【05.31】#VirusPackage 13x + Modified Samples

ELOHIM

540923555 发表于 2018-6-1 17:09
WD现在除了7和12其余全干掉，12又是那个fondue进程的样本，楼主跟这个样本杠上了，每天一个新边变种。。 ...

微软反常。。
莫不是微软自己的东西也是这样运行的？

ELOHIM

540923555 发表于 2018-6-1 17:09
WD现在除了7和12其余全干掉，12又是那个fondue进程的样本，楼主跟这个样本杠上了，每天一个新边变种。。 ...

另外，没有双击，不知道有哪些行为了。。。

，就一个.

测试主防不受时间限制GD双击测试 Modified Samples文件夹  故Modified Samples主防杀的Samples文件夹也同样杀 顾不测试

主防杀12个  剩余1个12号不杀


GD 主防  Samples12/13+ Modified Samples12/13=24




1
AVA 25.17295
GD 25.12405


*** Process ***


Process: 5724
File name: M(1).exe
Path: c:\users\administrator\desktop\m(1).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:17:10
Modification date: 2018年5月31日 21:19:38


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***

An unknown process was accessed.
The program has read data from its own program file.




*** Quarantine ***

The following files were moved into quarantine:
C:\Users\Administrator\Desktop\M(1).exe


The following registry entries were deleted:




YHJyCi4nJycnJgYvJygnKCYGp0InKHSCYmJwKycoJygmBrlyosAqJycnJyYGj3KycrJiYvApJycnJyYGpysc/jVmKycc/jVmKycmBucoJ2dwj3KigPtycnJyYmIAAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"C:\Users\Administrator\Desktop\M(1).exe"
MD5: 5D0D8B41376090D808579CAD4DE98B34
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935





2
AVA 25.17295
GD 25.12405


*** Process ***


Process: 3044
File name: M(2).exe
Path: c:\users\administrator\desktop\m(2).exe


Publisher: Unknown publisher


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***


The program establishes a network connection.
The program has created or manipulated an executable file.
The program has read data from its own program file.
The program attempted to remove its own program file.
The program attempted to rename its own program file.
The program has started another program to delete itself.
The program attempted to move its own program file.




*** Quarantine ***


The following files were moved into quarantine:
C:\ProgramData\G Data\AVK\Log\AVKLog\0000000010.log
C:\Users\Administrator\AppData\Roaming\A4B481\1BCFDA.exe
C:\Users\Administrator\Desktop\M(2).exe
c:\users\administrator\appdata\roaming\a4b481\1bcfda.lck
c:\users\administrator\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-4276158925-4074855716-677858691-500\a18ca4003deb042bbee7a40f15e1970b_9a032b5b-b23b-461b-a0b1-caea986aa113


The following registry entries were deleted:




YGLhyqINLSfoYmJygg4uJycnJyYGl3JyYmJycnAqdHJiYkInB7dycmJicnKQKxauLA3acsJiYnLCsC0nJyYmJwf8cnJiYnJy8CgnLCcrJwefcnJycmJicGZycmJicnJwdnJyYmJycnBpcnJycmJicHlycmJicnJwusLhW2O2csLhW2O2cmJicHtycnJyYmJwjnJyDfcmJycmJicH9ycnJyYmJwf3KSfoYmJygg64LycnJycmBgA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"C:\Users\Administrator\Desktop\M(2).exe"
MD5: E82B886F71374EE432AA62A84DC8414F
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935




3
AVA 25.17295
GD 25.12405


*** Process ***


Process: 5560
File name: M(3).exe
Path: c:\users\administrator\desktop\m(3).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:18:30
Modification date: 2018年5月31日 21:19:40


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***

An unknown process was accessed.
The program has read data from its own program file.




*** Quarantine ***


The following files were moved into quarantine:
C:\Users\Administrator\Desktop\M(3).exe


The following registry entries were deleted:




YHJyCi4nJycnJgYvJygnKCYGp0InKHSCYmJwKycoJygmBrlyosAqJycnJyYGj3KScpJiYvApJycnJyYGpyscnTVmKyccnTVmKycmBucoJ2dwj3KigPtycnJyYmIAAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"C:\Users\Administrator\Desktop\M(3).exe"
MD5: BB24947D2BEE0BD20451BBD3BC8D57F3
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935




4
AVA 25.17295
GD 25.12405


*** Process ***


Process: 2304
File name: M(4).exe
Path: c:\users\administrator\desktop\m(4).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:18:42
Modification date: 2018年5月31日 21:19:42


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***

An unknown process was accessed.
The program has read data from its own program file.




*** Quarantine ***


The following files were moved into quarantine:
C:\Users\Administrator\Desktop\M(4).exe


The following registry entries were deleted:




YHJyCi4nJycnJgYvJygnKCYGp0InKHSCYmJwKycoJygmBrlyosAqJycnJyYGj3KycrJiYvApJycnJyYGpysc7DVmKycc7DVmKycmBucoJ2dwj3KigPtycnJyYmIAAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"C:\Users\Administrator\Desktop\M(4).exe"
MD5: FFC5D165AE934E2DC9B4185E0931580C
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935




5
AVA 25.17295
GD 25.12405


*** Process ***


Process: 1308
File name: M(5).exe
Path: d:\360极速浏览器下载\virus 13x 0531\modified samples\m(5).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:10:04
Modification date: 2018年5月31日 21:19:29


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***

An unknown process was accessed.
The program has read data from its own program file.




*** Quarantine ***


The following files were moved into quarantine:
D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(5).exe


The following registry entries were deleted:




YHJyCS4nJycnJgYvJygnKCYGp0InKHSCYmJwKycoJygmBrlyosAqJycnJyYGj3KCcoJiYvApJycnJyYGpyscqjVmKyccqjVmKycmBucoJ2dwj3KigPtycnJyYmIAAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(5).exe"
MD5: CC5E9458D87C60527547C487D60AEA7C
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935




6
AVA 25.17295
GD 25.12405


*** Process ***


Process: 4544
File name: M(6).exe
Path: d:\360极速浏览器下载\virus 13x 0531\modified samples\m(6).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:10:04
Modification date: 2018年5月31日 21:19:31


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***

An unknown process was accessed.
The program has read data from its own program file.




*** Quarantine ***


The following files were moved into quarantine:
D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(6).exe


The following registry entries were deleted:




YHJyCS4nJycnJgYvJygnKCYGp0InKHSCYmJwKycoJygmBrlyosAqJycnJyYGj3KCcoJiYvApJycnJyYGpyscWmO2csKhNWYrJyYG5ygnZ3CPcqKA+3JycnJiYgAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(6).exe"
MD5: 8B37BF429550981D532B17E4DA628C34
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935




7




AVA 25.17295
GD 25.12405


*** Process ***


Process: 1664
File name: M(7).exe
Path: d:\360极速浏览器下载\virus 13x 0531\modified samples\m(7).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:10:04
Modification date: 2018年5月31日 21:19:31


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***

The program has created or manipulated an executable file.
The program has read data from its own program file.
The program created a copy of itself.




*** Quarantine ***


The following files were moved into quarantine:
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\DsvHelper\%DECRY%.txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\DsvHelper\Filename.exe
D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(7).exe


The following registry entries were deleted:




YHKCDi0nKCcoJgYvJyonKiYGp0InKnSiYmJwKycqJyomBrlycgfbcnJycmJiwC8nJycnJgaPcqJyomJi8CknJycnJgbPcnJycmJicLrCgTVmKyccWGO2cmJicI5yggb3KCcO9yknKCcoJgb3LycnJycmBogmJycnJyYG2C4nJycnJgboKicH6CsnJyYmJwcA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(7).exe"
MD5: 4FD6E86F85A177E6A9B9B4BCEAB05823
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935



8
AVA 25.17295
GD 25.12405


*** Process ***


Process: 5536
File name: M(8).exe
Path: c:\users\administrator\desktop\m(8).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:19:06
Modification date: 2018年5月31日 21:19:31


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***

The program has created or manipulated an executable file.
The program has read data from its own program file.
The program created a copy of itself.




*** Quarantine ***


The following files were moved into quarantine:
C:\Users\Administrator\AppData\Roaming\server\HOST.exe
C:\Users\Administrator\Desktop\M(8).exe


The following registry entries were deleted:




YHJyCy0nJycnJgYvJygnKCYGp0InKHSCYmJwKycoJygmBrlywrAtJycnJyYG/HJycnJiYvAoJygnKCYGn3JycnJiYvAsJycnJyYGpyscdzVmKyccdzVmKycmBucoJ2dwj3KicJ9ycnJyYmKArnJygL5ycmJicnIAAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"C:\Users\Administrator\Desktop\M(8).exe"
MD5: 2CDCDE3115761DE042B9FAB98C267BAD
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935



9



AVA 25.17295
GD 25.12405


*** Process ***


Process: 3908
File name: M(9).exe
Path: d:\360极速浏览器下载\virus 13x 0531\modified samples\m(9).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:10:04
Modification date: 2018年5月31日 21:19:33


Started by: M(9).exe
Publisher: Unknown publisher




*** Actions ***


The program is trying to create a startup item to launch a program automatically at system startup.
The program establishes a network connection.
The program has created or manipulated an executable file.
The program has read data from its own program file.
The program created a copy of itself.




*** Quarantine ***


The following files were moved into quarantine:
C:\Users\Administrator\AppData\Roaming\The May Department Stores Company\The May Department Stores Company.exe
D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(9).exe


The following registry entries were deleted:


\registry\user\s-1-5-21-4276158925-4074855716-677858691-500\software\microsoft\windows\currentversion\run || the may department stores company


YHJyDSwnJycnJgYtJycnJyYGLycoJygmBqdCJyh0gmJicCsnKCcoJgbocnJycmJikCsnZ5AtJwfacsJywmJisC0nJycnJgb8cnJycmJi8CgnKCcoJgafcnJycmJi8CwnJycnJgZ3KicHpysbfzVmKycbfzVmKycmBucoJ4dwj3KicJ9ycnJyYmJwr3JycnJiYoCucnKAvnJyYmJycgAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(9).exe"
MD5: 943E51C0DFFE05691E31CEF0C562D83B
"D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(9).exe"
MD5: 943E51C0DFFE05691E31CEF0C562D83B


10（


AVA 25.17295
GD 25.12405


*** Process ***


Process: 1340
File name: M(10).exe
Path: d:\360极速浏览器下载\virus 13x 0531\modified samples\m(10).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:10:04
Modification date: 2018年5月31日 21:19:34


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***

An unknown process was accessed.
The program has read data from its own program file.





*** Quarantine ***


The following files were moved into quarantine:
D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(10).exe


The following registry entries were deleted:




YHJyBy8nKCcoJganQicodIJiYnArJygnKCYGuXKS8C4nJycnJganKxmbNWYrJxmbNWYrJyYG5ygnd3CPcrIAAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(10).exe"
MD5: DDA6FBCDE1680650E25B1E9C675959CC
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935


11

AVA 25.17295
GD 25.12405


*** Process ***


Process: 4776
File name: M(11).exe
Path: d:\360极速浏览器下载\virus 13x 0531\modified samples\m(11).exe


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:10:04
Modification date: 2018年5月31日 21:19:34


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***


The program has saved files in the system folder.
The program has created or manipulated an executable file.
The program has read data from its own program file.
The program created a copy of itself.
The program has copied itself to the Windows folder.
The program has created or manipulated an executable file in the system folder.




*** Quarantine ***


The following files were moved into quarantine:
C:\Windows\System32\scalarquota.exe
D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(11).exe


The following registry entries were deleted:




YGLhinINLScnJycmBqdCJyh0gmJicCsnKCcoJga5YuGKcghqcnJycmJiwC4nJycnJgb8cnJycmJi8CgnKycrJgafcnJycmJi8CwnJycnJgZ3KScnJycmBocrJycnJyYGpysYvTVmKycYvTVmKycmBrcoJycnJyYGtyonCOcoJw/nKicoJygmBugqJwfoKycnJiYnBwA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"D:\360极速浏览器下载\Virus 13x 0531\Modified Samples\M(11).exe"
MD5: F15C3C6F24EF7C1A7C983E44FE1BD1FE
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935



13

AVA 25.17295
GD 25.12405


*** Process ***


Process: 5152
File name: M(13).scr
Path: c:\users\administrator\desktop\m(13).scr


Publisher: Unknown publisher
Creation date: 2018年6月3日 21:19:43
Modification date: 2018年5月31日 21:19:36


Started by: explorer.exe
Publisher: Microsoft Windows




*** Actions ***


The program has created or manipulated an executable file.
The program has read data from its own program file.
The program created a copy of itself.




*** Quarantine ***


The following files were moved into quarantine:
C:\Users\Administrator\AppData\Roaming\TeamViewer\TeamViewer.exe
C:\Users\Administrator\Desktop\M(13).scr


The following registry entries were deleted:




YHJyCy0nJycnJgYvJygnKCYGp0InKHSCYmJwKycoJygmBrlywrAtJycnJyYG/HJycnJiYvAoJygnKCYGn3JycnJiYvAsJycnJyYGpysd/TVmKycd/TVmKycmBucoJ2dwj3KicJ9ycnJyYmKArnJygL5ycmJicnIAAA
Rules version: 5.0.149
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 73031


"C:\Users\Administrator\Desktop\M(13).scr" /S
MD5: F4EB09753C0379C0E8BCF7A9671A933A
C:\Windows\Explorer.EXE
MD5: 6DDCA324434FFA506CF7DC4E51DB7935

ELOHIM

540923555 发表于 2018-6-1 17:09
WD现在除了7和12其余全干掉，12又是那个fondue进程的样本，楼主跟这个样本杠上了，每天一个新边变种。。 ...

唉，微软慢…………声声慢。

现在修改的还有原始样本都入库了。

superax

，就一个. 发表于 2018-6-1 17:57
来晚了 来晚了

迈克菲

你这个是个人版的咖啡？为什么企业版的查杀比个人版的差很多啊

HellBoyF

微步的云沙箱检测7个可疑，3个安全，3个恶意。其中恶意的样本具有反沙箱，创建服务，设置自启动等行为
https://s.threatbook.cn/report/f ... io_link_id=DPWqn69n
https://s.threatbook.cn/report/f ... io_link_id=Yo1aXaol
https://s.threatbook.cn/report/f ... io_link_id=korvqQo1

Jerry.Lin

HellBoyF 发表于 2018-6-5 09:29
微步的云沙箱检测7个可疑，3个安全，3个恶意。其中恶意的样本具有反沙箱，创建服务，设置自启动等行为
htt ...

快说

上面的多引擎啥时候更新？

HellBoyF

191196846 发表于 2018-6-5 09:30
快说

上面的多引擎啥时候更新？

老哥，我要是负责这块，我加班加点也给更新了。不过公司同事好像是在做这块

，就一个.

superax 发表于 2018-6-5 08:25
你这个是个人版的咖啡？为什么企业版的查杀比个人版的差很多啊

这我就不知道了，我是咖啡个人版

小飞侠.net

火绒安全---（ Windows 7 Ultimate with SP1 简体中文旗舰版....）：部分未知文件已发送到seclab@huorong.cn，等处理中。。。

病毒库：2018-06-09 15:49
开始时间：2018-06-09 20:47
总计用时：00:00:05
扫描对象：32个
扫描文件：26个
发现风险：26个
已处理风险：0个
发现系统修复项：0个
处理系统修复项：0个

病毒详情

风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(1).exe, 病毒名：Trojan/Generic!F1250E51BD579772, 病毒ID：[f1250e51bd579772], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(12).exe, 病毒名：HEUR:Trojan/Fake.h, 病毒ID：[9a4bb0725ca47a12], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(11).exe, 病毒名：Trojan/Generic!5D8BE3EF4AEEC12C, 病毒ID：[5d8be3ef4aeec12c], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(13).scr, 病毒名：Trojan/Generic!40BFA4E10369A398, 病毒ID：[40bfa4e10369a398], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(2).exe, 病毒名：Trojan/Generic!CDB5693ED6B62735, 病毒ID：[cdb5693ed6b62735], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(3).exe, 病毒名：Trojan/Generic!9518BC9840482AF2, 病毒ID：[9518bc9840482af2], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(4).exe, 病毒名：Trojan/Generic!AD62AC94EF5E704F, 病毒ID：[ad62ac94ef5e704f], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(5).exe, 病毒名：Trojan/Generic!CE186C27DD0322C0, 病毒ID：[ce186c27dd0322c0], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(7).exe, 病毒名：Trojan/Generic!E2C88822AA592976, 病毒ID：[e2c88822aa592976], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(6).exe, 病毒名：Trojan/Generic!8FDDF757348CC80A, 病毒ID：[8fddf757348cc80a], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(9).exe, 病毒名：Trojan/Generic!C4FC500327A59F22, 病毒ID：[c4fc500327a59f22], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(8).exe, 病毒名：Trojan/Generic!4DC60A95313B35E7, 病毒ID：[4dc60a95313b35e7], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(1).exe, 病毒名：Trojan/Generic!C902F582D08B4F03, 病毒ID：[c902f582d08b4f03], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(11).exe, 病毒名：Trojan/Generic!08AA6E848044A09E, 病毒ID：[8aa6e848044a09e], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(12).exe, 病毒名：HEUR:Trojan/Fake.h, 病毒ID：[9a4bb0725ca47a12], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Modified Samples\M(10).exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：[b27d4294cde6a1ec], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(2).exe, 病毒名：Trojan/Generic!DC4C10E755683CE5, 病毒ID：[dc4c10e755683ce5], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(13).scr, 病毒名：Trojan/Generic!97A49F28F94EDCC0, 病毒ID：[97a49f28f94edcc0], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(10).exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：[b27d4294cde6a1ec], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(4).exe, 病毒名：Trojan/Generic!5169AC882D61E8F6, 病毒ID：[5169ac882d61e8f6], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(5).exe, 病毒名：Trojan/Generic!7445059E31A5E3E8, 病毒ID：[7445059e31a5e3e8], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(3).exe, 病毒名：Trojan/Generic!F656CB01C79773D5, 病毒ID：[f656cb01c79773d5], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(6).exe, 病毒名：Trojan/Generic!A8BE1590E9EB655F, 病毒ID：[a8be1590e9eb655f], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(9).exe, 病毒名：Trojan/Generic!B69C6EDAC4FADA3E, 病毒ID：[b69c6edac4fada3e], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(7).exe, 病毒名：Trojan/Generic!D6029AF388F56F48, 病毒ID：[d6029af388f56f48], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531\Samples\(8).exe, 病毒名：Trojan/Generic!A42A8D219079FF8B, 病毒ID：[a42a8d219079ff8b], 处理结果：已忽略


文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 13x 0531.rar
文件大小: 6.40 MB (6,721,137 字节)
修改时间: 2018年06月09日，20:46:11
MD5: EBFB239266D20A8C8AAADD850A676C00
SHA1: C35BC6380E1BDEDE0C30A08DF2BC3A56002D0943
SHA256: 9C6B94094489EA363D24698001E93478F7EC14515B287A5C7DDB4209CABDE8AF
SHA512: 28390FFC0C06D1ABA4F11A15750CBCF8EA59EC80F9395D32E2E55A185DFE729ADD7956E555E533F999134793068B5D72EAA4F42041695F1B00FBBE558D329E62
CRC32: 2C03E998
计算时间: 0.42s

-------重复的？为何多？？？