#PACKAGE 0704

dreams521

歌德塔大蜘蛛 发表于 2018-7-4 19:25
Kaspersky 19:20 9/20

卡巴样本双击：
04.07.2018 19.28.43;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(10).exe;Windows Explorer;C:\Users\Administrator\Desktop\123\0704(10).exe;07/04/2018 19:28:43;Backdoor.Win32.Androm.qbyc

04.07.2018 19.28.44;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(19).exe;Windows Explorer;C:\Users\Administrator\Desktop\123\0704(19).exe;07/04/2018 19:28:44;HEUR:Trojan.Win32.Agent.gen


04.07.2018 19.28.44;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(7).exe;Windows Explorer;C:\Users\Administrator\Desktop\123\0704(7).exe;07/04/2018 19:28:44;Trojan-Spy.Win32.Noon.nyo


04.07.2018 19.28.44;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(13).exe;360压缩;C:\Users\Administrator\Desktop\123\0704(13).exe;07/04/2018 19:28:44;HEUR:Backdoor.Win32.Agent.gen


04.07.2018 19.28.44;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(15).exe;360压缩;C:\Users\Administrator\Desktop\123\0704(15).exe;07/04/2018 19:28:44;Trojan-PSW.Win32.Fareit.eeib


04.07.2018 19.28.44;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(16).exe;360压缩;C:\Users\Administrator\Desktop\123\0704(16).exe;07/04/2018 19:28:44;HEUR:Trojan.MSIL.Generic


04.07.2018 19.28.45;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(8).exe;360压缩;C:\Users\Administrator\Desktop\123\0704(8).exe;07/04/2018 19:28:45;HEUR:Trojan.Win32.Generic


04.07.2018 19.28.46;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(5).exe;Windows Explorer;C:\Users\Administrator\Desktop\123\0704(5).exe;07/04/2018 19:28:46;HEUR:Trojan.Win32.Generic


04.07.2018 19.28.48;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0704(6).exe;Windows Explorer;C:\Users\Administrator\Desktop\123\0704(6).exe;07/04/2018 19:28:48;VHO:Trojan-Dropper.Multi.Generic


剩余样本：
3号：双击运行常驻内存。
4号：双击运行后退出。
11号：双击运行停止工作。
14号：双击运行常驻内存，提示联网阻止后退出。
18号：双击运行常驻内存，提示联网阻止后退出。
20号：双击运行后退出。

嶝鄇

温馨小屋 发表于 2018-7-4 19:35
现在的360TS还带BD引擎吗，这些明显都是BD报法啊

有oem红伞和bd的引擎

pal家族

这联想用的火绒的引擎吧？

YU2711

  
SEP  SCAN  20/20

救命稻草

                瑞星反恶软引擎命令行扫描器（社区交流版）                 
                                                                     

编译于：Sep 22 2017   15:07:50

提示：
  - 本工具供社区交流使用，请勿用于其他用途
  - 本工具没有恶意软件删除、清除、隔离功能
  - 本工具包含开发中的新特性，结果仅供参考

* 命令行中的选项开关：-output-json -log=F:\瑞星新引擎x64 18.2.4\ScanLog_180704200000.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) F:\PACKAGE  0704

* 加载恶软签名库： F:\瑞星新引擎x64 18.2.4/malware.rmd
* 恶软签名库加载成功，发布序号为 4524
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Wed Jul 04 20:00:04 2018

{"filename":"F:\\PACKAGE  0704\\0704(16).exe","infect":{"engine":"tfe","signature":"dGZlOg0HBjnD9lpoLQ","threat":"Spyware.Agent!8.C6"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(12).exe","infect":{"engine":"rdmk","signature":"cmRtazqA95QgJoswk/Y2f/FNN5EZ","threat":"Malware.Heuristic!ET#92%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(14).exe","infect":{"engine":"rdmk","signature":"cmRtazpV4zYMMIW3Zsq0PUlye8SH","threat":"Malware.Heuristic!ET#81%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(11).exe","infect":{"engine":"rdmk","signature":"cmRtazoqwkcYvB0uHWX1txu5z+6e","threat":"Malware.Heuristic!ET#91%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(10).exe","infect":{"engine":"rdmk","signature":"cmRtazohLLBSfIRAxiADvIofBxJa","threat":"Malware.Heuristic!ET#83%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(1).exe","infect":{"engine":"tfe","signature":"dGZlOgP4X7B09UN9Ug","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(15).exe","infect":{"engine":"rdmk","signature":"cmRtazoWRLNVyNBxHK7ZF0XqO0IT","threat":"Malware.Heuristic!ET#83%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(17).exe","infect":{"engine":"rdmk","signature":"cmRtazqmbtyAzm3fNqMZLnemjvKp","threat":"Malware.Heuristic!ET#93%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(2).exe","infect":{"engine":"tfe","signature":"dGZlOgP4X7B09UN9Ug","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(18).exe","infect":{"engine":"rdmk","signature":"cmRtazrcqnaUoQ4sfOzwINAPbeYI","threat":"Malware.Heuristic!ET#88%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(20).exe","infect":{"engine":"rdmk","signature":"cmRtazqb3Zw6H1H3zuE0qUC4IFT3","threat":"Malware.Heuristic!ET#91%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(4).exe","infect":{"engine":"rdmk","signature":"cmRtazq3udiVYMqavgeKRXk6sWVy","threat":"Malware.Heuristic!ET#96%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(5).exe","infect":{"engine":"rdmk","signature":"cmRtazpahzrSmIIdiMg4GwePKLcA","threat":"Malware.Heuristic!ET#95%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(3).exe","infect":{"engine":"rdmk","signature":"cmRtazo3jN8mUp3sSNX8HqxCuv+r","threat":"Malware.Heuristic!ET#96%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(6).exe","infect":{"engine":"rdmk","signature":"cmRtazpTPN+UhM/8cISprQq7Kxn2","threat":"Malware.Heuristic!ET#99%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(9).exe","infect":{"engine":"tfe","signature":"dGZlOgP4X7B09UN9Ug","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(8).exe","infect":{"engine":"rdmk","signature":"cmRtazpU8aP23szGL5AErc9ag8BW","threat":"Malware.Heuristic!ET#98%"},"type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(7).exe","type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(13).exe","type":"scan"}
{"filename":"F:\\PACKAGE  0704\\0704(19).exe","type":"scan"}

扫描结束: Wed Jul 04 20:00:05 2018

总扫描耗时: 0:1:78(m:s:ms)
总扫描对象: 24
总扫描文件: 20
总恶意文件: 17
有效检出率: 85.00%

Jerry.Lin

command360 发表于 2018-7-4 19:19
火绒 19:19

7/20 (35%)

？？？？我的库是最新的

为什么会不一样？

独赢缠身

小akill  2个 360  补杀16

Jerry.Lin

ESET

18/20

1. Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
   
2. 2018/7/4 20:27:12;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(12).exe;a variant of Win32/Kryptik.GILV trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;E2ADFFF3211F5FF345217685EA187286034234E8;2018/7/4 20:26:59
   
3. 2018/7/4 20:27:14;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(17).exe;Win32/Emotet.BK trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;F4FA091B1356B44FC8187C1D5FA44F781C3FADCF;2018/7/4 20:27:00
   
4. 2018/7/4 20:27:15;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(1).exe;a variant of Win32/Kryptik.GIMF trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;ED14EE36ADAD233794C9876B9E699AB0BA11DDCA;2018/7/4 20:26:59
   
5. 2018/7/4 20:27:19;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(15).exe;a variant of Win32/Injector.DZBO trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;38949CFFA84865C41872F5C5A5DCBBB5D2D2E710;2018/7/4 20:26:59
   
6. 2018/7/4 20:27:20;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(10).exe;a variant of Win32/Injector.DZAW trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;BABF5170357B69B55FA4971E27C457C016A944CA;2018/7/4 20:26:59
   
7. 2018/7/4 20:27:22;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(14).exe;a variant of Win32/GenKryptik.CEHP trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;6CD9513B76284E921667471D5FCE5D80A0630C52;2018/7/4 20:26:59
   
8. 2018/7/4 20:27:26;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(11).exe;Win32/TrojanDownloader.Agent.EAT trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;207C898BB645CF1005B7E3F83815BEE8969AA5FB;2018/7/4 20:26:59
   
9. 2018/7/4 20:27:34;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(18).exe;a variant of Win32/GenKryptik.CEHZ trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;13507935DD8C5B6F5BF223889594CE6B4F63296F;2018/7/4 20:27:00
   
10. 2018/7/4 20:27:36;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(16).exe;a variant of MSIL/Spy.Agent.AES trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;44C217068E77AC57F0310221F0576E0E3E7BCE26;2018/7/4 20:27:00
    
11. 2018/7/4 20:27:37;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(2).exe;a variant of Win32/GenKryptik.CEGN trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;834057C270B1CC9B0C3F266DBEDE29A782F0394E;2018/7/4 20:27:00
    
12. 2018/7/4 20:27:41;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(19).exe;a variant of Win32/Injector.DZAY trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;9E525B8C2AAC687246EC80C3CC41DE278B707694;2018/7/4 20:27:00
    
13. 2018/7/4 20:27:42;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(3).exe;a variant of Win32/Kryptik.GIHO trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;97DB319F0D8ABB4F998597BED9DA1C9084DE1A12;2018/7/4 20:27:00
    
14. 2018/7/4 20:27:47;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(20).exe;a variant of Win32/GenKryptik.CEIH trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;F9DCFB74B59BB067C4580126208BB1A4E8D41D5D;2018/7/4 20:27:00
    
15. 2018/7/4 20:27:49;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(4).exe;a variant of Win32/Kryptik.GIMG trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;AF6C0515E7EB2D5513AD6F97B4B4A144039BA9F7;2018/7/4 20:27:00
    
16. 2018/7/4 20:27:53;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(5).exe;a variant of MSIL/Kryptik.OTF trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;41133535E73994ACF064FA311FE7F287143CE808;2018/7/4 20:27:00
    
17. 2018/7/4 20:27:54;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(7).exe;a variant of Win32/Injector.DZAW trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;9FFBB0A965ED1693E476AC07EAAB9FAFD0D1EA69;2018/7/4 20:27:00
    
18. 2018/7/4 20:27:54;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(8).exe;Win32/Spy.Ursnif.BR trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;A87D8C0841B4D978F1B99A58D3383D0CB0B2C1C5;2018/7/4 20:27:00
    
19. 2018/7/4 20:27:59;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE  0704\0704(9).exe;a variant of Win32/Kryptik.GIMF trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\winrar.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;4EC00D07845AE6C2C2FB0751B686E426D0E7E817;2018/7/4 20:27:00
    

复制代码

weber001

智量终端安全 20:35
Samples(19/20) 95%

样本剩下0704(20)

Jerry.Lin

dreams521 发表于 2018-7-4 19:54
卡巴样本双击：
04.07.2018 19.28.43;检测到的对象 ( 文件 ) 已删除;C:%users\Administrator\Desktop\12 ...

你双击怎么是特征报法？