魔盾安全分析报告

分析类型	开始时间	结束时间	持续时间	分析引擎版本
FILE	2022-08-19 15:21:56	2022-08-19 15:22:41	45 秒	1.4-Maldun

虚拟机机器名	标签	虚拟机管理	开机时间	关机时间
win7-sp1-x64-shaapp02-1	win7-sp1-x64-shaapp02-1	KVM	2022-08-19 15:21:56	2022-08-19 15:22:42

魔盾分数
0.625 正常的

文件名	ja-netfilter.jar
文件大小	48639 字节
文件类型	Zip archive data, at least v1.0 to extract
CRC32	D865A665
MD5	2fa1b1364515dce93eb67c423b570deb
SHA1	2a723c2ef30be4a5c167c6639bf9ec0b9c7e7ca2
SHA256	3acc4e9d91793f6909458a4761b75b6da45c8868e75dca33c9fec63659202995
SHA512	0b6cf7caf6d48419251d0aa1ccf280536eb20b1f108f874a9ce86943601c2317833031578fc869366e3bc40dedfabfd64527598ea63b879bc77f82a9a218766b
Ssdeep	768:Oh7IDIGjwZyHIwcctMtI+xIfo1UC6cB+P9146lp3fbYHfkWvQdptYc4klY:KSIG0ZuIQMtI+xIrTcB034673fbgvYI
PEiD	无匹配
Yara	无Yara规则匹配
VirusTotal	VirusTotal查询失败

直接访问	IP地址	国家名
否	104.208.16.93	United States

域名	响应
watson.microsoft.com	A 104.208.16.93 CNAME legacywatson.trafficmanager.net CNAME onedsblobprdcus07.centralus.cloudapp.azure.com

IP地址	端口
184.25.56.181	80

IP地址	端口
192.168.122.1	53
192.168.122.1	53

URL	HTTP数据
http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache

互斥量(Mutexes) 无信息

执行的命令 无信息

创建的服务 无信息

启动的服务 无信息

访问的文件

C:\Users\test\AppData\Local\Temp\ja-netfilter.jar
C:\Program Files (x86)\Java\jre1.8.0_121\bin\java.dll
C:\Windows\System32\tzres.dll
C:\Program Files (x86)\Java\jre1.8.0_121\lib\i386\jvm.cfg
C:\Program Files (x86)\Java\jre1.8.0_121\bin\client\jvm.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\WSOCK32.dll
C:\Windows\System32\wsock32.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\WINMM.dll
C:\Windows\System32\winmm.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\VERSION.dll
C:\Windows\System32\version.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\verify.dll
C:\Users\test\AppData\Local\Temp\.hotspotrc
C:\Program Files (x86)\Java\jre1.8.0_121\lib\endorsed
C:\
C:\Users\test\AppData\Local\Temp\hsperfdata_test
C:\Users\test\AppData\Local\Temp\hsperfdata_test\2544
C:\Program Files (x86)\Java\jre1.8.0_121\bin\zip.dll
C:\Program Files (x86)\Java\jre1.8.0_121\lib\resources.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\rt.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\sunrsasign.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\jsse.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\jce.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\charsets.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\jfr.jar
C:\Program Files (x86)\Java\jre1.8.0_121\classes
C:\Program Files (x86)\Java\jre1.8.0_121\lib\meta-index
C:\Program Files (x86)\Java\jre1.8.0_121\bin\client\classes.jsa
C:\Program Files (x86)
C:\Program Files (x86)\Java
C:\Program Files (x86)\Java\jre1.8.0_121
C:\Program Files (x86)\Java\jre1.8.0_121\lib
C:\Users\test\AppData\Local\Temp\.hotspot_compiler
C:\Windows\sysnative\C_G18030.DLL
C:\Windows\Fonts\SimSun18030.ttc
C:\Program Files (x86)\Java\jre1.8.0_121\bin
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext
C:\Windows\Sun\Java\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\*
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\access-bridge-32.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\cldrdata.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\dnsns.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\jaccess.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\jfxrt.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\localedata.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\nashorn.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\sunec.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\sunjce_provider.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\sunmscapi.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\sunpkcs11.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\zipfs.jar
C:\Windows\Sun\Java\lib\ext
C:\Users
C:\Users\test
C:\Users\test\AppData
C:\Users\test\AppData\Local
C:\Users\test\AppData\Local\Temp
C:\Program Files (x86)\Java\conf\usagetracker.properties
C:\Program Files (x86)\Java\jre1.8.0_121\lib\management\usagetracker.properties
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d8040.timestamp
C:\Program Files (x86)\Java\jre1.8.0_121\lib\security\java.security
C:\Program Files (x86)\Java\jre1.8.0_121\bin\jps
C:\Program Files (x86)\Java\jre1.8.0_121\bin\jps.exe
C:\Program Files (x86)\Java\bin\jps
C:\Program Files (x86)\Java\bin\jps.exe

读取的文件

C:\Users\test\AppData\Local\Temp\ja-netfilter.jar
C:\Windows\System32\tzres.dll
C:\Program Files (x86)\Java\jre1.8.0_121\lib\i386\jvm.cfg
C:\Program Files (x86)\Java\jre1.8.0_121\bin\msvcr100.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\client\jvm.dll
C:\Windows\System32\wsock32.dll
C:\Windows\System32\winmm.dll
C:\Windows\System32\version.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\verify.dll
C:\Program Files (x86)\Java\jre1.8.0_121\bin\java.dll
C:\Users\test\AppData\Local\Temp\hsperfdata_test\2544
C:\Program Files (x86)\Java\jre1.8.0_121\bin\zip.dll
C:\Program Files (x86)\Java\jre1.8.0_121\lib\meta-index
C:\Program Files (x86)\Java\jre1.8.0_121\bin\client\classes.jsa
C:\Program Files (x86)\Java\jre1.8.0_121\lib\rt.jar
C:\Windows\Fonts\SimSun18030.ttc
C:\Program Files (x86)\Java\jre1.8.0_121\lib\charsets.jar
C:\Program Files (x86)\Java\jre1.8.0_121\lib\ext\meta-index
C:\Program Files (x86)\Java\jre1.8.0_121\lib\security\java.security

修改的文件

C:\Users\test\AppData\Local\Temp\hsperfdata_test\2544
C:\ProgramData\Oracle\Java\.oracle_jre_usage\cce3fe3b0d8d8040.timestamp

删除的文件 无信息

注册表键

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\54936
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

读取的注册表键

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CodePage\54936
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

修改的注册表键 无信息

删除的注册表键 无信息

API解析

kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
jvm.dll.JNI_CreateJavaVM
jvm.dll.JNI_GetDefaultJavaVMInitArgs
java.dll.JDK_GetVersionInfo0
advapi32.dll.SetSecurityDescriptorControl
zip.dll.ZIP_Open
zip.dll.ZIP_Close
zip.dll.ZIP_FindEntry
zip.dll.ZIP_ReadEntry
zip.dll.ZIP_GetNextEntry
zip.dll.ZIP_CRC32
java.dll.Canonicalize
java.dll._Java_java_lang_Object_registerNatives@8
java.dll._Java_java_lang_System_registerNatives@8
java.dll._Java_java_lang_Thread_registerNatives@8
java.dll._Java_java_security_AccessController_getStackAccessControlContext@8
java.dll._Java_java_security_AccessController_getInheritedAccessControlContext@8
java.dll._Java_java_lang_Class_registerNatives@8
java.dll._Java_java_lang_ClassLoader_registerNatives@8
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2@12
java.dll._Java_java_lang_Class_forName0@24
java.dll._Java_java_lang_Throwable_fillInStackTrace@12
java.dll._Java_sun_reflect_Reflection_getCallerClass__@8
java.dll._Java_java_lang_Class_getPrimitiveClass@12
java.dll._Java_java_lang_Float_floatToRawIntBits@12
java.dll._Java_java_lang_Double_doubleToRawLongBits@16
java.dll._Java_java_lang_Double_longBitsToDouble@16
java.dll._Java_sun_misc_VM_initialize@8
jvm.dll.JVM_GetVersionInfo
java.dll._Java_java_lang_System_initProperties@12
shell32.dll.SHGetKnownFolderPath
java.dll._Java_java_lang_String_intern@8
java.dll._Java_sun_reflect_Reflection_getClassAccessFlags@12
java.dll._Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16
java.dll._Java_java_lang_Object_getClass@8
java.dll.NewStringPlatform
java.dll._Java_java_lang_Runtime_maxMemory@8
java.dll._Java_java_io_FileInputStream_initIDs@8
java.dll._Java_java_io_FileDescriptor_initIDs@8
java.dll._Java_java_io_FileDescriptor_set@12
java.dll._Java_java_io_FileOutputStream_initIDs@8
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2@12
java.dll._Java_java_lang_Class_isAssignableFrom@12
java.dll._Java_java_lang_System_setIn0@12
java.dll._Java_java_util_concurrent_atomic_AtomicLong_VMSupportsCS8@8
java.dll._Java_java_lang_System_setOut0@12
java.dll._Java_java_lang_System_setErr0@12
java.dll._Java_java_io_WinNTFileSystem_initIDs@8
kernel32.dll.GetFinalPathNameByHandleW
java.dll._Java_java_lang_System_mapLibraryName@12
java.dll._Java_java_lang_ClassLoader_findBuiltinLib@12
java.dll._Java_java_io_WinNTFileSystem_getBooleanAttributes@12
java.dll._Java_java_io_WinNTFileSystem_canonicalize0@12
java.dll._Java_java_lang_ClassLoader_00024NativeLibrary_load@16
java.dll._Java_sun_misc_Signal_findSignal@12
java.dll._Java_sun_misc_Signal_handle0@20
java.dll._Java_sun_io_Win32ErrorMode_setErrorMode@16
java.dll._Java_java_lang_Compiler_registerNatives@8
java.dll._Java_java_io_FileInputStream_open0@12
java.dll._Java_java_io_FileInputStream_readBytes@20
java.dll._Java_java_io_FileInputStream_available@8
java.dll._Java_java_lang_reflect_Array_newArray@16
java.dll._Java_java_lang_Runtime_availableProcessors@8
java.dll._Java_java_io_FileInputStream_close0@8
java.dll._Java_java_io_WinNTFileSystem_list@12
java.dll._Java_java_io_WinNTFileSystem_canonicalizeWithPrefix0@16
java.dll._Java_sun_misc_URLClassPath_getLookupCacheURLs@12
java.dll._Java_java_lang_ProcessEnvironment_environmentBlock@8
java.dll._Java_java_io_FileOutputStream_open0@16
java.dll._Java_java_io_FileOutputStream_writeBytes@24
java.dll._Java_java_io_FileOutputStream_close0@8
jvm.dll.JVM_FindClassFromBootLoader
java.dll._Java_java_lang_ClassLoader_00024NativeLibrary_find@12
zip.dll._Java_java_util_zip_ZipFile_initIDs@8
java.dll._Java_java_io_WinNTFileSystem_getLastModifiedTime@12
zip.dll._Java_java_util_zip_ZipFile_open@28
zip.dll._Java_java_util_zip_ZipFile_getTotal@16
zip.dll._Java_java_util_zip_ZipFile_startsWithLOC@16
zip.dll._Java_java_util_zip_ZipFile_getEntry@24
zip.dll._Java_java_util_zip_ZipFile_getEntryFlag@16
zip.dll._Java_java_util_zip_ZipFile_getEntryTime@16
zip.dll._Java_java_util_zip_ZipFile_getEntryCrc@16
zip.dll._Java_java_util_zip_ZipFile_getEntrySize@16
zip.dll._Java_java_util_zip_ZipFile_getEntryCSize@16
zip.dll._Java_java_util_zip_ZipFile_getEntryMethod@16
zip.dll._Java_java_util_zip_ZipFile_getEntryBytes@20
zip.dll._Java_java_util_zip_ZipFile_freeEntry@24
zip.dll._Java_java_util_zip_Inflater_initIDs@8
zip.dll._Java_java_util_zip_Inflater_init@12
zip.dll._Java_java_util_zip_Inflater_inflateBytes@28
zip.dll._Java_java_util_zip_ZipFile_read@44
zip.dll._Java_java_util_zip_Inflater_reset@16
zip.dll._Java_java_util_zip_Inflater_end@16
zip.dll._Java_java_util_zip_ZipFile_close@16
java.dll._Java_java_lang_ClassLoader_findLoadedClass0@12
java.dll._Java_java_lang_ClassLoader_findBootstrapClass@12
java.dll._Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16
java.dll._Java_java_lang_Package_getSystemPackage0@12
zip.dll._Java_java_util_jar_JarFile_getMetaInfEntryNames@8
java.dll._Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20
java.dll._Java_java_lang_Class_isInstance@12
java.dll._Java_java_lang_ClassLoader_defineClass1@32
java.dll._Java_java_lang_System_identityHashCode@12
java.dll._Java_java_lang_Throwable_getStackTraceDepth@8
java.dll._Java_java_lang_Throwable_getStackTraceElement@12

魔盾安全分析报告

0.625

正常的

文件详细信息

特征

运行截图

网络分析

访问主机记录

域名解析

TCP连接

UDP连接

HTTP请求

静态分析

投放文件

行为分析

进程

java.exe PID: 2544, 上一级进程 PID: 2176