| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Packed:Win32/Themida.c7af7247 | 20190527 | 0.3.0.5 |
| CrowdStrike | win/malicious_confidence_90% (W) | 20190702 | 1.0 |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | Win32:TrojanX-gen [Trj] | 20200921 | 18.4.3895.0 |
| Tencent | Win32.Trojan.Crypt.Szuu | 20200921 | 1.0.0.1 |
| Kingsoft | 20200921 | 2013.8.14.323 | |
| McAfee | Artemis!CE30C86CE015 | 20200921 | 6.0.6.653 |
| section | |
| section | .themida |
| section | .boot |
| file | C:\ProgramData\pveutamgw\fjchsuw.bat |
| entropy | 7.981797543974462 | section | {'size_of_data': '0x00013a00', 'virtual_address': '0x00001000', 'entropy': 7.981797543974462, 'name': ' ', 'virtual_size': '0x00025775'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.93113148173494 | section | {'size_of_data': '0x00004000', 'virtual_address': '0x00027000', 'entropy': 7.93113148173494, 'name': ' ', 'virtual_size': '0x00009080'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.460188723957292 | section | {'size_of_data': '0x00000200', 'virtual_address': '0x00031000', 'entropy': 7.460188723957292, 'name': ' ', 'virtual_size': '0x0000166c'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.6746043575288745 | section | {'size_of_data': '0x00001800', 'virtual_address': '0x00035000', 'entropy': 7.6746043575288745, 'name': ' ', 'virtual_size': '0x00001940'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.951527870377958 | section | {'size_of_data': '0x00268a00', 'virtual_address': '0x00421000', 'entropy': 7.951527870377958, 'name': '.boot', 'virtual_size': '0x00268a00'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.9992216384510605 | description | Overall entropy of this PE file is high | |||||||||||
| host | 172.217.24.14 | |||
| file | C:\ProgramData\AVAST Software |
| file | C:\ProgramData\Avg |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ |
| Time & API | Arguments | Status | Return | Repeated |
|---|---|---|---|---|
|
1619933363.797126 NtQuerySystemInformation |
information_class:
76
(SystemFirmwareTableInformation)
|
failed | 3221225507 | 0 |
| Bkav | W32.AIDetectVM.malware1 |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Gen:Trojan.Heur.D.GQW@d8SdqDli |
| CAT-QuickHeal | Trojan.Occamy |
| Cylance | Unsafe |
| Sangfor | Malware |
| K7AntiVirus | Trojan ( 005663631 ) |
| Alibaba | Packed:Win32/Themida.c7af7247 |
| K7GW | Trojan ( 005663631 ) |
| CrowdStrike | win/malicious_confidence_90% (W) |
| Cyren | W32/Trojan.PUIK-0917 |
| Symantec | ML.Attribute.HighConfidence |
| APEX | Malicious |
| Avast | Win32:TrojanX-gen [Trj] |
| Cynet | Malicious (score: 100) |
| BitDefender | Gen:Trojan.Heur.D.GQW@d8SdqDli |
| NANO-Antivirus | Virus.Win32.Gen-Crypt.ccnc |
| Paloalto | generic.ml |
| Tencent | Win32.Trojan.Crypt.Szuu |
| Ad-Aware | Gen:Trojan.Heur.D.GQW@d8SdqDli |
| Comodo | Malware@#1u6o1jsgm0gmg |
| F-Secure | Trojan.TR/Crypt.XPACK.Gen |
| DrWeb | Trojan.PWS.Stealer.28405 |
| VIPRE | Trojan.Win32.Generic!BT |
| Invincea | Mal/Generic-S |
| FireEye | Generic.mg.ce30c86ce0159732 |
| Sophos | Mal/Generic-S |
| Ikarus | Trojan.Win32.Themida |
| GData | Gen:Trojan.Heur.D.GQW@d8SdqDli |
| Webroot | W32.Trojan.Gen |
| Avira | TR/Crypt.XPACK.Gen |
| Antiy-AVL | Trojan/Win32.Wacatac |
| Arcabit | Trojan.Heur.D.E0C398 |
| AegisLab | Trojan.Win32.Malicious.4!c |
| Microsoft | Trojan:Win32/Occamy.AA |
| AhnLab-V3 | Trojan/Win32.Agent.R336257 |
| Acronis | suspicious |
| McAfee | Artemis!CE30C86CE015 |
| MAX | malware (ai score=88) |
| VBA32 | BScope.TrojanSpy.BitWall |
| Malwarebytes | Trojan.MalPack.Themida.Generic |
| ESET-NOD32 | a variant of Win32/Packed.Themida.HLN |
| TrendMicro-HouseCall | TROJ_GEN.R06EH0CIA20 |
| Rising | Trojan.Generic@ML.100 (RDML:/WEX8cI4bKPTedcfMVXKNQ) |
| Yandex | Trojan.Themida! |
| SentinelOne | DFI - Malicious PE |
| eGambit | Unsafe.AI_Score_91% |
| Fortinet | W32/PossibleThreat |
| BitDefenderTheta | AI:Packer.2BC380441E |
| AVG | Win32:TrojanX-gen [Trj] |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| teredo.ipv6.microsoft.com | 127.0.0.1 |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49235 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 65004 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 55368 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58368 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 58370 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 62192 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts