| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| Alibaba | Backdoor:Win32/KuaiZip.6c4854bd | 20190527 | 0.3.0.5 |
| Baidu | 20190318 | 1.0.0.2 | |
| Kingsoft | 20200920 | 2013.8.14.323 | |
| McAfee | 20200920 | 6.0.6.653 | |
| Tencent | 20200920 | 1.0.0.1 | |
| CrowdStrike | win/malicious_confidence_60% (D) | 20190702 | 1.0 |
| resource name | MYICON |
| resource name | ZIPRES |
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://kyposition.dftoutiao.com/position/get02 | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://tpop.kpzip.com/n/tui/tpop/tpop4/kb_nopop.xml | ||||||
| suspicious_features | GET method with no useragent header | suspicious_request | GET http://tpop.kpzip.com/n/tui/tpop/tpop4/tpop4.xml | ||||||
| request | GET http://kyposition.dftoutiao.com/position/get02 |
| request | GET http://tpop.kpzip.com/n/tui/tpop/tpop4/kb_nopop.xml |
| request | GET http://tpop.kpzip.com/n/tui/tpop/tpop4/tpop4.xml |
| name | MYICON | language | LANG_CHINESE | offset | 0x0017e3b0 | filetype | MS Windows icon resource - 5 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 48x48, 32 bits/pixel | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00005c18 | ||||||||||||||||||
| name | ZIPRES | language | LANG_CHINESE | offset | 0x00178520 | filetype | Zip archive data, at least v2.0 to extract | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000272 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0017def8 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0017def8 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0017def8 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0017def8 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_ICON | language | LANG_CHINESE | offset | 0x0017def8 | filetype | GLS_BINARY_LSB_FIRST | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000468 | ||||||||||||||||||
| name | RT_MENU | language | LANG_CHINESE | offset | 0x00178500 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000001c | ||||||||||||||||||
| name | RT_GROUP_ICON | language | LANG_CHINESE | offset | 0x0017e360 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000004c | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | offset | 0x001782c0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0000023c | ||||||||||||||||||
| host | 172.217.24.14 | |||
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_NINPUT_LEGACYMODE\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_STATUS_BAR_THROTTLING\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING \ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SPELLCHECKING\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IVIEWOBJECTDRAW_DMLT9_WITH_GDI \ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\ee6b4f41a430d2f947d2be76dc62718a.exe |
| registry | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS\ee6b4f41a430d2f947d2be76dc62718a.exe |
| Elastic | malicious (high confidence) |
| FireEye | Generic.mg.ee6b4f41a430d2f9 |
| Malwarebytes | Adware.Kuaiba |
| Zillya | Adware.KuaiZip.Win32.334 |
| SUPERAntiSpyware | Adware.KuaiZip/Variant |
| K7AntiVirus | Adware ( 004f7e1c1 ) |
| Alibaba | Backdoor:Win32/KuaiZip.6c4854bd |
| K7GW | Adware ( 004f7e1c1 ) |
| Cybereason | malicious.1a430d |
| Invincea | KuaiZip (PUA) |
| Cyren | W32/S-0bbf5fa1!Eldorado |
| Symantec | Trojan.Gen.2 |
| APEX | Malicious |
| Cynet | Malicious (score: 100) |
| Kaspersky | not-a-virus:HEUR:AdWare.Win32.KuziTui.gen |
| NANO-Antivirus | Riskware.Win32.KuaiZip.fwxcxf |
| ViRobot | Adware.Kuaizip.1665432.E |
| Rising | Adware.KuaiZip!1.B92F (CLASSIC) |
| Comodo | Application.Win32.KuaiZip.BG@81beht |
| F-Secure | PotentialRisk.PUA/KuaiZip.Gen |
| DrWeb | Program.Kuaizip.1 |
| VIPRE | Trojan.Win32.Generic!BT |
| TrendMicro | TROJ_GEN.R002C0PI620 |
| Sophos | KuaiZip (PUA) |
| Jiangmin | AdWare.KuaiZip.dx |
| eGambit | Unsafe.AI_Score_99% |
| Avira | PUA/KuaiZip.Gen |
| Antiy-AVL | RiskWare[RiskTool]/Win32.KuaiZip |
| Microsoft | PUA:Win32/KuaiZip |
| AegisLab | Adware.Win32.KuaiZip.2!c |
| ZoneAlarm | not-a-virus:HEUR:AdWare.Win32.KuziTui.gen |
| GData | Win32.Trojan.Agent.L3ZOR6 |
| AhnLab-V3 | PUP/Win32.KuaiZip.R254633 |
| MAX | malware (ai score=99) |
| VBA32 | BScope.Adware.KuziTui |
| ESET-NOD32 | a variant of Win32/KuaiZip.N potentially unwanted |
| TrendMicro-HouseCall | TROJ_GEN.R002C0PI620 |
| Yandex | PUA.KuaiZip! |
| SentinelOne | DFI - Malicious PE |
| Fortinet | Riskware/KuaiZip |
| Webroot | W32.Adware.Gen |
| AVG | FileRepMetagen [PUP] |
| Panda | Trj/Genetic.gen |
| CrowdStrike | win/malicious_confidence_60% (D) |
No hosts contacted.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49173 | 106.75.70.48 kyposition.dftoutiao.com | 80 |
| 192.168.56.101 | 49176 | 110.185.114.202 tpop.kpzip.com | 80 |
| 192.168.56.101 | 49177 | 110.185.114.202 tpop.kpzip.com | 80 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 49235 | 114.114.114.114 | 53 |
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51808 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 65004 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 55368 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 60123 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 51809 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56540 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58368 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
| URI | Data |
|---|---|
| http://kyposition.dftoutiao.com/position/get02 | GET /position/get02 HTTP/1.1 Host: kyposition.dftoutiao.com Accept: */* |
| http://tpop.kpzip.com/n/tui/tpop/tpop4/kb_nopop.xml | GET /n/tui/tpop/tpop4/kb_nopop.xml HTTP/1.1 Host: tpop.kpzip.com Accept: */* |
| http://tpop.kpzip.com/n/tui/tpop/tpop4/tpop4.xml | GET /n/tui/tpop/tpop4/tpop4.xml HTTP/1.1 Host: tpop.kpzip.com Accept: */* |
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts