.regShort=function(sname,sfun){if(that[sname]!==undefined){throw"["+sname+"] : short : has been register"}that[sname]=sfun};that.IE=/msie/i.test(navigator.userAgent);that.E=function(id){if(typeof id==="string"){return document.getElementById(id)}else{return id}};that.C=function(tagName){var dom;tagName=tagName.toUpperCase();if(tagName=="TEXT"){dom=document.createTextNode("")}else{if(tagName=="BUFFER"){dom=document.createDocumentFragment()}else{dom=document.createElement(tagName)}}return dom};that.log=function(str){errorList.push("["+((new Date()).getTime()%100000)+"]: "+str)};that.getErrorLogInformationList=function(n){return errorList.splice(0,n\|\|errorList.length)};return that})();$Import=STK.inc;STK.register("core.str.trim",function($){return function(str){if(typeof str!=="string"){throw"trim need a string as parameter"}var len=str.length;var s=0;var reg=/(\u3000\|\s\|\t\|\u00A0)/;while(s<len){if(!reg.test(str.charAt(s))){break}s+=1}while(len>s){if(!reg.test(str.charAt(len-1))){break}len-=1}return str.slice(s,len)}});STK.register("core.evt.addEvent",function($){return function(sNode,sEventType,oFunc){var oElement=$.E(sNode);if(oElement==null){return false}sEventType=sEventType\|\|"click";if((typeof oFunc).toLowerCase()!="function"){return}if(oElement.addEventListener){oElement.addEventListener(sEventType,oFunc,false)}else{if(oElement.attachEvent){oElement.attachEvent("on"+sEventType,oFunc)}else{oElement["on"+sEventType]=oFunc}}return true}});STK.register("core.obj.parseParam",function($){return function(oSource,oParams,isown){var key,obj={};oParams=oParams\|\|{};for(key in oSource){obj[key]=oSource[key];if(oParams[key]!=null){if(isown){if(oSource.hasOw <truncated>

文件名	menu_bg[1].png
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\menu_bg[1].png
文件大小	227 字节
文件类型	PNG image data, 30 x 60, 8-bit/color RGBA, non-interlaced
MD5	ce95a97b9064e755b16e0fe459307bb9
SHA1	999225c782c33dbf9e5785e11d157e94eb5f4e80
SHA256	07eec4cf8a411980c5b1b6fbc886f48c37017e3cff0ec8f52eccba790f243000
CRC32	47B2EE7A
Ssdeep	6:6v/lhP5lmGjnDsp5JHwwVhc6HWkRgEWN0bCl/jp:6v/7DmRl9Vhc6aEWN1
	下载提交魔盾安全分析

文件名	{575876C4-5CDC-11E8-912A-5254001C66F4}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{575876C4-5CDC-11E8-912A-5254001C66F4}.dat
文件大小	6656 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	5e6afc09ba77ff0c0545ff9df3373c17
SHA1	d5706156d276a53655d1c49e1fcd637293ee05cb
SHA256	35560ccb22a209a9a3c014e8ce3ac19a3254f70f1f21b705c5469b690716937d
CRC32	900EC8D7
Ssdeep	48:r4XGCUd0B5+tMEyponlGAh7QRXwMongBhx:myApAklx
	下载提交魔盾安全分析

文件名	RecoveryStore.{575876C3-5CDC-11E8-912A-5254001C66F4}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{575876C3-5CDC-11E8-912A-5254001C66F4}.dat
文件大小	5120 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	7f3755440e68fdb9dfc8180a514ae5c3
SHA1	5161fe1ca302e1127cc7bb49b425b37ac95b5f23
SHA256	387940c04e502f348b5124650991f5da99fc0ccaa2352ced1bfdca415991a1cb
CRC32	BE10B257
Ssdeep	12:rl0oXGF24X/OrEgm8G+IaCrI05c8OhbCF2orEg5+IaCrI057uHrG77dQNlTqoA2J:rJ4X/OG8O/K8yo5/JQNlWoA+NlWoA
	下载提交魔盾安全分析

文件名	E0F5C59F9FA661F6F4C50B87FEF3A15A
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
文件大小	212 字节
文件类型	data
MD5	e43b39a162c0056d1eeef2d3aa24b9eb
SHA1	a3a058bab9d78b177cdfc7d479114c5514b39feb
SHA256	794109a38c8f6f28b79ad0410ae394b0c07bd68995b57d15ea7596d126f03199
CRC32	6A35C344
Ssdeep	3:kkFklj4Pl/fllXlE/islolzRkwWBARLNDU+ZMlKlBkvclcMlVn:kKnl6loliBAIdQZVn
	下载提交魔盾安全分析

文件名	jquery.min[1].js
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\jquery.min[1].js
文件大小	93636 字节
文件类型	ASCII text, with very long lines
MD5	3576a6e73c9dccdbbc4a2cf8ff544ad7
SHA1	06e872300088b9ba8a08427d28ed0efcdf9c6ff5
SHA256	61c6caebd23921741fb5ffe6603f16634fca9840c2bf56ac8201e9264d6daccf
CRC32	0F70F489
Ssdeep	1536:s6IzxETpavYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:O+vIklosn/BLXjxzMhsSQ
Yara	Rule to detect the no presence of any url Rule to detect the no presence of any attachment Rule to detect the no presence of any image
	下载提交魔盾安全分析显示文本
/! jQuery v1.8.3 jquery.com \| jquery.org/license / (function(e,t){function _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-"+n.replace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string"){try{r=r==="true"?!0:r==="false"?!1:r==="null"?null:+r+""===r?+r:D.test(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}function B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continue;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt(){return!0}function ut(e){return!e\|\|!e.parentNode\|\|e.parentNode.nodeType===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}function ft(e,t,n){t=t\|\|0;if(v.isFunction(t))return v.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t,r,!n);t=v.filter(t,r)}return v.grep(e,function(e,r){return v.inArray(e,t)>=0===n})}function lt(e){var t=ct.split("\|"),n=e.createDocumentFragment();if(n.createElement)while(t.length)n.createElement(t.pop());return n}function Lt(e,t){return e.getElementsByTagName(t)[0]\|\|e.appendChild(e.ownerDocument.createElement(t))}function At(e,t){if(t.nodeType!==1\|\|!v.hasData(e))return;var n,r,i,s=v._data(e),o=v._data(t,s),u=s.events;if(u){delete o.handle,o.events={};for(n in u)for(r=0,i=u[n].length;r<i;r++)v.event.add(t,n,u[n][r])}o.data&&(o.data=v.extend({},o.data))}function Ot(e,t){var n;if(t.nodeType!==1)return;t.clearAttributes&&t.clearAttributes(),t.mergeAttributes&&t.mergeAttributes(e),n=t.nodeName.toLowerCase(),n==="object"?(t.parentNode&&(t.outerHTML=e.outerHTML),v.support.html5Clone&&e.innerHTML&&!v.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):n==="input"&&Et.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):n==="option"?t.selected=e.defaultSelected:n==="input"\|\|n==="textarea"?t.defaultValue=e.defaultValue:n==="scrip <truncated>

文件名	red_shield[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\red_shield[1]
文件大小	3508 字节
文件类型	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	87de5d9a3403e1d7635885cbaa52389d
SHA1	50b32c5966331e3e27bef987fd1da0129423d348
SHA256	21d03f19c4b1c12db2feb8fb3a373d7e378976ecdfb64efb300204edc8947d3d
CRC32	15814E36
Ssdeep	96:5SDZ/I09Da01l+gmkyTt6Hk8nTzVcxkZFd/:5SDS0tKg9E05TJcxi
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小	262144 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	fbe6ba880d1f6cadfd771536120f2c73
SHA1	34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256	a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
CRC32	E94B92FD
Ssdeep	768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
	下载提交魔盾安全分析

文件名	ErrorPageTemplate[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\ErrorPageTemplate[1]
文件大小	2226 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	9e7f4ae3f245c70af5b7dbe095647d30
SHA1	cbcffb08f72c10e3e2493ca0044872a7ebdc7215
SHA256	2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df
CRC32	08BB8CA5
Ssdeep	48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:07:12 查看分析报告
	下载提交魔盾安全分析

文件名	E0F5C59F9FA661F6F4C50B87FEF3A15A
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
文件大小	893 字节
文件类型	data
MD5	d4ae187b4574036c2d76b6df8a8c1a30
SHA1	b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256	a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32	1C31685D
Ssdeep	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
	下载提交魔盾安全分析

文件名	background_gradient_red[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\background_gradient_red[1]
文件大小	868 字节
文件类型	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x800, frames 3
MD5	337038e78cf3c521402fc7352bdd5ea6
SHA1	017eaf48983c31ae36b5de5de4db36bf953b3136
SHA256	fbc23311fb5eb53c73a7ca6bfc93e8fa3530b07100a128b4905f8fb7cb145b61
CRC32	C08DA614
Ssdeep	24:vk9YMW80o0XxDuLHeOWXG4OZ7DAJuLHenX36n8R0O3kwd2q:M9YM3uERAq8uyJdB
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1	a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256	bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32	36F430F7
Ssdeep	384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
	下载提交魔盾安全分析

文件名	MSIMGSIZ.DAT
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小	16384 字节
文件类型	data
MD5	133feee5310e20e4ba94e459bae8b3e4
SHA1	3683dd609fb29ed26d3f41f0f943914d29b6ffae
SHA256	7cbd32f4a41694695e78f9ac3af6fe2e8afca7dc966f7904fa498269572d68b6
CRC32	4F400BC6
Ssdeep	48:jGQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:CBXHbbSrka5PIL8mJdcPzz76
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018052220180523\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	23ce3c56847dfced07e0fae498be7c87
SHA1	f78c172bb18dab7208e923d79438cced1cb49baf
SHA256	6b09d193e465d46e09d8c6feb95c82a0ef5415f964f4a8d1329830db19a6ca76
CRC32	1A3A835C
Ssdeep	6:qjyxXK87g373FustXBiTlddr936FustXBitlddr:qjRD371HBiTd93uHBild
	下载提交魔盾安全分析

文件名	global[1].css
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\global[1].css
文件大小	24151 字节
文件类型	ISO-8859 text, with very long lines, with CR line terminators
MD5	0cf16cb3ffb62f5454113a1cbfe3b759
SHA1	fba390a405dd3b5ed8dc86d973e1382b9b54bcac
SHA256	2d15f39d1d47fd1ffae1d41b5cae2026b7888f16eacde1f1b044241608886a46
CRC32	3F315266
Ssdeep	384:7fVew5a9UA1lYDWwCOeaIpH5ql5+0U5P4:Zb5a9UIHxB5ql5NU5w
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 34.148 seconds )

21.186 NetworkAnalysis
7.427 Suricata
2.12 BehaviorAnalysis
1.38 Dropped
1.08 VirusTotal
0.771 Static
0.18 AnalysisInfo
0.002 Debug
0.002 Memory

Signatures ( 2.469 seconds )

1.399 md_url_bl
0.164 antiav_detectreg
0.11 stealth_timeout
0.085 api_spamming
0.06 infostealer_ftp
0.058 antivm_generic_scsi
0.039 md_domain_bl
0.035 infostealer_im
0.034 antianalysis_detectreg
0.033 md_bad_drop
0.03 antivm_generic_services
0.023 stealth_file
0.019 mimics_filetime
0.019 antivm_generic_disk
0.019 infostealer_mail
0.014 bootkit
0.014 virus
0.013 vawtrak_behavior
0.011 antiemu_wine_func
0.011 antiav_detectfile
0.01 betabot_behavior
0.009 kibex_behavior
0.009 infostealer_browser_password
0.009 antidbg_windows
0.009 kovter_behavior
0.009 geodo_banking_trojan
0.008 hancitor_behavior
0.008 heapspray_js
0.008 antivm_parallels_keys
0.008 antivm_xen_keys
0.008 darkcomet_regkeys
0.008 infostealer_bitcoin
0.007 andromeda_behavior
0.007 dridex_behavior
0.007 persistence_autorun
0.006 antivm_vbox_libs
0.005 injection_createremotethread
0.005 virtualcheck_js
0.005 antivm_generic_diskreg
0.005 ransomware_extensions
0.005 ransomware_files
0.004 antiav_avast_libs
0.004 ransomware_message
0.004 Locky_behavior
0.004 cryptowall_behavior
0.004 antivm_vbox_files
0.004 recon_fingerprint
0.003 stack_pivot
0.003 stealth_network
0.003 antisandbox_sunbelt_libs
0.003 exec_crash
0.003 antivm_vmware_events
0.003 injection_runpe
0.003 antisandbox_productid
0.003 antivm_hyperv_keys
0.003 antivm_vbox_keys
0.003 antivm_vmware_keys
0.003 disables_browser_warn
0.002 tinba_behavior
0.002 hawkeye_behavior
0.002 rat_nanocore
0.002 rat_luminosity
0.002 sets_autoconfig_url
0.002 antisandbox_sboxie_libs
0.002 ipc_namedpipe
0.002 antiav_bitdefender_libs
0.002 dyre_behavior
0.002 shifu_behavior
0.002 ispy_behavior
0.002 antivm_xen_keys
0.002 antivm_vbox_acpi
0.002 antivm_vpc_keys
0.002 browser_security
0.002 bypass_firewall
0.002 network_torgateway
0.002 packer_armadillo_regkey
0.001 network_tor
0.001 persistence_bootexecute
0.001 disables_spdy
0.001 network_anomaly
0.001 antivm_vmware_libs
0.001 clickfraud_cookies
0.001 antivm_vbox_window
0.001 injection_explorer
0.001 modifies_desktop_wallpaper
0.001 kazybot_behavior
0.001 dead_connect
0.001 chimera_behavior
0.001 java_js
0.001 js_phish
0.001 disables_wfp
0.001 cerber_behavior
0.001 h1n1_behavior
0.001 antisandbox_script_timer
0.001 silverlight_js
0.001 securityxploded_modules
0.001 antidbg_devices
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 ie_martian_children
0.001 modify_uac_prompt
0.001 rat_pcclient
0.001 recon_programs

Reporting ( 0.389 seconds )

0.389 ReportHTMLSummary


Task ID	162297
Mongo ID	5b029707bb7d5735aaf7b788
Cuckoo release	1.4-Maldun