恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-hpdapp01-1	2018-07-18 01:24:45	2018-07-18 01:27:28	163 秒

魔盾分数

0.05

正常的

URL详细信息

URL
URL专业沙箱检测 -> https://www.fangfangtv.com/play/

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	125.64.99.35	中国
否	192.35.177.64	美国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.fangfangtv.com	A 125.64.99.35 CNAME www.fangfangtv.com.a.bdydns.com CNAME opencdncloud.jomodns.com
apps.identrust.com	A 192.35.177.64 CNAME apps.digsigtrust.com

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: Registration Private
Country: US
State: Arizona
City: Scottsdale
ZIP Code: 85260
Address: DomainsByProxy.com

Orginization: Domains By Proxy, LLC
Domain Name(s):
    FANGFANGTV.COM
    fangfangtv.com
Creation Date:
    2017-06-25 03:29:47
Updated Date:
    2017-09-30 05:05:59
    2017-06-25 03:29:48
Expiration Date:
    2019-06-25 03:29:47
Email(s):
    abuse@godaddy.com
    fangfangtv.com@domainsbyproxy.com

Registrar(s):
    GoDaddy.com, LLC
Name Server(s):
    F1G1NS1.DNSPOD.NET
    F1G1NS2.DNSPOD.NET
Referral URL(s):
    None

没有防病毒引擎扫描信息!

进程树

iexplore.exe id: 2256
- iexplore.exe id: 2396

iexplore.exe, PID: 2256, 上一级进程 PID: 1520

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2396, 上一级进程 PID: 2256

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	125.64.99.35	中国
否	192.35.177.64	美国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	125.64.99.35 www.fangfangtv.com	443
192.168.122.201	49162	125.64.99.35 www.fangfangtv.com	443
192.168.122.201	49161	192.35.177.64 apps.identrust.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	57651	192.168.122.1	53
192.168.122.201	61453	192.168.122.1	53
192.168.122.201	65281	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.fangfangtv.com	A 125.64.99.35 CNAME www.fangfangtv.com.a.bdydns.com CNAME opencdncloud.jomodns.com
apps.identrust.com	A 192.35.177.64 CNAME apps.digsigtrust.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	125.64.99.35 www.fangfangtv.com	443
192.168.122.201	49162	125.64.99.35 www.fangfangtv.com	443
192.168.122.201	49161	192.35.177.64 apps.identrust.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	57651	192.168.122.1	53
192.168.122.201	61453	192.168.122.1	53
192.168.122.201	65281	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://apps.identrust.com/roots/dstrootcax3.p7c	GET /roots/dstrootcax3.p7c HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: apps.identrust.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2018-07-18 01:25:30.949046+0800	192.168.122.201	49162	125.64.99.35	443	TLS 1.2	C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3	CN=*.fangfangtv.com	8e:bb:11:d4:a9:b8:c9:8a:b2:e0:9d:0c:93:6a:b1:0d:1e:27:b0:01
2018-07-18 01:25:28.892100+0800	192.168.122.201	49160	125.64.99.35	443	TLS 1.2	C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3	CN=*.fangfangtv.com	8e:bb:11:d4:a9:b8:c9:8a:b2:e0:9d:0c:93:6a:b1:0d:1e:27:b0:01

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1	a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256	bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32	36F430F7
Ssdeep	384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
	下载提交魔盾安全分析

文件名	background_gradient_red[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\background_gradient_red[1]
文件大小	868 字节
文件类型	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x800, frames 3
MD5	337038e78cf3c521402fc7352bdd5ea6
SHA1	017eaf48983c31ae36b5de5de4db36bf953b3136
SHA256	fbc23311fb5eb53c73a7ca6bfc93e8fa3530b07100a128b4905f8fb7cb145b61
CRC32	C08DA614
Ssdeep	24:vk9YMW80o0XxDuLHeOWXG4OZ7DAJuLHenX36n8R0O3kwd2q:M9YM3uERAq8uyJdB
	下载提交魔盾安全分析

文件名	httpErrorPagesScripts[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\httpErrorPagesScripts[1]
文件大小	8601 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators
MD5	e7ca76a3c9ee0564471671d500e3f0f3
SHA1	fe815ae0f865ec4c26e421bf0bd21bb09bc6f410
SHA256	58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
CRC32	A7C34EF3
Ssdeep	192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:05:24 查看分析报告
	下载提交魔盾安全分析

文件名	invalidcert[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\invalidcert[1]
文件大小	4754 字节
文件类型	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	0f9f1ca3f50fbf885ca57019b99ba7b7
SHA1	22e3b33279e2aad973922839c2518898dbdeb3cf
SHA256	2af130e2ecc3c69f6fa7d78501aec8091a4a1ffd1212893c7b0faaf4a9622c2d
CRC32	0E642371
Ssdeep	48:R3WIysIprQU1YVPlSIXh1cns5PFkiGjUpgXowHMzhCFKiAQVu21kpD8VK6Atefc5:UJsUDls5PFkiGjUp4oW4XwVBkPs+/oLy
	下载提交魔盾安全分析

文件名	green_shield[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\green_shield[1]
文件大小	3501 字节
文件类型	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	254d388ce19d84a54fd44571e049e6a6
SHA1	51ca725642f679978f5880278e5cac5ca4f70fae
SHA256	c686babc034f53a24a1206019e958ba8fc879216fd7b6a4b972f188535341227
CRC32	265B0B9C
Ssdeep	96:5SDZ/I09Da01l+gmkyTt6Hk8nTkN9D6ZB+:5SDS0tKg9E05TkN92ZE
	下载提交魔盾安全分析

文件名	invalidcert[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\invalidcert[1]
文件大小	3127 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	b525b5b56443da423ca00841c1c06979
SHA1	0fb8c426efed05043a69221d0b021aacc39d141e
SHA256	81742eb16bc5d08b785e0569e1588616d81ee8e923e72243e553d14b503326a7
CRC32	27AD2EBC
Ssdeep	96:Si9yo3+bI1hDXxbLUh2XXyFyyU2vPMOggynJ+yVylcw:S8yo3+bI1hDBbLUh2XXyFyyU2vPMOggZ
	下载提交魔盾安全分析

文件名	E0F5C59F9FA661F6F4C50B87FEF3A15A
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
文件大小	212 字节
文件类型	data
MD5	aa80fc814993469cfa24ad4e231a1fb7
SHA1	753455cee7e283727504e41986fe3b8be5af8663
SHA256	0bc627e9ce8fc33169c3c2f41aec8aec781efb02de6766dabcd2c0d46a05a423
CRC32	679C7113
Ssdeep	3:kkFklD9N1k3/tfllXlE/islolzRkwWBARLNDU+ZMlKlBkvclcMlVn:kK1wloliBAIdQZVn
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

文件名	ErrorPageTemplate[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[1]
文件大小	2226 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	9e7f4ae3f245c70af5b7dbe095647d30
SHA1	cbcffb08f72c10e3e2493ca0044872a7ebdc7215
SHA256	2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df
CRC32	08BB8CA5
Ssdeep	48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:07:12 查看分析报告
	下载提交魔盾安全分析

文件名	E0F5C59F9FA661F6F4C50B87FEF3A15A
相关文件	C:\Users\test\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
文件大小	893 字节
文件类型	data
MD5	d4ae187b4574036c2d76b6df8a8c1a30
SHA1	b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256	a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
CRC32	1C31685D
Ssdeep	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
	下载提交魔盾安全分析

文件名	{50BF64E4-89E6-11E8-A5BE-5254008A4709}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{50BF64E4-89E6-11E8-A5BE-5254008A4709}.dat
文件大小	5632 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	a1df91d44257895123bd80c44fe57aed
SHA1	8f7fad234032451768d2978006968f7981e75ade
SHA256	3762835585c242ae32d99b8bf0e2b27b365aae1c86645202dc451d45584c4709
CRC32	1B6700B2
Ssdeep	24:rI9nYGp80WaGb2q9dyeq9dxaGbw7aG6TNl9ozaG39dD/jtkNl9ozaGsWaGLq8ln:ryYGPWaUBQJjacWa7ozaIt0oza/Wan0n
	下载提交魔盾安全分析

文件名	errorPageStrings[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\errorPageStrings[1]
文件大小	1643 字节
文件类型	UTF-8 Unicode (with BOM) text, with CRLF line terminators
MD5	13216fa0f896b1b7c445fe9a54b5b998
SHA1	d343d35b45507640bc68487d4ad3afcb927ce950
SHA256	7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61
CRC32	3A14753A
Ssdeep	48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc
魔盾安全分析结果	4.0 分析时间：2016-11-15 15:07:57 查看分析报告
	下载提交魔盾安全分析

文件名	RecoveryStore.{50BF64E3-89E6-11E8-A5BE-5254008A4709}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{50BF64E3-89E6-11E8-A5BE-5254008A4709}.dat
文件大小	3584 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	a8209027b7d7079a47fe603ac197dcfc
SHA1	ac0b50e079836f5ff76b3725236f0e0503af49f7
SHA256	3554c7e3d3ecabdc5cf6e13ba3313f62be0698c98a85a022987cffeff0b27a96
CRC32	76BC4EF6
Ssdeep	12:rl0YmGF2+srEg5+IaCrI017+FDsDrEgmf+IaCy8qgQNlTqoku:rIz5/oYGv/TQNlWo
	下载提交魔盾安全分析

文件名	red_shield[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\red_shield[1]
文件大小	3508 字节
文件类型	PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced
MD5	87de5d9a3403e1d7635885cbaa52389d
SHA1	50b32c5966331e3e27bef987fd1da0129423d348
SHA256	21d03f19c4b1c12db2feb8fb3a373d7e378976ecdfb64efb300204edc8947d3d
CRC32	15814E36
Ssdeep	96:5SDZ/I09Da01l+gmkyTt6Hk8nTzVcxkZFd/:5SDS0tKg9E05TJcxi
	下载提交魔盾安全分析

文件名	down[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\down[1]
文件大小	3414 字节
文件类型	PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced
MD5	555e83ce7f5d280d7454af334571fb25
SHA1	47f78f68d72e3d9041acc9107a6b0d665f408385
SHA256	70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880
CRC32	9EA3279D
Ssdeep	96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe
	下载提交魔盾安全分析

文件名	red_shield_48[1]
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\red_shield_48[1]
文件大小	7005 字节
文件类型	PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced
MD5	f413dd8a75b81a154a1fd5e4c4a0a782
SHA1	667f7e3da51ca3417a1feb66d238466423c9487d
SHA256	f2afc04a24c9d89d3c2f0d73f8cd6fb6b65adbe333196c3f99cc7d6868847ceb
CRC32	D96BDACF
Ssdeep	192:8SDS0tKg9E05Tz045xhOwZtbiFHsrC3rlTqpHbW:7JXE05d5xhOwtGsSTqpHC
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 20.154 seconds )

11.935 Suricata
3.101 NetworkAnalysis
1.716 VirusTotal
1.457 Static
1.437 BehaviorAnalysis
0.31 AnalysisInfo
0.156 Dropped
0.039 Debug
0.003 Memory

Signatures ( 3.956 seconds )

2.035 md_url_bl
0.845 md_bad_drop
0.226 antiav_detectreg
0.085 stealth_timeout
0.085 infostealer_ftp
0.062 api_spamming
0.051 infostealer_im
0.047 antianalysis_detectreg
0.046 antivm_generic_scsi
0.029 infostealer_mail
0.025 stealth_file
0.023 antivm_generic_services
0.019 md_domain_bl
0.016 antiav_detectfile
0.014 antivm_generic_disk
0.014 geodo_banking_trojan
0.013 mimics_filetime
0.012 betabot_behavior
0.012 kibex_behavior
0.012 vawtrak_behavior
0.011 antivm_parallels_keys
0.011 antivm_xen_keys
0.011 darkcomet_regkeys
0.011 infostealer_bitcoin
0.01 persistence_autorun
0.009 antiemu_wine_func
0.009 bootkit
0.009 virus
0.008 kovter_behavior
0.008 antivm_generic_diskreg
0.007 infostealer_browser_password
0.007 antidbg_windows
0.007 ransomware_extensions
0.007 ransomware_files
0.007 recon_fingerprint
0.006 andromeda_behavior
0.006 hancitor_behavior
0.006 antivm_vbox_files
0.005 antivm_vbox_libs
0.004 dridex_behavior
0.004 Locky_behavior
0.004 antisandbox_productid
0.004 antivm_hyperv_keys
0.004 antivm_vbox_keys
0.004 antivm_vmware_keys
0.004 disables_browser_warn
0.003 tinba_behavior
0.003 rat_nanocore
0.003 antiav_avast_libs
0.003 injection_createremotethread
0.003 antivm_vmware_events
0.003 cryptowall_behavior
0.003 antivm_xen_keys
0.003 antivm_vbox_acpi
0.003 antivm_vpc_keys
0.003 browser_security
0.003 bypass_firewall
0.003 network_torgateway
0.003 packer_armadillo_regkey
0.002 network_tor
0.002 stack_pivot
0.002 antisandbox_sunbelt_libs
0.002 antisandbox_sboxie_libs
0.002 antiav_bitdefender_libs
0.002 dyre_behavior
0.002 shifu_behavior
0.002 exec_crash
0.002 cerber_behavior
0.002 injection_runpe
0.002 antidbg_devices
0.002 antivm_generic_bios
0.002 antivm_generic_cpu
0.002 antivm_generic_system
0.002 recon_programs
0.001 hawkeye_behavior
0.001 persistence_bootexecute
0.001 rat_luminosity
0.001 antivm_vmware_libs
0.001 virtualcheck_js
0.001 antivm_vbox_window
0.001 sets_autoconfig_url
0.001 stealth_network
0.001 modifies_desktop_wallpaper
0.001 kazybot_behavior
0.001 heapspray_js
0.001 ursnif_behavior
0.001 ispy_behavior
0.001 antianalysis_detectfile
0.001 antivm_vmware_files
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 codelux_behavior
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 ie_martian_children
0.001 maldun_blacklist
0.001 modify_security_center_warnings
0.001 modify_uac_prompt
0.001 office_security
0.001 rat_pcclient
0.001 rat_spynet
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications
0.001 targeted_flame
0.001 whois_create

Reporting ( 0.585 seconds )

0.585 ReportHTMLSummary


Task ID	170825
Mongo ID	5b4e27202e063307d4338e94
Cuckoo release	1.4-Maldun