收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0629
123456下一页
返回列表 发新帖
查看: 6103|回复: 53
收起左侧

[病毒样本] #PACKAGE 0629

  [复制链接]
Jerry.Lin
发表于 2018-6-29 22:10:20 | 显示全部楼层 |阅读模式
本帖最后由 191196846 于 2018-6-29 22:13 编辑

蓝奏




Total : 27

========================================
These products were tested before package released:

Products                                                             Pre-execute    Advanced block     Miss         Status

腾讯电脑管家 TecentPCMgr(Chinese)  13                      0                          0                   27            Infected
AVAST! Interent Security                                              20                         3                    4             Infected


Note: Pre-execute includes On-Access scan or exeute scan before malware is running on memory.
          Advanced block includes behavior block or other techiques that successufully terminate running malware.
          Miss includes situations: no any Alert or warning from AV software.
          Status means if there are any malicious items, including processes, images, drivers, autoruns, regs etc., on the current system, the system is infected; otherwise it is clean.

========================================


#勿传VT
#在样本有效期内(24小时),建议无需手动上报样本至厂商,便于其他人测试行为拦截,响应速度等
#样本序号以收集时间顺序排序,越大代表越接近现在时间


回帖格式建议

杀软名称 + 时间
查杀数量+查杀率


例如:
XXX 20:39
Samples(5/10) 50%

评分

参与人数 2人气 +2 收起 理由
B100D1E55 + 1
petr0vic + 1 版区有你更精彩: )

查看全部评分

回复

举报

星猫
发表于 2018-6-29 22:17:46 | 显示全部楼层
本帖最后由 星猫 于 2018-6-29 22:29 编辑

WD KILL 24/27
MISS 4 5 24
WD现在越来越强了
回复

举报

真小读者
发表于 2018-6-29 22:19:13 | 显示全部楼层
本帖最后由 真小读者 于 2018-6-29 22:25 编辑

ESET  22:18
Samples(25/27)  93%
剩余20.exe、24.exe

  1. 日志
  2. 正在扫描日志
  3. 检测引擎的版本: 17633 (20180629)
  4. 日期: 2018/6/29  时间: 22:17:45
  5. 已扫描的磁盘、文件夹和文件: E:\PACKAGE 0629
  6. E:\PACKAGE 0629\0629(1).exe - Win32/Kryptik.ELJJ 特洛伊木马 的变种 - 通过删除清除 [1]
  7. E:\PACKAGE 0629\0629(10).exe - Win32/Kryptik.GIII 特洛伊木马 的变种 - 通过删除清除 [1]
  8. E:\PACKAGE 0629\0629(11).exe - Win32/Kryptik.GIHA 特洛伊木马 的变种 - 通过删除清除 [1]
  9. E:\PACKAGE 0629\0629(12).exe - Win32/Injector.DYYO 特洛伊木马 的变种 - 通过删除清除 [1]
  10. E:\PACKAGE 0629\0629(13).exe - Win32/Kryptik.GIHY 特洛伊木马 的变种 - 通过删除清除 [1]
  11. E:\PACKAGE 0629\0629(14).exe - Win32/Injector.DYYQ 特洛伊木马 的变种 - 通过删除清除 [1]
  12. E:\PACKAGE 0629\0629(15).exe - Win32/Emotet.BK 特洛伊木马 - 通过删除清除 [1]
  13. E:\PACKAGE 0629\0629(16).exe - Win32/Injector.DYYI 特洛伊木马 的变种 - 通过删除清除 [1]
  14. E:\PACKAGE 0629\0629(17).exe - Win32/TrickBot.AQ 特洛伊木马 的变种 - 通过删除清除 [1]
  15. E:\PACKAGE 0629\0629(18).exe - Win32/Kryptik.GIHY 特洛伊木马 的变种 - 通过删除清除 [1]
  16. E:\PACKAGE 0629\0629(19).exe - MSIL/Kryptik.ONB 特洛伊木马 的变种 - 通过删除清除 [1]
  17. E:\PACKAGE 0629\0629(2).exe - Win32/Kryptik.GIII 特洛伊木马 的变种 - 通过删除清除 [1]
  18. E:\PACKAGE 0629\0629(21).exe > AUTOIT > script.au3 - Win32/Obfuscated.Autoit.A 特洛伊木马 - 通过删除清除 [1]
  19. E:\PACKAGE 0629\0629(21).exe > AUTOIT > script.bin - Win32/Injector.Autoit.SQ 特洛伊木马 的变种 - 通过删除清除 [1]
  20. E:\PACKAGE 0629\0629(22).exe - Win32/Kryptik.GIHY 特洛伊木马 的变种 - 通过删除清除 [1]
  21. E:\PACKAGE 0629\0629(23).exe - Suspicious Object - 通过删除清除 [1]
  22. E:\PACKAGE 0629\0629(25).exe - Win32/Kryptik.GIHY 特洛伊木马 的变种 - 通过删除清除 [1]
  23. E:\PACKAGE 0629\0629(26).exe - Win32/Kryptik.GIHY 特洛伊木马 的变种 - 通过删除清除 [1]
  24. E:\PACKAGE 0629\0629(27).exe - MSIL/TrojanDownloader.Agent.ERJ 特洛伊木马 的变种 - 通过删除清除 [1]
  25. E:\PACKAGE 0629\0629(3).exe - Win32/Kryptik.GIII 特洛伊木马 的变种 - 通过删除清除 [1]
  26. E:\PACKAGE 0629\0629(4).exe - Win32/TrojanDownloader.Zurgop.DA 特洛伊木马 - 通过删除清除 [1]
  27. E:\PACKAGE 0629\0629(5).exe - Win32/GenKryptik.CDVH 特洛伊木马 的变种 - 通过删除清除 [1]
  28. E:\PACKAGE 0629\0629(6).exe - Win32/Injector.DYYO 特洛伊木马 的变种 - 通过删除清除 [1]
  29. E:\PACKAGE 0629\0629(7).exe - Win32/Injector.DYXV 特洛伊木马 的变种 - 通过删除清除 [1]
  30. E:\PACKAGE 0629\0629(8).exe - Win32/Kryptik.GIII 特洛伊木马 的变种 - 通过删除清除 [1]
  31. E:\PACKAGE 0629\0629(9).exe > NSIS > Script.nsi - NSIS/TrojanDropper.Agent.CT 特洛伊木马 - 通过删除清除 [1]
  32. 已扫描的对象数: 41
  33. 发现的威胁数: 26
  34. 已清除对象数: 26
  35. 完成时间: 22:18:14  总扫描时间: 29 秒 (00:00:29)

  37. 备注:
  38. [1] 由于对象中仅包含病毒主体,因此已被删除。
复制代码




回复

举报

dreams521
发表于 2018-6-29 22:20:55 | 显示全部楼层
本帖最后由 dreams521 于 2018-6-29 22:27 编辑

卡巴关闭监控   7/27



剩余


  TO KL

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

petr0vic
发表于 2018-6-29 22:22:03 | 显示全部楼层
本帖最后由 petr0vic 于 2018-6-29 22:29 编辑

瑞星ML社区版
16/27


  1. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(10).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  2. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(15).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  3. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(1).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(100%)"},"show":"MTU","type":"scan"}
  4. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(18).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  5. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(14).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(95%)"},"show":"MTU","type":"scan"}
  6. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(2).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  7. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(13).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  8. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(20).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  9. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(17).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(89%)"},"show":"MTU","type":"scan"}
  10. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(11).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  11. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(22).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  12. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(25).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  13. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(26).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  14. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(8).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  15. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(3).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
  16. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(7).exe","infect":{"engine":"rdm-lite","threat":"Malware.Heuristic.MLite(99%)"},"show":"MTU","type":"scan"}
复制代码


瑞星RDM+社区版
26/27


  1. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(10).exe","infect":{"engine":"tfe","signature":"dGZlOgOK0k3qXAzFgw","threat":"Trojan.Emotet!8.B95"},"type":"scan"}
  2. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(15).exe","infect":{"engine":"rdmk","signature":"cmRtazrFyr15Tdoxf/rpuwXiP1ts","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  3. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(11).exe","infect":{"engine":"tfe","signature":"dGZlOgOK0k3qXAzFgw","threat":"Trojan.Emotet!8.B95"},"type":"scan"}
  4. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(12).exe","infect":{"engine":"rdmk","signature":"cmRtazpyntUyXwfT9e3q6Bse6XZY","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  5. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(13).exe","infect":{"engine":"rdmk","signature":"cmRtazpVR8WLp9kF3pUMzO/19OXX","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  6. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(16).exe","infect":{"engine":"rdmk","signature":"cmRtazqMr8FmhqxGq+64IWmhjsm9","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  7. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(17).exe","infect":{"engine":"rdmk","signature":"cmRtazpG36cAFEubWpU09lrcu7+o","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  8. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(18).exe","infect":{"engine":"rdmk","signature":"cmRtazp8xJ0CajPro71y19MOH8LS","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  9. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(19).exe","infect":{"engine":"rdmk","signature":"cmRtazqmeq/p1APH86pXad4BNfOO","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  10. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(2).exe","infect":{"engine":"tfe","signature":"dGZlOgOK0k3qXAzFgw","threat":"Trojan.Emotet!8.B95"},"type":"scan"}
  11. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(22).exe","infect":{"engine":"rdmk","signature":"cmRtazrZ5dJU9mVyL47V1TC9pVy/","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  12. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(1).exe","infect":{"engine":"rdmk","signature":"cmRtazpgH1bMyV662ulz4/WYvI+d","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  13. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(14).exe","infect":{"engine":"rdmk","signature":"cmRtazq6hDBVHJV1mTzOhPNQ03vB","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  14. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(25).exe","infect":{"engine":"rdmk","signature":"cmRtazrggCMVPW8LP331bfBDeB3+","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  15. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(24).exe","infect":{"engine":"rdmk","signature":"cmRtazpg5BLPGRWfWYr00hXHu5xH","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  16. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(26).exe","infect":{"engine":"rdmk","signature":"cmRtazq7rUHA5iygBiW+Zqxqujm7","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  17. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(3).exe","infect":{"engine":"tfe","signature":"dGZlOgOK0k3qXAzFgw","threat":"Trojan.Emotet!8.B95"},"type":"scan"}
  18. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(27).exe","infect":{"engine":"tfe","signature":"dGZlOgy2+hbdburRxg","threat":"Downloader.Agent!8.B23"},"type":"scan"}
  19. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(23).exe","infect":{"engine":"rdmk","signature":"cmRtazoV6LakIYNC/1FSVRfrPXJ6","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  20. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(5).exe","infect":{"engine":"rdmk","signature":"cmRtazpHjcYLHhn0mIZcu0tUOlQd","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  21. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(21).exe","infect":{"engine":"rdmk","signature":"cmRtazpsDWxcyRCCPJmaRE7Bmht/","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  22. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(20).exe","infect":{"engine":"rdmk","signature":"cmRtazqPMEdozt/SEHqFOBruD4Ei","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  23. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(8).exe","infect":{"engine":"tfe","signature":"dGZlOgOK0k3qXAzFgw","threat":"Trojan.Emotet!8.B95"},"type":"scan"}
  24. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(9).exe","infect":{"engine":"rdmk","signature":"cmRtazoUrh7hfIv6io/FR6BCLVC+","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  25. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(6).exe","infect":{"engine":"rdmk","signature":"cmRtazoiVyF80GMfLRnEOvlsnr0i","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
  26. {"filename":"C:\\Users\\User\\Desktop\\PACKAGE 0629\\0629(7).exe","infect":{"engine":"rdmk","signature":"cmRtazpoyVk5KyL2TsLrfH6ZoYuU","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Jerry.Lin
 楼主| 发表于 2018-6-29 22:23:12 | 显示全部楼层
真小读者 发表于 2018-6-29 22:19
ESET  22:18
Samples(26/27)  96%
剩余20.exe、24.exe

剩余两个怎么会26/27 ?
回复

举报

Jerry.Lin
 楼主| 发表于 2018-6-29 22:26:06 | 显示全部楼层
dreams521 发表于 2018-6-29 22:20
卡巴  7/27

暂时别上报哦~

会有人双击的
回复

举报

真小读者
发表于 2018-6-29 22:26:09 | 显示全部楼层
本帖最后由 真小读者 于 2018-6-29 22:27 编辑
191196846 发表于 2018-6-29 22:23
剩余两个怎么会26/27 ?

一开始回帖是直接按ESET提示的威胁数写的,一看剩余就发现不对,已经改了。
奇怪的是ESET的自己写的26从何而来
回复

举报

Jerry.Lin
 楼主| 发表于 2018-6-29 22:26:49 | 显示全部楼层
真小读者 发表于 2018-6-29 22:26
一开始回帖是直接按ESET提示的威胁数写的,一看剩余就发现不对,已经改了。
奇怪的是ESET的自己写的26从 ...
E:\PACKAGE 0629\0629(21).exe > AUTOIT > script.au3 - Win32/Obfuscated.Autoit.A 特洛伊木马 - 通过删除清除 [1]
E:\PACKAGE 0629\0629(21).exe > AUTOIT > script.bin - Win32/Injector.Autoit.SQ 特洛伊木马 的变种 - 通过删除清除 [1]
回复

举报

dreams521
发表于 2018-6-29 22:26:56 | 显示全部楼层
191196846 发表于 2018-6-29 22:26
暂时别上报哦~

会有人双击的

好哒
回复

举报

下一页 »
123456下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-1 02:48 , Processed in 0.125571 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表