| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | 20190311 | 6.0.6.653 | |
| Alibaba | 20190306 | 0.2.0.3 | |
| Baidu | 20190306 | 1.0.0.2 | |
| Avast | 20190311 | 18.4.3895.0 | |
| Tencent | 20190311 | 1.0.0.1 | |
| Kingsoft | 20190311 | 2013.8.14.323 | |
| CrowdStrike | 20190212 | 1.0 |
| name | BIN | language | LANG_CHINESE | offset | 0x000a9890 | filetype | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00219688 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x002c4aa4 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000025a8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x002c4aa4 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000025a8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x002c4aa4 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000025a8 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x002c9860 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000030 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | offset | 0x002c9890 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000498 | ||||||||||||||||||
| Zillya | Trojan.Autoit.Win32.27948 |
| entropy | 6.848816315356306 | section | {'size_of_data': '0x00220e00', 'virtual_address': '0x000a9000', 'entropy': 6.848816315356306, 'name': '.rsrc', 'virtual_size': '0x00221000'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.7685119887165022 | description | Overall entropy of this PE file is high | |||||||||||
| host | 172.217.24.14 | |||
| host | 219.239.92.213 | |||
| dead_host | 219.239.92.213:4100 |
| Ordinal | Address | Name |
|---|---|---|
| 29 | 0x408acc | @$xp$27Flashplayercontrol@IBindCtx |
| 33 | 0x408bcc | @$xp$27Flashplayercontrol@IMoniker |
| 7 | 0x407e2e | @$xp$28Flashplayercontrol@PBindOpts |
| 5 | 0x407ded | @$xp$28Flashplayercontrol@PIMoniker |
| 8 | 0x407e2e | @$xp$28Flashplayercontrol@TBindOpts |
| 26 | 0x408a10 | @$xp$29Flashplayercontrol@IOleObject |
| 27 | 0x408a4c | @$xp$30Flashplayercontrol@IDropTarget |
| 4 | 0x407db0 | @$xp$30Flashplayercontrol@IEnumString |
| 28 | 0x408a8c | @$xp$30Flashplayercontrol@IViewObject |
| 24 | 0x408988 | @$xp$31Flashplayercontrol@IEnumMoniker |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| teredo.ipv6.microsoft.com | 127.0.0.1 |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51963 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 65004 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58368 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 58370 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 62192 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts