| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | 20200706 | 6.0.6.653 | |
| Alibaba | 20190527 | 0.3.0.5 | |
| CrowdStrike | win/malicious_confidence_60% (D) | 20190702 | 1.0 |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | Win32:Adware-gen [Adw] | 20200706 | 18.4.3895.0 |
| Kingsoft | 20200706 | 2013.8.14.323 | |
| Tencent | 20200706 | 1.0.0.1 |
| pdb_path | d:\Jenkins\workspace\srf_develop\ShuRuFa\ç¨åº\Trunk\Bin\pdbmap\DongFang\WBUpd32.pdb |
| resource name | PIC |
| resource name | ZIPRES |
| name | PIC | language | LANG_CHINESE | offset | 0x00193290 | filetype | PNG image data, 85 x 85, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000026f | ||||||||||||||||||
| name | ZIPRES | language | LANG_CHINESE | offset | 0x00193500 | filetype | Zip archive data, at least v2.0 to extract | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000014da | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x001989b4 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x001989b4 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x001989b4 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x001989b4 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00198e1c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000003e | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | offset | 0x00198e5c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000258 | ||||||||||||||||||
| name | RT_MANIFEST | language | LANG_CHINESE | offset | 0x001990b4 | filetype | UTF-8 Unicode text, with very long lines, with CRLF line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000318 | ||||||||||||||||||
| host | 172.217.24.14 | |||
| Bkav | W32.HfsAdware.DA20 |
| FireEye | Generic.mg.93e3604e200b4aa8 |
| K7AntiVirus | Adware ( 00538f8f1 ) |
| K7GW | Adware ( 00538f8f1 ) |
| CrowdStrike | win/malicious_confidence_60% (D) |
| APEX | Malicious |
| Avast | Win32:Adware-gen [Adw] |
| BitDefender | Gen:Variant.Johnnie.253551 |
| MicroWorld-eScan | Gen:Variant.Johnnie.253551 |
| Rising | Adware.Agent!1.C6F2 (CLASSIC) |
| Endgame | malicious (high confidence) |
| DrWeb | Adware.Softcnapp.60 |
| Zillya | Adware.Burden.Win32.100 |
| Invincea | heuristic |
| Emsisoft | Gen:Variant.Johnnie.253551 (B) |
| Microsoft | PUA:Win32/Softcnapp |
| GData | Gen:Variant.Johnnie.253551 |
| VBA32 | BScope.Adware.Softcnapp |
| MAX | malware (ai score=80) |
| ESET-NOD32 | a variant of Win32/Softcnapp.J potentially unwanted |
| Yandex | Riskware.Agent! |
| Ikarus | PUA.Softcnapp |
| Fortinet | Riskware/Softcnapp |
| AVG | Win32:Adware-gen [Adw] |
| Ordinal | Address | Name |
|---|---|---|
| 1 | 0x441720 | curl_easy_cleanup |
| 2 | 0x4417b0 | curl_easy_duphandle |
| 3 | 0x469cd0 | curl_easy_escape |
| 4 | 0x441790 | curl_easy_getinfo |
| 5 | 0x441600 | curl_easy_init |
| 6 | 0x441a50 | curl_easy_pause |
| 7 | 0x441670 | curl_easy_perform |
| 8 | 0x441bc0 | curl_easy_recv |
| 9 | 0x4419b0 | curl_easy_reset |
| 10 | 0x441c20 | curl_easy_send |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| teredo.ipv6.microsoft.com |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49713 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50002 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60384 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 57756 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 57874 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 63429 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 50539 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 53658 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts