Detection ratio: 6 / 56 之前IPS不拦截，今天Angler Exploit Kit Website 6

墨家小子

SHA256: a4c3df250804becf4d9e5aadd1367266b3b763c9efaa03578b864aedad347b2b  
File name: 66be.tmp.exe
Detection ratio: 6 / 56  
Analysis date: 2016-03-13 14:00:33 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/a4c3df250804becf4d9e5aadd1367266b3b763c9efaa03578b864aedad347b2b/analysis/1457877633/

Bkav  HW32.Packed.62D0  20160312  
McAfee-GW-Edition  BehavesLike.Win32.Virut.fc  20160313  
Qihoo-360  HEUR/QVM20.1.0000.Malware.Gen  20160313  
Rising  PE:Malware.XPACK-HIE/Heur!1.9C48 [F]  20160313  
Symantec  Suspicious.Cloud.5  20160310  
VBA32  suspected of Malware-Cryptor.General.6  20160313

手头最后一个之前IPS不拦截的挂马网页，今天寿终正寝

2016/3/13 21:53:04,高,阻止了 localhost 的入侵企图,已阻止,不需要操作,,不需要操作,不需要操作,Web Attack: Angler Exploit Kit Website 6,"localhost (127.0.0.1, 3XXX1)",pritnje1bedeskansallislaulun.watersidecafe.co.uk/topic/50726-boatswain-slicings-mucky-nutmegs-authenticator-crabs-rebuilds-animosity/,"localhost (127.0.0.1, XXX1)",localhost (127.0.0.1),"TCP, 端口 3XXX1"

windows7爱好者

天下杀软，唯快不破，双击瞬秒之

ymb668888

卡巴扫描miss，双击主防拦截并回滚
[mw_shl_code=css,true]13.03.2016 22.19.12;恶意程序的操作已回滚;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\新建文件夹\66be.tmp.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;恶意程序的操作已回滚;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\新建文件夹\66be.tmp.exe;c:\sandbox\administrator\defaultbox\drive\c\windows\ybqppyhnbylf.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时注册表键值被恢复;HKEY_USERS\sandbox_administrator_defaultbox\user\current\software\microsoft\windows\currentversion\internet settings\connections\savedlegacysettings;HKEY_USERS\sandbox_administrator_defaultbox\user\current\software\microsoft\windows\currentversion\internet settings\connections\savedlegacysettings;C:\Users\Administrator\Downloads\新建文件夹\66be.tmp.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时注册表键值被恢复;HKEY_USERS\sandbox_administrator_defaultbox\machine\software\microsoft\windows\currentversion\policies\system\enablelinkedconnections;HKEY_USERS\sandbox_administrator_defaultbox\machine\software\microsoft\windows\currentversion\policies\system\enablelinkedconnections;C:\Users\Administrator\Downloads\新建文件夹\66be.tmp.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时注册表键值被恢复;HKEY_USERS\sandbox_administrator_defaultbox\user\current\software\microsoft\windows\currentversion\internet settings\proxyenable;HKEY_USERS\sandbox_administrator_defaultbox\user\current\software\microsoft\windows\currentversion\internet settings\proxyenable;C:\Users\Administrator\Downloads\新建文件夹\66be.tmp.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时注册表键值被恢复;HKEY_USERS\sandbox_administrator_defaultbox\machine\software\microsoft\windows\currentversion\policies\system\enablelinkedconnections;HKEY_USERS\sandbox_administrator_defaultbox\machine\software\microsoft\windows\currentversion\policies\system\enablelinkedconnections;C:\Users\Administrator\Downloads\新建文件夹\66be.tmp.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时注册表键值被恢复;HKEY_USERS\sandbox_administrator_defaultbox\user\current\software\microsoft\windows\currentversion\internet settings\connections\savedlegacysettings;HKEY_USERS\sandbox_administrator_defaultbox\user\current\software\microsoft\windows\currentversion\internet settings\connections\savedlegacysettings;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\drive\c\0c37dbeee2eff5307fe9e0f949d2cf5b\目录说明.txt;c:\sandbox\administrator\defaultbox\drive\c\0c37dbeee2eff5307fe9e0f949d2cf5b\目录说明.txt;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时注册表键值被恢复;HKEY_USERS\sandbox_administrator_defaultbox\user\current\software\microsoft\windows\currentversion\internet settings\proxyenable;HKEY_USERS\sandbox_administrator_defaultbox\user\current\software\microsoft\windows\currentversion\internet settings\proxyenable;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2013802216-4099067677-4003685837-500\$rc6qxlr.zip;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2013802216-4099067677-4003685837-500\$rc6qxlr.zip;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2013802216-4099067677-4003685837-500\$r5jbpi9.rar;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2013802216-4099067677-4003685837-500\$r5jbpi9.rar;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2013802216-4099067677-4003685837-500\$ic6qxlr.zip;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2013802216-4099067677-4003685837-500\$ic6qxlr.zip;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时文件被恢复;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2013802216-4099067677-4003685837-500\$i5jbpi9.rar;c:\sandbox\administrator\defaultbox\drive\c\$recycle.bin\s-1-5-21-2013802216-4099067677-4003685837-500\$i5jbpi9.rar;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.19.12;回滚恶意程序的操作时注册表键值被恢复;HKEY_USERS\sandbox_administrator_defaultbox\machine\software\microsoft\windows\currentversion\policies\system\enablelinkedconnections;HKEY_USERS\sandbox_administrator_defaultbox\machine\software\microsoft\windows\currentversion\policies\system\enablelinkedconnections;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:19:12
13.03.2016 22.18.46;恶意程序已删除;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\新建文件夹\66be.tmp.exe;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:18:46
13.03.2016 22.18.46;恶意程序已删除;PDM:Trojan.Win32.Generic;C:\Users\Administrator\Downloads\新建文件夹\66be.tmp.exe;c:\sandbox\administrator\defaultbox\drive\c\windows\ybqppyhnbylf.exe;03/13/2016 22:18:46
13.03.2016 22.18.38;恶意程序已终止;PDM:Trojan.Win32.Generic;TSTheme Server Module;C:\Sandbox\Administrator\DefaultBox\drive\C\Windows\ybqppyhnbylf.exe;03/13/2016 22:18:38
13.03.2016 22.18.38;检测到恶意程序;PDM:Trojan.Win32.Generic;TSTheme Server Module;c:\sandbox\administrator\defaultbox\drive\c\windows\ybqppyhnbylf.exe;03/13/2016 22:18:38
13.03.2016 22.18.38;检测到恶意程序;PDM:Trojan.Win32.Generic;TSTheme Server Module;c:\users\administrator\downloads\新建文件夹\66be.tmp.exe;03/13/2016 22:18:38
[/mw_shl_code]

windows7爱好者

ymb668888 发表于 2016-3-13 22:20
卡巴扫描miss，双击主防拦截并回滚
[mw_shl_code=css,true]13.03.2016 22.19.12;恶意程序的操 ...

你断网双击看看

QQn1

eset杀

ymb668888

windows7爱好者 发表于 2016-3-13 22:22
你断网双击看看

断网，卡巴主防同样拦截file:///C:/Users/Administrator/Desktop/%E6%90%9C%E7%8B%97%E6%88%AA%E5%9B%BE20160313223426.png

也就是这样

防火墙通讯拦截后，idp杀，原来大A这么爽

坏脾气的男生

管家拦截

cfhdrty

windows7爱好者 发表于 2016-3-13 22:22
你断网双击看看

以前断网也报云杀，后来听说卡巴会缓存云。。

cfhdrty

bd atc拦截