Detection ratio: 4 / 55

墨家小子

SHA256:        bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f
File name:        bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe
Detection ratio:        4 / 55
Analysis date:        2015-11-30 11:05:41 UTC ( 0 minutes ago )
https://www.virustotal.com/en/fi ... nalysis/1448881541/



McAfee-GW-Edition        BehavesLike.Win32.Backdoor.cc        20151130
Qihoo-360        HEUR/QVM07.1.Malware.Gen        20151130
Rising        PE:Malware.Obscure/Heur!1.9E03 [F]        20151129
Sophos        Mal/Generic-S        20151130

2015/11/30 19:07:25,C:\Windows\explorer.exe,53,Allowed ;执行应用程序 ("C:\Users\AAAAA\Desktop\11\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe" )

2015/11/30 19:07:27,C:\Users\AAAAA\Desktop\11\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe,53,Allowed ;执行应用程序 (C:\Users\AAAAA\Desktop\11\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe)

2015/11/30 19:07:34,C:\Users\AAAAA\Desktop\11\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe,50,Allowed ;使用 DNS 解析服务访问网络

2015/11/30 19:07:35,C:\Users\AAAAA\Desktop\11\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe,48,Allowed ;出站网络访问

2015/11/30 19:07:53,C:\Users\AAAAA\Desktop\11\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe,40,Blocked ;以修改权限打开进程或线程 (explorer.exe(pid=644))

aboringman

AVG：

扫描：miss；

双击：实机双击（不入沙），等了几分钟，IDP击杀本体并回滚。

"";"IDP.ARES.Generic, C:\Users\Killer\Desktop\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\Desktop\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\Desktop\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Windows\System32\sdbinst.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Windows\System32\sdbinst.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Windows\System32\iscsicli.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Windows\System32\iscsicli.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\AppData\Local\6aC2RnQZ\lXMinAbJ.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\AppData\LocalLow\Fa4mmKX7.bat";"Deleted, Moved to Virus Vault";"File or Directory";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\Desktop\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"

驭龙

ESET云杀 Log
E:\VIR\MJXZ\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.rar » RAR » bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe - Suspicious Object - deleted - quarantined

wjy19800315

数字拉黑

ericdj

webroot  监控杀（就是慢了半拍，不够灵敏）

pal家族

卡巴云特征杀！
检测到的对象（文件）已删除。UDS:DangerousPattern.Multi.Generic;未知威胁;11/30/2015 19:46:39

XywCloud

SUD to BAV

saga3721

文件 ID         文件名         大小(字节)         结果
28665610         bc054e7d840f8e93c...2f.rar         148.14 KB         OK

以下位置提供了存档中包含的文件及其结果的列表:
文件 ID         文件名         大小(字节)         结果
28665329         bc054e7d840f8e93c...2f.exe         188 KB         UNDER ANALYSIS

yzt1004

沙箱环境，emsi 这一步允许后报错退出



感觉应该是沙箱拦的

wjy19800315

aboringman 发表于 2015-11-30 22:13
AVG：

扫描：miss；

试试其他样本avg的idp爆发！