分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-app02-2 | 2017-02-16 15:11:31 | 2017-02-16 15:14:58 | 207 秒 |
魔盾分数
0.8
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> blogspot.com |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 23.32.241.26 | 美国 | |
| 否 | 93.46.8.89 | 意大利 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| blogspot.com | A 93.46.8.89 |
摘要
登录查看详细行为信息WHOIS 信息
Name: DNS Admin
Country: US
State: CA
City: Mountain View
ZIP Code: 94043
Address: 1600 Amphitheatre Parkway
Orginization: Google Inc.
Domain Name(s):
BLOGSPOT.COM
blogspot.com
Creation Date:
2000-07-31 00:00:00
2000-07-31 00:00:00-0700
Updated Date:
2016-06-29 00:00:00
2016-06-29 02:31:53-0700
Expiration Date:
2017-07-31 00:00:00
2017-07-31 00:00:00-0700
Email(s):
abusecomplaints@markmonitor.com
dns-admin@google.com
Registrar(s):
MarkMonitor, Inc.
Name Server(s):
NS1.GOOGLE.COM
NS2.GOOGLE.COM
NS3.GOOGLE.COM
NS4.GOOGLE.COM
ns2.google.com
ns1.google.com
ns4.google.com
ns3.google.com
Referral URL(s):
http://www.markmonitor.com
| 防病毒引擎/厂商 | 网站安全分析 |
|---|---|
| CLEAN MX | Clean Site |
| VX Vault | Clean Site |
| ZDB Zeus | Clean Site |
| Tencent | Clean Site |
| Netcraft | Unrated Site |
| desenmascara_me | Clean Site |
| PhishLabs | Unrated Site |
| Zerofox | Clean Site |
| Sangfor | Clean Site |
| K7AntiVirus | Clean Site |
| SecureBrain | Clean Site |
| SCUMWARE_org | Clean Site |
| Quttera | Clean Site |
| AegisLab WebGuard | Clean Site |
| MalwareDomainList | Clean Site |
| ZeusTracker | Clean Site |
| zvelo | Clean Site |
| Google Safebrowsing | Clean Site |
| ParetoLogic | Clean Site |
| Kaspersky | Clean Site |
| BitDefender | Clean Site |
| Certly | Clean Site |
| G-Data | Clean Site |
| C-SIRT | Clean Site |
| OpenPhish | Clean Site |
| Websense ThreatSeeker | Clean Site |
| MalwarePatrol | Clean Site |
| Webutation | Clean Site |
| Trustwave | Clean Site |
| Web Security Guard | Clean Site |
| Dr_Web | Clean Site |
| ADMINUSLabs | Clean Site |
| Malwarebytes hpHosts | Clean Site |
| Opera | Clean Site |
| AlienVault | Clean Site |
| Emsisoft | Clean Site |
| Malc0de Database | Clean Site |
| Phishtank | Clean Site |
| Malwared | Clean Site |
| Avira | Clean Site |
| CyberCrime | Clean Site |
| Antiy-AVL | Clean Site |
| FraudSense | Clean Site |
| malwares_com URL checker | Clean Site |
| Comodo Site Inspector | Clean Site |
| Malekal | Clean Site |
| ESET | Clean Site |
| Sophos | Unrated Site |
| Yandex Safebrowsing | Clean Site |
| Spam404 | Clean Site |
| Nucleon | Clean Site |
| Malware Domain Blocklist | Clean Site |
| Blueliv | Clean Site |
| ZCloudsec | Clean Site |
| AutoShun | Unrated Site |
| ThreatHive | Clean Site |
| FraudScore | Clean Site |
| Rising | Clean Site |
| URLQuery | Unrated Site |
| StopBadware | Unrated Site |
| Sucuri SiteCheck | Clean Site |
| Fortinet | Clean Site |
| ZeroCERT | Clean Site |
| Baidu-International | Clean Site |
| securolytics | Clean Site |
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 23.32.241.26 | 美国 | |
| 否 | 93.46.8.89 | 意大利 |
TCP
无TCP连接纪录.
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 59975 | 192.168.122.1 | 53 |
| 192.168.122.202 | 60135 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| blogspot.com | A 93.46.8.89 |
TCP
无TCP连接纪录.
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.202 | 59975 | 192.168.122.1 | 53 |
| 192.168.122.202 | 60135 | 192.168.122.1 | 53 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | background_gradient[2] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\background_gradient[2]
|
| 文件大小 | 0 字节 |
| 文件类型 | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| Ssdeep | 3:: |
| 魔盾安全分析结果 | 6.0 分析时间:2016-05-08 17:55:55 查看分析报告 |
| 文件名 | tools[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\tools[1]
|
| 文件大小 | 3560 字节 |
| 文件类型 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced |
| MD5 | 6f20ba58551e13cfd87ec059327effd0 |
| SHA1 | b326a89ee587636bad7ad52aa944dc314fc6a6e2 |
| SHA256 | 62a7038cc42c1482d70465192318f21fc1ce0f0c737cb8804137f38a1f9d680b |
| CRC32 | 6793DDC5 |
| Ssdeep | 96:CXHt+JcNgOSiS4XsAYNpf2ESNOSMpLvmlC:2oONgOLPXsAYnpSymlC |
| 下载 提交魔盾安全分析 |
| 文件名 | down[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\down[1]
|
| 文件大小 | 3414 字节 |
| 文件类型 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced |
| MD5 | 555e83ce7f5d280d7454af334571fb25 |
| SHA1 | 47f78f68d72e3d9041acc9107a6b0d665f408385 |
| SHA256 | 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880 |
| CRC32 | 9EA3279D |
| Ssdeep | 96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe |
| 下载 提交魔盾安全分析 |
| 文件名 | dnserror[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDL4J1KW\dnserror[1]
|
| 文件大小 | 5880 字节 |
| 文件类型 | HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 4f118ed39d89f270a49fb32ac9629eb5 |
| SHA1 | 615b8e7223c36c962c93fad268748d9eb9fcad0c |
| SHA256 | 817c7650f5eaa0b4d4fc607a3fd139916a312004b1decf1f07eaba72e49f144c |
| CRC32 | 4CAD5B88 |
| Ssdeep | 48:uqUPr/ZV4VWBXvyK4nZ1a5TImPW/wu21kpD8uKZAXaaEglZB4OxukNm00+M0UMxT:u7pJEQNIwu2ktlZ+7020nENqoSr |
| 魔盾安全分析结果 | 1.3 分析时间:2016-11-15 15:07:39 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 4bd1104576ddc3d70ba592d12ab65bfc |
| SHA1 | 01c4857d992167440a8565d61e7262f3a9a4cc9d |
| SHA256 | 4afc766e1b9254152ad750c8a5dbcefc542efaa7c3eaf19c6f7d79ab85446d6d |
| CRC32 | D4BC8B24 |
| Ssdeep | 384:wEEG/+ow+atLlVV+kpqjEayL8LIqfcFnIyp3Tkz9GAxdtLCkdeB0nuHH5eQpRouy:wEEG/+9+ |
| 下载 提交魔盾安全分析 |
| 文件名 | errorPageStrings[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\errorPageStrings[1]
|
| 文件大小 | 1643 字节 |
| 文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 13216fa0f896b1b7c445fe9a54b5b998 |
| SHA1 | d343d35b45507640bc68487d4ad3afcb927ce950 |
| SHA256 | 7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61 |
| CRC32 | 3A14753A |
| Ssdeep | 48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc |
| 魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:57 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | favcenter[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\favcenter[1]
|
| 文件大小 | 3366 字节 |
| 文件类型 | PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced |
| MD5 | 25d76ee5fb5b890f2cc022d94a42fe19 |
| SHA1 | 62c180ec01ff2c30396fb1601004123f56b10d2f |
| SHA256 | 07d07a467e4988d3c377acd6dc9e53abca6b64e8fbf70f6be19d795a1619289b |
| CRC32 | 7FE3FBCC |
| Ssdeep | 96:RZ/I09Da01l+gmkyTt6Hk8nT1ny5y3iw+BT:RS0tKg9E05T1yIyw6 |
| 下载 提交魔盾安全分析 |
| 文件名 | RecoveryStore.{C72A41C3-F416-11E6-9154-525400A71650}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C72A41C3-F416-11E6-9154-525400A71650}.dat
|
| 文件大小 | 3584 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 1a5808450a42ab468eac668ca6a769ee |
| SHA1 | 536fb3b624885ccaf4ddf3d66ac48076af782c0d |
| SHA256 | d7df229cba04bd6d900c0e070d751e6b5e3770c265cf8325da3ecb324878f62e |
| CRC32 | 4D258801 |
| Ssdeep | 12:rl0YmGF24n0lYrEg5+IaCrI017+FvQDrEgmf+IaCy8qgQNlTqobE3MFhM:rI4nb5/LGv/TQNlWobE3MFhM |
| 下载 提交魔盾安全分析 |
| 文件名 | ErrorPageTemplate[2] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\ErrorPageTemplate[2]
|
| 文件大小 | 2226 字节 |
| 文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 9e7f4ae3f245c70af5b7dbe095647d30 |
| SHA1 | cbcffb08f72c10e3e2493ca0044872a7ebdc7215 |
| SHA256 | 2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df |
| CRC32 | 08BB8CA5 |
| Ssdeep | 48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR |
| 魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:12 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | noConnect[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\noConnect[1]
|
| 文件大小 | 0 字节 |
| 文件类型 | empty |
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| CRC32 | 00000000 |
| Ssdeep | 3:: |
| 魔盾安全分析结果 | 6.0 分析时间:2016-05-08 17:55:55 查看分析报告 |
| 文件名 | {C72A41C4-F416-11E6-9154-525400A71650}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C72A41C4-F416-11E6-9154-525400A71650}.dat
|
| 文件大小 | 4608 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 6388a3d4e7a37ff2054d11338966baab |
| SHA1 | f7c7cb6e0b667f8bdc25681dd3583845a9b02780 |
| SHA256 | 709c89fc511410204ae55c3f061885f369d0899229b8cce9ad7973c18a580482 |
| CRC32 | C81D593B |
| Ssdeep | 12:rlfFiojrEgmfR16FjcDrEgmfN1qjNlYfOo4Nlv9ovRy:rWojGGoGgNljo4NlVovg |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | httpErrorPagesScripts[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\httpErrorPagesScripts[1]
|
| 文件大小 | 8601 字节 |
| 文件类型 | UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators |
| MD5 | e7ca76a3c9ee0564471671d500e3f0f3 |
| SHA1 | fe815ae0f865ec4c26e421bf0bd21bb09bc6f410 |
| SHA256 | 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c |
| CRC32 | A7C34EF3 |
| Ssdeep | 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y |
| 魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:05:24 查看分析报告 |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 44.303 seconds )
- 26.503 NetworkAnalysis
- 10.898 BehaviorAnalysis
- 3.385 Dropped
- 2.0 Static
- 1.295 VirusTotal
- 0.094 Debug
- 0.072 AnalysisInfo
- 0.056 Memory
Signatures ( 3.796 seconds )
- 1.972 md_bad_drop
- 0.322 antiav_detectreg
- 0.151 stealth_timeout
- 0.12 infostealer_ftp
- 0.09 antivm_generic_scsi
- 0.083 antivm_generic_services
- 0.08 antianalysis_detectreg
- 0.068 stealth_file
- 0.06 infostealer_im
- 0.053 infostealer_mail
- 0.045 antivm_generic_disk
- 0.044 antiav_detectfile
- 0.036 mimics_filetime
- 0.036 antisandbox_sunbelt_libs
- 0.031 bootkit
- 0.03 infostealer_bitcoin
- 0.024 antidbg_windows
- 0.023 persistence_autorun
- 0.023 vawtrak_behavior
- 0.022 antiemu_wine_func
- 0.022 disables_browser_warn
- 0.021 sets_autoconfig_url
- 0.019 shifu_behavior
- 0.018 betabot_behavior
- 0.018 kibex_behavior
- 0.018 virus
- 0.018 geodo_banking_trojan
- 0.016 darkcomet_regkeys
- 0.013 antivm_vbox_libs
- 0.012 antivm_vbox_files
- 0.012 recon_fingerprint
- 0.011 ransomware_files
- 0.01 antivm_generic_diskreg
- 0.008 injection_createremotethread
- 0.007 tinba_behavior
- 0.007 andromeda_behavior
- 0.007 stack_pivot
- 0.006 dyre_behavior
- 0.006 antisandbox_productid
- 0.006 antivm_vbox_keys
- 0.006 disables_system_restore
- 0.006 network_torgateway
- 0.006 packer_armadillo_regkey
- 0.005 hawkeye_behavior
- 0.005 network_tor
- 0.005 antiav_avast_libs
- 0.005 infostealer_browser
- 0.005 dridex_behavior
- 0.005 kazybot_behavior
- 0.005 injection_runpe
- 0.005 antivm_vbox_acpi
- 0.005 antivm_vmware_keys
- 0.005 antivm_vpc_keys
- 0.005 browser_security
- 0.005 bypass_firewall
- 0.005 ie_martian_children
- 0.005 rat_spynet
- 0.004 stealth_network
- 0.004 multiple_useragents
- 0.004 exec_crash
- 0.004 antivm_vmware_events
- 0.004 disables_wfp
- 0.004 antidbg_devices
- 0.004 whois_create
- 0.003 antivm_vbox_window
- 0.003 antisandbox_sboxie_libs
- 0.003 antiav_bitdefender_libs
- 0.003 stealth_window
- 0.003 process_needed
- 0.003 antivm_generic_bios
- 0.003 antivm_generic_system
- 0.003 bot_drive
- 0.003 bot_madness
- 0.003 browser_helper_object
- 0.003 ransomware_recyclebin
- 0.003 rat_pcclient
- 0.003 recon_programs
- 0.002 recon_beacon
- 0.002 powershell_command
- 0.002 spoofs_procname
- 0.002 network_anomaly
- 0.002 antivm_vmware_libs
- 0.002 process_interest
- 0.002 injection_explorer
- 0.002 generic_phish
- 0.002 chimera_behavior
- 0.002 dep_disable
- 0.002 js_phish
- 0.002 antianalysis_detectfile
- 0.002 antivm_generic_cpu
- 0.002 antivm_vmware_files
- 0.002 banker_zeus_mutex
- 0.002 bot_drive2
- 0.002 browser_addon
- 0.002 maldun_blacklist
- 0.002 md_domain_bl
- 0.002 modify_uac_prompt
- 0.002 targeted_flame
- 0.001 internet_dropper
- 0.001 critical_process
- 0.001 disables_spdy
- 0.001 webmail_phish
- 0.001 packer_themida
- 0.001 heapspray_js
- 0.001 network_bind
- 0.001 pony_behavior
- 0.001 secure_login_phish
- 0.001 js_suspicious_redirect
- 0.001 antiemu_wine_reg
- 0.001 antivm_vmware_mutexes
- 0.001 antivm_vpc_files
- 0.001 banker_cridex
- 0.001 banker_spyeye_mutexes
- 0.001 banker_zeus_p2p
- 0.001 bitcoin_opencl
- 0.001 bot_athenahttp
- 0.001 disables_uac
- 0.001 disables_wer
- 0.001 disables_windowsupdate
- 0.001 locker_taskmgr
- 0.001 modify_security_center_warnings
- 0.001 network_tor_service
- 0.001 office_security
- 0.001 ransomware_extensions
- 0.001 sniffer_winpcap
- 0.001 spreading_autoruninf
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 stealth_webhistory
Reporting ( 255.025 seconds )
- 253.768 ReportPDF
- 1.251 ReportHTMLSummary
- 0.006 Malheur
| Task ID | 83283 |
|---|---|
| Mongo ID | 58a552cb0d982676a20f2a04 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号