| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | Trojan-FRJG!BB17736081CB | 20200508 | 6.0.6.653 |
| Alibaba | Trojan:Win32/Khalesi.39b87759 | 20190527 | 0.3.0.5 |
| Avast | Win32:PUP-gen [PUP] | 20200508 | 18.4.3895.0 |
| Baidu | 20190318 | 1.0.0.2 | |
| Kingsoft | 20200508 | 2013.8.14.323 | |
| Tencent | 20200508 | 1.0.0.1 | |
| CrowdStrike | 20190702 | 1.0 |
| pdb_path | D:\build\93ede267e0821512\build\build_UTIL\bin\cleaner-util.pdb |
| resource name | AFX_DIALOG_LAYOUT |
| resource name | CONFIG |
| resource name | GIF |
| resource name | PARTNERID |
| resource name | PNG |
| resource name | TXT |
| resource name | ZFONT |
| resource name | None |
| entropy | 7.236246438996441 | section | {'size_of_data': '0x001d0e00', 'virtual_address': '0x00289000', 'entropy': 7.236246438996441, 'name': '.rdata', 'virtual_size': '0x001d0d82'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.777031072770406 | section | {'size_of_data': '0x000c5200', 'virtual_address': '0x00474000', 'entropy': 7.777031072770406, 'name': '.rsrc', 'virtual_size': '0x000c5164'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.48564878496102704 | description | Overall entropy of this PE file is high | |||||||||||
| host | 172.217.24.14 | |||
| registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion |
| registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DiskVBOX_HARDDISK___________________________1.0_____ |
| registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DiskVBOX_HARDDISK___________________________1.0_____\5&33d1638a&0&0.0.0\HardwareID |
| registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&2117b2e5&0&1.0.0\HardwareID |
| registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____ |
| registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomHL-DT-ST_DVD-ROM_GDR-T10N_______________1.05____ |
| registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\DiskVBOX_HARDDISK___________________________1.0_____\5&33d1638a&0&0.0.0 |
| registry | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\IDE\CdRomVBOX_CD-ROM_____________________________1.0_____\5&2117b2e5&0&1.0.0 |
| registry | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\IDE |
| file | \??\VBoxMiniRdrDN |
| file | \\?\pipe\VBoxTrayIPC |
| file | C:\Windows\System32\vboxdisp.dll |
| file | C:\Windows\System32\vboxhook.dll |
| file | C:\Windows\System32\vboxmrxnp.dll |
| file | C:\Windows\System32\drivers\VBoxSF.sys |
| file | C:\Windows\System32\drivers\VBoxGuest.sys |
| file | C:\Windows\System32\drivers\VBoxMouse.sys |
| file | C:\Windows\System32\drivers\VBoxVideo.sys |
| registry | HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\FADT\VBOX__ |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\RSDT\VBOX__ |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620985510.193269 WNetGetProviderNameW |
net_type:
0x00250000
|
success | 0 | 0 |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1620985509.959269 NtQuerySystemInformation |
information_class:
76
(SystemFirmwareTableInformation)
|
failed | 3221225507 | 0 |
| dead_host | 31.13.95.37:80 |
| Bkav | W32.AIDetectVM.malware |
| DrWeb | Program.VKontakteDJ.79 |
| MicroWorld-eScan | Trojan.GenericKD.32480291 |
| FireEye | Generic.mg.bb17736081cbd738 |
| McAfee | Trojan-FRJG!BB17736081CB |
| Cylance | Unsafe |
| Zillya | Dropper.Injector.Win32.86410 |
| Sangfor | Malware |
| K7AntiVirus | Adware ( 00557e001 ) |
| Alibaba | Trojan:Win32/Khalesi.39b87759 |
| K7GW | Adware ( 00557e001 ) |
| Arcabit | Trojan.Generic.D1EF9C23 |
| TrendMicro | TROJ_GEN.R002C0PDN20 |
| F-Prot | W32/Trojan.DJH.gen!Eldorado |
| Symantec | ML.Attribute.HighConfidence |
| ESET-NOD32 | a variant of Win32/Chistilka.B potentially unwanted |
| APEX | Malicious |
| Avast | Win32:PUP-gen [PUP] |
| Kaspersky | Trojan.Win32.Khalesi.acsm |
| BitDefender | Trojan.GenericKD.32480291 |
| NANO-Antivirus | Riskware.Win32.Chistilka.gaoqkc |
| Rising | PUF.Chistilka!1.BC9E (RDMK:cmRtazrgxz+EN7AE4IePB8RPwduH) |
| Ad-Aware | Trojan.GenericKD.32480291 |
| Sophos | VKontakteDJ (PUA) |
| Comodo | Application.Win32.Chistilka.A@8fktgb |
| F-Secure | Heuristic.HEUR/AGEN.1103060 |
| VIPRE | Trojan.Win32.Generic!BT |
| Invincea | heuristic |
| McAfee-GW-Edition | BehavesLike.Win32.Suspicious.tc |
| Emsisoft | Application.AdLoad (A) |
| SentinelOne | DFI - Suspicious PE |
| Cyren | W32/Trojan.DJH.gen!Eldorado |
| Jiangmin | Trojan.Khalesi.chq |
| Avira | HEUR/AGEN.1103060 |
| Antiy-AVL | GrayWare/Win32.Chistilka |
| Microsoft | PUA:Win32/Conduit |
| Endgame | malicious (high confidence) |
| ViRobot | Adware.Chistilka.5589576.BKP |
| ZoneAlarm | Trojan.Win32.Khalesi.acsm |
| GData | Trojan.GenericKD.32480291 |
| VBA32 | TrojanDropper.Injector |
| ALYac | Trojan.GenericKD.32480291 |
| MAX | malware (ai score=85) |
| Malwarebytes | PUP.Optional.Chistilka |
| TrendMicro-HouseCall | TROJ_GEN.R002C0PDN20 |
| Ikarus | Trojan.PSW.Agent |
| MaxSecure | Trojan.Malware.91401761.susgen |
| Fortinet | W32/PCChist.C00D!tr |
| Webroot | W32.Adware.Gen |
| AVG | Win32:PUP-gen [PUP] |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| api.amplitude.com | A 31.13.95.37 | 202.160.128.205 |
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| time.google.com |
A 216.239.35.4
A 216.239.35.8 A 216.239.35.0 A 216.239.35.12 |
216.239.35.12 |
| teredo.ipv6.microsoft.com |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51808 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 63429 | 114.114.114.114 | 53 |
| 192.168.56.101 | 65004 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 53658 | 216.239.35.8 time.google.com | 123 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 56540 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58368 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts