#PACKAGE 0613

Jerry.Lin

蓝奏


Total : 36 (18+18)

……我错了


#勿传VT
#在样本有效期内（24小时），建议无需手动上报样本至厂商，便于其他人测试行为拦截，响应速度等
#样本序号以收集时间顺序排序，越大代表越接近现在时间


如 Modified Samples 报毒名与原样本有较大出入，则不计算在内。
行为防御检测计算在内
鼓励双击，结果置顶


回帖格式建议

杀软名称 + 时间

Samples查杀率 + M_Samples查杀率 = Total



例如：

XXXX  05 22 21:27

Samples(5/10) + M(3/10) = Total(8/20)  40%


----------------------------------------------
Second Scan 05 22 21:29

Samples(7/10) + M(3/10) = Total(10/20) 50%

ATP_synthase

KFA2019

双击14号删除自身，m2号衍生物被拉黑杀掉，m5报错停止运行，m8号删除自身，阻止m11启动，m12删除自身，m16删除自身

YU2711

SEP  S【15/18】+M【16/18】=T【31/36】 22:30

双击  S剩5  12 16
5 停止运作
12 SONAR.SuspPE!gen28
16 消失
M剩2 5
2
5跟S5一样
总结
S【17/18】+M【16/18】=T【33/36】

，就一个.

迈克菲 2018年6月14日2018年6月14日02:47:41
扫描
S文件夹16/18+9/18M文件夹=25/36

双击

S文件夹
9 不杀
16 报Real Protect-EC!DC7C5C557DE7

M文件夹
2 报衍生物 Suspect!515e721fa9cb
4 报Real Protect-EC!680E5E4E2097
5不杀8 报Real Protect-EC!EA3F4FFEBE24
9 报Real Protect-EC!A0D40AD57F04
10 报Real Protect-LS!e02c483d895d
11 报Real Protect-EC!388C1B9DB3BE
16 报 Suspect!8643cac7423e
18报 Real Protect-LS!089d59ba2a05

最后成绩S 17/18+M 17/18=34/36  94％

Jerry.Lin

21:24

Samples(17/18) + M(16/18) = Total(33/36) 92%


21:57
Samples(17/18) + M(18/18) = Total(35/36) 97%

1. 2018/6/13, 21:22:42 [Real-Time Protection] Malware found
   
2.         The pattern of 'TR/Crypt.XPACK.Gen [trojan]'
   
3.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(18).exe'.
   
4.         Action performed: Delete file
   
5.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
   
6. 
   
7. 2018/6/13, 21:22:35 [Real-Time Protection] Malware found
   
8.         The pattern of 'TR/Crypt.ZPACK.Gen2 (Cloud) [TR/Crypt.ZPACK.Gen2]'
   
9.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(16).exe'.
   
10.         Action performed: Delete file
    
11.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
12. 
    
13. 2018/6/13, 21:22:16 [Real-Time Protection] Malware found
    
14.         The pattern of 'DR/Delphi.4572c7 (Cloud) [DR/Delphi.4572c7]'
    
15.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(15).exe'.
    
16.         Action performed: Delete file
    
17.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
18. 
    
19. 2018/6/13, 21:22:00 [Real-Time Protection] Malware found
    
20.         The pattern of 'TR/Dropper.VB.d7889c (Cloud) [TR/Dropper.VB.d7889c]'
    
21.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(14).exe'.
    
22.         Action performed: Delete file
    
23.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
24. 
    
25. 2018/6/13, 21:21:45 [Real-Time Protection] Malware found
    
26.         The pattern of 'DR/Delphi.28177a (Cloud) [DR/Delphi.28177a]'
    
27.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(13).exe'.
    
28.         Action performed: Delete file
    
29.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
30. 
    
31. 2018/6/13, 21:21:26 [Real-Time Protection] Malware found
    
32.         The pattern of 'DR/Delphi.Gen [dropper]'
    
33.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(12).exe'.
    
34.         Action performed: Delete file
    
35.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
36. 
    
37. 2018/6/13, 21:21:19 [Real-Time Protection] Malware found
    
38.         The pattern of 'TR/Crypt.ZPACK.606e16 (Cloud) [TR/Crypt.ZPACK.606e16]'
    
39.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(11).exe'.
    
40.         Action performed: Delete file
    
41.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
42. 
    
43. 2018/6/13, 21:21:04 [Real-Time Protection] Malware found
    
44.         The pattern of 'TR/Crypt.XPACK.Gen [trojan]'
    
45.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(10).exe'.
    
46.         Action performed: Delete file
    
47.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
48. 
    
49. 2018/6/13, 21:21:00 [Real-Time Protection] Malware found
    
50.         The pattern of 'TR/Crypt.ZPACK.Gen [trojan]'
    
51.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(9).exe'.
    
52.         Action performed: Delete file
    
53.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
54. 
    
55. 2018/6/13, 21:20:56 [Real-Time Protection] Malware found
    
56.         The pattern of 'DR/Delphi.Gen [dropper]'
    
57.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(8).exe'.
    
58.         Action performed: Delete file
    
59.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
60. 
    
61. 2018/6/13, 21:20:52 [Real-Time Protection] Malware found
    
62.         The pattern of 'TR/Injector.9c0b08 (Cloud) [TR/Injector.9c0b08]'
    
63.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(7).exe'.
    
64.         Action performed: Delete file
    
65.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
66. 
    
67. 2018/6/13, 21:20:37 [Real-Time Protection] Malware found
    
68.         The pattern of 'TR/Crypt.ZPACK.Gen [trojan]'
    
69.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(6).exe'.
    
70.         Action performed: Delete file
    
71.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
72. 
    
73. 2018/6/13, 21:20:34 [Real-Time Protection] Malware found
    
74.         The pattern of 'DR/AutoIt.Gen8 [dropper]'
    
75.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(5).exe'.
    
76.         Action performed: Delete file
    
77.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
78. 
    
79. 2018/6/13, 21:20:31 [Real-Time Protection] Malware found
    
80.         The pattern of 'TR/Crypt.XPACK.b2e6e5 (Cloud) [TR/Crypt.XPACK.b2e6e5]'
    
81.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(4).exe'.
    
82.         Action performed: Delete file
    
83.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
84. 
    
85. 2018/6/13, 21:19:34 [Real-Time Protection] Malware found
    
86.         The pattern of 'TR/AD.Emotet.T (Cloud) [TR/AD.Emotet.T]'
    
87.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(18).exe'.
    
88.         Action performed: Delete file
    
89.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
90. 
    
91. 2018/6/13, 21:19:29 [Real-Time Protection] Malware found
    
92.         The pattern of 'DR/Delphi.4a53e2 (Cloud) [DR/Delphi.4a53e2]'
    
93.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(17).exe'.
    
94.         Action performed: Delete file
    
95.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
96. 
    
97. 2018/6/13, 21:19:25 [Real-Time Protection] Malware found
    
98.         The pattern of 'TR/Crypt.ZPACK.963f17 (Cloud) [TR/Crypt.ZPACK.963f17]'
    
99.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(16).exe'.
    
100.         Action performed: Delete file
     
101.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
102. 
     
103. 2018/6/13, 21:19:20 [Real-Time Protection] Malware found
     
104.         The pattern of 'DR/Delphi.498e51 (Cloud) [DR/Delphi.498e51]'
     
105.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(15).exe'.
     
106.         Action performed: Delete file
     
107.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
108. 
     
109. 2018/6/13, 21:19:16 [Real-Time Protection] Malware found
     
110.         The pattern of 'HEUR/AGEN.1004799 [heuristic]'
     
111.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(14).exe'.
     
112.         Action performed: Delete file
     
113.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
114. 
     
115. 2018/6/13, 21:19:11 [Real-Time Protection] Malware found
     
116.         The pattern of 'DR/Delphi.20a52c (Cloud) [DR/Delphi.20a52c]'
     
117.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(13).exe'.
     
118.         Action performed: Delete file
     
119.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
120. 
     
121. 2018/6/13, 21:18:53 [Real-Time Protection] Malware found
     
122.         The pattern of 'TR/Dldr.Delf.d8186c (Cloud) [TR/Dldr.Delf.d8186c]'
     
123.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(12).exe'.
     
124.         Action performed: Delete file
     
125.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
126. 
     
127. 2018/6/13, 21:18:49 [Real-Time Protection] Malware found
     
128.         The pattern of 'TR/AD.Inject.2f01ba (Cloud) [TR/AD.Inject.2f01ba]'
     
129.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(11).exe'.
     
130.         Action performed: Delete file
     
131.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
132. 
     
133. 2018/6/13, 21:18:44 [Real-Time Protection] Malware found
     
134.         The pattern of 'TR/Crypt.ZPACK.aea946 (Cloud) [TR/Crypt.ZPACK.aea946]'
     
135.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(10).exe'.
     
136.         Action performed: Delete file
     
137.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
138. 
     
139. 2018/6/13, 21:18:38 [Real-Time Protection] Malware found
     
140.         The pattern of 'TR/Dropper.VB.e00885 (Cloud) [TR/Dropper.VB.e00885]'
     
141.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(9).exe'.
     
142.         Action performed: Delete file
     
143.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
144. 
     
145. 2018/6/13, 21:18:15 [Real-Time Protection] Malware found
     
146.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
     
147.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(8).exe'.
     
148.         Action performed: Delete file
     
149.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
150. 
     
151. 2018/6/13, 21:18:10 [Real-Time Protection] Malware found
     
152.         The pattern of 'TR/Injector.a90ab2 (Cloud) [TR/Injector.a90ab2]'
     
153.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(6).exe'.
     
154.         Action performed: Delete file
     
155.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
156. 
     
157. 2018/6/13, 21:17:48 [Real-Time Protection] Malware found
     
158.         The pattern of 'DR/AutoIt.Gen8 [dropper]'
     
159.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(5).exe'.
     
160.         Action performed: Delete file
     
161.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
162. 
     
163. 2018/6/13, 21:17:43 [Real-Time Protection] Malware found
     
164.         The pattern of 'TR/Crypt.XPACK.ece2a8 (Cloud) [TR/Crypt.XPACK.ece2a8]'
     
165.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(4).exe'.
     
166.         Action performed: Delete file
     
167.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
168. 
     
169. 2018/6/13, 21:17:05 [Real-Time Protection] Malware found
     
170.         The pattern of 'TR/Injector.lyfmo [trojan]'
     
171.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(3).exe'.
     
172.         Action performed: Delete file
     
173.         User SID: S-1-5-18
     
174. 
     
175. 2018/6/13, 21:17:04 [Real-Time Protection] Malware found
     
176.         The pattern of 'TR/Injector.lyfmo [trojan]'
     
177.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(3).exe'.
     
178.         Action performed: Delete file
     
179.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
180. 
     
181. 2018/6/13, 21:17:04 [Real-Time Protection] Malware found
     
182.         The pattern of 'TR/AD.RansomHeur.qqkfb [trojan]'
     
183.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Modified Samples\(1).exe'.
     
184.         Action performed: Delete file
     
185.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
186. 
     
187. 2018/6/13, 21:17:03 [Real-Time Protection] Malware found
     
188.         The pattern of 'TR/AD.Sagonaire.leqho [trojan]'
     
189.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(7).exe'.
     
190.         Action performed: Delete file
     
191.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
192. 
     
193. 2018/6/13, 21:17:03 [Real-Time Protection] Malware found
     
194.         The pattern of 'TR/AD.RansomHeur.qqkfb [trojan]'
     
195.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(1).exe'.
     
196.         Action performed: Delete file
     
197.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
198. 
     
199. 2018/6/13, 21:17:02 [Real-Time Protection] Malware found
     
200.         The pattern of 'TR/AD.Sagonaire.leqho [trojan]'
     
201.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(7).exe'.
     
202.         Action performed: Delete file
     
203.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
204. 
     
205. 2018/6/13, 21:17:02 [Real-Time Protection] Malware found
     
206.         The pattern of 'TR/Injector.lyfmo [trojan]'
     
207.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(3).exe'.
     
208.         Action performed: Delete file
     
209.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
210. 
     
211. 2018/6/13, 21:17:02 [Real-Time Protection] Malware found
     
212.         The pattern of 'TR/AD.RansomHeur.qqkfb [trojan]'
     
213.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(1).exe'.
     
214.         Action performed: Delete file
     
215.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
216. 
     
217. 2018/6/13, 21:17:02 [Real-Time Protection] Malware found
     
218.         The pattern of 'TR/Injector.lyfmo [trojan]'
     
219.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(3).exe'.
     
220.         Action performed: Delete file
     
221.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
222. 
     
223. 2018/6/13, 21:17:01 [Real-Time Protection] Malware found
     
224.         The pattern of 'TR/AD.RansomHeur.qqkfb [trojan]'
     
225.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0613\Samples\(1).exe'.
     
226.         Action performed: Delete file
     
227.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
228. 
     

复制代码

ELOHIM

SCEP 06/13 21:19
s(8/18)+m(9/18)=t(17/36) 47.2%

aboringman

KIS：S【17/18】+M【11/18】=T【28/36】

B100D1E55

ESET清空…………

2605276004x

sandboxie双击-Kaspersky一群大爷不测了

22：40
S【18/18】+M【17/18】=T【35/36】 97%
剩M16

momng

AVIRA最近真良心，一用户5设备3年才60多块，找时间买来玩玩。


以前一直是红豆组合，现在逼于无奈入了大蜘蛛，莫非又勾引我入红伞。。。

Jerry.Lin

B100D1E55 发表于 2018-6-13 21:20
ESET清空…………

2.exe 到底是啥

我记得前天我也捕到这个……当时好像你说是白的？

2605276004x

191196846 发表于 2018-6-13 21:26
2.exe 到底是啥

我记得前天我也捕到这个……当时好像你说是白的？

Kaspersky trojan-banker.win32.tinynuke.mf

x291502676

@，就一个.   期待你的测试