Detection ratio: 0 / 55 43wedf.exe

显示全部楼层 · 发表于 2015-12-7 19:20:59

https://www.virustotal.com/en/fi ... nalysis/1449487074/
SHA256: d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9
File name: 43wedf.exe
Detection ratio: 0 / 55
Analysis date: 2015-12-07 11:17:55 UTC ( 0 minutes ago )

2015/12/7 19:18:02,C:\Windows\explorer.exe,53,Allowed ;执行应用程序 ("C:\Users\AAAA\Desktop\1\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe" )

2015/12/7 19:18:36,C:\Users\AAAA\Desktop\1\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe,50,Allowed ;使用 DNS 解析服务访问网络

2015/12/7 19:18:39,C:\Users\AAAA\Desktop\1\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe,48,Allowed ;出站网络访问

2015/12/7 19:18:59,C:\Users\AAAA\Desktop\1\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe,40,Blocked ;以修改权限打开进程或线程 (explorer.exe(pid=4100))

显示全部楼层 · 发表于 2015-12-7 22:11:05

AVG：

扫描：miss；

双击：实机双击（不入沙），等了一会儿，IDP击杀之。

"";"IDP.ARES.Generic, C:\Users\killer.Killer-PC\Desktop\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/7, 22:09:01"
"";", C:\Windows\System32\sdbinst.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"
"";", C:\Windows\System32\sdbinst.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"
"";", C:\Windows\System32\iscsicli.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"
"";", C:\Windows\System32\iscsicli.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"
"";", C:\Users\killer.Killer-PC\AppData\Local\tPl4yheX\zh3VOgUZ.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/7, 22:09:01"
"";", C:\Users\killer.Killer-PC\AppData\LocalLow\Po6MnKzz.bat";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/7, 22:09:01"
"";", C:\Users\killer.Killer-PC\Desktop\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"

显示全部楼层 · 发表于 2015-12-7 19:45:55

卡巴miss

显示全部楼层 · 发表于 2015-12-7 20:10:57

wjy19800315 发表于 2015-12-7 19:45
卡巴miss

07.12.2015 20.10.32;检测到的对象（文件）已删除。;C:\Users\yingzhi\Desktop\新建文件夹\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe;WinRAR 压缩文件管理器;C:\Users\yingzhi\Desktop\新建文件夹\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe;12/07/2015 20:10:32;UDS:DangerousObject.Multi.Generic

反应挺快的

显示全部楼层 · 发表于 2015-12-7 20:11:57

实机就不双击了，APC扫描报按理双击也会报毒，不排除会漏

显示全部楼层 · 发表于 2015-12-7 20:12:09

pal家族发表于 2015-12-7 20:10
07.12.2015 20.10.32;检测到的对象（文件）已删除。;C:%users\yingzhi\Desktop\新建文件夹\d669379ad2f0a ...

我发现了
我一扫描后5分钟卡巴云就能杀了
难道卡巴也是后台自动上传分析文件？

显示全部楼层 · 发表于 2015-12-7 20:13:55

wjy19800315 发表于 2015-12-7 20:12
我发现了
我一扫描后5分钟卡巴云就能杀了
难道卡巴也是后台自动上传分析文件？

现在那个杀软不这样啊，
再说，也可能是卡巴也从挂马网站截获了样本。

显示全部楼层 · 发表于 2015-12-7 20:14:55

pal家族发表于 2015-12-7 20:13
现在那个杀软不这样啊，
再说，也可能是卡巴也从挂马网站截获了样本。

嗯
响应快最好！

显示全部楼层 · 发表于 2015-12-7 21:53:29

SUD to BAV

显示全部楼层 · 发表于 2015-12-7 21:56:06

@aboringman

显示全部楼层 · 发表于 2015-12-7 22:04:44

MrDeep 发表于 2015-12-7 21:56
@aboringman

是要我测试么

[可疑文件] Detection ratio: 0 / 55 43wedf.exe

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源