SpyBanker

显示全部楼层 · 发表于 2017-7-11 18:07:36

本帖最后由 Dolby123 于 2017-7-11 19:34 编辑

https://www.virustotal.com/en/fi ... nalysis/1499767450/

[mw_shl_code=css,true]Avira (no cloud)       TR/Dldr.Banload.rulse       20170711
CrowdStrike Falcon (ML)       malicious_confidence_93% (W)       20170420
Endgame       malicious (moderate confidence)       20170706
ESET-NOD32       a variant of Win32/TrojanDownloader.Banload.YAC       20170711
Ikarus       Win32.Outbreak       20170711
Palo Alto Networks (Known Signatures)       generic.ml       20170711
Rising       Malware.Heuristic!ET#83% (rdm+)       20170711
SentinelOne (Static ML)       static engine - malicious       20170516
TrendMicro-HouseCall       Suspicious_GEN.F47V0711       20170711 [/mw_shl_code]

该样本双击后，下载的zip有问题
[mw_shl_code=css,true]http://2wsiteseguro.com/jacare2k17/showtimee.zip[/mw_shl_code]
解压密码 : 102030

VT :
https://www.virustotal.com/en/fi ... nalysis/1499761803/
[mw_shl_code=css,true]Avira (no cloud)       TR/Spy.Banker.Gen2       20170711
ESET-NOD32       a variant of Win32/Spy.Banker.ADYR       20170711
Rising       Malware.Generic.4!tfe (thunder:VPP0nOgBJDB)       20170711 [/mw_shl_code]

显示全部楼层 · 发表于 2017-7-11 18:28:26

本帖最后由诸葛亮于 2017-7-11 18:29 编辑

显示全部楼层 · 发表于 2017-7-11 18:51:12

显示全部楼层 · 发表于 2017-7-11 19:08:51

显示全部楼层 · 发表于 2017-7-11 19:18:38

火绒扫描miss

显示全部楼层 · 发表于 2017-7-11 22:05:23

fsp掃描未檢出

显示全部楼层 · 发表于 2017-7-11 22:08:31

安天公有云MISS 360MISS

显示全部楼层 · 发表于 2017-7-12 07:05:34

AVA 25.13326
GD 25.9978

*** Process ***

Process: 5680
File name: 8cbed20119362e2f3d0e41c778957889f593b6a355570f4c894c05e6cbcb3be0.exe
Path: c:\users\administrator\desktop\8cbed20119362e2f3d0e41c778957889f593b6a355570f4c894c05e6cbcb3be0.exe

Publisher: Unknown publisher
Creation date: 2017年7月12日 7:04:26
Modification date: 2017年7月11日 18:02:49

Started by: Explorer.EXE
Publisher: Microsoft Windows

*** Actions ***

The cloud server recognized this file and identified it as malicious.

*** Quarantine ***

The following files were moved into quarantine:
C:\Users\Administrator\Desktop\8cbed20119362e2f3d0e41c778957889f593b6a355570f4c894c05e6cbcb3be0.exe

The following registry entries were deleted:

YHLC8HJycnJiYnAqdHJCJycmBrdycnJyYmKQKycIj3LCcsJiYvAuJycnJyYGpysXhjVmLCcXhjVmLCcmBucoJwz3KCcJAA
Rules version: 5.0.148
OS: Windows 10.0 Service Pack 0.0 Build: 14393 - Workstation 64bit OS
dll version: 70613

"C:\Users\Administrator\Desktop\8cbed20119362e2f3d0e41c778957889f593b6a355570f4c894c05e6cbcb3be0.exe"
MD5: B9AAF4FB6F5D0964BCC1E3059F8084A2
C:\Windows\Explorer.EXE
MD5: 679D17F8CDB938C7100D7A647953677E

显示全部楼层 · 发表于 2017-7-12 15:54:47

IDP无任何反应

显示全部楼层 · 发表于 2017-7-12 16:14:11

BDTS

[病毒样本] SpyBanker

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源