恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-shaapp01-1	2019-07-21 11:24:03	2019-07-21 11:24:27	24 秒

魔盾分数

0.775

正常的

文件详细信息

文件名	www.eyy5.cn
文件大小	102003 字节
文件类型	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	1b7213d0634d97100d78ac48704af730
SHA1	ae12af36c9387a4915996b4b4d9d1b170e362650
SHA256	5363604683041d434a7c4fa12d0183736e242706271b7cafa53e387c4204f2a5
SHA512	41b6401a954fed21ddd3277ec75dd6081d18afa8605a65aaa31c73f17cd7851cee35fdfeb655987287c063a9045786ed7144215217ab21fb3a90fa1791d83de5
CRC32	8D7D365C
Ssdeep	1536:S8HEqPJRK92GYjtWGhJzta4g1uOqwEkRlfmWcOs2:S8W9fu2
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	111.67.195.176	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.eyy5.cn	A 111.67.195.176
img.eyy5.cn

摘要

登录查看详细行为信息

没有可用的静态分析.

没有防病毒引擎扫描信息!

iexplore.exe, PID: 2656, 上一级进程 PID: 2320

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	111.67.195.176	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49161	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49162	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49163	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49164	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49165	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49166	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49167	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49168	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49169	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49170	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49171	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49172	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49173	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49174	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49175	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49176	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49177	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49178	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49179	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49180	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49181	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49182	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49183	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49184	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49185	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49186	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49187	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49188	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49189	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49190	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49191	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49192	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49193	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49194	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49195	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49196	111.67.195.176 www.eyy5.cn	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59968	192.168.122.1	53
192.168.122.201	62882	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.eyy5.cn	A 111.67.195.176
img.eyy5.cn

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	49160	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49161	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49162	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49163	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49164	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49165	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49166	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49167	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49168	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49169	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49170	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49171	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49172	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49173	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49174	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49175	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49176	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49177	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49178	111.67.195.176 www.eyy5.cn	80
192.168.122.201	49179	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49180	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49181	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49182	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49183	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49184	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49185	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49186	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49187	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49188	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49189	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49190	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49191	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49192	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49193	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49194	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49195	111.67.195.176 www.eyy5.cn	443
192.168.122.201	49196	111.67.195.176 www.eyy5.cn	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	59968	192.168.122.1	53
192.168.122.201	62882	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://img.eyy5.cn/block/d9/d922c17032008da6299d1c5b5c370076.jpg	GET /block/d9/d922c17032008da6299d1c5b5c370076.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/d6/d6017eacf5c8d28f8c16f5bae02c3e9e.jpg	GET /block/d6/d6017eacf5c8d28f8c16f5bae02c3e9e.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/e8/e80c1fc0fa3f126fa2d2c044b6469416.jpg	GET /block/e8/e80c1fc0fa3f126fa2d2c044b6469416.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/36/36a9f75e4be9681bb0a35c5790f457af.jpg	GET /block/36/36a9f75e4be9681bb0a35c5790f457af.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/4c/4c9cf4b82d8cbf76ec0b6c77bc721c35.jpg	GET /block/4c/4c9cf4b82d8cbf76ec0b6c77bc721c35.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/b1/b16a28edce6cefbb6af03f930c2cbb08.jpg	GET /block/b1/b16a28edce6cefbb6af03f930c2cbb08.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/4b/4bce767d1bbc7f66be37cf4990ebbdde.jpg	GET /block/4b/4bce767d1bbc7f66be37cf4990ebbdde.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/4a/4a38f66ad75fe66c5e4cadb0a61a8503.jpg	GET /block/4a/4a38f66ad75fe66c5e4cadb0a61a8503.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/51/51198606eba38b38cafb49b2b1cb635b.jpg	GET /block/51/51198606eba38b38cafb49b2b1cb635b.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/21/215fcb73cb34781cde044fc800cf45ec.jpg	GET /block/21/215fcb73cb34781cde044fc800cf45ec.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/4b/4b16cbc4b53fd09a6dd2c2e39d137d57.jpg	GET /block/4b/4b16cbc4b53fd09a6dd2c2e39d137d57.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/f0/f012078256bfa4c2855660556b42d694.jpg	GET /block/f0/f012078256bfa4c2855660556b42d694.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/a3/a3192e6836504c22020e2de6c0261980.jpg	GET /block/a3/a3192e6836504c22020e2de6c0261980.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2019-07-21 11:24:18.122626+0800	192.168.122.201	49160	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f
2019-07-21 11:24:18.298286+0800	192.168.122.201	49164	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f
2019-07-21 11:24:18.235641+0800	192.168.122.201	49161	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f
2019-07-21 11:24:18.232426+0800	192.168.122.201	49163	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f
2019-07-21 11:24:18.298122+0800	192.168.122.201	49162	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f
2019-07-21 11:24:18.298031+0800	192.168.122.201	49165	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 30.673 seconds )

15.241 NetworkAnalysis
9.547 Suricata
5.24 VirusTotal
0.475 TargetInfo
0.138 Strings
0.017 AnalysisInfo
0.006 Static
0.005 BehaviorAnalysis
0.004 Memory

Signatures ( 1.652 seconds )

1.535 md_url_bl
0.019 md_domain_bl
0.016 antiav_detectreg
0.009 anomaly_persistence_autorun
0.007 antiav_detectfile
0.006 infostealer_ftp
0.005 geodo_banking_trojan
0.005 network_http
0.004 ransomware_extensions
0.004 ransomware_files
0.003 tinba_behavior
0.003 rat_nanocore
0.003 antianalysis_detectreg
0.003 disables_browser_warn
0.003 infostealer_bitcoin
0.003 infostealer_im
0.002 cerber_behavior
0.002 antivm_vbox_files
0.002 browser_security
0.002 infostealer_mail
0.002 md_bad_drop
0.002 network_torgateway
0.001 betabot_behavior
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antivm_parallels_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 modify_proxy
0.001 network_cnc_http
0.001 stealth_modify_uac_prompt

Reporting ( 0.58 seconds )

0.58 ReportHTMLSummary


Task ID	339414
Mongo ID	5d33db10bb7d5770cf3b7edc
Cuckoo release	1.4-Maldun