樣本測試包(20150628)

显示全部楼层 · 发表于 2015-6-28 19:56:51

金山云引擎

显示全部楼层 · 发表于 2015-6-28 20:00:35

本帖最后由 ELOHIM 于 2015-6-28 20:57 编辑

SCEP 余 52 只。（干掉的48只并未统计双击部分）清理项未统计。
双击了一部分。有些是安装程序。SCEP大多放过。
但是一些别的样本，行为都很类似啊。不新鲜。

还有一些SCEP报可疑。没有双击完……
[mw_shl_code=css,true][8E543FF1CD4E9A93B4F0BC02EC7D229B220D3D7C]-rain003.exe 杀之上传。

类别: 后门程序

描述: 这个程序提供对安装该程序的计算机的远程访问。

推荐的操作: 立即删除这个软件。

项目:
process:pid:4004
process:pid:4004,ProcessStart:130799686200353924
类别: 后门程序

描述: 这个程序提供对安装该程序的计算机的远程访问。

推荐的操作: 立即删除这个软件。

项目:
process:pid:4004,ProcessStart:130799686200353924
[8EC350687262E056E8C2572B2A9B6F2AD38D633B]-PRo.exe
类别: 特洛伊木马

描述: 这个程序很危险，而且执行来自攻击者的命令。

推荐的操作: 立即删除这个软件。

项目:
file:C:\PRo\FapCF.dll
类别: 可疑行为

描述: 这个程序很危险，而且执行来自攻击者的命令。

推荐的操作: 立即删除这个软件。

项目:
behavior:pid:4004:52448192097789
file:C:\Documents and Settings\^\桌面\TSVIRTP-20150628\[8E543FF1CD4E9A93B4F0BC02EC7D229B220D3D7C]-rain003.exe
process:pid:4004
process:pid:4004,ProcessStart:130799686200353924
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\NetworkInformer
runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\NetworkInformer

[8ED7F0B9A710AFAE5F8FF43F0D3C6ED2939DB72E]-cclub02.exe
类别: 后门程序

描述: 这个程序提供对安装该程序的计算机的远程访问。

推荐的操作: 立即删除这个软件。

项目:
process:pid:300,ProcessStart:130799689195160244

类别: 后门程序

描述: 这个程序提供对安装该程序的计算机的远程访问。

推荐的操作: 立即删除这个软件。
[8ED7F0B9A710AFAE5F8FF43F0D3C6ED2939DB72E]-cclub02.exe
项目:
process:pid:300
process:pid:300,ProcessStart:130799689195160244
类别: 可疑行为

描述: 这个程序很危险，而且执行来自攻击者的命令。

推荐的操作: 立即删除这个软件。

项目:
behavior:pid:300:52448192097789
file:C:\Documents and Settings\^\桌面\TSVIRTP-20150628\[8ED7F0B9A710AFAE5F8FF43F0D3C6ED2939DB72E]-cclub02.exe
process:pid:300
process:pid:300,ProcessStart:130799689195160244
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CrashReportNotifyer
runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CrashReportNotifyer[/mw_shl_code]

显示全部楼层 · 发表于 2015-6-28 20:19:18

本帖最后由为你心碎于 2015-6-28 20:22 编辑

AVAST总计73个（隔离80个项目），还有27个，修复2个
小A最大能计51个，分两次测的截图(到51时关掉弹窗就会重新开始计数)

显示全部楼层 · 发表于 2015-6-28 21:05:13

本帖最后由勇者无敌于 2015-6-28 21:11 编辑

咖啡击杀62x
红伞补杀13x
歼敌75x

显示全部楼层 · 发表于 2015-6-28 22:11:39

本帖最后由欧阳宣于 2015-6-28 23:00 编辑

我来试试我的月神

60个。
[mw_shl_code=css,true]6/28/2015 10:57:07 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[650F75859C3A78BB72587049099791572C241F89]-Payment_86811663782.doc" "W97M/Downloader.aiw" "2"

6/28/2015 10:57:10 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[365DF5E359C773B246ACD79CCA0992D06F4BAB08]-New Voice Message from John Smith 650-472-4106 on 04.05.2015.msg" "W97M/Bartallex.f" "2"

6/28/2015 10:57:11 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[5953EF8D2F976968FE3C6405154AC22847EC9E2A]-xvtzwniqxn.vbs" "VBS/Autorun.worm.aapj" "1"

6/28/2015 10:57:11 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[2CF9CF7022F2F6C216CB263595EE3299F6CD02EA]-ACTIVAR PRODUCTOS AUTODESK 2013 - 2012 FULL [32.exe" "Multiplug-FAE" "3"

6/28/2015 10:57:12 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[97E7882FB7DB6C525EF7CBE2E0075057E085DF93]-lava.jpg" "Generic BackDoor.agb" "2"

6/28/2015 10:57:12 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[5078FA5D43FBA9BBC53BD33E7F62D65C9D1574DB]-111114444455555.exe" "Artemis!C191743B4DF0" "2"

6/28/2015 10:57:12 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[562B1E2C1AC87DCE525358811A472D6D8ED013A4]-csgo1.exe" "Artemis!879C5B99D0AA" "2"

6/28/2015 10:57:14 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[5F9150F3AD14C8714A473EBCB88E133BEBC5E07C]-KLog.exe" "Artemis!D4DA929CCAC0" "2"

6/28/2015 10:57:19 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[5BEAE6CB754B01FEE612FA2CB92AA8B435D02D8A]-NjRat Attacker.exe" "Artemis!A315898FC19C" "2"

6/28/2015 10:57:19 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[74A18F7CBBB801D296F6B0773C71040E231E2990]-ESL Client 3.4.exe" "Artemis!312A475B8427" "2"

6/28/2015 10:57:21 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[58948B020E08CAB16202CD81EDED7A21BB250F1F]-Setup.exe" "Artemis!3CE01F47FA6F" "3"

6/28/2015 10:57:22 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[65CC2938EDB6F17DCBBE7CC3F15B940205045756]-VVoice_v7.21.exe" "Artemis!67121041E274" "2"

6/28/2015 10:57:22 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[6C369202D603D9BAAAFAB22205EB838F301E24D3]-Edwinst_1.6.0.278 previsualiseur avi pour emule.exe" "Artemis!D640EF020EC1" "2"

6/28/2015 10:57:22 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[75F319CA97D35BB4402C0508AF0417D0AEC48A39]-dangerrr.exe" "Artemis!D13C6C0DB836" "2"

6/28/2015 10:57:24 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[7B5FEC500B6BAD28AE973DF730D10614EA712927]-Server.exe" "BackDoor-NJRat!FA6D7B5BB359" "2"

6/28/2015 10:57:24 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[8EC350687262E056E8C2572B2A9B6F2AD38D633B]-PRo.exe" "Artemis!E73401FD2508" "2"

6/28/2015 10:57:25 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[8096BFBDC4189F7A942D072092DDB2D587346424]-Server.exe" "BackDoor-NJRat!1D709AD12830" "2"

6/28/2015 10:57:25 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[7E7E4C695319068C345FB31C9FBA38C6FADC4020]-omaradel.exe" "BackDoor-NJRat!5B9315FB1137" "2"

6/28/2015 10:57:25 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[939CB4E17EEC7FB31311EE07E0A61D2C746E4499]-server.exe" "BackDoor-FBVR!E984D7D38169" "2"

6/28/2015 10:57:26 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[9243C44E25D4C5E80A763470B7006050A5E8DD6F]-PEY8RK80PNMA.exe" "Artemis!4F18EA35D787" "2"

6/28/2015 10:57:26 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[7038FA0B506C8429B0A3D808B0F22FF8464C066B]-77CF.tmp" "Trojan-FGIT!81064200E3C6" "2"

6/28/2015 10:57:26 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[AFFF29F73B1E4868BDF9D0E2F3BFCE3103AF82D8]-Purchase_Order.scr" "Artemis!3A7A4414376A" "2"

6/28/2015 10:57:27 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[C84DCE27C8F753E9C2224B13A0EDBC9C9384EA09]-Image2427.scr" "Artemis!F50515B89862" "2"

6/28/2015 10:57:27 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[10F0341426298CFE8A09D9D28B4017910F70C6F8]-patch.exe" "RDN/Generic.dx!d2v" "2"

6/28/2015 10:57:28 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[978AA752C74DDAFF051CE9468E5C295875D26FDA]-mm.exe" "BackDoor-NJRat!EB104BA8F2F5" "2"

6/28/2015 10:57:28 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[E44B15D4FDDEE552A7CD3D2B19939939547B8114]-FOLIODETE.scr" "Trojan-FGQP!8AA6BC6A8B44" "2"

6/28/2015 10:57:28 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[94717D88F6C9DAA2881CAAD8321CFA6E12F75B51]-server.exe" "BackDoor-FBVR!E8ED9A157C21" "2"

6/28/2015 10:57:29 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[A78603EFA08A05609171FBF11091E0B4C7F0A0A3]-sdfsdfsdfsfdsdfsdfsdf.exe" "Artemis!88E2FF774367" "2"

6/28/2015 10:57:29 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[A7A0ECB14244AB9D2B0AE6AF2AC247735C009F22]-Nightlife.exe" "Artemis!802161B522FE" "2"

6/28/2015 10:57:29 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[1D0B0702A9B7D530733FBB12576E02015072C371]-1.exe" "BackDoor-NJRat!E00B3E28B7A1" "2"

6/28/2015 10:57:30 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[1FB60306BFF32A2DEEB151DA78BD0FA185F563DF]-mobile7.exe" "Artemis!B0FDF39739FA" "2"

6/28/2015 10:57:30 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[39801E3A8F4F5E1A3811A81834DD9D733958E70C]-Server.exe" "BackDoor-NJRat!D8E221CBA593" "2"

6/28/2015 10:57:31 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[EC4749E808FE947ABDFABD8DA6097690CE74103A]-rombertik.exe" "BackDoor-FCOV!F504EF6E9A26" "2"

6/28/2015 10:57:31 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[D3AFF9E973EE0FB56D7593504B358720836BF009]-AntiSpy2011Setup.exe" "FakeAlert-SecurityTool.br" "2"

6/28/2015 10:57:31 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[CD937B71FA6A5F9AA82DDDCEFEA6CC6FFCE457E2]-PointX.exe" "Generic BackDoor.xa" "2"

6/28/2015 10:57:31 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[C8137886FC82C1C1370DEE93CD23E332A2E2CE0E]-HardCheat v1.1.exe" "Artemis!FDC8A9B7133C" "2"

6/28/2015 10:57:32 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[BD04339847DB676A8C420207A10B4E0B30608081]-shock.exe" "GenericR-DVF!63A2E35F419D" "2"

6/28/2015 10:57:32 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[1C37640F58C91130D7D2224015254443803B9DD1]-nbwsfxv.exe" "Ransom-CTB.b!318ECA04390A" "2"

6/28/2015 10:57:32 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[1D266D181E329B90251C46220BA7BF82ACA5DA2F]-Server.exe" "BackDoor-NJRat!30875A7DC7AC" "2"

6/28/2015 10:57:36 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[D3689F620CCE3FD60C9F748D65354B0B85DEF939]-Boleto_vencido_aguardando_Protesto_retorno_juridico_Mes_Abril.exe" "Artemis!4400031D5BB2" "2"

6/28/2015 10:57:36 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[21A3346724ADD2F8D2543BE145F5E1375038EA1B]-tmunite.dll" "Artemis!6A3D001B34FD" "2"

6/28/2015 10:57:36 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[AD0D3805D15B33F2352324281CCB4AE02780E4EC]-xuru201506.exe" "Artemis!2087CDE71713" "2"

6/28/2015 10:57:36 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[E34166E851533F1A395899EAE8CDE7244ABBAE62]-system.exe" "BackDoor-NJRat!37BA7A0396AD" "2"

6/28/2015 10:57:36 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[E6073BE491028C1C9A4EE4CCFDE0E248166E5C90]-uyniOtXH.exe" "Artemis!4382872727FC" "2"

6/28/2015 10:57:36 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[E1CEB600B201FC2DACCC9ED5AC36CD3FDB4DBAE3]-Server.exe" "BackDoor-NJRat!09BA8CBAACE9" "2"

6/28/2015 10:57:36 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[E507FFC9A36CA81BA2F94710D4A54B17FC97A60B]-最新版主文件V2.06.1.6.exe" "Artemis!9899F090986E" "2"

6/28/2015 10:57:37 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[E72D186764D7199734114E6F687353D2A4635462]-Secret.exe" "BackDoor-NJRat!A23375DB8B56" "2"

6/28/2015 10:57:37 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[F952BB980F175527AFBBB0FA3F301CB6B6F28F81]-backup.exe" "Artemis!AA15C9CBAE35" "2"

6/28/2015 10:57:38 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[FB016FB7FA2A436DE05035E205089098BADB0751]-hexchat.exe" "Generic PWS.di" "2"

6/28/2015 10:57:38 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[FF37CB797C34FE883432A0D3101BF747E87C4621]-Server.exe" "BackDoor-NJRat!369675DDC409" "2"

6/28/2015 10:57:39 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[F6123F1155FAF93AC1FBEB1DD4CADDDEFCA7332B]-Server.exe" "BackDoor-NJRat!61ED0EBC9400" "2"

6/28/2015 10:57:44 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[EC813B05E746ECD21770CD48CDEF25E6075672B9]-photo.exe" "BackDoor-NJRat!7A6E25BB300C" "2"

6/28/2015 10:57:44 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[D2AAAAF1EE04D3865907410583680BE6CC3D7108]-MFG_Sponsor_Setup.exe" "Multiplug-FAD" "3"

6/28/2015 10:57:45 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[E2BF987BCA06CDBB17446CE4108CCF3BA74E539E]-vxwzewiukua2.exe" "Artemis!A6395DE6D360" "2"

6/28/2015 10:57:45 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[FC87906AB93C054E0FFA08E3C6D5BDCCCB3A9D87]-qb4.9x3.exe" "Artemis!0EA3F577E91F" "2"

6/28/2015 10:57:48 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[A180804A436994617FFA3F8DCCB974A335125E8B]-Comp-Junho-pdf.cpl" "Artemis!A916A1B02EC9" "2"

6/28/2015 10:58:22 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[6C0378DFFC51F4519CE5D21911DDA4031733AF61]-sdfg.jar" "Exploit-ByteVerify" "2"

6/28/2015 10:58:22 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[6C0378DFFC51F4519CE5D21911DDA4031733AF61]-sdfg.jar" "Exploit-ByteVerify" "2"

6/28/2015 10:58:22 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[6C0378DFFC51F4519CE5D21911DDA4031733AF61]-sdfg.jar" "Exploit-ByteVerify" "2"

6/28/2015 10:58:23 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[875EB8C2D076B2C32F4724EB083486D282EDC3BE]-Scanned from a Xerox Multifunction Printer.doc" "W97M/Downloader.ajo" "2"

6/28/2015 10:58:23 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[825E99E724CB411547D611DB961C30AFA94A719C]-OsbuddyPro - Cracked By Tekz.jar" "RDN/Generic.dx!ox" "2"

6/28/2015 10:58:23 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[825E99E724CB411547D611DB961C30AFA94A719C]-OsbuddyPro - Cracked By Tekz.jar" "RDN/Generic Exploit!1mc" "2"

6/28/2015 10:58:23 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[825E99E724CB411547D611DB961C30AFA94A719C]-OsbuddyPro - Cracked By Tekz.jar" "RDN/Generic Exploit!1mc" "2"

6/28/2015 10:58:24 PM "E:\Virus\TSVIRTP-20150628\TSVIRTP-20150628\[40BEB0EA7D7A14852A4EC5B73285D1F4E95548FC]-Runescape BRB _best rs bot_ - ShaRkModz.exe" "Artemis!6386CF701CA9" "2"[/mw_shl_code]

显示全部楼层 · 发表于 2015-6-28 22:53:16

欧阳宣发表于 2015-6-28 22:11
我来试试我的月神

月神好用吗

显示全部楼层 · 发表于 2015-6-28 22:59:26

为你心碎发表于 2015-6-28 22:53
月神好用吗

网络好就好用

显示全部楼层 · 发表于 2015-6-28 23:20:15

dr.web 59X

显示全部楼层 · 发表于 2015-6-28 23:30:39

火绒扫描。。。不忍直视

[病毒样本] 樣本測試包(20150628)

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块