查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
---|---|---|---|
McAfee | Fareit-FZN!624256432006 | 20210430 | 6.0.6.653 |
Baidu | 20190318 | 1.0.0.2 | |
Avast | Other:Malware-gen [Trj] | 20210501 | 21.1.5827.0 |
Alibaba | Backdoor:Win32/DelfInject.2724104f | 20190527 | 0.3.0.5 |
Tencent | Win32.Backdoor.Fareit.Auto | 20210501 | 1.0.0.1 |
Kingsoft | Win32.Hack.Undef.(kcloud) | 20210501 | 2017.9.26.565 |
CrowdStrike | win/malicious_confidence_100% (W) | 20210203 | 1.0 |
section | CODE |
section | DATA |
section | BSS |
packer | BobSoft Mini Delphi -> BoB / BobSoft |
suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:383110404&cup2hreq=8ef3bd3e04e6cd50f37a4c15e70e48746e2e9e738034849fd620999c82c7f40b |
request | HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe |
request | HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620754094&mv=m&mvi=1&pl=23&shardbypass=yes |
request | HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=83941b03835e9a1f&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620754094&mv=m&mvi=3 |
request | POST https://update.googleapis.com/service/update2?cup2key=10:383110404&cup2hreq=8ef3bd3e04e6cd50f37a4c15e70e48746e2e9e738034849fd620999c82c7f40b |
request | POST https://update.googleapis.com/service/update2?cup2key=10:383110404&cup2hreq=8ef3bd3e04e6cd50f37a4c15e70e48746e2e9e738034849fd620999c82c7f40b |
entropy | 7.533013599433472 | section | {'size_of_data': '0x00022200', 'virtual_address': '0x00081000', 'entropy': 7.533013599433472, 'name': '.rsrc', 'virtual_size': '0x00022094'} | description | A section with a high entropy has been found | |||||||||
entropy | 0.21683876092136617 | description | Overall entropy of this PE file is high |
host | 172.217.24.14 |
Bkav | W32.AIDetect.malware2 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Trojan.GenericKD.34486941 |
FireEye | Generic.mg.624256432006a3a4 |
CAT-QuickHeal | Trojan.MultiIH.S15729597 |
McAfee | Fareit-FZN!624256432006 |
Cylance | Unsafe |
Zillya | Backdoor.Androm.Win32.74254 |
AegisLab | Trojan.Win32.Androm.m!c |
Sangfor | Trojan.Win32.Save.a |
K7AntiVirus | Trojan ( 0056dde41 ) |
BitDefender | Trojan.GenericKD.34486941 |
K7GW | Trojan ( 0056dde41 ) |
Cybereason | malicious.32006a |
Cyren | W32/Injector.ZADE-0994 |
Symantec | Trojan Horse |
ESET-NOD32 | Win32/PSW.Fareit.L |
APEX | Malicious |
Avast | Other:Malware-gen [Trj] |
ClamAV | Win.Dropper.LokiBot-9755331-0 |
Kaspersky | HEUR:Backdoor.Win32.Androm.gen |
Alibaba | Backdoor:Win32/DelfInject.2724104f |
NANO-Antivirus | Trojan.Win32.Androm.hujphb |
Tencent | Win32.Backdoor.Fareit.Auto |
Ad-Aware | Trojan.GenericKD.34486941 |
Comodo | Malware@#kik0kwi3nsmm |
DrWeb | BackDoor.Siggen2.3242 |
VIPRE | Trojan.Win32.Generic!BT |
TrendMicro | TrojanSpy.Win32.LOKI.AUFS |
McAfee-GW-Edition | BehavesLike.Win32.Fareit.jh |
Emsisoft | Trojan.GenericKD.34486941 (B) |
SentinelOne | Static AI - Suspicious PE |
GData | Win32.Trojan.Kryptik.FR7OW6 |
Jiangmin | Backdoor.Androm.axlb |
Webroot | W32.Trojan.Gen |
Avira | TR/Kryptik.wakhi |
Kingsoft | Win32.Hack.Undef.(kcloud) |
Gridinsoft | Trojan.Win32.Packed.oa |
Microsoft | Trojan:Win32/DelfInject.VA!MSR |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Malware/Win32.Generic.C4193064 |
Acronis | suspicious |
BitDefenderTheta | Gen:NN.ZelphiF.34686.NGW@aO5GI2gi |
MAX | malware (ai score=100) |
VBA32 | BScope.Trojan.Crypt |
Malwarebytes | Trojan.MalPack |
Panda | Trj/RnkBend.A |
Zoner | Trojan.Win32.92471 |
TrendMicro-HouseCall | TrojanSpy.Win32.LOKI.AUFS |
Rising | Trojan.Kryptik!1.CBCB (KTSE) |
dead_host | 172.217.160.110:443 |
dead_host | 216.58.200.46:443 |
dead_host | 172.217.24.14:443 |
No hosts contacted.
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.101 | 49188 | 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com | 80 |
192.168.56.101 | 49189 | 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com | 80 |
192.168.56.101 | 49187 | 203.208.41.33 redirector.gvt1.com | 80 |
192.168.56.101 | 49185 | 203.208.41.98 update.googleapis.com | 443 |
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.101 | 49235 | 114.114.114.114 | 53 |
192.168.56.101 | 53657 | 114.114.114.114 | 53 |
192.168.56.101 | 54178 | 114.114.114.114 | 53 |
192.168.56.101 | 54260 | 114.114.114.114 | 53 |
192.168.56.101 | 54991 | 114.114.114.114 | 53 |
192.168.56.101 | 55368 | 114.114.114.114 | 53 |
192.168.56.101 | 58070 | 114.114.114.114 | 53 |
192.168.56.101 | 60215 | 114.114.114.114 | 53 |
192.168.56.101 | 60221 | 114.114.114.114 | 53 |
192.168.56.101 | 63429 | 114.114.114.114 | 53 |
192.168.56.101 | 137 | 192.168.56.255 | 137 |
192.168.56.101 | 138 | 192.168.56.255 | 138 |
192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
192.168.56.101 | 50002 | 224.0.0.252 | 5355 |
192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
192.168.56.101 | 53380 | 224.0.0.252 | 5355 |
192.168.56.101 | 56539 | 224.0.0.252 | 5355 |
192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
URI | Data |
---|---|
http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com |
http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=83941b03835e9a1f&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620754094&mv=m&mvi=3 | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=83941b03835e9a1f&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620754094&mv=m&mvi=3 HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com |
http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620754094&mv=m&mvi=1&pl=23&shardbypass=yes | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1620754094&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts