| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | Generic BackDoor.xa | 20200210 | 6.0.6.653 |
| Alibaba | Backdoor:Win32/Fynloski.a93daef5 | 20190527 | 0.3.0.5 |
| Baidu | Win32.Backdoor.Agent.l | 20190318 | 1.0.0.2 |
| Avast | MSIL:GenMalicious-CHX [Trj] | 20200210 | 18.4.3895.0 |
| Tencent | Backdoor.Win32.Darkkomet.a | 20200210 | 1.0.0.1 |
| Kingsoft | Win32.Hack.HuigeziT.cz | 20200210 | 2013.8.14.323 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:3918852085&cup2hreq=7ec49552f059fbda16708cc3fb14e022f37ac167dadfe60e736b4dcfcf976a0b | ||||||
| request | HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe |
| request | HEAD http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m&mvi=1&pl=23&shardbypass=yes |
| request | HEAD http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m |
| request | GET http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:3918852085&cup2hreq=7ec49552f059fbda16708cc3fb14e022f37ac167dadfe60e736b4dcfcf976a0b |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:3918852085&cup2hreq=7ec49552f059fbda16708cc3fb14e022f37ac167dadfe60e736b4dcfcf976a0b |
| host | 172.217.24.14 | |||
| mutex | DC_MUTEX-MWZKVJS |
| regkey | HKEY_CURRENT_USER\Software\DC3_FEXEC |
| regkey | HKEY_CURRENT_USER\Software\DC2_USERS |
| Bkav | W32.OnGamesLTKVPOK.Trojan |
| MicroWorld-eScan | Trojan.Inject.AUZ |
| FireEye | Generic.mg.7254a44e4e32f378 |
| CAT-QuickHeal | Backdoor.Fynloski.A9 |
| McAfee | Generic BackDoor.xa |
| Cylance | Unsafe |
| Zillya | Backdoor.DarkKomet.Win32.30208 |
| SUPERAntiSpyware | Trojan.Agent/Gen-Darkkomet |
| Sangfor | Malware |
| K7AntiVirus | Backdoor ( 003b505d1 ) |
| Alibaba | Backdoor:Win32/Fynloski.a93daef5 |
| K7GW | Backdoor ( 003b505d1 ) |
| Cybereason | malicious.e4e32f |
| Invincea | heuristic |
| BitDefenderTheta | AI:Packer.FC49A67F1C |
| F-Prot | W32/Downloader.C.gen!Eldorado |
| Symantec | Backdoor.Graybird |
| TotalDefense | Win32/Fynloski.A!generic |
| Baidu | Win32.Backdoor.Agent.l |
| APEX | Malicious |
| Avast | MSIL:GenMalicious-CHX [Trj] |
| ClamAV | Win.Trojan.DarkKomet-1 |
| Kaspersky | Backdoor.Win32.DarkKomet.xyk |
| BitDefender | Trojan.Inject.AUZ |
| NANO-Antivirus | Trojan.Win32.DarkKomet.dtlfre |
| Paloalto | generic.ml |
| Tencent | Backdoor.Win32.Darkkomet.a |
| Endgame | malicious (high confidence) |
| Sophos | Troj/Backdr-ID |
| Comodo | Backdoor.Win32.Agent.XAB@4of2bc |
| F-Secure | Backdoor.BDS/DarkKomet.GS |
| DrWeb | BackDoor.Tordev.976 |
| VIPRE | Backdoor.Win32.Fynloski.A (v) |
| TrendMicro | BKDR_FYNLOS.SMM |
| McAfee-GW-Edition | BehavesLike.Win32.Backdoor.jh |
| Trapmine | malicious.moderate.ml.score |
| CMC | Backdoor.Win32.DarkKomet!O |
| Emsisoft | Trojan.Inject.AUZ (B) |
| Ikarus | Trojan.Win32.Jorik |
| Cyren | W32/Downloader.C.gen!Eldorado |
| Jiangmin | Trojan/Generic.adygq |
| Webroot | W32.Trojan.Gen |
| Avira | BDS/DarkKomet.GS |
| eGambit | RAT.DarkComet |
| Antiy-AVL | Trojan[Backdoor]/Win32.DarkKomet.xyk |
| Kingsoft | Win32.Hack.HuigeziT.cz |
| Microsoft | Backdoor:Win32/Fynloski.A |
| Arcabit | Trojan.Inject.AUZ |
| AegisLab | Trojan.Win32.DarkKomet.mpfG |
| ZoneAlarm | Backdoor.Win32.DarkKomet.xyk |
No hosts contacted.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49206 | 113.108.239.194 r1---sn-j5o7dn7e.gvt1.com | 80 |
| 192.168.56.101 | 49207 | 113.108.239.196 r3---sn-j5o7dn7e.gvt1.com | 80 |
| 192.168.56.101 | 49205 | 203.208.41.65 redirector.gvt1.com | 80 |
| 192.168.56.101 | 49202 | 203.208.41.98 update.googleapis.com | 443 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50002 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50568 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51378 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53210 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53380 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57236 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57756 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 53237 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 53657 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 60384 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| URI | Data |
|---|---|
| http://r1---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m&mvi=1&pl=23&shardbypass=yes | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.100&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o7dn7e.gvt1.com |
| http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com |
| http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m | GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT Range: bytes=18462-32670 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com |
| http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m | GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT Range: bytes=0-7279 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com |
| http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com |
| http://r3---sn-j5o7dn7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m | GET /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=3&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5ok7e&req_id=323aec48da58df22&cms_redirect=yes&ipbypass=yes&mip=59.50.85.19&mm=28&mn=sn-j5o7dn7e&ms=nvh&mt=1619569216&mv=m HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity If-Unmodified-Since: Tue, 13 Apr 2021 03:03:58 GMT Range: bytes=7280-18461 User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r3---sn-j5o7dn7e.gvt1.com |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts