Detection ratio: 2 / 54 Angler EK & Neutrino EK 挂马 变种产品 卷土重来3

墨家小子

SHA256:        04dff657fa0a133a661efed39e90b71c9ad3c474d9e76bbacdc13c2558ea21ac
File name:        rad14524.tmp.exe
Detection ratio:        2 / 54
Analysis date:        2016-01-24 03:04:58 UTC ( 1 minute ago )
https://www.virustotal.com/en/fi ... nalysis/1453604698/

就截两张图，这一波来势凶猛，貌似我大局域网治疗加密勒索有奇效~~

木马图标，满分|~~

vm001

2016-01-24 11:19:19        C:\Users\Admin\Desktop\rad14524.tmp.rar        病毒        360浏览器

QQn1

eset报僵尸网络，入沙失败，调用svchost

aboringman

ESET（Special Test）：防火墙被无视，AMS要当家作主。。。。。。

Result：Success.

Time;Scanner;Object type;Object;Threat;Action;User;Information

2016/1/24 12:42:19;Advanced memory scanner;file;Operating memory » C:\Users\killer\Desktop\rad14524.tmp.exe;a variant of Win32/Filecoder.CryptoWall.G trojan;cleaned - quarantined;;

275751198

图标满分，但是国内版360没报，

1446547521

双击声纳没反应，但IPS一直在阻止

2016-1-24 13:27,高,阻止了 92.240.253.107 的入侵企图,已阻止,不需要操作,System Infected: Trojan.Cryptodefense Activity 5,"92.240.253.107, 80",vladoveverka.sk/6RGZgC.php?k=3z6p7rdwo4y,"14465-AD0326EC4 (192.168.154.128, 2319)",92.240.253.107,"TCP, www-http",
2016-1-24 13:26,高,阻止了 195.210.46.199 的入侵企图,已阻止,不需要操作,System Infected: Trojan.Cryptodefense Activity 5,"195.210.46.199, 80",zhahan.kz/TSOXQL.php?k=8n7gt86luzobd,"14465-AD0326EC4 (192.168.154.128, 2315)",195.210.46.199,"TCP, www-http",
2016-1-24 13:26,信息,“入侵防护签名自动阻止”已阻止 IP 地址 195.210.46.199 的时间为 30 分钟,已检测,不需要操作,,,,,,,入侵防护
2016-1-24 13:26,高,阻止了 195.210.46.199 的入侵企图,已阻止,不需要操作,System Infected: Trojan.Cryptodefense.B Activity 40,"195.210.46.199, 80",zhahan.kz/TSOXQL.php?k=8n7gt86luzobd,"14465-AD0326EC4 (192.168.154.128, 2315)",195.210.46.199,"TCP, www-http",
2016-1-24 13:26,高,阻止了 51.255.99.132 的入侵企图,已阻止,不需要操作,System Infected: Trojan.Cryptodefense Activity 5,"51.255.99.132, 80",ronikagp.ir/U_ABoi.php?f=w277sq70pdc,"14465-AD0326EC4 (192.168.154.128, 2312)",51.255.99.132,"TCP, www-http",
2016-1-24 13:26,高,阻止了 dorisbociort.ro 的入侵企图,已阻止,不需要操作,System Infected: Trojan.Cryptodefense Activity 5,"dorisbociort.ro (46.102.252.130, 80)",dorisbociort.ro/6sZTLc.php?n=oui82d9aiv,"14465-AD0326EC4 (192.168.154.128, 2310)",46.102.252.130 (46.102.252.130),"TCP, www-http",
2016-1-24 13:25,高,阻止了 giosposa.com 的入侵企图,已阻止,不需要操作,System Infected: Trojan.Cryptodefense Activity 5,"giosposa.com (37.59.219.176, 80)",giosposa.com/Zoe2aN.php?u=sm4a1yqln198pb5,"14465-AD0326EC4 (192.168.154.128, 2308)",37.59.219.176 (37.59.219.176),"TCP, www-http",
2016-1-24 13:25,高,阻止了 92.240.253.14 的入侵企图,已阻止,不需要操作,System Infected: Trojan.Cryptodefense Activity 5,"92.240.253.14, 80",lptech.sk/g3lfoj.php?a=ebfnfo952u4q0b2,"14465-AD0326EC4 (192.168.154.128, 2306)",92.240.253.14,"TCP, www-http",
2016-1-24 13:25,高,阻止了 186.202.161.18 的入侵企图,已阻止,不需要操作,System Infected: Trojan.Cryptodefense Activity 5,"186.202.161.18, 80",winika.com.br/SGJ_Fr.php?o=3xav0tuaffka1m4,"14465-AD0326EC4 (192.168.154.128, 2303)",186.202.161.18,"TCP, www-http",

MrDeep

24.01.2016 13.38.12;检测到的对象（文件）未处理。;C:\Users\Ansar\Desktop\rad14524.tmp.exe;C:\Users\Ansar\Desktop\rad14524.tmp.exe;UDS:DangerousObject.Multi.Generic;未知威胁;01/24/2016 13:38:12

1446547521

双击，费尔成功拦截

nick20010117

aboringman 发表于 2016-1-24 12:43
ESET（Special Test）：防火墙被无视，AMS要当家作主。。。。。。

Result：Success.

你看楼上的很有意思

nick20010117