【缉毒卫队测试包】第40期 20171005

显示全部楼层 · 发表于 2017-10-6 14:58:58

神龟Turmi 发表于 2017-10-6 12:35
真的不是3/10吗

好吧我打错了。。

显示全部楼层 · 发表于 2017-10-6 21:43:03

本帖最后由小飞侠.net 于 2017-10-6 21:56 编辑

X-Sec Antivirus ---（Windows 10 Creators Update（Redstone 2）....）：

Start Time: Fri Oct  6 21:54:33 2017
Scan Type: Custom Scan
Scan Target: C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005
Heuristic Engine: Enabled
Cloud Engine: Enabled
Resolve Threats: Scan only
Database Version: 2017.10.04.01
[mw_shl_code=javascript,true]C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-1.Trojan.Fakesupport.exe.infected -> Cloud:Trojan.Win32.LockScreen
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-10.Exploit.DocGeneric.doc.infected -> Cloud:Malware.MSOffice.Dropper
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-2.PUP.BundleInstaller.exe.infected -> Cloud:Adware.Win32.Downloader
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-3.Trojan.Trickybot.exe.infected -> Cloud:Trojan.Win32.Trickbot
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-4.PUP.CoinMiner.exe.infected -> Cloud:Trojan.Win32.Injector
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-5.Trojan.FakeTC.exe.infected -> Cloud:Suspicious.Win32.Generic
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-6.Trojan.Generic(b1d4b0).exe.infected -> Cloud:Trojan.Win32.Generic
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-7.Ransom.Locky.exe.infected -> Cloud:Trojan.Win32.Ransom
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-8.Ransom.Cerber.exe.infected -> Cloud:Trojan.Win32.Injector
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-9.Trojan.Kasidet.exe.infected -> Backdoor.Win32.Agent.Cf[/mw_shl_code]
Elapsed Time: 00:00:18
Total File: 10
Skipped File: 0
Infected File: 10

Emsisoft Emergency Kit - 版本 2017.8
上次更新： 2017/10/5 18:02:20
用户帐号： TECLAST\Admin
Computer name: TECLAST
OS version: Windows 10x64

扫描设置：

扫描方式：自定义扫描
对象： Rootkits, 内存, C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\

检测流氓软件(PUPs)： On
扫描压缩包： On
扫描邮件存档： On
ADS数据流： On
文件扩展名过滤： Off
直接磁盘访问： Off

扫描开始于：       2017/10/6 21:52:19
[mw_shl_code=javascript,true]C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-10.Exploit.DocGeneric.doc.infected -> microsoft22fileconverter.exe       发现病毒： Trojan.GenericKD.12446765 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-1.Trojan.Fakesupport.exe.infected -> (Smart) -> 0       发现病毒： Trojan.GenericKD.12366883 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-4.PUP.CoinMiner.exe.infected -> (NSIS o) -> lzma_nsis0005       发现病毒： Gen:Variant.Razy.220456 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-9.Trojan.Kasidet.exe.infected       发现病毒： Trojan.Kasidet.A (B) [krnl.xmd]
[/mw_shl_code]
已扫描       2166
发现       4

扫描完成后：       2017/10/6 21:52:35
扫描时间：       0:00:16

瑞星---（Windows 10 Creators Update（Redstone 2）....）：云引擎（开）RDM+（开

）
            瑞星反恶软引擎命令行扫描器（社区交流版）

编译于：Sep 22 2017 15:07:50

提示：
  - 本工具供社区交流使用，请勿用于其他用途
  - 本工具没有恶意软件删除、清除、隔离功能
  - 本工具包含开发中的新特性，结果仅供参考

* 命令行中的选项开关：-output-json -log=C:\瑞星RDM+引擎

\community.x64.release\ScanLog_171006214828.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005

* 加载恶软签名库： C:\瑞星RDM+引擎\community.x64.release/malware.rmd
* 恶软签名库加载成功，发布序号为 2927
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Fri Oct 06 21:48:33 2017

[mw_shl_code=javascript,true]{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-3.Trojan.Trickybot.exe.infected","infect":

{"engine":"sha1","signature":"c2hhMTraP2lL3ylgYBiVgtHZjhwy/bMYVw","threat":"T

rojan.Crypto!8.364"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-7.Ransom.Locky.exe.infected","infect":

{"engine":"sha1","signature":"c2hhMTqZSu8+xiFro

+fybYkJkPX6l0zT6Q","threat":"Trojan.Ransom-Locky!8.4655"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-4.PUP.CoinMiner.exe.infected","infect":

{"engine":"sha1","signature":"c2hhMTp3SLF2MzLTW3dhhhzSTsClxFvNow","threat":"M

alware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-6.Trojan.Generic(b1d4b0).exe.infected","infect":

{"engine":"rdmk","signature":"cmRtazpbR59mi/bn22D8vO2x10f3","threat":"Malware

.Heuristic!ET#93%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-1.Trojan.Fakesupport.exe.infected","infect":

{"engine":"sha1","signature":"c2hhMTod83+u441zh4mPzfxZ2i+J

+i8nIA","threat":"Trojan.FakeSupport!8.BA68"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-2.PUP.BundleInstaller.exe.infected","infect":

{"engine":"sha1","signature":"c2hhMTqR7L76EHhmmNfiANfE5cR0z7BpTQ","threat":"A

dware.InstallCore!1.A30C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-10.Exploit.DocGeneric.doc.infected","infect":

{"engine":"rdmk","signature":"cmRtazpCxvrao5imR8K9RSIT8DDN","threat":"Malware

.Heuristic!ET#98%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-5.Trojan.FakeTC.exe.infected","infect":

{"engine":"rdmk","signature":"cmRtazqVwpX

+COIDk6JDk1iIwBw6","threat":"Trojan.Potao!8.289"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-8.Ransom.Cerber.exe.infected","infect":

{"engine":"rdmk","signature":"cmRtazphEq5kEOCdi/DHeLIEHeAb","threat":"Malware

.Heuristic!ET#96%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\BE5B6BB3Up1005\\17.10.5\

\171005-9.Trojan.Kasidet.exe.infected","infect":

{"engine":"sha1","signature":"c2hhMTpVWTdJf3HBG7c/AnGEZ9zQGdTPSA","threat":"B

ackdoor.Kasidet!8.95B"},"type":"scan"}[/mw_shl_code]

扫描结束: Fri Oct 06 21:48:33 2017

总扫描耗时: 0:0:528(m:s:ms)
总扫描对象: 11
总扫描文件: 10
总恶意文件: 10
有效检出率: 100.00%

火绒安全---（Windows 10 Creators Update（Redstone 2）....）：

病毒库：2017/10/05 17:52
开始时间：2017/10/06 21:45
总计用时：00:00:12
扫描对象：148个
扫描文件：10个
发现风险：3个
已处理风险：0个
发现系统修复项：0个
处理系统修复项：0个

病毒详情

[mw_shl_code=javascript,true]风险路径：C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-7.Ransom.Locky.exe.infected, 病毒名：HVM:Trojan/MalBehav.gen!E, 病毒ID：[8d1593ba2838fa52], 处理结果：已忽略
风险路径：C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-9.Trojan.Kasidet.exe.infected, 病毒名：HVM:Trojan/Deceiver.gen!A, 病毒ID：[e970b5cca1f68d46], 处理结果：已忽略
风险路径：C:\Users\Admin\Desktop\AVtest100\BE5B6BB3Up1005\17.10.5\171005-8.Ransom.Cerber.exe.infected, 病毒名：HEUR:VirTool/Obfuscator.gen!B, 病毒ID：[2d18551aef762f90], 处理结果：已忽略[/mw_shl_code]

360 Total Security扫描日志

扫描时间：2017-10-06 21:41:23
扫描用时：00:00:28
扫描项目总数：10
威胁总数：10
处理威胁数：0

扫描选项
----------------------
扫描压缩包：是
常规引擎设置：Bitdefender引擎, 小红伞引擎

扫描内容
----------------------
文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5.7z
文件大小: 3.76 MB (3,943,785 字节)
修改时间: 2017年10月06日，21:40:03
MD5: 0E9863AE529C57A527F0DD2430DC88E3
SHA1: 72CE399B5F4FA96E73CA5E6F15B114E1C4AD1F8D
SHA256: AAC404ECA47417C3C9FA155213B92B14D4FDF44CA684DBB84E4FE05D43F50979
SHA512: 3A9B8F71104EA94A4A4A74CB4FB40E9CFCED9C4DC6B55577625896CC20DBCB803AF87A3C680CBECF36B29D6F1871AC0C4ED9885C60CB3251DA02E6AB4BDC2B20
CRC32: BE5B6BB3
计算时间: 0.11s

扫描结果
======================
高风险项目
----------------------
[mw_shl_code=javascript,true]C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-1.Trojan.Fakesupport.exe.infected       Trojan.Generic       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-2.PUP.BundleInstaller.exe.infected       Win32/Virus.Adware.519       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-5.Trojan.FakeTC.exe.infected       Win32/Trojan.d35       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-6.Trojan.Generic(b1d4b0).exe.infected       Win32/Trojan.e6d       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-3.Trojan.Trickybot.exe.infected       HEUR/QVM20.1.4C9C.Malware.Gen       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-8.Ransom.Cerber.exe.infected       Trojan.Generic       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-7.Ransom.Locky.exe.infected       Trojan.Generic       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-4.PUP.CoinMiner.exe.infected       Trojan.Generic       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-9.Trojan.Kasidet.exe.infected       Malware.Radar01.Gen       未处理
C:\Users\xfxnet2000\Desktop\MX Player Pro\刘1\艾2\61647309\85014225\孙3\Windows Defender\AVTestZipX\17.10.5\171005-10.Exploit.DocGeneric.doc.infected       Trojan.GenericKD.12446765       未处理[/mw_shl_code]

显示全部楼层 · 发表于 2017-10-6 23:12:29

Avira kill 9x
[mw_shl_code=css,true]10/06/2017,23-08-16 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-1.Trojan.Fakesupport.exe.infected
10/06/2017,23-08-16 [INFO] [DETECTION] file contains 'TR/FakeSupport.xacle'
10/06/2017,23-08-16 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-10.Exploit.DocGeneric.doc.infected
10/06/2017,23-08-16 [INFO] [DETECTION] file contains 'TR/Injector.usimy'
10/06/2017,23-08-17 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-3.Trojan.Trickybot.exe.infected
10/06/2017,23-08-17 [INFO] [DETECTION] file contains 'TR/Crypt.ZPACK.twnhp'
10/06/2017,23-08-17 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-4.PUP.CoinMiner.exe.infected
10/06/2017,23-08-17 [INFO] [DETECTION] file contains 'TR/Injector.igrdm'
10/06/2017,23-08-17 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-5.Trojan.FakeTC.exe.infected
10/06/2017,23-08-17 [INFO] [DETECTION] file contains 'TR/Agent.fyzvb'
10/06/2017,23-08-17 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-6.Trojan.Generic(b1d4b0).exe.infected
10/06/2017,23-08-17 [INFO] [DETECTION] file contains 'TR/Dropper.MSIL.kjtpx'
10/06/2017,23-08-17 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-7.Ransom.Locky.exe.infected
10/06/2017,23-08-17 [INFO] [DETECTION] file contains 'TR/Crypt.ZPACK.glcfw'
10/06/2017,23-08-17 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-8.Ransom.Cerber.exe.infected
10/06/2017,23-08-17 [INFO] [DETECTION] file contains 'TR/Crypt.Xpack.tmirr'
10/06/2017,23-08-17 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-9.Trojan.Kasidet.exe.infected
10/06/2017,23-08-17 [INFO] [DETECTION] file contains 'TR/Hijacker.Gen'
10/06/2017,23-08-25 [INFO] repair.rdf loaded (version: 1.0.31.74)
10/06/2017,23-08-27 [INFO] Repair of Generic started.
10/06/2017,23-08-30 [ERROR] bad conversion
10/06/2017,23-08-30 [INFO] Repair of Generic finished successfully.
10/06/2017,23-08-30 [INFO] Repair of TR/FakeSupport.xacle started.
10/06/2017,23-08-46 [ERROR] bad conversion
10/06/2017,23-08-55 [INFO] Repair of TR/FakeSupport.xacle finished successfully.
10/06/2017,23-08-55 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-1.Trojan.Fakesupport.exe.infected
10/06/2017,23-08-55 [INFO] [ACTION] Clean
10/06/2017,23-08-55 [INFO] Repair of TR/Injector.usimy started.
10/06/2017,23-09-13 [ERROR] bad conversion
10/06/2017,23-09-13 [INFO] Repair of TR/Injector.usimy finished successfully.
10/06/2017,23-09-13 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-10.Exploit.DocGeneric.doc.infected
10/06/2017,23-09-13 [INFO] [ACTION] Clean
10/06/2017,23-09-13 [INFO] Repair of TR/Crypt.ZPACK.twnhp started.
10/06/2017,23-09-29 [ERROR] bad conversion
10/06/2017,23-09-31 [INFO] Repair of TR/Crypt.ZPACK.twnhp finished successfully.
10/06/2017,23-09-31 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-3.Trojan.Trickybot.exe.infected
10/06/2017,23-09-31 [INFO] [ACTION] Clean
10/06/2017,23-09-31 [INFO] Repair of TR/Injector.igrdm started.
10/06/2017,23-09-45 [ERROR] bad conversion
10/06/2017,23-09-48 [INFO] Repair of TR/Injector.igrdm finished successfully.
10/06/2017,23-09-48 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-4.PUP.CoinMiner.exe.infected
10/06/2017,23-09-48 [INFO] [ACTION] Clean
10/06/2017,23-09-48 [INFO] Repair of TR/Agent.fyzvb started.
10/06/2017,23-10-02 [ERROR] bad conversion
10/06/2017,23-10-05 [INFO] Repair of TR/Agent.fyzvb finished successfully.
10/06/2017,23-10-05 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-5.Trojan.FakeTC.exe.infected
10/06/2017,23-10-05 [INFO] [ACTION] Clean
10/06/2017,23-10-05 [INFO] Repair of TR/Dropper.MSIL.kjtpx started.
10/06/2017,23-10-19 [ERROR] bad conversion
10/06/2017,23-10-21 [INFO] Repair of TR/Dropper.MSIL.kjtpx finished successfully.
10/06/2017,23-10-21 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-6.Trojan.Generic(b1d4b0).exe.infected
10/06/2017,23-10-21 [INFO] [ACTION] Clean
10/06/2017,23-10-21 [INFO] Repair of TR/Crypt.ZPACK.glcfw started.
10/06/2017,23-10-35 [ERROR] bad conversion
10/06/2017,23-10-38 [INFO] Repair of TR/Crypt.ZPACK.glcfw finished successfully.
10/06/2017,23-10-38 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-7.Ransom.Locky.exe.infected
10/06/2017,23-10-38 [INFO] [ACTION] Clean
10/06/2017,23-10-38 [INFO] Repair of TR/Crypt.Xpack.tmirr started.
10/06/2017,23-10-51 [ERROR] bad conversion
10/06/2017,23-10-54 [INFO] Repair of TR/Crypt.Xpack.tmirr finished successfully.
10/06/2017,23-10-54 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-8.Ransom.Cerber.exe.infected
10/06/2017,23-10-54 [INFO] [ACTION] Clean
10/06/2017,23-10-54 [INFO] Repair of TR/Hijacker.Gen started.
10/06/2017,23-11-08 [ERROR] bad conversion
10/06/2017,23-11-11 [INFO] Repair of TR/Hijacker.Gen finished successfully.
10/06/2017,23-11-11 [INFO] f:\病毒\缉毒卫队\[37]17.10.5\171005-9.Trojan.Kasidet.exe.infected
10/06/2017,23-11-11 [INFO] [ACTION] Clean[/mw_shl_code]

显示全部楼层 · 发表于 2017-10-8 13:18:43

蜘蛛已经7X还剩1，2，5

[病毒样本] 【缉毒卫队测试包】第40期 20171005

X-Sec VS 瑞星---平

本帖子中包含更多资源