样本集奉上_17

显示全部楼层 · 发表于 2018-7-10 16:57:25

Jirehlov1234 发表于 2018-7-10 16:50
最好再把水分挤挤，你看那么多卡巴判白的。。。。。。

上千的样本，你来帮我挤吧。。。我没装卡巴，他是什么反应我怎么清楚？难道让我再装上BD、NS、ESET、红伞等等，然后都去挤一挤？

显示全部楼层 · 发表于 2018-7-10 17:00:15

Malwarebytes
6/20

File: 6
Trojan.PasswordStealer, C:\USERS\ADMINISTRATOR\DESKTOP\VIRUSSAMPLES_17\SAMP (13).VIR, No Action By User, [3582], [522639],1.0.5847
Trojan.Downloader, C:\USERS\ADMINISTRATOR\DESKTOP\VIRUSSAMPLES_17\SAMP (15).VIR, No Action By User, [846], [394054],1.0.5847
PUP.Optional.Jawego, C:\USERS\ADMINISTRATOR\DESKTOP\VIRUSSAMPLES_17\SAMP (8).VIR, No Action By User, [516], [348975],1.0.5847
Generic.Malware/Suspicious, C:\USERS\ADMINISTRATOR\DESKTOP\VIRUSSAMPLES_17\SAMP (3).VIR, No Action By User, [0], [392686],1.0.5847
RiskWare.BitCoinMiner, C:\USERS\ADMINISTRATOR\DESKTOP\VIRUSSAMPLES_17\SAMP (18).VIR, No Action By User, [920], [508940],1.0.5847
RiskWare.Agent, C:\USERS\ADMINISTRATOR\DESKTOP\VIRUSSAMPLES_17\SAMP (5).VIR, No Action By User, [3846], [368524],1.0.5847

显示全部楼层 · 发表于 2018-7-10 17:06:12

现在装智量做辅杀了，再上个智量的，只报3个，主贴已说过火绒不报，所以把样本发上来，请大家帮测一下。。

显示全部楼层 · 发表于 2018-7-10 17:50:35

瑞星安全云终端 11x
F:\VirusSamples_17\Samp (4).vir       Trojan.Agent.gdz
F:\VirusSamples_17\Samp (1).vir       Trojan.Indiloadz!8.E2E0
F:\VirusSamples_17\Samp (13).vir       Trojan.Tiggre!8.ED98
F:\VirusSamples_17\Samp (15).vir       Malware.Heuristic!ET#92%
F:\VirusSamples_17\Samp (17).vir       Malware.Heuristic!ET#92%
F:\VirusSamples_17\Samp (18).vir       PUA.CoinMiner!8.4639
F:\VirusSamples_17\Samp (2).vir       Exploit.CVE-2017-11882!8.EFC7
F:\VirusSamples_17\Samp (3).vir       Malware.Undefined!8.C
F:\VirusSamples_17\Samp (5).vir       Malware.Heuristic!ET#99%
F:\VirusSamples_17\Samp (8).vir       PUA.Jawego!8.DC9F
F:\VirusSamples_17\Samp (20).vir       Trojan.Turla!8.1C8

显示全部楼层 · 发表于 2018-7-10 18:54:45

Avira 10/20 50%

Start of the scan: 2018-07-10 06:53:48
07/10/2018,06-53-58 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (13).vir'
07/10/2018,06-53-58 [INFO] c:\users\**\desktop\infected\Samp (13).vir
07/10/2018,06-53-58 [INFO] [DETECTION] file contains 'TR/Drop.Agent.owatk'
07/10/2018,06-53-59 [INFO] The file 'c:\users\**\desktop\infected\Samp (15).vir' was scanned with the Protection Cloud. SHA256 = F7B51550E7C90847F1A4BC1014EBFC116342FF5C140283DCA27526B77D0DB638
07/10/2018,06-54-00 [INFO] The file 'c:\users\**\desktop\infected\Samp (16).vir' was scanned with the Protection Cloud. SHA256 = 58B73EC6A7812C6ACBB752E9E108C7E70A7938A5F9816847072D1AD7397215ED
07/10/2018,06-54-01 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (18).vir'
07/10/2018,06-54-02 [INFO] The file 'c:\users\**\desktop\infected\Samp (18).vir' was scanned with the Protection Cloud. SHA256 = 7E59A187782BA97E0805092BED4420E774A7BF64FFAD312B95CB885656637FFE
07/10/2018,06-54-02 [INFO] c:\users\**\desktop\infected\Samp (18).vir
07/10/2018,06-54-02 [INFO] [DETECTION] file contains 'PUA/CoinMiner'
07/10/2018,06-54-02 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (2).vir'
07/10/2018,06-54-02 [INFO] c:\users\**\desktop\infected\Samp (2).vir
07/10/2018,06-54-02 [INFO] [DETECTION] file contains 'EXP/M97M.Agent.oiena'
07/10/2018,06-54-02 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (20).vir'
07/10/2018,06-54-02 [INFO] c:\users\**\desktop\infected\Samp (20).vir
07/10/2018,06-54-02 [INFO] [DETECTION] file contains 'TR/Turla.ghjml'
07/10/2018,06-54-02 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (3).vir'
07/10/2018,06-54-02 [INFO] c:\users\**\desktop\infected\Samp (3).vir
07/10/2018,06-54-02 [INFO] [DETECTION] file contains 'TR/Crypt.ASPM.Gen'
07/10/2018,06-54-02 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (4).vir'
07/10/2018,06-54-02 [INFO] c:\users\**\desktop\infected\Samp (4).vir
07/10/2018,06-54-02 [INFO] [DETECTION] file contains 'OSX/Wirenet.A.1'
07/10/2018,06-54-03 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (5).vir'
07/10/2018,06-54-03 [INFO] The file 'c:\users\**\desktop\infected\Samp (5).vir' was scanned with the Protection Cloud. SHA256 = 8CBD16EB6AD744F0463991AFF04BBBB8CE7E51635DD68025788E9E63CA79D62B
07/10/2018,06-54-03 [INFO] c:\users\**\desktop\infected\Samp (5).vir
07/10/2018,06-54-03 [INFO] [DETECTION] file contains 'SPR/YouXun.8cbd16'
07/10/2018,06-54-04 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (6).vir'
07/10/2018,06-54-04 [INFO] The file 'c:\users\**\desktop\infected\Samp (6).vir' was scanned with the Protection Cloud. SHA256 = 1F0FD700853B5DA9F0D9449FBAFF8D63B97B9F7F2C813BE7615CD514CB35684A
07/10/2018,06-54-04 [INFO] c:\users\**\desktop\infected\Samp (6).vir
07/10/2018,06-54-04 [INFO] [DETECTION] file contains 'Adware/Agent.1f0fd7'
07/10/2018,06-54-04 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (7).vir'
07/10/2018,06-54-04 [INFO] c:\users\**\desktop\infected\Samp (7).vir
07/10/2018,06-54-04 [INFO] [DETECTION] file contains 'TR/Dldr.Delphi.ladck'
07/10/2018,06-54-04 [INFO] FP reports status 'NO False Positive' for file 'c:\users\**\desktop\infected\Samp (8).vir'
07/10/2018,06-54-04 [INFO] c:\users\**\desktop\infected\Samp (8).vir
07/10/2018,06-54-04 [INFO] [DETECTION] file contains 'PUA/Systweak.EL.512342'

复制代码

显示全部楼层 · 发表于 2018-7-10 19:21:27

eset开潜在 10/20

显示全部楼层 · 发表于 2018-7-10 20:01:30

Norton 11/20 55%

显示全部楼层 · 发表于 2018-7-10 20:03:33

www-tekeze 发表于 2018-7-10 16:49
照例来个安天的，11个。。

安天这么厉害的吗？

显示全部楼层 · 发表于 2018-7-10 20:04:49

静影沉璧发表于 2018-7-10 16:55
BDTS 2018 11/20

朋友，你这个BD有点特别

显示全部楼层 · 发表于 2018-7-10 20:33:05

本帖最后由 www-tekeze 于 2018-7-10 20:37 编辑

上一集安天报27个，检出率90%，是最高的，但今天火绒入库后只报10个，检出率33.3%，这要如何解释呢？
各家的入库策略不一样吧，不多评说。。

忘记点就回复了，艾特下。。@病毒探索者

[病毒样本] 样本集奉上_17

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块