收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0607
1234下一页
返回列表 发新帖
查看: 3809|回复: 39
收起左侧

[病毒样本] #PACKAGE 0607

  [复制链接]
Jerry.Lin
发表于 2018-6-7 21:15:31 | 显示全部楼层 |阅读模式
OneDrive
蓝奏


Total : 40 (20+20)

#勿传VT
#在样本有效期内(24小时),建议无需手动上报样本至厂商,便于其他人测试行为拦截,响应速度等
#样本序号以收集时间顺序排序,越大代表越接近现在时间


如 Modified Samples 报毒名与原样本有较大出入,则不计算在内。
行为防御检测计算在内
鼓励双击,结果置顶


回帖格式建议

杀软名称 + 时间

Samples查杀率 + M_Samples查杀率 = Total



例如:

XXXX  05 22 21:27

Samples(5/10) + M(3/10) = Total(8/20)  40%


----------------------------------------------
Second Scan 05 22 21:29

Samples(7/10) + M(3/10) = Total(10/20) 50%

评分

参与人数 1人气 +1 收起 理由
petr0vic + 1 赞一个!

查看全部评分

回复

举报

ELOHIM
发表于 2018-6-7 21:16:36 | 显示全部楼层
本帖最后由 ELOHIM 于 2018-6-7 21:32 编辑

SCEP  06/07  21:22
Samples(4/20) + M(3/20) = Total(7/40)  17.5%

丢人。
——————————————————————
SCEP  06/07  21:30

Samples(5/20) + M(3/20) = Total(7/40)  20%


回复

举报

Dust-;羅錠
发表于 2018-6-7 21:23:28 | 显示全部楼层
ESET
18/20+17/20=35/40

C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(10).exe - Win32/Kryptik.GHNP 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(11).exe > UPX v13_m8 > AUTOIT > script.bin - Win32/Injector.Autoit.DID 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(11).exe > AUTOIT > script.bin - Win32/Injector.Autoit.DID 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(12).exe - Win32/GenKryptik.CBWM 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(13).exe - Win32/Injector.CLNQ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(14).exe - Win32/Kryptik.GHNF 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(15).exe - Win32/Kryptik.GHNL 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(16).exe - Suspicious Object
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(19).exe - Win32/Emotet.BK 特洛伊木马
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(2).exe - Win32/Emotet.BK 特洛伊木马
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(20).exe - MSIL/Kryptik.OKJ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(3).exe - Win32/GenKryptik.BZRS 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(4).exe - MSIL/Kryptik.KPP 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(5).exe - Win32/Spy.Bebloh.O 特洛伊木马
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(6).exe - Win32/Spy.KeyLogger.QFB 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(7).exe - Win32/Injector.DYNC 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(8).exe - Win32/Kryptik.GHMZ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Modified Samples\(9).exe - Win32/Spy.KeyLogger.QFB 特洛伊木马 的变种


C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(1).exe - Generik.PWBELV 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(10).exe - Win32/Kryptik.GHNP 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(11).exe > UPX v13_m8 > AUTOIT > script.bin - Win32/Injector.Autoit.DID 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(11).exe > AUTOIT > script.bin - Win32/Injector.Autoit.DID 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(12).exe - Generik.DICZVSQ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(13).exe - Win32/Injector.CLNQ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(14).exe - Win32/Kryptik.GHNF 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(15).exe - Win32/Kryptik.GHNL 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(16).exe - Suspicious Object
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(19).exe - Win32/Emotet.BK 特洛伊木马
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(2).exe - Win32/Emotet.BK 特洛伊木马
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(20).exe - MSIL/Kryptik.OKJ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(3).exe - Win32/GenKryptik.BZRS 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(4).exe - MSIL/Kryptik.KPP 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(5).exe - Win32/Spy.Bebloh.O 特洛伊木马
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(6).exe - Win32/Spy.KeyLogger.QFB 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(7).exe - Win32/Injector.DYNC 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(8).exe - Win32/Kryptik.GHMZ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0607\Samples\(9).exe - Win32/Spy.KeyLogger.QFB 特洛伊木马 的变种


回复

举报

dongwenqi
发表于 2018-6-7 21:25:04 | 显示全部楼层
卡巴斯基
Samples(13/20) + M(2/20) = Total(15/40) 38%
回复

举报

Jerry.Lin
 楼主| 发表于 2018-6-7 21:26:54 | 显示全部楼层
dongwenqi 发表于 2018-6-7 21:25
卡巴斯基
Samples(13/20) + M(2/20) = Total(15/40) 38%

测双击吗
回复

举报

dongwenqi
发表于 2018-6-7 21:27:13 | 显示全部楼层
191196846 发表于 2018-6-7 21:26
测双击吗

实机不测试双击
回复

举报

Jerry.Lin
 楼主| 发表于 2018-6-7 21:27:25 | 显示全部楼层
本帖最后由 191196846 于 2018-6-7 21:49 编辑

06 07 21:35

Samples(19/20) + M(20/20) = Total(39/40)

17号 有效数签,正在分析中
=======================
初步分析结果:Backdoor


  1. 2018/6/7, 21:34:31 [Real-Time Protection] Malware found
  2.         The pattern of 'TR/Dropper.Gen [trojan]'
  3.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(20).exe'.
  4.         Action performed: Delete file
  5.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  7. 2018/6/7, 21:34:26 [Real-Time Protection] Malware found
  8.         The pattern of 'TR/AD.Emotet.B (Cloud) [TR/AD.Emotet.B]'
  9.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(19).exe'.
  10.         Action performed: Delete file
  11.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  13. 2018/6/7, 21:34:20 [Real-Time Protection] Malware found
  14.         The pattern of 'TR/AD.Ursnif.Y (Cloud) [TR/AD.Ursnif.Y]'
  15.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(18).exe'.
  16.         Action performed: Delete file
  17.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  19. 2018/6/7, 21:34:16 [Real-Time Protection] Malware found
  20.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
  21.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(17).exe'.
  22.         Action performed: Delete file
  23.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  25. 2018/6/7, 21:34:09 [Real-Time Protection] Malware found
  26.         The pattern of 'TR/AD.LockyC.Y (Cloud) [TR/AD.LockyC.Y]'
  27.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(16).exe'.
  28.         Action performed: Delete file
  29.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  31. 2018/6/7, 21:34:02 [Real-Time Protection] Malware found
  32.         The pattern of 'TR/Crypt.XPACK.04918b (Cloud) [TR/Crypt.XPACK.04918b]'
  33.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(15).exe'.
  34.         Action performed: Delete file
  35.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  37. 2018/6/7, 21:33:56 [Real-Time Protection] Malware found
  38.         The pattern of 'TR/Crypt.Agent.14b672 (Cloud) [TR/Crypt.Agent.14b672]'
  39.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(14).exe'.
  40.         Action performed: Delete file
  41.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  43. 2018/6/7, 21:33:53 [Real-Time Protection] Malware found
  44.         The pattern of 'TR/Injector.664dc6 (Cloud) [TR/Injector.664dc6]'
  45.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(13).exe'.
  46.         Action performed: Delete file
  47.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  49. 2018/6/7, 21:33:47 [Real-Time Protection] Malware found
  50.         The pattern of 'TR/Crypt.ZPACK.9103b0 (Cloud) [TR/Crypt.ZPACK.9103b0]'
  51.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(12).exe'.
  52.         Action performed: Delete file
  53.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  55. 2018/6/7, 21:33:43 [Real-Time Protection] Malware found
  56.         The pattern of 'HEUR/AGEN.1026215 [heuristic]'
  57.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(11).exe'.
  58.         Action performed: Delete file
  59.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  61. 2018/6/7, 21:33:35 [Real-Time Protection] Malware found
  62.         The pattern of 'TR/Spy.KeyLogger.b1a309 (Cloud) [TR/Spy.KeyLogger.b1a309]'
  63.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(9).exe'.
  64.         Action performed: Delete file
  65.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  67. 2018/6/7, 21:33:29 [Real-Time Protection] Malware found
  68.         The pattern of 'TR/Crypt.XPACK.468373 (Cloud) [TR/Crypt.XPACK.468373]'
  69.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(8).exe'.
  70.         Action performed: Delete file
  71.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  73. 2018/6/7, 21:33:25 [Real-Time Protection] Malware found
  74.         The pattern of 'TR/Crypt.ZPACK.Gen [trojan]'
  75.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(7).exe'.
  76.         Action performed: Delete file
  77.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  79. 2018/6/7, 21:33:19 [Real-Time Protection] Malware found
  80.         The pattern of 'TR/Spy.KeyLogger.5ad16b (Cloud) [TR/Spy.KeyLogger.5ad16b]'
  81.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(6).exe'.
  82.         Action performed: Delete file
  83.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  85. 2018/6/7, 21:32:59 [Real-Time Protection] Malware found
  86.         The pattern of 'HEUR/AGEN.1006442 [heuristic]'
  87.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(4).exe'.
  88.         Action performed: Delete file
  89.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  91. 2018/6/7, 21:32:55 [Real-Time Protection] Malware found
  92.         The pattern of 'TR/Crypt.ZPACK.Gen [trojan]'
  93.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(3).exe'.
  94.         Action performed: Delete file
  95.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  97. 2018/6/7, 21:32:52 [Real-Time Protection] Malware found
  98.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
  99.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(1).exe'.
  100.         Action performed: Delete file
  101.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  103. 2018/6/7, 21:32:45 [Real-Time Protection] Malware found
  104.         The pattern of 'TR/Dropper.MSIL.8f561d (Cloud) [TR/Dropper.MSIL.8f561d]'
  105.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(20).exe'.
  106.         Action performed: Delete file
  107.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  109. 2018/6/7, 21:32:38 [Real-Time Protection] Malware found
  110.         The pattern of 'TR/Crypt.ZPACK.AF (Cloud) [TR/Crypt.ZPACK.AF]'
  111.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(19).exe'.
  112.         Action performed: Delete file
  113.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  115. 2018/6/7, 21:32:33 [Real-Time Protection] Malware found
  116.         The pattern of 'TR/AD.Ursnif.Y (Cloud) [TR/AD.Ursnif.Y]'
  117.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(18).exe'.
  118.         Action performed: Delete file
  119.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  121. 2018/6/7, 21:30:27 [Real-Time Protection] Malware found
  122.         The pattern of 'TR/Crypt.XPACK.7f9ced (Cloud) [TR/Crypt.XPACK.7f9ced]'
  123.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(16).exe'.
  124.         Action performed: Delete file
  125.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  127. 2018/6/7, 21:30:21 [Real-Time Protection] Malware found
  128.         The pattern of 'TR/Crypt.XPACK.KV (Cloud) [TR/Crypt.XPACK.KV]'
  129.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(15).exe'.
  130.         Action performed: Delete file
  131.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  133. 2018/6/7, 21:30:15 [Real-Time Protection] Malware found
  134.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
  135.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(14).exe'.
  136.         Action performed: Delete file
  137.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  139. 2018/6/7, 21:30:08 [Real-Time Protection] Malware found
  140.         The pattern of 'TR/Injector.5a5665 (Cloud) [TR/Injector.5a5665]'
  141.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(13).exe'.
  142.         Action performed: Delete file
  143.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  145. 2018/6/7, 21:30:02 [Real-Time Protection] Malware found
  146.         The pattern of 'TR/AD.Ursnif.Y (Cloud) [TR/AD.Ursnif.Y]'
  147.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(12).exe'.
  148.         Action performed: Delete file
  149.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  151. 2018/6/7, 21:29:56 [Real-Time Protection] Malware found
  152.         The pattern of 'HEUR/AGEN.1026215 [heuristic]'
  153.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(11).exe'.
  154.         Action performed: Delete file
  155.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  157. 2018/6/7, 21:29:50 [Real-Time Protection] Malware found
  158.         The pattern of 'HEUR/APC.Griffin (Cloud) [HEUR/APC.Griffin]'
  159.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(9).exe'.
  160.         Action performed: Delete file
  161.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  163. 2018/6/7, 21:29:21 [Real-Time Protection] Malware found
  164.         The pattern of 'TR/Crypt.XPACK.47d194 (Cloud) [TR/Crypt.XPACK.47d194]'
  165.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(8).exe'.
  166.         Action performed: Delete file
  167.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  169. 2018/6/7, 21:29:14 [Real-Time Protection] Malware found
  170.         The pattern of 'TR/Dropper.VB.6c8f72 (Cloud) [TR/Dropper.VB.6c8f72]'
  171.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(7).exe'.
  172.         Action performed: Delete file
  173.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  175. 2018/6/7, 21:29:08 [Real-Time Protection] Malware found
  176.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
  177.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(6).exe'.
  178.         Action performed: Delete file
  179.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  181. 2018/6/7, 21:29:02 [Real-Time Protection] Malware found
  182.         The pattern of 'HEUR/AGEN.1006442 [heuristic]'
  183.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(4).exe'.
  184.         Action performed: Delete file
  185.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  187. 2018/6/7, 21:28:56 [Real-Time Protection] Malware found
  188.         The pattern of 'HEUR/AGEN.1004819 [heuristic]'
  189.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(3).exe'.
  190.         Action performed: Delete file
  191.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  193. 2018/6/7, 21:28:52 [Real-Time Protection] Malware found
  194.         The pattern of 'PUA/BitcoinMiner (Cloud) [PUA/BitcoinMiner]'
  195.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(1).exe'.
  196.         Action performed: Delete file
  197.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  199. 2018/6/7, 21:28:26 [Real-Time Protection] Malware found
  200.         The pattern of 'TR/AD.Emotet.P [trojan]'
  201.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(2).exe'.
  202.         Action performed: Delete file
  203.         User SID: S-1-5-18

  205. 2018/6/7, 21:28:25 [Real-Time Protection] Malware found
  206.         The pattern of 'TR/AD.MalwareCrypter.szlbt [trojan]'
  207.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(5).exe'.
  208.         Action performed: Delete file
  209.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  211. 2018/6/7, 21:28:25 [Real-Time Protection] Malware found
  212.         The pattern of 'TR/AD.Emotet.P [trojan]'
  213.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(2).exe'.
  214.         Action performed: Delete file
  215.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  217. 2018/6/7, 21:28:23 [Real-Time Protection] Malware found
  218.         The pattern of 'TR/AD.MalwareCrypter.hoplm [trojan]'
  219.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(10).exe'.
  220.         Action performed: Delete file
  221.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  223. 2018/6/7, 21:28:23 [Real-Time Protection] Malware found
  224.         The pattern of 'TR/AD.MalwareCrypter.szlbt [trojan]'
  225.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Modified Samples\(5).exe'.
  226.         Action performed: Delete file
  227.         User SID: S-1-5-18

  229. 2018/6/7, 21:28:22 [Real-Time Protection] Malware found
  230.         The pattern of 'TR/AD.Emotet.P [trojan]'
  231.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(2).exe'.
  232.         Action performed: Delete file
  233.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  235. 2018/6/7, 21:28:21 [Real-Time Protection] Malware found
  236.         The pattern of 'TR/AD.MalwareCrypter.hoplm [trojan]'
  237.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(10).exe'.
  238.         Action performed: Delete file
  239.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  241. 2018/6/7, 21:28:21 [Real-Time Protection] Malware found
  242.         The pattern of 'TR/AD.MalwareCrypter.hoplm [trojan]'
  243.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(10).exe'.
  244.         Action performed: Delete file
  245.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  247. 2018/6/7, 21:28:21 [Real-Time Protection] Malware found
  248.         The pattern of 'TR/AD.Emotet.P [trojan]'
  249.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(2).exe'.
  250.         Action performed: Delete file
  251.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  253. 2018/6/7, 21:28:21 [Real-Time Protection] Malware found
  254.         The pattern of 'TR/AD.MalwareCrypter.szlbt [trojan]'
  255.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0607\Samples\(5).exe'.
  256.         Action performed: Delete file
  257.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
复制代码



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

B100D1E55
发表于 2018-6-7 21:50:40 | 显示全部楼层
补充3楼ESET的检出
Samples剩余17和18,双击,其中17 AMS检出meterpreter,18是Ursnif

话说modified的17和原始的17是怎么回事,原始的17是漏洞文档然后modified 17是修改的衍生物?
回复

举报

www-tekeze
发表于 2018-6-7 21:54:23 | 显示全部楼层
火绒  06/07 21:55
Samples(4/20) + M(4/20) = Total(8/40)  20%   


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Jerry.Lin
 楼主| 发表于 2018-6-7 22:00:22 | 显示全部楼层
B100D1E55 发表于 2018-6-7 21:50
补充3楼ESET的检出
Samples剩余17和18,双击,其中17 AMS检出meterpreter,18是Ursnif

是同一个样本呐……不是衍生物
回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-26 21:37 , Processed in 0.134043 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表