| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | GenericR-CUA!5EEB2B2ED6C1 | 20201211 | 6.0.6.653 |
| Alibaba | Trojan:Win32/QQWare.4e5e7910 | 20190527 | 0.3.0.5 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | 20201210 | 21.1.5827.0 | |
| Tencent | 20201211 | 1.0.0.1 | |
| Kingsoft | 20201211 | 2017.9.26.565 |
| packer | Armadillo v1.71 |
| resource name | TEXTINCLUDE |
| name | TEXTINCLUDE | language | LANG_CHINESE | offset | 0x00125bd0 | filetype | C source, ASCII text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000151 | ||||||||||||||||||
| name | TEXTINCLUDE | language | LANG_CHINESE | offset | 0x00125bd0 | filetype | C source, ASCII text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000151 | ||||||||||||||||||
| name | TEXTINCLUDE | language | LANG_CHINESE | offset | 0x00125bd0 | filetype | C source, ASCII text, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000151 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_CHINESE | offset | 0x001260c0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000000b4 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_CHINESE | offset | 0x001260c0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000000b4 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_CHINESE | offset | 0x001260c0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000000b4 | ||||||||||||||||||
| name | RT_CURSOR | language | LANG_CHINESE | offset | 0x001260c0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000000b4 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_BITMAP | language | LANG_CHINESE | offset | 0x00127934 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000144 | ||||||||||||||||||
| name | RT_MENU | language | LANG_CHINESE | offset | 0x0012a43c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000284 | ||||||||||||||||||
| name | RT_MENU | language | LANG_CHINESE | offset | 0x0012a43c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000284 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0012b684 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000018c | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_STRING | language | LANG_CHINESE | offset | 0x0012c0cc | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000024 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_CHINESE | offset | 0x0012c118 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000022 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_CHINESE | offset | 0x0012c118 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000022 | ||||||||||||||||||
| name | RT_GROUP_CURSOR | language | LANG_CHINESE | offset | 0x0012c118 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000022 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x0012c164 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x0012c164 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000014 | ||||||||||||||||||
| host | 172.217.24.14 | |||
| Bkav | W32.AIDetectVM.malware1 |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.GenericKD.43277754 |
| FireEye | Generic.mg.5eeb2b2ed6c1579a |
| McAfee | GenericR-CUA!5EEB2B2ED6C1 |
| Cylance | Unsafe |
| K7AntiVirus | Trojan ( 005246d51 ) |
| Alibaba | Trojan:Win32/QQWare.4e5e7910 |
| K7GW | Trojan ( 005246d51 ) |
| CrowdStrike | win/malicious_confidence_100% (W) |
| Arcabit | Trojan.Generic.D2945DBA |
| Cyren | W32/S-47c1ea66!Eldorado |
| Symantec | Trojan.Gen.MBT |
| APEX | Malicious |
| Paloalto | generic.ml |
| ClamAV | Win.Malware.Zusy-6840460-0 |
| BitDefender | Trojan.GenericKD.43277754 |
| NANO-Antivirus | Trojan.Win32.Dwn.dlljtt |
| Ad-Aware | Trojan.GenericKD.43277754 |
| Sophos | Mal/Generic-S |
| Comodo | Worm.Win32.Dropper.RA@1qraug |
| F-Secure | Trojan:W32/DelfInject.R |
| DrWeb | Trojan.DownLoader11.39612 |
| Zillya | Trojan.QQWare.Win32.1084 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.fh |
| Emsisoft | Trojan.GenericKD.43277754 (B) |
| SentinelOne | Static AI - Malicious PE |
| Antiy-AVL | GrayWare/Win32.FlyStudio.a |
| Microsoft | Trojan:Win32/Ymacco.AA63 |
| AegisLab | Trojan.Win32.Generic.lx0C |
| GData | Trojan.GenericKD.43277754 |
| Cynet | Malicious (score: 100) |
| Acronis | suspicious |
| ALYac | Trojan.GenericKD.43277754 |
| MAX | malware (ai score=81) |
| ESET-NOD32 | a variant of Win32/QQWare.AA |
| Rising | Trojan.QQWare!8.105 (TFE:5:naBI78uSmNP) |
| Yandex | Trojan.GenAsa!EpF+UYh79+4 |
| Ikarus | Trojan.Win32.QQWare |
| eGambit | Unsafe.AI_Score_99% |
| Fortinet | W32/QQWare.AA!tr |
| MaxSecure | CORRUPT:Trojan.Gofot.ges |
| Cybereason | malicious.58772b |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| teredo.ipv6.microsoft.com | 127.0.0.1 |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 51378 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57874 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 63429 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 49236 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 51966 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts