【掛馬樣本】sub.exe VT(7/56) #Cerber

Agu

掛馬網址：totalwellbeing.com.au/wp-includes/images/wlw/sub.exe

VT(7/56)：https://www.virustotal.com/en/fi ... nalysis/1485425763/

Deepviz行為分析：
https://sandbox.deepviz.com/repo ... 4974904d8d23114c3c/

樣本載點(SHA256前六碼676AF0，密碼infected)：
百度雲盤-http://pan.baidu.com/s/1mhXLe7e (提取碼：ihzk)

測試：
Zemana - Miss

tomochan

心醉咖啡

毒霸
[mw_shl_code=css,true]扫描时间：[2017-01-26 18:29:58]
扫描用时：[00:00:03]
扫描类型：自定义查杀
扫描文件总数：10
扫描速度：2文件/秒
发现威胁：1个
清除威胁：1个
=============================================
[2017-01-26 18:30:11]
威胁：f:\浏览器下载\malware@676af0\sub.exe/<a:nsis>/sub/<a:nsis>/ﾕ\ambroid.dll
类型：win32.troj.undef.(kcloud)
处理方式：删除

[/mw_shl_code]

275751198

360报QVM

784696777

卡巴斯基安全软件
拒绝访问
无法提供所请求的网址

网址:

http://totalwellbeing.com.au/wp-includes<...>

已被网页反病毒阻止

原因: 危险网址

如果您认为该网页被错误地阻止, 请单击此处。

检测方法: 云保护
消息生成日期: 18:35:43

fireherman

ESET:

地址 blocked




文件 miss，Live Grid [未收录/已上报]

VIPRE:扫描miss,双击,AP拦截

嘉新

ESET打开弹出90多条病毒，主文件被删，弹出窗口点了阻止，文件被加密

嘉新

嘉新 发表于 2017-1-26 19:37
ESET打开弹出90多条病毒，主文件被删，弹出窗口点了阻止，文件被加密

应该是大部分被加密

Eset小粉絲

Warning
The URL you tried to visit was identified as a dangerous website. View more details here. If you trust this page, you can remove the block.
Requested URL:

hxxp://totalwellbeing.com.au/wp-includes/images/wlw/sub.exe
Category/categories:

Malware
Want to know more about this threat? Ask the community or get live help on Avira Answers.


[mw_shl_code=css,true]
Type:        File
Source:        C:\Users\Ivan\Downloads\sub.exe
Status:        Infected
Quarantine object:        7a202eb8.qua
Restored:        NO
Uploaded to Avira:        NO
Operating system:        Windows XP/VISTA Workstation/Windows 7
Search engine:        8.03.42.156
Virus definition file:        8.12.150.28
Detection:        TR/Dropper.676af0 (Cloud)
Date/Time:        26/1/2017, 20:39[/mw_shl_code]