| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | Artemis!B054DE22D3E5 | 20200424 | 6.0.6.653 |
| Alibaba | 20190527 | 0.3.0.5 | |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | Win32:MalwareX-gen [Trj] | 20200423 | 18.4.3895.0 |
| Kingsoft | 20200424 | 2013.8.14.323 | |
| Tencent | Win32.Trojan.Gen.Pcie | 20200424 | 1.0.0.1 |
| CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
| file | C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\data |
| section | .itext |
| resource name | BASS |
| resource name | D3DX9_43 |
| resource name | IMESKIN |
| resource name | SNAPPY32 |
| resource name | SOUNDLST |
| resource name | UIPKG |
| suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=10:4036354019&cup2hreq=592cfb0b28893397215bd32225c598999d13b9e3622c97c6896e314cd259c5dd | ||||||
| request | HEAD http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe |
| request | HEAD http://r1---sn-j5o76n7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619833698&mv=m&mvi=1&pl=23&shardbypass=yes |
| request | HEAD http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=d9e6bd3f211b7e26&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619833937&mv=m |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:4036354019&cup2hreq=592cfb0b28893397215bd32225c598999d13b9e3622c97c6896e314cd259c5dd |
| request | POST https://update.googleapis.com/service/update2?cup2key=10:4036354019&cup2hreq=592cfb0b28893397215bd32225c598999d13b9e3622c97c6896e314cd259c5dd |
| name | BASS | language | LANG_CHINESE | offset | 0x0041fecc | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00016a38 | ||||||||||||||||||
| name | D3DX9_43 | language | LANG_CHINESE | offset | 0x00436904 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x001e7d58 | ||||||||||||||||||
| name | IMESKIN | language | LANG_CHINESE | offset | 0x0061e65c | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000219c9 | ||||||||||||||||||
| name | SNAPPY32 | language | LANG_CHINESE | offset | 0x00640028 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00017800 | ||||||||||||||||||
| name | SOUNDLST | language | LANG_CHINESE | offset | 0x00657828 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000881e | ||||||||||||||||||
| name | UIPKG | language | LANG_CHINESE | offset | 0x00660048 | filetype | empty | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0002a000 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0041fbd0 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2004318064, next used block 2005370999 | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000002e8 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x0041feb8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000014 | ||||||||||||||||||
| entropy | 7.9972289386079325 | section | {'size_of_data': '0x00237400', 'virtual_address': '0x001e6000', 'entropy': 7.9972289386079325, 'name': 'UPX1', 'virtual_size': '0x00237389'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.9964866051822574 | description | Overall entropy of this PE file is high | |||||||||||
| section | UPX0 | description | Section name indicates UPX | ||||||
| section | UPX1 | description | Section name indicates UPX | ||||||
| host | 172.217.24.14 | |||
| Bkav | HW32.Packed. |
| MicroWorld-eScan | Gen:Variant.Application.Symmi.88216 |
| FireEye | Generic.mg.b054de22d3e52d20 |
| CAT-QuickHeal | Trojan.Wacatac |
| McAfee | Artemis!B054DE22D3E5 |
| Cylance | Unsafe |
| Zillya | Trojan.BestaFera.Win32.8079 |
| Sangfor | Malware |
| K7AntiVirus | Password-Stealer ( 004d58ef1 ) |
| K7GW | Password-Stealer ( 004d58ef1 ) |
| Cybereason | malicious.2d3e52 |
| Arcabit | Trojan.Application.Symmi.D15898 |
| Invincea | heuristic |
| BitDefenderTheta | Gen:NN.ZexaF.34106.BQZ@aKkFVxkb |
| Symantec | ML.Attribute.HighConfidence |
| TotalDefense | Win32/Dragon_i |
| APEX | Malicious |
| Avast | Win32:MalwareX-gen [Trj] |
| BitDefender | Gen:Variant.Application.Symmi.88216 |
| Paloalto | generic.ml |
| AegisLab | Trojan.Win32.Symmi.4!c |
| Rising | Malware.Undefined!8.C (CLOUD) |
| Ad-Aware | Gen:Variant.Application.Symmi.88216 |
| Sophos | Mal/Generic-S |
| F-Secure | Heuristic.HEUR/AGEN.1130339 |
| McAfee-GW-Edition | BehavesLike.Win32.PUPXDZ.vc |
| Trapmine | malicious.high.ml.score |
| Emsisoft | Gen:Variant.Application.Symmi.88216 (B) |
| SentinelOne | DFI - Malicious PE |
| Jiangmin | Trojan.Banker.BestaFera.gpl |
| Avira | HEUR/AGEN.1130339 |
| MAX | malware (ai score=99) |
| Antiy-AVL | Trojan[Banker]/Win32.BestaFera |
| Microsoft | Trojan:Win32/Occamy.C |
| Endgame | malicious (high confidence) |
| GData | Gen:Variant.Application.Symmi.88216 |
| AhnLab-V3 | Adware/Win32.Agent.C3456258 |
| Acronis | suspicious |
| VBA32 | Trojan.Wacatac |
| Tencent | Win32.Trojan.Gen.Pcie |
| eGambit | Unsafe.AI_Score_100% |
| MaxSecure | Trojan.Malware.73836575.susgen |
| AVG | Win32:MalwareX-gen [Trj] |
| Panda | Trj/GdSda.A |
| CrowdStrike | win/malicious_confidence_100% (W) |
No hosts contacted.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49190 | 113.108.239.130 r1---sn-j5o76n7e.gvt1.com | 80 |
| 192.168.56.101 | 49189 | 203.208.41.33 redirector.gvt1.com | 80 |
| 192.168.56.101 | 49188 | 203.208.41.66 update.googleapis.com | 443 |
| 192.168.56.101 | 49191 | 58.63.233.69 r4---sn-j5o76n7l.gvt1.com | 80 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49235 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50002 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51378 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57756 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 65004 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 53237 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 53657 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 55368 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 56540 | 239.255.255.250 | 3702 |
| URI | Data |
|---|---|
| http://r1---sn-j5o76n7e.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619833698&mv=m&mvi=1&pl=23&shardbypass=yes | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?cms_redirect=yes&mh=ms&mip=202.100.214.105&mm=28&mn=sn-j5o76n7e&ms=nvh&mt=1619833698&mv=m&mvi=1&pl=23&shardbypass=yes HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r1---sn-j5o76n7e.gvt1.com |
| http://redirector.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: redirector.gvt1.com |
| http://r4---sn-j5o76n7l.gvt1.com/edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=d9e6bd3f211b7e26&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619833937&mv=m | HEAD /edgedl/release2/update2/AIUdiWYcaIvMz1IBNCM0PPo_1.3.36.82/GoogleUpdateSetup.exe?mh=ms&mvi=4&pl=17&shardbypass=yes&redirect_counter=1&rm=sn-j5oe7e&req_id=d9e6bd3f211b7e26&cms_redirect=yes&ipbypass=yes&mip=59.50.85.28&mm=28&mn=sn-j5o76n7l&ms=nvh&mt=1619833937&mv=m HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: identity User-Agent: Microsoft BITS/7.5 X-Old-UID: cnt=0 X-Last-HR: 0x0 X-Last-HTTP-Status-Code: 0 X-Retry-Count: 0 X-HTTP-Attempts: 1 Host: r4---sn-j5o76n7l.gvt1.com |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts