查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
---|---|---|---|
CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
Baidu | 20190318 | 1.0.0.2 | |
Avast | 20201230 | 21.1.5827.0 | |
Alibaba | Trojan:Win32/Vebzenpak.5308f5bd | 20190527 | 0.3.0.5 |
Kingsoft | 20201227 | 2017.9.26.565 | |
McAfee | Fareit-FTA!6B50011083A8 | 20201227 | 6.0.6.653 |
host | 172.217.24.14 |
Bkav | W32.AIDetectVM.malware1 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Heur.PonyStealer.fm0@Bq80PacG |
FireEye | Generic.mg.6b50011083a80534 |
Qihoo-360 | Win32/Trojan.2bc |
ALYac | Gen:Heur.PonyStealer.fm0@Bq80PacG |
Malwarebytes | Trojan.GuLoader |
K7AntiVirus | Trojan ( 005669141 ) |
BitDefender | Gen:Heur.PonyStealer.fm0@Bq80PacG |
K7GW | Trojan ( 005669141 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Cyren | W32/Fareit.JR.gen!Eldorado |
Symantec | ML.Attribute.HighConfidence |
APEX | Malicious |
Kaspersky | Trojan.Win32.Vebzenpak.pqs |
Alibaba | Trojan:Win32/Vebzenpak.5308f5bd |
Ad-Aware | Gen:Heur.PonyStealer.fm0@Bq80PacG |
TACHYON | Trojan/W32.VB-Vebzenpak.90112.W |
Sophos | Mal/Generic-R + Mal/FareitVB-AE |
Comodo | Malware@#2i763x7qwixur |
F-Secure | Trojan.TR/Injector.mbmyx |
Zillya | Trojan.Vebzenpak.Win32.2729 |
TrendMicro | Possible_SMHPFAREITTH |
McAfee-GW-Edition | BehavesLike.Win32.Fareit.mz |
Emsisoft | Gen:Heur.PonyStealer.fm0@Bq80PacG (B) |
Ikarus | Trojan.VB.Crypt |
Jiangmin | Trojan.Vebzenpak.cxe |
Avira | TR/Injector.mbmyx |
Antiy-AVL | Trojan/Win32.Vebzenpak |
Microsoft | PWS:Win32/Fareit!MTB |
Arcabit | Trojan.PonyStealer.ED16DDE |
ZoneAlarm | Trojan.Win32.Vebzenpak.pqs |
GData | Gen:Heur.PonyStealer.fm0@Bq80PacG |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Trojan/Win32.Injector.R336134 |
McAfee | Fareit-FTA!6B50011083A8 |
MAX | malware (ai score=85) |
VBA32 | BScope.TrojanPSW.Fareit |
Cylance | Unsafe |
Panda | Trj/CI.A |
ESET-NOD32 | a variant of Win32/Injector.ELYN |
TrendMicro-HouseCall | Possible_SMHPFAREITTH |
Rising | Downloader.Guloader!1.C624 (CLASSIC) |
Yandex | Trojan.Injector!4jpKz/9X4iw |
Fortinet | W32/Injector.ELXM!tr |
AVG | Win32:DropperX-gen [Drp] |
Cybereason | malicious.083a80 |
Paloalto | generic.ml |
MaxSecure | Trojan.Malware.1728101.susgen |
dead_host | 172.217.24.14:443 |
dead_host | 172.217.160.78:443 |
dead_host | 216.58.200.46:443 |
No hosts contacted.
Name | Response | Post-Analysis Lookup |
---|---|---|
dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
clients2.google.com |
A 172.217.160.78
CNAME clients.l.google.com A 216.58.200.46 |
216.58.200.78 |
dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
teredo.ipv6.microsoft.com |
No TCP connections recorded.
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.101 | 49235 | 114.114.114.114 | 53 |
192.168.56.101 | 51963 | 114.114.114.114 | 53 |
192.168.56.101 | 53210 | 114.114.114.114 | 53 |
192.168.56.101 | 53657 | 114.114.114.114 | 53 |
192.168.56.101 | 55368 | 114.114.114.114 | 53 |
192.168.56.101 | 60215 | 114.114.114.114 | 53 |
192.168.56.101 | 137 | 192.168.56.255 | 137 |
192.168.56.101 | 138 | 192.168.56.255 | 138 |
192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
192.168.56.101 | 50002 | 224.0.0.252 | 5355 |
192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
192.168.56.101 | 53380 | 224.0.0.252 | 5355 |
192.168.56.101 | 56539 | 224.0.0.252 | 5355 |
192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
192.168.56.101 | 57756 | 224.0.0.252 | 5355 |
192.168.56.101 | 57874 | 224.0.0.252 | 5355 |
192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
192.168.56.101 | 60384 | 224.0.0.252 | 5355 |
192.168.56.101 | 61680 | 224.0.0.252 | 5355 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts