| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Virus:Win32/Nimnul.b87588ac | 20190527 | 0.3.0.5 |
| Baidu | Win32.Virus.Otwycal.d | 20190318 | 1.0.0.2 |
| Avast | Other:Malware-gen [Trj] | 20201210 | 21.1.5827.0 |
| Kingsoft | Win32.Infected.AutoInfector.a.(kcloud) | 20201211 | 2017.9.26.565 |
| McAfee | W32/Kudj | 20201211 | 6.0.6.653 |
| CrowdStrike | win/malicious_confidence_80% (W) | 20190702 | 1.0 |
| pdb_path | C:\Jenkins\jobs\miktex-2.9\workspace\build-x86\binlib\mpm_qt.pdb |
| section | .gfids |
| section | .00cfg |
| section | \x92E\xae\xda\xa3uu |
| entropy | 6.93471568224147 | section | {'size_of_data': '0x00004200', 'virtual_address': '0x0002b000', 'entropy': 6.93471568224147, 'name': '\\x92E\\xae\\xda\\xa3uu', 'virtual_size': '0x00005000'} | description | A section with a high entropy has been found | |||||||||
| host | 172.217.24.14 | |||
| Bkav | W32.FamVT.DumpModuleInfectiousNME.PE |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Win32.VJadtre.3 |
| FireEye | Generic.mg.b4a503ccc8ab4b83 |
| ALYac | Win32.VJadtre.3 |
| Cylance | Unsafe |
| VIPRE | Virus.Win32.Small.acea (v) |
| Sangfor | Malware |
| K7AntiVirus | Virus ( 0040f7441 ) |
| Alibaba | Virus:Win32/Nimnul.b87588ac |
| K7GW | Virus ( 0040f7441 ) |
| Cybereason | malicious.cc8ab4 |
| Arcabit | Win32.VJadtre.3 |
| Baidu | Win32.Virus.Otwycal.d |
| Cyren | W32/PatchLoad.E |
| Symantec | W32.Wapomi.C!inf |
| TotalDefense | Win32/Nimnul.A |
| APEX | Malicious |
| Paloalto | generic.ml |
| ClamAV | Win.Malware.Triusor-6813546-0 |
| Kaspersky | Virus.Win32.Nimnul.f |
| BitDefender | Win32.VJadtre.3 |
| NANO-Antivirus | Trojan.Win32.Banload.cstqaj |
| ViRobot | Win32.Ramnit.F |
| Avast | Other:Malware-gen [Trj] |
| Ad-Aware | Win32.VJadtre.3 |
| TACHYON | Virus/W32.Ramnit.C |
| Sophos | Mal/Generic-R + W32/Nimnul-A |
| Comodo | Virus.Win32.Wali.KA@558nxg |
| F-Secure | Malware.W32/Jadtre.B |
| DrWeb | BackDoor.Darkshell.246 |
| Zillya | Virus.Nimnul.Win32.5 |
| TrendMicro | PE_WAPOMI.BM |
| McAfee-GW-Edition | BehavesLike.Win32.Kudj.cm |
| Emsisoft | Win32.VJadtre.3 (B) |
| Ikarus | Trojan-Downloader.Win32.Small |
| Jiangmin | Win32/Nimnul.f |
| Avira | W32/Jadtre.B |
| Antiy-AVL | Virus/Win32.Nimnul.f |
| Kingsoft | Win32.Infected.AutoInfector.a.(kcloud) |
| Gridinsoft | Trojan.Heur!.03002201 |
| Microsoft | Virus:Win32/Mikcer.B |
| AegisLab | Virus.Win32.Nimnul.m1R5 |
| ZoneAlarm | Virus.Win32.Nimnul.f |
| GData | Win32.Virus.Wapomi.A |
| Cynet | Malicious (score: 85) |
| AhnLab-V3 | Win32/VJadtre.Gen |
| McAfee | W32/Kudj |
| MAX | malware (ai score=88) |
| VBA32 | Virus.Nimnul.19209 |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| teredo.ipv6.microsoft.com | 127.0.0.1 |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51808 | 114.114.114.114 | 53 |
| 192.168.56.101 | 55368 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 63429 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 65004 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 51809 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56540 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts