比较分析...

分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-hpdapp01-4 2019-08-19 19:34:24 2019-08-19 19:43:09 525 秒

魔盾分数

10.0

危险的

文件详细信息

文件名 ZSsafe.exe
文件大小 3213573 字节
文件类型 PE32 executable (GUI) Intel 80386, for MS Windows
MD5 78cc1fbaa1a89984591c90218e9d8806
SHA1 400d6f503ba76129e9d2f9fe77c65f6cceb24f47
SHA256 c1f8a2be52e1739a4d8475f97f73daeae71af56bcd5bf468862b38b5f7e4a10b
SHA512 6e6c223906cd59206f28dbbfc28c52c955efe606ce51e330c6c79dda233d0779f0e806a117b298271be4f43f1c4148f7094ab0a92312e20486f9b028f356feef
CRC32 B6815DA2
Ssdeep 49152:7fkH7Ag+ZNBaX5FvI6zZDQ6Y3eqa3rpq9nBmuT+xahqg2ryR7KmBS2RBokBF45ck:Dr9aX5l83f0rcBtTUao7yq27okBa5oA
Yara 登录查看Yara规则
样本下载 提交误报
登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.227.102.88 中国
122.114.130.31 中国
123.58.180.101 中国
123.58.180.39 中国
125.88.182.231 中国
36.27.212.88 中国
47.52.160.236 加拿大

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
mojunxie521.blog.163.com A 123.58.180.101
A 123.58.180.39
blog.163.com
www.mojunxie.win CNAME cp.renzhijia.com
A 47.52.160.236
CNAME s4769071.my-cp-cdn.aikeba.com
error.kangleweb.net CNAME kangleweb.net.wddun.com
A 125.88.182.231
A 183.60.107.20
2018k.cn 未知 CNAME 94907bf79bf1e6e6.360wzws.com
A 36.27.212.88
b.bst.126.net 未知 A 61.164.210.206
CNAME dd.bst.126.net.lxdns.com
A 101.227.102.88
yuanlin.6600.org 未知 A 122.114.130.31

摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x00401000
声明校验值 0x00000000
实际校验值 0x00315d2c
最低操作系统版本要求 4.0
编译时间 1972-12-25 13:33:23
载入哈希 469b1bae2575baede5bf1f06a01b4767

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.UPX1 0x00001000 0x001c6000 0x00000200 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 1.36
.UPX1 0x001c7000 0x0014ca75 0x001485b3 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 7.88

覆盖

偏移量 0x0030e791
大小 0x00002174

导入

库: kernel32.dll:
0x70e79e LoadLibraryA
0x70e7a2 GetProcAddress
0x70e7a6 VirtualAlloc
0x70e7aa VirtualProtect
0x70e7ae VirtualFree
0x70e7b2 GetModuleHandleA
.UPX1
`.UPX1
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security></trustInfo></assembly>
)4T[h2
oI>28
D^b{(
,:4QV@
Im.ge
vr0pcR
zK9!w
psyh1-b
3!7^@`_/
sr9xu 'v
QxcTS
o793%
e@uB+
#&n0v
[ZS:+?
_u>{#
|UWs9
Wt;C4
/y72-
U# >1
Fqc<7
jn26&
Nu?@&Z
N#p}^
)_WZns
4 UZ?
@}82:
q@@TD
K6}-*:[1
+kdnl5
,meyL
'$qAa
u`Q8M
,3r=[O
_%v4=
Po@(Ns
B~2Mx
/Ya_3
p~/5{?
`c{t&
N=<Zs|
v:/2|
Y\@LP/b
B/^z3
S=QyF
ajJl;
j{V%Q
MN]vt
]`v {
j1*2aW
[/0_G
#i;kn
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.1.6.8
FileDescription
ProductName
ZSsafe
ProductVersion
1.1.6.8
CompanyName
LegalCopyright
Comments
(http://www.eyuyan.com)
VarFileInfo
Translation
防病毒引擎/厂商 病毒名/规则匹配 病毒库日期
Bkav 未发现病毒 20190815
MicroWorld-eScan Trojan.GenericKD.41522303 20190816
CMC 未发现病毒 20190321
CAT-QuickHeal Backdoor.FlyAgent 20190814
Qihoo-360 未发现病毒 20190816
McAfee Artemis!78CC1FBAA1A8 20190815
Cylance Unsafe 20190816
AegisLab Trojan.Win32.Malicious.4!c 20190816
K7AntiVirus Adware ( 004b8bcf1 ) 20190814
Alibaba Backdoor:Win32/Inject.c6900bd2 20190527
K7GW Adware ( 004b8bcf1 ) 20190814
CrowdStrike win/malicious_confidence_90% (W) 20190212
Baidu 未发现病毒 20190318
F-Prot W32/RLPacked.B.gen!Eldorado 20190816
Symantec Trojan.Gen.6 20190816
ESET-NOD32 a variant of Win32/Packed.FlyStudio potentially unwanted 20190816
APEX Malicious 20190813
Paloalto generic.ml 20190816
ClamAV 未发现病毒 20190815
GData Win32.Application.PUPStudio.A 20190816
Kaspersky Trojan.Win32.Inject.alxmo 20190815
BitDefender Trojan.GenericKD.41522303 20190816
NANO-Antivirus Trojan.Win32.Inject.fvbvcr 20190816
SUPERAntiSpyware 未发现病毒 20190809
Rising PUF.Hacktool!1.B2A6 (CLASSIC) 20190815
Endgame malicious (high confidence) 20190802
Emsisoft Trojan.GenericKD.41522303 (B) 20190815
Comodo 未发现病毒 20190815
F-Secure Trojan.TR/Dropper.Gen 20190815
DrWeb Trojan.Rootkit.22030 20190815
Zillya 未发现病毒 20190815
Invincea heuristic 20190717
McAfee-GW-Edition BehavesLike.Win32.Backdoor.wc 20190815
Trapmine malicious.high.ml.score 20190522
FireEye Generic.mg.78cc1fbaa1a89984 20190816
Sophos Mal/Generic-S 20190815
Ikarus 未发现病毒 20190815
Cyren W32/RLPacked.B.gen!Eldorado 20190815
Jiangmin 未发现病毒 20190813
Webroot 未发现病毒 20190816
Avira TR/Dropper.Gen 20190815
MAX 未发现病毒 20190816
Antiy-AVL Trojan[Spy]/Win32.KeyLogger.dwl 20190815
Kingsoft 未发现病毒 20190816
Microsoft Backdoor:Win32/FlyAgent.F 20190815
Arcabit Trojan.Generic.D279947F 20190815
ViRobot 未发现病毒 20190813
ZoneAlarm Trojan.Win32.Inject.alxmo 20190815
Avast-Mobile 未发现病毒 20190815
AhnLab-V3 Malware/Win32.Generic.C3401931 20190815
Acronis suspicious 20190815
VBA32 Backdoor.FlyAgent 20190815
ALYac Trojan.GenericKD.41522303 20190815
TACHYON 未发现病毒 20190816
Ad-Aware Trojan.GenericKD.41522303 20190815
Malwarebytes 未发现病毒 20190815
Panda 未发现病毒 20190815
Zoner 未发现病毒 20190815
Tencent 未发现病毒 20190816
Yandex Packed/RLPack 20190811
SentinelOne DFI - Malicious PE 20190807
eGambit 未发现病毒 20190816
Fortinet W32/Autorun.BX!worm 20190816
AVG Win32:Malware-gen 20190815
Cybereason malicious.03ba76 20190616
Avast Win32:Malware-gen 20190815
MaxSecure 未发现病毒 20190803

进程树

ZSsafe.exe, PID: 1352, 上一级进程 PID: 2332
ctfmon.exe, PID: 2432, 上一级进程 PID: 1352
services.exe, PID: 428, 上一级进程 PID: 340
下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接 IP 安全评级 地理位置
101.227.102.88 中国
122.114.130.31 中国
123.58.180.101 中国
123.58.180.39 中国
125.88.182.231 中国
36.27.212.88 中国
47.52.160.236 加拿大

TCP

源地址 源端口 目标地址 目标端口
192.168.122.204 49174 101.227.102.88 b.bst.126.net 80
192.168.122.204 49175 122.114.130.31 yuanlin.6600.org 80
192.168.122.204 49170 123.58.180.101 mojunxie521.blog.163.com 80
192.168.122.204 49169 123.58.180.39 mojunxie521.blog.163.com 80
192.168.122.204 49172 125.88.182.231 error.kangleweb.net 443
192.168.122.204 49173 36.27.212.88 2018k.cn 80
192.168.122.204 49176 36.27.212.88 2018k.cn 80
192.168.122.204 49171 47.52.160.236 www.mojunxie.win 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.204 50629 192.168.122.1 53
192.168.122.204 54704 192.168.122.1 53
192.168.122.204 54838 192.168.122.1 53
192.168.122.204 55337 192.168.122.1 53
192.168.122.204 56990 192.168.122.1 53
192.168.122.204 58731 192.168.122.1 53
192.168.122.204 61462 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

域名 安全评级 响应
mojunxie521.blog.163.com A 123.58.180.101
A 123.58.180.39
blog.163.com
www.mojunxie.win CNAME cp.renzhijia.com
A 47.52.160.236
CNAME s4769071.my-cp-cdn.aikeba.com
error.kangleweb.net CNAME kangleweb.net.wddun.com
A 125.88.182.231
A 183.60.107.20
2018k.cn 未知 CNAME 94907bf79bf1e6e6.360wzws.com
A 36.27.212.88
b.bst.126.net 未知 A 61.164.210.206
CNAME dd.bst.126.net.lxdns.com
A 101.227.102.88
yuanlin.6600.org 未知 A 122.114.130.31

TCP

源地址 源端口 目标地址 目标端口
192.168.122.204 49174 101.227.102.88 b.bst.126.net 80
192.168.122.204 49175 122.114.130.31 yuanlin.6600.org 80
192.168.122.204 49170 123.58.180.101 mojunxie521.blog.163.com 80
192.168.122.204 49169 123.58.180.39 mojunxie521.blog.163.com 80
192.168.122.204 49172 125.88.182.231 error.kangleweb.net 443
192.168.122.204 49173 36.27.212.88 2018k.cn 80
192.168.122.204 49176 36.27.212.88 2018k.cn 80
192.168.122.204 49171 47.52.160.236 www.mojunxie.win 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.204 50629 192.168.122.1 53
192.168.122.204 54704 192.168.122.1 53
192.168.122.204 54838 192.168.122.1 53
192.168.122.204 55337 192.168.122.1 53
192.168.122.204 56990 192.168.122.1 53
192.168.122.204 58731 192.168.122.1 53
192.168.122.204 61462 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://mojunxie521.blog.163.com/blog/static/27250327320174622243849/ 
GET /blog/static/27250327320174622243849/ HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: mojunxie521.blog.163.com
Connection: Keep-Alive
URL专业沙箱检测 -> http://blog.163.com/login.do?err=403 
GET /login.do?err=403 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: blog.163.com
Connection: Keep-Alive
Cookie: NTESBLOGSI=EAD4F452D6AE695CA889DDA9D308706A.yqblog13-8010; usertrack=ezq0J11aizRymgU8A74eAg==
URL专业沙箱检测 -> http://www.mojunxie.win/cansu521.txt 
GET /cansu521.txt HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: www.mojunxie.win
Connection: Keep-Alive
URL专业沙箱检测 -> http://2018k.cn/api 
GET /api HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 2018k.cn
URL专业沙箱检测 -> http://2018k.cn/api/ 
GET /api/ HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 2018k.cn
URL专业沙箱检测 -> http://2018k.cn/api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&version=1.2.8.6 
GET /api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&version=1.2.8.6 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Encoding: gbk, GB2312
Accept-Language: zh-cn
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: 2018k.cn
URL专业沙箱检测 -> http://b.bst.126.net/style/common/error/404.css 
GET /style/common/error/404.css HTTP/1.1
Accept: */*
Referer: http://blog.163.com/login.do?err=403
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: b.bst.126.net
Connection: Keep-Alive
URL专业沙箱检测 -> http://yuanlin.6600.org/cansu521.txt 
GET /cansu521.txt HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: yuanlin.6600.org
Connection: Keep-Alive
URL专业沙箱检测 -> http://2018k.cn/api/checkVersion?id=2a14893fbe9c47eeb8468100fa248d1c&html=true.html 
GET /api/checkVersion?id=2a14893fbe9c47eeb8468100fa248d1c&html=true.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 2018k.cn
Connection: Keep-Alive
URL专业沙箱检测 -> http://2018k.cn/api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&html=true.html 
GET /api/checkVersion?id=abebaa2cbd49475f9ad45be62b11f3d1&html=true.html HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 2018k.cn
Connection: Keep-Alive
URL专业沙箱检测 -> http://b.bst.126.net/style/common/error/images/sprite-404.png 
GET /style/common/error/images/sprite-404.png HTTP/1.1
Accept: */*
Referer: http://blog.163.com/login.do?err=403
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: b.bst.126.net
Connection: Keep-Alive
URL专业沙箱检测 -> http://b.bst.126.net/style/common/error/images/newtip/nologin.png 
GET /style/common/error/images/newtip/nologin.png HTTP/1.1
Accept: */*
Referer: http://blog.163.com/login.do?err=403
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: b.bst.126.net
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp Source IP Source Port Destination IP Destination Port Version Issuer Subject Fingerprint
2019-08-19 19:42:53.002240+0800 192.168.122.204 49172 125.88.182.231 443 TLS 1.2 C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 CN=error.kangleweb.net 00:df:db:56:04:f8:1a:9f:8a:48:a1:d1:50:72:7c:6d:2b:93:b7:2a

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)		 下载

Processing ( 67.403 seconds )

  • 19.823 BehaviorAnalysis
  • 19.1 NetworkAnalysis
  • 15.337 Suricata
  • 8.466 Static
  • 3.815 TargetInfo
  • 0.429 peid
  • 0.332 VirusTotal
  • 0.074 AnalysisInfo
  • 0.015 Strings
  • 0.009 config_decoder
  • 0.003 Memory

Signatures ( 9.393 seconds )

  • 2.327 md_url_bl
  • 1.117 api_spamming
  • 1.018 injection_createremotethread
  • 0.861 stealth_timeout
  • 0.724 stealth_decoy_document
  • 0.675 vawtrak_behavior
  • 0.51 process_needed
  • 0.502 injection_explorer
  • 0.192 antiav_detectreg
  • 0.143 infostealer_browser
  • 0.11 reads_self
  • 0.084 stealth_file
  • 0.084 process_interest
  • 0.075 infostealer_ftp
  • 0.073 mimics_filetime
  • 0.065 infostealer_browser_password
  • 0.046 bootkit
  • 0.044 infostealer_im
  • 0.04 ipc_namedpipe
  • 0.04 antianalysis_detectreg
  • 0.038 antivm_generic_scsi
  • 0.03 md_domain_bl
  • 0.028 antiav_detectfile
  • 0.027 antivm_generic_services
  • 0.025 infostealer_mail
  • 0.024 anormaly_invoke_kills
  • 0.023 antivm_vbox_libs
  • 0.022 antiemu_wine_func
  • 0.022 kovter_behavior
  • 0.02 antidbg_windows
  • 0.02 virus
  • 0.02 infostealer_bitcoin
  • 0.019 antivm_generic_disk
  • 0.015 antisandbox_sunbelt_libs
  • 0.014 antiav_avast_libs
  • 0.013 hancitor_behavior
  • 0.013 geodo_banking_trojan
  • 0.012 kibex_behavior
  • 0.012 exec_crash
  • 0.012 maldun_suspicious
  • 0.011 antisandbox_sboxie_libs
  • 0.011 antiav_bitdefender_libs
  • 0.011 antivm_vbox_files
  • 0.01 anomaly_persistence_autorun
  • 0.01 antivm_xen_keys
  • 0.01 darkcomet_regkeys
  • 0.009 dridex_behavior
  • 0.009 betabot_behavior
  • 0.009 shifu_behavior
  • 0.009 antivm_parallels_keys
  • 0.008 ransomware_extensions
  • 0.008 ransomware_files
  • 0.007 antivm_generic_diskreg
  • 0.006 antivm_vmware_libs
  • 0.006 network_http
  • 0.006 recon_fingerprint
  • 0.004 antivm_vbox_window
  • 0.004 antisandbox_productid
  • 0.004 disables_browser_warn
  • 0.004 network_torgateway
  • 0.003 tinba_behavior
  • 0.003 hawkeye_behavior
  • 0.003 network_tor
  • 0.003 rat_nanocore
  • 0.003 stealth_network
  • 0.003 antisandbox_script_timer
  • 0.003 bypass_firewall
  • 0.003 antivm_xen_keys
  • 0.003 antivm_hyperv_keys
  • 0.003 antivm_vbox_acpi
  • 0.003 antivm_vbox_keys
  • 0.003 antivm_vmware_keys
  • 0.003 antivm_vpc_keys
  • 0.003 browser_security
  • 0.003 packer_armadillo_regkey
  • 0.003 rat_pcclient
  • 0.002 kazybot_behavior
  • 0.002 cerber_behavior
  • 0.002 antivm_generic_bios
  • 0.002 antivm_generic_system
  • 0.002 antivm_vmware_files
  • 0.002 modify_proxy
  • 0.002 codelux_behavior
  • 0.002 network_cnc_http
  • 0.002 recon_programs
  • 0.001 malicious_write_executeable_under_temp_to_regrun
  • 0.001 network_anomaly
  • 0.001 rat_luminosity
  • 0.001 anomaly_persistence_bootexecute
  • 0.001 clickfraud_cookies
  • 0.001 sets_autoconfig_url
  • 0.001 ursnif_behavior
  • 0.001 antisandbox_mouse_hook
  • 0.001 ransomeware_modifies_desktop_wallpaper
  • 0.001 dead_connect
  • 0.001 h1n1_behavior
  • 0.001 infostealer_keylog
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_cpu
  • 0.001 antivm_vpc_files
  • 0.001 banker_cridex
  • 0.001 banker_zeus_mutex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_addon
  • 0.001 disables_system_restore
  • 0.001 disables_windows_defender
  • 0.001 malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 md_bad_drop
  • 0.001 network_tor_service
  • 0.001 rat_spynet
  • 0.001 stealth_hiddenreg
  • 0.001 stealth_hide_notifications
  • 0.001 stealth_modify_uac_prompt
  • 0.001 stealth_modify_security_center_warnings

Reporting ( 0.935 seconds )

  • 0.935 ReportHTMLSummary
Task ID 356440
Mongo ID 5d5a8c4d2f8f2e56cfc9780c
Cuckoo release 1.4-Maldun