收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0618
1234下一页
返回列表 发新帖
查看: 3733|回复: 32
收起左侧

[病毒样本] #PACKAGE 0618

  [复制链接]
Jerry.Lin
发表于 2018-6-18 21:41:28 | 显示全部楼层 |阅读模式
本帖最后由 191196846 于 2018-6-18 22:05 编辑

蓝奏


Total : 26

========================================
These products were tested before package released:

Windows Defender    5/26     17/26              System is infected
Qihoo 360 SD            14/26    22/26              System is clean
========================================


#勿传VT
#在样本有效期内(24小时),建议无需手动上报样本至厂商,便于其他人测试行为拦截,响应速度等
#样本序号以收集时间顺序排序,越大代表越接近现在时间


回帖格式建议

杀软名称 + 时间
查杀数量+查杀率


例如:
XXX 20:39
Samples(5/10) 50%

评分

参与人数 2人气 +2 收起 理由
petr0vic + 1 版区有你更精彩: )
B100D1E55 + 1 版区有你更happy: )

查看全部评分

回复

举报

WhiteCruel
发表于 2018-6-18 22:13:38 | 显示全部楼层
本帖最后由 WhiteCruel 于 2018-6-19 06:53 编辑

ESET 22:12

Samples(22/26) 84.6%

双击
11 miss,提示一分钟内将自动注销,出现一堆弹窗,大量占用内存,虚拟机直接崩溃了。。。
17 miss,在ProgramData释放flvin.exe(随机文件名)并运行,Eset无反应。(7小时后入库)
18 打开了一个docx,报Win32/Injector.Autoit.CZQ,随后AMS检测到MSIL/Autorun.Spy.Agent.AU蠕虫的变种,删除出错。(见下图)
20 运行需要.net 4,懒得装了。(更新:运行5分钟后Eset还是没反应)


难道这就是传说中的Eset发现病毒清除不掉吗?


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
B100D1E55 + 1

查看全部评分

回复

举报

YU2711
发表于 2018-6-18 22:21:02 | 显示全部楼层
本帖最后由 YU2711 于 2018-6-18 22:48 编辑

Norton   22:20

(19/26)

11SONAR.Heur.RGC!g111
13SONAR.Heuristic.170
15SONAR.Heuristic.170
17SONAR.Heuristic.170
18SONAR.SuspPE!gen32
20SONAR.Heuristic.170
26SONAR.Heuristic.170
回复

举报

Jerry.Lin
 楼主| 发表于 2018-6-18 22:33:43 | 显示全部楼层
本帖最后由 191196846 于 2018-6-18 22:38 编辑

22:34

26/26  100%


  1. 2018/6/18, 22:37:13 [Real-Time Protection] Malware found
  2.         The pattern of 'TR/Crypt.Agent.856e75 (Cloud) [TR/Crypt.Agent.856e75]'
  3.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(26).exe'.
  4.         Action performed: Delete file
  5.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  7. 2018/6/18, 22:36:55 [Real-Time Protection] Malware found
  8.         The pattern of 'TR/Dropper.VB.Gen (Cloud) [TR/Dropper.VB.Gen]'
  9.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(22).exe'.
  10.         Action performed: Delete file
  11.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  13. 2018/6/18, 22:36:41 [Real-Time Protection] Malware found
  14.         The pattern of 'TR/Dropper.VB.dd585b (Cloud) [TR/Dropper.VB.dd585b]'
  15.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(21).exe'.
  16.         Action performed: Delete file
  17.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  19. 2018/6/18, 22:33:19 [Real-Time Protection] Malware found
  20.         The pattern of 'TR/Dropper.Gen [trojan]'
  21.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(24).exe'.
  22.         Action performed: Delete file
  23.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  25. 2018/6/18, 22:33:14 [Real-Time Protection] Malware found
  26.         The pattern of 'TR/Crypt.XPACK.Gen [trojan]'
  27.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(23).exe'.
  28.         Action performed: Delete file
  29.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  31. 2018/6/18, 22:33:01 [Real-Time Protection] Malware found
  32.         The pattern of 'TR/Dropper.MSIL.5a5c53 (Cloud) [TR/Dropper.MSIL.5a5c53]'
  33.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(20).exe'.
  34.         Action performed: Delete file
  35.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  37. 2018/6/18, 22:32:45 [Real-Time Protection] Malware found
  38.         The pattern of 'TR/Dropper.Gen [trojan]'
  39.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(19).exe'.
  40.         Action performed: Delete file
  41.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  43. 2018/6/18, 22:32:40 [Real-Time Protection] Malware found
  44.         The pattern of 'DR/AutoIt.Gen (Cloud) [DR/AutoIt.Gen]'
  45.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(18).exe'.
  46.         Action performed: Delete file
  47.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  49. 2018/6/18, 22:32:18 [Real-Time Protection] Malware found
  50.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
  51.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(17).exe'.
  52.         Action performed: Delete file
  53.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  55. 2018/6/18, 22:32:02 [Real-Time Protection] Malware found
  56.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
  57.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(16).exe'.
  58.         Action performed: Delete file
  59.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  61. 2018/6/18, 22:31:43 [Real-Time Protection] Malware found
  62.         The pattern of 'TR/Crypt.EPACK.Gen8 (Cloud) [TR/Crypt.EPACK.Gen8]'
  63.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(15).exe'.
  64.         Action performed: Delete file
  65.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  67. 2018/6/18, 22:31:27 [Real-Time Protection] Malware found
  68.         The pattern of 'TR/Dropper.Gen [trojan]'
  69.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(14).exe'.
  70.         Action performed: Delete file
  71.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  73. 2018/6/18, 22:31:21 [Real-Time Protection] Malware found
  74.         The pattern of 'TR/Dropper.MSIL.Gen [trojan]'
  75.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(13).exe'.
  76.         Action performed: Delete file
  77.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  79. 2018/6/18, 22:31:17 [Real-Time Protection] Malware found
  80.         The pattern of 'TR/Crypt.XPACK.Gen [trojan]'
  81.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(12).exe'.
  82.         Action performed: Delete file
  83.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  85. 2018/6/18, 22:31:12 [Real-Time Protection] Malware found
  86.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
  87.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(11).exe'.
  88.         Action performed: Delete file
  89.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  91. 2018/6/18, 22:30:56 [Real-Time Protection] Malware found
  92.         The pattern of 'TR/Dropper.Gen [trojan]'
  93.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(9).exe'.
  94.         Action performed: Delete file
  95.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  97. 2018/6/18, 22:30:49 [Real-Time Protection] Malware found
  98.         The pattern of 'TR/Dropper.VB.b70691 (Cloud) [TR/Dropper.VB.b70691]'
  99.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(8).exe'.
  100.         Action performed: Delete file
  101.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  103. 2018/6/18, 22:30:30 [Real-Time Protection] Malware found
  104.         The pattern of 'TR/Crypt.EPACK.Gen8 (Cloud) [TR/Crypt.EPACK.Gen8]'
  105.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(7).exe'.
  106.         Action performed: Delete file
  107.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  109. 2018/6/18, 22:30:13 [Real-Time Protection] Malware found
  110.         The pattern of 'DR/Delphi.Gen (Cloud) [DR/Delphi.Gen]'
  111.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(6).exe'.
  112.         Action performed: Delete file
  113.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  115. 2018/6/18, 22:29:56 [Real-Time Protection] Malware found
  116.         The pattern of 'HEUR/AGEN.1006332 [heuristic]'
  117.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(5).exe'.
  118.         Action performed: Delete file
  119.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  121. 2018/6/18, 22:29:50 [Real-Time Protection] Malware found
  122.         The pattern of 'TR/Crypt.XPACK.113879 (Cloud) [TR/Crypt.XPACK.113879]'
  123.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(3).exe'.
  124.         Action performed: Delete file
  125.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  127. 2018/6/18, 22:29:28 [Real-Time Protection] Malware found
  128.         The pattern of 'HEUR/AGEN.1022244 [heuristic]'
  129.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(1).exe'.
  130.         Action performed: Delete file
  131.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  133. 2018/6/18, 22:29:18 [Real-Time Protection] Malware found
  134.         The pattern of 'TR/Hijacker.A.31 [trojan]'
  135.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(4).exe'.
  136.         Action performed: Delete file
  137.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  139. 2018/6/18, 22:29:17 [Real-Time Protection] Malware found
  140.         The pattern of 'TR/Hijacker.A.31 [trojan]'
  141.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(4).exe'.
  142.         Action performed: Delete file
  143.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  145. 2018/6/18, 22:29:17 [Real-Time Protection] Malware found
  146.         The pattern of 'TR/Crypt.Agent.xmyxf [trojan]'
  147.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(25).exe'.
  148.         Action performed: Delete file
  149.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  151. 2018/6/18, 22:29:17 [Real-Time Protection] Malware found
  152.         The pattern of 'TR/Crypt.Agent.xmyxf [trojan]'
  153.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(25).exe'.
  154.         Action performed: Delete file
  155.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  157. 2018/6/18, 22:29:16 [Real-Time Protection] Malware found
  158.         The pattern of 'TR/AD.Nanocore.lpmcs [trojan]'
  159.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(2).exe'.
  160.         Action performed: Delete file
  161.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  163. 2018/6/18, 22:29:16 [Real-Time Protection] Malware found
  164.         The pattern of 'TR/AD.Nanocore.lpmcs [trojan]'
  165.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(2).exe'.
  166.         Action performed: Delete file
  167.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  169. 2018/6/18, 22:29:16 [Real-Time Protection] Malware found
  170.         The pattern of 'TR/Agent.bzigz [trojan]'
  171.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(10).exe'.
  172.         Action performed: Delete file
  173.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

  175. 2018/6/18, 22:29:15 [Real-Time Protection] Malware found
  176.         The pattern of 'TR/Agent.bzigz [trojan]'
  177.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(10).exe'.
  178.         Action performed: Delete file
  179.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001

复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

aice7837
发表于 2018-6-18 22:52:19 | 显示全部楼层
kis18
扫描之后剩7、11、12、15、16、17、19、23
双击杀12、16、17、23
15重启后本体还在
回复

举报

aice7837
发表于 2018-6-18 23:14:40 | 显示全部楼层

eis双击剩余4个样本之后,杀了18衍生物

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

WhiteCruel
发表于 2018-6-19 02:52:52 | 显示全部楼层
双击360剩下的4个样本

11 miss,提示一分钟内将自动关机,出现一堆弹窗,大量占用内存,虚拟机直接崩溃
17 拦截添加启动项,衍生物报 HEUR/QVM20.1.EE21.Malware.Gen
20 运行10分钟无反应
26 拦截注入,放行后,衍生物报 QVM20.1.23A5.Malware.Gen

回复

举报

,就一个.
发表于 2018-6-19 03:18:21 | 显示全部楼层
迈克菲扫描杀13/26  时间2018年6月19日03:18:11

双击
1 报Real Protect-LS!d903218d5b00
2 报Real Protect-LS!ccabf6faf611
11 报Real Protect-LS!57bd651de7b6
12 报Real Protect-LS!08c9112b01a2
14 报Real Protect-LS!692d80bcdeb7
15 不报
16 报Real Protect-EC!BAA1E2D63957
17 报Real Protect-LS!703d49cc79e6
19 报Real Protect-LS!03551eb6f1a9
20 报Real Protect-LS!1b82d29542db
21 报DAC/Suspect.0:0:3eb!30994a352de3
22 报DAC/Suspect.0:0:3eb!f4399923396a
23 报Real Protect-LS!49fdd6f527ba

回复

举报

ATP_synthase
发表于 2018-6-18 21:49:20 | 显示全部楼层
卡巴21:48
Samples(17/26)
回复

举报

挥泪斩情思
发表于 2018-6-18 21:52:08 | 显示全部楼层
本帖最后由 挥泪斩情思 于 2018-6-18 22:06 编辑

dr.web
11/26
回复

举报

zh7000047
发表于 2018-6-18 22:01:26 | 显示全部楼层
bd 扫描14/26
回复

举报

只求速度!
发表于 2018-6-18 22:08:13 | 显示全部楼层
趋势科技 22:08
4/26
回复

举报

只求速度!
发表于 2018-6-18 22:08:39 | 显示全部楼层
电脑管家 22:08
7/26
回复

举报

lambggy
发表于 2018-6-18 22:09:56 | 显示全部楼层
瑞星安全云 22:08
Samples(4/26) 15%

瑞星ML社区版 22:08
Samples(11/26) 42%

瑞星RDM+社区版 22:08
Samples(17/26) 65%
回复

举报

只求速度!
发表于 2018-6-18 22:19:52 | 显示全部楼层
本帖最后由 只求速度! 于 2018-6-18 22:23 编辑

360杀毒 22:19
19/26

金山 22:22
0/22



回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-19 20:11 , Processed in 0.143426 second(s), 20 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表