Detection ratio: 0 / 55 Angler Exploit Kit Website 21 & Mass Injection 挂马

墨家小子

SHA256:        dba1e869e2390b9d4d42c14598346fbcd8b1c4f3d2395bb8cb7d3d03d8a9a0cd
File name:        A6D2.tmp.exe
Detection ratio:        0 / 55
Analysis date:        2016-02-25 00:43:35 UTC ( 1 minute ago )
https://www.virustotal.com/en/file/dba1e869e2390b9d4d42c14598346fbcd8b1c4f3d2395bb8cb7d3d03d8a9a0cd/analysis/1456361015/

能不能猜到楼主在哪里抓到的？

IPS安全驾驶一万公里无事故自动挡系列：

2016/2/25 8:40:44,高,阻止了 localhost 的入侵企图,已阻止,不需要操作,,不需要操作,不需要操作,Web Attack: Angler Exploit Kit Website 21,"localhost (127.0.0.1, XXX0)",shadoof-rigelteknomec.athensschoolbond.com/civis/search.php?keywords=3128&fid0=w33c8011w84118zx41134,"localhost (127.0.0.1, XXX7)",localhost (127.0.0.1),"TCP, socks"


2016/2/25 8:40:40,高,阻止了 localhost 的入侵企图,已阻止,不需要操作,,不需要操作,不需要操作,Web Attack: Mass Injection Website 19,"localhost (127.0.0.1, 4XXX8)",XXXXXXnw.com/,"localhost (127.0.0.1, XXX2)",localhost (127.0.0.1),"TCP, 端口 4XXX8"

z2009

过bg和 360网页防护
双击，bg秒

pal家族

卡巴扫描miss~~~
美好的一天又开始了！

ericdj

GD主防干掉

莒县小哥

360安全卫士+WD不杀

共和时代

扫描：miss

双击：IDP kill

墨家小子

共和时代 发表于 2016-2-25 11:21
扫描：miss

双击：IDP kill

貌似万物杀

IDP ARES Generic is a potential threat. Threats, when malicious, can be used to interfere with the normal operation of a computer, gather personal information or allow a hacker to access the device remotely without the user's consent.

This kind of software usually arrives in the form of an unwanted download from a malicious website or as code illegally injected into a legitimate website without the webmaster's knowledge. It can also be received as an email attachment or an instant message from an untrusted source.

What does IDP ARES Generic do?
If determined to be malware, actions can include:

- Stealing hard disk space and memory, slowing down or completing stopping the PC
- Corrupting or deleting data
- Compromising the entire system by providing remote access to hackers
- Stealing passwords and other sensitive information
- Gathering information about your web-browsing habits without your consent for advertising purposes
- Installing other unwanted software

Generally, most malicious threats can be detected and removed by AVG.

275751198

文件信息
文件名称：D:\下载文件存储文件夹\123\新建文件夹\A6D2.tmp.exe
文件大小：
388 Kb
内部名称：
无内部名称
文件签名：
无文件签名信息
文件描述：
是一个木马
文件MD5：
2b64c25e470ebea4cfb5f87c8d8efdf0

鉴定结果为“是一个木马”目测一段时间之后才能同步到云端，如果鉴定结果的是木马会当时同步到云端

ymb668888

卡巴扫描miss，双击，主防拦截并回滚

25.02.2016 20.04.49;恶意程序的操作已回滚;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\A6D2.tmp.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;恶意程序的操作已回滚;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\A6D2.tmp.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;恶意程序的操作已回滚;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\A6D2.tmp.exe;c:\sandbox\administrator\defaultbox\drive\c\windows\hadujrkcmqxv.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;恶意程序的操作已回滚;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\A6D2.tmp.exe;c:\sandbox\administrator\defaultbox\drive\c\windows\hadujrkcmqxv.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\user\current\appdata\local\microsoft\internet explorer\brndlog.txt;c:\sandbox\administrator\defaultbox\user\current\appdata\local\microsoft\internet explorer\brndlog.txt;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\recovery+vhwct.txt;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\recovery+vhwct.txt;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\color\recovery+vhwct.txt;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\color\recovery+vhwct.txt;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\color\profiles\recovery+vhwct.txt;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\color\profiles\recovery+vhwct.txt;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\acrobat\recovery+vhwct.txt;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\acrobat\recovery+vhwct.txt;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\acrobat\11.0\recovery+vhwct.txt;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\acrobat\11.0\recovery+vhwct.txt;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\acrobat\11.0\cache\recovery+vhwct.txt;c:\sandbox\administrator\defaultbox\user\current\appdata\local\adobe\acrobat\11.0\cache\recovery+vhwct.txt;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2382313841-2341094415-2425494424-500\$rw21fpk\eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc.doc;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2382313841-2341094415-2425494424-500\$rw21fpk\eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc.doc;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2382313841-2341094415-2425494424-500\$rw21fpk\d903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2.doc;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2382313841-2341094415-2425494424-500\$rw21fpk\d903ecebede658ff6d7c930f22378bb7471a940632cd59d196f0e8a44ecdb7e2.doc;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.04.49;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2382313841-2341094415-2425494424-500\$rw21fpk\785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db.doc;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2382313841-2341094415-2425494424-500\$rw21fpk\785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db.doc;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:04:49
25.02.2016 20.03.15;恶意程序已删除;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\A6D2.tmp.exe;c:\sandbox\administrator\defaultbox\drive\c\windows\hadujrkcmqxv.exe;02/25/2016 20:03:15
25.02.2016 20.03.15;恶意程序已删除;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\A6D2.tmp.exe;c:\sandbox\administrator\defaultbox\drive\c\windows\hadujrkcmqxv.exe;02/25/2016 20:03:15
25.02.2016 20.03.15;恶意程序已删除;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\A6D2.tmp.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:03:15
25.02.2016 20.03.15;恶意程序已删除;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\A6D2.tmp.exe;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:03:15
25.02.2016 20.03.03;恶意程序已终止;PDM:Trojan.Win32.Generic;Deport Federalist Dig;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\hadujrkcmqxv.exe;02/25/2016 20:03:03
25.02.2016 20.03.03;检测到恶意程序;PDM:Trojan.Win32.Generic;Deport Federalist Dig;c:\sandbox\administrator\defaultbox\drive\c\windows\hadujrkcmqxv.exe;02/25/2016 20:03:03
25.02.2016 20.03.03;检测到恶意程序;PDM:Trojan.Win32.Generic;Deport Federalist Dig;c:\sandbox\administrator\defaultbox\drive\c\windows\hadujrkcmqxv.exe;02/25/2016 20:03:03
25.02.2016 20.03.03;检测到恶意程序;PDM:Trojan.Win32.Generic;Deport Federalist Dig;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:03:03
25.02.2016 20.03.03;检测到恶意程序;PDM:Trojan.Win32.Generic;Deport Federalist Dig;c:\users\administrator\downloads\a6d2.tmp.exe;02/25/2016 20:03:03

1446547521

ymb668888 发表于 2016-2-25 20:08
卡巴扫描miss，双击，主防拦截并回滚

25.02.2016 20.04.49;恶意程序的操作已回滚;PDM:Troja ...

为什么我双击就报错退出？