setup.exe系列样本包17X

显示全部楼层 · 发表于 2016-9-5 15:04:26

MSE

C:\Users\XuanXia\Desktop\Samples\setup_15.exe Infected: TrojanSpy:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\Samples\setup_17.exe Infected: TrojanSpy:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\Samples\setup_3.exe Infected: Trojan:Win32/Dynamer!ac
C:\Users\XuanXia\Desktop\Samples\setup_8.exe Infected: Trojan:MSIL/Gentromal.A

显示全部楼层 · 发表于 2016-9-5 16:24:28

Avira

[mw_shl_code=css,true]Start of the scan: Monday, 5 September, 2016  16:17

Starting the file scan:

Begin scan in 'C:\Users\User\Downloads\Compressed\Samples'
Successful Cloud SDK initialization and license check.
The file 'C:\Users\User\Downloads\Compressed\Samples\setup.exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 1EBD619D1970F27E053C5FD8316DA6AD68B52C0CDC3AC0E8D226D2FA476F6E72
C:\Users\User\Downloads\Compressed\Samples\setup.exe (SHA-256: 1ebd619d1970f27e053c5fd8316da6ad68b52c0cdc3ac0e8d226d2fa476f6e72)
  [DETECTION] Is the TR/Dropper.MSIL.Gen (Cloud) Trojan
  [INFO]    The file 'C:\Users\User\Downloads\Compressed\Samples\setup.exe' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Downloads\Compressed\Samples\setup_10.exe
  [DETECTION] Is the TR/Dropper.MSIL.mmlh Trojan
C:\Users\User\Downloads\Compressed\Samples\setup_11.exe
  [DETECTION] Is the TR/Dropper.MSIL.kmtf Trojan
The file 'C:\Users\User\Downloads\Compressed\Samples\setup_12.exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = D0E822DB6BC8716B3C0821CEDA577D9BB48C903D7ED6B12F820B9661A9D43FAE
C:\Users\User\Downloads\Compressed\Samples\setup_12.exe (SHA-256: d0e822db6bc8716b3c0821ceda577d9bb48c903d7ed6b12f820b9661a9d43fae)
  [DETECTION] Is the TR/Dropper.MSIL.Gen (Cloud) Trojan
  [INFO]    The file 'C:\Users\User\Downloads\Compressed\Samples\setup_12.exe' has been uploaded to the Protection Cloud and analyzed.
The file 'C:\Users\User\Downloads\Compressed\Samples\setup_13.exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = A53FF6B74A30C179334208963450B8341CB12BBA18B91106165518FB6C39F02B
C:\Users\User\Downloads\Compressed\Samples\setup_13.exe (SHA-256: a53ff6b74a30c179334208963450b8341cb12bba18b91106165518fb6c39f02b)
  [DETECTION] Is the TR/Dropper.MSIL.Gen (Cloud) Trojan
  [INFO]    The file 'C:\Users\User\Downloads\Compressed\Samples\setup_13.exe' has been uploaded to the Protection Cloud and analyzed.
The file 'C:\Users\User\Downloads\Compressed\Samples\setup_14.exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = AD84C5906595C95829F5283B0B86409A554F1234CCB1116569EDEF8050EC1569
C:\Users\User\Downloads\Compressed\Samples\setup_14.exe (SHA-256: ad84c5906595c95829f5283b0b86409a554f1234ccb1116569edef8050ec1569)
  [DETECTION] Is the TR/Dropper.MSIL.Gen (Cloud) Trojan
  [INFO]    The file 'C:\Users\User\Downloads\Compressed\Samples\setup_14.exe' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Downloads\Compressed\Samples\setup_15.exe
  [DETECTION] Is the TR/Agent.ldqg Trojan
C:\Users\User\Downloads\Compressed\Samples\setup_16.exe
  [DETECTION] Is the TR/Dropper.MSIL.ghya Trojan
C:\Users\User\Downloads\Compressed\Samples\setup_17.exe
  [DETECTION] Is the TR/Crypt.XPACK.Gen7 Trojan
The file 'C:\Users\User\Downloads\Compressed\Samples\setup_2.exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 24C6FBAD87C30A5C162151862725AC2A7DEDC683170E30614479CB8C613BC2D8
C:\Users\User\Downloads\Compressed\Samples\setup_2.exe (SHA-256: 24c6fbad87c30a5c162151862725ac2a7dedc683170e30614479cb8c613bc2d8)
  [DETECTION] Is the TR/Dropper.MSIL.Gen (Cloud) Trojan
  [INFO]    The file 'C:\Users\User\Downloads\Compressed\Samples\setup_2.exe' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Downloads\Compressed\Samples\setup_3.exe
  [DETECTION] Is the TR/Dropper.MSIL.rknc Trojan
The file 'C:\Users\User\Downloads\Compressed\Samples\setup_4.exe' was scanned with the Protection Cloud. SHA256 = 6FB658C207DE6A06C7CA89FE592EB5064B5306D63C6B72B21FDE710700AC0586
The file 'C:\Users\User\Downloads\Compressed\Samples\setup_5.exe' was scanned with the Protection Cloud. SHA256 = 3151A109A6223C49457D99FCE086222980194EAD149E84D371CA44CFB0126AA7
C:\Users\User\Downloads\Compressed\Samples\setup_6.exe
  [DETECTION] Is the TR/Dropper.MSIL.zinf Trojan
C:\Users\User\Downloads\Compressed\Samples\setup_7.exe
  [DETECTION] Is the TR/Dropper.MSIL.xryp Trojan
C:\Users\User\Downloads\Compressed\Samples\setup_8.exe
  [DETECTION] Is the TR/Dropper.MSIL.kmqu Trojan
The file 'C:\Users\User\Downloads\Compressed\Samples\setup_9.exe' was scanned with the Protection Cloud. SHA256 = 1A28F8391F952C4B1F900DE4E84C7D701D22D041A89C1B3D606EFC41E342A808[/mw_shl_code]

显示全部楼层 · 发表于 2016-9-5 18:38:49

gdata 只干掉9个，其他几个在sandboxie里面运行，双击后鼠标右边的圆圈一直在转，然后就没有别的反应。难道是反沙箱？

显示全部楼层 · 发表于 2016-9-5 18:51:36

扫描时间：[2016-09-05 18:46:58]
扫描用时：[00:00:03]
扫描类型：自定义查杀
扫描文件总数：17
扫描速度：4文件/秒
发现威胁：5个
清除威胁：5个
=============================================
[2016-09-05 18:47:09]
威胁：f:\浏览器下载\samples\setup_10.exe
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-05 18:47:09]
威胁：f:\浏览器下载\samples\setup_15.exe
类型：win32.troj.myxa.d.(kcloud)
处理方式：删除

[2016-09-05 18:47:09]
威胁：f:\浏览器下载\samples\setup_17.exe
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-05 18:47:09]
威胁：f:\浏览器下载\samples\setup_6.exe
类型：win32.pswtroj.stealer.b.(kcloud)
处理方式：删除

[2016-09-05 18:47:09]
威胁：f:\浏览器下载\samples\setup_7.exe
类型：win32.troj.undef.(kcloud)
处理方式：删除

显示全部楼层 · 发表于 2016-9-6 10:10:00

360 kill 10x

显示全部楼层 · 发表于 2016-9-6 11:13:24

Bitdefender

显示全部楼层 · 发表于 2016-9-6 12:02:39

230f4 发表于 2016-9-6 11:13
Bitdefender

全女干？

显示全部楼层 · 发表于 2016-9-6 20:43:49

mcafee 剩余8x

[可疑文件] setup.exe系列样本包17X

本帖子中包含更多资源

浏览过的版块