#PACKAGE 0618

ELOHIM

不测了，打不开。。
无法显示此网页
错误代码： ERR_CONNECTION_TIMED_OUT

反正微软也就是那N样。

Jerry.Lin

22:34

26/26  100%

1. 2018/6/18, 22:37:13 [Real-Time Protection] Malware found
   
2.         The pattern of 'TR/Crypt.Agent.856e75 (Cloud) [TR/Crypt.Agent.856e75]'
   
3.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(26).exe'.
   
4.         Action performed: Delete file
   
5.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
   
6. 
   
7. 2018/6/18, 22:36:55 [Real-Time Protection] Malware found
   
8.         The pattern of 'TR/Dropper.VB.Gen (Cloud) [TR/Dropper.VB.Gen]'
   
9.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(22).exe'.
   
10.         Action performed: Delete file
    
11.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
12. 
    
13. 2018/6/18, 22:36:41 [Real-Time Protection] Malware found
    
14.         The pattern of 'TR/Dropper.VB.dd585b (Cloud) [TR/Dropper.VB.dd585b]'
    
15.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(21).exe'.
    
16.         Action performed: Delete file
    
17.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
18. 
    
19. 2018/6/18, 22:33:19 [Real-Time Protection] Malware found
    
20.         The pattern of 'TR/Dropper.Gen [trojan]'
    
21.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(24).exe'.
    
22.         Action performed: Delete file
    
23.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
24. 
    
25. 2018/6/18, 22:33:14 [Real-Time Protection] Malware found
    
26.         The pattern of 'TR/Crypt.XPACK.Gen [trojan]'
    
27.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(23).exe'.
    
28.         Action performed: Delete file
    
29.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
30. 
    
31. 2018/6/18, 22:33:01 [Real-Time Protection] Malware found
    
32.         The pattern of 'TR/Dropper.MSIL.5a5c53 (Cloud) [TR/Dropper.MSIL.5a5c53]'
    
33.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(20).exe'.
    
34.         Action performed: Delete file
    
35.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
36. 
    
37. 2018/6/18, 22:32:45 [Real-Time Protection] Malware found
    
38.         The pattern of 'TR/Dropper.Gen [trojan]'
    
39.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(19).exe'.
    
40.         Action performed: Delete file
    
41.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
42. 
    
43. 2018/6/18, 22:32:40 [Real-Time Protection] Malware found
    
44.         The pattern of 'DR/AutoIt.Gen (Cloud) [DR/AutoIt.Gen]'
    
45.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(18).exe'.
    
46.         Action performed: Delete file
    
47.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
48. 
    
49. 2018/6/18, 22:32:18 [Real-Time Protection] Malware found
    
50.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
    
51.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(17).exe'.
    
52.         Action performed: Delete file
    
53.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
54. 
    
55. 2018/6/18, 22:32:02 [Real-Time Protection] Malware found
    
56.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
    
57.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(16).exe'.
    
58.         Action performed: Delete file
    
59.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
60. 
    
61. 2018/6/18, 22:31:43 [Real-Time Protection] Malware found
    
62.         The pattern of 'TR/Crypt.EPACK.Gen8 (Cloud) [TR/Crypt.EPACK.Gen8]'
    
63.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(15).exe'.
    
64.         Action performed: Delete file
    
65.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
66. 
    
67. 2018/6/18, 22:31:27 [Real-Time Protection] Malware found
    
68.         The pattern of 'TR/Dropper.Gen [trojan]'
    
69.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(14).exe'.
    
70.         Action performed: Delete file
    
71.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
72. 
    
73. 2018/6/18, 22:31:21 [Real-Time Protection] Malware found
    
74.         The pattern of 'TR/Dropper.MSIL.Gen [trojan]'
    
75.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(13).exe'.
    
76.         Action performed: Delete file
    
77.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
78. 
    
79. 2018/6/18, 22:31:17 [Real-Time Protection] Malware found
    
80.         The pattern of 'TR/Crypt.XPACK.Gen [trojan]'
    
81.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(12).exe'.
    
82.         Action performed: Delete file
    
83.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
84. 
    
85. 2018/6/18, 22:31:12 [Real-Time Protection] Malware found
    
86.         The pattern of 'HEUR/APC (Cloud) [HEUR/APC]'
    
87.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(11).exe'.
    
88.         Action performed: Delete file
    
89.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
90. 
    
91. 2018/6/18, 22:30:56 [Real-Time Protection] Malware found
    
92.         The pattern of 'TR/Dropper.Gen [trojan]'
    
93.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(9).exe'.
    
94.         Action performed: Delete file
    
95.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
    
96. 
    
97. 2018/6/18, 22:30:49 [Real-Time Protection] Malware found
    
98.         The pattern of 'TR/Dropper.VB.b70691 (Cloud) [TR/Dropper.VB.b70691]'
    
99.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(8).exe'.
    
100.         Action performed: Delete file
     
101.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
102. 
     
103. 2018/6/18, 22:30:30 [Real-Time Protection] Malware found
     
104.         The pattern of 'TR/Crypt.EPACK.Gen8 (Cloud) [TR/Crypt.EPACK.Gen8]'
     
105.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(7).exe'.
     
106.         Action performed: Delete file
     
107.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
108. 
     
109. 2018/6/18, 22:30:13 [Real-Time Protection] Malware found
     
110.         The pattern of 'DR/Delphi.Gen (Cloud) [DR/Delphi.Gen]'
     
111.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(6).exe'.
     
112.         Action performed: Delete file
     
113.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
114. 
     
115. 2018/6/18, 22:29:56 [Real-Time Protection] Malware found
     
116.         The pattern of 'HEUR/AGEN.1006332 [heuristic]'
     
117.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(5).exe'.
     
118.         Action performed: Delete file
     
119.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
120. 
     
121. 2018/6/18, 22:29:50 [Real-Time Protection] Malware found
     
122.         The pattern of 'TR/Crypt.XPACK.113879 (Cloud) [TR/Crypt.XPACK.113879]'
     
123.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(3).exe'.
     
124.         Action performed: Delete file
     
125.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
126. 
     
127. 2018/6/18, 22:29:28 [Real-Time Protection] Malware found
     
128.         The pattern of 'HEUR/AGEN.1022244 [heuristic]'
     
129.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(1).exe'.
     
130.         Action performed: Delete file
     
131.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
132. 
     
133. 2018/6/18, 22:29:18 [Real-Time Protection] Malware found
     
134.         The pattern of 'TR/Hijacker.A.31 [trojan]'
     
135.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(4).exe'.
     
136.         Action performed: Delete file
     
137.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
138. 
     
139. 2018/6/18, 22:29:17 [Real-Time Protection] Malware found
     
140.         The pattern of 'TR/Hijacker.A.31 [trojan]'
     
141.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(4).exe'.
     
142.         Action performed: Delete file
     
143.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
144. 
     
145. 2018/6/18, 22:29:17 [Real-Time Protection] Malware found
     
146.         The pattern of 'TR/Crypt.Agent.xmyxf [trojan]'
     
147.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(25).exe'.
     
148.         Action performed: Delete file
     
149.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
150. 
     
151. 2018/6/18, 22:29:17 [Real-Time Protection] Malware found
     
152.         The pattern of 'TR/Crypt.Agent.xmyxf [trojan]'
     
153.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(25).exe'.
     
154.         Action performed: Delete file
     
155.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
156. 
     
157. 2018/6/18, 22:29:16 [Real-Time Protection] Malware found
     
158.         The pattern of 'TR/AD.Nanocore.lpmcs [trojan]'
     
159.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(2).exe'.
     
160.         Action performed: Delete file
     
161.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
162. 
     
163. 2018/6/18, 22:29:16 [Real-Time Protection] Malware found
     
164.         The pattern of 'TR/AD.Nanocore.lpmcs [trojan]'
     
165.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(2).exe'.
     
166.         Action performed: Delete file
     
167.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
168. 
     
169. 2018/6/18, 22:29:16 [Real-Time Protection] Malware found
     
170.         The pattern of 'TR/Agent.bzigz [trojan]'
     
171.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(10).exe'.
     
172.         Action performed: Delete file
     
173.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
174. 
     
175. 2018/6/18, 22:29:15 [Real-Time Protection] Malware found
     
176.         The pattern of 'TR/Agent.bzigz [trojan]'
     
177.         detected in file 'C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0618\(10).exe'.
     
178.         Action performed: Delete file
     
179.         User SID: S-1-5-21-3774652721-2607747548-2788097174-1001
     
180. 
     

复制代码

星猫

WD 2018/06/18 22:42
23/26

aice7837

kis18
扫描之后剩7、11、12、15、16、17、19、23
双击杀12、16、17、23
15重启后本体还在

momng

191196846 发表于 2018-6-18 22:33
22:34

26/26  100%

楼主，附件的是什么类型的毒？基本没出现什么异常，都是防火墙在拦截，什么样的现象才是被过了。

www-tekeze

火绒  06/18  23:00
Samples(7/26)   27%  

cnDaming

这毒猛的一批啊。。。。
Avira Pro右键扫直接当场去世，自动防护全关，难道是小红伞的bug？

Jerry.Lin

momng 发表于 2018-6-18 22:54
楼主，附件的是什么类型的毒？基本没出现什么异常，都是防火墙在拦截，什么样的现象才是被过了。
...

一般都是Inject，downloader, backdoor 之类 隐蔽性极高的Mal


挺常见的，要不然现在病毒还跟你明摆跟你说“中毒”了？都是玩暗的，没有ARK工具很难看出异常

Jerry.Lin

cnDaming 发表于 2018-6-18 23:06
这毒猛的一批啊。。。。
Avira Pro右键扫直接当场去世，自动防护全关，难道是小红伞的bug？

一般不会吧

我都是双击的

云不稳定？
=================
如果是中文版的话，挺正常的

建议用Eng

aice7837

eis双击剩余4个样本之后，杀了18衍生物