恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
URL	win7-sp1-x64-shaapp03-1	2022-06-30 11:01:33	2022-06-30 11:03:42	129 秒

魔盾分数

正常的

URL详细信息

URL
URL专业沙箱检测 -> http://downloads.fengdefeng.cn/AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	114.80.179.251	中国
否	114.80.179.252	中国
否	117.25.133.185	中国
否	140.205.135.3	中国
否	140.249.240.186	中国
否	150.138.252.252	中国
否	150.139.241.251	中国
否	20.189.173.20	美国
否	203.119.211.244	中国
否	47.99.58.69	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
downloads.fengdefeng.cn	未知	A 117.25.156.179 A 117.25.133.179 A 117.25.156.178 A 117.25.156.161 A 117.25.156.166 A 117.25.156.160 A 117.25.156.158 A 117.25.133.178 A 117.25.156.162 CNAME downloads.fengdefeng.cn.w.kunlunaq.com A 117.25.156.163 A 117.25.156.157 A 117.25.156.164 A 117.25.156.156 A 117.25.156.159 A 117.25.156.165 A 117.25.133.185
batit.aliyun.com	未知	CNAME sh.wagbridge.aliyun.aliyun.com CNAME aliyun-adns.aliyun.com CNAME aliyun-adns.aliyun.com.gds.alibabadns.com A 140.205.135.3
www.aliyun.com	未知	CNAME na61-na62.wagbridge.alibaba.aliyun.com CNAME www-jp-de-intl-adns.aliyun.com CNAME www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com CNAME na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com A 203.119.211.244
g.alicdn.com	未知	CNAME g.alicdn.com.danuoyi.alicdn.com A 150.138.252.252 A 150.138.252.251
at.alicdn.com	未知	CNAME at.alicdn.com.danuoyi.alicdn.com A 150.139.241.251 A 150.139.241.252
cloud-assets.alicdn.com	未知	CNAME cloud-assets.alicdn.com.w.cdngslb.com A 114.80.179.251 A 114.80.179.252
retcode.alicdn.com	未知	CNAME retcode.alicdn.com.danuoyi.tbcache.com
img.alicdn.com	未知	A 140.249.240.186 A 144.123.31.194 CNAME img.alicdn.com.danuoyi.alicdn.com A 144.123.31.193
arms-retcode.aliyuncs.com	未知	A 47.110.39.46 A 47.96.223.80 A 47.96.83.41 A 47.99.58.69 A 114.55.180.23 A 47.110.73.164
watson.microsoft.com	未知	A 20.189.173.20 CNAME legacywatson.trafficmanager.net CNAME onedsblobprdwus15.westus.cloudapp.azure.com

摘要

登录查看详细行为信息

URL分析
防病毒引擎

WHOIS 信息

Name: None
Country: None
State: None
City: None
ZIP Code: None
Address: None

Orginization: None
Domain Name(s):
    fengdefeng.cn
Creation Date:
    None
Updated Date:
    None
Expiration Date:
    None
Email(s):
    1324294463@qq.com

Registrar(s):
    广西北部湾在线投资控股有限公司
Name Server(s):
    jm1.dns.com
    jm2.dns.com
Referral URL(s):
    None

没有防病毒引擎扫描信息!

iexplore.exe, PID: 2488, 上一级进程 PID: 2248

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	114.80.179.251	中国
否	114.80.179.252	中国
否	117.25.133.185	中国
否	140.205.135.3	中国
否	140.249.240.186	中国
否	150.138.252.252	中国
否	150.139.241.251	中国
否	20.189.173.20	美国
否	203.119.211.244	中国
否	47.99.58.69	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	50586	104.100.95.27	80
192.168.122.201	50601	114.80.179.251 cloud-assets.alicdn.com	443
192.168.122.201	50598	114.80.179.252 cloud-assets.alicdn.com	443
192.168.122.201	50585	117.25.133.185 downloads.fengdefeng.cn	80
192.168.122.201	50587	140.205.135.3 batit.aliyun.com	80
192.168.122.201	50600	140.249.240.186 img.alicdn.com	443
192.168.122.201	50589	150.138.252.252 g.alicdn.com	443
192.168.122.201	50590	150.138.252.252 g.alicdn.com	443
192.168.122.201	50591	150.138.252.252 g.alicdn.com	443
192.168.122.201	50592	150.138.252.252 g.alicdn.com	443
192.168.122.201	50593	150.138.252.252 g.alicdn.com	443
192.168.122.201	50594	150.138.252.252 g.alicdn.com	443
192.168.122.201	50597	150.138.252.252 g.alicdn.com	443
192.168.122.201	50595	150.139.241.251 at.alicdn.com	443
192.168.122.201	50596	150.139.241.251 at.alicdn.com	443
192.168.122.201	50599	150.139.241.251 at.alicdn.com	443
192.168.122.201	50584	192.168.122.1	53
192.168.122.201	50588	203.119.211.244 www.aliyun.com	443
192.168.122.201	50602	47.99.58.69 arms-retcode.aliyuncs.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49532	192.168.122.1	53
192.168.122.201	52179	192.168.122.1	53
192.168.122.201	52207	192.168.122.1	53
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	54135	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	60465	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53
192.168.122.201	65179	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
downloads.fengdefeng.cn	未知	A 117.25.156.179 A 117.25.133.179 A 117.25.156.178 A 117.25.156.161 A 117.25.156.166 A 117.25.156.160 A 117.25.156.158 A 117.25.133.178 A 117.25.156.162 CNAME downloads.fengdefeng.cn.w.kunlunaq.com A 117.25.156.163 A 117.25.156.157 A 117.25.156.164 A 117.25.156.156 A 117.25.156.159 A 117.25.156.165 A 117.25.133.185
batit.aliyun.com	未知	CNAME sh.wagbridge.aliyun.aliyun.com CNAME aliyun-adns.aliyun.com CNAME aliyun-adns.aliyun.com.gds.alibabadns.com A 140.205.135.3
www.aliyun.com	未知	CNAME na61-na62.wagbridge.alibaba.aliyun.com CNAME www-jp-de-intl-adns.aliyun.com CNAME www-jp-de-intl-adns.aliyun.com.gds.alibabadns.com CNAME na61-na62.wagbridge.alibaba.aliyun.com.gds.alibabadns.com A 203.119.211.244
g.alicdn.com	未知	CNAME g.alicdn.com.danuoyi.alicdn.com A 150.138.252.252 A 150.138.252.251
at.alicdn.com	未知	CNAME at.alicdn.com.danuoyi.alicdn.com A 150.139.241.251 A 150.139.241.252
cloud-assets.alicdn.com	未知	CNAME cloud-assets.alicdn.com.w.cdngslb.com A 114.80.179.251 A 114.80.179.252
retcode.alicdn.com	未知	CNAME retcode.alicdn.com.danuoyi.tbcache.com
img.alicdn.com	未知	A 140.249.240.186 A 144.123.31.194 CNAME img.alicdn.com.danuoyi.alicdn.com A 144.123.31.193
arms-retcode.aliyuncs.com	未知	A 47.110.39.46 A 47.96.223.80 A 47.96.83.41 A 47.99.58.69 A 114.55.180.23 A 47.110.73.164
watson.microsoft.com	未知	A 20.189.173.20 CNAME legacywatson.trafficmanager.net CNAME onedsblobprdwus15.westus.cloudapp.azure.com

TCP

源地址	源端口	目标地址	目标端口
192.168.122.201	50586	104.100.95.27	80
192.168.122.201	50601	114.80.179.251 cloud-assets.alicdn.com	443
192.168.122.201	50598	114.80.179.252 cloud-assets.alicdn.com	443
192.168.122.201	50585	117.25.133.185 downloads.fengdefeng.cn	80
192.168.122.201	50587	140.205.135.3 batit.aliyun.com	80
192.168.122.201	50600	140.249.240.186 img.alicdn.com	443
192.168.122.201	50589	150.138.252.252 g.alicdn.com	443
192.168.122.201	50590	150.138.252.252 g.alicdn.com	443
192.168.122.201	50591	150.138.252.252 g.alicdn.com	443
192.168.122.201	50592	150.138.252.252 g.alicdn.com	443
192.168.122.201	50593	150.138.252.252 g.alicdn.com	443
192.168.122.201	50594	150.138.252.252 g.alicdn.com	443
192.168.122.201	50597	150.138.252.252 g.alicdn.com	443
192.168.122.201	50595	150.139.241.251 at.alicdn.com	443
192.168.122.201	50596	150.139.241.251 at.alicdn.com	443
192.168.122.201	50599	150.139.241.251 at.alicdn.com	443
192.168.122.201	50584	192.168.122.1	53
192.168.122.201	50588	203.119.211.244 www.aliyun.com	443
192.168.122.201	50602	47.99.58.69 arms-retcode.aliyuncs.com	443

UDP

源地址	源端口	目标地址	目标端口
192.168.122.201	49532	192.168.122.1	53
192.168.122.201	52179	192.168.122.1	53
192.168.122.201	52207	192.168.122.1	53
192.168.122.201	53125	192.168.122.1	53
192.168.122.201	54135	192.168.122.1	53
192.168.122.201	56270	192.168.122.1	53
192.168.122.201	59401	192.168.122.1	53
192.168.122.201	59906	192.168.122.1	53
192.168.122.201	60465	192.168.122.1	53
192.168.122.201	65178	192.168.122.1	53
192.168.122.201	65179	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://downloads.fengdefeng.cn/AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe	GET /AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: downloads.fengdefeng.cn Connection: Keep-Alive
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip	GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1 Accept: / If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT User-Agent: IPM Host: acroipm.adobe.com Connection: Keep-Alive Cache-Control: no-cache
URL专业沙箱检测 -> http://batit.aliyun.com/alww.html?id=2916309547	GET /alww.html?id=2916309547 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Referer: http://downloads.fengdefeng.cn/AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: batit.aliyun.com Connection: Keep-Alive

URI

HTTP数据

URL专业沙箱检测 -> http://downloads.fengdefeng.cn/AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe

GET /AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe HTTP/1.1
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: downloads.fengdefeng.cn
Connection: Keep-Alive

URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip

GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

URL专业沙箱检测 -> http://batit.aliyun.com/alww.html?id=2916309547

GET /alww.html?id=2916309547 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://downloads.fengdefeng.cn/AiCiIdiomSetup_v24_325_Ox3xQ5xh10_mfmkq.exe
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: batit.aliyun.com
Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

Timestamp	Source IP	Source Port	Destination IP	Destination Port	Version	Issuer	Subject	Fingerprint
2022-06-30 11:01:58.689132+0800	192.168.122.201	50591	150.138.252.252	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:58.642332+0800	192.168.122.201	50589	150.138.252.252	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:58.670378+0800	192.168.122.201	50594	150.138.252.252	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:58.658391+0800	192.168.122.201	50592	150.138.252.252	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:58.660138+0800	192.168.122.201	50593	150.138.252.252	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:57.951668+0800	192.168.122.201	50588	203.119.211.244	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.aliyun.com	20:85:4d:49:f7:f3:60:3e:c8:1f:15:a6:ed:3f:e1:5e:8e:b1:b3:b4
2022-06-30 11:01:58.675084+0800	192.168.122.201	50595	150.139.241.251	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:58.641200+0800	192.168.122.201	50590	150.138.252.252	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:58.683766+0800	192.168.122.201	50596	150.139.241.251	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:58.859084+0800	192.168.122.201	50597	150.138.252.252	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:58.951669+0800	192.168.122.201	50598	114.80.179.252	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:59.031372+0800	192.168.122.201	50599	150.139.241.251	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:59.199973+0800	192.168.122.201	50600	140.249.240.186	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:59.191866+0800	192.168.122.201	50601	114.80.179.251	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.alicdn.com	de:72:85:1e:3f:96:b0:13:be:de:66:e5:c8:48:5a:44:c3:06:d2:b7
2022-06-30 11:01:59.723580+0800	192.168.122.201	50602	47.99.58.69	443	TLS 1.2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	C=CN, ST=ZheJiang, L=HangZhou, O=Alibaba (China) Technology Co., Ltd., CN=*.arms.aliyuncs.com	15:7c:82:46:9d:b7:ab:fb:c4:38:3d:4f:07:ad:b9:a6:0b:ea:d8:1c

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

抱歉! 没有任何文件投放。

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 30.175 seconds )

19.007 NetworkAnalysis
11.015 Suricata
0.134 Static
0.013 AnalysisInfo
0.004 BehaviorAnalysis
0.002 Memory

Signatures ( 0.0 seconds )

Reporting ( 0.0 seconds )


Task ID	697390
Mongo ID	62bd12d67e769a1eefef504e
Cuckoo release	1.4-Maldun