样本集奉上_12

显示全部楼层 · 发表于 2018-7-5 23:37:07

B100D1E55 发表于 2018-7-5 23:34
不敢当，有一些文章回头读一读耻度挺大

客气客气，虽然95%看不懂写的是什么，偶只能看看某些文字特征揣摩大神的深意了。

显示全部楼层 · 发表于 2018-7-5 23:45:39

ynghaos 发表于 2018-7-5 22:44
改了的，扫描剩7个看来43个都是启发杀一会再看看双击

刚注意，改过后还能杀43个，那真是碉堡了。。

显示全部楼层 · 发表于 2018-7-6 00:45:30

NS毒库不是很大，但启发还不错

显示全部楼层 · 发表于 2018-7-6 03:53:59

本帖最后由終極小壞蛋于 2018-7-6 03:55 编辑

大数字的结果令人哭笑不得

未修改md5的样本：（36/50） 72% 没有上报任何文件，最终剩余14个文件
修改md5后的样本：（18/50） 36% 上报了一大堆文件，等待鉴定完毕后二扫，补杀21个，最终剩余11个文件
我……无fu ck说

显示全部楼层 · 发表于 2018-7-6 04:33:42

本帖最后由 fzshot 于 2018-7-5 14:39 编辑

Avira 39/50 78%

Start of the scan: 2018-07-05 16:32:10
07/05/2018,16-32-12 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (1).vir'
07/05/2018,16-32-12 [INFO] Successful Cloud SDK initialization and license check.
07/05/2018,16-32-12 [INFO] The file 'c:\users\**\desktop\infected\Samp (1).vir' was scanned with the Protection Cloud. SHA256 = 4811188377E2371BDED5405D2607F1A3AA7D5ADD2D091F11E9D70EF6603ED791
07/05/2018,16-32-12 [INFO] c:\users\**\desktop\infected\Samp (1).vir
07/05/2018,16-32-12 [INFO] [DETECTION] file contains 'PUA/InstallCore'
07/05/2018,16-32-13 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (11).vir'
07/05/2018,16-32-13 [INFO] c:\users\**\desktop\infected\Samp (11).vir
07/05/2018,16-32-13 [INFO] [DETECTION] file contains 'Adware/FileTour.frnmb'
07/05/2018,16-32-13 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (12).vir'
07/05/2018,16-32-13 [INFO] c:\users\**\desktop\infected\Samp (12).vir
07/05/2018,16-32-13 [INFO] [DETECTION] file contains 'PUA/ICLoader.Gen7'
07/05/2018,16-32-13 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (13).vir'
07/05/2018,16-32-13 [INFO] c:\users\**\desktop\infected\Samp (13).vir
07/05/2018,16-32-13 [INFO] [DETECTION] file contains 'TR/Pterodo.xurnc'
07/05/2018,16-32-13 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (14).vir'
07/05/2018,16-32-13 [INFO] c:\users\**\desktop\infected\Samp (14).vir
07/05/2018,16-32-13 [INFO] [DETECTION] file contains 'TR/Agent.ajyhr'
07/05/2018,16-32-14 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (15).vir'
07/05/2018,16-32-14 [INFO] c:\users\**\desktop\infected\Samp (15).vir
07/05/2018,16-32-14 [INFO] [DETECTION] file contains 'TR/PSW.Delf.flx'
07/05/2018,16-32-14 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (16).vir'
07/05/2018,16-32-14 [INFO] c:\users\**\desktop\infected\Samp (16).vir
07/05/2018,16-32-14 [INFO] [DETECTION] file contains 'TR/Agent.mcfdj'
07/05/2018,16-32-14 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (17).vir'
07/05/2018,16-32-14 [INFO] c:\users\**\desktop\infected\Samp (17).vir
07/05/2018,16-32-14 [INFO] [DETECTION] file contains 'TR/Drop.Agent.2386432'
07/05/2018,16-32-15 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (18).vir'
07/05/2018,16-32-15 [INFO] c:\users\**\desktop\infected\Samp (18).vir
07/05/2018,16-32-15 [INFO] [DETECTION] file contains 'TR/Tiggre.kkgrf'
07/05/2018,16-32-15 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (2).vir'
07/05/2018,16-32-15 [INFO] c:\users\**\desktop\infected\Samp (2).vir
07/05/2018,16-32-15 [INFO] [DETECTION] file contains 'PUA/ICLoader.Gen7'
07/05/2018,16-32-16 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (20).vir'
07/05/2018,16-32-16 [INFO] c:\users\**\desktop\infected\Samp (20).vir
07/05/2018,16-32-16 [INFO] [DETECTION] file contains 'HEUR/AGEN.1014063'
07/05/2018,16-32-16 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (21).vir'
07/05/2018,16-32-16 [INFO] c:\users\**\desktop\infected\Samp (21).vir
07/05/2018,16-32-16 [INFO] [DETECTION] file contains 'TR/Proxy.Agent.dxr'
07/05/2018,16-32-16 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (22).vir'
07/05/2018,16-32-16 [INFO] c:\users\**\desktop\infected\Samp (22).vir
07/05/2018,16-32-16 [INFO] [DETECTION] file contains 'TR/Talmad.uwthn'
07/05/2018,16-32-16 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (23).vir'
07/05/2018,16-32-16 [INFO] c:\users\**\desktop\infected\Samp (23).vir
07/05/2018,16-32-16 [INFO] [DETECTION] file contains 'BDS/VB.ctq'
07/05/2018,16-32-16 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (24).vir'
07/05/2018,16-32-16 [INFO] c:\users\**\desktop\infected\Samp (24).vir
07/05/2018,16-32-16 [INFO] [DETECTION] file contains 'TR/Spy.1618432.4'
07/05/2018,16-32-16 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (26).vir'
07/05/2018,16-32-16 [INFO] c:\users\**\desktop\infected\Samp (26).vir
07/05/2018,16-32-16 [INFO] [DETECTION] file contains 'TR/Agent.rcele'
07/05/2018,16-32-17 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (27).vir'
07/05/2018,16-32-17 [INFO] The file 'c:\users\**\desktop\infected\Samp (27).vir' was scanned with the Protection Cloud. SHA256 = 7F3A4F62BA8C984AAF84A04865F118A062A0997DC595FF72DC9A7C1A74FDE01C
07/05/2018,16-32-17 [INFO] c:\users\**\desktop\infected\Samp (27).vir
07/05/2018,16-32-17 [INFO] [DETECTION] file contains 'PUA/IStartSurf'
07/05/2018,16-32-17 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (28).vir'
07/05/2018,16-32-17 [INFO] c:\users\**\desktop\infected\Samp (28).vir
07/05/2018,16-32-17 [INFO] [DETECTION] file contains 'TR/AD.Inject.cvqqj'
07/05/2018,16-32-17 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (29).vir'
07/05/2018,16-32-17 [INFO] c:\users\**\desktop\infected\Samp (29).vir
07/05/2018,16-32-17 [INFO] [DETECTION] file contains 'TR/Crypt.rbwxf'
07/05/2018,16-32-17 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (3).vir'
07/05/2018,16-32-17 [INFO] c:\users\**\desktop\infected\Samp (3).vir
07/05/2018,16-32-17 [INFO] [DETECTION] file contains 'Adware/Adposhel.qzqvi'
07/05/2018,16-32-17 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (30).vir'
07/05/2018,16-32-17 [INFO] c:\users\**\desktop\infected\Samp (30).vir
07/05/2018,16-32-17 [INFO] [DETECTION] file contains 'TR/AD.KoInject.npjgw'
07/05/2018,16-32-17 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (31).vir'
07/05/2018,16-32-17 [INFO] c:\users\**\desktop\infected\Samp (31).vir
07/05/2018,16-32-17 [INFO] [DETECTION] file contains 'TR/Drop.Agent.xveqh'
07/05/2018,16-32-18 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (33).vir'
07/05/2018,16-32-18 [INFO] c:\users\**\desktop\infected\Samp (33).vir
07/05/2018,16-32-18 [INFO] [DETECTION] file contains 'TR/Crypt.ZPACK.Gen7'
07/05/2018,16-32-40 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (34).vir'
07/05/2018,16-32-40 [INFO] The file 'c:\users\**\desktop\infected\Samp (34).vir' was scanned with the Protection Cloud. SHA256 = 805038786E3600AA91A13F47500A818FA727A10A8AF5E049F1F2C285A00B5BCD
07/05/2018,16-32-40 [INFO] c:\users\**\desktop\infected\Samp (34).vir
07/05/2018,16-32-40 [INFO] [DETECTION] file contains 'W32/Infector.Gen4'
07/05/2018,16-32-40 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (35).vir'
07/05/2018,16-32-40 [INFO] c:\users\**\desktop\infected\Samp (35).vir
07/05/2018,16-32-40 [INFO] [DETECTION] file contains 'TR/Crypt.ZPACK.Gen8'
07/05/2018,16-32-41 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (38).vir'
07/05/2018,16-32-41 [INFO] The file 'c:\users\**\desktop\infected\Samp (38).vir' was scanned with the Protection Cloud. SHA256 = BF85813DAB76C06486426F1F6983E992B500FD13E05A7BE69FD701FDEB412D41
07/05/2018,16-32-41 [INFO] c:\users\**\desktop\infected\Samp (38).vir
07/05/2018,16-32-41 [INFO] [DETECTION] file contains 'SPR/BruteForce.bf8581'
07/05/2018,16-32-41 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (40).vir'
07/05/2018,16-32-41 [INFO] c:\users\**\desktop\infected\Samp (40).vir
07/05/2018,16-32-41 [INFO] [DETECTION] file contains 'TR/Dropper.Gen'
07/05/2018,16-32-41 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (41).vir'
07/05/2018,16-32-41 [INFO] c:\users\**\desktop\infected\Samp (41).vir
07/05/2018,16-32-41 [INFO] [DETECTION] file contains 'TR/Agent.fnpdr'
07/05/2018,16-32-41 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (42).vir'
07/05/2018,16-32-41 [INFO] c:\users\**\desktop\infected\Samp (42).vir
07/05/2018,16-32-41 [INFO] [DETECTION] file contains 'Adware/DealPly.649216'
07/05/2018,16-32-41 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (43).vir'
07/05/2018,16-32-41 [INFO] c:\users\**\desktop\infected\Samp (43).vir
07/05/2018,16-32-41 [INFO] [DETECTION] file contains 'TR/Agent.crxnv'
07/05/2018,16-32-42 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (44).vir'
07/05/2018,16-32-42 [INFO] The file 'c:\users\**\desktop\infected\Samp (44).vir' was scanned with the Protection Cloud. SHA256 = 8A77D5183257EFE270E01DA6034970F0761525676AF87EA55BBF59355A4FCE50
07/05/2018,16-32-42 [INFO] c:\users\**\desktop\infected\Samp (44).vir
07/05/2018,16-32-42 [INFO] [DETECTION] file contains 'APPL/Wews87.8a77d5'
07/05/2018,16-32-42 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (46).vir'
07/05/2018,16-32-42 [INFO] c:\users\**\desktop\infected\Samp (46).vir
07/05/2018,16-32-42 [INFO] [DETECTION] file contains 'Linux/BitCoinMiner.gysxi'
07/05/2018,16-32-42 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (47).vir'
07/05/2018,16-32-42 [INFO] c:\users\**\desktop\infected\Samp (47).vir
07/05/2018,16-32-42 [INFO] [DETECTION] file contains 'TR/Dldr.DanaBot.fyzoq'
07/05/2018,16-32-42 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (48).vir'
07/05/2018,16-32-42 [INFO] c:\users\**\desktop\infected\Samp (48).vir
07/05/2018,16-32-42 [INFO] [DETECTION] file contains 'TR/Cozer.dnrhz'
07/05/2018,16-32-43 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (49).vir'
07/05/2018,16-32-43 [INFO] c:\users\**\desktop\infected\Samp (49).vir
07/05/2018,16-32-43 [INFO] [DETECTION] file contains 'Adware/Dotdo.dvxlu'
07/05/2018,16-32-43 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (6).vir'
07/05/2018,16-32-43 [INFO] c:\users\**\desktop\infected\Samp (6).vir
07/05/2018,16-32-43 [INFO] [DETECTION] file contains 'TR/Dropper.MSIL.lyeme'
07/05/2018,16-32-43 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (7).vir'
07/05/2018,16-32-43 [INFO] c:\users\**\desktop\infected\Samp (7).vir
07/05/2018,16-32-43 [INFO] [DETECTION] file contains 'TR/Dropper.MSIL.zjqni'
07/05/2018,16-32-43 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (8).vir'
07/05/2018,16-32-43 [INFO] c:\users\**\desktop\infected\Samp (8).vir
07/05/2018,16-32-43 [INFO] [DETECTION] file contains 'Adware/ELEX.qpnsv'
07/05/2018,16-32-43 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (9).vir'
07/05/2018,16-32-43 [INFO] c:\users\**\desktop\infected\Samp (9).vir
07/05/2018,16-32-43 [INFO] [DETECTION] file contains 'TR/Dldr.AutoIt.zmiof'

复制代码

使用楼上修改过MD5的样本 38/50 76%

Start of the scan: 2018-07-05 16:36:00
07/05/2018,16-36-13 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(1).vir'
07/05/2018,16-36-13 [INFO] The file 'c:\users\**\desktop\infected\Samp_(1).vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 1852EBFD23CBA03A8B21935A11C31D87CFB5ACB5520BA738A5D03C776730F213
07/05/2018,16-36-13 [INFO] c:\users\**\desktop\infected\Samp_(1).vir
07/05/2018,16-36-13 [INFO] [DETECTION] file contains 'PUA/InstallCore.Gen2'
07/05/2018,16-36-26 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(10).vir'
07/05/2018,16-36-26 [INFO] The file 'c:\users\**\desktop\infected\Samp_(10).vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 0F575B18886DFE48F1AEDE15D844A4B17A8A4F55FE626602B250FF9AE216AA75
07/05/2018,16-36-26 [INFO] c:\users\**\desktop\infected\Samp_(10).vir
07/05/2018,16-36-26 [INFO] [DETECTION] file contains 'SPR/Snipr.0f575b'
07/05/2018,16-36-26 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(11).vir'
07/05/2018,16-36-26 [INFO] c:\users\**\desktop\infected\Samp_(11).vir
07/05/2018,16-36-26 [INFO] [DETECTION] file contains 'HEUR/AGEN.1001354'
07/05/2018,16-36-26 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(12).vir'
07/05/2018,16-36-26 [INFO] c:\users\**\desktop\infected\Samp_(12).vir
07/05/2018,16-36-26 [INFO] [DETECTION] file contains 'PUA/ICLoader.Gen7'
07/05/2018,16-36-26 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(13).vir'
07/05/2018,16-36-26 [INFO] c:\users\**\desktop\infected\Samp_(13).vir
07/05/2018,16-36-26 [INFO] [DETECTION] file contains 'HEUR/AGEN.1000590'
07/05/2018,16-36-46 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(14).vir'
07/05/2018,16-36-46 [INFO] The file 'c:\users\**\desktop\infected\Samp_(14).vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = E6D9E936DFB35E95A6CB80EA68450680A3E58F94C7D2C7C2A5BE74DD2D8B2CC0
07/05/2018,16-36-46 [INFO] c:\users\**\desktop\infected\Samp_(14).vir
07/05/2018,16-36-46 [INFO] [DETECTION] file contains 'TR/Winsecsrv.e6d9e9'
07/05/2018,16-36-46 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(15).vir'
07/05/2018,16-36-46 [INFO] c:\users\**\desktop\infected\Samp_(15).vir
07/05/2018,16-36-46 [INFO] [DETECTION] file contains 'TR/PSW.Delf.flx'
07/05/2018,16-36-46 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(16).vir'
07/05/2018,16-36-46 [INFO] c:\users\**\desktop\infected\Samp_(16).vir
07/05/2018,16-36-46 [INFO] [DETECTION] file contains 'TR/Agent.mcfdj'
07/05/2018,16-36-47 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(17).vir'
07/05/2018,16-36-47 [INFO] c:\users\**\desktop\infected\Samp_(17).vir
07/05/2018,16-36-47 [INFO] [DETECTION] file contains 'TR/Drop.Agent.2386432'
07/05/2018,16-36-47 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(18).vir'
07/05/2018,16-36-47 [INFO] c:\users\**\desktop\infected\Samp_(18).vir
07/05/2018,16-36-47 [INFO] [DETECTION] file contains 'TR/Tiggre.kkgrf'
07/05/2018,16-36-47 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(2).vir'
07/05/2018,16-36-47 [INFO] c:\users\**\desktop\infected\Samp_(2).vir
07/05/2018,16-36-47 [INFO] [DETECTION] file contains 'PUA/ICLoader.Gen7'
07/05/2018,16-36-48 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(20).vir'
07/05/2018,16-36-48 [INFO] c:\users\**\desktop\infected\Samp_(20).vir
07/05/2018,16-36-48 [INFO] [DETECTION] file contains 'HEUR/AGEN.1014063'
07/05/2018,16-36-48 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(21).vir'
07/05/2018,16-36-48 [INFO] c:\users\**\desktop\infected\Samp_(21).vir
07/05/2018,16-36-48 [INFO] [DETECTION] file contains 'TR/Proxy.Agent.dxr'
07/05/2018,16-36-48 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(23).vir'
07/05/2018,16-36-48 [INFO] c:\users\**\desktop\infected\Samp_(23).vir
07/05/2018,16-36-48 [INFO] [DETECTION] file contains 'BDS/VB.ctq'
07/05/2018,16-36-48 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(24).vir'
07/05/2018,16-36-48 [INFO] c:\users\**\desktop\infected\Samp_(24).vir
07/05/2018,16-36-48 [INFO] [DETECTION] file contains 'TR/Spy.1618432.4'
07/05/2018,16-36-48 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(26).vir'
07/05/2018,16-36-48 [INFO] c:\users\**\desktop\infected\Samp_(26).vir
07/05/2018,16-36-48 [INFO] [DETECTION] file contains 'TR/Agent.rcele'
07/05/2018,16-36-58 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(27).vir'
07/05/2018,16-36-58 [INFO] The file 'c:\users\**\desktop\infected\Samp_(27).vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 1808AC53E8751EB426E6FB4B79E14AE2E2078470F3EE7EB2CF7DC2C56A3AC455
07/05/2018,16-36-58 [INFO] c:\users\**\desktop\infected\Samp_(27).vir
07/05/2018,16-36-58 [INFO] [DETECTION] file contains 'ADWARE/Adware.Gen7'
07/05/2018,16-36-58 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(28).vir'
07/05/2018,16-36-58 [INFO] c:\users\**\desktop\infected\Samp_(28).vir
07/05/2018,16-36-58 [INFO] [DETECTION] file contains 'TR/AD.Inject.cvqqj'
07/05/2018,16-36-58 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(29).vir'
07/05/2018,16-36-58 [INFO] c:\users\**\desktop\infected\Samp_(29).vir
07/05/2018,16-36-58 [INFO] [DETECTION] file contains 'TR/Crypt.rbwxf'
07/05/2018,16-36-59 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(3).vir'
07/05/2018,16-36-59 [INFO] c:\users\**\desktop\infected\Samp_(3).vir
07/05/2018,16-36-59 [INFO] [DETECTION] file contains 'Adware/Adposhel.qzqvi'
07/05/2018,16-36-59 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(30).vir'
07/05/2018,16-36-59 [INFO] c:\users\**\desktop\infected\Samp_(30).vir
07/05/2018,16-36-59 [INFO] [DETECTION] file contains 'TR/AD.KoInject.npjgw'
07/05/2018,16-36-59 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(31).vir'
07/05/2018,16-36-59 [INFO] c:\users\**\desktop\infected\Samp_(31).vir
07/05/2018,16-36-59 [INFO] [DETECTION] file contains 'TR/Drop.Agent.xveqh'
07/05/2018,16-36-59 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(33).vir'
07/05/2018,16-36-59 [INFO] c:\users\**\desktop\infected\Samp_(33).vir
07/05/2018,16-36-59 [INFO] [DETECTION] file contains 'TR/Crypt.ZPACK.Gen7'
07/05/2018,16-37-11 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(34).vir'
07/05/2018,16-37-11 [INFO] The file 'c:\users\**\desktop\infected\Samp_(34).vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 0A91BFE100292F7904189F5E458DA5A720302FF36350EFB5F3F72D3AF4EC28FF
07/05/2018,16-37-11 [INFO] c:\users\**\desktop\infected\Samp_(34).vir
07/05/2018,16-37-11 [INFO] [DETECTION] file contains 'W32/Infector.Gen4'
07/05/2018,16-37-11 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(35).vir'
07/05/2018,16-37-11 [INFO] c:\users\**\desktop\infected\Samp_(35).vir
07/05/2018,16-37-11 [INFO] [DETECTION] file contains 'TR/Crypt.ZPACK.Gen8'
07/05/2018,16-37-23 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(38).vir'
07/05/2018,16-37-23 [INFO] The file 'c:\users\**\desktop\infected\Samp_(38).vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 2FF7F23D1C61491CF4DDE22646DF22507154D86BDAD162E260F00F38CF27109B
07/05/2018,16-37-23 [INFO] c:\users\**\desktop\infected\Samp_(38).vir
07/05/2018,16-37-23 [INFO] [DETECTION] file contains 'SPR/BruteForce.2ff7f2'
07/05/2018,16-37-23 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(40).vir'
07/05/2018,16-37-23 [INFO] c:\users\**\desktop\infected\Samp_(40).vir
07/05/2018,16-37-23 [INFO] [DETECTION] file contains 'TR/Dropper.Gen'
07/05/2018,16-37-23 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(41).vir'
07/05/2018,16-37-23 [INFO] c:\users\**\desktop\infected\Samp_(41).vir
07/05/2018,16-37-23 [INFO] [DETECTION] file contains 'TR/Agent.fnpdr'
07/05/2018,16-37-23 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(42).vir'
07/05/2018,16-37-23 [INFO] c:\users\**\desktop\infected\Samp_(42).vir
07/05/2018,16-37-23 [INFO] [DETECTION] file contains 'Adware/DealPly.649216'
07/05/2018,16-37-24 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(43).vir'
07/05/2018,16-37-24 [INFO] c:\users\**\desktop\infected\Samp_(43).vir
07/05/2018,16-37-24 [INFO] [DETECTION] file contains 'TR/Agent.crxnv'
07/05/2018,16-37-24 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(44).vir'
07/05/2018,16-37-24 [INFO] The file 'c:\users\**\desktop\infected\Samp_(44).vir' was scanned with the Protection Cloud. SHA256 = B66EEE3BFD51282682DD30BEF82F494F05A474EE3B41BB1A991B114440FFB782
07/05/2018,16-37-24 [INFO] c:\users\**\desktop\infected\Samp_(44).vir
07/05/2018,16-37-24 [INFO] [DETECTION] file contains 'APPL/Wews87.b66eee'
07/05/2018,16-37-24 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(47).vir'
07/05/2018,16-37-24 [INFO] c:\users\**\desktop\infected\Samp_(47).vir
07/05/2018,16-37-24 [INFO] [DETECTION] file contains 'TR/Dldr.DanaBot.fyzoq'
07/05/2018,16-37-25 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(48).vir'
07/05/2018,16-37-25 [INFO] c:\users\**\desktop\infected\Samp_(48).vir
07/05/2018,16-37-25 [INFO] [DETECTION] file contains 'TR/Cozer.dnrhz'
07/05/2018,16-37-25 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(49).vir'
07/05/2018,16-37-25 [INFO] c:\users\**\desktop\infected\Samp_(49).vir
07/05/2018,16-37-25 [INFO] [DETECTION] file contains 'Adware/Dotdo.dvxlu'
07/05/2018,16-37-35 [INFO] The file 'c:\users\**\desktop\infected\Samp_(5).vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 3273D24AAC0DFEF2CC7002EFDA251F55DC4E8661C8ED60CE6070EE4F088BCF75
07/05/2018,16-37-36 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(6).vir'
07/05/2018,16-37-36 [INFO] c:\users\**\desktop\infected\Samp_(6).vir
07/05/2018,16-37-36 [INFO] [DETECTION] file contains 'TR/Dropper.MSIL.lyeme'
07/05/2018,16-37-36 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(7).vir'
07/05/2018,16-37-36 [INFO] c:\users\**\desktop\infected\Samp_(7).vir
07/05/2018,16-37-36 [INFO] [DETECTION] file contains 'TR/Dropper.MSIL.zjqni'
07/05/2018,16-37-36 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(8).vir'
07/05/2018,16-37-36 [INFO] c:\users\**\desktop\infected\Samp_(8).vir
07/05/2018,16-37-36 [INFO] [DETECTION] file contains 'Adware/ELEX.qpnsv'
07/05/2018,16-37-36 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp_(9).vir'
07/05/2018,16-37-36 [INFO] c:\users\**\desktop\infected\Samp_(9).vir
07/05/2018,16-37-36 [INFO] [DETECTION] file contains 'TR/Dldr.AutoIt.zmiof'

复制代码

显示全部楼层 · 发表于 2018-7-6 07:38:59

BDkill39 78%
剩下5，12，21，22，25，29，32，38，44，45，46

显示全部楼层 · 发表于 2018-7-6 08:36:03

B100D1E55 发表于 2018-7-5 23:09
有点好奇你的样本来源。我在报毒列表里居然还看到了Kingsoft.D检测

我的wpsupdate……微步上只有ESET报了PUA

显示全部楼层 · 发表于 2018-7-6 09:04:46

阿拉爱宁波发表于 2018-7-5 21:15
智量 35/15
这货靠的什么？

特么真的玄学啊！不可思议

显示全部楼层 · 发表于 2018-7-6 09:17:02

我向智量官方email support@wisevector.com 反应问题被退信了…… 说是外星地址……

显示全部楼层 · 发表于 2018-7-6 09:35:59

panda killx34 68%

扫描正在扫描：C:\Users\llanoMe\Desktop\infected 2018/7/6 9:11 已启动
检测到潜在的不需要程序 PUP/InstallCore 位置：C:\Users\llanoMe\Desktop\infected\Samp (1).vir 2018/7/6 9:11 已抑制
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (10).vir 2018/7/6 9:11 已删除
检测到木马 Trj/CI.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (11).vir 2018/7/6 9:11 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\llanoMe\Desktop\infected\Samp (12).vir 2018/7/6 9:11 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\llanoMe\Desktop\infected\Samp (13).vir 2018/7/6 9:11 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\llanoMe\Desktop\infected\Samp (14).vir 2018/7/6 9:12 已删除
检测到木马未知名称位置：C:\Users\llanoMe\Desktop\infected\Samp (15).vir 2018/7/6 9:12 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (16).vir 2018/7/6 9:12 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (17).vir 2018/7/6 9:12 已删除
检测到木马 Trj/CI.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (18).vir 2018/7/6 9:12 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\llanoMe\Desktop\infected\Samp (2).vir 2018/7/6 9:12 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (20).vir 2018/7/6 9:12 已删除
检测到广告软件 Adware/AccesMembre 位置：C:\Users\llanoMe\Desktop\infected\Samp (23).vir 2018/7/6 9:12 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (26).vir 2018/7/6 9:12 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (27).vir 2018/7/6 9:12 已删除
检测到木马 Trj/CI.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (28).vir 2018/7/6 9:13 已删除
检测到木马 Trj/RnkBend.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (3).vir 2018/7/6 9:13 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (30).vir 2018/7/6 9:13 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (31).vir 2018/7/6 9:13 已删除
检测到木马 Trj/CI.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (33).vir 2018/7/6 9:13 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\llanoMe\Desktop\infected\Samp (35).vir 2018/7/6 9:13 已删除
检测到潜在的不需要程序 PUP/InstallCore 位置：C:\Users\llanoMe\Desktop\infected\Samp (36).vir 2018/7/6 9:13 已抑制
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (38).vir 2018/7/6 9:13 已删除
检测到木马 Trj/CI.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (4).vir 2018/7/6 9:13 已删除
检测到木马未知名称位置：C:\Users\llanoMe\Desktop\infected\Samp (40).vir 2018/7/6 9:13 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\llanoMe\Desktop\infected\Samp (41).vir 2018/7/6 9:13 已删除
检测到木马 Trj/CI.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (43).vir 2018/7/6 9:14 已删除
检测到木马 Trj/CI.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (44).vir 2018/7/6 9:14 已删除
检测到木马 Trj/RnkBend.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (47).vir 2018/7/6 9:14 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (48).vir 2018/7/6 9:14 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (49).vir 2018/7/6 9:14 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (6).vir 2018/7/6 9:14 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (7).vir 2018/7/6 9:14 已删除
检测到木马 Trj/CI.A 位置：C:\Users\llanoMe\Desktop\infected\Samp (9).vir 2018/7/6 9:14 已删除
扫描正在扫描：C:\Users\llanoMe\Desktop\infected 2018/7/6 9:14 已完成

复制代码

修改md5后 killx22 44%

[病毒样本] 样本集奉上_12

本帖子中包含更多资源