Trojan-Banker.Win32.Shifu.cvl

1446547521

SHA256:         3a4e1647bd00df0193a04a0602f5585ce4a47fbbbde93a6bac768f91867afc59
File name:         1.rar
Detection ratio:         12 / 55
Analysis date:         2016-02-25 013:25:36 UTC ( 1 minute ago )

AegisLab         Uds.Dangerousobject.Multi!c        
Avira (no cloud)         TR/TeslaCrypt.A.12        
DrWeb         Trojan.AVKill.60065        
ESET-NOD32         Win32/Filecoder.TeslaCrypt.I        
Fortinet         W32/Filecoder_TeslaCrypt.I!tr        
Kaspersky         Trojan-Banker.Win32.Shifu.cvl        
Malwarebytes         Ransom.TeslaCrypt        
McAfee         Artemis!FBDEDA3F9EEE        
McAfee-GW-Edition         BehavesLike.PWSZbot.gc        
Sophos         Mal/Generic-S        
TrendMicro         Ransom_.20BC3C38        
TrendMicro-HouseCall         Ransom_.20BC3C38

轩夏

name="C:\Users\XuanXia\Desktop\1\1.exe", threat="Win32/Filecoder.TeslaCrypt.I trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\1\2.exe", threat="Win32/Filecoder.TeslaCrypt.I trojan", action="", info=""

275751198

360 HEUR/QVM07.1.Malware.Gen

3801187

z2009

360有人测了，我就不测了
过bg扫描，运行杀

icedream89

BD扫描miss
双击ATC杀掉
[mw_shl_code=css,true]时间;扫描程序;对象类型;对象;威胁;操作;用户;信息;哈希
2016/2/25 星期四 20:32:22;文件系统实时防护;文件;D:\个人文件\桌面\1\2.exe;Win32/Filecoder.TeslaCrypt.I 特洛伊木马;通过删除清除;USER-0K84B09LCU\Administrator;在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe (BBC69E6E9459BCFCBED06768CF1EFA99F1FDB478).;AAE937437B6A3185AACB5B53E72BBDC07ABCD537
2016/2/25 星期四 20:32:22;文件系统实时防护;文件;D:\个人文件\桌面\1\1.exe;Win32/Filecoder.TeslaCrypt.I 特洛伊木马;通过删除清除;USER-0K84B09LCU\Administrator;在应用程序新建的文件上发生事件: C:\Program Files\WinRAR\WinRAR.exe (BBC69E6E9459BCFCBED06768CF1EFA99F1FDB478).;E41FB28912AC4B77EBB1609BF126D2B311A6AA2B
[/mw_shl_code]

aboringman

AVG：

扫描：kill all files；

"";"Trojan horse FileCryptor.HOF, C:\Users\killer\Desktop\1.exe";"Unresolved"

"";"Trojan horse FileCryptor.HOF, C:\Users\killer\Desktop\2.exe";"Unresolved"

双击：关闭监控，实机双击，IDP双杀。（又现ARES及ALEXA）

"";"IDP.ALEXA.51, C:\USERS\KILLER\DESKTOP\1.EXE";"Deleted";"File or Directory";"2016/2/25, 22:46:40"

"";", C:\USERS\KILLER\DESKTOP\1.EXE";"Object was blocked";"Process";"2016/2/25, 22:46:40"

"";", C:\Windows\umvkrbtqahig.exe";"Object was blocked";"Process";"2016/2/25, 22:46:40"

"";", C:\Windows\System32\cmd.exe";"Object was blocked";"Process";"2016/2/25, 22:46:40"

"";", C:\Windows\umvkrbtqahig.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/25, 22:46:40"

"";", C:\USERS\KILLER\DESKTOP\1.EXE";"Object was blocked";"Process";"2016/2/25, 22:46:40"

"";"IDP.ARES.Generic, C:\USERS\KILLER\DESKTOP\2.EXE";"Deleted";"File or Directory";"2016/2/25, 22:47:29"

"";", C:\USERS\KILLER\DESKTOP\2.EXE";"Object was blocked";"Process";"2016/2/25, 22:47:29"

"";", C:\Windows\gnyaesbpkspb.exe";"Object was blocked";"Process";"2016/2/25, 22:47:29"

"";", C:\Windows\System32\cmd.exe";"Object was blocked";"Process";"2016/2/25, 22:47:29"

"";", C:\Windows\gnyaesbpkspb.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/25, 22:47:29"

"";", C:\USERS\KILLER\DESKTOP\2.EXE";"Object was blocked";"Process";"2016/2/25, 22:47:29"

1446547521

aboringman 发表于 2016-2-25 22:50
AVG：

扫描：kill all files；

不得不说AVG的IDP真是神器

Kukon

F-Secure：
Trojan.TeslaCrypt.AU

aboringman

1446547521 发表于 2016-2-25 22:59
不得不说AVG的IDP真是神器

神器就谈不上了，还需要更多的测试让我掌握IDP的很深层次的东西，目前只不过是揭开了表皮上的一层膜而已。