收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0610
123下一页
返回列表 发新帖
查看: 3660|回复: 26
收起左侧

[病毒样本] #PACKAGE 0610

[复制链接]
Jerry.Lin
发表于 2018-6-10 20:38:19 | 显示全部楼层 |阅读模式
OneDrive
蓝奏


Total : 30 (15+15)

#勿传VT
#在样本有效期内(24小时),建议无需手动上报样本至厂商,便于其他人测试行为拦截,响应速度等
#样本序号以收集时间顺序排序,越大代表越接近现在时间


如 Modified Samples 报毒名与原样本有较大出入,则不计算在内。
行为防御检测计算在内
鼓励双击,结果置顶


回帖格式建议

杀软名称 + 时间

Samples查杀率 + M_Samples查杀率 = Total



例如:

XXXX  05 22 21:27

Samples(5/10) + M(3/10) = Total(8/20)  40%


----------------------------------------------
Second Scan 05 22 21:29

Samples(7/10) + M(3/10) = Total(10/20) 50%

评分

参与人数 1人气 +1 收起 理由
petr0vic + 1 赞一个!

查看全部评分

回复

举报

Dust-;羅錠
发表于 2018-6-10 20:43:51 | 显示全部楼层
本帖最后由 Dust-;羅錠 于 2018-6-10 20:45 编辑

ESET

12/15+13/15=25/30

C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(10).exe - Win32/Kryptik.GHDH 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(12).exe > AUTOIT > script.bin - Win32/Injector.Autoit.DCM 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(13).exe > UPX v13_m8 > AUTOIT > script.bin - Win32/Autoit.CO 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(14).exe > UPX v13_m8 > AUTOIT > script.bin - Win32/Autoit.CO 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(15).exe - Win32/GenKryptik.CCAZ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(2).exe - Win32/Packed.Themida 潜在的不受欢迎应用程序 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(3).exe - MSIL/TrojanDropper.Agent.DNB 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(4).exe - MSIL/TrojanDropper.Agent.DUB 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(5).exe - Win32/GenKryptik.CCBQ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(6).exe - Win32/Emotet.BK 特洛伊木马
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(7).exe > DOTNETREACTOR - 压缩文件已损坏
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(8).exe - MSIL/TrojanDropper.Agent.DNB 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Modified Samples\(9).exe - Win32/TrojanDownloader.Banload.YEZ 特洛伊木马 的变种

C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(10).exe - Win32/Kryptik.GHDH 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(12).exe > AUTOIT > script.bin - Win32/Injector.Autoit.DCM 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(13).exe > UPX v13_m8 > AUTOIT > script.bin - Win32/Autoit.CO 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(14).exe > UPX v13_m8 > AUTOIT > script.bin - Win32/Autoit.CO 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(15).exe - Win32/GenKryptik.CCAZ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(2).exe - Win32/Packed.Themida 潜在的不受欢迎应用程序 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(3).exe - MSIL/TrojanDropper.Agent.DNB 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(4).exe - MSIL/TrojanDropper.Agent.DUB 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(5).exe - Win32/GenKryptik.CCBQ 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(6).exe - Win32/Emotet.BK 特洛伊木马
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(7).exe - Generik.CYJFEJX 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(8).exe - MSIL/TrojanDropper.Agent.DNB 特洛伊木马 的变种
C:\Users\yilan\Downloads\PACKAGE 0610\Samples\(9).exe - Win32/TrojanDownloader.Banload.YEZ 特洛伊木马 的变种

回复

举报

救命稻草
发表于 2018-6-10 20:58:00 | 显示全部楼层
瑞星社区扫描版
14/15+11/15=25/30
回复

举报

dongwenqi
发表于 2018-6-10 21:05:02 | 显示全部楼层
卡巴斯基
Samples(11/15) + M(8/15) = Total(19/30)  63%
回复

举报

540923555
发表于 2018-6-10 21:21:43 | 显示全部楼层
WD
S(8/15)+M(8/15)=53.3%
回复

举报

aboringman
发表于 2018-6-10 21:53:08 | 显示全部楼层
本帖最后由 aboringman 于 2018-6-10 22:15 编辑

KIS:S【11/15】+M【9/15】=T【20/30】

实机双击,KIS仅杀9.exe的衍生物,剩下三只SW未发觉。

C:\Program Files (x86)\015341HfKUQBYv\Ng7Bhjk00924b.exe:HEUR:Trojan.Win32.Generic





回复

举报

心醉咖啡
发表于 2018-6-10 22:05:12 | 显示全部楼层
毒霸
  1. 扫描时间:[2018-06-10 22:04:04]
  2. 扫描用时:[00:00:39]
  3. 扫描类型:自定义查杀
  4. 扫描文件总数:34
  5. 扫描速度:1文件/秒
  6. 发现威胁:2个
  7. 清除威胁:2个
  8. =============================================
  9. [2018-06-10 22:04:52]
  10. 威胁:f:\浏览器下载\package 0610\samples\(14).exe
  11. 类型:win32.heur.kvm007.a
  12. 处理方式:删除

  14. [2018-06-10 22:04:52]
  15. 威胁:f:\浏览器下载\package 0610\modified samples\(14).exe
  16. 类型:win32.heur.kvm007.a
  17. 处理方式:删除

复制代码
回复

举报

Jerry.Lin
 楼主| 发表于 2018-6-10 22:08:17 | 显示全部楼层
  22:06

Samples(14/15) + M(14/15) = Total(28/30)  93%

  1. 2018/6/10, 22:06:18 [Real-Time Protection] Malware found
  2.         The pattern of 'TR/AD.Tofsee.55c848 (Cloud) [TR/AD.Tofsee.55c848]'
  3.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(15).exe'.
  4.         Action performed: Delete file
  5.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  7. 2018/6/10, 22:06:12 [Real-Time Protection] Malware found
  8.         The pattern of 'HEUR/AGEN.1026228 [heuristic]'
  9.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(14).exe'.
  10.         Action performed: Delete file
  11.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  13. 2018/6/10, 22:06:06 [Real-Time Protection] Malware found
  14.         The pattern of 'HEUR/AGEN.1026228 [heuristic]'
  15.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(13).exe'.
  16.         Action performed: Delete file
  17.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  19. 2018/6/10, 22:06:02 [Real-Time Protection] Malware found
  20.         The pattern of 'TR/Dropper.Gen [trojan]'
  21.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(12).exe'.
  22.         Action performed: Delete file
  23.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  25. 2018/6/10, 22:05:54 [Real-Time Protection] Malware found
  26.         The pattern of 'TR/Dldr.Delphi.4518b5 (Cloud) [TR/Dldr.Delphi.4518b5]'
  27.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(9).exe'.
  28.         Action performed: Delete file
  29.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  31. 2018/6/10, 22:05:49 [Real-Time Protection] Malware found
  32.         The pattern of 'HEUR/AGEN.1021667 [heuristic]'
  33.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(8).exe'.
  34.         Action performed: Delete file
  35.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  37. 2018/6/10, 22:05:44 [Real-Time Protection] Malware found
  38.         The pattern of 'TR/Dropper.Gen [trojan]'
  39.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(7).exe'.
  40.         Action performed: Delete file
  41.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  43. 2018/6/10, 22:05:38 [Real-Time Protection] Malware found
  44.         The pattern of 'TR/AD.Emotet.B (Cloud) [TR/AD.Emotet.B]'
  45.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(6).exe'.
  46.         Action performed: Delete file
  47.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  49. 2018/6/10, 22:05:32 [Real-Time Protection] Malware found
  50.         The pattern of 'TR/AD.GandCrab.B (Cloud) [TR/AD.GandCrab.B]'
  51.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(5).exe'.
  52.         Action performed: Delete file
  53.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  55. 2018/6/10, 22:05:27 [Real-Time Protection] Malware found
  56.         The pattern of 'TR/Dropper.MSIL.Gen [trojan]'
  57.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(4).exe'.
  58.         Action performed: Delete file
  59.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  61. 2018/6/10, 22:05:20 [Real-Time Protection] Malware found
  62.         The pattern of 'TR/Dropper.Gen [trojan]'
  63.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(3).exe'.
  64.         Action performed: Delete file
  65.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  67. 2018/6/10, 22:05:15 [Real-Time Protection] Malware found
  68.         The pattern of 'TR/Crypt.TPM.Gen [trojan]'
  69.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(2).exe'.
  70.         Action performed: Delete file
  71.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  73. 2018/6/10, 22:05:09 [Real-Time Protection] Malware found
  74.         The pattern of 'TR/PWS.Sinowal.Gen2 [trojan]'
  75.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(1).exe'.
  76.         Action performed: Delete file
  77.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  79. 2018/6/10, 22:04:57 [Real-Time Protection] Malware found
  80.         The pattern of 'TR/AD.Tofsee.d1cadb (Cloud) [TR/AD.Tofsee.d1cadb]'
  81.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(15).exe'.
  82.         Action performed: Delete file
  83.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  85. 2018/6/10, 22:04:53 [Real-Time Protection] Malware found
  86.         The pattern of 'HEUR/AGEN.1026228 [heuristic]'
  87.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(14).exe'.
  88.         Action performed: Delete file
  89.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  91. 2018/6/10, 22:04:50 [Real-Time Protection] Malware found
  92.         The pattern of 'HEUR/AGEN.1026228 [heuristic]'
  93.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(13).exe'.
  94.         Action performed: Delete file
  95.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  97. 2018/6/10, 22:04:46 [Real-Time Protection] Malware found
  98.         The pattern of 'DR/AutoIt.Gen2 [dropper]'
  99.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(12).exe'.
  100.         Action performed: Delete file
  101.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  103. 2018/6/10, 22:04:29 [Real-Time Protection] Malware found
  104.         The pattern of 'TR/Dldr.Delphi.9980f1 (Cloud) [TR/Dldr.Delphi.9980f1]'
  105.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(9).exe'.
  106.         Action performed: Delete file
  107.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  109. 2018/6/10, 22:04:23 [Real-Time Protection] Malware found
  110.         The pattern of 'HEUR/AGEN.1021667 [heuristic]'
  111.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(8).exe'.
  112.         Action performed: Delete file
  113.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  115. 2018/6/10, 22:04:17 [Real-Time Protection] Malware found
  116.         The pattern of 'HEUR/AGEN.1005979 [heuristic]'
  117.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(7).exe'.
  118.         Action performed: Delete file
  119.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  121. 2018/6/10, 22:04:11 [Real-Time Protection] Malware found
  122.         The pattern of 'TR/Crypt.ZPACK.9795fa (Cloud) [TR/Crypt.ZPACK.9795fa]'
  123.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(6).exe'.
  124.         Action performed: Delete file
  125.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  127. 2018/6/10, 22:04:06 [Real-Time Protection] Malware found
  128.         The pattern of 'TR/AD.GandCrab.B (Cloud) [TR/AD.GandCrab.B]'
  129.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(5).exe'.
  130.         Action performed: Delete file
  131.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  133. 2018/6/10, 22:03:59 [Real-Time Protection] Malware found
  134.         The pattern of 'TR/Dropper.MSIL.Gen [trojan]'
  135.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(4).exe'.
  136.         Action performed: Delete file
  137.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  139. 2018/6/10, 22:03:55 [Real-Time Protection] Malware found
  140.         The pattern of 'TR/Dropper.Gen [trojan]'
  141.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(3).exe'.
  142.         Action performed: Delete file
  143.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  145. 2018/6/10, 22:03:52 [Real-Time Protection] Malware found
  146.         The pattern of 'TR/Crypt.TPM.Gen [trojan]'
  147.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(2).exe'.
  148.         Action performed: Delete file
  149.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  151. 2018/6/10, 22:03:47 [Real-Time Protection] Malware found
  152.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
  153.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(1).exe'.
  154.         Action performed: Delete file
  155.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  157. 2018/6/10, 22:03:28 [Real-Time Protection] Malware found
  158.         The pattern of 'TR/Crypt.Xpack.rlwfw [trojan]'
  159.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(10).exe'.
  160.         Action performed: Delete file
  161.         User SID: S-1-5-18

  163. 2018/6/10, 22:03:28 [Real-Time Protection] Malware found
  164.         The pattern of 'TR/Crypt.Xpack.rlwfw [trojan]'
  165.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Modified Samples\(10).exe'.
  166.         Action performed: Delete file
  167.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  169. 2018/6/10, 22:03:26 [Real-Time Protection] Malware found
  170.         The pattern of 'TR/Crypt.Xpack.rlwfw [trojan]'
  171.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(10).exe'.
  172.         Action performed: Delete file
  173.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  175. 2018/6/10, 22:03:26 [Real-Time Protection] Malware found
  176.         The pattern of 'TR/Crypt.Xpack.rlwfw [trojan]'
  177.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0610\Samples\(10).exe'.
  178.         Action performed: Delete file
  179.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

复制代码




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

ccboxes
发表于 2018-6-10 22:28:44 | 显示全部楼层
卡巴斯基 扫描 06.10 21:30
Samples(11/15) + M(8/15) = Total(19/30)  


双击

Samples(12/15) + M(12/15) = Total(24/30)

1.exe/M1.exe 后台15分钟未发现可疑行为。
11.exe/M11.exe 运行后立即退出,无法测试
12.exe/M12.exe  可能为远控NanoCore RAT,但在全程美国代{过}{滤}理下仍然无法连接到服务器,故没有任何行为,运行一分钟后自退,无任何衍生物。

回复

举报

歌德塔大蜘蛛
发表于 2018-6-10 22:35:30 | 显示全部楼层
191196846 发表于 2018-6-10 22:08
22:06

Samples(14/15) + M(14/15) = Total(28/30)  93%

22:26
Avira
S剩余9、11,M剩余11 ,我这S9没杀,奇怪
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-20 13:33 , Processed in 0.118876 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表