exe文件被植入后门了,请达人我看看啊
一个应用程序,好像被植入后门程序在里面了,悄悄的向外通讯,请达人帮我分析一下,是不是对的.
在线等.QQ:9559122,谁帮帮我....
The executable has changed since the last time you used File Version: 1.0.0.1
Digital Signature:
Process ID: 0xea8 (Hexadecimal) 3752 (Decimal)
Connection origin: remote initiated
Protocol: TCP
Local Address: xxx.xxx.xxx.xxx.
Local Port: 15100
Remote Name:
Remote Address: 124.79.30.244
Remote Port: 17361
Ethernet packet details:
Ethernet II (Packet Length: 78)
Destination: 00-e0-4c-04-93-1c
Source: 00-15-c6-0d-66-7f
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 117
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0xeab8 (Correct)
Source: 124.79.30.244
Destination: 59.34.148.111
Transmission Control Protocol (TCP)
Source port: 2090193219
Destination port: 2090597434
Sequence number: 1724687675
Acknowledgment number: 0
Header length: 44
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0x6404 (Correct)
Data (0 Bytes)
Binary dump of the packet:
0000: 00 E0 4C 04 93 1C 00 15 : C6 0D 66 7F 08 00 45 00 | ..L.......f...E.
0010: 00 40 E1 F8 40 00 75 06 : B8 EA 7C 4F 1E F4 3B 22 | .@..@.u...|O..;"
0020: 94 6F 43 D1 3A FC 3B A5 : CC 66 00 00 00 00 B0 02 | .oC.:.;..f......
0030: 40 00 04 64 00 00 02 04 : 05 A0 01 03 03 03 01 01 | @..d............
0040: 08 0A 00 00 00 00 00 00 : 00 00 01 01 04 02 | ..............
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
