查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
---|---|---|---|
Alibaba | Worm:Win32/FakeDoc.1d2864ba | 20190527 | 0.3.0.5 |
Baidu | Win32.Worm.FakeDoc.a | 20190318 | 1.0.0.2 |
Tencent | Malware.Win32.Gencirc.10b6abd3 | 20201209 | 1.0.0.1 |
Kingsoft | 20201209 | 2017.9.26.565 | |
McAfee | GenericRXAH-AG!DC4FC5826CA7 | 20201209 | 6.0.6.653 |
CrowdStrike | win/malicious_confidence_100% (W) | 20190702 | 1.0 |
pdb_path | P:\MultiLauncher\Release\MultiLauncher.pdb |
resource name | DATA |
suspicious_features | GET method with no useragent header | suspicious_request | GET http://wxanalytics.ru/net.exe.config | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://wxanalytics.ru/net.exe |
request | GET http://wxanalytics.ru/net.exe.config |
request | GET http://wxanalytics.ru/net.exe |
domain | wxanalytics.ru | description | Russian Federation domain TLD |
description | mls.exe tried to sleep 136 seconds, actually delayed analysis time by 136 seconds |
file | C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\dc4fc5826ca75b0847c9eb23786f3fce.docx |
entropy | 7.119422995234983 | section | {'size_of_data': '0x001ca600', 'virtual_address': '0x000b7000', 'entropy': 7.119422995234983, 'name': '.rsrc', 'virtual_size': '0x001ca57c'} | description | A section with a high entropy has been found | |||||||||
entropy | 0.7003437738731857 | description | Overall entropy of this PE file is high |
cmdline | C:\Users\Administrator.Oskar-PC\AppData\Roaming\RAC\svcsc.exe |
host | 172.217.24.14 |
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\mls | reg_value | "C:\Users\Administrator.Oskar-PC\AppData\Roaming\RAC\mls.exe" -s | ||||||
reg_key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\svcsc.exe | reg_value | C:\Users\Administrator.Oskar-PC\AppData\Roaming\RAC\svcsc.exe |
Bkav | W32.AIDetectVM.malware1 |
Elastic | malicious (high confidence) |
MicroWorld-eScan | Gen:Variant.Ser.Zusy.2350 |
FireEye | Generic.mg.dc4fc5826ca75b08 |
CAT-QuickHeal | Worm.Fadok.A5 |
Qihoo-360 | Win32/Virus.HideDoc.K |
ALYac | Gen:Variant.Ser.Zusy.2350 |
Cylance | Unsafe |
VIPRE | Trojan.Win32.Generic.pak!cobra |
Sangfor | Malware |
K7AntiVirus | Trojan ( 004c3bbe1 ) |
Alibaba | Worm:Win32/FakeDoc.1d2864ba |
K7GW | Trojan ( 004c3bbe1 ) |
Cybereason | malicious.26ca75 |
Arcabit | Trojan.Ser.Zusy.D92E |
Baidu | Win32.Worm.FakeDoc.a |
Cyren | W32/Fakedoc.PZJA-4253 |
Symantec | SMG.Heur!gen |
APEX | Malicious |
Paloalto | generic.ml |
ClamAV | Win.Malware.Razy-6723913-0 |
Kaspersky | Trojan.Win32.Agent.ifdx |
BitDefender | Gen:Variant.Ser.Zusy.2350 |
NANO-Antivirus | Trojan.Win32.Rendoc.faojir |
AegisLab | Trojan.Win32.Agent.tnEr |
Tencent | Malware.Win32.Gencirc.10b6abd3 |
Ad-Aware | Gen:Variant.Ser.Zusy.2350 |
Sophos | Mal/Generic-R + Troj/FakeDoc-B |
Comodo | TrojWare.Win32.Scar.FAKD@5xdxi2 |
F-Secure | Trojan.TR/ATRAPS.Gen4 |
DrWeb | Win32.HLLW.Rendoc.3 |
Zillya | Trojan.Scar.Win32.88546 |
TrendMicro | WORM_FAKEDOC_FD050240.UVPM |
McAfee-GW-Edition | BehavesLike.Win32.Generic.vc |
Emsisoft | Worm.FakeDoc (A) |
SentinelOne | Static AI - Suspicious PE |
Jiangmin | Worm.Agent.ju |
Avira | TR/ATRAPS.Gen4 |
MAX | malware (ai score=89) |
Antiy-AVL | Trojan/Win32.Scar.jfya |
Gridinsoft | Trojan.Win32.Agent.vb |
Microsoft | Worm:Win32/Fadok!rfn |
ZoneAlarm | Trojan.Win32.Agent.ifdx |
GData | Gen:Variant.Ser.Zusy.2350 |
Cynet | Malicious (score: 100) |
AhnLab-V3 | Worm/Win32.Fadok.R189010 |
Acronis | suspicious |
McAfee | GenericRXAH-AG!DC4FC5826CA7 |
VBA32 | Trojan.Agent |
Malwarebytes | Trojan.FakeDoc |
No hosts contacted.
Name | Response | Post-Analysis Lookup |
---|---|---|
time.windows.com |
A 20.189.79.72
CNAME time.microsoft.akadns.net |
|
dns.msftncsi.com | A 131.107.255.255 | 131.107.255.255 |
clients2.google.com |
CNAME clients.l.google.com
A 216.58.200.238 |
216.58.200.238 |
dns.msftncsi.com | AAAA fd3e:4f5a:5b81::1 | 131.107.255.255 |
wxanalytics.ru | A 35.205.61.67 | 35.205.61.67 |
teredo.ipv6.microsoft.com |
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.101 | 49178 | 35.205.61.67 wxanalytics.ru | 80 |
192.168.56.101 | 49183 | 35.205.61.67 wxanalytics.ru | 80 |
Source | Source Port | Destination | Destination Port |
---|---|---|---|
192.168.56.101 | 49235 | 114.114.114.114 | 53 |
192.168.56.101 | 50534 | 114.114.114.114 | 53 |
192.168.56.101 | 51808 | 114.114.114.114 | 53 |
192.168.56.101 | 56539 | 114.114.114.114 | 53 |
192.168.56.101 | 57874 | 114.114.114.114 | 53 |
192.168.56.101 | 58367 | 114.114.114.114 | 53 |
192.168.56.101 | 65004 | 114.114.114.114 | 53 |
192.168.56.101 | 137 | 192.168.56.255 | 137 |
192.168.56.101 | 138 | 192.168.56.255 | 138 |
192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
192.168.56.101 | 51378 | 224.0.0.252 | 5355 |
192.168.56.101 | 55368 | 224.0.0.252 | 5355 |
192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
192.168.56.101 | 56540 | 239.255.255.250 | 3702 |
192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
192.168.56.101 | 58368 | 239.255.255.250 | 3702 |
192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
URI | Data |
---|---|
http://wxanalytics.ru/net.exe.config | GET /net.exe.config HTTP/1.1 Host: wxanalytics.ru Accept: */* |
http://wxanalytics.ru/net.exe | GET /net.exe HTTP/1.1 Host: wxanalytics.ru Accept: */* |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts