| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Avast | Win32:AdwareX-gen [Adw] | 20201202 | 20.10.5736.0 |
| Alibaba | AdWare:Win32/Softcnapp.a4d4ed6e | 20190527 | 0.3.0.5 |
| Baidu | 20190318 | 1.0.0.2 | |
| McAfee | PUP-XLB-BE | 20201202 | 6.0.6.653 |
| Tencent | 20201202 | 1.0.0.1 | |
| CrowdStrike | 20190702 | 1.0 |
| section | .gfids |
| resource name | ZIPRES |
| resource name | ZZZZ |
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://tjtv3.wn51.com/sj.php | ||||||
| request | GET http://tjtv3.wn51.com/sj.php |
| name | ZIPRES | language | LANG_CHINESE | offset | 0x000e4378 | filetype | Zip archive data, at least v2.0 to extract | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00044eea | ||||||||||||||||||
| name | ZZZZ | language | LANG_CHINESE | offset | 0x00129264 | filetype | 7-zip archive data, version 0.3 | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x005e1150 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0076ee44 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x0076f2ac | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000084 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | offset | 0x0076f330 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000294 | ||||||||||||||||||
| entropy | 7.967594299329397 | section | {'size_of_data': '0x0068bc00', 'virtual_address': '0x000e4000', 'entropy': 7.967594299329397, 'name': '.rsrc', 'virtual_size': '0x0068bab4'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.8791396157125058 | description | Overall entropy of this PE file is high | |||||||||||
| host | 172.217.24.14 | |||
| Elastic | malicious (high confidence) |
| DrWeb | Adware.Softcnapp.125 |
| MicroWorld-eScan | Gen:Variant.Graftor.752410 |
| FireEye | Generic.mg.74d98826403ec2c2 |
| Cylance | Unsafe |
| VIPRE | Trojan.Win32.Generic!BT |
| K7AntiVirus | Unwanted-Program ( 00560ccc1 ) |
| BitDefender | Gen:Variant.Graftor.752410 |
| K7GW | Unwanted-Program ( 00560ccc1 ) |
| Cyren | W32/Trojan.DRUA-3861 |
| Symantec | ML.Attribute.HighConfidence |
| APEX | Malicious |
| Avast | Win32:AdwareX-gen [Adw] |
| Kaspersky | not-a-virus:HEUR:AdWare.Win32.Burden.gen |
| Alibaba | AdWare:Win32/Softcnapp.a4d4ed6e |
| NANO-Antivirus | Riskware.Win32.Softcnapp.hinctp |
| AegisLab | Adware.Win32.Burden.2!c |
| Rising | Trojan.Generic@ML.100 (RDML:JfPZqZmnwlf3J3vHnJPZKg) |
| Sophos | Generic PUA BB (PUA) |
| F-Secure | PotentialRisk.PUA/Softcnapp.Gen |
| Zillya | Adware.Burden.Win32.465 |
| McAfee-GW-Edition | BehavesLike.Win32.Generic.wc |
| Emsisoft | Gen:Variant.Graftor.752410 (B) |
| Jiangmin | Trojan.Snojan.btm |
| Webroot | W32.Adware.Gen |
| Avira | PUA/Softcnapp.Gen |
| MAX | malware (ai score=84) |
| Gridinsoft | Adware.Softcnapp.vl!c |
| Microsoft | PUA:Win32/Softcnapp |
| ZoneAlarm | not-a-virus:HEUR:AdWare.Win32.Burden.gen |
| GData | Gen:Variant.Graftor.752410 |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | PUP/Win32.RL_Generic.R328901 |
| McAfee | PUP-XLB-BE |
| VBA32 | BScope.Adware.Softcnapp |
| Malwarebytes | PUP.Optional.ChinAd |
| Panda | Trj/Genetic.gen |
| ESET-NOD32 | a variant of Win32/Softcnapp.BG potentially unwanted |
| Yandex | Riskware.Agent!16bZacFsqwM |
| Ikarus | PUA.Softcnapp |
| eGambit | Unsafe.AI_Score_99% |
| Fortinet | Adware/Burden |
| AVG | Win32:AdwareX-gen [Adw] |
| Paloalto | generic.ml |
| MaxSecure | Trojan.Malware.74846895.susgen |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| tjtv3.wn51.com | A 117.50.93.3 | 117.50.93.3 |
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| clients2.google.com |
CNAME clients.l.google.com
A 216.58.200.238 |
216.58.200.238 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| teredo.ipv6.microsoft.com |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49175 | 117.50.93.3 tjtv3.wn51.com | 80 |
| 192.168.56.101 | 49177 | 117.50.93.3 tjtv3.wn51.com | 80 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49713 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50002 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53237 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57756 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 61680 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50568 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 53657 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 57874 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 63429 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| URI | Data |
|---|---|
| http://tjtv3.wn51.com/sj.php | GET /sj.php HTTP/1.1 Host: tjtv3.wn51.com Accept: */* |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts