1.DOC

Dolby123

https://www.virustotal.com/#/fil ... 13d8d9d45/detection



挂马URL

1. http://www.reinfotechconsultants.com/INFO/Invoice/
   
2. http://www.proresc.ru/Corporation/Invoice-number-199318512/
   
3. http://www.xmedyam.com/Document/Invoice/
   
4. http://www.aguiabrasilr.com.br/scan/New-invoice-0806260/
   
5. http://www.thecheaperway.com/plugins/xerox/Invoice-number-8143611370/
   
6. www.gogopackersandmovers.com/INFO/New-invoice-808426/
   
7. http://www.platfprze.katowice.pl/xbiret/xerox/Invoice/
   
8. http://www.chothuemc.vn/DOC/Invoice/
   
9. http://www.avcilarmatbaa.net/INFO/Invoice/
   
10. http://www.texfit.com.au/Document/New-invoice-6755715/
    
11. http://www.vvw1.com/Corporation/Invoice/
    
12. http://www.ikitelliklimaservisi.com/DOC/New-invoice-118922
    
13. http://www.sunenv.com/FILE/Invoice-number-8878593857/
    
14. http://www.esenyurtnikahsekeri.com/scan/New-invoice-622396/
    
15. www.stylishpatron.com/Document/Invoice/
    
16. http://www.magnesium.com/swf/Download/Invoice/
    
17. www.esenyurtnikahsekeri.com/scan/New-invoice-622396/
    
18. www.magnesium.com/swf/Download/Invoice/
    
19. chothuemc.vn/DOC/Invoice/
    
20. apt.af/scan/Invoice-number-52875232/
    
21. http://www.lospajaros.cl/FILE/Invoice/
    
22. http://www.fmazar.ir/xerox/Invoice-number-007967
    
23. http://www.robsbrickwork.co.uk/Document/New-invoice-3799881/
    
24. http://www.fmazar.ir/xerox/Invoice-number-007967/
    
25. http://www.gogopackersandmovers.com/INFO/New-invoice-808426/
    
26. http://www.graffitiuk.com/xerox/Invoice-number-1305821308/
    
27. http://www.apt.af/scan/Invoice-number-52875232/
    
28. www.aguiabrasilr.com.br/scan/New-invoice-0806260/
    
29. http://www.gearonic.com/Corporation/Invoice-number-9338498/
    
30. http://www.snowlike.xyz/DOC/New-invoice-39327056/
    
31. http://www.squeezemywebsite.com/DOC/New-invoice-419155/
    
32. http://www.conteudo.acaogerencial.com.br/Document/Invoice/
    
33. http://www.shambhu.in/scan/Invoice/
    
34. http://www.adelina-55.ru/FILE/New-invoice-513698/
    
35. www.vvw1.com/Corporation/Invoice/
    
36. http://www.d-centr.com/xerox/Invoice/
    
37. www.texfit.com.au/Document/New-invoice-6755715/
    
38. www.msk-gnb.ru/DOC/Invoice-number-61259877/

复制代码

DF快递

avast kil

j2016

过eav扫描
双击拦截了地址

aboringman

KIS：扫描不报，双击并启用宏阻止【仅阻止CMD的启动】。

28.11.2017 14.23.05;

检测到恶意软件;

PDM:Exploit.Win32.Generic;

Windows Command Processor;

c:\program files (x86)\microsoft office\root\office16\winword.exe;

11/28/2017 14:23:05

桑德尔

红伞 Miss

Jerry.Lin

火绒MISS

今日更新后特征杀

1. 病毒库：2017/11/28 16:05
   
2. 开始时间：2017/11/28 23:07
   
3. 总计用时：00:00:00
   
4. 扫描对象：1个
   
5. 扫描文件：1个
   
6. 发现风险：1个
   
7. 已处理风险：1个
   
8. 发现系统修复项：0个
   
9. 处理系统修复项：0个
   
10. 
    
11. 病毒详情
    
12. 
    
13. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Invoice #8855778611\Invoice #8855778611.doc, 病毒名：Trojan/Generic!C62E40760245E9D7, 病毒ID：[c62e40760245e9d7], 处理结果：已处理
    

复制代码

RUAOT

wd解压杀

心醉咖啡

360

bambooslip

安天 miss

景云 miss【已经收集上报】
ID编号：LJ20171128202603

zst470396853

360