| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | Packed-GCB!55EB8C0CE92D | 20201211 | 6.0.6.653 |
| CrowdStrike | win/malicious_confidence_80% (W) | 20190702 | 1.0 |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | Win32:TrojanX-gen [Trj] | 20201210 | 21.1.5827.0 |
| Alibaba | TrojanBanker:Win32/Kryptik.d716a0b8 | 20190527 | 0.3.0.5 |
| Kingsoft | Win32.Troj.Banker.(kcloud) | 20201211 | 2017.9.26.565 |
| Tencent | Malware.Win32.Gencirc.10cde558 | 20201211 | 1.0.0.1 |
| host | 172.217.24.14 | |||
| Bkav | W32.AIDetectVM.malware1 |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.Mint.Zamg.O |
| FireEye | Generic.mg.55eb8c0ce92db67c |
| CAT-QuickHeal | TrojanPWS.Zbot.Y |
| McAfee | Packed-GCB!55EB8C0CE92D |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Generic!BT |
| AegisLab | Trojan.Win32.Gozi.trsf |
| Sangfor | Malware |
| CrowdStrike | win/malicious_confidence_80% (W) |
| BitDefender | Trojan.Mint.Zamg.O |
| K7GW | Trojan ( 0056b69c1 ) |
| K7AntiVirus | Trojan ( 0056b69c1 ) |
| Cyren | W32/Trojan.PJOW-0898 |
| Symantec | Packed.Generic.459 |
| APEX | Malicious |
| Avast | Win32:TrojanX-gen [Trj] |
| ClamAV | Win.Packed.Gozi-9379096-0 |
| Kaspersky | HEUR:Trojan-Banker.Win32.Gozi.pef |
| Alibaba | TrojanBanker:Win32/Kryptik.d716a0b8 |
| NANO-Antivirus | Trojan.Win32.Gozi.hqpcbw |
| Rising | Trojan.MalCert!1.C99C (CLASSIC) |
| Ad-Aware | Trojan.Mint.Zamg.O |
| Sophos | Mal/Generic-R + Mal/EncPk-APV |
| Comodo | Malware@#22ysi5y613bos |
| F-Secure | Trojan.TR/Gozi.yvyxa |
| DrWeb | Trojan.Gozi.703 |
| Zillya | Trojan.Gozi.Win32.3046 |
| McAfee-GW-Edition | Packed-GCB!55EB8C0CE92D |
| Emsisoft | Trojan.Mint.Zamg.O (B) |
| Ikarus | Trojan.Win32.Crypt |
| Jiangmin | Trojan.Banker.Gozi.bah |
| Avira | TR/Gozi.yvyxa |
| MAX | malware (ai score=83) |
| Antiy-AVL | GrayWare/Win32.Kryptik.ehls |
| Kingsoft | Win32.Troj.Banker.(kcloud) |
| Microsoft | Trojan:Win32/Gozi.PE!MTB |
| Gridinsoft | Trojan.Win32.Kryptik.oa |
| Arcabit | Trojan.Mint.Zamg.O |
| ZoneAlarm | HEUR:Trojan-Banker.Win32.Gozi.pef |
| GData | Trojan.Mint.Zamg.O |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Trojan/Win32.Kryptik.C4170640 |
| Acronis | suspicious |
| ALYac | Trojan.Mint.Zamg.O |
| VBA32 | BScope.Trojan-Spy.Zbot |
| Malwarebytes | Backdoor.Qbot |
| Panda | Trj/Genetic.gen |
| ESET-NOD32 | a variant of Win32/Kryptik.HFGZ |
| dead_host | 172.217.24.14:443 |
| dead_host | 172.217.160.78:443 |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| clients2.google.com |
A 172.217.160.78
CNAME clients.l.google.com |
216.58.200.78 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| teredo.ipv6.microsoft.com |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51963 | 114.114.114.114 | 53 |
| 192.168.56.101 | 55368 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60384 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 49713 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51378 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 53237 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 61680 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62318 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 65004 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 51379 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts