收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 volatile-cedar
12下一页
返回列表 发新帖
查看: 3556|回复: 11
收起左侧

[可疑文件] volatile-cedar

[复制链接]
275751198
发表于 2015-4-3 22:20:04 | 显示全部楼层 |阅读模式
http://securelist.com/blog/resea ... dga-infrastructure/

“爆炸雪松”攻击全球国防、电信等机构 被发现后自毁
过去两年来,一个疑似来自黎巴嫩的网络间谍小组黑掉了数百个国防供应商、电信运营商、传媒以及教育组织,范围超过10个国家。


http://yunpan.cn/cVspQRzGegkyn (提取码:08e7)
回复

举报

230f4
发表于 2015-4-3 22:24:47 | 显示全部楼层
ESS8                          33/35
回复

举报

Flying_Bird
发表于 2015-4-3 22:27:41 | 显示全部楼层
ESS-CH 33/35 too.
[mw_shl_code=xml,true]bed0bec3d123e7611dc3d722813eeb197a2b8048396cef4414f29f24af3a29c4 - Win32/Agent.PTM 特洛伊木马 的变种
d0f059ba21f06021579835a55220d1e822d1233f95879ea6f7cb9d301408c821 - Win32/Agent.PTM 特洛伊木马 的变种
d8fdcdaad652c19f4f4676cd2f89ae834dbc19e2759a206044b18601875f2726 - Win32/Agent.RAL 特洛伊木马 的变种
d30f306d4d866a07372b94f7657a7a2b0500137fe7ef51678d0ef4249895c2c5 - Win32/Agent.PTM 特洛伊木马 的变种
dea53e331d3b9f21354147f60902f6e132f06183ed2f4a28e67816f9cb140a90 - Win32/Agent.RAL 特洛伊木马 的变种
e2e6ed82703de21eb4c5885730ba3db42f3ddda8b94beb2ee0c3af61bc435747 - Win32/Agent.RAL 特洛伊木马 的变种
e5b68ab68b12c3eaff612ada09eb2d4c403f923cdec8a5c8fe253c6773208baf - Win32/Agent.PTM 特洛伊木马 的变种
ea335556fecaf983f6f26b9788b286fbf5bd85ff403bb4a1db604496d011be29 - Win32/Agent.PTM 特洛伊木马
ef47aaf4e964e1e1b7787c480e60a744550de847618510d2bf54bbc5bda57470 - Win32/Agent.PTM 特洛伊木马 的变种
fc085d9be18f3d8d7ca68fbe1d9e29abbe53e7582453f61a9cd65da06961f751 - Win32/Agent.RAL 特洛伊木马 的变种
1b76fdbd4cd92c7349bc99291137637614f4fb9598ae29df0a39a422611b86f8 - Win32/Agent.PTM 特洛伊木马 的变种
3bedb4bdb17718fda1edd1a8fa4289dc61fdda598474b5648414e4565e88ecd5 - Win32/Agent.RAL 特洛伊木马 的变种
5a310669920099cd51f82bc9eb5459e9889b6357a21f7ce95ac961e053c79acb - Win32/Agent.PTM 特洛伊木马 的变种
5d491ea5705e90c817cf0f5211c9edbcd5291fe8bd4cc69cdb58e8d0e6b6d1fe - Win32/Agent.RAL 特洛伊木马 的变种
37f4e9d0153221d9a236f299151c9f6911a6f78fff54c91b94ea64d1f3a8872b - Win32/PSW.Agent.NZV 特洛伊木马
41dd95533d85a0fd099ee79fbb4c8699ae6f9299b74034b8bafa3b0ea4a1fb3a - Win32/PSW.Agent.OAD 特洛伊木马 的变种
52cb02da0462fdd08d537b2c949e2e252f7a7a88354d596e9f5c9f1498d1c68f - Win32/Agent.PTM 特洛伊木马 的变种
97ab07c8020aead6ce0d9196e03d3917045e65e8c65e52a16ec6ef660dd96968 - Win32/PSW.Agent.OAD 特洛伊木马 的变种
388f5bc2f088769b361dfe8a45f0d5237c4580b287612422a03babe6994339ff - Win32/Agent.RAL 特洛伊木马 的变种
1952fa94b582e9af9dca596b5e51c585a78b8b1610639e3b878bbfa365e8e908 - Win32/Agent.PTM 特洛伊木马 的变种
03641e5632673615f23b2a8325d7355c4499a40f47b6ae094606a73c56e24ad0 - Win32/Agent.RAL 特洛伊木马 的变种
5663b2d4a4aec55d5d6fb507e3fdcb92ffc978d411de68b084c37f86af6d2e19 - Win32/Agent.RAL 特洛伊木马 的变种
6674ffe375f8ab54cfa2a276e4a39b414cf327e0b00733c215749e8a94385c63 - Win32/Agent.PTM 特洛伊木马
07529fae9e74be81fd302d022603d9f0796b4b9120b0d6131f75d41b979bbca5 - Win32/Agent.RAL 特洛伊木马 的变种
30196c83a1f857d36fde160d55bd4e5b5d50fbb082bd846db295cbe0f9d35cfb - Win32/Agent.PTM 特洛伊木马 的变种
50414f60d7e24d25f9ebb68f99d67a46e8b12458474ac503b6e0d0562075a985 - Win32/Agent.RAL 特洛伊木马 的变种
0008065861f5b09195e51add72dacd3c4bbce6444711320ad349c7dab5bb97fb - Win32/Agent.PTM 特洛伊木马
a98099541168c7f36b107e24e9c80c9125fefb787ae720799b03bb4425aba1a9 - Win32/Agent.RAL 特洛伊木马 的变种
b74bd5660baf67038353136978ed16dbc7d105c60c121cf64c61d8f3d31de32c - Win32/PSW.Agent.OAD 特洛伊木马 的变种
b275c8978d18832bd3da9975d0f43cbc90e09a99718f4efaf1be7b43db46cf95 - Win32/Agent.PTM 特洛伊木马 的变种
bc12d7052e6cfce8f16625ca8b88803cd4e58356eb32fe62667336d4dee708a3 - Win32/Agent.PTM 特洛伊木马 的变种
bd039bb73f297062ab65f695dd6defafd146f6f233c451e5ac967a720b41fc14 - Win32/PSW.Agent.OAD 特洛伊木马 的变种
bdef2ddcd8d4d66a42c9cbafd5cf7d86c4c0e3ed8c45cc734742c5da2fb573f7 - Win32/Agent.RAL 特洛伊木马 的变种 [/mw_shl_code]
回复

举报

pal家族
发表于 2015-4-3 22:29:06 | 显示全部楼层
本帖最后由 pal家族 于 2015-4-3 22:41 编辑

~~~卡巴免测了啊,我歇着了

没事做 还是测了~~

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

pal家族
发表于 2015-4-3 22:37:35 | 显示全部楼层
外{过}{滤}挂检测装置自家引擎

开伞一样的
有病毒交换就是好

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

XywCloud
发表于 2015-4-3 22:40:27 | 显示全部楼层
BAV kill 35x
回复

举报

学雷锋做人
头像被屏蔽
发表于 2015-4-3 22:47:21 | 显示全部楼层
本帖最后由 学雷锋做人 于 2015-4-3 23:08 编辑

360安全卫士关伞,32个

FD,单测VT:35个

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Flying_Bird
发表于 2015-4-3 23:24:24 | 显示全部楼层
Sent to Herobravo Security.
回复

举报

驭龙
发表于 2015-4-4 07:16:01 | 显示全部楼层
我觉得这不是基准线的表现,MA全杀

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

ericdj
发表于 2015-4-4 09:41:06 | 显示全部楼层
GD kill 35
[mw_shl_code=html,true]Virus check with G DATA INTERNET SECURITY
Version 25.0.2.4 (2015/1/8)
Virus signature dated 2015/4/4
Start time: 2015/4/4 9:39:20
Engine(s): Engine A (AVA 25.947), Engine B (GD 25.4895)
Heuristics: On
Archives: On
System areas: On
Check rootkits: Off

Check system areas...
Check the following directories and files:
   C:\Users\eric\Desktop\virus\2015.4.4\

Analysis performed in full: 2015/4/4 9:39:32
     35 files checked
     35 infected files detected
     0 suspicious files found


Object: 0008065861f5b09195e51add72dacd3c4bbce6444711320ad349c7dab5bb97fb
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2261857 (Engine A)

Object: 03641e5632673615f23b2a8325d7355c4499a40f47b6ae094606a73c56e24ad0
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Gen:Variant.Graftor.181965 (Engine A)

Object: 07529fae9e74be81fd302d022603d9f0796b4b9120b0d6131f75d41b979bbca5
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Gen:Variant.Zusy.135052 (Engine A)

Object: 1b76fdbd4cd92c7349bc99291137637614f4fb9598ae29df0a39a422611b86f8
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.9966644 (Engine A)

Object: 30196c83a1f857d36fde160d55bd4e5b5d50fbb082bd846db295cbe0f9d35cfb
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.13084273 (Engine A)

Object: 1952fa94b582e9af9dca596b5e51c585a78b8b1610639e3b878bbfa365e8e908
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Gen:Variant.Graftor.181965 (Engine A)

Object: 37f4e9d0153221d9a236f299151c9f6911a6f78fff54c91b94ea64d1f3a8872b
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.13100153 (Engine A)

Object: 3bedb4bdb17718fda1edd1a8fa4289dc61fdda598474b5648414e4565e88ecd5
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.13084263 (Engine A)

Object: 388f5bc2f088769b361dfe8a45f0d5237c4580b287612422a03babe6994339ff
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Gen:Variant.Graftor.181965 (Engine A)

Object: 41dd95533d85a0fd099ee79fbb4c8699ae6f9299b74034b8bafa3b0ea4a1fb3a
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Gen:Variant.Graftor.182113 (Engine A)

Object: 52cb02da0462fdd08d537b2c949e2e252f7a7a88354d596e9f5c9f1498d1c68f
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2258640 (Engine A)

Object: 50414f60d7e24d25f9ebb68f99d67a46e8b12458474ac503b6e0d0562075a985
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.13084263 (Engine A)

Object: 5a310669920099cd51f82bc9eb5459e9889b6357a21f7ce95ac961e053c79acb
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2263278 (Engine A)

Object: 5663b2d4a4aec55d5d6fb507e3fdcb92ffc978d411de68b084c37f86af6d2e19
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Gen:Variant.Graftor.181965 (Engine A)

Object: 5d491ea5705e90c817cf0f5211c9edbcd5291fe8bd4cc69cdb58e8d0e6b6d1fe
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.13084263 (Engine A)

Object: 78201fd42dfc65e94774d8a9b87293c19044ad93edf59d3ff6846766ed4c3e2e
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2265399 (Engine A)

Object: 6674ffe375f8ab54cfa2a276e4a39b414cf327e0b00733c215749e8a94385c63
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2258642 (Engine A)

Object: 97ab07c8020aead6ce0d9196e03d3917045e65e8c65e52a16ec6ef660dd96968
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2261159 (Engine A)

Object: a98099541168c7f36b107e24e9c80c9125fefb787ae720799b03bb4425aba1a9
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2260389 (Engine A)

Object: b74bd5660baf67038353136978ed16dbc7d105c60c121cf64c61d8f3d31de32c
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2262822 (Engine A)

Object: b275c8978d18832bd3da9975d0f43cbc90e09a99718f4efaf1be7b43db46cf95
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2263014 (Engine A)

Object: bd039bb73f297062ab65f695dd6defafd146f6f233c451e5ac967a720b41fc14
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2266636 (Engine A)

Object: bc12d7052e6cfce8f16625ca8b88803cd4e58356eb32fe62667336d4dee708a3
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.13084273 (Engine A)

Object: bed0bec3d123e7611dc3d722813eeb197a2b8048396cef4414f29f24af3a29c4
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2262829 (Engine A)

Object: bfc63b30624332f4fc2e510f95b69d18dd0241eb0d2fcd33ed2e81b7275ab488
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.13100173 (Engine A)

Object: d0f059ba21f06021579835a55220d1e822d1233f95879ea6f7cb9d301408c821
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.12809903 (Engine A)

Object: d30f306d4d866a07372b94f7657a7a2b0500137fe7ef51678d0ef4249895c2c5
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2263004 (Engine A)

Object: d8fdcdaad652c19f4f4676cd2f89ae834dbc19e2759a206044b18601875f2726
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.13084263 (Engine A)

Object: bdef2ddcd8d4d66a42c9cbafd5cf7d86c4c0e3ed8c45cc734742c5da2fb573f7
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Gen:Variant.Zusy.135052 (Engine A)

Object: e2e6ed82703de21eb4c5885730ba3db42f3ddda8b94beb2ee0c3af61bc435747
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2260398 (Engine A)

Object: e5b68ab68b12c3eaff612ada09eb2d4c403f923cdec8a5c8fe253c6773208baf
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.Generic.9157678 (Engine A)

Object: dea53e331d3b9f21354147f60902f6e132f06183ed2f4a28e67816f9cb140a90
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Gen:Variant.Graftor.181965 (Engine A)

Object: ea335556fecaf983f6f26b9788b286fbf5bd85ff403bb4a1db604496d011be29
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2261857 (Engine A)

Object: ef47aaf4e964e1e1b7787c480e60a744550de847618510d2bf54bbc5bda57470
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2263014 (Engine A)

Object: fc085d9be18f3d8d7ca68fbe1d9e29abbe53e7582453f61a9cd65da06961f751
    Path: C:\Users\eric\Desktop\virus\2015.4.4
    Status: Virus, file deleted
    Virus: Trojan.GenericKD.2259631 (Engine A)
[/mw_shl_code]
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-25 23:00 , Processed in 0.123615 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表