File name: 48B1.tmp.exe Detection ratio: 5 / 56 貌似加密勒索挂马 3

墨家小子

SHA256:        2e95eeff697b4f0c1aa83a4b71ae3f703602f4cf402a45eac3873c3d3e87d668
File name:        48B1.tmp.exe
Detection ratio:        5 / 56
Analysis date:        2016-03-12 11:25:35 UTC ( 1 minute ago )
https://www.virustotal.com/en/file/2e95eeff697b4f0c1aa83a4b71ae3f703602f4cf402a45eac3873c3d3e87d668/analysis/1457781935/

Bkav        HW32.Packed.D1D1        20160311
McAfee-GW-Edition        BehavesLike.Win32.Ramnit.fc        20160312
Qihoo-360        HEUR/QVM20.1.0000.Malware.Gen        20160312
Rising        PE:Malware.XPACK-HIE/Heur!1.9C48 [F]        20160312
Symantec        Suspicious.Cloud.5        20160310

MXCERILYF!

Symantec Norton

2483883670

数字下载保护拦截

nick20010117

请叫我德玛西亚

国产也不错啊

z2009

过avg扫描
双击，idp杀了衍生物

挥泪斩情思

ericdj

GD主防秒

aboringman

AVG：

扫描：miss；

双击：实机双击，IDP击杀之。（【又现Unknown】连同其衍生物及添加/更改的注册表项）

"";"Unknown, C:\USERS\KILLER\DESKTOP\48B1.TMP.EXE";"Deleted";"File or Directory";"2016/3/12, 21:39:14"

"";", C:\Windows\qfbjskqyvvvm.exe";"Object was blocked";"Process";"2016/3/12, 21:39:14"

"";", C:\Windows\System32\cmd.exe";"Object was blocked";"Process";"2016/3/12, 21:39:14"

"";", C:\Windows\System32\wbem\WMIC.exe";"Object was blocked";"Process";"2016/3/12, 21:39:14"

"";", C:\Windows\qfbjskqyvvvm.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/3/12, 21:39:14"

"";", HKEY_USERS\S-1-5-21-3895625976-2995373382-4201264068-1000\SOFTWARE\68CB71BF42530FE";"Deleted, Moved to Virus Vault";"Registry key";"2016/3/12, 21:39:14"

"";", HKEY_USERS\S-1-5-21-3895625976-2995373382-4201264068-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\AROINICS_SVC";"Deleted, Moved to Virus Vault";"Registry value";"2016/3/12, 21:39:14"

"";", C:\USERS\KILLER\DESKTOP\48B1.TMP.EXE";"Object was blocked";"Process";"2016/3/12, 21:39:14"

saga3721

红伞云查杀 'HEUR/APC (Cloud)' [heuristic]