精睿样本测试（16.8.31）

显示全部楼层 · 发表于 2016-8-31 09:18:19

地址：
http://pan.baidu.com/s/1pLngjmb 提取密码 4yam

http://www.vdisk.cn/down/index/19732572

密码：bbs.vc52.cn
数量：50

显示全部楼层 · 发表于 2016-8-31 09:20:29

本帖最后由 Eset小粉絲于 2016-8-31 09:25 编辑

Avira 39X

[mw_shl_code=css,true]Start of the scan: Wednesday, 31 August, 2016  09:24

Starting the file scan:

Begin scan in 'C:\Users\User\Desktop\2016.8.31'
C:\Users\User\Desktop\2016.8.31\01.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.71191 Java script virus
C:\Users\User\Desktop\2016.8.31\02.vir
  [DETECTION] Is the TR/Dropper.MSIL.qpmz Trojan
C:\Users\User\Desktop\2016.8.31\03.vir
  [DETECTION] Is the TR/Dropper.MSIL.rwok Trojan
C:\Users\User\Desktop\2016.8.31\05.vir
  [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Users\User\Desktop\2016.8.31\07.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.31\10.vir
  [DETECTION] Is the TR/Crypt.ZPACK.apap Trojan
C:\Users\User\Desktop\2016.8.31\11.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.839010 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\12.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.31\13.vir
[0] Archive type: ZIP
--> x/abcabcabcabcc.class
      [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.aiphza Java virus
      [WARNING] Infected files in archives cannot be repaired
--> x/abcabcabcabcx.class
      [DETECTION] Contains recognition pattern of the EXP/JAVA.Adwind.BC.Gen exploit
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\15.vir
[0] Archive type: Portable Executable Resource
--> CABINET
      [1] Archive type: CAB (Microsoft)
   --> codec.exe
      [DETECTION] Is the TR/Agent.xnc Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\16.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.31\17.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.EB.1 Java script virus
C:\Users\User\Desktop\2016.8.31\18.vir
[0] Archive type: NSIS
--> [TempDir]/WindowsApplication2.exe
      [DETECTION] Is the TR/Dldr.Agent.amfi Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\19.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.839010 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\20.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.EB.1 Java script virus
C:\Users\User\Desktop\2016.8.31\21.vir
  [DETECTION] Is the TR/Crypt.Xpack.kakr Trojan
C:\Users\User\Desktop\2016.8.31\22.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.31\24.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.EB.1 Java script virus
C:\Users\User\Desktop\2016.8.31\25.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen7 Trojan
C:\Users\User\Desktop\2016.8.31\26.vir
[0] Archive type: NSIS
--> [TempDir]/WindowsApplication2.exe
      [DETECTION] Is the TR/Dldr.Agent.amfi Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\29.vir
  [DETECTION] Is the TR/Spy.Banbra.gaan Trojan
C:\Users\User\Desktop\2016.8.31\30.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.EB.1 Java script virus
C:\Users\User\Desktop\2016.8.31\31.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.82616 Java script virus
C:\Users\User\Desktop\2016.8.31\32.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.826164 Java script virus
C:\Users\User\Desktop\2016.8.31\33.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\User\Desktop\2016.8.31\34.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.EB.1 Java script virus
C:\Users\User\Desktop\2016.8.31\35.vir
  [DETECTION] Contains recognition pattern of the PHISH/Agent.76533 phishing file/email
C:\Users\User\Desktop\2016.8.31\36.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\User\Desktop\2016.8.31\37.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.EB.1 Java script virus
C:\Users\User\Desktop\2016.8.31\38.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.08000 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\39.vir
  [DETECTION] Is the TR/Crypt.ZPACK.nulr Trojan
C:\Users\User\Desktop\2016.8.31\41.vir
[0] Archive type: ZIP
--> word/embeddings/oleObject1.bin
      [1] Archive type: OLE
   --> Object
      [DETECTION] Contains recognition pattern of the JS/Agent.236376 Java script virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\42.vir
[0] Archive type: NSIS
--> [TempDir]/WindowsApplication2.exe
      [DETECTION] Is the TR/Dldr.Agent.amfi Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\43.vir
  [DETECTION] Contains code of the W2000M/Agent.4130222 macro virus
C:\Users\User\Desktop\2016.8.31\44.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.221520 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.8.31\45.vir
  [DETECTION] Is the TR/Dropper.MSIL.somq Trojan
C:\Users\User\Desktop\2016.8.31\46.vir
  [DETECTION] Contains code of the W2000M/Agent.33860 macro virus
C:\Users\User\Desktop\2016.8.31\49.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\User\Desktop\2016.8.31\50.vir
[0] Archive type: NSIS
--> [TempDir]/WindowsApplication2.exe
      [DETECTION] Is the TR/Dldr.Agent.amfi Trojan
      [WARNING] Infected files in archives cannot be repaired[/mw_shl_code]

显示全部楼层 · 发表于 2016-8-31 09:21:38

AVG KILL 40X

显示全部楼层 · 发表于 2016-8-31 09:21:40

本帖最后由 a1414007 于 2016-8-31 09:24 编辑

AVG kill40x

统计结果

原始文件数量: 50

处理项目数量: 40

删除项目数量: 34

修复项目数量: 6

近似查杀率: 80.00 %

任意键返回

显示全部楼层 · 发表于 2016-8-31 09:21:55

本帖最后由 T.Yoshiyuki 于 2016-8-31 09:30 编辑

BD kill 40x (fix 7x)

[mw_shl_code=css,true]D:\TEST\daily\2016.8.31\46.vir.doc VBA:Trojan.VBA.Downloader.F Disinfected
D:\TEST\daily\2016.8.31\13.vir.zip=>x/abcabcabcabcc.class Java.Trojan.Downloader.J Deleted
D:\TEST\daily\2016.8.31\15.vir.exe Gen:Trojan.Heur.Crifi.pm1@a8CUAbaab Deleted
D:\TEST\daily\2016.8.31\33.vir.exe Trojan.Generic.17943921 Deleted
D:\TEST\daily\2016.8.31\01.vir.JS=>(INFECTED_JS) JS:Trojan.JS.Agent.PI Deleted
D:\TEST\daily\2016.8.31\05.vir.exe Gen:Trojan.Heur.kmX@!ZU5Oxm Deleted
D:\TEST\daily\2016.8.31\50.vir.exe Trojan.GenericKD.3494709 Deleted
D:\TEST\daily\2016.8.31\11.vir.docx=>word/vbaProject.bin W97M.Downloader.EFZ Disinfected
D:\TEST\daily\2016.8.31\29.vir.exe Trojan.GenericKD.3492909 Deleted
D:\TEST\daily\2016.8.31\44.vir.docx=>word/vbaProject.bin W97M.Downloader.EER Disinfected
D:\TEST\daily\2016.8.31\38.vir.docx=>word/vbaProject.bin W97M.Downloader.EFE Disinfected
D:\TEST\daily\2016.8.31\17.vir.JS=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHY Deleted
D:\TEST\daily\2016.8.31\49.vir.exe Gen:Variant.Razy.39590 Deleted
D:\TEST\daily\2016.8.31\43.vir.doc W97M.Downloader.EGF Disinfected
D:\TEST\daily\2016.8.31\36.vir.html=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHJ Deleted
D:\TEST\daily\2016.8.31\42.vir.exe Trojan.GenericKD.3494728 Deleted
D:\TEST\daily\2016.8.31\22.vir.html Trojan.JS.Downloader.FHX Deleted
D:\TEST\daily\2016.8.31\37.vir.JS=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHY Deleted
D:\TEST\daily\2016.8.31\39.vir.exe Gen:Variant.Razy.91343 Deleted
D:\TEST\daily\2016.8.31\34.vir.JS=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHY Deleted
D:\TEST\daily\2016.8.31\32.vir Trojan.JS.Agent.NOP Moved to Quarantine
D:\TEST\daily\2016.8.31\31.vir Trojan.JS.Agent.NOP Moved to Quarantine
D:\TEST\daily\2016.8.31\12.vir.html=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHJ Deleted
D:\TEST\daily\2016.8.31\09.vir.exe Trojan.GenericKD.3493534 Deleted
D:\TEST\daily\2016.8.31\27.vir.exe Trojan.GenericKD.3491211 Deleted
D:\TEST\daily\2016.8.31\24.vir.JS=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHY Deleted
D:\TEST\daily\2016.8.31\10.vir.exe Trojan.GenericKD.3490089 Deleted
D:\TEST\daily\2016.8.31\30.vir.JS=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHY Deleted
D:\TEST\daily\2016.8.31\26.vir.exe Dropped:Trojan.GenericKD.3495629 Deleted
D:\TEST\daily\2016.8.31\03.vir.exe Trojan.Agent.BXTN Deleted
D:\TEST\daily\2016.8.31\21.vir.exe Trojan.GenericKD.3491133 Deleted
D:\TEST\daily\2016.8.31\19.vir.docx=>word/vbaProject.bin W97M.Downloader.EFZ Disinfected
D:\TEST\daily\2016.8.31\20.vir.JS=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHY Deleted
D:\TEST\daily\2016.8.31\18.vir.exe Dropped:Trojan.GenericKD.3495629 Deleted
D:\TEST\daily\2016.8.31\25.vir.exe Gen:Variant.Zusy.204119 Deleted
D:\TEST\daily\2016.8.31\16.vir.html Trojan.JS.Downloader.FHX Deleted
D:\TEST\daily\2016.8.31\07.vir.html=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHJ Deleted
D:\TEST\daily\2016.8.31\04.vir.exe Gen:Variant.Razy.42818 Deleted
D:\TEST\daily\2016.8.31\08.vir Trojan.JS.Agent.NOR Deleted
D:\TEST\daily\2016.8.31\02.vir.exe Trojan.GenericKD.3495950 Deleted

Scanned items : 185
Infected items : 40
Suspicious items : 0 (no suspected items have been detected)
Resolved items : 40
Unresolved items : 0 (no issues remained unresolved)[/mw_shl_code]

显示全部楼层 · 发表于 2016-8-31 09:24:13

本帖最后由挥泪斩情思于 2016-8-31 09:37 编辑

NS

显示全部楼层 · 发表于 2016-8-31 09:40:44

毒霸kill17X

扫描时间：[2016-08-31 09:39:25]
扫描用时：[00:00:10]
扫描类型：自定义查杀
扫描文件总数：191
扫描速度：17文件/秒
发现威胁：18个
清除威胁：18个
=============================================
[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\02.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\09.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\15.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\15.vir/<a:cabsfx>/15/<a:cab>/codec.exe
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\18.vir
类型：win32.troj.zapchast.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\26.vir
类型：win32.troj.zapchast.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\42.vir
类型：win32.troj.zapchast.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\50.vir
类型：win32.heur.kvm101.a
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\03.vir
类型：win32.troj.agent.v.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\05.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\10.vir
类型：win32.troj.inject.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\21.vir
类型：win32.troj.generickd.v.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\25.vir
类型：win32.troj.inject.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\27.vir
类型：win32.troj.generickd.v.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\29.vir
类型：win32.troj.banker.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\33.vir
类型：win32.troj.generic.v.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\39.vir
类型：win32.troj.generic_a.a.(kcloud)
处理方式：删除

[2016-08-31 09:40:04]
威胁：f:\浏览器下载\2016.8.31\40.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

显示全部楼层 · 发表于 2016-8-31 09:42:15

AS安全卫士免安装完整版2016.8.30库
报
AVM.VIRUS/GEN.007 x5
AVM.HeUr.Trojan.Gen x5
AVM.NormalHeur.Format x1
HEUR/AVM.05.Malware.Gen x1
                  06                         x6
                  02                         x2
                  01                         x9
                  03                         x1
合计:30

显示全部楼层 · 发表于 2016-8-31 09:43:26

MSE

[mw_shl_code=css,true]Scan started on Wed Aug 31 09:41:32 2016

C:\Users\XuanXia\Desktop\2016.8.31\01.vir                                  Infected: TrojanDownloader:JS/Nemucod.GU
C:\Users\XuanXia\Desktop\2016.8.31\03.vir                                  Infected: Backdoor:Win32/Kirts.A
C:\Users\XuanXia\Desktop\2016.8.31\07.vir                                  Infected: TrojanDownloader:JS/Nemucod.FG
C:\Users\XuanXia\Desktop\2016.8.31\10.vir                                  Infected: DDoS:Win32/Nitol.D
C:\Users\XuanXia\Desktop\2016.8.31\11.vir->word/vbaProject.bin             Infected: TrojanDownloader:O97M/Donoff.H
C:\Users\XuanXia\Desktop\2016.8.31\12.vir                                  Infected: TrojanDownloader:JS/Nemucod.FG
C:\Users\XuanXia\Desktop\2016.8.31\13.vir->x/abcabcabcabcr.class          Infected: Trojan:Java/Adwind
C:\Users\XuanXia\Desktop\2016.8.31\15.vir                                  Infected: Trojan:Win32/Bulta!rfn
C:\Users\XuanXia\Desktop\2016.8.31\15.vir->(WExtract)->codec.exe          Infected: TrojanDropper:Win32/Vtimrun.B [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.31\16.vir                                  Infected: TrojanDownloader:JS/Swabfex.P
C:\Users\XuanXia\Desktop\2016.8.31\17.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.8.31\18.vir                                  Infected: Trojan:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.8.31\18.vir->(nsis-3-WindowsApplication2.exe)  Infected: Trojan:Win32/Dynamer!ac [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.31\19.vir->word/vbaProject.bin             Infected: TrojanDownloader:O97M/Donoff.H
C:\Users\XuanXia\Desktop\2016.8.31\20.vir                                  Infected: TrojanDownloader:JS/Nemucod
C:\Users\XuanXia\Desktop\2016.8.31\21.vir                                  Infected: Ransom:Win32/Ranscrape
C:\Users\XuanXia\Desktop\2016.8.31\22.vir                                  Infected: TrojanDownloader:JS/Nemucod
C:\Users\XuanXia\Desktop\2016.8.31\24.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.8.31\25.vir                                  Infected: VirTool:Win32/CeeInject.GF
C:\Users\XuanXia\Desktop\2016.8.31\26.vir                                  Infected: Trojan:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.8.31\26.vir->(nsis-3-WindowsApplication2.exe)  Infected: Trojan:Win32/Dynamer!ac [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.31\27.vir                                  Infected: TrojanDropper:Win32/Kaymundler.C
C:\Users\XuanXia\Desktop\2016.8.31\30.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.8.31\31.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.8.31\32.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.8.31\33.vir                                  Infected: Backdoor:MSIL/Bladabindi
C:\Users\XuanXia\Desktop\2016.8.31\34.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.8.31\36.vir                                  Infected: TrojanDownloader:JS/Nemucod.FG
C:\Users\XuanXia\Desktop\2016.8.31\37.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.8.31\38.vir->word/vbaProject.bin             Infected: TrojanDownloader:O97M/Donoff
C:\Users\XuanXia\Desktop\2016.8.31\39.vir                                  Infected: Ransom:Win32/Ranscrape
C:\Users\XuanXia\Desktop\2016.8.31\42.vir                                  Infected: Trojan:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.8.31\42.vir->(nsis-3-WindowsApplication2.exe)  Infected: Trojan:Win32/Dynamer!ac [non_writable_container]
C:\Users\XuanXia\Desktop\2016.8.31\43.vir                                  Infected: Trojan:O97M/Madeba.A!det
C:\Users\XuanXia\Desktop\2016.8.31\44.vir->word/vbaProject.bin             Infected: TrojanDownloader:O97M/Donoff
C:\Users\XuanXia\Desktop\2016.8.31\48.vir                                  Infected: TrojanDownloader:JS/Nemucod.PN
C:\Users\XuanXia\Desktop\2016.8.31\49.vir                                  Infected: Ransom:Win32/Nemreq.A
C:\Users\XuanXia\Desktop\2016.8.31\50.vir                                  Infected: Trojan:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.8.31\50.vir->(nsis-3-WindowsApplication2.exe)  Infected: Trojan:Win32/Dynamer!ac [non_writable_container]
Successfully checked: C:\Users\XuanXia\Desktop\2016.8.31

Scan ended on Wed Aug 31 09:41:42 2016

Time: 10 second(s). [0h:00m:10s]
Files/second: 21 (1056 Kb/s).
Objects scanned: 219.
Infected: 39. Suspicious: 0. Clean: 180. Different virus bodies: 21.
Files: 50. Directories: 1. Archives: 40. Packed: 14. Mail files: 1.
Warnings: 39. Scan errors: 0. Protected: 0. Damaged: 0. Unknown method: 0. Spanned: 0.[/mw_shl_code]

显示全部楼层 · 发表于 2016-8-31 09:46:24

本帖最后由 BHHZDQL 于 2016-8-31 09:51 编辑

AS安全卫士，昨天晚上的库，KILL31个
自学习引擎19X
启发式引擎发现8X
文件名杀毒发现4X

看来我得着手开发脚本杀毒引擎了，就叫AVE脚本杀毒引擎吧
现在非PE样本越来越多，自学习引擎应付不了啊，。，

为了检测自学习引擎+启发式引擎的真实能力改了名字
绕开文件名杀毒的规则
检出29X

[病毒样本] 精睿样本测试（16.8.31）

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块