查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
---|---|---|---|
McAfee | Fareit-FOZ!73B6E945B151 | 20191113 | 6.0.6.653 |
Alibaba | TrojanPSW:Win32/CeeInject.f60314b7 | 20190527 | 0.3.0.5 |
CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
Avast | Win32:Malware-gen | 20191114 | 18.4.3895.0 |
Baidu | 20190318 | 1.0.0.2 | |
Kingsoft | 20191114 | 2013.8.14.323 | |
Tencent | 20191114 | 1.0.0.1 |
Time & API | Arguments | Status | Return | Repeated |
---|---|---|---|---|
1620766540.725124 GetComputerNameW |
computer_name:
OSKAR-PC
|
success | 1 | 0 |
1620766540.725124 GetComputerNameW |
computer_name:
OSKAR-PC
|
success | 1 | 0 |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
section | CODE |
section | DATA |
section | BSS |
packer | BobSoft Mini Delphi -> BoB / BobSoft |
Time & API | Arguments | Status | Return | Repeated |
---|---|---|---|---|
1620766543.428124 GetAdaptersAddresses |
flags:
0
family: 0 |
failed | 111 | 0 |
entropy | 7.132611719342412 | section | {'size_of_data': '0x00024200', 'virtual_address': '0x00078000', 'entropy': 7.132611719342412, 'name': '.rsrc', 'virtual_size': '0x0002411c'} | description | A section with a high entropy has been found | |||||||||
entropy | 0.24123539232053423 | description | Overall entropy of this PE file is high |
host | 172.217.24.14 |
DrWeb | Trojan.Nanocore.23 |
MicroWorld-eScan | Trojan.GenericKD.41200615 |
FireEye | Generic.mg.73b6e945b1515703 |
CAT-QuickHeal | TrojanPWS.Fareit |
McAfee | Fareit-FOZ!73B6E945B151 |
Malwarebytes | Backdoor.NanoCore |
Zillya | Trojan.Injector.Win32.661126 |
K7AntiVirus | Riskware ( 0040eff71 ) |
Alibaba | TrojanPSW:Win32/CeeInject.f60314b7 |
K7GW | Riskware ( 0040eff71 ) |
CrowdStrike | win/malicious_confidence_100% (W) |
Arcabit | Trojan.Generic.D274ABE7 |
TrendMicro | TrojanSpy.Win32.LOKI.SMAD.hp |
BitDefenderTheta | Gen:NN.ZelphiF.32250.LGW@a8Qhq6hi |
F-Prot | W32/Trojan.CMD.gen!Eldorado |
Symantec | Trojan.Gen.MBT |
ESET-NOD32 | a variant of Win32/Injector.EEXD |
APEX | Malicious |
Paloalto | generic.ml |
Kaspersky | HEUR:Backdoor.Win32.Agentb.gen |
BitDefender | Trojan.GenericKD.41200615 |
NANO-Antivirus | Trojan.Win32.Nanocore.fozriu |
AegisLab | Trojan.Win32.Agentb.m!c |
Avast | Win32:Malware-gen |
Rising | Trojan.Injector!1.AFE3 (CLASSIC) |
Ad-Aware | Trojan.GenericKD.41200615 |
Emsisoft | Trojan.GenericKD.41200615 (B) |
Comodo | Malware@#15ii41avinh88 |
F-Secure | Trojan.TR/AD.MoksSteal.cduct |
Invincea | heuristic |
McAfee-GW-Edition | BehavesLike.Win32.Fareit.jh |
Trapmine | malicious.high.ml.score |
Sophos | Mal/Fareit-Q |
Cyren | W32/Trojan.XTJD-2980 |
Jiangmin | Trojan.PSW.Fareit.ync |
Avira | TR/AD.MoksSteal.cduct |
Microsoft | VirTool:Win32/CeeInject.BDK!bit |
Endgame | malicious (high confidence) |
ViRobot | Trojan.Win32.Z.Nanocore.614400 |
ZoneAlarm | HEUR:Backdoor.Win32.Agentb.gen |
GData | Trojan.GenericKD.41200615 |
AhnLab-V3 | Win-Trojan/Delphiless.Exp |
Acronis | suspicious |
VBA32 | Trojan.Nanocore |
ALYac | Trojan.GenericKD.41200615 |
TrendMicro-HouseCall | TrojanSpy.Win32.LOKI.SMAD.hp |
Ikarus | Trojan.Inject |
Fortinet | W32/Injector.EEYL!tr |
AVG | Win32:Malware-gen |
Cybereason | malicious.5b1515 |
dead_host | 172.217.24.14:443 |
dead_host | 172.217.160.78:443 |
No hosts contacted.
Name | Response | Post-Analysis Lookup |
---|---|---|
time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
aerveo.com | ||
dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
clients2.google.com |
A 172.217.160.78
CNAME clients.l.google.com |
142.250.66.110 |
dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
teredo.ipv6.microsoft.com |
No TCP connections recorded.
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.101 | 51808 | 114.114.114.114 | 53 |
192.168.56.101 | 51963 | 114.114.114.114 | 53 |
192.168.56.101 | 53380 | 114.114.114.114 | 53 |
192.168.56.101 | 55368 | 114.114.114.114 | 53 |
192.168.56.101 | 56539 | 114.114.114.114 | 53 |
192.168.56.101 | 60384 | 114.114.114.114 | 53 |
192.168.56.101 | 62912 | 114.114.114.114 | 53 |
192.168.56.101 | 137 | 192.168.56.255 | 137 |
192.168.56.101 | 138 | 192.168.56.255 | 138 |
192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
192.168.56.101 | 49713 | 224.0.0.252 | 5355 |
192.168.56.101 | 51378 | 224.0.0.252 | 5355 |
192.168.56.101 | 53237 | 224.0.0.252 | 5355 |
192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
192.168.56.101 | 58367 | 224.0.0.252 | 5355 |
192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
192.168.56.101 | 61680 | 224.0.0.252 | 5355 |
192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
192.168.56.101 | 62318 | 224.0.0.252 | 5355 |
192.168.56.101 | 65004 | 224.0.0.252 | 5355 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts