| pdb_path | e:\DUOWAN_BUILD\build\Build_Src\yymixer\yymixer_3.6.0.0_fb\packages\tool\setupv2\bin\YYMixerSetup.pdb |
| resource name | ZIP |
| name | ZIP | language | LANG_CHINESE | offset | 0x000cf240 | filetype | 7-zip archive data, version 0.3 | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x010974b5 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0117e798 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0117e798 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0117e798 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0117e798 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0117e798 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x0117ec00 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000004c | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | offset | 0x0117ec4c | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000238 | ||||||||||||||||||
| file | C:\Users\Public\Desktop\Google Chrome.lnk |
| file | C:\Users\Administrator.Oskar-PC\AppData\Local\duowan\yymixer\Check\YYVirtualCam.ax |
| entropy | 7.850259314779818 | section | {'size_of_data': '0x00036e00', 'virtual_address': '0x0008e000', 'entropy': 7.850259314779818, 'name': '.data', 'virtual_size': '0x000408c0'} | description | A section with a high entropy has been found | |||||||||
| entropy | 7.999609497156091 | section | {'size_of_data': '0x010b0200', 'virtual_address': '0x000cf000', 'entropy': 7.999609497156091, 'name': '.rsrc', 'virtual_size': '0x010b00fc'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.9645563976816763 | description | Overall entropy of this PE file is high | |||||||||||
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| clients2.google.com | 172.217.160.78 | |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| update.googleapis.com | 203.208.40.66 | |
| teredo.ipv6.microsoft.com |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50568 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51808 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57874 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60123 | 114.114.114.114 | 53 |
| 192.168.56.101 | 60384 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 49713 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51378 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 55368 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 57756 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 63429 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 65004 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts