魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2023-06-07 16:07:39 | 2023-06-07 16:08:26 | 47 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-shaapp03-1 | win7-sp1-x64-shaapp03-1 | KVM | 2023-06-07 16:07:41 | 2023-06-07 16:08:28 |
| 魔盾分数 |
|---|
0.475正常的 |
文件详细信息
| 文件名 | 多类支持向量机的DDoS攻击检测的方法.pdf |
|---|---|
| 文件大小 | 1162549 字节 |
| 文件类型 | PDF document, version 1.3 |
| CRC32 | F60EA404 |
| MD5 | 3215093b0dc75311992042ff94f100e7 |
| SHA1 | 6f798ca7b6f98b068e27ef3582e9713a3886c887 |
| SHA256 | 2eb9298e7f67cb7f6f1e36ef3486a88496ddab507bc7a4c9a7a741fb31819785 |
| SHA512 | 058a8915a6f824a64c6cbad2c0d8d0022c905113c1f765c8ab7a88cec1835a8033d6a926254f9df7ef01dc8d6f03ca5df2ce78129fb813c24065b628fa249fd4 |
| Ssdeep | 24576:+CpGADAWcdNjDwL7osP3tTQLvTB0mTekG1l/DzI:+LtdNHwL8YhA+mf68 |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | VirusTotal查询失败 |
特征
魔盾wping.org IP地址信誉系统
Greylist: 23.197.245.164
Greylist: 23.33.16.112
Greylist: 23.33.17.164
Greylist: 52.109.124.150
Greylist: 61.147.219.124
魔盾安全Yara检测结果 - 普通
Warning: Written very generically and doesn't hold any weight
运行截图
网络分析
访问主机记录
| 直接访问 | IP地址 | 国家名 |
|---|---|---|
| 否 | 13.107.213.50 | United States |
| 否 | 13.107.246.50 | United States |
| 否 | 23.197.245.164 | United States |
| 否 | 23.204.146.162 | United States |
| 否 | 23.33.16.112 | United States |
| 否 | 23.33.17.164 | United States |
| 否 | 52.109.124.150 | United States |
| 否 | 61.147.219.124 | China |
域名解析
| 域名 | 响应 |
|---|---|
| officeredir.microsoft.com |
CNAME prod.ocsredir1.live.com.akadns.net
A 52.109.124.150 CNAME ocsredir.officeapps.live.com |
| o15.officeredir.microsoft.com | |
| support.office.com |
CNAME e2178.b.akamaiedge.net
CNAME support.office.com.edgekey.net A 23.197.245.164 |
| support.microsoft.com |
CNAME prodstack.support.microsoft.com.edgekey.net
A 23.33.16.112 CNAME e3843.dscg.akamaiedge.net |
| www.microsoft.com |
CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
CNAME e13678.ca2.s.tl88.net CNAME www.microsoft.com-c-3.edgekey.net A 61.147.219.124 |
| wcpstatic.microsoft.com |
CNAME part-0022.t-0009.t-msedge.net
A 13.107.246.50 CNAME dual.part-0022.t-0009.t-msedge.net CNAME firstparty-azurefd-prod.trafficmanager.net A 13.107.213.50 CNAME consentdeliveryfd.azurefd.net |
| mem.gfx.ms |
CNAME amcdnmsftuswe.afd.azureedge.net
CNAME amcdnmsftuswe.azureedge.net |
| img-prod-cms-rt-microsoft-com.akamaized.net |
A 23.204.146.162
CNAME a1449.dscg2.akamai.net A 23.204.146.211 |
| c.s-microsoft.com |
A 23.33.17.164
CNAME c-s.cms.ms.akadns.net CNAME c.s-microsoft.com-c.edgekey.net CNAME e13678.dscg.akamaiedge.net |
TCP连接
| IP地址 | 端口 |
|---|---|
| 13.107.213.50 | 443 |
| 13.107.213.50 | 443 |
| 13.107.213.50 | 443 |
| 13.107.246.50 | 443 |
| 13.107.246.50 | 443 |
| 13.107.246.50 | 443 |
| 23.197.245.164 | 443 |
| 23.197.245.164 | 443 |
| 23.197.245.164 | 443 |
| 23.204.146.162 | 443 |
| 23.204.146.162 | 443 |
| 23.204.146.162 | 443 |
| 23.204.146.162 | 443 |
| 23.204.146.162 | 443 |
| 23.204.146.162 | 443 |
| 23.204.146.162 | 443 |
| 23.204.146.162 | 443 |
| 23.33.16.112 | 443 |
| 23.33.16.112 | 443 |
| 23.33.16.112 | 443 |
| 23.33.16.112 | 443 |
| 23.33.16.112 | 443 |
| 23.33.16.112 | 443 |
| 23.33.16.112 | 443 |
| 23.33.17.164 | 443 |
| 23.45.112.74 | 80 |
| 52.109.124.150 | 80 |
| 52.109.124.150 | 80 |
| 52.109.124.150 | 80 |
| 52.109.124.150 | 80 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
| 61.147.219.124 | 443 |
UDP连接
| IP地址 | 端口 |
|---|---|
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
| 192.168.122.1 | 53 |
HTTP请求
| URL | HTTP数据 |
|---|---|
| http://officeredir.microsoft.com/r/rlidUNLGenuine?LCID=2052&MSG=1&PID=02260-018-0000106-48620 | GET /r/rlidUNLGenuine?LCID=2052&MSG=1&PID=02260-018-0000106-48620 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office) Accept-Encoding: gzip, deflate Host: officeredir.microsoft.com Connection: Keep-Alive Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961 |
| http://o15.officeredir.microsoft.com/r/rlidUNLGenuineRedir?p1=1&clid=2052&LCID=2052&MSG=1&PID=02260-018-0000106-48620 | GET /r/rlidUNLGenuineRedir?p1=1&clid=2052&LCID=2052&MSG=1&PID=02260-018-0000106-48620 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office) Accept-Encoding: gzip, deflate Host: o15.officeredir.microsoft.com Connection: Keep-Alive Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961 |
| http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip | GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: */* If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache |
| http://officeredir.microsoft.com/r/rlidUNLGenuine?LCID=2052&MSG=2&PID=02260-018-0000106-48620 | GET /r/rlidUNLGenuine?LCID=2052&MSG=2&PID=02260-018-0000106-48620 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office) Accept-Encoding: gzip, deflate Host: officeredir.microsoft.com Connection: Keep-Alive Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961 |
| http://o15.officeredir.microsoft.com/r/rlidUNLGenuineRedir?p1=2&clid=2052&LCID=2052&MSG=2&PID=02260-018-0000106-48620 | GET /r/rlidUNLGenuineRedir?p1=2&clid=2052&LCID=2052&MSG=2&PID=02260-018-0000106-48620 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office) Accept-Encoding: gzip, deflate Host: o15.officeredir.microsoft.com Connection: Keep-Alive Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961 |
| http://officeredir.microsoft.com/r/rlidUNLGenuine?LCID=2052&MSG=2&PID=02260-018-0000106-48620 | GET /r/rlidUNLGenuine?LCID=2052&MSG=2&PID=02260-018-0000106-48620 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office) Accept-Encoding: gzip, deflate Host: officeredir.microsoft.com Connection: Keep-Alive Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961; ak_bmsc=E2D58E780D9A71A73242CDF7A6155BAC~000000000000000000000000000000~YAAQj+Bb2sF9cmyIAQAAeD7mlBTzjZ3kZRnorszub77o/dn/n2weock57vZegYBHdMPG2+Cq707evWlAJms+p0g5Y3V4Qff97BLXBWXOAkMY+AiNZy1Qgljbi5Vqd2BEjmuk/uYZExkheXnGUey9gK8ChMAn59j1Lc6DrlVvFWwsJKZwS0Vis4IQlgU7uZ+Zp2x41nZM/jlZZ/oBaTwKjS/MNSg5byc4bmlSp+aKIqeTfvvDn9Xt5IV1Ixe4d3kumkkMQm58mDeKKqtewerBJtZbcXLLQ3VJ9MiYm1prCYntRcPnPUtxj8HXJttCNNkSfFMWwBOdssbCRNsT+ygPPvNSud8oEzSaK86UN8UgHQG0Uq3VVBSuRq1YRv7H0iY= |
| http://o15.officeredir.microsoft.com/r/rlidUNLGenuineRedir?p1=2&clid=2052&LCID=2052&MSG=2&PID=02260-018-0000106-48620 | GET /r/rlidUNLGenuineRedir?p1=2&clid=2052&LCID=2052&MSG=2&PID=02260-018-0000106-48620 HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office) Accept-Encoding: gzip, deflate Host: o15.officeredir.microsoft.com Connection: Keep-Alive Cookie: WT_FPC=id=2ea84d10a1187b93d1f1504351520961:lv=1504351536858:ss=1504351520961; ak_bmsc=E2D58E780D9A71A73242CDF7A6155BAC~000000000000000000000000000000~YAAQj+Bb2sF9cmyIAQAAeD7mlBTzjZ3kZRnorszub77o/dn/n2weock57vZegYBHdMPG2+Cq707evWlAJms+p0g5Y3V4Qff97BLXBWXOAkMY+AiNZy1Qgljbi5Vqd2BEjmuk/uYZExkheXnGUey9gK8ChMAn59j1Lc6DrlVvFWwsJKZwS0Vis4IQlgU7uZ+Zp2x41nZM/jlZZ/oBaTwKjS/MNSg5byc4bmlSp+aKIqeTfvvDn9Xt5IV1Ixe4d3kumkkMQm58mDeKKqtewerBJtZbcXLLQ3VJ9MiYm1prCYntRcPnPUtxj8HXJttCNNkSfFMWwBOdssbCRNsT+ygPPvNSud8oEzSaK86UN8UgHQG0Uq3VVBSuRq1YRv7H0iY= |
静态分析
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
无信息
创建的服务
无信息
启动的服务
无信息
进程
AcroRd32.exe PID: 2540, 上一级进程 PID: 2196
访问的文件
无信息
读取的文件
无信息
修改的文件
无信息
删除的文件
无信息
注册表键
无信息
读取的注册表键
无信息
修改的注册表键
无信息
删除的注册表键
无信息
API解析
无信息