楼主: maomaojk
收起左侧

[病毒样本] ●●●●单位新感染的病毒大家都查查●●●●

  [复制链接]
深山红叶
发表于 2018-2-14 10:31:11 | 显示全部楼层
勒索病毒面前,杀软的防护效率接近于零。等到折腾到能查杀了,但后果可能已经产生了,此时只杀掉病毒,文件仍然受到破坏。
毛可多来
发表于 2018-2-18 17:37:23 | 显示全部楼层
基本信息
文件名称:
tpmagentservice.dll
MD5:61c49acb542f5fa5ea9f2efcd534d720
文件类型:DLL
上传时间:2018-02-18 10:56:49
出品公司:Microsoft Corporation
版本:1.0.0.1---6.3.9600.16384
壳或编译器信息:COMPILER:PE+(64)


关键行为
行为描述:进程提权信息
详情信息:
NT AUTHORITY\SYSTEM
行为描述:篡改父进程
详情信息:
Child: svchost.exe, Parent: svchost.exe(True) ---> DllLoader.exe(Fake)


进程行为
行为描述:隐藏窗口创建进程
详情信息:
ImagePath = C:\Windows\system32\schtasks.exe, CmdLine = /Delete /TN "\Microsoft\Windows\UPnP\Services" /F
ImagePath = C:\Windows\system32\sc.exe, CmdLine = stop vmichapagentsrv
ImagePath = C:\Windows\system32\sc.exe, CmdLine = delete vmichapagentsrv
ImagePath = C:\Windows\system32\schtasks.exe, CmdLine = /End /TN "\Microsoft\Windows\Tcpip\TcpipReportingServices"
ImagePath = C:\Windows\system32\schtasks.exe, CmdLine = /Delete /TN "\Microsoft\Windows\Tcpip\TcpipReportingServices" /F
行为描述:创建进程
详情信息:
[0x00000b9c]ImagePath = C:\Windows\System32\regsvr32.exe, CmdLine = Regsvr32.exe c:\users\administrator\appdata\local\%temp%\%temp%\****.dll
[0x00000ba4]ImagePath = C:\Windows\System32\schtasks.exe, CmdLine = /Delete /TN "\Microsoft\Windows\UPnP\Services" /F
[0x00000e50]ImagePath = C:\Windows\System32\conhost.exe, CmdLine = \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
[0x0000077c]ImagePath = C:\Windows\System32\conhost.exe, CmdLine = \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
[0x00000f3c]ImagePath = C:\Windows\System32\sc.exe, CmdLine = stop vmichapagentsrv
[0x0000081c]ImagePath = C:\Windows\System32\conhost.exe, CmdLine = \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
[0x00000b74]ImagePath = C:\Windows\System32\%temp%\****.exe, CmdLine = %temp%\**** --machinereadable -- C:/StaticAnalyze/%temp%\****.exe.json
[0x00000520]ImagePath = C:\Windows\System32\sc.exe, CmdLine = delete vmichapagentsrv
[0x00000c2c]ImagePath = C:\Windows\System32\%temp%\****.exe, CmdLine = %temp%\**** --machinereadable -- C:/07c18980de59b70b44f118fe7e28dc64_Finished.txt
[0x00000d34]ImagePath = C:\Windows\System32\schtasks.exe, CmdLine = /End /TN "\Microsoft\Windows\Tcpip\TcpipReportingServices"
[0x00000734]ImagePath = C:\Windows\System32\conhost.exe, CmdLine = \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
[0x00000938]ImagePath = C:\Windows\System32\schtasks.exe, CmdLine = /Delete /TN "\Microsoft\Windows\Tcpip\TcpipReportingServices" /F
[0x00000cdc]ImagePath = C:\Windows\System32\conhost.exe, CmdLine = \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
行为描述:进程提权信息
详情信息:
NT AUTHORITY\SYSTEM
行为描述:创建本地线程
详情信息:
ProcessId = 2972, ThreadId = 1324.
ProcessId = 3664, ThreadId = 760.
ProcessId = 3664, ThreadId = 3032.
ProcessId = 1916, ThreadId = 1424.
ProcessId = 1916, ThreadId = 3380.
ProcessId = 2276, ThreadId = 3248.
ProcessId = 2276, ThreadId = 956.
ProcessId = 2076, ThreadId = 304.
ProcessId = 2076, ThreadId = 2088.
ProcessId = 3256, ThreadId = 3200.
ProcessId = 3256, ThreadId = 3524.
ProcessId = 3256, ThreadId = 1344.
ProcessId = 2724, ThreadId = 3884.
ProcessId = 2724, ThreadId = 3104.
ProcessId = 460, ThreadId = 2556.
行为描述:篡改父进程
详情信息:
Child: svchost.exe, Parent: svchost.exe(True) ---> DllLoader.exe(Fake)


文件行为
行为描述:创建文件
详情信息:
C:\Windows\System32\NetTraceDiagnostics.ini
行为描述:查找文件
详情信息:
FileName = C:\Windows\IME\Microsoft\\*.*
FileName = C:\Windows\IME\Crypt\\*.*
FileName = C:\Windows\IME\Daps\\*.*
FileName = C:\Windows\SysprepThemes\\*.*
FileName = C:\Windows\system32\SysprepThemes\\*.*


网络行为
行为描述:按名称获取主机地址
详情信息:
GetAddrInfoW: **.0.0.**:128


其他行为
行为描述:检测自身是否被调试
详情信息:
IsDebuggerPresent
行为描述:创建互斥体
详情信息:
{F86E2D648-EF7B-6054-D43FC41}
Local\SessionImmersiveColorMutex
{5EC0AC33D-E23D-C8A2-A92C833}
{CI59C45E-F19A-Z07C-565B17CO}
{6B2089804-F412-CB72-7C027E6}
{3EC1AC33D-E55D-C8A2-A92C822}
DBWinMutex
行为描述:隐藏指定窗口
详情信息:
[Window,Class] = [C:\Windows\system32\Regsvr32.exe,ConsoleWindowClass]
[Window,Class] = [C:\Windows\System32\%temp%\****.exe,ConsoleWindowClass]
行为描述:调整进程token权限
详情信息:
SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
行为描述:打开事件
详情信息:
Global\TermSrvReadyEvent
Global\SvcctrlStartEvent_A3752DX
\KernelObjects\MaximumCommitCondition
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.3256
MSFT.VSA.IEC.STATUS.6c736db0
Local\99b25af4-39cf-4c83-ad07-3c133e6d3135
行为描述:打开互斥体
详情信息:
Local\MSCTF.Asm.MutexDefault0S-1-5-18
CicLoadWinStaService-0x0-3e7$


进程树
  • [url=]schtasks.exe (PID: 0x00000f64)[/url]
    • [url=]conhost.exe 0xffffffff -ForceV1 (PID: 0x0000077c)[/url]
  • [url=]conhost.exe (PID: 0x000008a0)[/url]
  • [url=]werfault.exe (PID: 0x00000d40)[/url]
  • [url=]dllloader.exe (PID: 0x00000b78)[/url]
    • [url=]regsvr32.exe ****.dll (PID: 0x00000b9c)[/url]
      • [url=]schtasks.exe (PID: 0x00000ba4)[/url]
      • [url=]sc.exe (PID: 0x00000f3c)[/url]
      • [url=]sc.exe (PID: 0x00000520)[/url]
      • [url=]schtasks.exe (PID: 0x00000d34)[/url]
      • [url=]schtasks.exe (PID: 0x00000938)[/url]

  • [url=]conhost.exe (PID: 0x00000cb8)[/url]
    • [url=]****.exe **** --machinereadable -- ****.exe.json (PID: 0x00000b74)[/url]


[tr][/tr][/table]

文件分析图谱(PortEx)
基本信息[table=98%]
文件名称:
mssecsvc.exe

MD5:0c694193ceac8bfb016491ffb534eb7c
文件类型:EXE
上传时间:2018-02-18 10:55:22
出品公司:N/A
版本:N/A
壳或编译器信息:COMPILER:Microsoft Visual C++ 6.0

关键行为
行为描述:设置特殊文件夹属性
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\LocalService\Local Settings\History
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5
C:\Documents and Settings\LocalService\Cookies
行为描述:查找PE资源信息
详情信息:
(FindResourceA) hModule = 0x00000000, ResName: , ResType: R
行为描述:创建系统服务
详情信息:
[服务创建成功]: mssecsvc2.0, C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe -m security
行为描述:获取TickCount值
详情信息:
TickCount = 222718, SleepMilliseconds = 2000.
TickCount = 222734, SleepMilliseconds = 2000.
TickCount = 223031, SleepMilliseconds = 2000.
TickCount = 221393, SleepMilliseconds = 50.
TickCount = 223656, SleepMilliseconds = 2000.
TickCount = 222018, SleepMilliseconds = 50.
TickCount = 224281, SleepMilliseconds = 2000.
TickCount = 224593, SleepMilliseconds = 2000.
TickCount = 224906, SleepMilliseconds = 2000.
TickCount = 226218, SleepMilliseconds = 3000.
TickCount = 223284, SleepMilliseconds = 50.
TickCount = 225531, SleepMilliseconds = 2000.
TickCount = 226531, SleepMilliseconds = 3000.
TickCount = 223893, SleepMilliseconds = 50.
TickCount = 224206, SleepMilliseconds = 50.
行为描述:杀掉进程
详情信息:
C:\WINDOWS\tasksche.exe


进程行为
行为描述:隐藏窗口创建进程
详情信息:
ImagePath = , CmdLine = C:\WINDOWS\tasksche.exe /i
行为描述:创建本地线程
详情信息:
TargetProcess: %temp%\****.exe, InheritedFromPID = 2300, ProcessID = 2748, ThreadID = 2784, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2300, ProcessID = 2748, ThreadID = 2788, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2300, ProcessID = 2748, ThreadID = 2792, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2808, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2812, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2816, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2820, StartAddress = 77DC3519, Parameter = 0019EA30
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2824, StartAddress = 77C0A341, Parameter = 003F4B08
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2828, StartAddress = 77C0A341, Parameter = 003F4B98
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2832, StartAddress = 77C0A341, Parameter = 003F4C28
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2860, StartAddress = 77C0A341, Parameter = 003F4C28
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2864, StartAddress = 77C0A341, Parameter = 003F4C28
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2868, StartAddress = 77C0A341, Parameter = 003F4B98
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2888, StartAddress = 77C0A341, Parameter = 003F4B98
TargetProcess: %temp%\****.exe, InheritedFromPID = 652, ProcessID = 2800, ThreadID = 2892, StartAddress = 77C0A341, Parameter = 003F4B98
行为描述:创建新文件进程
详情信息:
[0x00000b50]ImagePath = C:\WINDOWS\tasksche.exe, CmdLine = C:\WINDOWS\tasksche.exe /i
行为描述:杀掉进程
详情信息:
C:\WINDOWS\tasksche.exe


文件行为
行为描述:创建文件
详情信息:
C:\WINDOWS\tasksche.exe
行为描述:创建可执行文件
详情信息:
C:\WINDOWS\tasksche.exe
行为描述:修改文件内容
详情信息:
C:\WINDOWS\tasksche.exe ---> Offset = 0
行为描述:设置特殊文件夹属性
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\LocalService\Local Settings\History
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5
C:\Documents and Settings\LocalService\Cookies
行为描述:查找文件
详情信息:
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\config\systemprofile\Local Settings
FileName = C:\WINDOWS\system32\config\systemprofile
FileName = C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\tasksche.exe


网络行为
行为描述:发送SMB数据包
详情信息:
Cmd: 0x00000072, SOCKET = 0x00000264, IP: **.101.249.**:445
Cmd: 0x00000073, SOCKET = 0x00000264, IP: **.101.249.**:445
Cmd: 0x00000075, SOCKET = 0x00000264, IP: **.101.249.**:445
Cmd: 0x00000025, SOCKET = 0x00000264, IP: **.101.249.**:445
Cmd: 0x00000072, SOCKET = 0x00000278, IP: **.101.249.**:445
Cmd: 0x00000073, SOCKET = 0x00000278, IP: **.101.249.**:445
Cmd: 0x00000075, SOCKET = 0x00000278, IP: **.101.249.**:445
Cmd: 0x00000032, SOCKET = 0x00000278, IP: **.101.249.**:445
行为描述:联网打开网址
详情信息:
InternetOpenUrlA: http://ww****om, hInternet = 0x00cc0004, Flags = 0x84000000
行为描述:连接指定站点
详情信息:
InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x84000000
行为描述:建立到一个指定的套接字连接
详情信息:
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000240
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000238
IP: **.101.249.**:445, SOCKET = 0x00000258
IP: **.101.249.**:445, SOCKET = 0x00000264
IP: **.156.245.**:445, SOCKET = 0x0000026c
IP: **.156.245.**:445, SOCKET = 0x00000278
IP: **.101.249.**:445, SOCKET = 0x00000278
IP: **.104.187.**:445, SOCKET = 0x00000274
IP: **.104.187.**:445, SOCKET = 0x00000280
IP: **.156.245.**:445, SOCKET = 0x00000280
IP: **.156.245.**:445, SOCKET = 0x0000028c
IP: **.101.249.**:445, SOCKET = 0x0000028c
IP: **.104.187.**:445, SOCKET = 0x0000028c
IP: **.55.28.**:445, SOCKET = 0x00000278
IP: **.55.28.**:445, SOCKET = 0x00000294
行为描述:发送HTTP包
详情信息:
GET / HTTP/1.1 Host: ww****om Cache-Control: no-cache
行为描述:按名称获取主机地址
详情信息:
GetAddrInfoW: ww****om


注册表行为
行为描述:修改注册表
详情信息:
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
行为描述:删除注册表键值
详情信息:
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL


其他行为
行为描述:创建互斥体
详情信息:
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述:创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
行为描述:启动系统服务
详情信息:
[服务启动成功]: LocalSystem, Microsoft Security Center (2.0) Service, C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe -m security
行为描述:获取TickCount值
详情信息:
TickCount = 222718, SleepMilliseconds = 2000.
TickCount = 222734, SleepMilliseconds = 2000.
TickCount = 223031, SleepMilliseconds = 2000.
TickCount = 221393, SleepMilliseconds = 50.
TickCount = 223656, SleepMilliseconds = 2000.
TickCount = 222018, SleepMilliseconds = 50.
TickCount = 224281, SleepMilliseconds = 2000.
TickCount = 224593, SleepMilliseconds = 2000.
TickCount = 224906, SleepMilliseconds = 2000.
TickCount = 226218, SleepMilliseconds = 3000.
TickCount = 223284, SleepMilliseconds = 50.
TickCount = 225531, SleepMilliseconds = 2000.
TickCount = 226531, SleepMilliseconds = 3000.
TickCount = 223893, SleepMilliseconds = 50.
TickCount = 224206, SleepMilliseconds = 50.
行为描述:打开事件
详情信息:
HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
行为描述:查找PE资源信息
详情信息:
(FindResourceA) hModule = 0x00000000, ResName: , ResType: R
行为描述:可执行文件签名信息
详情信息:
C:\WINDOWS\tasksche.exe(签名验证: 未通过)
行为描述:调用Sleep函数
详情信息:
[1]: MilliSeconds = 2000.
[2]: MilliSeconds = 3000.
[3]: MilliSeconds = 2000.
[4]: MilliSeconds = 3000.
[5]: MilliSeconds = 50.
[6]: MilliSeconds = 3000.
[7]: MilliSeconds = 2000.
[8]: MilliSeconds = 50.
[9]: MilliSeconds = 3000.
[10]: MilliSeconds = 3000.
行为描述:可执行文件MD5
详情信息:
C:\WINDOWS\tasksche.exe ---> 7f7ccaa16fb15eb1c7399d422f8363e8
行为描述:打开互斥体
详情信息:
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\!IETld!Mutex
Local\c:!documents and settings!localservice!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!localservice!cookies!
Local\c:!documents and settings!localservice!local settings!history!history.ie5!
ShimCacheMutex
行为描述:创建系统服务
详情信息:
[服务创建成功]: mssecsvc2.0, C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe -m security

进程树
  • [url=]****.exe (PID: 0x00000abc)[/url]
    • [url=]tasksche.exe (PID: 0x00000b50)[/url]




文件分析图谱(PortEx)
基本信息
文件名称:
TrustedHostServices.exe
MD5:1e0022c02030f2b4353b583beffbade9
文件类型:EXE
上传时间:2018-02-18 10:56:56
出品公司:N/A
版本:N/A
壳或编译器信息:COMPILER:PE+(64)


进程行为
行为描述:创建本地线程
详情信息:
ProcessId = 2084, ThreadId = 3440.


其他行为
行为描述:打开互斥体
详情信息:
Local\ShimViewer


进程树
  • [url=]****.exe (PID: 0x00000824)[/url]



文件分析图谱(PortEx)










900703
发表于 2018-2-21 18:52:08 | 显示全部楼层
防毒換成Kaspersky應該就可以攔了
Kaspersky用户
发表于 2018-3-3 20:15:25 | 显示全部楼层
红伞全秒,这里面病毒分类齐全啊
cyhujhg000
发表于 2018-3-4 09:47:04 | 显示全部楼层
这是挖矿病毒
funny02
发表于 2018-4-14 11:41:26 | 显示全部楼层
企业还是选择Symantec比较好
HellBoyF
发表于 2018-4-14 12:31:31 | 显示全部楼层
这几个文件都被微步云沙箱判定为恶意,类别有木马,勒索,挖矿。
详细链接地址如下:
https://s.threatbook.cn/report/w ... io_link_id=4PYWr79M
https://s.threatbook.cn/report/w ... io_link_id=a9BBEX9n
https://s.threatbook.cn/report/w ... io_link_id=nRbqrD93
https://s.threatbook.cn/report/w ... io_link_id=QReYrnRq
https://s.threatbook.cn/report/w ... io_link_id=5RpLn6RN
微步在线是中国威胁情报领军企业,也是最早专注于威胁情报领域的创业公司,其中一款产品,云沙箱,通过对样本的静态特征、进程详情、网络行为等动态分析和主流反病毒引擎的静态扫描,将样本的恶意行为呈现出来,同时提供有样本分析和下载功能,欢迎使用,有任何问题,定将及时优化。
HellBoyF
发表于 2018-4-14 12:37:08 | 显示全部楼层
楼主如果再发现有什么可疑的应用程序,不妨传到微步的云沙箱检测一下,如果有什么需求满足不了,定将及时进行优化。云沙箱网址为:https://s.threatbook.cn/
荧光宇
发表于 2018-4-17 18:21:25 | 显示全部楼层
火绒也过!
233333333332
发表于 2018-4-19 13:44:59 | 显示全部楼层
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-25 00:52 , Processed in 0.100262 second(s), 13 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表