【05.19】#VirusPackage 6x

Jerry.Lin

https://abuaaedugr-my.sharepoint ... v_DojYaO0w?e=2Sx8ra

saleniy35

KIS 6/6

petr0vic

HitmanPro
6/6

1.    C:\Users\User\Desktop\6\(1).exe
   
2.       Size . . . . . . . : 88 576 bytes
   
3.       Age  . . . . . . . : 0.0 days (2018-05-19 11:26:22)
   
4.       Entropy  . . . . . : 7.0
   
5.       SHA-256  . . . . . : 69F7822CAC20A27C4FE955C0864A9FE9B3798F54F39AC3EBDBA12B0AB4A9CDBD
   
6.       Product  . . . . . : Mir
   
7.       Publisher  . . . . : Mirinda Ltd
   
8.       Description  . . . : Mirinda
   
9.       Version  . . . . . : 1,0,0,6
   
10.       LanguageID . . . . : 1033
    
11.     > Bitdefender  . . . : Gen:Variant.Graftor.490501
    
12. 
    
13.    C:\Users\User\Desktop\6\(2).exe
    
14.       Size . . . . . . . : 142 848 bytes
    
15.       Age  . . . . . . . : 0.0 days (2018-05-19 11:26:22)
    
16.       Entropy  . . . . . : 7.0
    
17.       SHA-256  . . . . . : 47731282F8435F8B8778A60FEDD0360C576CD35B3C7324731F16FF4CE33F39EC
    
18.     > Kaspersky  . . . . : Trojan-Banker.Win32.Emotet.aolv
    
19. 
    
20.    C:\Users\User\Desktop\6\(3).exe
    
21.       Size . . . . . . . : 1 754 872 bytes
    
22.       Age  . . . . . . . : 0.0 days (2018-05-19 11:26:22)
    
23.       Entropy  . . . . . : 7.3
    
24.       SHA-256  . . . . . : DECEE31154E9BE6E454AE12657364ECF488D19906E143D6421A6FC6F6B9F3C53
    
25.       Product  . . . . . : Catalyst Control Center
    
26.       Publisher  . . . . : Advanced Micro Devices Inc.
    
27.       Description  . . . : Catalyst Control Centre: Command Line Interface
    
28.       Version  . . . . . : 4.5.0.0
    
29.       RSA Key Size . . . : 2048
    
30.       LanguageID . . . . : 0
    
31.       Authenticode . . . : Valid
    
32.     > Bitdefender  . . . : Trojan.GenericKD.30818653
    
33.     > Kaspersky  . . . . : HEUR:Trojan.MSIL.Generic
    
34. 
    
35.    C:\Users\User\Desktop\6\(4).exe
    
36.       Size . . . . . . . : 1 078 272 bytes
    
37.       Age  . . . . . . . : 0.0 days (2018-05-19 11:26:19)
    
38.       Entropy  . . . . . : 6.6
    
39.       SHA-256  . . . . . : ED81E1287CC010FB2E518CFF93F3512092E78EB8B9DEE17C217FF9DA97A3F9BB
    
40.     > Bitdefender  . . . : Gen:Variant.Strictor.159983
    
41.     > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
    
42. 
    
43.    C:\Users\User\Desktop\6\(5).exe
    
44.       Size . . . . . . . : 1 899 768 bytes
    
45.       Age  . . . . . . . : 0.0 days (2018-05-19 11:26:22)
    
46.       Entropy  . . . . . : 7.3
    
47.       SHA-256  . . . . . : 17AFCBB091442BB609220B6470BAA5FE772F4FD4164692F446743BF58C5D024F
    
48.       Product  . . . . . : Catalyst® Control Center
    
49.       Publisher  . . . . : Advanced Micro Devices, Inc.
    
50.       Description  . . . : Catalyst® Control Center Launcher
    
51.       Version  . . . . . : 3.5.0.0
    
52.       Copyright  . . . . : © 2015 Advanced Micro Devices, Inc.
    
53.       RSA Key Size . . . : 2048
    
54.       LanguageID . . . . : 1033
    
55.       Authenticode . . . : Valid
    
56.     > Kaspersky  . . . . : Trojan.MSIL.Crypt.gtbm
    
57. 
    
58.    C:\Users\User\Desktop\6\(6).exe
    
59.       Size . . . . . . . : 8 508 304 bytes
    
60.       Age  . . . . . . . : 0.0 days (2018-05-19 11:26:22)
    
61.       Entropy  . . . . . : 0.9
    
62.       SHA-256  . . . . . : F9E364AE5C4CB35B58B626B73263DFC29826756ABFC8F33BDE28CC15CC0F0A4D
    
63.       Product  . . . . . : FRC Browser
    
64.       Publisher  . . . . : FRWeb Inc.
    
65.       Description  . . . : RFBrowser Online Installer
    
66.       Version  . . . . . : 7.00.0185
    
67.       Copyright  . . . . : Copyright 2008. All rights reserved.
    
68.       RSA Key Size . . . : 2048
    
69.       LanguageID . . . . : 1033
    
70.       Authenticode . . . : Invalid
    
71.     > Kaspersky  . . . . : Backdoor.Win32.Androm.pwpu

复制代码

Dust-;羅錠

saleniy35 发表于 2018-5-19 16:29
KIS 6/6

修改MD5之后，1、2、6都可算是过了卡巴的入库特征。

fungzx

ESET全杀

Luca.l

MSE 3x

Jerry.Lin

MISS 1.EXE

1. 2018/5/19, 17:07:46 [Real-Time Protection] Malware found
   
2.         The pattern of 'DR/AutoIt.Gen8 [dropper]'
   
3.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(4).exe'.
   
4.         Action performed: Delete file
   
5.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
   
6. 
   
7. 2018/5/19, 17:07:31 [Real-Time Protection] Malware found
   
8.         The pattern of 'TR/Dropper.MSIL.tnwcq [trojan]'
   
9.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(3).exe'.
   
10.         Action performed: Delete file
    
11.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
12. 
    
13. 2018/5/19, 17:07:30 [Real-Time Protection] Malware found
    
14.         The pattern of 'TR/Dropper.MSIL.tnwcq [trojan]'
    
15.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(3).exe'.
    
16.         Action performed: Delete file
    
17.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
18. 
    
19. 2018/5/19, 17:07:30 [Real-Time Protection] Malware found
    
20.         The pattern of 'TR/Kryptik.nutiz [trojan]'
    
21.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(6).exe'.
    
22.         Action performed: Delete file
    
23.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
24. 
    
25. 2018/5/19, 17:07:30 [Real-Time Protection] Malware found
    
26.         The pattern of 'TR/Kryptik.nutiz [trojan]'
    
27.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(6).exe'.
    
28.         Action performed: Delete file
    
29.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
30. 
    
31. 2018/5/19, 17:07:29 [Real-Time Protection] Malware found
    
32.         The pattern of 'TR/Kryptik.nutiz [trojan]'
    
33.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(6).exe'.
    
34.         Action performed: Delete file
    
35.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
36. 
    
37. 2018/5/19, 17:07:29 [Real-Time Protection] Malware found
    
38.         The pattern of 'TR/Kryptik.nutiz [trojan]'
    
39.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(6).exe'.
    
40.         Action performed: Delete file
    
41.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
42. 
    
43. 2018/5/19, 17:07:29 [Real-Time Protection] Malware found
    
44.         The pattern of 'TR/Dropper.MSIL.bnxjv [trojan]'
    
45.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(5).exe'.
    
46.         Action performed: Delete file
    
47.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
48. 
    
49. 2018/5/19, 17:07:28 [Real-Time Protection] Malware found
    
50.         The pattern of 'TR/Crypt.ZPACK.mchoh [trojan]'
    
51.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus6x 0519\(2).exe'.
    
52.         Action performed: Delete file
    
53.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
54. 
    

复制代码

aboringman

Dust-;羅錠 发表于 2018-5-19 16:34
修改MD5之后，1、2、6都可算是过了卡巴的入库特征。

1改完之后被启发，killed.

HEUR:Trojan.Win32.Generic

2，6等待双击。

2，6实机双击，SW双杀。

(6).exe：PDM:Trojan.Win32.Generic;其他恶意软件

(2).exe：PDM:Trojan.Win32.Generic;其他恶意软件

6网页拦截还拦截了一个网址

1. http://vopspyder.website/jimms/panel/five/fre.php;网址列于恶意网址数据库中;C:\Users\Killer\Desktop\Threat Test\(6).exe

复制代码

祭丿祀

191196846 发表于 2018-5-19 17:10
MISS 1.EXE

微点双击啊

Dust-;羅錠

aboringman 发表于 2018-5-19 17:39
1改完之后被启发，killed.

HEUR:Trojan.Win32.Generic

行为能杀就好，就是不知道为什么卡巴有些特征这么容易就过了。