楼主: Jerry.Lin
收起左侧

[病毒样本] #PACKAGE 0614

  [复制链接]
a27573
发表于 2018-6-14 22:46:31 | 显示全部楼层
ESET 19/26 73%
  1. 时间;扫描程序;对象类型;对象;威胁;操作;用户;信息;哈希;此处首次所见
  2. 2018/6/14 22:40:20;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(23) .exe;NSIS/Injector.ABV 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;976069E7F640D1556CD399D9F77276FC6F56E2AA;
  3. 2018/6/14 22:40:20;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(15) .exe;Win32/GenKryptik.CCMV 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;3FD3A08489EDEB0343A0229BADB7227B09B48BBB;2018/6/14 22:39:59
  4. 2018/6/14 22:40:21;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(17) .exe;Win32/Kryptik.GHTO 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;2E37E391387063F8355FC1DB16DABCB40F9A0E2C;2018/6/14 22:39:59
  5. 2018/6/14 22:40:22;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(20) .exe;Win32/TrojanDropper.Danabot.C 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;16BEE6EE5674B3EB79694220D878A2FFA45A4DF5;2018/6/14 22:39:59
  6. 2018/6/14 22:40:32;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(18) .exe;Win32/TrojanDropper.Agent.RKZ 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;696111975A275FDB9418F2016578F3B7439CD804;2018/6/14 22:39:59
  7. 2018/6/14 22:40:38;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(19) .exe;Win32/Injector.DYQO 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;0A1A34F5F5CE5E68AF0F78A97BCD724847407C0A;2018/6/14 22:39:59
  8. 2018/6/14 22:40:51;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(2) .exe;Win32/Spy.Agent.PLA 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;AEEA84F0B442A51BD201F7E8B1D7A5AFC2772AA2;2018/6/14 22:39:59
  9. 2018/6/14 22:41:00;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(1) .exe;Generik.FQDGXMK 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;9172E3FC1C7704485D03A6499F1A1064D81A024D;2018/6/14 22:39:59
  10. 2018/6/14 22:41:02;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(25) .exe;MSIL/Kryptik.JBL 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;6052E4F42D58D0B335CBA3C24A8091F80808B736;2018/6/14 22:39:59
  11. 2018/6/14 22:41:10;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(24) .exe;Suspicious Object;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;A3917D3869B544E973DCF99A7268A99AA76C7AD9;2018/6/14 22:39:59
  12. 2018/6/14 22:41:13;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(6) .exe;Win32/PSW.Delf.OSF 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;4251C45A3E45A593DABD82FC7E1DB3D00988CFE6;2018/6/14 22:39:59
  13. 2018/6/14 22:41:24;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(3) .exe;Win32/TrojanDropper.Danabot.B 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;63CAF9F0E50822AD332592D511B3C9344BBEE148;2018/6/14 22:39:59
  14. 2018/6/14 22:41:26;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(4) .exe;Win32/Emotet.BK 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;175691852F279AEAC6EC013F98422991F621D15F;2018/6/14 22:39:59
  15. 2018/6/14 22:41:27;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(7) .exe;Win32/Kryptik.GHTB 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;1640E8C7CD9597D1FD9A4CDD73AAFF6940E3F4F4;2018/6/14 22:39:59
  16. 2018/6/14 22:41:38;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(5) .exe;Win32/Agent.YMG 特洛伊木马;已删除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;93202992BBF51FFDC79DF6D51782AF4FE3534DDF;
  17. 2018/6/14 22:41:39;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(8) .exe;Win32/ClipBanker.FF 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;C04304C5598803E09C4F3D55DBB71B6591BFDBF0;2018/6/14 22:39:59
  18. 2018/6/14 22:41:45;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(9) .exe;MSIL/Kryptik.ONE 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;4199920860548D9D980EB4DEC7CB2CB97CA41FF3;2018/6/14 22:39:59
  19. 2018/6/14 22:41:50;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(10) .exe;Win32/Emotet.BK 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;FE48885B5F0B44E5A8211689FD40430D2A0924DE;2018/6/14 22:39:59
  20. 2018/6/14 22:41:53;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(12) .exe;Win32/TrojanDownloader.Banload.YEZ 特洛伊木马 的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;F45F93F22D4FFD71F93466D19548F2D60FCFE4BC;2018/6/14 22:39:59
复制代码
Jerry.Lin
 楼主| 发表于 2018-6-14 22:48:52 | 显示全部楼层
本帖最后由 191196846 于 2018-6-14 22:59 编辑

EES   22: 55
Samples(18/26) 69%

双击
Samples(20/26) 76%

一个衍生物 僵尸网络

一个貌似漏毒……手动执行内存扫描明确报法……
Operating memory » (24) .exe(2744) - a variant of Win32/Spy.Ursnif.AO trojan - cleaned by deleting [1]




为啥始终没看到AMS发威呢……难道我用的EES有问题?

  1. 2018/6/14 22:46:21;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(20) .exe;a variant of Win32/TrojanDropper.Danabot.C trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;16BEE6EE5674B3EB79694220D878A2FFA45A4DF5;2018/6/14 22:46:09
  2. 2018/6/14 22:46:22;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(18) .exe;a variant of Win32/TrojanDropper.Agent.RKZ trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;696111975A275FDB9418F2016578F3B7439CD804;2018/6/14 22:46:08
  3. 2018/6/14 22:46:22;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(1) .exe;a variant of Generik.FQDGXMK trojan;cleaned by deleting;;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;9172E3FC1C7704485D03A6499F1A1064D81A024D;2018/6/14 22:46:09
  4. 2018/6/14 22:46:23;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(23) .exe;NSIS/Injector.ABV trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;976069E7F640D1556CD399D9F77276FC6F56E2AA;
  5. 2018/6/14 22:46:24;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(2) .exe;a variant of Win32/Spy.Agent.PLA trojan;cleaned by deleting;;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;AEEA84F0B442A51BD201F7E8B1D7A5AFC2772AA2;2018/6/14 22:46:09
  6. 2018/6/14 22:46:26;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(19) .exe;a variant of Win32/Injector.DYQO trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;0A1A34F5F5CE5E68AF0F78A97BCD724847407C0A;2018/6/14 22:46:08
  7. 2018/6/14 22:46:28;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(15) .exe;a variant of Win32/GenKryptik.CCMV trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;3FD3A08489EDEB0343A0229BADB7227B09B48BBB;2018/6/14 22:46:08
  8. 2018/6/14 22:46:32;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(4) .exe;Win32/Emotet.BK trojan;cleaned by deleting;;Event occurred on a newly created file.;175691852F279AEAC6EC013F98422991F621D15F;2018/6/14 22:46:10
  9. 2018/6/14 22:46:33;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(6) .exe;a variant of Win32/PSW.Delf.OSF trojan;cleaned by deleting;;Event occurred on a newly created file.;4251C45A3E45A593DABD82FC7E1DB3D00988CFE6;2018/6/14 22:46:10
  10. 2018/6/14 22:46:33;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(7) .exe;a variant of Win32/Kryptik.GHTB trojan;cleaned by deleting;;Event occurred on a newly created file.;1640E8C7CD9597D1FD9A4CDD73AAFF6940E3F4F4;2018/6/14 22:46:10
  11. 2018/6/14 22:46:33;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(8) .exe;Win32/ClipBanker.FF trojan;cleaned by deleting;;Event occurred on a newly created file.;C04304C5598803E09C4F3D55DBB71B6591BFDBF0;2018/6/14 22:46:10
  12. 2018/6/14 22:46:33;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(5) .exe;Win32/Agent.YMG trojan;deleted;;Event occurred on a newly created file.;93202992BBF51FFDC79DF6D51782AF4FE3534DDF;
  13. 2018/6/14 22:46:35;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(10) .exe;Win32/Emotet.BK trojan;cleaned by deleting;;Event occurred on a newly created file.;FE48885B5F0B44E5A8211689FD40430D2A0924DE;2018/6/14 22:46:10
  14. 2018/6/14 22:46:35;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(25) .exe;a variant of MSIL/Kryptik.JBL trojan;cleaned by deleting;;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;6052E4F42D58D0B335CBA3C24A8091F80808B736;2018/6/14 22:46:09
  15. 2018/6/14 22:46:36;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(12) .exe;a variant of Win32/TrojanDownloader.Banload.YEZ trojan;cleaned by deleting;;Event occurred on a newly created file.;F45F93F22D4FFD71F93466D19548F2D60FCFE4BC;2018/6/14 22:46:10
  16. 2018/6/14 22:46:37;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(9) .exe;a variant of MSIL/Kryptik.ONE trojan;cleaned by deleting;;Event occurred on a newly created file.;4199920860548D9D980EB4DEC7CB2CB97CA41FF3;2018/6/14 22:46:10
  17. 2018/6/14 22:46:39;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(3) .exe;a variant of Win32/TrojanDropper.Danabot.B trojan;cleaned by deleting;;Event occurred on a newly created file.;63CAF9F0E50822AD332592D511B3C9344BBEE148;2018/6/14 22:46:09
  18. 2018/6/14 22:46:41;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(17) .exe;a variant of Win32/Kryptik.GHTO trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;2E37E391387063F8355FC1DB16DABCB40F9A0E2C;2018/6/14 22:46:08
复制代码
a445441
发表于 2018-6-14 22:55:20 | 显示全部楼层
微点主防拦截10个 扫描1个 共KILL11个
Jerry.Lin
 楼主| 发表于 2018-6-14 22:59:16 | 显示全部楼层

有条件双击试下么?
a27573
发表于 2018-6-14 23:30:09 | 显示全部楼层
191196846 发表于 2018-6-14 22:59
有条件双击试下么?

刚才在沙盘里双击了一下,一次黑屏一次蓝屏
不敢再测了

这是怎么回事
YU2711
发表于 2018-6-14 23:43:03 | 显示全部楼层
FS Protection   23:42
Samples(18/26)
剩1 15 19 21 22 24 26 9 雙擊
1自退
9多一個DLL擋在TEMP殺
15
19Suspicious:W32/Malware!DeepGuard
21執行衍生DG殺
22
24
26W32/Malware!DeepGuard
Samples(22/26)
ELOHIM
发表于 2018-6-14 23:50:26 | 显示全部楼层

家里下载不了。
有一个临时的DNS错误。。。
ccboxes
发表于 2018-6-15 01:01:34 | 显示全部楼层
wusiyuanjh 发表于 2018-6-14 21:27
卡巴排除扫描双击测试中。。。基本结束
扫描杀9个,双击杀5个,其中2号是拦截网址

所以说给个具体数据啊,一共杀14个?其余的都是什么情况?
,就一个.
发表于 2018-6-15 01:33:34 | 显示全部楼层
本帖最后由 ,就一个. 于 2018-6-15 02:01 编辑

迈克菲扫描杀8 剩余18个

双击杀17个 剩23号不杀

1 报Real Protect-LS!b79576e5c515

2 报Real Protect-EC!2888C046B4DE
3 报 D:\360极速浏览器下载\PACKAGE 0614\(3) .exe 试图访问了 C:\ProgramData\BE77D162.dll。 自适应威胁防护已修复  执行的操作        清理C:\PROGRAMDATA\BE77D162.DLL   威胁名称        ATP/Suspect!2a5fcd0c5285  这货利用RUNDLL32.EXE干坏事被抓了
4 报Real Protect-LS!425c7deaa4a2
5 报Real Protect-EC!A92DCEA95025
6 扫描删除的
7 报Real Protect-LS!a3bda6d398a1
8 报Real Protect-LS!f51fb377c98f
9 扫描删除的
10 报Real Protect-EC!EBDE65736C93
11 报Real Protect-EC!82AE76F208BD
12 报Real Protect-EC!4145811AFF2C
13 报Real Protect-LS!13380d42946a
14 扫描删除的
15 报可能是我双击太速度快了连同12一起被报Real Protect-EC!4145811AFF2C
16 报Real Protect-EC!EB9C72111C11
17 报Real Protect-EC!C8B07A5A8031
18 扫描删除的
19 扫描删除的
20 扫描删除的
21 报Real Protect-LS!009cd180090f
22 扫描删除的
23 不报
24 报Real Protect-EC!AFE9E2F4F63B
25 扫描删除的
26 报Real Protect-EC!036F834941F2
最后成绩 25/26  96%
吐槽一下 咖啡主防杀得比扫描还要多 我真的不晓得是几个意思,不改的样本要好一点,改了查杀太低了



Sailer.X 该用户已被删除
发表于 2018-6-15 01:43:33 | 显示全部楼层
Panda 18/6/15 1:39

Samples(7/26) 约27%
(6) .exe:Trj/GdSda.A
(8) .exe:Trj/GdSda.A
(14) .exe:Trj/GdSda.A
(18) .exe:Trj/GdSda.A
(19) .exe:Trj/CI.A
(22) .exe:Trj/CI.A
(25) .exe:Trj/CI.A
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-29 19:52 , Processed in 0.091773 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表