【12.22】#VirusPackage 5x

Jerry.Lin

https://abuaaedugr-my.sharepoint ... 86aaa4ca112eb2f08a3

Malicious URL（Real-World Test）
欢迎直接使用恶意链接进行测试，模拟从访问下载执行全过程，能够较好反应杀软在实际情况下的防御能力。

1. http://eagleepicsocks.com/jk/jkeq.exe
   
2. http://www.rdpassistance.com/PuaneYDG??AxUBFAApVWk=AxUBFAApVWk
   
3. http://homerbongasi.com/pvideo.exe
   
4. http://www.multifunctionaltechnology.com/St65fdfTG
   
5. http://ktm24.pw/ttpot.exe

复制代码

Dolby123

网页url 4/5





==============================

解压
3/5


剩余双击kill 2x



总结 : all kill

你看我头像

KIS拦截全部URL：


Mcafee WebAdvisor拦截4个URL：








下载解压KIS清空：
(1).exe  HEUR:Trojan.Win32.Generic
(2).EXE  Trojan-Banker.Win32.Jimmy.ma

(3).exe  Trojan-Banker.Win32.Shiotob.wmg

(4).EXE  UDS:Trojan-Dropper.Win32.Injector.sb

(5).exe  Backdoor.Win32.Androm.otgg

lycys

解压后诺顿自动防护kill 1.2.5 右键kill3.4  all防护

lycys

瑞星杀毒软件付费版kill 1，2，3。   4，5双击后与瑞星在进程中共存

zst470396853

卡巴

1



2



3



4




5  好像失效了

aboringman

KAV：kill all files.

1.exe：HEUR:Trojan.Win32.Generic

2.EXE：Trojan-Banker.Win32.Jimmy.ma

3.exe：Trojan-Banker.Win32.Shiotob.wmg

4.EXE：UDS:Trojan-Dropper.Win32.Injector.sb

5.exe：Backdoor.Win32.Androm.otgg

猥琐大叔

bbs2811125

avira 清空

1. 12/22/2017,13-05-32        [INFO]        d:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(1).exe
   
2. 12/22/2017,13-05-32        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.cdujr'
   
3. 12/22/2017,13-05-33        [INFO]        repair.rdf loaded (version: 1.0.36.0)
   
4. 12/22/2017,13-05-33        [INFO]        FP reports status 'NO False Positive' for file 'd:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(2).EXE'
   
5. 12/22/2017,13-05-33        [INFO]        d:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(2).EXE
   
6. 12/22/2017,13-05-33        [INFO]        [DETECTION] file contains 'TR/Crypt.Xpack.ejovu'
   
7. 12/22/2017,13-05-33        [INFO]        FP reports status 'NO False Positive' for file 'd:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(3).exe'
   
8. 12/22/2017,13-05-33        [INFO]        d:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(3).exe
   
9. 12/22/2017,13-05-33        [INFO]        [DETECTION] file contains 'TR/Crypt.Xpack.vknuc'
   
10. 12/22/2017,13-05-38        [INFO]        Successful Cloud SDK initialization and license check.
    
11. 12/22/2017,13-05-38        [INFO]        The file 'd:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(4).EXE' was scanned with the Protection Cloud. SHA256 = 615D7BDDD51740FB8C73D6CC18532328727AE87837649CD39E84CF6CE99A070A
    
12. 12/22/2017,13-05-38        [INFO]        d:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(4).EXE
    
13. 12/22/2017,13-05-38        [INFO]        [DETECTION] file contains 'HEUR/APC'
    
14. 12/22/2017,13-05-39        [INFO]        The file 'd:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(5).exe' was scanned with the Protection Cloud. SHA256 = EE189C9254B362D685B6FF2404702BBCC2156CB14C36B50621BB9B9E9BD58050
    
15. 12/22/2017,13-05-39        [INFO]        d:\搜狗高速下载\virus 5x 1222\virus 5x 1222\(5).exe
    
16. 12/22/2017,13-05-39        [INFO]        [DETECTION] file contains 'HEUR/APC'

复制代码

XZ8SM7Sx0bVkoUV

火绒

tianjicai1

趋势科技，解压kill（3），运行kill（1、5），阻止（2、4）。all 防护

cloud01

其实关键在于防浏览器劫持，这种网站谁没事能找的到？欢迎大家提供防劫持办法！

ELOHIM

wiep kill all