精睿样本测试（16.8.2）

轩夏

地址：

https://pan.baidu.com/s/1i5FGYIp  提取密码  ap1j

密码：bbs.vc52.cn
数量：50

Eset小粉絲

Avira 34X

[mw_shl_code=css,true]Start of the scan: Tuesday, 2 August, 2016  09:30

Starting the file scan:

Begin scan in 'C:\Users\User\Desktop\2016.8.2'
C:\Users\User\Desktop\2016.8.2\01.vir
  [DETECTION] Is the TR/Crypt.ZPACK.umsi Trojan
C:\Users\User\Desktop\2016.8.2\02.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.25667 Java script virus
C:\Users\User\Desktop\2016.8.2\03.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.248543 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.2\04.vir
  [DETECTION] Contains patterns of software PUA/Montiera.Gen7
C:\Users\User\Desktop\2016.8.2\05.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.25668 Java script virus
C:\Users\User\Desktop\2016.8.2\06.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Dldr.Agent.AM.128919 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.2\08.vir
    [0] Archive type: ZIP
    --> Main.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.HH Java virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.2\10.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.25668 Java script virus
C:\Users\User\Desktop\2016.8.2\11.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.25668 Java script virus
C:\Users\User\Desktop\2016.8.2\12.vir
    [0] Archive type: NSIS
    --> [TempDir]/Server.exe
        [DETECTION] Is the TR/Dropper.Gen Trojan
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.2\13.vir
  [DETECTION] Contains code of the W2000M/Agent.4858523 macro virus
C:\Users\User\Desktop\2016.8.2\14.vir
  [DETECTION] Contains code of the W2000M/Agent.4858523 macro virus
C:\Users\User\Desktop\2016.8.2\15.vir
  [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Users\User\Desktop\2016.8.2\20.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.2\21.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.078387 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.2\23.vir
  [DETECTION] Is the TR/Dropper.MSIL.uyaj Trojan
C:\Users\User\Desktop\2016.8.2\24.vir
    [0] Archive type: ZIP
    --> main/NameClassh.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.1213 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> main/Start.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.828 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> main/NameClassm.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.2323 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> main/NameClassv.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.1319 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> main/NameClassw.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.1545 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> main/NameClassi.class
        [DETECTION] Contains recognition pattern of the EXP/Java.HLP.EB.911 exploit
        [WARNING]   Infected files in archives cannot be repaired
    --> main/NameClassy.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.1719 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> main/NameClassu.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.760 Java virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.2\26.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.2\27.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.2\29.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.2\31.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.25668 Java script virus
C:\Users\User\Desktop\2016.8.2\32.vir
  [DETECTION] Is the TR/Crypt.ZPACK.yvjp Trojan
C:\Users\User\Desktop\2016.8.2\33.vir
  [DETECTION] Is the TR/Crypt.Xpack.jmim Trojan
C:\Users\User\Desktop\2016.8.2\34.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
C:\Users\User\Desktop\2016.8.2\36.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.25668 Java script virus
C:\Users\User\Desktop\2016.8.2\37.vir
  [DETECTION] Contains code of the W2000M/Agent.4858523 macro virus
C:\Users\User\Desktop\2016.8.2\39.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.248543 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.2\40.vir
  [DETECTION] Contains recognition pattern of the EXP/CVE-2012-1856.46556 exploit
C:\Users\User\Desktop\2016.8.2\41.vir
  [DETECTION] Is the TR/Rogue.11443107 Trojan
C:\Users\User\Desktop\2016.8.2\43.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\User\Desktop\2016.8.2\44.vir
  [DETECTION] Contains code of the W2000M/Agent.4858523 macro virus
C:\Users\User\Desktop\2016.8.2\46.vir
  [DETECTION] Is the TR/Crypt.ZPACK.ngtc Trojan
C:\Users\User\Desktop\2016.8.2\47.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.79160 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.2\50.vir
    [0] Archive type: NSIS
    --> ProgramFilesDir/SFhelper.dll
        [DETECTION] Is the TR/Injector.sgi Trojan
        [WARNING]   Infected files in archives cannot be repaired[/mw_shl_code]

挥泪斩情思

NS检出21X，修复1X，剩余29X

轩夏

MSE

[mw_shl_code=css,true]Scan started on Tue Aug 02 09:28:56 2016

C:\Users\XuanXia\Desktop\2016.8.2\01.vir                                                                        Infected: Ransom:Win32/Exxroute
C:\Users\XuanXia\Desktop\2016.8.2\02.vir                                                                        Infected: TrojanDownloader:JS/Swabfex.P
C:\Users\XuanXia\Desktop\2016.8.2\03.vir->word/vbaProject.bin                                                   Infected: TrojanDownloader:O97M/Donoff
C:\Users\XuanXia\Desktop\2016.8.2\05.vir->[WsfCmtOut]->(SCRIPT0000)->[WSF]                                      Infected: TrojanDownloader:JS/Nemucod[non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\06.vir->word/vbaProject.bin                                                   Infected: TrojanDownloader:O97M/Donoff
...WQkbMjMtPKDz8VLSXQB06Fps2DeW85T185wOt2CfCJLnYObkRJ1KSpI03b552BrHP1h0bbwBfYHObdEH35X0H1dvoPAXUfALz7PbKSugChc  Infected: Trojan:Java/Adwind.J
...kbMjMtPKDz8VLSXQB06Fps2DeW85T185wOt2CfCJLnYObkRJ1KSpI03b552BrHP1h0bbwBfYHObdEH35X0H1dvoPAXUfALz7PbKSugChcZu  Infected: Trojan:Java/Adwind.J
C:\Users\XuanXia\Desktop\2016.8.2\08.vir->Main.class                                                            Infected: Trojan:Java/Adwind
...kbMjMtPKDz8VLSXQB06Fps2DeW85T185wOt2CfCJLnYObkRJ1KSpI03b552BrHP1h0bbwBfYHObdEH35X0H1dvoPAXUfALz7PbKSugChc#1  Infected: Trojan:Java/Adwind.I
C:\Users\XuanXia\Desktop\2016.8.2\09.vir->(nsis-instdata)                                                       Infected: TrojanDownloader:Win32/Hicrazyk.A [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\10.vir->[WsfCmtOut]->(SCRIPT0000)->[WSF]                                      Infected: TrojanDownloader:JS/Nemucod[non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\11.vir->[WsfCmtOut]->(SCRIPT0000)->[WSF]                                      Infected: TrojanDownloader:JS/Nemucod[non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\12.vir                                                                        Infected: Backdoor:MSIL/Bladabindi!rfn
C:\Users\XuanXia\Desktop\2016.8.2\13.vir                                                                        Infected: Trojan:O97M/Madeba.A!det
C:\Users\XuanXia\Desktop\2016.8.2\14.vir                                                                        Infected: Trojan:O97M/Madeba.A!det
C:\Users\XuanXia\Desktop\2016.8.2\19.vir->(nsis-instdata)                                                       Infected: TrojanDownloader:Win32/Hicrazyk.A [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\20.vir                                                                        Infected: TrojanDownloader:JS/Nemucod.FJ
C:\Users\XuanXia\Desktop\2016.8.2\21.vir->word/vbaProject.bin                                                   Infected: TrojanDownloader:O97M/Donoff.H
C:\Users\XuanXia\Desktop\2016.8.2\24.vir->main/NameClassm.class                                                 Infected: Trojan:Java/Adwind
C:\Users\XuanXia\Desktop\2016.8.2\24.vir->main/NameClassi.class                                                 Infected: Exploit:Java/CVE-2014-0114
C:\Users\XuanXia\Desktop\2016.8.2\26.vir->[WsfCmtOut]->(SCRIPT0000)->(JSNORM)                                   Infected: TrojanDownloader:JS/Swabfex.P [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\27.vir->[WsfCmtOut]->(SCRIPT0000)->(JSNORM)                                   Infected: TrojanDownloader:JS/Swabfex.P [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\27.vir->[WsfCmtOut]->(SCRIPT0000)->[Eval]                                     Infected: TrojanDownloader:JS/Swabfex.P [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\29.vir->[WsfCmtOut]->(SCRIPT0000)->(JSNORM)                                   Infected: TrojanDownloader:JS/Swabfex.P [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\29.vir->[WsfCmtOut]->(SCRIPT0000)->[Eval]                                     Infected: TrojanDownloader:JS/Swabfex.P [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\31.vir->[WsfCmtOut]->(SCRIPT0000)->[WSF]                                      Infected: TrojanDownloader:JS/Nemucod[non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\32.vir                                                                        Infected: TrojanSpy:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.8.2\33.vir                                                                        Infected: TrojanDownloader:Win32/Silcon
C:\Users\XuanXia\Desktop\2016.8.2\34.vir->[HtmlCmtOut]->(SCRIPT0004)                                            Infected: Trojan:JS/Redirector.QE [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\36.vir->[WsfCmtOut]->(SCRIPT0000)->[WSF]                                      Infected: TrojanDownloader:JS/Nemucod[non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\37.vir                                                                        Infected: Trojan:O97M/Madeba.A!det
C:\Users\XuanXia\Desktop\2016.8.2\38.vir->(EncScript)                                                           Suspicious: Virus:VBS/WEE [submit_sample] [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\38.vir->[EmbeddedEnc]->(EncScript)                                            Suspicious: Virus:VBS/WEE [submit_sample] [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.2\43.vir                                                                        Infected: TrojanSpy:Win32/Nivdort.Y
C:\Users\XuanXia\Desktop\2016.8.2\44.vir                                                                        Infected: Trojan:O97M/Madeba.A!det
C:\Users\XuanXia\Desktop\2016.8.2\46.vir                                                                        Infected: Ransom:Win32/Locky!rfn
C:\Users\XuanXia\Desktop\2016.8.2\47.vir->word/vbaProject.bin                                                   Infected: TrojanDownloader:O97M/Donoff.BG
C:\Users\XuanXia\Desktop\2016.8.2\50.vir                                                                        Infected: Trojan:Win32/Skeeyah.A!rfn
Successfully checked: C:\Users\XuanXia\Desktop\2016.8.2

Scan ended on Tue Aug 02 09:29:14 2016

Time: 18 second(s). [0h:00m:18s]
Files/second: 15 (680 Kb/s).
Objects scanned: 274.
Infected: 36. Suspicious: 2. Clean: 236. Different virus bodies: 20.
Files: 50. Directories: 1. Archives: 22. Packed: 28. Mail files: 1.
Warnings: 38. Scan errors: 0. Protected: 0. Damaged: 0. Unknown method: 0. Spanned: 0.[/mw_shl_code]

a1414007

BDTS2016

统计结果

   原始文件数量: 50

   处理项目数量: 37

   删除项目数量: 26

   修复项目数量: 11

   近似查杀率: 74.00 %

任意键返回

YAutaH

ESET 32kill

心痛的伤不起

avg 32个

540923555

WD占位

查杀+修复=32个，未处理样本18个

心醉咖啡

360杀毒扫描日志

病毒库版本：
扫描时间：2016-08-02 09:52:05
扫描用时：00:00:04
扫描类型：右键扫描
扫描文件总数：50
项目总数：13
清除项目数：13

扫描选项
----------------------
扫描所有文件：是
扫描压缩包：是
发现病毒处理方式：由用户选择处理
扫描磁盘引导区：是
扫描 Rootkit：是
使用云查杀引擎：是
使用QVM人工智能引擎：是
扫描建议修复项：是
常规引擎设置：未使用

扫描内容
----------------------
F:\浏览器下载\2016.8.2


白名单设置
----------------------


扫描结果
======================
高危风险项
----------------------
F:\浏览器下载\2016.8.2\12.vir        感染型病毒(Win32/Trojan.a22)        已删除
F:\浏览器下载\2016.8.2\17.vir        HEUR/QVM20.1.DD72.Malware.Gen        已删除
F:\浏览器下载\2016.8.2\23.vir        感染型病毒(Win32/Trojan.Dropper.afe)        已删除
F:\浏览器下载\2016.8.2\33.vir        感染型病毒(Win32/Trojan.IM.007)        已删除
F:\浏览器下载\2016.8.2\43.vir        感染型病毒(Win32/Trojan.cf3)        已删除
F:\浏览器下载\2016.8.2\50.vir        感染型病毒(Win32/Trojan.128)        已删除
F:\浏览器下载\2016.8.2\01.vir        HEUR/QVM40.1.DD72.Malware.Gen        已删除
F:\浏览器下载\2016.8.2\04.vir        HEUR/QVM203.0.DD72.Malware.Gen        已删除
F:\浏览器下载\2016.8.2\07.vir        HEUR/QVM11.1.DD72.Malware.Gen        已删除
F:\浏览器下载\2016.8.2\09.vir        HEUR/QVM42.1.DD72.Malware.Gen        已删除
F:\浏览器下载\2016.8.2\19.vir        HEUR/QVM42.1.DD72.Malware.Gen        已删除
F:\浏览器下载\2016.8.2\32.vir        HEUR/QVM07.1.DD72.Malware.Gen        已删除
F:\浏览器下载\2016.8.2\46.vir        HEUR/QVM20.1.DD72.Malware.Gen        已删除



可疑文件上传结果
----------------------
f:\浏览器下载\2016.8.2\09.vir        上传成功
f:\浏览器下载\2016.8.2\32.vir        上传成功
f:\浏览器下载\2016.8.2\46.vir        上传成功

wu5920

火绒