SHA256: 06d7920f66d97df5258176ff573f988cb39b4f7f02ee3ad1ddb5ebb08fbd7acf
File name: 3287.tmp.dll
Detection ratio: 5 / 56
Analysis date: 2016-03-11 09:11:33 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/06d7920f66d97df5258176ff573f988cb39b4f7f02ee3ad1ddb5ebb08fbd7acf/analysis/1457687493/
Bkav HW32.Packed.4D1C 20160310
ESET-NOD32 Win32/PSW.Papras.EJ 20160311
Malwarebytes Trojan.Bedep 20160311
Qihoo-360 QVM40.1.Malware.Gen 20160311
Symantec Suspicious.Cloud.7.F 20160310
VT上看到的是不是从我本机上传的结果?
诺顿防护全开,IPS率先拦截,之前这个网页IPS是不拦截的,但下载智能分析拦截木马运行,可以查看之前的帖子
之后关闭IPS,开启自动防护,开启SSF,再次进入挂马网页。首先SSF拦截木马DLL,然后诺顿下载智能分析拦截并删除木马DLL
2016/3/11 17:03:14,高,阻止了 localhost 的入侵企图,已阻止,不需要操作,,不需要操作,不需要操作,Web Attack: Angler Exploit Kit Website 6,"localhost (127.0.0.1, 1XXX2)",fl.masterreikinow.com/topic/53169-whelked-scrams-caesar-sapphire-snakeskin-founds-wiry-needing/,"localhost (127.0.0.1, 1XXX9)",localhost (127.0.0.1),"TCP, 端口 1XXX2"
类别: 下载智能分析
日期和时间,风险,活动,状态,活动
2016/3/11 17:08:36,高,下载智能分析已扫描 3287.tmp.dll,已删除,已执行的威胁操作: 0
类别: 诺顿社区防卫
日期和时间,风险,活动,状态,推荐的操作,更新日期,提交者,说明,提交详细信息
2016/3/11 17:10:07,信息,统计提交: Trojan Horse (Presence),挂起,不需要操作,2016/3/11 17:10:07,Norton Internet Security,统计提交: Trojan Horse (Presence),CSIDL_PROFILE\appdata\local\temp\low\3287.tmp.dll
2016/3/11 17:09:17,信息,统计提交: Trojan Horse,挂起,不需要操作,2016/3/11 17:09:17,Norton Internet Security,统计提交: Trojan Horse,CSIDL_PROFILE\appdata\local\temp\low\3287.tmp.dll
2016/3/11 17:09:06,信息,统计提交: Trojan Horse (Presence),挂起,不需要操作,2016/3/11 17:09:06,Norton Internet Security,统计提交: Trojan Horse (Presence),CSIDL_PROFILE\appdata\local\temp\low\3287.tmp.dll
2016/3/11 17:08:36,信息,统计提交: Trojan Horse,挂起,不需要操作,2016/3/11 17:08:36,Norton Internet Security,统计提交: Trojan Horse,CSIDL_PROFILE\appdata\local\temp\low\3287.tmp.dll
|
发表于 2016-3-11 17:24:28
楼主