VT Detection ratio: 4 / 46 2825240.exe 诺顿2014阵亡！

显示全部楼层 · 发表于 2013-9-3 10:36:38

本帖最后由墨家小子于 2013-9-3 11:26 编辑

32位fake av

https://www.virustotal.com/en/fi ... nalysis/1378175604/

显示全部楼层 · 发表于 2013-9-4 11:05:44

2013/9/4 11:03:03 创建文件夹允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:07 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\2825240_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:09 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37.exe
规则: [应用程序组]『询问』病毒测试 -> [文件组]全局高危文件

2013/9/4 11:03:11 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\2825240_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:12 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AS2014
值: C:\ProgramData\VDa7Un37\VDa7Un37.exe
规则: [应用程序组]『询问』病毒测试 -> [注册表组]自动运行 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Run*

2013/9/4 11:03:14 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\2825240_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:14 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:17 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37xDaVaggg.in
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:18 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\2825240_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:19 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 16 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 8c 91 03 fe 95 a8 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 c0 a8 01 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 dd 82 11 2a 24 f0 0d 88 3f 57 fe 99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:20 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37xDaVaggg.lg
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:21 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\2825240_RASMANCS
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:22 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 16 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 8c 91 03 fe 95 a8 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 c0 a8 01 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 dd 82 11 2a 24 f0 0d 88 3f 57 fe 99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:23 修改文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37xDaVaggg.in
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:24 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\2825240_RASMANCS
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:25 删除注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:27 修改文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37xDaVaggg.lg
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:28 删除注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:29 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37.exe.manifest
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:31 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000000(0)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:33 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37.ico
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:34 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:35 删除注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:36 删除注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:37 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000000(0)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:38 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:42 访问网络允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: TCP [本机 : 5119] ->  [219.235.1.127 : 80 (http)]
规则: [应用程序组]『询问』病毒测试 -> [网络组]所有网络

2013/9/4 11:03:43 访问网络允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: TCP [本机 : 5120] ->  [219.235.1.127 : 80 (http)]
规则: [应用程序组]『询问』病毒测试 -> [网络组]所有网络

2013/9/4 11:03:55 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\DD1
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:05:21 访问网络允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: TCP [本机 : 5169] ->  [219.235.1.127 : 80 (http)]
规则: [应用程序组]『询问』病毒测试 -> [网络组]所有网络

2013/9/4 11:05:35 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\DD6
规则: [应用程序组]『询问』病毒测试 -> [文件]*

显示全部楼层 · 发表于 2013-9-3 10:43:06

显示全部楼层 · 发表于 2013-9-3 10:58:05

本帖最后由消停于 2013-9-3 11:10 编辑

诺顿2014阵亡！由于所有软件都无法启动，没法截图，只好手机拍照了

显示全部楼层 · 发表于 2013-9-3 11:23:17

消停发表于 2013-9-3 10:58
诺顿2014阵亡！由于所有软件都无法启动，没法截图，只好手机拍照了

需要改标题的话请呼叫卤煮！

我在等待

显示全部楼层 · 发表于 2013-9-3 11:25:03

墨家小子发表于 2013-9-3 11:23
需要改标题的话请呼叫卤煮！我在等待

可以改一下！看看其他各家的表现！

显示全部楼层 · 发表于 2013-9-3 11:30:28

消停发表于 2013-9-3 11:25
可以改一下！看看其他各家的表现！

这你就不懂了，除了万物杀敢于叫板样本区，用别家杀软的都要等到入库才来样本区显示超强扫描能力的

我虚拟机里特意用的好压看国内云的，一楼都有帖云查杀截图，就这样有些人还喀喀喀的贴扫描截图呢

显示全部楼层 · 发表于 2013-9-3 11:30:44

32位。。。难道64位系统无效？

显示全部楼层 · 发表于 2013-9-3 11:31:27

rainy3636 发表于 2013-9-3 11:30
32位。。。难道64位系统无效？

不清楚类，这一只我是在win7 32虚拟机里抓的，所以。。。。

显示全部楼层 · 发表于 2013-9-3 11:31:45

墨家小子发表于 2013-9-3 11:30
这你就不懂了，除了万物杀敢于叫板样本区，用别家杀软的都要等到入库才来样本区显示超强扫描能力的 ...

我来试试其他各家主防！今天诺顿，一会就换其他的，有新样本给我留着！

显示全部楼层 · 发表于 2013-9-3 11:34:00

墨家小子发表于 2013-9-3 11:31
不清楚类，这一只我是在win7 32虚拟机里抓的，所以。。。。

晚上到学校用电脑试试

[可疑文件] VT Detection ratio: 4 / 46 2825240.exe 诺顿2014阵亡！

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

评分

RE: VT Detection ratio: 4 / 46 2825240.exe 诺顿2014阵亡！