分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| URL | win7-sp1-x64-hpdapp01-1 | 2017-07-04 23:03:14 | 2017-07-04 23:05:50 | 156 秒 |
魔盾分数
0.05
正常的
URL详细信息
| URL |
|---|
| URL专业沙箱检测 -> https://a2plcpnl0038.prod.iad2.secureserver.net:2083/login/ |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 198.71.224.90 | 美国 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| a2plcpnl0038.prod.iad2.secureserver.net | A 198.71.224.90 |
摘要
登录查看详细行为信息WHOIS 信息
Name: Domain Administrator
Country: US
State: Arizona
City: Scottsdale
ZIP Code: 85260
Address: 14455 N Hayden Rd Suite 219
Orginization: Go Daddy Operating Company, LLC
Domain Name(s):
SECURESERVER.NET
Creation Date:
1998-03-30 00:00:00
1998-03-30 05:00:00
Updated Date:
2014-04-09 00:00:00
Expiration Date:
2021-11-01 00:00:00
2021-11-01 11:59:59
Email(s):
abuse@wildwestdomains.com
companynames@godaddy.com
Registrar(s):
Wild West Domains, LLC
Name Server(s):
A1-245.AKAM.NET
A11-64.AKAM.NET
A20-65.AKAM.NET
A6-66.AKAM.NET
A8-67.AKAM.NET
A9-67.AKAM.NET
CNS1.SECURESERVER.NET
CNS2.SECURESERVER.NET
Referral URL(s):
http://www.wildwestdomains.com
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 否 | 198.71.224.90 | 美国 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49163 | 198.71.224.90 a2plcpnl0038.prod.iad2.secureserver.net | 2083 |
| 192.168.122.201 | 49166 | 198.71.224.90 a2plcpnl0038.prod.iad2.secureserver.net | 2083 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 55751 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61125 | 192.168.122.1 | 53 |
域名解析 (可点击查询WPING实时安全评级)
| 域名 | 安全评级 | 响应 |
|---|---|---|
| a2plcpnl0038.prod.iad2.secureserver.net | A 198.71.224.90 |
TCP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 49163 | 198.71.224.90 a2plcpnl0038.prod.iad2.secureserver.net | 2083 |
| 192.168.122.201 | 49166 | 198.71.224.90 a2plcpnl0038.prod.iad2.secureserver.net | 2083 |
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.201 | 55751 | 192.168.122.1 | 53 |
| 192.168.122.201 | 61125 | 192.168.122.1 | 53 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
| Timestamp | Source IP | Source Port | Destination IP | Destination Port | Version | Issuer | Subject | Fingerprint |
|---|---|---|---|---|---|---|---|---|
| 2017-07-04 23:03:59.311293+0800 | 192.168.122.201 | 49163 | 198.71.224.90 | 2083 | TLS 1.2 | C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2 | C=US, ST=Arizona, L=Scottsdale, O=Special Domain Services, LLC., CN=*.prod.iad2.secureserver.net | b5:8a:85:0c:4c:f3:9a:d2:27:5c:9d:26:48:2c:3d:01:92:a7:98:d2 |
| 2017-07-04 23:04:06.714817+0800 | 192.168.122.201 | 49166 | 198.71.224.90 | 2083 | TLS 1.2 | C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2 | C=US, ST=Arizona, L=Scottsdale, O=Special Domain Services, LLC., CN=*.prod.iad2.secureserver.net | b5:8a:85:0c:4c:f3:9a:d2:27:5c:9d:26:48:2c:3d:01:92:a7:98:d2 |
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
| 文件名 | red_shield[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\red_shield[1]
|
| 文件大小 | 3508 字节 |
| 文件类型 | PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced |
| MD5 | 87de5d9a3403e1d7635885cbaa52389d |
| SHA1 | 50b32c5966331e3e27bef987fd1da0129423d348 |
| SHA256 | 21d03f19c4b1c12db2feb8fb3a373d7e378976ecdfb64efb300204edc8947d3d |
| CRC32 | 15814E36 |
| Ssdeep | 96:5SDZ/I09Da01l+gmkyTt6Hk8nTzVcxkZFd/:5SDS0tKg9E05TJcxi |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Feeds Cache\index.dat
|
| 文件大小 | 32768 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 0aee387ca0a52dcdd8f8a29ea76edb42 |
| SHA1 | 5df81547dcadb2a7b8bc689da8e1383ba1a84cb9 |
| SHA256 | c31bc37e102b70a472837d530ec80bdaea28b0fefda3e9aa8c8cda98c4200c4e |
| CRC32 | B451CA0B |
| Ssdeep | 12:qjtSaFpbZli3zIoYDPO7em4GZj03W/cKYDPOCG5A30WUsOXQDG9YRm4GZ5:qj4avEIoYTCebGZ7ZYTlEJ0oQQ4bGZ |
| 魔盾安全分析结果 | 2.0 分析时间:2016-11-06 20:10:20 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | RecoveryStore.{ECD5D863-60C9-11E7-85A3-525400474C53}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ECD5D863-60C9-11E7-85A3-525400474C53}.dat
|
| 文件大小 | 3584 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | b8a84cf606f0087bc2e236451e7fafa5 |
| SHA1 | 459238c5d2c8fec612366fb53cc7eb6fd574b256 |
| SHA256 | 7ed2481bef035dbfb2ba46fbbc055eadb01be3b15b8026d5486d93b4cf7a7b4c |
| CRC32 | 1CCDBD2C |
| Ssdeep | 12:rl0YmGF22llYrEg5+IaCrI017+FuEDrEgmf+IaCy8qgQNlTqo+1:rId5/xQGv/TQNlWo+ |
| 下载 提交魔盾安全分析 |
| 文件名 | down[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\down[1]
|
| 文件大小 | 3414 字节 |
| 文件类型 | PNG image data, 15 x 15, 8-bit/color RGBA, non-interlaced |
| MD5 | 555e83ce7f5d280d7454af334571fb25 |
| SHA1 | 47f78f68d72e3d9041acc9107a6b0d665f408385 |
| SHA256 | 70f316a5492848bb8242d49539468830b353ddaa850964db4e60a6d2d7db4880 |
| CRC32 | 9EA3279D |
| Ssdeep | 96:/SDZ/I09Da01l+gmkyTt6Hk8nTjTnJw1Ne:/SDS0tKg9E05TPoNe |
| 下载 提交魔盾安全分析 |
| 文件名 | green_shield[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\green_shield[1]
|
| 文件大小 | 3501 字节 |
| 文件类型 | PNG image data, 14 x 16, 8-bit/color RGBA, non-interlaced |
| MD5 | 254d388ce19d84a54fd44571e049e6a6 |
| SHA1 | 51ca725642f679978f5880278e5cac5ca4f70fae |
| SHA256 | c686babc034f53a24a1206019e958ba8fc879216fd7b6a4b972f188535341227 |
| CRC32 | 265B0B9C |
| Ssdeep | 96:5SDZ/I09Da01l+gmkyTt6Hk8nTkN9D6ZB+:5SDS0tKg9E05TkN92ZE |
| 下载 提交魔盾安全分析 |
| 文件名 | invalidcert[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\invalidcert[1]
|
| 文件大小 | 4754 字节 |
| 文件类型 | HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 0f9f1ca3f50fbf885ca57019b99ba7b7 |
| SHA1 | 22e3b33279e2aad973922839c2518898dbdeb3cf |
| SHA256 | 2af130e2ecc3c69f6fa7d78501aec8091a4a1ffd1212893c7b0faaf4a9622c2d |
| CRC32 | 0E642371 |
| Ssdeep | 48:R3WIysIprQU1YVPlSIXh1cns5PFkiGjUpgXowHMzhCFKiAQVu21kpD8VK6Atefc5:UJsUDls5PFkiGjUp4oW4XwVBkPs+/oLy |
| 下载 提交魔盾安全分析 |
| 文件名 | errorPageStrings[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\errorPageStrings[1]
|
| 文件大小 | 1643 字节 |
| 文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 13216fa0f896b1b7c445fe9a54b5b998 |
| SHA1 | d343d35b45507640bc68487d4ad3afcb927ce950 |
| SHA256 | 7a656b15efaacb1179b883327369819483b5a0c2f2d8486db6c347f4f8a7ae61 |
| CRC32 | 3A14753A |
| Ssdeep | 48:zGY5w5zquO05l9zWJ6N51Re45RnR5RynEK+5RXdHymL5RlRdPoh5y5U5BU5Cc:z5Qzq3crIM1RtR3Rynd6RXd5RTmnW4xc |
| 魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:57 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | red_shield_48[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\red_shield_48[1]
|
| 文件大小 | 7005 字节 |
| 文件类型 | PNG image data, 40 x 48, 8-bit/color RGBA, non-interlaced |
| MD5 | f413dd8a75b81a154a1fd5e4c4a0a782 |
| SHA1 | 667f7e3da51ca3417a1feb66d238466423c9487d |
| SHA256 | f2afc04a24c9d89d3c2f0d73f8cd6fb6b65adbe333196c3f99cc7d6868847ceb |
| CRC32 | D96BDACF |
| Ssdeep | 192:8SDS0tKg9E05Tz045xhOwZtbiFHsrC3rlTqpHbW:7JXE05d5xhOwtGsSTqpHC |
| 下载 提交魔盾安全分析 |
| 文件名 | httpErrorPagesScripts[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\httpErrorPagesScripts[1]
|
| 文件大小 | 8601 字节 |
| 文件类型 | UTF-8 Unicode (with BOM) text, with CRLF, CR line terminators |
| MD5 | e7ca76a3c9ee0564471671d500e3f0f3 |
| SHA1 | fe815ae0f865ec4c26e421bf0bd21bb09bc6f410 |
| SHA256 | 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c |
| CRC32 | A7C34EF3 |
| Ssdeep | 192:HMmjTiiKfi9Ii4UFjC9jo4oXdu7mjxAb3Y:smjTiiKfi9IiPj+k3Xdu7mjxAb3Y |
| 魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:05:24 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | ErrorPageTemplate[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\ErrorPageTemplate[1]
|
| 文件大小 | 2226 字节 |
| 文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | 9e7f4ae3f245c70af5b7dbe095647d30 |
| SHA1 | cbcffb08f72c10e3e2493ca0044872a7ebdc7215 |
| SHA256 | 2f9117806e0e1ae4fc3b023b348910657b6948de2ecfd4f39f2846cebbefc1df |
| CRC32 | 08BB8CA5 |
| Ssdeep | 48:5sFR52FH5k5pvFehWrrarrZIrHd3FIQfOS6:5s52TydFPr81yHpBGR |
| 魔盾安全分析结果 | 4.0 分析时间:2016-11-15 15:07:12 查看分析报告 |
| 下载 提交魔盾安全分析 |
| 文件名 | {ECD5D864-60C9-11E7-85A3-525400474C53}.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ECD5D864-60C9-11E7-85A3-525400474C53}.dat
|
| 文件大小 | 5632 字节 |
| 文件类型 | Composite Document File V2 Document, Cannot read section info |
| MD5 | 1f8732cb8364d607c67808108e014b88 |
| SHA1 | 5bbe4c10d39bed487eb2553e2fb469f8270bee79 |
| SHA256 | f59d135831b226756767297b04e56086eb8a6b0f977f9c2b19bea659a6bd0e4e |
| CRC32 | 1B87F785 |
| Ssdeep | 24:rIz2m3GMs8ce0J0ocvj2q9dTq9dfNlhoecvKv47cvCq9dD/jtkNlhoecv2occ:rgFGu60o8jBknoe86O89tooe82o9 |
| 下载 提交魔盾安全分析 |
| 文件名 | index.dat |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
|
| 文件大小 | 65536 字节 |
| 文件类型 | Internet Explorer cache file version Ver 5.2 |
| MD5 | 191d3d20f356bf520a7d1ed07b1bc08b |
| SHA1 | bdba37ad96d8801e8d2c9e30e68afaf3822b0e4a |
| SHA256 | d2eae7eeb07f08972ec78e59eaf73b6cfa48e92121748f61a394a28e33e36788 |
| CRC32 | BFF870C9 |
| Ssdeep | 384:wEEG/+oBMgfh3+EIOTcxi8kB+JuE1uPFykblh2F/0mjv3Bw2LI/u1sVdvM2zLOY4:wEEG/+xo |
| 下载 提交魔盾安全分析 |
| 文件名 | invalidcert[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\invalidcert[1]
|
| 文件大小 | 3127 字节 |
| 文件类型 | UTF-8 Unicode (with BOM) text, with CRLF line terminators |
| MD5 | b525b5b56443da423ca00841c1c06979 |
| SHA1 | 0fb8c426efed05043a69221d0b021aacc39d141e |
| SHA256 | 81742eb16bc5d08b785e0569e1588616d81ee8e923e72243e553d14b503326a7 |
| CRC32 | 27AD2EBC |
| Ssdeep | 96:Si9yo3+bI1hDXxbLUh2XXyFyyU2vPMOggynJ+yVylcw:S8yo3+bI1hDBbLUh2XXyFyyU2vPMOggZ |
| 下载 提交魔盾安全分析 |
| 文件名 | background_gradient_red[1] |
|---|---|
| 相关文件 |
C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\background_gradient_red[1]
|
| 文件大小 | 868 字节 |
| 文件类型 | JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1x800, frames 3 |
| MD5 | 337038e78cf3c521402fc7352bdd5ea6 |
| SHA1 | 017eaf48983c31ae36b5de5de4db36bf953b3136 |
| SHA256 | fbc23311fb5eb53c73a7ca6bfc93e8fa3530b07100a128b4905f8fb7cb145b61 |
| CRC32 | C08DA614 |
| Ssdeep | 24:vk9YMW80o0XxDuLHeOWXG4OZ7DAJuLHenX36n8R0O3kwd2q:M9YM3uERAq8uyJdB |
| 下载 提交魔盾安全分析 |
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 72.584 seconds )
- 47.121 NetworkAnalysis
- 13.193 Suricata
- 7.358 Static
- 2.457 VirusTotal
- 2.057 BehaviorAnalysis
- 0.156 Debug
- 0.151 Dropped
- 0.088 AnalysisInfo
- 0.003 Memory
Signatures ( 2.223 seconds )
- 1.113 md_bad_drop
- 0.254 antiav_detectreg
- 0.115 stealth_timeout
- 0.09 infostealer_ftp
- 0.055 antivm_generic_scsi
- 0.052 antianalysis_detectreg
- 0.051 infostealer_im
- 0.03 stealth_file
- 0.029 infostealer_mail
- 0.027 antivm_generic_services
- 0.022 mimics_filetime
- 0.018 antivm_generic_disk
- 0.016 bootkit
- 0.016 antiav_detectfile
- 0.014 kibex_behavior
- 0.014 virus
- 0.013 betabot_behavior
- 0.013 antidbg_windows
- 0.013 darkcomet_regkeys
- 0.013 ransomware_files
- 0.012 antiemu_wine_func
- 0.011 persistence_autorun
- 0.011 vawtrak_behavior
- 0.011 geodo_banking_trojan
- 0.011 infostealer_bitcoin
- 0.011 ransomware_extensions
- 0.011 recon_fingerprint
- 0.008 antivm_generic_diskreg
- 0.007 dridex_behavior
- 0.007 antivm_vbox_files
- 0.006 antivm_vbox_libs
- 0.006 packer_armadillo_regkey
- 0.005 andromeda_behavior
- 0.005 injection_createremotethread
- 0.005 antisandbox_productid
- 0.005 disables_browser_warn
- 0.005 network_torgateway
- 0.004 tinba_behavior
- 0.004 antiav_avast_libs
- 0.004 antivm_vbox_acpi
- 0.004 antivm_vbox_keys
- 0.004 antivm_vmware_keys
- 0.004 antivm_vpc_keys
- 0.004 bypass_firewall
- 0.004 whois_create
- 0.003 hawkeye_behavior
- 0.003 stack_pivot
- 0.003 antisandbox_sunbelt_libs
- 0.003 exec_crash
- 0.003 antivm_vmware_events
- 0.003 browser_security
- 0.003 modify_uac_prompt
- 0.003 rat_pcclient
- 0.003 rat_spynet
- 0.003 recon_programs
- 0.003 sniffer_winpcap
- 0.002 network_tor
- 0.002 antivm_vbox_window
- 0.002 sets_autoconfig_url
- 0.002 kazybot_behavior
- 0.002 antisandbox_sboxie_libs
- 0.002 antiav_bitdefender_libs
- 0.002 dyre_behavior
- 0.002 shifu_behavior
- 0.002 injection_runpe
- 0.002 antidbg_devices
- 0.002 antivm_generic_bios
- 0.002 antivm_generic_cpu
- 0.002 antivm_generic_system
- 0.002 bot_drive
- 0.002 md_domain_bl
- 0.002 modify_security_center_warnings
- 0.001 infostealer_browser
- 0.001 network_anomaly
- 0.001 antivm_vmware_libs
- 0.001 injection_explorer
- 0.001 stealth_network
- 0.001 heapspray_js
- 0.001 chimera_behavior
- 0.001 disables_wfp
- 0.001 antianalysis_detectfile
- 0.001 antivm_vmware_files
- 0.001 banker_zeus_mutex
- 0.001 bot_drive2
- 0.001 browser_addon
- 0.001 disables_system_restore
- 0.001 ie_martian_children
- 0.001 maldun_blacklist
- 0.001 network_tor_service
- 0.001 office_security
- 0.001 stealth_hiddenreg
- 0.001 stealth_hide_notifications
- 0.001 targeted_flame
Reporting ( 0.876 seconds )
- 0.876 ReportHTMLSummary
| Task ID | 103974 |
|---|---|
| Mongo ID | 595baf222e06335e63f5a75d |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号