恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp01-1	2018-07-19 15:40:23	2018-07-19 15:42:43	140 秒

魔盾分数

3.2

可疑的

URL详细信息

URL
URL专业沙箱检测 -> http://t.ie.2345.com/wangpai/index.php

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	122.226.166.48	中国
是	23.48.32.88	美国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
t.ie.2345.com	A 122.226.166.50 A 122.226.166.52 A 122.226.166.48 A 122.226.166.49

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: shang hai
City: shanghai
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    2345.COM
    2345.com
Creation Date:
    1998-01-19 05:00:00
Updated Date:
    2018-01-10 03:52:45
Expiration Date:
    2027-01-18 05:00:00
Email(s):
    DomainAbuse@service.aliyun.com

Registrar(s):
    HiChina Zhicheng Technology Ltd.
Name Server(s):
    DNS1.KABASIJI.COM
    DNS2.KABASIJI.COM
    DNS3.50BANG.ORG
    DNS4.50BANG.ORG
Referral URL(s):
    None

防病毒引擎/厂商	网站安全分析
CLEAN MX	Clean Site
DNS8	Clean Site
VX Vault	Clean Site
ZDB Zeus	Clean Site
SCUMWARE_org	Clean Site
Netcraft	Unrated Site
desenmascara_me	Clean Site
CyRadar	Clean Site
PhishLabs	Unrated Site
Zerofox	Clean Site
K7AntiVirus	Clean Site
Virusdie External Site Scan	Clean Site
Spamhaus	Clean Site
Quttera	Clean Site
AegisLab WebGuard	Clean Site
MalwareDomainList	Clean Site
ZeusTracker	Clean Site
zvelo	Malicious Site
Google Safebrowsing	Clean Site
Kaspersky	Clean Site
BitDefender	Clean Site
Certly	Clean Site
G-Data	Clean Site
OpenPhish	Clean Site
Malware Domain Blocklist	Clean Site
MalwarePatrol	Clean Site
Webutation	Clean Site
Trustwave	Clean Site
Web Security Guard	Clean Site
Dr_Web	Clean Site
ADMINUSLabs	Clean Site
Malwarebytes hpHosts	Clean Site
Opera	Clean Site
AlienVault	Clean Site
Emsisoft	Clean Site
Rising	Clean Site
Malc0de Database	Clean Site
Spam404	Clean Site
BADWARE_INFO	Clean Site
Malwared	Clean Site
Avira	Clean Site
NotMining	Unrated Site
CyberCrime	Clean Site
Antiy-AVL	Clean Site
Forcepoint ThreatSeeker	Clean Site
FraudSense	Clean Site
malwares_com URL checker	Clean Site
Comodo Site Inspector	Clean Site
Malekal	Clean Site
ESET	Clean Site
Sophos	Unrated Site
Yandex Safebrowsing	Clean Site
SecureBrain	Clean Site
Phishtank	Clean Site
Sucuri SiteCheck	Clean Site
Blueliv	Clean Site
Nucleon	Clean Site
ZCloudsec	Clean Site
AutoShun	Unrated Site
ThreatHive	Clean Site
FraudScore	Clean Site
Tencent	Clean Site
URLQuery	Clean Site
StopBadware	Unrated Site
Fortinet	Clean Site
ZeroCERT	Clean Site
Baidu-International	Clean Site
securolytics	Clean Site

进程树

iexplore.exe id: 1788
- iexplore.exe id: 2252

iexplore.exe, PID: 1788, 上一级进程 PID: 1872

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

iexplore.exe, PID: 2252, 上一级进程 PID: 1788

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	122.226.166.48	中国
是	23.48.32.88	美国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	122.226.166.48 t.ie.2345.com	80
192.168.122.201	49161	122.226.166.48 t.ie.2345.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
t.ie.2345.com	A 122.226.166.50 A 122.226.166.52 A 122.226.166.48 A 122.226.166.49

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	122.226.166.48 t.ie.2345.com	80
192.168.122.201	49161	122.226.166.48 t.ie.2345.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	52966	192.168.122.1	53
192.168.122.201	60990	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://t.ie.2345.com/wangpai/index.php	GET /wangpai/index.php HTTP/1.1 Accept: / Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&ved=0CCEQfjZFp3dUljYmVKZGNPelBFZnFLQlhO&url=http%3A%2F%2Ft.ie.2345.com%2Fwangpai%2Findex.php&ei=cHRzWnZGd1JUQ2ps&usg=AFQjSG9JWGpCa0NVYkV0 Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: t.ie.2345.com Connection: Keep-Alive
URL专业沙箱检测 -> http://t.ie.2345.com/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: t.ie.2345.com Connection: Keep-Alive

URI

HTTP数据

URL专业沙箱检测 -> http://t.ie.2345.com/wangpai/index.php

GET /wangpai/index.php HTTP/1.1
Accept: */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&ved=0CCEQfjZFp3dUljYmVKZGNPelBFZnFLQlhO&url=http%3A%2F%2Ft.ie.2345.com%2Fwangpai%2Findex.php&ei=cHRzWnZGd1JUQ2ps&usg=AFQjSG9JWGpCa0NVYkV0
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: t.ie.2345.com
Connection: Keep-Alive

URL专业沙箱检测 -> http://t.ie.2345.com/favicon.ico

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: t.ie.2345.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018071920180720\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	5fcc5d1b2881fe5700d0a2eb7c9589ed
SHA1	bed603a99dc6cb2c744b73cb144cdc9891ad6902
SHA256	c314fe4e3e677cdf3ec16feced070186b13b49b5be8f11880c81df01b1be58c4
CRC32	26827C2A
Ssdeep	6:qjyxXKCet3o5y/5FuXvUylfL1iFqHar3UnBFuXvUylhZXiM:qjR7t3oCOM2jj6r3COM2b
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
文件大小	65536 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0ee0d92f5ad9cd4d354a120734ae8e5e
SHA1	a3d2338356b933a1240f053b89efe7f1b5e63353
SHA256	bd15c1573c53ac40e26c307c00be243ace57eb5fd0d2879349b24832d2e7a771
CRC32	36F430F7
Ssdeep	384:wEEG/+oo0M7hPfdoW7QRyUEZeluUFyvp64PBhqNLguX3/5YSHYjitk9t7sub/2Iw:wEEG/+Rg
	下载提交魔盾安全分析

文件名	RecoveryStore.{FF54A6A3-8B26-11E8-912A-5254001C66F4}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FF54A6A3-8B26-11E8-912A-5254001C66F4}.dat
文件大小	3584 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	f8c5b9b35854a5302b31db22d862e7b7
SHA1	412807e15485978646323d419fc2a1ae67b3b6ae
SHA256	8e0666dc3f642d31acbf6a914d74f2127042ea0fa6943b722a99565b90fe41c0
CRC32	0F6F5C08
Ssdeep	12:rl0YmGF26OrEg5+IaCrI017+FNsDrEgmf+IaCy8qgQNlTqo3lHzT:rI6O5/SYGv/TQNlWod
	下载提交魔盾安全分析

文件名	favicon[1].ico
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\favicon[1].ico
文件大小	0 字节
文件类型	empty
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
CRC32	00000000
Ssdeep	3::
魔盾安全分析结果	6.0 分析时间：2016-05-08 17:55:55 查看分析报告

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	0aee387ca0a52dcdd8f8a29ea76edb42
SHA1	5df81547dcadb2a7b8bc689da8e1383ba1a84cb9
SHA256	c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e
CRC32	B451CA0B
Ssdeep	12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ
魔盾安全分析结果	2.0 分析时间：2016-11-06 20:10:20 查看分析报告
	下载提交魔盾安全分析

文件名	{FF54A6A4-8B26-11E8-912A-5254001C66F4}.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF54A6A4-8B26-11E8-912A-5254001C66F4}.dat
文件大小	4608 字节
文件类型	Composite Document File V2 Document, Cannot read section info
MD5	3d3730eee3ebfda87f9abe2735fe43f3
SHA1	ff8c63d1a182ca99e8eb69eb5c90e21f4ab0a2f6
SHA256	3fbc5d850e94f2929e0ef5469ebbd6f460d5fb4780d374c1008747f50b558d7c
CRC32	F0415C06
Ssdeep	12:rlfFJrrEgmfR16FgkCYrEgmfp1qjNlYfOo3+/Nlr9ord:rRGeCYGsNljowNlJo
	下载提交魔盾安全分析

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 32.637 seconds )

11.075 VirusTotal
8.737 Suricata
8.718 NetworkAnalysis
2.81 Static
1.08 BehaviorAnalysis
0.192 AnalysisInfo
0.021 Dropped
0.002 Debug
0.002 Memory

Signatures ( 1.891 seconds )

1.234 md_url_bl
0.131 antiav_detectreg
0.056 stealth_timeout
0.047 infostealer_ftp
0.041 api_spamming
0.033 antivm_generic_scsi
0.032 md_bad_drop
0.027 antianalysis_detectreg
0.026 infostealer_im
0.022 stealth_file
0.016 antivm_generic_services
0.015 infostealer_mail
0.009 antivm_generic_disk
0.008 mimics_filetime
0.008 antiav_detectfile
0.008 geodo_banking_trojan
0.007 betabot_behavior
0.007 kibex_behavior
0.007 vawtrak_behavior
0.007 md_domain_bl
0.006 antiemu_wine_func
0.006 persistence_autorun
0.006 virus
0.006 antivm_parallels_keys
0.006 antivm_xen_keys
0.006 darkcomet_regkeys
0.005 bootkit
0.005 kovter_behavior
0.005 infostealer_bitcoin
0.004 infostealer_browser_password
0.004 antidbg_windows
0.004 antivm_generic_diskreg
0.004 ransomware_files
0.004 recon_fingerprint
0.003 andromeda_behavior
0.003 hancitor_behavior
0.003 injection_createremotethread
0.003 antivm_vbox_libs
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 ransomware_extensions
0.002 tinba_behavior
0.002 rat_nanocore
0.002 antiav_avast_libs
0.002 dridex_behavior
0.002 Locky_behavior
0.002 injection_runpe
0.002 cryptowall_behavior
0.002 antisandbox_productid
0.002 antivm_xen_keys
0.002 antivm_hyperv_keys
0.002 antivm_vbox_acpi
0.002 antivm_vbox_keys
0.002 antivm_vmware_keys
0.002 antivm_vpc_keys
0.002 browser_security
0.002 bypass_firewall
0.002 network_torgateway
0.002 packer_armadillo_regkey
0.001 network_tor
0.001 rat_luminosity
0.001 stack_pivot
0.001 injection_explorer
0.001 antisandbox_sunbelt_libs
0.001 antisandbox_sboxie_libs
0.001 antiav_bitdefender_libs
0.001 dyre_behavior
0.001 shifu_behavior
0.001 exec_crash
0.001 antivm_vmware_events
0.001 cerber_behavior
0.001 antidbg_devices
0.001 antivm_generic_bios
0.001 antivm_generic_cpu
0.001 antivm_generic_system
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 ie_martian_children
0.001 modify_uac_prompt
0.001 recon_programs

Reporting ( 0.311 seconds )

0.311 ReportHTMLSummary


Task ID	171108
Mongo ID	5b50411dbb7d57488105b721
Cuckoo release	1.4-Maldun