| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | Emotet-FRV!D10818E20BC9 | 20201023 | 6.0.6.653 |
| Alibaba | Trojan:Win32/Emotet.54772642 | 20190527 | 0.3.0.5 |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | 20201023 | 18.4.3895.0 | |
| Kingsoft | 20201023 | 2013.8.14.323 | |
| Tencent | Malware.Win32.Gencirc.10cde802 | 20201023 | 1.0.0.1 |
| CrowdStrike | win/malicious_confidence_80% (W) | 20190702 | 1.0 |
| pdb_path | c:\Users\Mr.Anderson\Desktop\2003\12.8.20\ListBoxCH_demo\ListBoxCHDemo\Release\ListBoxCHDemo.pdb |
| resource name | None |
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x00082f50 | filetype | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x000002e8 | ||||||||||||||||||
| name | RT_RCDATA | language | LANG_CHINESE | offset | 0x00083250 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00008344 | ||||||||||||||||||
| name | RT_RCDATA | language | LANG_CHINESE | offset | 0x00083250 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00008344 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x00083238 | filetype | data | sublanguage | SUBLANG_CHINESE_TRADITIONAL | size | 0x00000014 | ||||||||||||||||||
| host | 172.217.24.14 | |||
| Bkav | W32.AIDetectVM.malware2 |
| Elastic | malicious (high confidence) |
| MicroWorld-eScan | Trojan.GenericKDZ.69428 |
| FireEye | Generic.mg.d10818e20bc98892 |
| CAT-QuickHeal | Trojan.IgenericPMF.S15425576 |
| McAfee | Emotet-FRV!D10818E20BC9 |
| Cylance | Unsafe |
| Alibaba | Trojan:Win32/Emotet.54772642 |
| Arcabit | Trojan.Generic.D10F34 |
| Symantec | Trojan.Emotet |
| APEX | Malicious |
| ClamAV | Win.Malware.Emotet-9759299-0 |
| BitDefender | Trojan.GenericKDZ.69428 |
| Paloalto | generic.ml |
| Rising | Trojan.Kryptik!1.CA5C (CLASSIC) |
| Ad-Aware | Trojan.GenericKDZ.69428 |
| Comodo | Malware@#kscd32jhbti5 |
| DrWeb | Trojan.Emotet.999 |
| Invincea | Mal/Generic-S |
| McAfee-GW-Edition | BehavesLike.Win32.Emotet.hh |
| Sophos | Mal/Generic-S |
| Ikarus | Trojan-Banker.Emotet |
| Jiangmin | Backdoor.Emotet.qt |
| Microsoft | Trojan:Win32/Emotet.ARJ!MTB |
| ViRobot | Trojan.Win32.Emotet.602112 |
| GData | Trojan.GenericKDZ.69428 |
| AhnLab-V3 | Trojan/Win32.Emotet.R347788 |
| MAX | malware (ai score=84) |
| ESET-NOD32 | a variant of Win32/Kryptik.HFMY |
| Tencent | Malware.Win32.Gencirc.10cde802 |
| MaxSecure | Trojan.Malware.105954260.susgen |
| Fortinet | W32/Emotet.E88D!tr |
| Panda | Trj/CI.A |
| CrowdStrike | win/malicious_confidence_80% (W) |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| teredo.ipv6.microsoft.com | 127.0.0.1 |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51963 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 65004 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 56540 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts