恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-4	2019-07-21 11:24:06	2019-07-21 11:27:16	190 秒

魔盾分数

0.775

正常的

文件详细信息

文件名	www.eyy5.cn
文件大小	102003 字节
文件类型	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
MD5	36ca8ac81f341ec5a7b1dddf00b89eee
SHA1	7034e88d661a9bf2d6728559f02716325df03b4d
SHA256	e2df2955a262003eabe1a6409e982f04fc0ee5425696dcd39e7d94534401633e
SHA512	48d3c2a476906dc6117f9f67487bf77f340027971b3bbfcf02826fd72fd9b2acf0a00d35f31bc13d139ed630fa77f87e75a4718094a4d36d0ad935f6cdc04eda
CRC32	156401F4
Ssdeep	1536:S8HEqPJRK92GYjtWGhJzta4g1uOqwEkRlfmWcOsL:S8W9fuL
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

没有可用的屏幕截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	111.67.195.176	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.eyy5.cn	A 111.67.195.176
img.eyy5.cn	未知

摘要

登录查看详细行为信息

没有可用的静态分析.

没有防病毒引擎扫描信息!

iexplore.exe, PID: 2960, 上一级进程 PID: 2324

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	111.67.195.176	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.204	49160	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49161	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49162	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49163	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49164	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49165	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49166	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49167	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49168	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49169	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49170	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49171	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49172	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49173	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49174	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49175	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49176	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49177	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49178	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49179	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49180	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49181	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49182	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49183	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49184	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49185	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49186	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49187	111.67.195.176 www.eyy5.cn	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.204	54704	192.168.122.1	53
192.168.122.204	56990	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
www.eyy5.cn	A 111.67.195.176
img.eyy5.cn	未知

TCP

源地址	源端口	目标地址	目标端口
192.168.122.204	49160	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49161	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49162	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49163	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49164	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49165	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49166	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49167	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49168	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49169	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49170	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49171	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49172	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49173	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49174	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49175	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49176	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49177	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49178	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49179	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49180	111.67.195.176 www.eyy5.cn	80
192.168.122.204	49181	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49182	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49183	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49184	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49185	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49186	111.67.195.176 www.eyy5.cn	443
192.168.122.204	49187	111.67.195.176 www.eyy5.cn	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.204	54704	192.168.122.1	53
192.168.122.204	56990	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://img.eyy5.cn/block/36/36a9f75e4be9681bb0a35c5790f457af.jpg	GET /block/36/36a9f75e4be9681bb0a35c5790f457af.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/51/51198606eba38b38cafb49b2b1cb635b.jpg	GET /block/51/51198606eba38b38cafb49b2b1cb635b.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/e8/e80c1fc0fa3f126fa2d2c044b6469416.jpg	GET /block/e8/e80c1fc0fa3f126fa2d2c044b6469416.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/b1/b16a28edce6cefbb6af03f930c2cbb08.jpg	GET /block/b1/b16a28edce6cefbb6af03f930c2cbb08.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/dd/dd3a7f3e5756c7ee4c6a8a74ca1f7104.jpg	GET /block/dd/dd3a7f3e5756c7ee4c6a8a74ca1f7104.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/d6/d6017eacf5c8d28f8c16f5bae02c3e9e.jpg	GET /block/d6/d6017eacf5c8d28f8c16f5bae02c3e9e.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/4b/4bce767d1bbc7f66be37cf4990ebbdde.jpg	GET /block/4b/4bce767d1bbc7f66be37cf4990ebbdde.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/4a/4a38f66ad75fe66c5e4cadb0a61a8503.jpg	GET /block/4a/4a38f66ad75fe66c5e4cadb0a61a8503.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/d9/d922c17032008da6299d1c5b5c370076.jpg	GET /block/d9/d922c17032008da6299d1c5b5c370076.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://img.eyy5.cn/block/4c/4c9cf4b82d8cbf76ec0b6c77bc721c35.jpg	GET /block/4c/4c9cf4b82d8cbf76ec0b6c77bc721c35.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: img.eyy5.cn Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2019-07-21 11:27:10.595579+0800	192.168.122.204	49160	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f
2019-07-21 11:27:10.603118+0800	192.168.122.204	49163	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f
2019-07-21 11:27:10.603351+0800	192.168.122.204	49162	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f
2019-07-21 11:27:10.603972+0800	192.168.122.204	49161	111.67.195.176	443	TLS 1.2	C=CN, O=TrustAsia Technologies, Inc., OU=Domain Validated SSL, CN=TrustAsia TLS RSA CA	CN=eyy5.cn	57:ab:50:8a:4b:a5:20:ab:f5:40:4c:32:8d:3b:03:be:56:4c:04:0f

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 31.095 seconds )

16.404 Suricata
12.182 NetworkAnalysis
1.634 VirusTotal
0.623 TargetInfo
0.19 Strings
0.048 AnalysisInfo
0.007 Static
0.004 BehaviorAnalysis
0.003 Memory

Signatures ( 2.402 seconds )

2.258 md_url_bl
0.025 md_domain_bl
0.017 antiav_detectreg
0.008 infostealer_ftp
0.007 anomaly_persistence_autorun
0.007 antiav_detectfile
0.006 geodo_banking_trojan
0.006 network_http
0.006 ransomware_files
0.005 infostealer_im
0.005 ransomware_extensions
0.004 infostealer_bitcoin
0.004 network_cnc_http
0.003 tinba_behavior
0.003 antianalysis_detectreg
0.003 antivm_vbox_files
0.003 disables_browser_warn
0.003 infostealer_mail
0.003 network_torgateway
0.002 rat_nanocore
0.002 cerber_behavior
0.002 browser_security
0.002 modify_proxy
0.002 md_bad_drop
0.001 betabot_behavior
0.001 ursnif_behavior
0.001 kibex_behavior
0.001 shifu_behavior
0.001 antianalysis_detectfile
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 malicious_drop_executable_file_to_temp_folder
0.001 maldun_network_blacklist
0.001 stealth_modify_uac_prompt

Reporting ( 0.905 seconds )

0.822 ReportHTMLSummary
0.083 Malheur


Task ID	339415
Mongo ID	5d33dbbe2f8f2e4ea0fc15fe
Cuckoo release	1.4-Maldun