收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 【04.06】#VirusPackage 9x
123下一页
返回列表 发新帖
查看: 2976|回复: 25
收起左侧

[病毒样本] 【04.06】#VirusPackage 9x

[复制链接]
Jerry.Lin
发表于 2018-4-6 21:29:18 | 显示全部楼层 |阅读模式
https://abuaaedugr-my.sharepoint ... Qxq3LfPx6A?e=itJEhl

Malicious URL(Real-World Test)
  1. http://ipool.by/bitrix/css/8/7.scr
  2. http://beenonline.com/WZPYMHd/
  3. http://gangfly.co/sgw
  4. http://216.170.118.12/office/adobe.123
  5. http://216.170.118.12/office/adobe.exe
  6. http://kryptionit.com/wp-includes/images/cyy.exe
  7. http://coastmotorsupply.com/swaveys.exe
  8. http://ijdema.net/bPwS/
复制代码


回复

举报

aboringman
发表于 2018-4-6 21:43:49 | 显示全部楼层
本帖最后由 aboringman 于 2018-4-6 21:46 编辑

ESET:kill all files.

网页拦截1,3,6,8;miss 2,4,5,7。
回复

举报

dongwenqi
发表于 2018-4-6 21:48:14 | 显示全部楼层
本帖最后由 dongwenqi 于 2018-4-6 21:49 编辑

9个样本卡巴全杀
网页第二个miss,第八个打不开网站,其他全部拦截



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

dg1vg4
发表于 2018-4-6 22:15:26 | 显示全部楼层
本帖最后由 dg1vg4 于 2018-4-7 16:53 编辑

瑞星杀毒软件 手动扫描 4个
剩余样本已全部通过上报中心上报

至第二日上午7时,再次手动扫描,发现3个

至下午4时,瑞星将最后的两个样本报了毒。



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

WCMS
发表于 2018-4-6 23:01:46 | 显示全部楼层
SEP 9/9
回复

举报

Agu
发表于 2018-4-6 23:11:28 | 显示全部楼层
本帖最后由 Agu 于 2018-4-7 09:44 编辑

Malwarebytes -
2 - 死連
3/8 - 攔截
其餘網址Miss

掃描7X


(7).exe - Miss VT(15/66):https://www.virustotal.com/#/fil ... e025d56a1/detection
9小時後二掃偵測 -

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

桑德尔
头像被屏蔽
发表于 2018-4-6 23:15:48 | 显示全部楼层
dg1vg4 发表于 2018-4-6 22:15
瑞星杀毒软件 手动扫描 4个
剩余样本已全部通过上报中心上报

现在这货能用了?
回复

举报

dg1vg4
发表于 2018-4-6 23:40:03 | 显示全部楼层
桑德尔 发表于 2018-4-6 23:15
现在这货能用了?

说真的我不知道你这个“这货”和“能用”具体是什么意思。
还请不吝赐教。
回复

举报

欧阳宣
头像被屏蔽
发表于 2018-4-6 23:50:05 | 显示全部楼层
avira
网页链接:网页监控+右键全部检测。其余死链
  1. 04/06/2018,11-42-49        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\swaveys.exe'
  2. 04/06/2018,11-42-49        [INFO]        e:\virus\swaveys.exe
  3. 04/06/2018,11-42-49        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.ppfkm'
  4. 04/06/2018,11-42-50        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\cyy.exe'
  5. 04/06/2018,11-42-50        [INFO]        e:\virus\cyy.exe
  6. 04/06/2018,11-42-50        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.lbxlx'
  7. 04/06/2018,11-42-50        [INFO]        AUC login request succeed.
  8. 04/06/2018,11-42-54        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\adobe.exe'
  9. 04/06/2018,11-42-54        [INFO]        The file 'e:\virus\adobe.exe' was scanned with the Protection Cloud. SHA256 = 0A3DFB7B1A8DD63B0E4C84B9FF800031D40C4A6FED42B1F7D35AE53E3D6D88FE
  10. 04/06/2018,11-42-54        [INFO]        AUC reports URL: http://216.170.118.12/office/adobe.exe as 'Safe'.
  11. 04/06/2018,11-42-54        [INFO]        e:\virus\adobe.exe
  12. 04/06/2018,11-42-54        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.0a3dfb'
  13. 04/06/2018,11-42-55        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\adobe.123'
  14. 04/06/2018,11-42-55        [INFO]        The file 'e:\virus\adobe.123' was scanned with the Protection Cloud. SHA256 = 286285C1F6C55456B8C128F068854163A9CF70AB9BE6990C1C1D446E025D56A1
  15. 04/06/2018,11-42-55        [INFO]        AUC reports URL: http://216.170.118.12/office/adobe.123 as 'Safe'.
  16. 04/06/2018,11-42-55        [INFO]        e:\virus\adobe.123
  17. 04/06/2018,11-42-55        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.286285'
复制代码


样本包:
监控杀23,右键杀掉其余
  1. 04/06/2018,11-48-23        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\virus9x 0406\(1).exe'
  2. 04/06/2018,11-48-23        [INFO]        The file 'e:\virus\virus9x 0406\(1).exe' was scanned with the Protection Cloud. SHA256 = 4DA72551E7CD6C172E366135A7641CEB20FCD44DD64DF3974348062FE632AABF
  3. 04/06/2018,11-48-23        [INFO]        e:\virus\virus9x 0406\(1).exe
  4. 04/06/2018,11-48-23        [INFO]        [DETECTION] file contains 'TR/AD.Nymaim.Y'
  5. 04/06/2018,11-48-23        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\virus9x 0406\(4).exe'
  6. 04/06/2018,11-48-23        [INFO]        The file 'e:\virus\virus9x 0406\(4).exe' was scanned with the Protection Cloud. SHA256 = BC8155531644F246AB5E0FD7B15EF09172B6C759C5EC0DAA577BE107D891DAF6
  7. 04/06/2018,11-48-23        [INFO]        e:\virus\virus9x 0406\(4).exe
  8. 04/06/2018,11-48-23        [INFO]        [DETECTION] file contains 'TR/AD.Fareit.Y'
  9. 04/06/2018,11-48-24        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\virus9x 0406\(5).exe'
  10. 04/06/2018,11-48-24        [INFO]        The file 'e:\virus\virus9x 0406\(5).exe' was scanned with the Protection Cloud. SHA256 = D3AC9F2F4DDE967C2A0745BE48C028E001D98270C795B3EC88064CA581D5F385
  11. 04/06/2018,11-48-24        [INFO]        e:\virus\virus9x 0406\(5).exe
  12. 04/06/2018,11-48-24        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.d3ac9f'
  13. 04/06/2018,11-48-25        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\virus9x 0406\(6).exe'
  14. 04/06/2018,11-48-25        [INFO]        The file 'e:\virus\virus9x 0406\(6).exe' was scanned with the Protection Cloud. SHA256 = D32DEBCBFD6F7C3B016C2E4E4529FBE62A2ACBED3AA637CE74A7B5B8AD215E3B
  15. 04/06/2018,11-48-25        [INFO]        e:\virus\virus9x 0406\(6).exe
  16. 04/06/2018,11-48-25        [INFO]        [DETECTION] file contains 'TR/AD.Inject.Y'
  17. 04/06/2018,11-48-25        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\virus9x 0406\(7).exe'
  18. 04/06/2018,11-48-25        [INFO]        The file 'e:\virus\virus9x 0406\(7).exe' was scanned with the Protection Cloud. SHA256 = 286285C1F6C55456B8C128F068854163A9CF70AB9BE6990C1C1D446E025D56A1
  19. 04/06/2018,11-48-25        [INFO]        AUC reports URL: http://216.170.118.12/office/adobe.123 as 'Safe'.
  20. 04/06/2018,11-48-25        [INFO]        e:\virus\virus9x 0406\(7).exe
  21. 04/06/2018,11-48-25        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.286285'
  22. 04/06/2018,11-48-26        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\virus9x 0406\(8).exe'
  23. 04/06/2018,11-48-26        [INFO]        The file 'e:\virus\virus9x 0406\(8).exe' was scanned with the Protection Cloud. SHA256 = 43086E97829C86EA58BF4726B580CA0992EF5118CBBF6A1807BEF7F4569CFF20
  24. 04/06/2018,11-48-26        [INFO]        e:\virus\virus9x 0406\(8).exe
  25. 04/06/2018,11-48-26        [INFO]        [DETECTION] file contains 'TR/AD.Emotet.43086e'
  26. 04/06/2018,11-48-26        [INFO]        FP reports status 'NO False Positive' for file 'e:\virus\virus9x 0406\(9).exe'
  27. 04/06/2018,11-48-26        [INFO]        The file 'e:\virus\virus9x 0406\(9).exe' was scanned with the Protection Cloud. SHA256 = 0A3DFB7B1A8DD63B0E4C84B9FF800031D40C4A6FED42B1F7D35AE53E3D6D88FE
  28. 04/06/2018,11-48-26        [INFO]        AUC reports URL: http://216.170.118.12/office/adobe.exe as 'Safe'.
  29. 04/06/2018,11-48-26        [INFO]        e:\virus\virus9x 0406\(9).exe
  30. 04/06/2018,11-48-26        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.0a3dfb'

  32. 4/6/2018,11:44:04 [INFO] FP reports status 'NO False Positive' for file 'E:\virus\Virus9x 0406\(2).exe'
  33. 4/6/2018,11:44:04 [DETECTION] Is the TR/Dropper.VB.ppfkm Trojan!
  34.   E:\virus\Virus9x 0406\(2).exe
  35. 4/6/2018,11:44:04 [INFO] FP reports status 'NO False Positive' for file 'E:\virus\Virus9x 0406\(3).exe'
  36. 4/6/2018,11:44:04 [DETECTION] Is the TR/Dropper.VB.lbxlx Trojan!
复制代码

回复

举报

B100D1E55
发表于 2018-4-7 00:03:29 | 显示全部楼层
手动点赞
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-20 05:17 , Processed in 0.133533 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表