收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 VT检测率 1/67,有没有大佬来个行为分析
12
返回列表 发新帖
楼主: ak666
 收起左侧

[可疑文件] VT检测率 1/67,有没有大佬来个行为分析

[复制链接]
景圣临
发表于 2017-11-5 12:45:28 | 显示全部楼层
TU.exe是Total Uninstall...

LZ的版本哪下的?
回复

举报

KevinYu0504
发表于 2017-11-5 17:29:14 | 显示全部楼层
会不会是误报 ?

VT 刚刚我按下重新扫描,
目前全都是零检出了 ~

https://virustotalcloud.appspot.com/nui/index.html#/file/44ba84d6193b2b15c18146af05da336049e883f413df313fc2b7570d77f3353d/detection
回复

举报

ak666
 楼主| 发表于 2017-11-5 18:14:58 | 显示全部楼层
本帖最后由 ak666 于 2017-11-5 18:21 编辑
KevinYu0504 发表于 2017-11-5 17:29
会不会是误报 ?

VT 刚刚我按下重新扫描,

之前有个叫什么eGambit什么的报毒,就他一个。现在看来是没问题了,用破解软件,心里总是不踏实。。
用ssf,总是监控到要键盘记录。。===============================
  1. Filename: Tu.exe
  2. Threat name: SONAR.AM.C!g3Full Path: c:\program files\total uninstall 6\tu.exe

  4. ____________________________

  6. ____________________________


  9. On computers as of
  10. 2017/11/5 at 18:16:52

  12. Last Used
  13. 2017/11/5 at 18:16:52

  15. Startup Item
  16. No

  18. Launched
  19. Yes

  21. SONAR Protection monitors for suspicious program activity on your computer.


  24. ____________________________


  27. Tu.exe Threat name: SONAR.AM.C!g3
  28. Locate


  31. Few Users
  32. Fewer than 100 users in the Norton Community have used this file.

  34. New
  35. This file was released 14 days ago.

  37. High
  38. This file risk is high.


  41. ____________________________


  44. Source: External Media

  46. Source File:
  47. tu.exe

  49. ____________________________

  51. System Settings Actions

  53. Event: Process start (Performed by c:\program files\total uninstall 6\tu.exe, PID:1772) No fix attempted
  54. Event: Process start: c:\program files\total uninstall 6\ Tu.exe, PID:1772 (Performed by c:\program files\total uninstall 6\tu.exe, PID:1772) No fix attempted
  55. Event: Process start (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  56. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG:mcsmetwu (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  57. \REGISTRY\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG:tupnhdxm (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  58. c:\programdata\Martau\total uninstall 6\ monitored programs.folders (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  59. Event: Process start: c:\Windows\System32\windowspowershell\v1.0\ powershell.exe, PID:3372 (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  60. c:\users\27526\appdata\local\temp\ __psscriptpolicytest_4lrvd2lt.n23.ps1 (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  61. c:\users\27526\appdata\local\temp\ __psscriptpolicytest_coh1njsr.rha.psm1 (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  62. c:\users\27526\appdata\local\temp\ tul8a31.tmp (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  63. c:\Users\27526\AppData\Local\microsoft\Windows\powershell\ startupprofiledata-noninteractive (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  64. Event: Process start: c:\Windows\System32\windowspowershell\v1.0\ powershell.exe, PID:9828 (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  65. c:\programdata\Martau\total uninstall 6\ installed programs2.cache (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  66. c:\users\27526\appdata\local\temp\ __psscriptpolicytest_gdlvx3ut.x1m.ps1 (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  67. c:\users\27526\appdata\local\temp\ __psscriptpolicytest_caotiay1.x3r.psm1 (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  68. Event: Process start: c:\program files (x86)\Tencent\QQPinyin\5.6.4107.400\ qqpyservice.exe, PID:9800 (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  69. c:\programdata\Martau\total uninstall 6\ installed programs3.cache (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  70. c:\programdata\Martau\total uninstall 6\ installed programs.folders (Performed by c:\program files\total uninstall 6\tu.exe, PID:4512) No fix attempted
  71. ____________________________


  74. File Thumbprint - SHA:
  75. 44ba84d6193b2b15c18146af05da336049e883f413df313fc2b7570d77f3353d
  76. File Thumbprint - MD5:
  77. Not available
复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

ak666
 楼主| 发表于 2017-11-5 18:23:08 | 显示全部楼层
景圣临 发表于 2017-11-5 12:45
TU.exe是Total Uninstall...

LZ的版本哪下的?

叫什么海心的下载站
回复

举报

歌德塔大蜘蛛
发表于 2017-11-5 18:54:35 | 显示全部楼层
ak666 发表于 2017-11-5 18:23
叫什么海心的下载站

心海,烈火的网站。我的winrar就是用的他的版本
回复

举报

ak666
 楼主| 发表于 2017-11-5 19:00:38 | 显示全部楼层
歌德塔大蜘蛛 发表于 2017-11-5 18:54
心海,烈火的网站。我的winrar就是用的他的版本

那看来稳了。。果断加了sonar信任
回复

举报

景圣临
发表于 2017-11-6 00:00:16 | 显示全部楼层
我知道的TU可信的破解只有一个,是国外remek002大神做的

你的是谁破解的?
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-11-1 04:36 , Processed in 0.105288 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表