收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 【缉毒卫队测试包】第45期 20180519
1234下一页
返回列表 发新帖
楼主: 神龟Turmi
 收起左侧

[病毒样本] 【缉毒卫队测试包】第45期 20180519

  [复制链接]
ziyerain2015
发表于 2018-5-20 10:43:46 | 显示全部楼层
abc277399 发表于 2018-5-20 10:34
我的360杀毒12没杀!其他的杀!

哦,只是看见测试下,我没开红伞
回复

举报

小飞侠.net
发表于 2018-5-20 10:57:01 | 显示全部楼层
本帖最后由 小飞侠.net 于 2018-5-20 11:57 编辑

     X-Sec Antivirus ---(Windows 10 Creators Update(Redstone 4)....1803):

Basic Info:
---------------------
Database Version: 2018.05.09.01
Program Version: [图片]2.1.1.0
Heuristic Engine: Enabled
Cloud Engine: Enabled
Enhanced Mode: Disabled
Backup Before Resolve: Yes
Resolve Threats: Scan only
Scan Priority: Normal
---------------------
Targets:
---------------------
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner
---------------------
2018/05/20 11:50:41 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-10.Backdoor.Farfli.exe.infected.modifed -- [Classic] [图片]Backdoor.Win32.Farfli.Bn
2018/05/20 11:50:58 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-11.Backdoor.NanoCore.exe.infected -- [Cloud] Cloud:Backdoor.Win32.Generic
2018/05/20 11:51:03 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-1.PUP.Amonetize.exe.infected -- [Cloud] Cloud:Adware.Win32.Generic
2018/05/20 11:51:11 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-12.Backdoor.NanoCore.exe.infected.modifed -- [Cloud] Cloud:Backdoor.Win32.Generic
2018/05/20 11:51:25 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-2.PUP.Amonetize.exe.infected.modifed -- [Cloud] Cloud:Adware.Win32.Generic
2018/05/20 11:51:34 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-3.Miner.Affsagjda.exe.infected -- [Cloud] Cloud:Trojan.Win32.CoinMiner
2018/05/20 11:51:34 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-5.Backdoor.Bladabindi.exe.infected -- [Classic] Backdoor.Win32.Bladabindi.A
2018/05/20 11:51:34 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-6.Backdoor.Bladabindi.exe.infected.modifed -- [Classic] Backdoor.Win32.Bladabindi.A
2018/05/20 11:51:48 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed -- [Cloud] Cloud:Trojan.Win32.CoinMiner
2018/05/20 11:51:54 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-7.Backdoor.PasswordStealer.exe.infected -- [Cloud] Cloud:Trojan.Win32.Infostealer
2018/05/20 11:51:55 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-9.Backdoor.Farfli.exe.infected -- [Classic] [图片]Backdoor.Win32.Farfli.Bn
2018/05/20 11:52:02 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-8.Backdoor.PasswordStealer.exe.infected.modifed -- [Cloud] Cloud:Trojan.Win32.Infostealer
     
   瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)   

                瑞星反恶软引擎命令行扫描器(社区交流版)                 


编译于:Sep 22 2017   15:07:50

提示:
  - 本工具供社区交流使用,请勿用于其他用途
  - 本工具没有恶意软件删除、清除、隔离功能
  - 本工具包含开发中的新特性,结果仅供参考

* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180520113448.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner

* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4269
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Sun May 20 11:35:31 2018

{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-5.Backdoor.Bladabindi.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTp53/gbtEoxzTJqm8T4K3nztzRNrA","threat":"Backdoor.MSIL.Bladabindi!1.9E49"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-6.Backdoor.Bladabindi.exe.infected.modifed","infect":{"engine":"rdmk","signature":"cmRtazqeJAO3dW5lwgCeAqTAcBEy","threat":"Malware.Heuristic!ET#95%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-12.Backdoor.NanoCore.exe.infected.modifed","infect":{"engine":"sha1","signature":"c2hhMTotBxRg6WYeZereDCja+d6VjLFg1Q","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-4.Miner.Affsagjda.exe.infected.modifed","infect":{"engine":"rdmk","signature":"cmRtazoVlVs0jBDc+ucuatFqztxG","threat":"Malware.Heuristic!ET#86%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-11.Backdoor.NanoCore.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTrOJCMTUPt/7ZosI9NcYGZ5jxQb7w","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-3.Miner.Affsagjda.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTr4/B2cNbHOsivjEfYTZwet/EJwOw","threat":"Trojan.Win32.Autoit.exb"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-2.PUP.Amonetize.exe.infected.modifed","infect":{"engine":"sha1","signature":"c2hhMTp3yV1LrhBwq7TZr29Bq0aO3PvwPg","threat":"Trojan.StartPage!8.B"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-1.PUP.Amonetize.exe.infected","infect":{"engine":"sha1","signature":"c2hhMToJqjtPedOuAMoPrpaiXM4YaiYKtw","threat":"Trojan.StartPage!8.B"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-9.Backdoor.Farfli.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTr2dRbG5kk0cwYV4dCAElnUurXd/g","threat":"Backdoor.Zegost!8.177"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-10.Backdoor.Farfli.exe.infected.modifed","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-7.Backdoor.PasswordStealer.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTpnepldyNB2xhUnJiPnbiVDt05TFw","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180519CoinMiner\\jdwd180519\\180519-8.Backdoor.PasswordStealer.exe.infected.modifed","infect":{"engine":"sha1","signature":"c2hhMTqMD0uNjzr/EDkR/W3xwQ0wK+mMbg","threat":"Trojan.Kryptik!8.8"},"type":"scan"}

扫描结束: Sun May 20 11:35:32 2018

总扫描耗时: 0:1:165(m:s:ms)
总扫描对象: 12
总扫描文件: 12
总恶意文件: 11
有效检出率: 91.67%



Emsisoft Emergency Kit - 版本 2018.3
上次更新: 2018/5/20 10:42:05
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10x64

Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
    Bitdefender(B)+Emsisoft(A) 双引擎

扫描设置:

扫描方式: 自定义扫描
对象: Rootkits, 内存, C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\

检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off

扫描开始于:        2018/5/20 11:33:39
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed -> (Dropped 0) -> (AutoIT Script) -> (unicode)         发现风险: AIT:Trojan.Nymeria.437 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed -> (Dropped 0) -> Akagi32.exe         发现风险: Trojan.GenericKD.5336103 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-3.Miner.Affsagjda.exe.infected -> (AutoIT r) -> (AutoIT Script) -> (unicode)         发现风险: AIT:Trojan.Nymeria.437 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-3.Miner.Affsagjda.exe.infected -> (AutoIT r) -> Akagi32.exe         发现风险: Trojan.GenericKD.5336103 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-3.Miner.Affsagjda.exe.infected -> (AutoIT r) -> xmrig32.exe         发现风险: Generic.Application.CoinMiner.1.50831F08 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-3.Miner.Affsagjda.exe.infected -> (Dropped 0) -> (AutoIT Script) -> (unicode)         发现风险: AIT:Trojan.Nymeria.437 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-3.Miner.Affsagjda.exe.infected -> (Dropped 0) -> Akagi32.exe         发现风险: Trojan.GenericKD.5336103 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-11.Backdoor.NanoCore.exe.infected         发现风险: Trojan.GenericKDZ.44064 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-12.Backdoor.NanoCore.exe.infected.modifed         发现风险: Trojan.GenericKDZ.44064 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-1.PUP.Amonetize.exe.infected         发现风险: Application.Amonetize.Q (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-10.Backdoor.Farfli.exe.infected.modifed         发现风险: DeepScan:Generic.Rincux2.AFC5B54B (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-2.PUP.Amonetize.exe.infected.modifed         发现风险: Application.Amonetize.Q (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-5.Backdoor.Bladabindi.exe.infected         发现风险: Generic.MSIL.Bladabindi.78C4942C (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-6.Backdoor.Bladabindi.exe.infected.modifed         发现风险: Generic.MSIL.Bladabindi.78C4942C (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-7.Backdoor.PasswordStealer.exe.infected         发现风险: Trojan.GenericKD.30813491 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-8.Backdoor.PasswordStealer.exe.infected.modifed         发现风险: Trojan.GenericKD.30813491 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-9.Backdoor.Farfli.exe.infected         发现风险: DeepScan:Generic.Rincux2.84184404 (B) [krnl.xmd]

已扫描        1866
发现        17

扫描完成后:        2018/5/20 11:34:19
扫描时间:        0:00:40



火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn,等处理中。。。

病毒库:2018-05-19 16:11
开始时间:2018-05-20 10:51
总计用时:00:00:04
扫描对象:144个
扫描文件:12个
发现风险:6个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个

病毒详情

风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-10.Backdoor.Farfli.exe.infected.modifed, 病毒名:Backdoor/Agent.fm, 病毒ID:[3501f06909e79256], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-5.Backdoor.Bladabindi.exe.infected, 病毒名:Backdoor/Bladabindi.l, 病毒ID:[7debbd141a975060], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-6.Backdoor.Bladabindi.exe.infected.modifed, 病毒名:Backdoor/Bladabindi.l, 病毒ID:[7debbd141a975060], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-9.Backdoor.Farfli.exe.infected, 病毒名:Backdoor/Agent.fm, 病毒ID:[3501f06909e79256], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected, 病毒名:HackTool/CoinMiner.a, 病毒ID:[21cb8dc8777aca7], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed, 病毒名:HackTool/CoinMiner.a, 病毒ID:[21cb8dc8777aca7], 处理结果:已忽略

文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519.7z
文件大小: 2.81 MB (2,956,856 字节)
修改时间: 2018年05月20日,10:43:07
MD5: 2735AF3D5955070A62D661436BA55C49
SHA1: EB1570E1788A2197091FF56E5CA82BBC3F343846
SHA256: 575B7D240C7076C145014A673A86A568AF665111647952FB079E01A8586F7B2A
SHA512: DEA9D6F15C17C43919E1FEA767E9857231E7785A6B790B56391A45E71D3DD9E9D0FF2C90DCA8878F6410F02EC106B5DB16C8AFF794ADA0BF0DCBDE7D066F9951
CRC32: B0FEC8BB
计算时间: 0.08s
ESET Smart Security Premium 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):

日志
正在扫描日志
检测引擎的版本: 17409P (20180518)
日期: 2018/5/20  时间: 11:25:29
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-1.PUP.Amonetize.exe.infected - Win32/StartPage.NQH 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-10.Backdoor.Farfli.exe.infected.modifed - Win32/Farfli.BGP 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-11.Backdoor.NanoCore.exe.infected - Win32/Injector.DYBI 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-12.Backdoor.NanoCore.exe.infected.modifed - Win32/Injector.DYBI 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-2.PUP.Amonetize.exe.infected.modifed - Win32/StartPage.NQH 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-3.Miner.Affsagjda.exe.infected > UPX v13_m8 > AUTOIT > Akagi32.exe - Win32/HackTool.UACMe.L 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-3.Miner.Affsagjda.exe.infected > AUTOIT - 正常
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed > UPX v13_m8 > AUTOIT > Akagi32.exe - Win32/HackTool.UACMe.L 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed > AUTOIT - 正常
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-5.Backdoor.Bladabindi.exe.infected - MSIL/Bladabindi.BC 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-6.Backdoor.Bladabindi.exe.infected.modifed - MSIL/Bladabindi.BC 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-7.Backdoor.PasswordStealer.exe.infected - MSIL/Kryptik.NJJ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-8.Backdoor.PasswordStealer.exe.infected.modifed - MSIL/Kryptik.NJJ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180519CoinMiner\jdwd180519\180519-9.Backdoor.Farfli.exe.infected - Win32/Farfli.ARD 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 24
发现的威胁数: 12
已清除对象数: 14
完成时间: 11:26:31  总扫描时间: 62 秒 (00:01:02)

备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。


Dr.Web CureIt! 简体中文绿色免费版---( Windows 7 Ultimate with SP1 简体中文旗舰版....)1803):

-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\207688962 -rpcpr:np

Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519


C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-10.Backdoor.Farfli.exe.infected.modifed - infected with BackDoor.Zegost.595
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-10.Backdoor.Farfli.exe.infected.modifed - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-5.Backdoor.Bladabindi.exe.infected - infected with Trojan.DownLoader18.23007
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-5.Backdoor.Bladabindi.exe.infected - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-6.Backdoor.Bladabindi.exe.infected.modifed - infected with Trojan.DownLoader18.23007
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-6.Backdoor.Bladabindi.exe.infected.modifed - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-9.Backdoor.Farfli.exe.infected - infected with BackDoor.Zegost.595
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-9.Backdoor.Farfli.exe.infected - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-11.Backdoor.NanoCore.exe.infected - infected with Trojan.PWS.Stealer.21240
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-11.Backdoor.NanoCore.exe.infected - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-12.Backdoor.NanoCore.exe.infected.modifed - infected with Trojan.PWS.Stealer.21240
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-12.Backdoor.NanoCore.exe.infected.modifed - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed - packed by UPX
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected - packed by UPX
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-1.PUP.Amonetize.exe.infected - infected with Trojan.DownLoader13.14385
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-1.PUP.Amonetize.exe.infected - infected
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed is AUTOIT container
>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed\Users\MBP\AppData\Local\AutoIt v3\Aut2Exe\aut7457.tmp.tok - packed by ASCRIPT
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-2.PUP.Amonetize.exe.infected.modifed - infected with Trojan.DownLoader13.14385
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-2.PUP.Amonetize.exe.infected.modifed - infected
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected is AUTOIT container
>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected\Users\MBP\AppData\Local\AutoIt v3\Aut2Exe\aut7457.tmp.tok - packed by ASCRIPT
>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed\Users\MBP\Desktop\build\32\run.exe - packed by UPX
>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected\Users\MBP\Desktop\build\32\run.exe - packed by UPX
>>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed\Users\MBP\Desktop\build\32\run.exe is AUTOIT container
>>>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed\Users\MBP\Desktop\build\32\run.exe\Users\MBP\AppData\Local\AutoIt v3\Aut2Exe\aut4EAF.tmp.tok - packed by ASCRIPT
>>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected\Users\MBP\Desktop\build\32\run.exe is AUTOIT container
>>>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected\Users\MBP\Desktop\build\32\run.exe\Users\MBP\AppData\Local\AutoIt v3\Aut2Exe\aut4EAF.tmp.tok - packed by ASCRIPT
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed\Users\MBP\Desktop\build\32\xmrig32.exe - is hacktool program Tool.BtcMine.1464
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-4.Miner.Affsagjda.exe.infected.modifed - infected container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-7.Backdoor.PasswordStealer.exe.infected - infected with Trojan.DownLoader26.39159
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-7.Backdoor.PasswordStealer.exe.infected - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected\Users\MBP\Desktop\build\32\xmrig32.exe - is hacktool program Tool.BtcMine.1464
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-3.Miner.Affsagjda.exe.infected - infected container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-8.Backdoor.PasswordStealer.exe.infected.modifed - infected with Trojan.DownLoader26.39159
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180519\180519-8.Backdoor.PasswordStealer.exe.infected.modifed - infected

Total 8930788 bytes in 12 files scanned (22 objects)
Total 0 files (8 objects) are clean
Total 12 files are infected
Scan time is 00:00:05.034





回复

举报

xique666
头像被屏蔽
发表于 2018-5-20 11:31:55 | 显示全部楼层
火绒全部kill[:28:]
回复

举报

小飞侠.net
发表于 2018-5-20 11:38:18 | 显示全部楼层
xique666 发表于 2018-5-20 11:31
火绒全部kill

也是19号?
回复

举报

心醉咖啡
发表于 2018-5-20 12:16:34 | 显示全部楼层
毒霸
  1. 扫描时间:[2018-05-20 12:15:54]
  2. 扫描用时:[00:00:04]
  3. 扫描类型:自定义查杀
  4. 扫描文件总数:12
  5. 扫描速度:2文件/秒
  6. 发现威胁:8个
  7. 清除威胁:8个
  8. =============================================
  9. [2018-05-20 12:16:12]
  10. 威胁:f:\浏览器下载\jdwd180519\180519-10.backdoor.farfli.exe.infected.modifed
  11. 类型:win32.hack.farfli.al.(kcloud)
  12. 处理方式:删除

  14. [2018-05-20 12:16:12]
  15. 威胁:f:\浏览器下载\jdwd180519\180519-11.backdoor.nanocore.exe.infected
  16. 类型:win32.hack.undef.(kcloud)
  17. 处理方式:删除

  19. [2018-05-20 12:16:12]
  20. 威胁:f:\浏览器下载\jdwd180519\180519-2.pup.amonetize.exe.infected.modifed
  21. 类型:win32.troj.amonetize.em.(kcloud)
  22. 处理方式:删除

  24. [2018-05-20 12:16:12]
  25. 威胁:f:\浏览器下载\jdwd180519\180519-3.miner.affsagjda.exe.infected
  26. 类型:win32.troj.generic_a.a.(kcloud)
  27. 处理方式:删除

  29. [2018-05-20 12:16:12]
  30. 威胁:f:\浏览器下载\jdwd180519\180519-4.miner.affsagjda.exe.infected.modifed
  31. 类型:win32.hacktool.undef.(kcloud)
  32. 处理方式:删除

  34. [2018-05-20 12:16:12]
  35. 威胁:f:\浏览器下载\jdwd180519\180519-5.backdoor.bladabindi.exe.infected
  36. 类型:heur.ssc.1608625.1216.(kcloud)
  37. 处理方式:删除

  39. [2018-05-20 12:16:12]
  40. 威胁:f:\浏览器下载\jdwd180519\180519-6.backdoor.bladabindi.exe.infected.modifed
  41. 类型:heur.ssc.1608625.1216.(kcloud)
  42. 处理方式:删除

  44. [2018-05-20 12:16:12]
  45. 威胁:f:\浏览器下载\jdwd180519\180519-9.backdoor.farfli.exe.infected
  46. 类型:win32.hack.farfli.al.(kcloud)
  47. 处理方式:删除

复制代码
回复

举报

神龟Turmi
 楼主| 发表于 2018-5-20 13:30:40 | 显示全部楼层
aboringman 发表于 2018-5-20 02:40
对于【启发】HEUR报法,修改MD5貌似并不起作用。

他在群里发了图的,一开始是入库杀,改md5之后是启发杀
回复

举报

aboringman
发表于 2018-5-20 13:32:20 | 显示全部楼层
神龟Turmi 发表于 2018-5-20 13:30
他在群里发了图的,一开始是入库杀,改md5之后是启发杀

恩知道了,我理解错误。。。。。。
回复

举报

qwert520
发表于 2018-5-20 14:59:53 | 显示全部楼层
avg 全kill
回复

举报

wangyuhe
发表于 2018-5-20 15:05:09 | 显示全部楼层
norton全杀
回复

举报

ELOHIM
发表于 2018-5-20 20:50:42 | 显示全部楼层

scep 把整个压缩包吃了。。
回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-20 08:57 , Processed in 0.104320 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表