| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | GenericRXGM-IQ!D9E81C389F66 | 20190626 | 6.0.6.653 |
| Baidu | 20190318 | 1.0.0.2 | |
| Avast | Win32:Malware-gen | 20190626 | 18.4.3895.0 |
| Alibaba | RiskWare:Win32/YouXun.3c2fb015 | 20190527 | 0.3.0.5 |
| Tencent | 20190627 | 1.0.0.1 | |
| Kingsoft | 20190627 | 2013.8.14.323 | |
| CrowdStrike | win/malicious_confidence_90% (D) | 20190212 | 1.0 |
| pdb_path | d:\work\yxbox\trunk\bin\Win32\Release\build\GameGuide\ç¹æ¤å®è£ .pdb |
| resource name | DLL |
| resource name | FILE |
| resource name | PNG |
| name | DLL | language | LANG_CHINESE | offset | 0x0009c6bc | filetype | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000df200 | ||||||||||||||||||
| name | FILE | language | LANG_CHINESE | offset | 0x0017b8bc | filetype | ASCII text, with no line terminators | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x003cb33f | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | PNG | language | LANG_CHINESE | offset | 0x00563040 | filetype | PNG image data, 20 x 40, 8-bit/color RGBA, non-interlaced | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x000047dc | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0056781c | filetype | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 9605827, next used block 7632027 | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00004228 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0056ba84 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000040 | ||||||||||||||||||
| name | RT_DIALOG | language | LANG_CHINESE | offset | 0x0056ba84 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000040 | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x0056bac4 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000014 | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | offset | 0x0056bad8 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000150 | ||||||||||||||||||
| host | 172.217.24.14 | |||
| MicroWorld-eScan | Application.Bundler.BHM |
| FireEye | Application.Bundler.BHM |
| CAT-QuickHeal | Trojan.GenericPMF.S3746634 |
| McAfee | GenericRXGM-IQ!D9E81C389F66 |
| BitDefender | Application.Bundler.BHM |
| Invincea | heuristic |
| Cyren | W32/S-8630a945!Eldorado |
| Symantec | Trojan.Gen.MBT |
| APEX | Malicious |
| Avast | Win32:Malware-gen |
| Alibaba | RiskWare:Win32/YouXun.3c2fb015 |
| Ad-Aware | Application.Bundler.BHM |
| Comodo | Application.Win32.RiskWare.YouXun.A@84jpnd |
| DrWeb | Trojan.MulDrop9.6277 |
| Zillya | Tool.YouXun.Win32.346 |
| McAfee-GW-Edition | BehavesLike.Win32.Dropper.tz |
| Fortinet | W32/GenericRXGM.IQ!tr |
| Emsisoft | Application.Bundler.BHM (B) |
| Ikarus | PUA.RiskWare.Youxun |
| F-Prot | W32/S-8630a945!Eldorado |
| Jiangmin | Adware.Agent.aiks |
| MAX | malware (ai score=70) |
| Antiy-AVL | GrayWare/Win32.Puwaders |
| Endgame | malicious (high confidence) |
| Arcabit | Application.Bundler.BHM |
| Microsoft | PUA:Win32/Puwaders.B!ml |
| AhnLab-V3 | PUP/Win32.Bundler.R244939 |
| Malwarebytes | RiskWare.YouXun |
| Panda | Trj/Genetic.gen |
| ESET-NOD32 | a variant of Win32/RiskWare.YouXun.A |
| Rising | PUA.Puwaders!8.F98B (RDM+:cmRtazr4pumuxYd28h5bakQtoOmR) |
| Yandex | RiskWare.YouXun! |
| SentinelOne | DFI - Suspicious PE |
| GData | Application.Bundler.BHM |
| AVG | Win32:Malware-gen |
| Cybereason | malicious.89f669 |
| CrowdStrike | win/malicious_confidence_90% (D) |
No hosts contacted.
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
| dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
| teredo.ipv6.microsoft.com |
No TCP connections recorded.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49713 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50002 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 62318 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 49235 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 50534 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51808 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 51963 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 57756 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 57874 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 63429 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 49714 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 49716 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 50537 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 53658 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts