精睿样本测试（16.12.19）

轩夏

地址：

http://pan.baidu.com/s/1qYhKkUw 提取密码: 7krh

密码：bbs.vc52.cn
数量：40

Eset小粉絲

Avira 23x
[mw_shl_code=css,true]Start of the scan: Monday, 19 December, 2016  09:15

Starting the file scan:

Begin scan in 'C:\Users\Ivan\Desktop\2016.12.19'
Successful Cloud SDK initialization and license check.
The file 'C:\Users\Ivan\Desktop\2016.12.19\02.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = D0E8A5E234C4ACEFCAD3A8EED91388476A1AD4CF49972983151463DFBBE1E69C
C:\Users\Ivan\Desktop\2016.12.19\02.vir (SHA-256: d0e8a5e234c4acefcad3a8eed91388476a1ad4cf49972983151463dfbbe1e69c)
  [DETECTION] Contains recognition pattern of the SPR/PassView.d0e8a5 (Cloud) program
  [INFO]      The file 'C:\Users\Ivan\Desktop\2016.12.19\02.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.12.19\03.vir
  [DETECTION] Contains code of the W2000M/Agent.27741 macro virus
Retry 1 for the file 'C:\Users\Ivan\Desktop\2016.12.19\05.vir'. SHA256 = 685B5C35DAFD35F86B3A2CB90ACED1F91932333E1F45419E68606A173A45E306
Retry 2 for the file 'C:\Users\Ivan\Desktop\2016.12.19\05.vir'. SHA256 = 685B5C35DAFD35F86B3A2CB90ACED1F91932333E1F45419E68606A173A45E306
The file 'C:\Users\Ivan\Desktop\2016.12.19\05.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 685B5C35DAFD35F86B3A2CB90ACED1F91932333E1F45419E68606A173A45E306
C:\Users\Ivan\Desktop\2016.12.19\05.vir (SHA-256: 685b5c35dafd35f86b3a2cb90aced1f91932333e1f45419e68606a173a45e306)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2016.12.19\05.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.12.19\06.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
C:\Users\Ivan\Desktop\2016.12.19\07.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.75015 Java script virus
C:\Users\Ivan\Desktop\2016.12.19\08.vir
  [DETECTION] Contains code of the W2000M/Agent.9540401 macro virus
C:\Users\Ivan\Desktop\2016.12.19\12.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Agent
C:\Users\Ivan\Desktop\2016.12.19\13.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
C:\Users\Ivan\Desktop\2016.12.19\14.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.75013 Java script virus
C:\Users\Ivan\Desktop\2016.12.19\15.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\Ivan\Desktop\2016.12.19\17.vir
  [DETECTION] Contains recognition pattern of the SPR/Agent.1333 program
The file 'C:\Users\Ivan\Desktop\2016.12.19\18.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 2F5C208245877ADE0E20DF7A7E500DA72D608FF0D8BC8C5C9FD2BABBBCF9D25A
C:\Users\Ivan\Desktop\2016.12.19\18.vir (SHA-256: 2f5c208245877ade0e20df7a7e500da72d608ff0d8bc8c5c9fd2babbbcf9d25a)
  [DETECTION] Is the TR/Crypt.ZPACK.2f5c20 (Cloud) Trojan
  [INFO]      The file 'C:\Users\Ivan\Desktop\2016.12.19\18.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.12.19\19.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\Ivan\Desktop\2016.12.19\20.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Dropper
C:\Users\Ivan\Desktop\2016.12.19\21.vir
  [DETECTION] Contains code of the W2000M/Agent.35650 macro virus
C:\Users\Ivan\Desktop\2016.12.19\24.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.75013 Java script virus
C:\Users\Ivan\Desktop\2016.12.19\25.vir
  [DETECTION] Contains code of the W2000M/Dldr.Agent.ccc macro virus
C:\Users\Ivan\Desktop\2016.12.19\28.vir
    [0] Archive type: RAR
    --> 001098.pdf.exe
        [1] Archive type: RAR SFX (self extracting)
      --> CMT
          [DETECTION] Is the TR/Dldr.AutoIt.WRO.2 Trojan
          [WARNING]   Infected files in archives cannot be repaired
Retry 1 for the file 'C:\Users\Ivan\Desktop\2016.12.19\29.vir'. SHA256 = EBF843AAFEA27863FF901415B6122652AC65C29AA2082FED63968185D26B7670
Retry 2 for the file 'C:\Users\Ivan\Desktop\2016.12.19\29.vir'. SHA256 = EBF843AAFEA27863FF901415B6122652AC65C29AA2082FED63968185D26B7670
The file 'C:\Users\Ivan\Desktop\2016.12.19\29.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = EBF843AAFEA27863FF901415B6122652AC65C29AA2082FED63968185D26B7670
C:\Users\Ivan\Desktop\2016.12.19\29.vir (SHA-256: ebf843aafea27863ff901415b6122652ac65c29aa2082fed63968185d26b7670)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2016.12.19\29.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.12.19\30.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.912312 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.19\32.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.75014 Java script virus
C:\Users\Ivan\Desktop\2016.12.19\33.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
C:\Users\Ivan\Desktop\2016.12.19\35.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.75013 Java script virus
C:\Users\Ivan\Desktop\2016.12.19\36.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Ivan\Desktop\2016.12.19\40.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.75014 Java script virus[/mw_shl_code]

superax

SEP14，还剩下21个，杀掉19个。
AVG，还剩下26个，杀掉14个。

欧阳宣

MES占位，久违了

检测17，修复4个。
[mw_shl_code=css,true]12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\03.vir\_VBA_PROJECT. The Trojan named W97M/Downloader.bni was detected and deleted.
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\07.vir\00000042.js. The Trojan named JS/Nemucod.qh was detected and deleted.
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\06.vir\__substg1.0_37010102\IMPORTANT-zip-9219.zip\IMPORTANT-9219.js. The Trojan named JS/Nemucod.jp was detected and deleted.
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
12/18/2016 8:38:48 PM    mfetp(4352.4900) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\08.vir\WordDocument. The Trojan named W97M/Downloader.brn was detected and deleted.
12/18/2016 8:38:48 PM    mfetp(4352.4900) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:48 PM    mfetp(4352.4900) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:48 PM    mfetp(4352.4900) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:48 PM    mfetp(4352.4900) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\14.vir\00000042.js. The Trojan named JS/Nemucod.qh was detected and deleted.
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\12.vir\WordDocument. The Trojan named X97M/Downloader.ax was detected and deleted.
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:48 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\24.vir\00000042.js. The Trojan named JS/Nemucod.qh was detected and deleted.
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\19.vir. The Trojan named JS/Nemucod.qj was detected and deleted.
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\30.vir\word/vbaProject.bin\_VBA_PROJECT. The Trojan named W97M/Downloader.bni was detected and deleted.
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\32.vir. The Trojan named JS/Nemucod.oa was detected and deleted.
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:49 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\33.vir. The Trojan named JS/Nemucod.px was detected and deleted.
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\35.vir\00000042.js. The Trojan named JS/Nemucod.qh was detected and deleted.
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\40.vir. The Trojan named JS/Nemucod.oa was detected and deleted.
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:50 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\36.vir. The Trojan named BackDoor-NJRat was detected and deleted.
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\18.vir. The Trojan named PWSZbot-FAWZ!2AFE617EDB33 was detected and deleted.
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\38.vir\10.nsis. The Trojan named NSIS/ObfusRansom.f was detected and deleted.
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:51 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
12/18/2016 8:38:55 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: JEFF-XPS13\jeff6 ran C:\Program Files\WinRAR\WinRAR.exe, which attempted to access C:\Virus\2016.12.19\28.vir\001098.pdf.exe. The Virus named Artemis!76D624EA723A was detected and deleted.
12/18/2016 8:38:55 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity: Additional information:
12/18/2016 8:38:55 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
12/18/2016 8:38:55 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
12/18/2016 8:38:55 PM    mfetp(4352.4904) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280[/mw_shl_code]

DF快递

avast 解压15 kill
右键 8 kill
剩下 27个

XZ8SM7Sx0bVkoUV

火绒

Eset小粉絲

superax 发表于 2016-12-19 09:17
SEP14，还剩下21个，杀掉29个。
AVG，还剩下26个，杀掉24个。

樣本數量是40個喲。。

superax

Eset小粉絲 发表于 2016-12-19 09:33
樣本數量是40個喲。。

立即改正，另外，你ID是ESET，咋用小红伞啊，ESET不用啦？

Eset小粉絲

superax 发表于 2016-12-19 09:34
立即改正，另外，你ID是ESET，咋用小红伞啊，ESET不用啦？

換小紅傘了。

j2016

瑞星杀5，修复2，共7