恶意推广程序下载者，过NOD32和360

saga3721

文件 ID         文件名         大小(字节)         结果
28834454         1.zip         470.56 KB         OK

以下位置提供了存档中包含的文件及其结果的列表:
文件 ID         文件名         大小(字节)         结果
28834455         1.exe         497.15 KB         UNDER ANALYSIS

zq19861019

扫描miss,沙盘双击，

网页拦截Web content virus scan

Address:         http://dl.ikiki.cn/dl/ravchild/rav3490001.exe
Status:         Access denied.
主防拦截
Process: 6444
File name: 1.exe
Path: f:\病毒样本\1\1.exe

Publisher: Unknown publisher
Creation date: 06/30/16 09:34:01
Modification date: 06/30/16 04:35:24

Started by: SbieSvc.exe
Publisher: Invincea, Inc.


*** Actions ***

A packer was run on the program file, possibly to conceal malicious content.
The program establishes a network connection.
The program has downloaded infected software.
The program has created or manipulated an executable file.


*** Quarantine ***

The following files were moved into quarantine:
F:\病毒样本\1\1.exe
c:\sandbox\琪\virus\user\current\appdata\local\microsoft\windows\inetcache\counters.dat
c:\sandbox\琪\virus\user\current\appdata\local\microsoft\windows\inetcache\ie\anu93dhm\cityjson[1].txt
c:\sandbox\琪\virus\user\current\appdata\local\temp\1.ico
c:\sandbox\琪\virus\user\current\appdata\local\temp\1.zip
c:\sandbox\琪\virus\user\current\appdata\local\temp\nsp2b64.tmp\system.dll

The following registry entries were deleted:

\registry\user\sandbox_琪_virus\user\current\software\microsoft\windows\currentversion\internet settings\connections || savedlegacysettings
\registry\user\sandbox_琪_virus\user\current\software\microsoft\windows\currentversion\internet settings || proxyserver

YGLRrIIKLCcoJygmBi0nKCcoJgYuJycnJyYGp0InKnSiYmJwKycqJyomBsdyonKiYmKALycLuWLRrMKgLScoJygmBtxycnJyYmLALycnJycmBo9ycnJyYmJwp3JycNhycnJyYmJw2XJycnJiYnC6smFfY7ZysmFfY7ZyYmJw23JycnJiYnCOcnJw/3JycnJiYgAA
Rules version: 5.0.114
OS: Windows 6.3 Service Pack 0.0 Build: 9600 - Workstation 64bit OS
dll version: 63077

"F:\病毒样本\1\1.exe"
MD5: 8C5C6917FCD74B9DF8396D631A19616E
"D:\Program Files (x86)\Sandboxie\SbieSvc.exe" Sandboxie_UacProxy:00000588_00007FF6_0F618288_000000A0_
MD5:

lzy2010000

费尔

lovelive10010

FS miss

fzshot

好想用EMSI 发表于 2016-6-30 01:15
是免费版还是付费版？

免费版，付费版也只是多了个实时监控

T.Yoshiyuki

过AVG
沙盘运行 允许联网 下载的第一个就是瑞星，笑死我了……

aboringman

nick20010117 发表于 2016-6-30 13:25
我想问一下，UDS不参与扫描吗？
另外，我的卡巴在解压后没有报毒，我在日志里才看到被杀了，这是什么 ...

其实是云延迟。。。。。。

类似的情况还出现在扫描中，扫描结果为安全，但过不了多久就提示危险。

h2tiny

金山这么牛逼了？

nick20010117

aboringman 发表于 2016-7-1 06:15
其实是云延迟。。。。。。

...

原来如此。。。。。。。。