Edit tour

Windows Analysis Report
http://pear-02.mfgtcvb.eu.org/

Overview

General Information

Sample URL:	http://pear-02.mfgtcvb.eu.org/
Analysis ID:	1594010
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

HTML page contains obfuscated javascript

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2144,i,8688760562165855632,6171228347105639683,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1104 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 --field-trial-handle=2144,i,8688760562165855632,6171228347105639683,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 4524 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pear-02.mfgtcvb.eu.org/" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://pear-02.mfgtcvb.eu.org/

Avira URL Cloud: detection malicious, Label: phishing

Phishing

HTML page contains obfuscated javascript

Source: https://js.player.cntv.cn/creator/vodplayer.js

HTTP Parser: var a0_0x51f3=['7G179E7AA7A17G179P7A9','ui_webFullScreen','iPhone','zIndex','hasBarrage','barrageApp

Source: https://pear-02.mfgtcvb.eu.org/	HTTP Parser: No favicon
Source: https://pear-02.mfgtcvb.eu.org/	HTTP Parser: No favicon
Source: https://pear-02.mfgtcvb.eu.org/	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtml	HTTP Parser: No favicon
Source: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtml	HTTP Parser: No favicon

Source: chromecache_488.5.dr	String found in binary or memory: http://js.data.cctv.com/__aplus_plugin_cctv.js
Source: chromecache_496.5.dr	String found in binary or memory: http://js.player.cntv.cn/creator/fingerprint2.js
Source: chromecache_488.5.dr	String found in binary or memory: http://js.player.cntv.cn/creator/h5.worker?v=220805
Source: chromecache_488.5.dr	String found in binary or memory: http://js.player.cntv.cn/creator/html5player_analysis_lib.js
Source: chromecache_496.5.dr	String found in binary or memory: http://js.player.cntv.cn/creator/html5player_standard_multi.js
Source: chromecache_488.5.dr	String found in binary or memory: http://js.player.cntv.cn/creator/liveplayer_controls.js
Source: chromecache_488.5.dr	String found in binary or memory: http://ldncctvwbcdali.v.myalicdn.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8
Source: chromecache_488.5.dr	String found in binary or memory: http://ldncctvwbcdbd.a.bdydns.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8
Source: chromecache_488.5.dr	String found in binary or memory: http://ldncctvwbcdcnc.v.wscdns.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8
Source: chromecache_488.5.dr	String found in binary or memory: http://ldncctvwbcdtxy.liveplay.myqcloud.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8
Source: chromecache_488.5.dr	String found in binary or memory: http://ldncctvwbndali.v.myalicdn.com/ldncctvwbnd/ldcctv1_2/index.m3u8
Source: chromecache_488.5.dr	String found in binary or memory: http://ldncctvwbndcnc.v.wscdns.com/ldncctvwbnd/ldcctv1_2/index.m3u8
Source: chromecache_488.5.dr	String found in binary or memory: http://ldncctvwbndhwy.cntv.myhwcdn.cn/ldncctvwbnd/ldcctv1_2/index.m3u8
Source: chromecache_488.5.dr	String found in binary or memory: http://ldncctvwbndtxy.liveplay.myqcloud.com/ldncctvwbnd/ldcctv1_2/index.m3u8
Source: chromecache_290.5.dr	String found in binary or memory: http://ns.attribution.com/ads/1.0/
Source: chromecache_373.5.dr	String found in binary or memory: http://p2.img.cctvpic.com/fmspic/2015/04/21/3c54a67ca29244bf940716d57d3b4cd3-1321.jpg
Source: chromecache_373.5.dr	String found in binary or memory: http://p2.img.cctvpic.com/fmspic/2015/04/21/3c54a67ca29244bf940716d57d3b4cd3-2714.jpg
Source: chromecache_373.5.dr	String found in binary or memory: http://p3.img.cctvpic.com/fmspic/2015/04/21/3c54a67ca29244bf940716d57d3b4cd3-10.jpg
Source: chromecache_496.5.dr	String found in binary or memory: http://vdn.apps.cntv.cn/api/getIpadVideoInfo.do?pid=
Source: chromecache_488.5.dr	String found in binary or memory: http://vdnad.apps.cntv.cn/api/getIpadInfoAd.do?pid=
Source: chromecache_251.5.dr, chromecache_536.5.dr	String found in binary or memory: http://videojs.com/
Source: chromecache_488.5.dr	String found in binary or memory: https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntv&android_schema=
Source: chromecache_488.5.dr	String found in binary or memory: https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntv&ios_scheme=
Source: chromecache_488.5.dr	String found in binary or memory: https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntvhd&ios_scheme=
Source: chromecache_488.5.dr	String found in binary or memory: https://api.live.cntv.cn/livestatic/zs/livestatic_config/unity_html5.json
Source: chromecache_488.5.dr	String found in binary or memory: https://api.live.cntv.cn/livestatic/zs/livestatic_config/unity_pcweb.json
Source: chromecache_488.5.dr	String found in binary or memory: https://app.cctv.com/special/download/ysyy/index.html
Source: chromecache_511.5.dr, chromecache_254.5.dr	String found in binary or memory: https://dh5.cntv.cdn20.com/asp/h5e/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/main
Source: chromecache_511.5.dr, chromecache_254.5.dr	String found in binary or memory: https://dhls.cntv.cdn20.com/asp/audio/f/4/d/4/f4d4981c63ad47ad9b0b436df933de91/mp3/main.m3u8
Source: chromecache_511.5.dr, chromecache_254.5.dr	String found in binary or memory: https://dhls.cntv.cdn20.com/asp/enc/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/mai
Source: chromecache_511.5.dr, chromecache_254.5.dr	String found in binary or memory: https://dhls.cntv.cdn20.com/asp/hlsaudio/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de9
Source: chromecache_511.5.dr, chromecache_254.5.dr	String found in binary or memory: https://dhls2.cntv.cdn20.com/asp/enc2/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/m
Source: chromecache_402.5.dr	String found in binary or memory: https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9
Source: chromecache_251.5.dr, chromecache_536.5.dr	String found in binary or memory: https://github.com/kesla/parse-headers/
Source: chromecache_251.5.dr, chromecache_536.5.dr	String found in binary or memory: https://github.com/kesla/parse-headers/blob/master/LICENCE
Source: chromecache_251.5.dr, chromecache_536.5.dr	String found in binary or memory: https://github.com/mozilla/vtt.js
Source: chromecache_251.5.dr, chromecache_536.5.dr	String found in binary or memory: https://github.com/mozilla/vtt.js/blob/main/LICENSE
Source: chromecache_251.5.dr, chromecache_536.5.dr	String found in binary or memory: https://github.com/videojs/video.js/blob/main/LICENSE
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2024/11/14/VIDEBmNj55MqwBh1zF4pCLLL241114.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2024/11/14/VIDEYEC3jiFYBBYGSeCvyCsz241114.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2024/12/04/VIDE3SuMJLq97GA7XRe3ztIl241204.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2024/12/06/VIDE43PMmdH3ky44ODjXy0k5241206.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2024/12/06/VIDEQL44pOaZa5DwRnaWJZWK241206.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2024/12/31/VIDESd7oTQcka90G4VTWZgsB241231.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2024/12/31/VIDEqiPmhhV9FJLzLiUxE6FZ241231.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/02/VIDEwNriYCH7XWBz3eXegNRX250102.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/09/VIDEh9LOpZUjo6lhCe7SJGhA250109.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/17/VIDE2ZAnd1zluFZdshrPRUU6250117.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/17/VIDE5gaAOPgF6mPrOeL41gzZ250117.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/17/VIDEIZ8r8kbLz4eMEleoItKx250117.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/17/VIDETJQ1QB1byOLu0uUHgckf250117.shtml
Source: chromecache_373.5.dr	String found in binary or memory: https://global.cctv.com/2025/01/17/VIDEZuR08BtkT2E1FiAYrl00250117.shtml
Source: chromecache_511.5.dr, chromecache_254.5.dr	String found in binary or memory: https://hls.cntv.cdn20.com/asp/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/main.m3u
Source: chromecache_496.5.dr, chromecache_488.5.dr	String found in binary or memory: https://js.data.cctv.com/__aplus_plugin_cctv.js
Source: chromecache_496.5.dr	String found in binary or memory: https://js.player.cntv.cn/creator/fingerprint2.js
Source: chromecache_488.5.dr	String found in binary or memory: https://js.player.cntv.cn/creator/html5player_analysis_lib.js
Source: chromecache_496.5.dr	String found in binary or memory: https://js.player.cntv.cn/creator/html5player_standard_multi.js
Source: chromecache_488.5.dr	String found in binary or memory: https://js.player.cntv.cn/creator/liveplayer_controls.js
Source: chromecache_373.5.dr	String found in binary or memory: https://p1.img.cctvpic.com/fmspic/2024/12/04/3974a1337c0844e9b691520072659264-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p1.img.cctvpic.com/fmspic/2024/12/31/ab5059c9774d4df5bdfb117a3b72cb9b-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p1.img.cctvpic.com/fmspic/2025/01/02/27a715bcf19340beaef23bc6b00e8269-1.jpg
Source: chromecache_254.5.dr	String found in binary or memory: https://p1.img.cctvpic.com/fmspic/2025/01/07/f4d4981c63ad47ad9b0b436df933de91-180.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p1.img.cctvpic.com/fmspic/2025/01/07/f4d4981c63ad47ad9b0b436df933de91-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p1.img.cctvpic.com/fmspic/2025/01/14/1bba66b961e246d3b9baeaf3a166164f-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p2.img.cctvpic.com/fmspic/2022/06/07/b6b326d032d642caae6e56046b668892-37918161-0.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p2.img.cctvpic.com/fmspic/2024/12/06/a70f6aa0f7ff44f996febb1b4a7bd85f-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p2.img.cctvpic.com/fmspic/2025/01/17/563d639fabc34db984be1f62f47a82fc-300.jpg
Source: chromecache_270.5.dr	String found in binary or memory: https://p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/headerDown.png?a
Source: chromecache_270.5.dr	String found in binary or memory: https://p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/headerUp.png?a
Source: chromecache_373.5.dr	String found in binary or memory: https://p2.img.cctvpic.com/photoworkspace/2025/01/02/2025010217230787854.png
Source: chromecache_373.5.dr	String found in binary or memory: https://p2.img.cctvpic.com/photoworkspace/2025/01/17/2025011716100791275.png
Source: chromecache_373.5.dr	String found in binary or memory: https://p3.img.cctvpic.com/fmspic/2022/06/07/b6b326d032d642caae6e56046b668892-37918161-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p3.img.cctvpic.com/fmspic/2022/06/07/b6b326d032d642caae6e56046b668892-37918161-2.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p3.img.cctvpic.com/fmspic/2024/12/04/3974a1337c0844e9b691520072659264-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p3.img.cctvpic.com/fmspic/2024/12/06/a5bf28aeeacb4a03840f7ec928314db2-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p3.img.cctvpic.com/fmspic/2024/12/31/66b031436eb54a248a76dd64408cc6ea-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p3.img.cctvpic.com/fmspic/2025/01/09/5b9680548e414bf6a722965bc5ccf053-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p3.img.cctvpic.com/fmspic/2025/01/09/5b9680548e414bf6a722965bc5ccf053-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p3.img.cctvpic.com/fmspic/2025/01/17/98eec5744f634da69d19b50596a79b1a-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p4.img.cctvpic.com/fmspic/2024/12/06/a70f6aa0f7ff44f996febb1b4a7bd85f-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p4.img.cctvpic.com/fmspic/2024/12/31/ab5059c9774d4df5bdfb117a3b72cb9b-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p4.img.cctvpic.com/fmspic/2025/01/14/1bba66b961e246d3b9baeaf3a166164f-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p4.img.cctvpic.com/fmspic/2025/01/17/5b745e2639fb452da06d91712d7207a1-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p4.img.cctvpic.com/fmspic/2025/01/17/5b745e2639fb452da06d91712d7207a1-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p4.img.cctvpic.com/fmspic/2025/01/17/98eec5744f634da69d19b50596a79b1a-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p4.img.cctvpic.com/fmspic/2025/01/17/d7cdf59e81e84bf0b368eeef3baa341d-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/fmspic/2024/12/06/a5bf28aeeacb4a03840f7ec928314db2-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/fmspic/2024/12/31/66b031436eb54a248a76dd64408cc6ea-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/fmspic/2025/01/02/27a715bcf19340beaef23bc6b00e8269-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/fmspic/2025/01/07/f4d4981c63ad47ad9b0b436df933de91-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/fmspic/2025/01/17/0692dae40c5240cdb45cab03a78bb4b5-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/fmspic/2025/01/17/0692dae40c5240cdb45cab03a78bb4b5-300.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/fmspic/2025/01/17/563d639fabc34db984be1f62f47a82fc-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/fmspic/2025/01/17/d7cdf59e81e84bf0b368eeef3baa341d-1.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/photoworkspace/2025/01/03/2025010316300876860.jpg
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/photoworkspace/2025/01/09/2025010917375892850.png
Source: chromecache_373.5.dr	String found in binary or memory: https://p5.img.cctvpic.com/photoworkspace/2025/01/14/2025011415411893350.jpg
Source: chromecache_488.5.dr	String found in binary or memory: https://player.cntv.cn/html5Player/images/
Source: chromecache_488.5.dr	String found in binary or memory: https://player.cntv.cn/html5Player/images/20190905/cctvnews_loading.gif
Source: chromecache_488.5.dr	String found in binary or memory: https://player.cntv.cn/html5Player/images/cctv_html5player_loading.gif
Source: chromecache_564.5.dr	String found in binary or memory: https://tv.cctv.com/cctv4asia/
Source: chromecache_488.5.dr	String found in binary or memory: https://vdnad.apps.cntv.cn/api/getIpadInfoAd.do?pid=
Source: chromecache_251.5.dr, chromecache_536.5.dr	String found in binary or memory: https://www.brightcove.com/

Source: classification engine

Classification label: mal52.phis.win@20/539@0/25

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2144,i,8688760562165855632,6171228347105639683,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://pear-02.mfgtcvb.eu.org/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 --field-trial-handle=2144,i,8688760562165855632,6171228347105639683,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2144,i,8688760562165855632,6171228347105639683,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5080 --field-trial-handle=2144,i,8688760562165855632,6171228347105639683,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://pear-02.mfgtcvb.eu.org/	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://ldncctvwbndali.v.myalicdn.com/ldncctvwbnd/ldcctv1_2/index.m3u8	0%	Avira URL Cloud	safe
http://ldncctvwbndhwy.cntv.myhwcdn.cn/ldncctvwbnd/ldcctv1_2/index.m3u8	0%	Avira URL Cloud	safe
https://global.cctv.com/2025/01/09/VIDEh9LOpZUjo6lhCe7SJGhA250109.shtml	0%	Avira URL Cloud	safe
https://dhls.cntv.cdn20.com/asp/enc/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/mai	0%	Avira URL Cloud	safe
https://global.cctv.com/2024/11/14/VIDEBmNj55MqwBh1zF4pCLLL241114.shtml	0%	Avira URL Cloud	safe
https://global.cctv.com/2024/12/31/VIDEqiPmhhV9FJLzLiUxE6FZ241231.shtml	0%	Avira URL Cloud	safe
http://ldncctvwbcdcnc.v.wscdns.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8	0%	Avira URL Cloud	safe
http://vdnad.apps.cntv.cn/api/getIpadInfoAd.do?pid=	0%	Avira URL Cloud	safe
http://ldncctvwbcdali.v.myalicdn.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8	0%	Avira URL Cloud	safe
https://global.cctv.com/2025/01/17/VIDEZuR08BtkT2E1FiAYrl00250117.shtml	0%	Avira URL Cloud	safe
https://dhls2.cntv.cdn20.com/asp/enc2/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/m	0%	Avira URL Cloud	safe
https://global.cctv.com/2024/11/14/VIDEYEC3jiFYBBYGSeCvyCsz241114.shtml	0%	Avira URL Cloud	safe
http://ldncctvwbcdtxy.liveplay.myqcloud.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8	0%	Avira URL Cloud	safe
https://dh5.cntv.cdn20.com/asp/h5e/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/main	0%	Avira URL Cloud	safe
https://global.cctv.com/2025/01/17/VIDEIZ8r8kbLz4eMEleoItKx250117.shtml	0%	Avira URL Cloud	safe
https://dhls.cntv.cdn20.com/asp/hlsaudio/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de9	0%	Avira URL Cloud	safe
https://global.cctv.com/2024/12/06/VIDEQL44pOaZa5DwRnaWJZWK241206.shtml	0%	Avira URL Cloud	safe
https://global.cctv.com/2025/01/17/VIDE2ZAnd1zluFZdshrPRUU6250117.shtml	0%	Avira URL Cloud	safe
https://global.cctv.com/2024/12/06/VIDE43PMmdH3ky44ODjXy0k5241206.shtml	0%	Avira URL Cloud	safe
https://api.live.cntv.cn/livestatic/zs/livestatic_config/unity_pcweb.json	0%	Avira URL Cloud	safe
https://global.cctv.com/2025/01/02/VIDEwNriYCH7XWBz3eXegNRX250102.shtml	0%	Avira URL Cloud	safe
https://vdnad.apps.cntv.cn/api/getIpadInfoAd.do?pid=	0%	Avira URL Cloud	safe
https://global.cctv.com/2024/12/04/VIDE3SuMJLq97GA7XRe3ztIl241204.shtml	0%	Avira URL Cloud	safe
https://global.cctv.com/2025/01/17/VIDETJQ1QB1byOLu0uUHgckf250117.shtml	0%	Avira URL Cloud	safe
http://ldncctvwbndtxy.liveplay.myqcloud.com/ldncctvwbnd/ldcctv1_2/index.m3u8	0%	Avira URL Cloud	safe
https://global.cctv.com/2024/12/31/VIDESd7oTQcka90G4VTWZgsB241231.shtml	0%	Avira URL Cloud	safe
https://api.live.cntv.cn/livestatic/zs/livestatic_config/unity_html5.json	0%	Avira URL Cloud	safe
https://global.cctv.com/2025/01/17/VIDE5gaAOPgF6mPrOeL41gzZ250117.shtml	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Reputation
https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml	false	unknown
https://pear-02.mfgtcvb.eu.org/	false	unknown
https://global.cctv.com/2025/01/07/VIDEkEw5xA8clKYmw6eON0OG250107.shtml	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://js.player.cntv.cn/creator/html5player_analysis_lib.js	chromecache_488.5.dr	false		high
https://p5.img.cctvpic.com/fmspic/2024/12/31/66b031436eb54a248a76dd64408cc6ea-1.jpg	chromecache_373.5.dr	false		high
https://global.cctv.com/2024/11/14/VIDEBmNj55MqwBh1zF4pCLLL241114.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
http://ldncctvwbcdali.v.myalicdn.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
http://p3.img.cctvpic.com/fmspic/2015/04/21/3c54a67ca29244bf940716d57d3b4cd3-10.jpg	chromecache_373.5.dr	false		high
http://p2.img.cctvpic.com/fmspic/2015/04/21/3c54a67ca29244bf940716d57d3b4cd3-1321.jpg	chromecache_373.5.dr	false		high
https://global.cctv.com/2024/12/31/VIDEqiPmhhV9FJLzLiUxE6FZ241231.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/headerUp.png?a	chromecache_270.5.dr	false		high
https://global.cctv.com/2025/01/09/VIDEh9LOpZUjo6lhCe7SJGhA250109.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
http://ldncctvwbndali.v.myalicdn.com/ldncctvwbnd/ldcctv1_2/index.m3u8	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
https://p3.img.cctvpic.com/fmspic/2024/12/06/a5bf28aeeacb4a03840f7ec928314db2-1.jpg	chromecache_373.5.dr	false		high
https://p2.img.cctvpic.com/fmspic/2024/12/06/a70f6aa0f7ff44f996febb1b4a7bd85f-1.jpg	chromecache_373.5.dr	false		high
http://js.player.cntv.cn/creator/fingerprint2.js	chromecache_496.5.dr	false		high
http://ldncctvwbndhwy.cntv.myhwcdn.cn/ldncctvwbnd/ldcctv1_2/index.m3u8	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
https://p2.img.cctvpic.com/fmspic/2022/06/07/b6b326d032d642caae6e56046b668892-37918161-0.jpg	chromecache_373.5.dr	false		high
http://p2.img.cctvpic.com/fmspic/2015/04/21/3c54a67ca29244bf940716d57d3b4cd3-2714.jpg	chromecache_373.5.dr	false		high
https://p5.img.cctvpic.com/fmspic/2025/01/17/d7cdf59e81e84bf0b368eeef3baa341d-1.jpg	chromecache_373.5.dr	false		high
http://ns.attribution.com/ads/1.0/	chromecache_290.5.dr	false		high
https://p1.img.cctvpic.com/fmspic/2025/01/02/27a715bcf19340beaef23bc6b00e8269-1.jpg	chromecache_373.5.dr	false		high
https://p5.img.cctvpic.com/photoworkspace/2025/01/09/2025010917375892850.png	chromecache_373.5.dr	false		high
http://js.data.cctv.com/__aplus_plugin_cctv.js	chromecache_488.5.dr	false		high
https://dhls.cntv.cdn20.com/asp/enc/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/mai	chromecache_511.5.dr, chromecache_254.5.dr	false	Avira URL Cloud: safe	unknown
https://p4.img.cctvpic.com/fmspic/2024/12/06/a70f6aa0f7ff44f996febb1b4a7bd85f-300.jpg	chromecache_373.5.dr	false		high
https://p2.img.cctvpic.com/photoworkspace/2025/01/17/2025011716100791275.png	chromecache_373.5.dr	false		high
http://vdnad.apps.cntv.cn/api/getIpadInfoAd.do?pid=	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntv&android_schema=	chromecache_488.5.dr	false		high
https://app.cctv.com/special/download/ysyy/index.html	chromecache_488.5.dr	false		high
https://p3.img.cctvpic.com/fmspic/2025/01/09/5b9680548e414bf6a722965bc5ccf053-1.jpg	chromecache_373.5.dr	false		high
https://github.com/kesla/parse-headers/	chromecache_251.5.dr, chromecache_536.5.dr	false		high
https://tv.cctv.com/cctv4asia/	chromecache_564.5.dr	false		high
https://p1.img.cctvpic.com/fmspic/2025/01/07/f4d4981c63ad47ad9b0b436df933de91-180.jpg	chromecache_254.5.dr	false		high
https://p5.img.cctvpic.com/fmspic/2025/01/17/0692dae40c5240cdb45cab03a78bb4b5-300.jpg	chromecache_373.5.dr	false		high
https://player.cntv.cn/html5Player/images/20190905/cctvnews_loading.gif	chromecache_488.5.dr	false		high
https://p5.img.cctvpic.com/fmspic/2025/01/07/f4d4981c63ad47ad9b0b436df933de91-1.jpg	chromecache_373.5.dr	false		high
https://global.cctv.com/2025/01/17/VIDEZuR08BtkT2E1FiAYrl00250117.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
http://ldncctvwbcdcnc.v.wscdns.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
http://ldncctvwbcdtxy.liveplay.myqcloud.com/ldncctvwbcd/cdrmldcctv1_1/index.m3u8	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
https://global.cctv.com/2024/12/06/VIDEQL44pOaZa5DwRnaWJZWK241206.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://p4.img.cctvpic.com/fmspic/2025/01/17/5b745e2639fb452da06d91712d7207a1-1.jpg	chromecache_373.5.dr	false		high
https://p3.img.cctvpic.com/fmspic/2022/06/07/b6b326d032d642caae6e56046b668892-37918161-1.jpg	chromecache_373.5.dr	false		high
https://global.cctv.com/2024/11/14/VIDEYEC3jiFYBBYGSeCvyCsz241114.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://p2.img.cctvpic.com/fmspic/2025/01/17/563d639fabc34db984be1f62f47a82fc-300.jpg	chromecache_373.5.dr	false		high
https://global.cctv.com/2025/01/17/VIDEIZ8r8kbLz4eMEleoItKx250117.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://dhls.cntv.cdn20.com/asp/hlsaudio/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de9	chromecache_511.5.dr, chromecache_254.5.dr	false	Avira URL Cloud: safe	unknown
https://js.player.cntv.cn/creator/fingerprint2.js	chromecache_496.5.dr	false		high
https://js.player.cntv.cn/creator/html5player_standard_multi.js	chromecache_496.5.dr	false		high
https://dh5.cntv.cdn20.com/asp/h5e/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/main	chromecache_511.5.dr, chromecache_254.5.dr	false	Avira URL Cloud: safe	unknown
http://js.player.cntv.cn/creator/liveplayer_controls.js	chromecache_488.5.dr	false		high
http://videojs.com/	chromecache_251.5.dr, chromecache_536.5.dr	false		high
https://github.com/videojs/video.js/blob/main/LICENSE	chromecache_251.5.dr, chromecache_536.5.dr	false		high
https://dhls2.cntv.cdn20.com/asp/enc2/hls/main/0303000a/3/default/f4d4981c63ad47ad9b0b436df933de91/m	chromecache_511.5.dr, chromecache_254.5.dr	false	Avira URL Cloud: safe	unknown
http://js.player.cntv.cn/creator/html5player_standard_multi.js	chromecache_496.5.dr	false		high
https://global.cctv.com/2025/01/17/VIDE2ZAnd1zluFZdshrPRUU6250117.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://github.com/mozilla/vtt.js	chromecache_251.5.dr, chromecache_536.5.dr	false		high
https://p4.img.cctvpic.com/fmspic/2025/01/17/98eec5744f634da69d19b50596a79b1a-1.jpg	chromecache_373.5.dr	false		high
https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9	chromecache_402.5.dr	false		high
https://global.cctv.com/2024/12/06/VIDE43PMmdH3ky44ODjXy0k5241206.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/headerDown.png?a	chromecache_270.5.dr	false		high
https://www.brightcove.com/	chromecache_251.5.dr, chromecache_536.5.dr	false		high
https://p5.img.cctvpic.com/fmspic/2025/01/17/563d639fabc34db984be1f62f47a82fc-1.jpg	chromecache_373.5.dr	false		high
https://p5.img.cctvpic.com/photoworkspace/2025/01/14/2025011415411893350.jpg	chromecache_373.5.dr	false		high
https://api.live.cntv.cn/livestatic/zs/livestatic_config/unity_pcweb.json	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
https://js.data.cctv.com/__aplus_plugin_cctv.js	chromecache_496.5.dr, chromecache_488.5.dr	false		high
https://global.cctv.com/2024/12/04/VIDE3SuMJLq97GA7XRe3ztIl241204.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://p2.img.cctvpic.com/photoworkspace/2025/01/02/2025010217230787854.png	chromecache_373.5.dr	false		high
http://vdn.apps.cntv.cn/api/getIpadVideoInfo.do?pid=	chromecache_496.5.dr	false		high
https://p1.img.cctvpic.com/fmspic/2025/01/07/f4d4981c63ad47ad9b0b436df933de91-300.jpg	chromecache_373.5.dr	false		high
https://p3.img.cctvpic.com/fmspic/2024/12/04/3974a1337c0844e9b691520072659264-1.jpg	chromecache_373.5.dr	false		high
https://p4.img.cctvpic.com/fmspic/2025/01/17/5b745e2639fb452da06d91712d7207a1-300.jpg	chromecache_373.5.dr	false		high
https://player.cntv.cn/html5Player/images/	chromecache_488.5.dr	false		high
https://player.cntv.cn/html5Player/images/cctv_html5player_loading.gif	chromecache_488.5.dr	false		high
https://vdnad.apps.cntv.cn/api/getIpadInfoAd.do?pid=	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
https://github.com/kesla/parse-headers/blob/master/LICENCE	chromecache_251.5.dr, chromecache_536.5.dr	false		high
https://js.player.cntv.cn/creator/html5player_analysis_lib.js	chromecache_488.5.dr	false		high
https://p3.img.cctvpic.com/fmspic/2025/01/17/98eec5744f634da69d19b50596a79b1a-300.jpg	chromecache_373.5.dr	false		high
https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntv&ios_scheme=	chromecache_488.5.dr	false		high
https://global.cctv.com/2025/01/02/VIDEwNriYCH7XWBz3eXegNRX250102.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://p5.img.cctvpic.com/photoworkspace/2025/01/03/2025010316300876860.jpg	chromecache_373.5.dr	false		high
https://p1.img.cctvpic.com/fmspic/2025/01/14/1bba66b961e246d3b9baeaf3a166164f-1.jpg	chromecache_373.5.dr	false		high
https://global.cctv.com/2024/12/31/VIDESd7oTQcka90G4VTWZgsB241231.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://p5.img.cctvpic.com/fmspic/2024/12/06/a5bf28aeeacb4a03840f7ec928314db2-300.jpg	chromecache_373.5.dr	false		high
https://js.player.cntv.cn/creator/liveplayer_controls.js	chromecache_488.5.dr	false		high
https://p5.img.cctvpic.com/fmspic/2025/01/17/0692dae40c5240cdb45cab03a78bb4b5-1.jpg	chromecache_373.5.dr	false		high
https://api.live.cntv.cn/livestatic/zs/livestatic_config/unity_html5.json	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
https://global.cctv.com/2025/01/17/VIDETJQ1QB1byOLu0uUHgckf250117.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown
https://p4.img.cctvpic.com/fmspic/2025/01/14/1bba66b961e246d3b9baeaf3a166164f-300.jpg	chromecache_373.5.dr	false		high
https://p4.img.cctvpic.com/fmspic/2025/01/17/d7cdf59e81e84bf0b368eeef3baa341d-300.jpg	chromecache_373.5.dr	false		high
https://p1.img.cctvpic.com/fmspic/2024/12/31/ab5059c9774d4df5bdfb117a3b72cb9b-1.jpg	chromecache_373.5.dr	false		high
http://ldncctvwbndtxy.liveplay.myqcloud.com/ldncctvwbnd/ldcctv1_2/index.m3u8	chromecache_488.5.dr	false	Avira URL Cloud: safe	unknown
https://github.com/mozilla/vtt.js/blob/main/LICENSE	chromecache_251.5.dr, chromecache_536.5.dr	false		high
https://p3.img.cctvpic.com/fmspic/2022/06/07/b6b326d032d642caae6e56046b668892-37918161-2.jpg	chromecache_373.5.dr	false		high
https://p4.img.cctvpic.com/fmspic/2024/12/31/ab5059c9774d4df5bdfb117a3b72cb9b-300.jpg	chromecache_373.5.dr	false		high
https://p5.img.cctvpic.com/fmspic/2025/01/02/27a715bcf19340beaef23bc6b00e8269-300.jpg	chromecache_373.5.dr	false		high
https://a.app.qq.com/o/simple.jsp?pkgname=cn.cntvhd&ios_scheme=	chromecache_488.5.dr	false		high
https://p1.img.cctvpic.com/fmspic/2024/12/04/3974a1337c0844e9b691520072659264-300.jpg	chromecache_373.5.dr	false		high
http://js.player.cntv.cn/creator/h5.worker?v=220805	chromecache_488.5.dr	false		high
https://global.cctv.com/2025/01/17/VIDE5gaAOPgF6mPrOeL41gzZ250117.shtml	chromecache_373.5.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
163.171.147.15	unknown	European Union	54994	QUANTILNETWORKSUS	false
163.171.132.119	unknown	European Union	54994	QUANTILNETWORKSUS	false
104.21.85.11	unknown	United States	13335	CLOUDFLARENETUS	false
163.171.132.42	unknown	European Union	54994	QUANTILNETWORKSUS	false
163.171.133.124	unknown	European Union	54994	QUANTILNETWORKSUS	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
142.250.186.131	unknown	United States	15169	GOOGLEUS	false
138.113.147.185	unknown	United States	776	FR-INRIA-SOPHIAINRIASophia-AntipolisEU	false
163.181.131.244	unknown	United States	24429	TAOBAOZhejiangTaobaoNetworkCoLtdCN	false
115.182.216.38	unknown	China	4808	CHINA169-BJChinaUnicomBeijingProvinceNetworkCN	false
95.100.110.17	unknown	European Union	20940	AKAMAI-ASN1EU	false
2.21.65.137	unknown	European Union	20940	AKAMAI-ASN1EU	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
119.3.155.97	unknown	China	55990	HWCSNETHuaweiCloudServicedatacenterCN	false
142.250.185.110	unknown	United States	15169	GOOGLEUS	false
163.171.130.92	unknown	European Union	54994	QUANTILNETWORKSUS	false
142.250.185.238	unknown	United States	15169	GOOGLEUS	false
2.21.65.135	unknown	European Union	20940	AKAMAI-ASN1EU	false
142.251.173.84	unknown	United States	15169	GOOGLEUS	false
172.67.200.176	unknown	United States	13335	CLOUDFLARENETUS	false
111.170.15.114	unknown	China	4134	CHINANET-BACKBONENo31Jin-rongStreetCN	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
39.107.0.245	unknown	China	37963	CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1594010
Start date and time:	2025-01-18 00:20:16 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 17s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://pear-02.mfgtcvb.eu.org/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.phis.win@20/539@0/25
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: http://pear-02.mfgtcvb.eu.org/

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: http://pear-02.mfgtcvb.eu.org Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": true, "ip_in_url": false, "long_subdomain": true, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": true, "reasoning": "The URL contains multiple suspicious elements: a numbered subdomain (pear-02), a random-looking domain name (mfgtcvb), and multiple TLD levels (.eu.org) which is often associated with free hosting services. The combination of these elements suggests this could be a potentially suspicious URL." }
URL: http://pear-02.mfgtcvb.eu.org
URL: https://pear-02.mfgtcvb.eu.org/... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script demonstrates moderate-risk behaviors, including external data transmission and the use of fallback domains. While the script's intent is not entirely clear, the conditional logic and potential for redirecting to different domains based on the user's location raise some concerns that require further investigation." }
window.addEventListener('load', function () { let scriptEl = document.createElement('script') let isCN = getArea() === 'CN'; let guowai = findGetParameter("guowai"); if (guowai === '1') { isCN = false } if ((isCN && "1" == "0") \|\| (!isCN && "1" == "0")) { document.getElementById("TPMTzo7laOcaXUpvBX67KgjG211216_container").style.display = "none"; }else{ scriptEl.src = isCN ? "" : "" document.body.appendChild(scriptEl) } })
URL: https://pear-02.mfgtcvb.eu.org/... Model: Joe Sandbox AI	{ "risk_score": 5, "reasoning": "The script exhibits moderate-risk behaviors, including external data transmission and the use of fallback domains. However, the intent appears to be related to geolocation-based content delivery, which is a common practice. Further review may be needed to determine if the script is behaving in a way that is inconsistent with its apparent purpose." }
window.addEventListener('load', function () { let scriptEl = document.createElement('script') let isCN = getArea() === 'CN'; let guowai = findGetParameter("guowai"); if (guowai === '1') { isCN = false } if ((isCN && "1" == "1") \|\| (!isCN && "1" == "0")) { document.getElementById("TPMTGb0ECeaxfb2pTOI6i1qt211216_container").style.display = "none"; }else{ scriptEl.src = isCN ? "" : "" document.body.appendChild(scriptEl) } })
URL: https://pear-02.mfgtcvb.eu.org/... Model: Joe Sandbox AI	{ "risk_score": 5, "reasoning": "The script demonstrates some moderate-risk behaviors, such as dynamic script loading and potential data exfiltration, but the intent is not entirely clear. Further investigation is needed to determine the legitimacy of the script's purpose." }
window.addEventListener('load', function () { let scriptEl = document.createElement('script') let isCN = getArea() === 'CN'; let guowai = findGetParameter("guowai"); if (guowai === '1') { isCN = false } if ((isCN && "1" == "1") \|\| (!isCN && "1" == "0")) { document.getElementById("TPMTwof4bkYbF8Og0IQ0pDLA211216_container").style.display = "none"; }else{ scriptEl.src = isCN ? "" : "" document.body.appendChild(scriptEl) } })
URL: https://global.cctv.com/cmsdatainterface/guowai/ne... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate video content snippet from CCTV, a reputable media organization. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code/URLs. The snippet is primarily focused on displaying video content and metadata, which is a common and expected behavior for a video platform. There are no suspicious activities or behaviors that would indicate malicious intent, so the overall risk score is low." }
PAGEAcAwQE2rxqQd91IljaY7210126({"data":{"total":102,"list":[{"id":"VIDEokvlsRz86idWVvm9LYUj250116","title":" 20230114","subtitle":"","focus_date":"2025-01-16","url":"https://global.cctv.com/2025/01/16/VIDEokvlsRz86idWVvm9LYUj250116.shtml","image":"https://p2.img.cctvpic.com/photoworkspace/2025/01/16/2025011617310991046.png","image2":"https://p3.img.cctvpic.com/fmspic/2023/01/14/4611b35ea31542d8b4b478aae04f5195-41253413-0.jpg","image3":"https://p3.img.cctvpic.com/fmspic/2023/01/14/4611b35ea31542d8b4b478aae04f5195-41253413-2.jpg","brief":" 20230114 ","ext_field":"","keywords":"","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"29:40","ext":{"youtube":"GKrucC2f3no","domestic":"0","info":{}}},{"id":"VIDEwsoSWkvtOUwcogRBASZC250115","title":" 20230113","subtitle":"","focus_date":"2025-01-15","url":"https://global.cctv.com/2025/01/15/VIDEwsoSWkvtOUwcogRBASZC250115.shtml","image":"https://p2.img.cctvpic.com/photoworkspace/2025/01/15/2025011517241573600.png","image2":"https://p1.img.cctvpic.com/fmspic/2023/01/13/a05e026b9814479a8d8e4cdab66492f2-41242407-0.jpg","image3":"https://p4.img.cctvpic.com/fmspic/2023/01/13/a05e026b9814479a8d8e4cdab66492f2-41242407-2.jpg","brief":" 20230113 20239","ext_field":"","keywords":"","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"29:41","ext":{"youtube":"U0GtOdd26U4","domestic":"0","info":{}}},{"id":"VIDEjxAqWDgypu9ZpBGxP2zl250114","title":" 20230112","subtitle":"","focus_date":"2025-01-14","url":"https://global.cctv.com/2025/01/14/VIDEjxAqWDgypu9ZpBGxP2zl250114.shtml","image":"https://p2.img.cctvpic.com/photoworkspace/2025/01/14/2025011415542351026.png","image2":"https://p1.img.cctvpic.com/fmspic/2023/01/12/4a6e0020d1364b56a266dea957334ada-41230345-0.jpg","image3":"https://p4.img.cctvpic.com/fmspic/2023/01/12/4a6e0020d1364b56a266dea957334ada-41230345-2.jpg","brief":" 20230112 20238","ext_field":"","keywords":"","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"29:33","ext":{"youtube":"zwuiD3kKFKI","domestic":"0","info":{}}},{"id":"VIDEKT8qveK6sGGXGm1JMBwF250113","title":" 20230111","subtitle":"","focus_date":"2025-01-13","url":"https://global.cctv.com/2025/01/13/VIDEKT8qveK6sGGXGm1JMBwF250113.shtml","image":"https://p3.img.cctvpic.com/photoworkspace/2025/01/13/2025011317144636531.png","image2":"https://p5.img.cctvpic.com/fmspic/2023/01/11/5b5ffd7480d1403f9d7abe86b7878570-41216767-0.jpg","image3":"https://p2.img.cctvpic.com/fmspic/2023/01/11/5b5ffd7480d1403f9d7abe86b7878570-41216767-2.jpg","brief":" 20230111 20237","ext_field":"","keywords":"","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"29:32","ext":{"youtube":"zhLTlIQ92FU","domestic":"0","info":{}}},{"id":"VIDEJEV2bfQb2G8o80k4qwIE250110","title":" 20230110","subtitle":"","focus_date":"2025-01-10","url":"https://global.cctv.com/2025/01/10/VIDEJEV2bfQb2G8o80k4qwIE250110.shtml","image":"https://p4.img.cctvpic.com/fmspic/2023/01/10/3f313c879f1f4f358aed6ffc5d9ffd89-1.jpg","image2":"https://p2.img.cctvpic.com/fmspic/2023/01/10/3f313c879f1f4f358aed6ffc5d9ffd89-41203403-0.jpg","image3":"https://p4
URL: https://pear-02.mfgtcvb.eu.org/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate script that handles navigation and UI updates based on the current URL path. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or obfuscation. The script primarily focuses on updating the active menu item and modifying the text content of specific menu items based on the URL path. This behavior is consistent with typical navigation and localization functionality, which is considered a low-risk activity." }
var pathName; if (window.location.pathname.indexOf("big5") != "-1") { pathName = window.location.pathname.replace("/gate/big5/", ""); pathName = pathName.split("/")[1]; } else { pathName = window.location.pathname.split("/")[1]; } var activeEl = document .querySelector(".header-container") .querySelector(".menu-list") .querySelectorAll(".menu-item"); activeEl.forEach((item) => { if (pathName != "" && pathName != "index.shtml") { if ( item.querySelector("a").getAttribute("href").indexOf(pathName) != -1 ) { item.querySelector("a").style.color = "#ff6c00"; } } }); if (window.location.pathname.indexOf("big5") != "-1") { $(".menu-item-10-sub1 a").html( '<span class="menu-item-sub-tips"></span></a>' ); $(".menu-item-10-sub2 a").html( '<span class="menu-item-sub-tips"></span></a>' ); } else { $(".menu-item-10-sub1 a").html( '<span class="menu-item-sub-tips"></span></a>' ); $(".menu-item-10-sub2 a").html( '<span class="menu-item-sub-tips"></span></a>' ); }
URL: https://pear-02.mfgtcvb.eu.org/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be a legitimate content rendering function, but it exhibits some moderate-risk behaviors. It dynamically manipulates the DOM by replacing the contents of an HTML element, which could potentially be used for malicious purposes. Additionally, it processes data from an external source without clear transparency on the data's origin or purpose. While the script itself does not demonstrate high-risk indicators, further review may be warranted to ensure the data source and overall functionality are trustworthy." }
function PAGEMURMOWpDxCfQkQPW3nKA210126(res) { const datalist = res.data.list.slice(0, 7); var listEl = document.querySelector('#TPMTnR0hMwqDy6QtRYmjQJ0q211216_container').querySelector('.hot-section-list'); var liList = ''; for(var i = 0 ; i< datalist.length ; i++){ let item = ''; let item_title = datalist[i].title; item_title = item_title.replace(/\#[^\s]\s/ig, ''); item_title = item_title.replace(/\#./i, ''); let item_subtitle = datalist[i].subtitle; item_subtitle = item_subtitle.replace(/\#[^\s]\s/ig, ''); item_subtitle = item_subtitle.replace(/\#./i, ''); item +='<li class="hot-section-item">' item +='<a href="' item += datalist[i].url item +='" class="hot-section-item-box" target="_blank">' item +='<div class="hot-section-item-img" style="background-image: url(' item +=datalist[i].image item +=');"></div>' item +='<p class="hot-section-item-title">' if(datalist[i].subtitle !=''){ item +=item_subtitle }else{ item +=item_title } item +='</p>' item +='</a>' if(datalist[i].duration){ item +='<p class="hot-section-item-date">' item +=datalist[i].duration item +='</p>' } item +='</li>' liList += item } listEl.innerHTML = liList; }
URL: https://pear-02.mfgtcvb.eu.org/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The script appears to be primarily focused on loading content from CCTV.com, which is a legitimate and trusted domain. It checks the user's location (China vs. outside China) and loads the appropriate content accordingly. While it uses some dynamic behavior like creating a script element and appending it to the DOM, this is a common practice for loading external content. The script does not exhibit any high-risk indicators like data exfiltration or obfuscated code, and the overall behavior is consistent with a legitimate content loading mechanism. Therefore, the risk score is assessed as low." }
window.addEventListener('load', function () { let scriptEl = document.createElement('script') let isCN = getArea() === 'CN'; let guowai = findGetParameter("guowai"); if (guowai === '1') { isCN = false } if ((isCN && "1" == "0") \|\| (!isCN && "1" == "0")) { document.getElementById("TPMTyC55g6ZBo3Whkz45Xo67211216_container").style.display = "none"; }else{ let urlBeing = "https://global.cctv.com/cmsdatainterface/guonei/new/video/PAGEnL0TSDsFQ26XkCx4G7Kl210126_1.jsonp"?true:false; if(urlBeing){ scriptEl.src = isCN ? "https://global.cctv.com/cmsdatainterface/guonei/new/video/PAGEnL0TSDsFQ26XkCx4G7Kl210126_1.jsonp" : "https://global.cctv.com/cmsdatainterface/guowai/new/video/PAGEnL0TSDsFQ26XkCx4G7Kl210126_1.jsonp" document.body.appendChild(scriptEl) } } })
URL: https://global.cctv.com/cmsdatainterface/guowai/ne... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate news content delivery system. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or obfuscated code/URLs. The script seems to be focused on displaying news articles and videos, which is a common and expected behavior. While it uses some external data transmission, the context suggests this is for legitimate purposes like fetching news content. Overall, the script demonstrates low-risk behaviors and can be considered safe." }
PAGEnL0TSDsFQ26XkCx4G7Kl210126({"data":{"total":193,"pagenum":10,"list":[{"id":"VIDEIZ8r8kbLz4eMEleoItKx250117","title":"# ","subtitle":"# ","focus_date":"2025-01-17","url":"https://global.cctv.com/2025/01/17/VIDEIZ8r8kbLz4eMEleoItKx250117.shtml","image":"https://p5.img.cctvpic.com/fmspic/2025/01/17/d7cdf59e81e84bf0b368eeef3baa341d-1.jpg","image2":"https://p5.img.cctvpic.com/fmspic/2025/01/17/d7cdf59e81e84bf0b368eeef3baa341d-1.jpg","image3":"https://p4.img.cctvpic.com/fmspic/2025/01/17/d7cdf59e81e84bf0b368eeef3baa341d-300.jpg","brief":"# ","ext_field":"","keywords":"# ","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"00:20","ext":{"facebook":"1466632654293427"}},{"id":"VIDE5gaAOPgF6mPrOeL41gzZ250117","title":"# ","subtitle":"# ","focus_date":"2025-01-17","url":"https://global.cctv.com/2025/01/17/VIDE5gaAOPgF6mPrOeL41gzZ250117.shtml","image":"https://p5.img.cctvpic.com/fmspic/2025/01/17/563d639fabc34db984be1f62f47a82fc-1.jpg","image2":"https://p5.img.cctvpic.com/fmspic/2025/01/17/563d639fabc34db984be1f62f47a82fc-1.jpg","image3":"https://p2.img.cctvpic.com/fmspic/2025/01/17/563d639fabc34db984be1f62f47a82fc-300.jpg","brief":"20251171207PRSC-EO1","ext_field":"","keywords":"# ","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"00:21","ext":{"facebook":"939199588353033"}},{"id":"VIDEgbXUuxwdUPKM07I2GwJo250117","title":"# ","subtitle":"# ","focus_date":"2025-01-17","url":"https://global.cctv.com/2025/01/17/VIDEgbXUuxwdUPKM07I2GwJo250117.shtml","image":"https://p4.img.cctvpic.com/fmspic/2025/01/17/26a94d5332f845adaad5968b605d4d6e-1.jpg","image2":"https://p4.img.cctvpic.com/fmspic/2025/01/17/26a94d5332f845adaad5968b605d4d6e-1.jpg","image3":"https://p5.img.cctvpic.com/fmspic/2025/01/17/26a94d5332f845adaad5968b605d4d6e-300.jpg","brief":"# ","ext_field":"","keywords":"# ","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"00:36","ext":{"facebook":"1131368328774054"}},{"id":"VIDEZVFTpjlEKEImT8eJaxb0250117","title":"# ","subtitle":"# ","focus_date":"2025-01-17","url":"https://global.cctv.com/2025/01/17/VIDEZVFTpjlEKEImT8eJaxb0250117.shtml","image":"https://p5.img.cctvpic.com/fmspic/2025/01/17/c8ec2b4c4c0b49eda439c48be7cb3051-1.jpg","image2":"https://p5.img.cctvpic.com/fmspic/2025/01/17/c8ec2b4c4c0b49eda439c48be7cb3051-1.jpg","image3":"https://p5.img.cctvpic.com/fmspic/2025/01/17/c8ec2b4c4c0b49eda439c48be7cb3051-300.jpg","brief":"","ext_field":"","keywords":"# ","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"02:32"},{"id":"VIDEuABP6rZUHGkR1GRzzCEo250117","title":"# 21","subtitle":"#","focus_date":"2025-01-17","url":"https://global.cctv.com/2025/01/17/VIDEuABP6rZUHGkR1GRzzCEo250117.shtml","image":"https://p2.img.cctvpic.com/fmspic/2025/01/17/69ba00cba91b4994aeb2a182126995ee-1.jpg","image2":"https://p2.img.cctvpic.com/fmspic/2025/01/17/69ba00cba91b4994aeb2a182126995ee-1.jpg","image3":"https://p5.img.cctvpic.com/fmspic/2025/01/17/69ba00cba91b4994aeb2a182126995ee-300.jpg","brief":"# 21","ext_field":"","keywords":"# ","type":"vide","old_id":"","s_page_id":"","s_page_name":"","duration":"00:38","ext":{"facebook":"575151162023322"}},{"id":"VIDE6OvD5S5mOceJrAF7fyj8250117","title":"# ","subtitle":"# ","focus_date":"2025-01-17","url":"https://global.cctv.com/2025/01/17/VIDE6OvD5S5mOceJrAF7fyj8250117.shtml","image":"https://p5.img.cctvpic.com/fmspic/2025/01/1
URL: https://pear-02.mfgtcvb.eu.org/... Model: Joe Sandbox AI	{ "risk_score": 4, "reasoning": "The script appears to be a legitimate content rendering function, but it exhibits some moderate-risk behaviors. It dynamically generates HTML content and modifies the DOM, which could potentially be used for malicious purposes. Additionally, it uses hardcoded image URLs that may be associated with untrusted domains. However, the script's overall purpose seems to be displaying content from a trusted source, and there are no clear indicators of malicious intent. Further review may be necessary to ensure the script's safety." }
function PAGEnL0TSDsFQ26XkCx4G7Kl210126(res) { const datalist = res.data.list.slice(0, 8); var listEl = document.querySelector('#TPMTyC55g6ZBo3Whkz45Xo67211216_container').querySelector('.promptly-section-container-wrap'); var liList = ''; var back = 'PAGEnL0TSDsFQ26XkCx4G7Kl210126'; for(var i = 0 ; i < datalist.length ; i++){ var itemHtml = ''; let item_title = datalist[i].title; item_title = item_title.replace(/\#[^\s]\s/ig, ''); item_title = item_title.replace(/\#./i, ''); let item_subtitle = datalist[i].subtitle; item_subtitle = item_subtitle.replace(/\#[^\s]\s/ig, ''); item_subtitle = item_subtitle.replace(/\#./i, ''); itemHtml +='<dl class="promptly-section-container-dlWrap">' itemHtml +='<dt>' itemHtml +='<a href="' itemHtml += datalist[i].url itemHtml +='" target="_blank" >' itemHtml +='<img src="' //itemHtml +=datalist[i].image if(datalist[i].image == '' \|\| datalist[i].image == null \|\| datalist[i].image == undefined){ if(datalist[i].s_page_name == '' \|\| datalist[i].s_page_name == null \|\| datalist[i].s_page_name == undefined ){ if(back == 'PAGEnL0TSDsFQ26XkCx4G7Kl210126'){ itemHtml +='//p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/20220224_seat_jk.jpg' }else if(back == 'PAGEZ8HZ8JSmzO1F6GiAYTi9211130'){ itemHtml +='//p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/20220224_seat_hk.jpg' }else if(back == 'PAGEMURMOWpDxCfQkQPW3nKA210126'){ itemHtml +='//p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/20220224_seat_zgmk.jpg' } }else{ if(datalist[i].s_page_name == ''){ itemHtml +='//p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/20220224_seat_jrsla.jpg' }else if(datalist[i].s_page_name == ''){ itemHtml +='//p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/20220224_seat_gtbfb.jpg' }else if(datalist[i].s_page_name == ''){ itemHtml +='//p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/20220224_seat_jkla.jpg' }else if(datalist[i].s_page_name == ''){ itemHtml +='//p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/20220224_seat_wtng.jpg' }else if(datalist[i].s_page_name == ''){ itemHtml +='//p2.img.cctvpic.com/photoAlbum/templet/common/TPTERE93VfAfo34uSEe8veca211216/20220224_seat_jkdwq.jpg' } } }else{ itemHtml += datalist[i].image } itemHtml +='" >' if(datalist[i].duration){ itemHtml +='<span class="promptly-section-container-vidTime">' itemHtml +=datalist[i].duration itemHtml +='</span>' } itemHtml +='</a></dt>' itemHtml +='<dd><a href="' itemHtml +=datalist[i].url itemHtml +='" target="_blank" ><span>' if(datalist[i].subtitle == ''){ itemHtml +=item_title }else{ itemHtml +=item_subtitle } itemHtml +='</span></a>' itemHtml +='</dd>' itemHtml +='</dl>' liList +=itemHtml; } listEl.innerHTML = liList; }
URL: https://pear-02.mfgtcvb.eu.org/... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The script appears to be primarily responsible for loading content from different URLs based on the user's location (China vs. outside of China). While it uses some dynamic behavior, such as creating a script element and appending it to the DOM, the overall intent seems to be legitimate content delivery rather than malicious activities. The script does not exhibit any high-risk indicators like dynamic code execution, data exfiltration, or obfuscated code. The moderate-risk indicators, such as external data transmission and fallback domains, are mitigated by the apparent purpose of the script. Overall, the script appears to be a low-risk implementation with some minor concerns around aggressive DOM manipulation and the use of multiple fallback domains." }
window.addEventListener('load', function () { let scriptEl = document.createElement('script') let isCN = getArea() === 'CN'; let guowai = findGetParameter("guowai"); if (guowai === '1') { isCN = false } if ((isCN && "1" == "1") \|\| (!isCN && "1" == "0")) { document.getElementById("TPMTnR0hMwqDy6QtRYmjQJ0q211216_container").style.display = "none"; }else{ let urlBeing = "https://global.cctv.com/cmsdatainterface/guonei/new/page/PAGEMURMOWpDxCfQkQPW3nKA210126_1.jsonp"?true:false; if(urlBeing){ scriptEl.src = isCN ? "https://global.cctv.com/cmsdatainterface/guonei/new/page/PAGEMURMOWpDxCfQkQPW3nKA210126_1.jsonp" : "https://global.cctv.com/cmsdatainterface/guowai/new/page/PAGEMURMOWpDxCfQkQPW3nKA210126_1.jsonp" document.body.appendChild(scriptEl) } } })
URL: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://global.cctv.com/2025/01/14/VIDEQHPeuQn9iGmZk4ZLpfch250114.shtml Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": true, "contains_fake_security_alerts": false, "page_classification": "unknown" }

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://pear-02.mfgtcvb.eu.org/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Windows Analysis Report
http://pear-02.mfgtcvb.eu.org/