【05.31】#VirusPackage 10x + Modified Samples

bbs2811125

ESET 05 31 18:52

Samples(9/10) + M(8/10) = Total(17/20) 就是那么自信

1. Version of detection engine: 17474P (20180531)
   
2. Date: 2018/5/31  Time: 18:52:19
   
3. Scanned disks, folders and files: D:\搜狗高速下载\Virus10x 0531
   
4. D:\搜狗高速下载\Virus10x 0531\Modified Samples\(1).exe - Win32/TrojanDownloader.Delf.CKU trojan - cleaned by deleting [1]
   
5. D:\搜狗高速下载\Virus10x 0531\Modified Samples\(10).exe - a variant of Win32/Kryptik.GHGF trojan - cleaned by deleting [1]
   
6. D:\搜狗高速下载\Virus10x 0531\Modified Samples\(2).exe - a variant of Win32/GenKryptik.CBFI trojan - cleaned by deleting [1]
   
7. D:\搜狗高速下载\Virus10x 0531\Modified Samples\(4).exe - a variant of Win32/Injector.DYIH trojan - cleaned by deleting [1]
   
8. D:\搜狗高速下载\Virus10x 0531\Modified Samples\(5).exe - a variant of Win32/Injector.DYIH trojan - cleaned by deleting [1]
   
9. D:\搜狗高速下载\Virus10x 0531\Modified Samples\(6).exe - a variant of Win32/Injector.DYIF trojan - cleaned by deleting [1]
   
10. D:\搜狗高速下载\Virus10x 0531\Modified Samples\(7).exe - a variant of Win32/Injector.DYHL trojan - cleaned by deleting [1]
    
11. D:\搜狗高速下载\Virus10x 0531\Modified Samples\(9).exe - a variant of Win32/Kryptik.GHGF trojan - cleaned by deleting [1]
    
12. D:\搜狗高速下载\Virus10x 0531\Samples\(1).exe - Win32/TrojanDownloader.Delf.CKU trojan - cleaned by deleting [1]
    
13. D:\搜狗高速下载\Virus10x 0531\Samples\(10).exe - a variant of Win32/Kryptik.GHGF trojan - cleaned by deleting [1]
    
14. D:\搜狗高速下载\Virus10x 0531\Samples\(2).exe - a variant of Win32/GenKryptik.CBFI trojan - cleaned by deleting [1]
    
15. D:\搜狗高速下载\Virus10x 0531\Samples\(3).exe - MSIL/Spy.Agent.AUS trojan - cleaned by deleting [1]
    
16. D:\搜狗高速下载\Virus10x 0531\Samples\(4).exe - a variant of Win32/Injector.DYIH trojan - cleaned by deleting [1]
    
17. D:\搜狗高速下载\Virus10x 0531\Samples\(5).exe - a variant of Win32/Injector.DYIH trojan - cleaned by deleting [1]
    
18. D:\搜狗高速下载\Virus10x 0531\Samples\(6).exe - a variant of Win32/Injector.DYIF trojan - cleaned by deleting [1]
    
19. D:\搜狗高速下载\Virus10x 0531\Samples\(7).exe - a variant of Win32/Injector.DYHL trojan - cleaned by deleting [1]
    
20. D:\搜狗高速下载\Virus10x 0531\Samples\(9).exe - a variant of Win32/Kryptik.GHGF trojan - cleaned by deleting [1]
    
21. Number of scanned objects: 20
    
22. Number of threats found: 17
    
23. Number of cleaned objects: 17
    
24. Time of completion: 18:52:30  Total scanning time: 11 sec (00:00:11)

复制代码

剩余样本SEP全杀，大杀器就是大杀器不服不行

心醉咖啡

毒霸扫描miss

Jerry.Lin

ELOHIM 发表于 2018-5-31 17:35
SCEP 05 31 17:28

Samples(1/10) + M(2/10) = Total(3/20)

你仔细看看pal大写的

Jerry.Lin

K7 05 31 19:39
Samples(2/10) + M(2/10) = Total(4/20)

ELOHIM

191196846 发表于 2018-5-31 19:27
你仔细看看pal大写的

只有第一行有大写字母啊？没看懂啊。。

求明示。

搞的我的网都断了。。。

到底是怎么回事啊。。求PM。

Jerry.Lin

AVIRA

新启发技术效果不错呀

Samples(10/10) + M(10/10) = Total(20/20)

1. 2018/5/31, 20:37:35 [Real-Time Protection] Malware found
   
2.         The pattern of 'TR/Crypt.XPACK.Gen (Cloud) [TR/Crypt.XPACK.Gen]'
   
3.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(9).exe'.
   
4.         Action performed: Delete file
   
5.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
   
6. 
   
7. 2018/5/31, 20:37:20 [Real-Time Protection] Malware found
   
8.         The pattern of 'TR/Crypt.XPACK.ae6a28 (Cloud) [TR/Crypt.XPACK.ae6a28]'
   
9.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(10).exe'.
   
10.         Action performed: Delete file
    
11.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
12. 
    
13. 2018/5/31, 20:37:03 [Real-Time Protection] Malware found
    
14.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
    
15.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(8).exe'.
    
16.         Action performed: Delete file
    
17.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
18. 
    
19. 2018/5/31, 20:36:48 [Real-Time Protection] Malware found
    
20.         The pattern of 'DR/Delphi.f15f87 (Cloud) [DR/Delphi.f15f87]'
    
21.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(6).exe'.
    
22.         Action performed: Delete file
    
23.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
24. 
    
25. 2018/5/31, 20:36:31 [Real-Time Protection] Malware found
    
26.         The pattern of 'HEUR/AGEN.1014677 [heuristic]'
    
27.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(5).exe'.
    
28.         Action performed: Delete file
    
29.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
30. 
    
31. 2018/5/31, 20:36:28 [Real-Time Protection] Malware found
    
32.         The pattern of 'HEUR/AGEN.1014677 [heuristic]'
    
33.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(4).exe'.
    
34.         Action performed: Delete file
    
35.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
36. 
    
37. 2018/5/31, 20:36:24 [Real-Time Protection] Malware found
    
38.         The pattern of 'TR/ATRAPS.Gen [trojan]'
    
39.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(3).exe'.
    
40.         Action performed: Delete file
    
41.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
42. 
    
43. 2018/5/31, 20:36:09 [Real-Time Protection] Malware found
    
44.         The pattern of 'TR/Crypt.XPACK.Gen (Cloud) [TR/Crypt.XPACK.Gen]'
    
45.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(2).exe'.
    
46.         Action performed: Delete file
    
47.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
48. 
    
49. 2018/5/31, 20:35:47 [Real-Time Protection] Malware found
    
50.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
    
51.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(1).exe'.
    
52.         Action performed: Delete file
    
53.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
54. 
    
55. 2018/5/31, 20:35:00 [Real-Time Protection] Malware found
    
56.         The pattern of 'TR/AD.Emotet.E (Cloud) [TR/AD.Emotet.E]'
    
57.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(10).exe'.
    
58.         Action performed: Delete file
    
59.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
60. 
    
61. 2018/5/31, 20:34:57 [Real-Time Protection] Malware found
    
62.         The pattern of 'TR/AD.Emotet.F (Cloud) [TR/AD.Emotet.F]'
    
63.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(9).exe'.
    
64.         Action performed: Delete file
    
65.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
66. 
    
67. 2018/5/31, 20:34:53 [Real-Time Protection] Malware found
    
68.         The pattern of 'HEUR/Malware [heuristic]'
    
69.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(8).exe'.
    
70.         Action performed: Move file to quarantine
    
71.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
72. 
    
73. 2018/5/31, 20:34:50 [Real-Time Protection] Malware found
    
74.         The pattern of 'DR/Delphi.5ab807 (Cloud) [DR/Delphi.5ab807]'
    
75.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(6).exe'.
    
76.         Action performed: Delete file
    
77.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
78. 
    
79. 2018/5/31, 20:34:46 [Real-Time Protection] Malware found
    
80.         The pattern of 'HEUR/AGEN.1014677 [heuristic]'
    
81.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(5).exe'.
    
82.         Action performed: Delete file
    
83.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
84. 
    
85. 2018/5/31, 20:34:43 [Real-Time Protection] Malware found
    
86.         The pattern of 'HEUR/AGEN.1014677 [heuristic]'
    
87.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(4).exe'.
    
88.         Action performed: Delete file
    
89.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
90. 
    
91. 2018/5/31, 20:34:38 [Real-Time Protection] Malware found
    
92.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
    
93.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(3).exe'.
    
94.         Action performed: Delete file
    
95.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
96. 
    
97. 2018/5/31, 20:34:34 [Real-Time Protection] Malware found
    
98.         The pattern of 'TR/Crypt.XPACK.9bb681 (Cloud) [TR/Crypt.XPACK.9bb681]'
    
99.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(2).exe'.
    
100.         Action performed: Delete file
     
101.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
102. 
     
103. 2018/5/31, 20:34:29 [Real-Time Protection] Malware found
     
104.         The pattern of 'HEUR/AGEN.1019945 [heuristic]'
     
105.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(1).exe'.
     
106.         Action performed: Delete file
     
107.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
108. 
     
109. 2018/5/31, 20:34:10 [Real-Time Protection] Malware found
     
110.         The pattern of 'DR/Delphi.onlgl [dropper]'
     
111.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(7).exe'.
     
112.         Action performed: Delete file
     
113.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
114. 
     
115. 2018/5/31, 20:34:10 [Real-Time Protection] Malware found
     
116.         The pattern of 'DR/Delphi.onlgl [dropper]'
     
117.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Modified Samples\(7).exe'.
     
118.         Action performed: Delete file
     
119.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
120. 
     
121. 2018/5/31, 20:34:09 [Real-Time Protection] Malware found
     
122.         The pattern of 'DR/Delphi.onlgl [dropper]'
     
123.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\Virus10x 0531\Samples\(7).exe'.
     
124.         Action performed: Delete file
     
125.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     

复制代码

a27573

ESET 05 31 20:59

Samples(10/10) + M(9/10) = Total(19/20)

1. 时间;扫描程序;对象类型;对象;威胁;操作;用户;信息;哈希;此处首次所见
   
2. 2018/5/31 20:56:30;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(2).exe;Win32/Kryptik.GHGU 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;48369481FEA476202709222F4D651687AB688607;2018/5/31 20:55:31
   
3. 2018/5/31 20:56:33;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(1).exe;Win32/Spy.Zumanek.DF 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;61B9F343F4CC389D7F0EFACCC9063B749AAF5E78;2018/5/31 20:55:31
   
4. 2018/5/31 20:56:45;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(10).exe;Win32/Kryptik.GHGF 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;8F3C4CFBF318529AD1FC86F70F1E8E3AF3ED8321;2018/5/31 20:55:31
   
5. 2018/5/31 20:56:53;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(3).exe;MSIL/Spy.Agent.AUS 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;B8493CEE69910B95B3F96F74BBC7A4F8D58BB641;2018/5/31 20:55:31
   
6. 2018/5/31 20:56:57;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(4).exe;Win32/Injector.DYIH 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;60F99A0DEE6B4E3F0788C6B353E66C6A819F8FD5;2018/5/31 20:55:31
   
7. 2018/5/31 20:56:59;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(6).exe;Win32/Injector.DYIF 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;542D572CA06E1583F1C97EFAC672B1196A75BAA9;2018/5/31 20:55:31
   
8. 2018/5/31 20:57:06;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(7).exe;Win32/Injector.DYHL 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;B8E5F227799556A3436C87DC73783F8C61D19EAB;2018/5/31 20:55:31
   
9. 2018/5/31 20:57:10;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(5).exe;Win32/Injector.DYIH 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;E7ED2BEECF4FB1930EC4DEBDCA85E58BCDF52B9A;2018/5/31 20:55:31
   
10. 2018/5/31 20:57:11;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(9).exe;Win32/Emotet.BH 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;006C6814AC5B7255B6B51DC0305DF8F50C4134F8;2018/5/31 20:55:31
    
11. 2018/5/31 20:57:13;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\Virus10x 0531\Samples\(8).exe;Win32/GenKryptik.CBHR 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;2843A90B944986A199479B13EF45BBB25CE3B05E;2018/5/31 20:55:31
    

复制代码

XZ8SM7Sx0bVkoUV

火绒 kill4

540923555

ELOHIM 发表于 2018-5-31 17:35
SCEP 05 31 17:28

Samples(1/10) + M(2/10) = Total(3/20)

3.exe又是那个无限fondue进程的。。。这个程序上报多少次微软都不管，其余的都除了M1，已经被WD干掉了

另外M1运行出错，未见恶意行为

540923555

2605276004x 发表于 2018-5-31 17:38
Kaspersky     2018/05/31--17:40
Samples(8/10) + M(2/10) = Total(10/20)

M1也无法运行，报错后进程退出，无行为