#PACKAGE 0706

sololpchina

wd 22：36
Sample（24/26）  92%
剩余10、20
今天扫描病毒时占用资源比较多。。。而且弹出如下窗口

嶝鄇

360 total security kill 12...比国内版差太多了吧...
联想电脑管家 kill 4

救命稻草

                瑞星反恶软引擎命令行扫描器（社区交流版）                 
                                                                     

编译于：Sep 22 2017   15:07:50

提示：
  - 本工具供社区交流使用，请勿用于其他用途
  - 本工具没有恶意软件删除、清除、隔离功能
  - 本工具包含开发中的新特性，结果仅供参考

* 命令行中的选项开关：-output-json -log=F:\瑞星新引擎x64 18.2.4\ScanLog_180706231633.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) F:\PACKAGE 0706

* 加载恶软签名库： F:\瑞星新引擎x64 18.2.4/malware.rmd
* 恶软签名库加载成功，发布序号为 4537
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Fri Jul 06 23:16:36 2018

{"filename":"F:\\PACKAGE 0706\\0706(13).exe","infect":{"engine":"rdmk","signature":"cmRtazrHDMG4j6/HCh4ohBFMQfl4","threat":"Malware.Heuristic!ET#91%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(16).exe","infect":{"engine":"rdmk","signature":"cmRtazogz2Retsupw0nd0Do+7FDQ","threat":"Malware.Heuristic!ET#92%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(15).exe","infect":{"engine":"rdmk","signature":"cmRtazrQ8YJHOjFxBsnbHxzlpEz1","threat":"Malware.Heuristic!ET#95%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(11).exe","infect":{"engine":"tfe","signature":"dGZlOgXTwcnBAEBpQg","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(10).exe","type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(17).exe","infect":{"engine":"rdmk","signature":"cmRtazr+nDIg2MWuRTtz+9HgO4cE","threat":"Malware.Heuristic!ET#94%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(14).exe","infect":{"engine":"rdmk","signature":"cmRtazrKMnZ5Iu/4/vSyCudCBUek","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(12).exe","infect":{"engine":"rdmk","signature":"cmRtazrmKP1BDp8lDd6eHI2rXyhL","threat":"Malware.Heuristic!ET#96%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(1).exe","type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(2).exe","infect":{"engine":"tfe","signature":"dGZlOgVw7ZZ02Ny74Q","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(19).exe","infect":{"engine":"rdmk","signature":"cmRtazqmqSIrJ9TKae4V9n9g3L0u","threat":"Malware.Heuristic!ET#90%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(18).exe","infect":{"engine":"rdmk","signature":"cmRtazpf3k/gUdXfH1mVWd66r23u","threat":"Malware.Heuristic!ET#94%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(20).exe","infect":{"engine":"rdmk","signature":"cmRtazqOuHcdVl2rOI5lJI1F9xuV","threat":"Malware.Heuristic!ET#85%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(23).exe","infect":{"engine":"rdmk","signature":"cmRtazr/RLHLfjZWppzWqGU0dywe","threat":"Malware.Heuristic!ET#96%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(22).exe","infect":{"engine":"rdmk","signature":"cmRtazri1xxc/xYjwWYWzDZhH3aa","threat":"Malware.Heuristic!ET#90%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(24).exe","infect":{"engine":"rdmk","signature":"cmRtazoIRc3PcqgAS9WDCp7pT0A4","threat":"Malware.Heuristic!ET#96%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(26).exe","infect":{"engine":"rdmk","signature":"cmRtazpUSWEuHq/EaV4ebuJagQZ8","threat":"Malware.Heuristic!ET#84%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(21).exe","infect":{"engine":"tfe","signature":"dGZlOgXTwcnBAEBpQg","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(3).exe","infect":{"engine":"tfe","signature":"dGZlOgQKz5Dc0rbgbA","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(4).exe","infect":{"engine":"tfe","signature":"dGZlOgVw7ZZ02Ny74Q","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(6).exe","infect":{"engine":"tfe","signature":"dGZlOgVw7ZZ02Ny74Q","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(5).exe","infect":{"engine":"rdmk","signature":"cmRtazpzx3I2SsoeIeg18Qi4hKAR","threat":"Malware.Heuristic!ET#86%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(9).exe","infect":{"engine":"rdmk","signature":"cmRtazqP/VRkUad9DlfX3Vy+jvbU","threat":"Malware.Heuristic!ET#95%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(7).exe","infect":{"engine":"rdmk","signature":"cmRtazqfZKaREq8GBXkGGvecH1Az","threat":"Malware.Heuristic!ET#88%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(8).exe","infect":{"engine":"rdmk","signature":"cmRtazoOUOwVFFBYcF6HS9ZWwbWH","threat":"Malware.Heuristic!ET#85%"},"type":"scan"}
{"filename":"F:\\PACKAGE 0706\\0706(25).exe","type":"scan"}

扫描结束: Fri Jul 06 23:16:36 2018

总扫描耗时: 0:0:449(m:s:ms)
总扫描对象: 29
总扫描文件: 26
总恶意文件: 23
有效检出率: 88.46%

Picca

22:42 begin
卡巴斯基 扫描 13 + 双击
1 常驻内存，没什么占用，重启消失，时间23:07 UDS:DangerousObject.Multi.Generic，VT上查不到md5，卡巴自己捕获或者双击上传检出的
2 自删除，创建重启也常驻的labonly.exe，外联24.173.127.246
4 自删除，创建重启也常驻的labonly.exe，遇见2创建的，短暂外联后退出
6 自删除，创建重启也常驻的labonly.exe，杀掉2创建的，外联187.167.192.22
8 自删除，短暂调用cmd.exe后退出，时间23:07，UDS:Trojan-banker.Win32.Shioto.sb
9 杀掉回滚
10 需要java，运行失败
12 常驻内存，没什么占用，23:07 UDS:Trojan-Spy，VT上查不到md5，卡巴自己捕获或者双击上传检出的
13 高占用运行一段时间后，退出，23:07 UDS:Trojan-downloader，VT上查不到md5，卡巴自己捕获或者双击上传检出的
14 自删除，创建重启也常驻的labonly.exe，杀掉6创建的，外联187.167.192.22，时间23:07 labonly.exe被检测出UDS:Trojan-banker.Win32.Emotet.sb，VT上查不到md5，卡巴自己捕获或者双击上传检出的
18 杀掉回滚
19 杀掉回滚 PDM bazon.a 云拉黑报法，VT上查不到md5，卡巴自己捕获或者双击上传检出的
20 杀掉回滚 PDM badur.a


总结：
1.样本2、4、6、14为同一家族，行为相似，都是后门型的低权限外联木马。卡巴双击MISS后，大概20几分钟后，常驻外联程序labonly.exe被UDS检出

2.几次测试已经可以确定，卡巴现在的云鉴定已经是小时级别的，杀不掉的免杀过的病毒，双击后会很快触发UDS云杀。个人猜测对于脚本小子来说，除了效果立竿见影的破坏性病毒（比如勒索），一般病毒想持久免杀联网的卡巴已经很难了。楼主的样本截至23:15只有样本10没有检出了，可能是由于测试电脑没有java，没运行成功触发上传自动机

petr0vic

Emsisoft
24/26

1. 0706(10).exe -> (ZIP Sfx o) -> Project4.class          Java.Trojan.GenericGB.25466 (B) [krnl.xmd]
   
2. 0706(13).exe          Trojan.Injector (A) [294585]
   
3. 0706(11).exe          Trojan.Injector (A) [294604]
   
4. 0706(12).exe          Trojan.GenericKD.31054562 (B) [krnl.xmd]
   
5. 0706(14).exe          Trojan.GenericKD.31054489 (B) [krnl.xmd]
   
6. 0706(16).exe          Trojan.Injector (A) [294585]
   
7. 0706(18).exe          Trojan.Injector (A) [294584]
   
8. 0706(2).exe          Trojan.Emotet (A) [294582]
   
9. 0706(20).exe          Trojan.GenericKD.31049335 (B) [krnl.xmd]
   
10. 0706(17).exe          Gen:Heur.MSIL.Krypt.2 (B) [krnl.xmd]
    
11. 0706(22).exe          Trojan.Injector (A) [294585]
    
12. 0706(21).exe          Trojan.Injector (A) [294604]
    
13. 0706(15).exe          Gen:Variant.Strictor.167474 (B) [krnl.xmd]
    
14. 0706(24).exe          Trojan.GenericKD.31051620 (B) [krnl.xmd]
    
15. 0706(25).exe          Trojan.GenericKD.31056737 (B) [krnl.xmd]
    
16. 0706(26).exe          Trojan.GenericKD.31055352 (B) [krnl.xmd]
    
17. 0706(23).exe          Trojan.GenericKD.31051211 (B) [krnl.xmd]
    
18. 0706(4).exe          Trojan.Emotet (A) [294582]
    
19. 0706(6).exe          Trojan.Emotet (A) [294582]
    
20. 0706(8).exe          Trojan.GenericKD.31051286 (B) [krnl.xmd]
    
21. 0706(5).exe          Gen:Variant.Razy.355383 (B) [krnl.xmd]
    
22. 0706(9).exe          Trojan.GenericKD.31055711 (B) [krnl.xmd]
    
23. 0706(7).exe          Gen:Heur.Jintor.1 (B) [krnl.xmd]
    
24. 0706(3).exe          Gen:Variant.Razy.358931 (B) [krnl.xmd]

复制代码

小飞侠.net

火绒安全---（ Windows 7 Ultimate with SP1 简体中文旗舰版....）：部分未知文件已发送到seclab@huorong.cn，等处理中。。。

病毒库：2018-07-06 16:16
开始时间：2018-07-07 09:29
总计用时：00:00:10
扫描对象：173个
扫描文件：26个
发现风险：4个
已处理风险：0个
发现系统修复项：0个
处理系统修复项：0个

病毒详情

风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(14).exe, 病毒名：HEUR:VirTool/Obfuscator.gen!B, 病毒ID：[2d18551aef762f90], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(17).exe, 病毒名：HEUR:Trojan/MSIL.Injector.a, 病毒ID：[b8e5a5ec3767301b], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(26).exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：[b27d4294cde6a1ec], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(8).exe, 病毒名：HEUR:VirTool/Obfuscator.gen!C, 病毒ID：[9f7c74f7afee22c], 处理结果：已忽略

文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706.zip
文件大小: 6.60 MB (6,923,819 字节)
修改时间: 2018年07月07日，09:26:50
MD5: EF7BC4924F056743DE8DBF4E94703E87
SHA1: 64CEF439AB89FD2CFED53C4EFC6F303A08688FBD
SHA256: FCE3234A366259AA01E6F640698A93E855F75A8A133CA86C2FDE4DFB177FCC29
SHA512: 5D9FC5A95526ACFC4537E6C334BEB5392B6E1D6B45414344E9C883E1CA54129AA12CC09CBF494A4D9DFF31AEDC5618E4F302F2B1606CB1D03DEE9DE1A6A190F9
CRC32: EE854FA4
计算时间: 0.44s

---
Dr.Web CureIt! 简体中文绿色免费版---（ Windows 7 Ultimate with SP1 简体中文旗舰版....）：

-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\21873414A -rpcpr:np

Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706


>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(10).exe is ZIP archive
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(10).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(10).exe - archive
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(14).exe - infected with Trojan.Emotet.272
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(14).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(12).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(17).exe is BINARYRES container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(20).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(2).exe - infected with Trojan.EmotetENT.252
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(2).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(18).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(17).exe\data002 - infected with Trojan.PWS.Stealer.13025
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(17).exe - infected container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(15).exe - infected with Trojan.Nanocore.23
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(15).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(13).exe - infected with Trojan.Inject1.54688
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(13).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(19).exe - packed by FLY-CODE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(19).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(11).exe - infected with Trojan.PWS.Stealer.24225
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(11).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(16).exe - infected with Trojan.VbCryptENT.1655
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(16).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(22).exe - infected with Trojan.PWS.Stealer.1932
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(22).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(23).exe - infected with Trojan.Inject1.54688
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(23).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(26).exe - infected with Trojan.PWS.Stealer.23950
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(26).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(4).exe - infected with Trojan.EmotetENT.252
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(4).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(21).exe - infected with Trojan.PWS.Stealer.24225
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(21).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(24).exe - infected with Trojan.DownLoader19.57204
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(24).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(7).exe - infected with Trojan.Inject2.62326
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(7).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(1).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(5).exe - infected with Trojan.Siggen7.42178
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(5).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(8).exe - infected with Trojan.Encoder.24384
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(8).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(3).exe - infected with Trojan.Trick.45128
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(3).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(6).exe - infected with Trojan.EmotetENT.252
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(6).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(25).exe - packed by PESTUB
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(9).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(9).exe\data001 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(9).exe\data002 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(9).exe\data003 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(9).exe - container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(25).exe - packed by FLY-CODE
>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(25).exe - packed by VMPROTECT
>>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(25).exe is BINARYRES container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0706\0706(25).exe - container

Total 11652273 bytes in 26 files scanned (32 objects)
Total 8 files (13 objects) are clean
Total 18 files are infected--是谁又上传VirusTotal？？建议PM楼主分享解压密码
Scan time is 00:00:04.867
@191196846

UBitch

趋势干掉10个，其余已上报

www-tekeze

火绒已有，那我上个安天的，但因改了MD5，所以。。

dolphin

180706
锁库
扫描 6/26

双击情况
3 植入型木马 高风险
5 植入型木马 低风险
7 植入型木马 低风险
8 病毒 中风险
9 10 无法运行
12 13 miss
14 自删除 报衍生物 infected
15 植入型木马 低风险 报衍生物 clean
16 17 18 19 20 22 miss
23 24 25无法运行
26 miss

Total 11/26

病毒库180706191255
扫描 6/26

3 植入型木马 中风险
5 植入型木马 低风险
7 植入型木马 低风险
8 病毒 中风险
9 10 无法运行
12 13 miss
14 自删除 报衍生物 clean
15 植入型木马 低风险
16 17 18 19 20 22 miss
23 24 25无法运行
26 miss

Total 12/26

这次多测了更新至“最新”病毒库的扫描和双击，感觉更新病毒库还削弱了，该miss还是miss

帝辛

Karna 发表于 2018-7-6 23:38
22:42 begin
卡巴斯基 扫描 13 + 双击
1 常驻内存，没什么占用，重启消失，时间23:07 UDS:DangerousObjec ...

卡巴仗着自己有回滚。现在的策略都是跑N久之后。杀掉回滚。。
勒索这些破坏强的。几秒钟就触发回滚。
小动作。在后台N久。云鉴定GG。
卡巴是真的强。
不过还是比不上BD的敏感程度。BD是。打开马上触发GG。可惜没有回滚。给人一种。已经修改了我的文件然后我该怎么办的感觉。2018说加了回滚。反正从来没触发过。
还是卡巴好用。误报低。但是策略太宽了。有时候又不给我ESET防止流氓的安全感。
如果卡巴也杀流氓。那该多好啊。