| 查杀引擎 | 查杀结果 | 查杀时间 | 查杀版本 |
|---|---|---|---|
| McAfee | Artemis!F356499F01D6 | 20210311 | 6.0.6.653 |
| Alibaba | 20190527 | 0.3.0.5 | |
| Avast | 20210311 | 21.1.5827.0 | |
| Tencent | 20210311 | 1.0.0.1 | |
| Baidu | 20190318 | 1.0.0.2 | |
| Kingsoft | 20210311 | 2017.9.26.565 | |
| CrowdStrike | 20210203 | 1.0 |
| pdb_path | D:\workspace\yiwanplayer\bin\Release\YiwanInstaller.pdb |
| resource name | CNO |
| resource name | XLDL |
| regkey | .*360Safe |
| name | CNO | language | LANG_CHINESE | offset | 0x001c84d0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000060 | ||||||||||||||||||
| name | CNO | language | LANG_CHINESE | offset | 0x001c84d0 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000060 | ||||||||||||||||||
| name | XLDL | language | LANG_CHINESE | offset | 0x001c8530 | filetype | Zip archive data, at least v2.0 to extract | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x0012d3ef | ||||||||||||||||||
| name | RT_VERSION | language | LANG_CHINESE | offset | 0x00307118 | filetype | data | sublanguage | SUBLANG_CHINESE_SIMPLIFIED | size | 0x00000300 | ||||||||||||||||||
| entropy | 7.959455206550417 | section | {'size_of_data': '0x0013f800', 'virtual_address': '0x001c8000', 'entropy': 7.959455206550417, 'name': '.rsrc', 'virtual_size': '0x0013f7c4'} | description | A section with a high entropy has been found | |||||||||
| entropy | 0.43536024527337763 | description | Overall entropy of this PE file is high | |||||||||||
| host | 113.108.239.196 | |||
| host | 172.217.24.14 | |||
| host | 217.69.139.110 | |||
| registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion |
| registry | HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString |
| CAT-QuickHeal | Trojan.Agent |
| McAfee | Artemis!F356499F01D6 |
| Cylance | Unsafe |
| Sangfor | PUP.Win32.Presenoker.mt |
| K7AntiVirus | Unwanted-Program ( 004fbd881 ) |
| K7GW | Unwanted-Program ( 004fbd881 ) |
| Cyren | W32/Yiwanzhushou.A.gen!Eldorado |
| APEX | Malicious |
| NANO-Antivirus | Trojan.Win32.Agent.ejtczv |
| Paloalto | generic.ml |
| Sophos | Generic PUA CK (PUA) |
| McAfee-GW-Edition | Artemis |
| Emsisoft | Application.SilentInstall (A) |
| Gridinsoft | PUP.Win32.Downloader.dd!n |
| Microsoft | PUA:Win32/Presenoker |
| ViRobot | Adware.Yiwanzhushou.3012352.B |
| ESET-NOD32 | a variant of Win32/Yiwanzhushou.A potentially unwanted |
| VBA32 | BScope.Adware.Bitrepeyp |
| Rising | PUA.Yiwanzhushou!8.DE6F (CLOUD) |
| Ikarus | PUA.Yiwanzhushou |
| Fortinet | Riskware/Yiwanzhushou |
| Webroot | Pua.Gen |
| dead_host | 36.110.213.203:80 |
No hosts contacted.
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 217.69.139.110 | 443 | 192.168.56.101 | 49173 |
| Source | Source Port | Destination | Destination Port |
|---|---|---|---|
| 192.168.56.101 | 50534 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51378 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51808 | 114.114.114.114 | 53 |
| 192.168.56.101 | 51963 | 114.114.114.114 | 53 |
| 192.168.56.101 | 53657 | 114.114.114.114 | 53 |
| 192.168.56.101 | 56539 | 114.114.114.114 | 53 |
| 192.168.56.101 | 57874 | 114.114.114.114 | 53 |
| 192.168.56.101 | 58367 | 114.114.114.114 | 53 |
| 192.168.56.101 | 63429 | 114.114.114.114 | 53 |
| 192.168.56.101 | 137 | 192.168.56.255 | 137 |
| 192.168.56.101 | 138 | 192.168.56.255 | 138 |
| 192.168.56.101 | 123 | 20.189.79.72 time.windows.com | 123 |
| 192.168.56.101 | 55368 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 56804 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 62191 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 65004 | 224.0.0.252 | 5355 |
| 192.168.56.101 | 1900 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 53658 | 239.255.255.250 | 3702 |
| 192.168.56.101 | 56807 | 239.255.255.250 | 1900 |
| 192.168.56.101 | 58707 | 239.255.255.250 | 3702 |
No HTTP requests performed.
No ICMP traffic performed.
No IRC requests performed.
No Suricata Alerts
No Suricata TLS
No Snort Alerts