恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp03-1	2018-05-21 19:54:40	2018-05-21 19:57:03	143 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://khd.nwzhi.com/khd_nwzhi_start.dll?v=201801220416

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	58.216.106.208	未知	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
khd.nwzhi.com	未知	CNAME temp.p23.tc.cdntip.com CNAME tiny.china.qiniu.cloud.cdntip.com CNAME iduxcfq.qiniudns.com A 180.101.217.205 A 180.101.217.192 A 180.101.217.117 A 221.228.218.203 A 58.216.106.210 A 221.228.219.107 A 58.216.106.208 A 221.228.219.71 A 221.228.218.214 CNAME tiny2.china.line.qiniudns.com A 180.101.217.196

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: Nexperian Holding Limited
Country: CN
State: Zhejiang
City: Hangzhou
ZIP Code: 311121
Address: Le Jia International No.999 Liang Mu Road Yuhang District

Orginization: Nexperian Holding Limited
Domain Name(s):
    NWZHI.COM
    nwzhi.com
Creation Date:
    2012-01-05 06:53:53
Updated Date:
    2017-07-07 03:41:13
Expiration Date:
    2019-01-05 06:53:53
Email(s):
    DomainAbuse@service.aliyun.com
    YuMing@YinSiBaoHu.AliYun.com

Registrar(s):
    HiChina Zhicheng Technology Ltd.
Name Server(s):
    DNS27.HICHINA.COM
    DNS28.HICHINA.COM
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

iexplore.exe id: 2108
- iexplore.exe id: 2344

iexplore.exe, PID: 2108, 上一级进程 PID: 1896

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2344, 上一级进程 PID: 2108

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	58.216.106.208	未知	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	55824	192.168.122.1	53
192.168.122.201	55825	58.216.106.208 khd.nwzhi.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49651	192.168.122.1	53
192.168.122.201	52308	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
khd.nwzhi.com	未知	CNAME temp.p23.tc.cdntip.com CNAME tiny.china.qiniu.cloud.cdntip.com CNAME iduxcfq.qiniudns.com A 180.101.217.205 A 180.101.217.192 A 180.101.217.117 A 221.228.218.203 A 58.216.106.210 A 221.228.219.107 A 58.216.106.208 A 221.228.219.71 A 221.228.218.214 CNAME tiny2.china.line.qiniudns.com A 180.101.217.196

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	55824	192.168.122.1	53
192.168.122.201	55825	58.216.106.208 khd.nwzhi.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49651	192.168.122.1	53
192.168.122.201	52308	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://khd.nwzhi.com/khd_nwzhi_start.dll?v=201801220416	GET /khd_nwzhi_start.dll?v=201801220416 HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CCEQfjWVp5RlZpZkNDQ0lYVUZoT3lqaXB2&url=http%3A%2F%2Fkhd.nwzhi.com%2Fkhd_nwzhi_start.dll%3Fv%3D201801220416&ei=UkR1dGFPUUREWEFU&usg=AFQjaW9nZnFyQ05EdFZJ Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: khd.nwzhi.com Connection: Keep-Alive

URI

HTTP数据

URL专业沙箱检测 -> http://khd.nwzhi.com/khd_nwzhi_start.dll?v=201801220416

GET /khd_nwzhi_start.dll?v=201801220416 HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&ved=0CCEQfjWVp5RlZpZkNDQ0lYVUZoT3lqaXB2&url=http%3A%2F%2Fkhd.nwzhi.com%2Fkhd_nwzhi_start.dll%3Fv%3D201801220416&ei=UkR1dGFPUUREWEFU&usg=AFQjaW9nZnFyQ05EdFZJ
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: khd.nwzhi.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

文件名	RecoveryStore.{BB754F03-5CED-11E8-91CC-525400E1D82E}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BB754F03-5CED-11E8-91CC-525400E1D82E}.dat
文件大小	3584 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	d5fb5ecaf9bfbb758c8460d06b6f316c
SHA1	76c7ea8bde0fc17cc524ee479d98c1e818ac8965
SHA256	f5ecfa82b181af938bcaf7f7e887aa4809e06a5bedb3de8714f9d7b9aa77bec9
CRC32	C6430128
Ssdeep	12:rl0YmGF2trEg5+IaCrI017+FPDrEgmf+IaCy8qgQNlTqof5m0PlD0Pla40Pl:rIt5/AGv/TQNlWof5
	下载提交魔盾安全分析

文件名	down[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\down[1]
文件大小	3414 字节
文件类型	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5	555e83ce7f5d280d7454af334571fb25
SHA1	47f78f68d72e3d9041acc9107a6b0d665f408385
SHA256	70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
CRC32	9EA3279D
Ssdeep	96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe
	下载提交魔盾安全分析

文件名	MSIMGSIZ.DAT
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小	16384 字节
文件类型	data
MD5	133feee5310e20e4ba94e459bae8b3e4
SHA1	3683dd609fb29ed26d3f41f0f943914d29b6ffae
SHA256	7cbd32f4a41694695e78f9ac3af6fe2e8afca7dc966f7904fa498269572d68b6
CRC32	4F400BC6
Ssdeep	48:jGQhN7sXHWrVmqESaakad5PIy+9/8JrcVjdS6gPdY4z7el:CBXHbbSrka5PIL8mJdcPzz76
	下载提交魔盾安全分析

文件名	info_48[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\info_48[1]
文件大小	6993 字节
文件类型	PNG image data, 47 x 48, 8-bit/color RGBA, non-interlaced
MD5	49e0ef03e74704089a60c437085db89e
SHA1	c2e7ab3ce114465ea7060f2ef738afcb3341a384
SHA256	caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
CRC32	4C99540A
Ssdeep	192:NS0tKg9E05THXQJBCnFux5TsRfb+Y0ObhD9Uc7:LXE05UBCFAORfK9S7b7
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1	a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256	bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32	36F430F7
Ssdeep	384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
	下载提交魔盾安全分析

文件名	background_gradient[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\background_gradient[1]
文件大小	453 字节
文件类型	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
MD5	20f0110ed5e4e0d5384a496e4880139b
SHA1	51f5fc61d8bf19100df0f8aadaa57fcd9c086255
SHA256	1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
CRC32	C2D0CE77
Ssdeep	6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi
	下载提交魔盾安全分析

文件名	ErrorPageTemplate[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[1]
文件大小	2226 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	9e7f4ae3f245c70af5b7dbe095647d30
SHA1	cbcffb08f72c10e3e2493ca0044872a7ebdc7215
SHA256	2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df
CRC32	08BB8CA5
Ssdeep	48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:07:12 查看分析报告
	下载提交魔盾安全分析

文件名	bullet[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\bullet[1]
文件大小	3169 字节
文件类型	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5	0c4c086dd852704e8eeb8ff83e3b73d1
SHA1	56bac3d2c88a83628134b36322e37deb6b00b1a1
SHA256	1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
CRC32	51CC83D9
Ssdeep	48:VocieftI9G9f6A+FIDOWu0lDl+gm7QyTtctIInQSy6IVpqlnBcOD2X+r0svw:VZ/I09Da01l+gmkyTt6Hk8nT2X+r0kw
	下载提交魔盾安全分析

文件名	{BB754F04-5CED-11E8-91CC-525400E1D82E}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB754F04-5CED-11E8-91CC-525400E1D82E}.dat
文件大小	4608 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	37aef41afcc08b671de317ce88057bbb
SHA1	f72574378c92983ef88551ba8380bcf3aa38b611
SHA256	f9974b089c5802e1ec61561abd548bcb005b301913cfa2a672122cf21561eb85
CRC32	7F65124D
Ssdeep	12:rlfFyrEgmfR16F0WrEgmfcB1qjNlYfOo3+/NlL9oAzAY3c:rWGKGTNljowNlpo8dc
	下载提交魔盾安全分析

文件名	errorPageStrings[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\errorPageStrings[1]
文件大小	1643 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	13216fa0f896b1b7c445fe9a54b5b998
SHA1	d343d35b45507640bc68487d4ad3afcb927ce950
SHA256	7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61
CRC32	3A14753A
Ssdeep	48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:07:57 查看分析报告
	下载提交魔盾安全分析

文件名	http_403[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\http_403[1]
文件大小	4542 字节
文件类型	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	5b60734d66bc3b523f2bc12c7bc06da2
SHA1	e2648a430a93302108bc072e10f3fbcd0f177377
SHA256	e15547a2e90df54a2b9240411ee76118978d0487f199bca6a9410822656ac7e6
CRC32	1AC524C9
Ssdeep	48:upUwQV4VOBXvLM5ZIPTC5sU1a5TIm7n3GFEUKGuc1kpTcuKmFXiTr:ugpg5ZQws7B36HgAuBoTr
	下载提交魔盾安全分析

文件名	httpErrorPagesScripts[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\httpErrorPagesScripts[1]
文件大小	8601 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5	e7ca76a3c9ee0564471671d500e3f0f3
SHA1	fe815ae0f865ec4c26e421bf0bd21bb09bc6f410
SHA256	58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
CRC32	A7C34EF3
Ssdeep	192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:05:24 查看分析报告
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 33.481 seconds )

20.628 NetworkAnalysis
7.858 Suricata
2.18 Static
1.227 VirusTotal
0.988 BehaviorAnalysis
0.457 AnalysisInfo
0.089 Dropped
0.052 Debug
0.002 Memory

Signatures ( 2.498 seconds )

1.354 md_url_bl
0.562 md_bad_drop
0.127 antiav_detectreg
0.047 stealth_timeout
0.045 infostealer_ftp
0.035 api_spamming
0.029 antivm_generic_scsi
0.026 antianalysis_detectreg
0.026 infostealer_im
0.014 antivm_generic_services
0.014 stealth_file
0.014 infostealer_mail
0.014 md_domain_bl
0.008 antiav_detectfile
0.008 geodo_banking_trojan
0.007 betabot_behavior
0.007 mimics_filetime
0.007 antivm_generic_disk
0.006 kibex_behavior
0.006 persistence_autorun
0.006 vawtrak_behavior
0.006 antivm_parallels_keys
0.006 antivm_xen_keys
0.006 darkcomet_regkeys
0.006 infostealer_bitcoin
0.005 antiemu_wine_func
0.005 virus
0.004 bootkit
0.004 infostealer_browser_password
0.004 antidbg_windows
0.004 kovter_behavior
0.004 antivm_generic_diskreg
0.004 ransomware_extensions
0.004 ransomware_files
0.003 andromeda_behavior
0.003 hancitor_behavior
0.003 antivm_vbox_libs
0.003 antivm_vbox_files
0.003 recon_fingerprint
0.002 tinba_behavior
0.002 rat_nanocore
0.002 antiav_avast_libs
0.002 injection_createremotethread
0.002 Locky_behavior
0.002 cryptowall_behavior
0.002 antisandbox_productid
0.002 antivm_xen_keys
0.002 antivm_hyperv_keys
0.002 antivm_vbox_acpi
0.002 antivm_vbox_keys
0.002 antivm_vmware_keys
0.002 antivm_vpc_keys
0.002 bypass_firewall
0.002 disables_browser_warn
0.002 network_torgateway
0.002 packer_armadillo_regkey
0.001 network_tor
0.001 rat_luminosity
0.001 stack_pivot
0.001 dridex_behavior
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 dyre_behavior
0.001 shifu_behavior
0.001 exec_crash
0.001 antivm_vmware_events
0.001 cerber_behavior
0.001 injection_runpe
0.001 antidbg_devices
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 browser_security
0.001 ie_martian_children
0.001 modify_uac_prompt
0.001 rat_pcclient
0.001 recon_programs

Reporting ( 0.423 seconds )

0.423 ReportHTMLSummary


Task ID	162326
Mongo ID	5b02b43ea093ef7998134ec4
Cuckoo release	1.4-Maldun