精睿样本测试（16.9.22）

轩夏

地址：

https://pan.baidu.com/s/1pK9RDaz  提取密码  5sae  
http://www.vdisk.cn/down/index/19734838

密码：bbs.vc52.cn
数量：50

挥泪斩情思

Dr.Web检出29X

轩夏

MSE

[mw_shl_code=css,true]Scan started on Thu Sep 22 09:21:04 2016

C:\Users\XuanXia\Desktop\2016.9.22\01.vir                              Infected: TrojanDownloader:JS/Swabfex.P
C:\Users\XuanXia\Desktop\2016.9.22\02.vir                              Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.9.22\04.vir                              Infected: TrojanDownloader:JS/Nemucod.FG
C:\Users\XuanXia\Desktop\2016.9.22\06.vir                              Infected: Worm:Win32/Kalockan.A
C:\Users\XuanXia\Desktop\2016.9.22\07.vir->Payment Slip.exe            Infected: Backdoor:MSIL/Bladabindi.G
C:\Users\XuanXia\Desktop\2016.9.22\10.vir->word/vbaProject.bin         Infected: TrojanDownloader:O97M/Donoff
C:\Users\XuanXia\Desktop\2016.9.22\11.vir                              Infected: TrojanDownloader:JS/Nemucod.FG
C:\Users\XuanXia\Desktop\2016.9.22\12.vir                              Infected: TrojanDownloader:Win32/Silcon
C:\Users\XuanXia\Desktop\2016.9.22\13.vir->[WsfCmtOut]->(SCRIPT0000)   Infected: Trojan:VBS/Kalhine.A [non_writable_container]
C:\Users\XuanXia\Desktop\2016.9.22\16.vir->word/vbaProject.bin         Infected: TrojanDownloader:O97M/Donoff
C:\Users\XuanXia\Desktop\2016.9.22\18.vir                              Infected: TrojanDownloader:JS/Swabfex.P
C:\Users\XuanXia\Desktop\2016.9.22\19.vir                              Infected: TrojanDownloader:JS/Nemucod.FG
C:\Users\XuanXia\Desktop\2016.9.22\20.vir                              Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.9.22\22.vir                              Infected: TrojanDownloader:JS/Nemucod.FG
C:\Users\XuanXia\Desktop\2016.9.22\23.vir                              Infected: Trojan:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.9.22\25.vir                              Infected: Ransom:Win32/Locky.A
C:\Users\XuanXia\Desktop\2016.9.22\27.vir                              Infected: Ransom:Win32/Teerac.I
C:\Users\XuanXia\Desktop\2016.9.22\28.vir                              Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.9.22\29.vir->(VFS:1.exe)                 Infected: Trojan:Win32/Miuref.R [non_writable_container]
C:\Users\XuanXia\Desktop\2016.9.22\29.vir->(VFS:2.exe#1)               Infected: Trojan:Win32/Dynamer!ac[non_writable_container]
C:\Users\XuanXia\Desktop\2016.9.22\29.vir->(7zSfx)->1.exe              Infected: Trojan:Win32/Miuref.R [non_writable_container]
C:\Users\XuanXia\Desktop\2016.9.22\29.vir->(7zSfx)->2.exe              Infected: Trojan:Win32/Dynamer!ac[non_writable_container]
C:\Users\XuanXia\Desktop\2016.9.22\30.vir                              Infected: Worm:Win32/Macoute.A
C:\Users\XuanXia\Desktop\2016.9.22\33.vir                              Infected: TrojanDownloader:JS/Nemucod.FG
C:\Users\XuanXia\Desktop\2016.9.22\37.vir                              Infected: Backdoor:Win32/Fynloski.K
C:\Users\XuanXia\Desktop\2016.9.22\38.vir                              Infected: TrojanDownloader:O97M/Donoff
C:\Users\XuanXia\Desktop\2016.9.22\41.vir                              Infected: Trojan:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.9.22\44.vir                              Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.9.22\45.vir                              Infected: TrojanDownloader:JS/Nemucod.GZ
C:\Users\XuanXia\Desktop\2016.9.22\46.vir->(SCRIPT0000)                Infected: TrojanDownloader:JS/Swabfex.P
C:\Users\XuanXia\Desktop\2016.9.22\47.vir                              Infected: TrojanSpy:Win32/Ursnif
C:\Users\XuanXia\Desktop\2016.9.22\49.vir                              Infected: Ransom:Win32/Tovicrypt.A
C:\Users\XuanXia\Desktop\2016.9.22\50.vir                              Infected: TrojanDownloader:JS/Nemucod
Successfully checked: C:\Users\XuanXia\Desktop\2016.9.22

Scan ended on Thu Sep 22 09:21:21 2016

Time: 17 second(s). [0h:00m:17s]
Files/second: 12 (933 Kb/s).
Objects scanned: 212.
Infected: 33. Suspicious: 0. Clean: 179. Different virus bodies: 19.
Files: 94. Directories: 1. Archives: 37. Packed: 8. Mail files: 1.
Warnings: 33. Scan errors: 0. Protected: 0. Damaged: 0. Unknown method: 0. Spanned: 0.[/mw_shl_code]

Prince云

360 Total Security【联网】0X，上传19未知文件分析！
[mw_shl_code=html,true]360 Total Security扫描日志
扫描时间：2016-09-22 09:26:13
扫描用时：00:00:23
扫描项目总数：50
威胁总数：0
处理威胁数：0
扫描选项
----------------------
扫描压缩包：否
常规引擎设置：未开启小红伞和Bitdefender引擎
扫描内容
----------------------
D:\Data\桌面\2016.9.22\
扫描结果
======================
未发现威胁[/mw_shl_code]


上传分析结果：


上传分析后扫描结果：4X
[mw_shl_code=html,true]360 Total Security扫描日志
扫描时间：2016-09-22 09:33:23
扫描用时：00:00:10
扫描项目总数：50
威胁总数：4
处理威胁数：4
扫描选项
----------------------
扫描压缩包：否
常规引擎设置：未开启小红伞和Bitdefender引擎
扫描内容
----------------------
D:\Data\桌面\2016.9.22\
扫描结果
======================
高风险项目
----------------------
D:\Data\桌面\2016.9.22\05.vir        HEUR/QVM10.1.FC23.Malware.Gen        已处理
D:\Data\桌面\2016.9.22\25.vir        HEUR/QVM40.1.FC23.Malware.Gen        已处理
D:\Data\桌面\2016.9.22\30.vir        Win32/Trojan.aea        已处理
D:\Data\桌面\2016.9.22\41.vir        HEUR/QVM03.0.FC23.Malware.Gen        已处理[/mw_shl_code]

skycai

火绒 ko15[mw_shl_code=css,true]Huorong Security Anti-Malware Scan Log
Copyright (C) Huorong Security Lab. All rights reserved.

Scan engine version: v3.0.4.0
Signature database fingerprint: c1b66ec:c820202:46b1db0:46b1db0
Signature database timestamp: Wed Sep 21 17:25:13 2016


Scan started at:   Thu Sep 22 09:20:20 2016


d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\01.vir: TrojanDownloader/JS.Nemucod.ei [c885bbb64cb571ca]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\05.vir: HVM:Trojan/Bayrob.d [4ecadadc63221331]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\18.vir: TrojanDownloader/JS.Nemucod.ei [c885bbb64cb571ca]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\28.vir: TrojanDownloader/JS.Nemucod.eu [f62160773d3877bd]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\30.vir: Worm/Macoute.a [6460d735bc0625fc]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\36.vir >> i\odGSkJ7Y6Pe7w0CHAcEbk.class: Trojan/Java.Adwind [5015abc630f35c3e]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\38.vir: OMacro/Downloader [8eb8b8d80225fe15]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\37.vir >> text: Backdoor/Fynloski.a [853f2ad2e234ab95]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\41.vir: TrojanDropper/MSIL.Hostwack.a [0a34f1dac123de29]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\42.vir: Exploit/JS.Pidief.a [d69d05e13f8696de]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\44.vir: TrojanDownloader/JS.Nemucod.eq [3ef519253be261d3]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\45.vir: TrojanDownloader/JS.Nemucod.ei [c885bbb64cb571ca]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\46.vir: TrojanDownloader/JS.Nemucod.ei [c885bbb64cb571ca]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\50.vir: TrojanDownloader/JS.Nemucod.ei [c885bbb64cb571ca]
d:\Users\CAIXUEXUN\Desktop\2016.9.22\2016.9.22\48.vir: Adware/Reimage.a [458fb34a054de2ed]

Scan completed at: Thu Sep 22 09:20:28 2016


Total:             50 file(s), 340 object(s)
Infected:          15 file(s), 15 object(s)
Deleted:           0 file(s), 0 failure(s)
Disinfected:       0 file(s), 0 failure(s)
Duration:          00:00:16 (16 seconds)
Ratio:             3 file(s)/s, 21 object(s)/s (2,756 KB/s, 590 phys.KB/s)
[/mw_shl_code]

狐狸糊涂

BD杀36,余14

[mw_shl_code=css,true]C:\Users\lixia\Desktop\2016.9.22\29.vir=>(7z o)=>2.exe Gen:Variant.Zusy.206048 Moved to Quarantine
C:\Users\lixia\Desktop\2016.9.22\19.vir=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHK Deleted
C:\Users\lixia\Desktop\2016.9.22\16.vir=>word/vbaProject.bin W97M.Downloader.EJD Disinfected
C:\Users\lixia\Desktop\2016.9.22\13.vir Trojan.VBS.UWH Deleted
C:\Users\lixia\Desktop\2016.9.22\27.vir Trojan.GenericKD.3532298 Deleted
C:\Users\lixia\Desktop\2016.9.22\45.vir Trojan.GenericKD.3528827 Deleted
C:\Users\lixia\Desktop\2016.9.22\37.vir Gen:Variant.Zusy.205073 Deleted
C:\Users\lixia\Desktop\2016.9.22\28.vir Trojan.JS.Agent.NWH Deleted
C:\Users\lixia\Desktop\2016.9.22\26.vir Script.SWF.C553 Deleted
C:\Users\lixia\Desktop\2016.9.22\44.vir Trojan.JS.Agent.NWI Deleted
C:\Users\lixia\Desktop\2016.9.22\36.vir=>i/odGSkJ7Y6Pe7w0CHAcEbu.class Trojan.JAVA.Adwind.DB Deleted
C:\Users\lixia\Desktop\2016.9.22\33.vir=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHK Deleted
C:\Users\lixia\Desktop\2016.9.22\41.vir Trojan.Generic.18090802 Deleted
C:\Users\lixia\Desktop\2016.9.22\05.vir Gen:Variant.Razy.41703 Deleted
C:\Users\lixia\Desktop\2016.9.22\04.vir=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHK Deleted
C:\Users\lixia\Desktop\2016.9.22\22.vir=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHK Deleted
C:\Users\lixia\Desktop\2016.9.22\10.vir=>word/vbaProject.bin W97M.Downloader.EJD Disinfected
C:\Users\lixia\Desktop\2016.9.22\46.vir=>(INFECTED_JS) JS:Trojan.JS.RQF Deleted
C:\Users\lixia\Desktop\2016.9.22\38.vir Trojan.GenericKD.3529867 Deleted
C:\Users\lixia\Desktop\2016.9.22\01.vir=>(INFECTED_JS) JS:Trojan.Crypt.PV Deleted
C:\Users\lixia\Desktop\2016.9.22\47.vir Gen:Variant.Zusy.10522 Deleted
C:\Users\lixia\Desktop\2016.9.22\02.vir Trojan.GenericKD.3540108 Deleted
C:\Users\lixia\Desktop\2016.9.22\20.vir Trojan.JS.RQJ Deleted
C:\Users\lixia\Desktop\2016.9.22\12.vir Gen:Variant.Razy.95546 Deleted
C:\Users\lixia\Desktop\2016.9.22\30.vir Gen:Variant.Midie.2712 Deleted
C:\Users\lixia\Desktop\2016.9.22\42.vir=>(INFECTED_JS) JS:Trojan.JS.Downloader.LU Deleted
C:\Users\lixia\Desktop\2016.9.22\06.vir Trojan.GenericKD.3540575 Deleted
C:\Users\lixia\Desktop\2016.9.22\29.vir=>(7z o)=>1.exe Trojan.GenericKD.3532438 Moved to Quarantine
C:\Users\lixia\Desktop\2016.9.22\25.vir Trojan.GenericKD.3533100 Deleted
C:\Users\lixia\Desktop\2016.9.22\07.vir=>Payment Slip.exe Trojan.GenericKD.3538867 Deleted
C:\Users\lixia\Desktop\2016.9.22\17.vir Trojan.GenericKD.3538739 Deleted
C:\Users\lixia\Desktop\2016.9.22\49.vir Trojan.GenericKD.3533589 Deleted
C:\Users\lixia\Desktop\2016.9.22\18.vir=>(INFECTED_JS) JS:Trojan.Crypt.PV Deleted
C:\Users\lixia\Desktop\2016.9.22\50.vir=>(INFECTED_JS) JS:Trojan.JS.Downloader.MG Deleted
C:\Users\lixia\Desktop\2016.9.22\32.vir Gen:Trojan.Heur.VB.dm1@dWv32GlG Deleted
C:\Users\lixia\Desktop\2016.9.22\11.vir=>(INFECTED_JS) JS:Trojan.JS.Downloader.FHK Deleted
[/mw_shl_code]

Luca.l

[mw_shl_code=html,true]【扫描信息】

开始时间:2016-9-22 09:40:28
扫描用时:00:00:01
扫描类型:指定位置杀毒
扫描引擎:管家云查杀引擎 管家反病毒引擎 管家系统修复引擎
扫描状态:扫描完成


【扫描结果】

扫描文件数:50
发现风险数:13
已处理风险数:13


---------------------
2016-9-22 09:40:32 MD5:c8e9a13cc6dfa61d5eeedb0228a05f69 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\06.vir [Win32.Trojan-Banker.Shiotob.pezm]  [删除成功]
2016-9-22 09:40:32 MD5:af8f1dd4956ab4ba36b8aad66132d373 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\29.vir [Msil.Trojan.Crypt.bnu]  [删除成功]
2016-9-22 09:40:32 MD5:f2a922866cb8a299f8f5c94c92d19dda C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\41.vir [Win32.Trojan.Generic.peqf]  [删除成功]
2016-9-22 09:40:32 MD5:85007447ad058ea962390682e7c1593a C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\12.vir [Win32.Trojan.Nymaim.ljy]  [删除成功]
2016-9-22 09:40:33 MD5:12eb71d3ae4eb0208cfccb82a8d0ed18 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\30.vir [Win32.Trojan.Agentb.lnok]  [删除成功]
2016-9-22 09:40:33 MD5:40e6b496801d87a5a4db8b1a049e8478 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\49.vir [Win32.Trojan.Cryptxxx.eeqt]  [删除成功]
2016-9-22 09:40:33 MD5:08052e1e183aef815e4c611224fec216 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\17.vir [Win32.Trojan.FalseSign.eckx]  [删除成功]
2016-9-22 09:40:33 MD5:308eaf3de09f4571c5cd2e832f43cae4 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\23.vir [Msil.Trojan-Downloader.Agent.tdzd]  [删除成功]
2016-9-22 09:40:33 MD5:1d4ca41336149768078ab448bca9328a C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\35.vir [Win32.Trojan.Malware.Gfoo]  [删除成功]
2016-9-22 09:40:33 MD5:41455d5433154315cd298fe522900434 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\25.vir [Win32.Trojan.Filecoder.pijy]  [删除成功]
2016-9-22 09:40:33 MD5:137abd6e05c9c41de1a5a8bb6359d0d2 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\05.vir [Win32.Trojan.Bayrob.lmlj]  [删除成功]
2016-9-22 09:40:33 MD5:5eeeac34327b46e99ebdf087ea7d958b C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\27.vir [Win32.Backdoor.Androm.ecaz]  [删除成功]
2016-9-22 09:40:33 MD5:135c045b6772808dc879248a5d19cc03 C:\Users\Joyzz_Android01\Desktop\样本\2016.9.22\32.vir [Win32.Trojan.Dropper.lorn]  [删除成功]
---------------------
[/mw_shl_code]

心醉咖啡

二扫再补杀3个


扫描时间：[2016-09-22 09:48:43]
扫描用时：[00:00:05]
扫描类型：自定义查杀
扫描文件总数：143
扫描速度：23文件/秒
发现威胁：17个
清除威胁：17个
=============================================
[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\05.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\07.vir/<a:zip>/payment slip.exe
类型：win32.troj.generickd.v.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\29.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\29.vir/<a:7zipsfx>/29/<a:7z>/1.exe
类型：win32.troj.inject.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\06.vir
类型：win32.troj.generickd.v.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\12.vir
类型：win32.troj.generic_a.a.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\17.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\23.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\25.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\27.vir
类型：win32.troj.generickd.v.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\30.vir
类型：win32.heur.kvm013.a.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\32.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\35.vir
类型：win32.heur.kvm099.a.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\37.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\41.vir
类型：win32.troj.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\47.vir
类型：win32.hack.undef.(kcloud)
处理方式：删除

[2016-09-22 09:49:19]
威胁：f:\浏览器下载\2016.9.22\49.vir
类型：win32.troj.generickd.v.(kcloud)
处理方式：删除

蓝天二号

AVG 35X

z2009

ess杀38，余12