| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | GenericRXHP-MB!78FF2026EE9C | 20201224 | 6.0.6.653 |
| CrowdStrike | win/malicious_confidence_90% (W) | 20190702 | 1.0 |
| Alibaba | TrojanSpy:Win32/Lokibot.8bfb83e6 | 20190527 | 0.3.0.5 |
| Avast | Win32:Malware-gen | 20201224 | 21.1.5827.0 |
| Baidu | 20190318 | 1.0.0.2 | |
| Tencent | Malware.Win32.Gencirc.10b62c95 | 20201224 | 1.0.0.1 |
| section | CODE |
| section | DATA |
| section | BSS |
| packer | BobSoft Mini Delphi -> BoB / BobSoft |
| entropy | 7.323034701315701 | section | {'size_of_data': '0x00024a00', 'virtual_address': '0x0009a000', 'entropy': 7.323034701315701, 'name': '.rsrc', 'virtual_size': '0x000249f4'} | description | A section with a high entropy has been found | |||||||||
| host | 172.217.24.14 | |||
| file | C:\Users\Administrator.Oskar-PC\AppData\Roaming\iphone\microsoftexcel.exe:ZoneIdentifier |
| file | C:\Users\Administrator.Oskar-PC\AppData\Roaming\iphone\microsoftexcel.exe |
| Bkav | W32.AIDetectVM.malware2 |
| Elastic | malicious (high confidence) |
| DrWeb | Trojan.PWS.Siggen2.13817 |
| MicroWorld-eScan | Trojan.Agent.DWPL |
| McAfee | GenericRXHP-MB!78FF2026EE9C |
| Malwarebytes | Trojan.MalPack.DLF.Generic |
| VIPRE | Trojan.Win32.Generic!BT |
| Sangfor | Malware |
| CrowdStrike | win/malicious_confidence_90% (W) |
| Alibaba | TrojanSpy:Win32/Lokibot.8bfb83e6 |
| K7GW | Riskware ( 0040eff71 ) |
| K7AntiVirus | Riskware ( 0040eff71 ) |
| BitDefenderTheta | Gen:NN.ZelphiF.34700.UGW@aaB8qLki |
| Cyren | W32/Injector.MAWG-9269 |
| Symantec | Infostealer.Lokibot!16 |
| ESET-NOD32 | a variant of Win32/Packed.Asprotect.NAQ |
| APEX | Malicious |
| Paloalto | generic.ml |
| Kaspersky | HEUR:Trojan-Spy.Win32.Noon.gen |
| BitDefender | Trojan.Agent.DWPL |
| NANO-Antivirus | Trojan.Win32.Noon.fpyryr |
| ViRobot | Trojan.Win32.Agent.756224.J |
| Avast | Win32:Malware-gen |
| Rising | Trojan.Injector!1.AFE3 (CLASSIC) |
| Ad-Aware | Trojan.Agent.DWPL |
| Sophos | Mal/Generic-R + Mal/Fareit-Q |
| Comodo | Malware@#1zmkagcu0qn3b |
| F-Secure | Heuristic.HEUR/AGEN.1111025 |
| Zillya | Trojan.Noon.Win32.8185 |
| TrendMicro | TrojanSpy.Win32.LOKI.SMDD.hp |
| McAfee-GW-Edition | BehavesLike.Win32.Fareit.bh |
| FireEye | Generic.mg.78ff2026ee9c0b0f |
| Emsisoft | Trojan.Packed (A) |
| Ikarus | Trojan-Spy.Azorult |
| GData | Trojan.Agent.DWPL |
| eGambit | Unsafe.AI_Score_87% |
| Avira | HEUR/AGEN.1111025 |
| MAX | malware (ai score=88) |
| Antiy-AVL | Trojan/Win32.Fuerboos |
| Arcabit | Trojan.Agent.DWPL |
| AegisLab | Trojan.Win32.Noon.l!c |
| ZoneAlarm | HEUR:Trojan-Spy.Win32.Noon.gen |
| Microsoft | Trojan:Win32/Lokibot.A!MTB |
| Cynet | Malicious (score: 100) |
| AhnLab-V3 | Win-Trojan/Delphiless.Exp |
| Acronis | suspicious |
| ALYac | Trojan.Agent.DWPL |
| VBA32 | TrojanSpy.Noon |
| Cylance | Unsafe |
| Zoner | Trojan.Win32.78051 |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| teredo.ipv6.microsoft.com | 127.0.0.1 |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51963 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 65004 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 50535 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56540 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts