精睿样本测试（16.3.21）

轩夏

地址：

http://pan.baidu.com/s/1c1vf0fI   提取密码  p9dw

密码：bbs.vc52.cn
数量：50

蓝天二号

ESS KILL 37X

轩夏

微软   36X

[mw_shl_code=css,true]Scan started on Mon Mar 21 11:08:00 2016

C:\Users\XuanXia\Desktop\2016.3.21\01.vir                                        Infected: TrojanDownloader:O97M/Adnel
C:\Users\XuanXia\Desktop\2016.3.21\02.vir->(VBAOBJ0000)                          Infected: TrojanDownloader:O97M/Donoff!rfn
C:\Users\XuanXia\Desktop\2016.3.21\03.vir->Invoice copy.exe                      Infected: Trojan:Win32/Dynamer!ac [non_writable_container]
C:\Users\XuanXia\Desktop\2016.3.21\04.vir                                        Infected: TrojanDownloader:VBS/Reywals.A
C:\Users\XuanXia\Desktop\2016.3.21\06.vir->(VBAOBJ0000)->(Base64)->(ActiveMime)  Infected: TrojanDownloader:O97M/Donoff [non_writable_container]
C:\Users\XuanXia\Desktop\2016.3.21\07.vir                                        Infected: TrojanDownloader:O97M/Adnel.S
C:\Users\XuanXia\Desktop\2016.3.21\09.vir                                        Infected: Backdoor:Win32/Drixed.M
C:\Users\XuanXia\Desktop\2016.3.21\11.vir                                        Infected: VirTool:Win32/CeeInject
C:\Users\XuanXia\Desktop\2016.3.21\12.vir                                        Suspicious: TrojanDownloader:O97M/Adnel.S [submit_sample]
C:\Users\XuanXia\Desktop\2016.3.21\13.vir->NeWlod.class                          Infected: TrojanDownloader:Java/Banload.B
C:\Users\XuanXia\Desktop\2016.3.21\14.vir                                        Infected: TrojanDownloader:O97M/Donoff
C:\Users\XuanXia\Desktop\2016.3.21\17.vir                                        Infected: Backdoor:Win32/Drixed.M
C:\Users\XuanXia\Desktop\2016.3.21\18.vir->(VBAOBJ0000)                          Infected: TrojanDownloader:O97M/Donoff!rfn
C:\Users\XuanXia\Desktop\2016.3.21\21.vir                                        Infected: TrojanDownloader:O97M/Donoff!rfn
C:\Users\XuanXia\Desktop\2016.3.21\27.vir->(VFS:dup2patcher.dll)                 Infected: HackTool:Win32/Keygen [non_writable_container]
C:\Users\XuanXia\Desktop\2016.3.21\28.vir                                        Infected: TrojanDownloader:O97M/Adnel.S
C:\Users\XuanXia\Desktop\2016.3.21\29.vir->(VBAOBJ0000)->(Base64)->(ActiveMime)  Infected: TrojanDownloader:O97M/Donoff [non_writable_container]
C:\Users\XuanXia\Desktop\2016.3.21\32.vir                                        Infected: TrojanDownloader:Win32/Banload
C:\Users\XuanXia\Desktop\2016.3.21\33.vir->(VBAOBJ0000)                          Infected: TrojanDownloader:O97M/Donoff!rfn
C:\Users\XuanXia\Desktop\2016.3.21\34.vir                                        Suspicious: TrojanDownloader:O97M/Adnel.S [submit_sample]
C:\Users\XuanXia\Desktop\2016.3.21\35.vir->(VBAOBJ0000)->(Base64)->(ActiveMime)  Infected: TrojanDownloader:O97M/Donoff [non_writable_container]
C:\Users\XuanXia\Desktop\2016.3.21\36.vir                                        Suspicious: TrojanDownloader:O97M/Adnel.S [submit_sample]
C:\Users\XuanXia\Desktop\2016.3.21\37.vir                                        Infected: Backdoor:Win32/Drixed
C:\Users\XuanXia\Desktop\2016.3.21\39.vir                                        Infected: Ransom:Win32/Locky.A
C:\Users\XuanXia\Desktop\2016.3.21\40.vir->(pdf0001:template.pdf)                Infected: Trojan:Win32/Swrort.A [non_w
ritable_container]                                                               
C:\Users\XuanXia\Desktop\2016.3.21\41.vir                                        Infected: Ransom:Win32/Locky.A
C:\Users\XuanXia\Desktop\2016.3.21\42.vir                                        Infected: TrojanDownloader:O97M/Adnel.S
C:\Users\XuanXia\Desktop\2016.3.21\43.vir->[PDF]Quotation _03-16.com             Infected: Trojan:Win32/Dynamer!ac [non_writable_container]
C:\Users\XuanXia\Desktop\2016.3.21\44.vir                                        Infected: Trojan:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.3.21\45.vir->(VBAOBJ0000)->(Base64)->(ActiveMime)  Infected: TrojanDownloader:O97M/Donoff [non_writable_container]
C:\Users\XuanXia\Desktop\2016.3.21\46.vir                                        Infected: Ransom:Win32/Teerac
C:\Users\XuanXia\Desktop\2016.3.21\47.vir                                        Infected: TrojanDownloader:O97M/Adnel.S
C:\Users\XuanXia\Desktop\2016.3.21\48.vir->(VBAOBJ0000)                          Infected: TrojanDownloader:O97M/Donoff!rfn
C:\Users\XuanXia\Desktop\2016.3.21\49.vir->(VBAOBJ0000)->(Base64)->(ActiveMime)  Infected: TrojanDownloader:O97M/Donoff [non_writable_container]
C:\Users\XuanXia\Desktop\2016.3.21\50.vir->(VBAOBJ0000)->(Base64)->(ActiveMime)  Infected: TrojanDownloader:O97M/Donoff [non_writable_container]
Successfully checked: C:\Users\XuanXia\Desktop\2016.3.21

Scan ended on Mon Mar 21 11:08:37 2016[/mw_shl_code]

cxy密斯

Dr.web 15x，是不是不管精睿的样本了有回信的都是墨家小子的样本@墨家小子

蓝天二号

cxy密斯 发表于 2016-3-21 11:16
Dr.web 15x，是不是不管精睿的样本了

入库很谨慎，不杀二进制的，也不杀白文件，，，

c68111c

微軟 X42

心醉咖啡

金山毒霸kill3X

墨家小子

cxy密斯 发表于 2016-3-21 11:16
Dr.web 15x，是不是不管精睿的样本了有回信的都是墨家小子的样本@墨家小子

啥意思？？？

cxy密斯

墨家小子 发表于 2016-3-21 11:52
啥意思？？？

精睿的上报了基本看不到结果回复，你们的样本是有的

Eset小粉絲

Avira 33X

剩餘已上報

[mw_shl_code=css,true]Start of the scan: Monday, March 21, 2016  12:13

Starting the file scan:

Begin scan in 'C:\Users\IVAN\Desktop\2016.3.21'
C:\Users\IVAN\Desktop\2016.3.21\01.vir
  [DETECTION] Contains code of the W2000M/Dldr.Agent.AM.31849 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '5173e41a.qua'!
C:\Users\IVAN\Desktop\2016.3.21\02.vir
    [0] Archive type: Office Legacy XML
    --> kZPSyRkbGHpMGQa8ez.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '49e4cbbe.qua'!
C:\Users\IVAN\Desktop\2016.3.21\03.vir
    [0] Archive type: RAR
    --> Invoice copy.exe
        [DETECTION] Is the TR/Dropper.MSIL.275042 Trojan
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '1bbb9157.qua'!
C:\Users\IVAN\Desktop\2016.3.21\06.vir
    [0] Archive type: Office Legacy XML
    --> LS99CKL2I8oyWvdy0Ek3.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '7d8cde90.qua'!
C:\Users\IVAN\Desktop\2016.3.21\08.vir
  [DETECTION] Contains recognition pattern of the APPL/Hacktool.gpeli application
  [NOTE]      The file was moved to the quarantine directory under the name '3808f3a0.qua'!
C:\Users\IVAN\Desktop\2016.3.21\09.vir
  [DETECTION] Is the TR/FileCoder.Y.877787 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4713c1c0.qua'!
C:\Users\IVAN\Desktop\2016.3.21\12.vir
  [DETECTION] Contains code of the W2000M/Agent.9736402 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '0babed81.qua'!
C:\Users\IVAN\Desktop\2016.3.21\14.vir
  [DETECTION] Contains code of the W2000M/Agent.12260 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '77b3add7.qua'!
C:\Users\IVAN\Desktop\2016.3.21\15.vir
  [DETECTION] Is the TR/Special.493056 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5ae9829b.qua'!
C:\Users\IVAN\Desktop\2016.3.21\17.vir
  [DETECTION] Is the TR/Injector.MSIL.221184 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4381b903.qua'!
C:\Users\IVAN\Desktop\2016.3.21\18.vir
    [0] Archive type: Office Legacy XML
    --> ER1eILV8ovqsz5fMP.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '2fdd953d.qua'!
C:\Users\IVAN\Desktop\2016.3.21\19.vir
  [DETECTION] Is the TR/ATRAPS.Gen2 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5e64acab.qua'!
C:\Users\IVAN\Desktop\2016.3.21\21.vir
    [0] Archive type: Office Legacy XML
    --> Tu07tqPt6N24vdIW.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '507e9c64.qua'!
C:\Users\IVAN\Desktop\2016.3.21\25.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen7 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1557e522.qua'!
C:\Users\IVAN\Desktop\2016.3.21\28.vir
  [DETECTION] Contains code of the W2000M/Agent.471854 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '1c5ce186.qua'!
C:\Users\IVAN\Desktop\2016.3.21\29.vir
    [0] Archive type: Office Legacy XML
    --> RVUAAtpryySCgLc7byhC4.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '441df8ec.qua'!
C:\Users\IVAN\Desktop\2016.3.21\30.vir
  [DETECTION] Contains code of the ANDROID/Spy.Banker.BD.Gen virus
  [NOTE]      The file was moved to the quarantine directory under the name '68e9812b.qua'!
C:\Users\IVAN\Desktop\2016.3.21\32.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5617e1f3.qua'!
C:\Users\IVAN\Desktop\2016.3.21\33.vir
    [0] Archive type: Office Legacy XML
    --> n1sSeAxcKfZtjtSy92XFUsZ.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '3519ca87.qua'!
C:\Users\IVAN\Desktop\2016.3.21\34.vir
  [DETECTION] Contains code of the W2000M/Agent.8351159 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '13d18a9b.qua'!
C:\Users\IVAN\Desktop\2016.3.21\35.vir
    [0] Archive type: Office Legacy XML
    --> nBjHOIL7FeEfu76ULLiO0Lw3Mj.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '2145f13d.qua'!
C:\Users\IVAN\Desktop\2016.3.21\36.vir
  [DETECTION] Contains code of the W2000M/Dldr.Agent.AM.3184218 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '2b00da42.qua'!
C:\Users\IVAN\Desktop\2016.3.21\37.vir
  [DETECTION] Is the TR/FileCoder.lkdkd.1 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1453be08.qua'!
C:\Users\IVAN\Desktop\2016.3.21\39.vir
  [DETECTION] Is the TR/Rogue.aipcpb Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '6a7fb22d.qua'!
C:\Users\IVAN\Desktop\2016.3.21\40.vir
  [DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '3f07b6ed.qua'!
C:\Users\IVAN\Desktop\2016.3.21\41.vir
  [DETECTION] Is the TR/FileCoder.192512.4 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '3291c7c6.qua'!
C:\Users\IVAN\Desktop\2016.3.21\43.vir
    [0] Archive type: ACE
    --> [PDF]Quotation _03-16.com
        [DETECTION] Is the TR/Dropper.MSIL.274821 Trojan
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '2eccd3c9.qua'!
C:\Users\IVAN\Desktop\2016.3.21\44.vir
  [DETECTION] Is the TR/AD.UrsnifDropper.Y.155 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1f1f9e06.qua'!
C:\Users\IVAN\Desktop\2016.3.21\45.vir
    [0] Archive type: Office Legacy XML
    --> g1eqW2s5ZU4jq5z.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '73498a33.qua'!
C:\Users\IVAN\Desktop\2016.3.21\47.vir
  [DETECTION] Contains code of the W2000M/Dldr.Agent.856763 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '3ad3af3a.qua'!
C:\Users\IVAN\Desktop\2016.3.21\48.vir
    [0] Archive type: Office Legacy XML
    --> stxbPikROifpfT1Mbr9S6g.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '6146a7ea.qua'!
C:\Users\IVAN\Desktop\2016.3.21\49.vir
    [0] Archive type: Office Legacy XML
    --> FOLK4MFWDwDAx91.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Dldr.Dridex.457765 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '07f4ab00.qua'!
C:\Users\IVAN\Desktop\2016.3.21\50.vir
    [0] Archive type: Office Legacy XML
    --> QqJGrX8oqoe2JyRUisuaY9.mso
        [1] Archive type: OLE
      --> Object
          [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '507ad9a3.qua'!


End of the scan: Monday, March 21, 2016  12:13
Used time: 00:03 Minute(s)[/mw_shl_code]