收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0731
123456下一页
返回列表 发新帖
楼主: Jerry.Lin
 收起左侧

[病毒样本] #PACKAGE 0731

[复制链接]
心痛的伤不起
发表于 2018-7-31 22:51:19 | 显示全部楼层
驭龙 发表于 2018-7-31 21:25
WD 4.18.1807版本,21点22分
21/23=91.30%
保护级别:高+

为啥我的wd现在还是剩11个呢吗,云调的高啊,这还真是不能用a
回复

举报

静影沉璧
发表于 2018-7-31 22:53:46 | 显示全部楼层
191196846 发表于 2018-7-31 22:23
那没错了,信誉封锁

这个你在设置中把 “自动切换防护等级”这个改为“普通”,然后再双击

改成普通后,趋势被当场打回原形,果然是云安全软件。。。
扫描:6/23
双击:KILL 7X
Total:13/23=57%
这回日志正常了(蓝色为病毒本体,其余目测是某些样本运行后的衍生物):
2018/7/31 22:25,TSPY_HPLOKI.SMBD,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(2).exe,已移除,手动扫描,,,,
2018/7/31 22:25,TSPY_HPLOKI.SM1,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(12).exe,已移除,手动扫描,,,,
2018/7/31 22:25,TSPY_HPLOKI.SMBD,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(5).exe,已移除,手动扫描,,,,
2018/7/31 22:25,TSPY_HPLOKI.SM1,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(13).exe,已移除,手动扫描,,,,
2018/7/31 22:25,TSPY_HPLOKI.SM1,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(8).exe,已移除,手动扫描,,,,
2018/7/31 22:25,TSPY_HPLOKI.SM1,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(14).exe,已移除,手动扫描,,,,
2018/7/31 22:26,HEU_FALCONTroj.Win32.Gen.XXBM100FF004,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(1).exe,已移除,实时扫描,,,,
2018/7/31 22:28,HEU_AEGISCS922,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(6).exe,已移除,实时扫描,,,,
2018/7/31 22:28,HEU_CDPLC016,威胁,C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\window.task.vbs,已移除,关联扫描,,,,
2018/7/31 22:29,HEU_CDPLCEXT,威胁,C:\Users\Administrator\AppData\Roaming\The MONY Group Inc\The MONY Group Inc.exe,已移除,关联扫描,,,,
2018/7/31 22:31,HTTP_LOKI_REQUEST,威胁,C:\users\administrator\desktop\package 0731\0731(11).exe,已移除,网络内容扫描,,,,
2018/7/31 22:31,HEU_AEGISCS010,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(18).exe,已移除,实时扫描,,,,
2018/7/31 22:31,HEU_AEGISCS010,威胁,c:\windows\win.ini,已移除,实时扫描,,,,
2018/7/31 22:32,HEU_AEGISCS957,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(19).exe,已移除,实时扫描,,,,
2018/7/31 22:33,HEU_AEGISCS219,威胁,C:\Users\Administrator\Desktop\PACKAGE 0731\0731(22).exe,已移除,实时扫描,,,,
2018/7/31 22:43,HEU_CDPLCEXT,威胁,C:\Users\Administrator\AppData\Roaming\Di Giorgio Corporation\Di Giorgio Corporation.exe,已移除,关联扫描,,,,
2018/7/31 22:43,HEU_CDPLC016,威胁,C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\microsoft.vbs,已移除,关联扫描,,,,
2018/7/31 22:44,HEU_AEGISCS976,威胁,c:\users\administrator\desktop\package 0731\0731(17).exe,已移除,实时扫描,,,,

剩余样本双击结果:除21号样本运行后即停止工作,23号样本改EXE后提示不是有效的win32位应用程序以外,其余均驻留内存。

评分

参与人数 3人气 +5 收起 理由
驭龙 + 1 这才是AEGIS啊
Sailer.X + 3 版区有你更精彩: )
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

YU2711
发表于 2018-7-31 23:34:28 | 显示全部楼层
SEP    23:3018/23
双击(1 2 8 21 23)
MISS(1)  (23)运行不了
2SONAR.AM.E!g17
8SONAR.SuspLaunch!g12
21SONAR.Heur.RGC!g298

TOTAL 21/23
回复

举报

小飞侠.net
发表于 2018-8-1 00:01:45 | 显示全部楼层
本帖最后由 小飞侠.net 于 2018-8-1 01:34 编辑
www-tekeze 发表于 2018-7-31 21:19
火绒,1/23,4.3% 。。

多少是少一些,但实际上一般在家用,一般遇不上,只要不去挂马网站,是平时那几个网站没事的。

++++++++++++++++

火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn,等处理中。。。


病毒库:2018-07-31 16:29
开始时间:2018-08-01 00:06
总计用时:00:00:20
扫描对象:1642个
扫描文件:23个
发现风险:1个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个

病毒详情

风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(3).exe, 病毒名:HVM:VirTool/Obfuscator.gen!A, 病毒ID:[b27d4294cde6a1ec], 处理结果:已忽略

文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731.zip
文件大小: 18.1 MB (19,039,194 字节)
修改时间: 2018年08月01日,00:03:05
MD5: C0661B59AB72A8A8A6750183D1510AD2
SHA1: 05BF3D893F98EDC876C310D126347C507CB42EE4
SHA256: 04000C29A9BE4EFD0573DF736E61428E67A07CE68812D34409505B65EF7FDE9B
SHA512: 040125BC75553CDC33698ACAB1840E9E9125B5F278B2162F4D7DB6B4CD3CC4317BC2E6BE088433EA0818AE62CA7E79030F660D532BEB84A39593E739F050437C
CRC32: BC557FFA
计算时间: 0.86s

Dr.Web CureIt! 简体中文绿色免费版---( Windows 7 Ultimate with SP1 简体中文旗舰版....):

-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\2E499E132 -rpcpr:np

Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:

>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(15).exe - packed by FLY-CODE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(15).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(16).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(11).exe - infected with Trojan.PWS.Stealer.23680
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(11).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(10).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(10).exe\data001 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(10).exe\data002 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(10).exe\data004 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(10).exe - container
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(12).exe - packed by UPX
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(13).exe - packed by UPX
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(12).exe - infected with Trojan.PWS.Stealer.18836
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(12).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(14).exe - packed by UPX
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(17).exe - infected with Trojan.PWS.Stealer.23680
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(17).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(14).exe - infected with Trojan.PWS.Stealer.18836
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(14).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(13).exe - infected with Trojan.PWS.Stealer.18836
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(13).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(19).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(4).exe - infected with Trojan.PWS.Stealer.23680
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(4).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(22).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(22).exe\data001 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(22).exe\data002 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(22).exe\data004 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(22).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(18).exe - infected with BackDoor.Remcos.1
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(18).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(3).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(2).exe - infected with Trojan.PWS.Stealer.23680
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(2).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(9).exe - packed by FLY-CODE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(9).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(20).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(20).exe\data001 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(20).exe\data002 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(20).exe\data004 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(20).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(6).exe - infected with Trojan.PWS.Stealer.23680
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(6).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(5).exe - infected with Trojan.PWS.Stealer.23680
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(5).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(1).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(8).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(7).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data001 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data002 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data003 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data004 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data005 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data006 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data007 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data008 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data009 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data010 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data011 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll\data012 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(23).dll - container
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(21).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(21).exe\data001 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(21).exe\data002 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(21).exe\data003 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731\0731(21).exe - container

Total 43620741 bytes in 24 files scanned (126 objects)
Total 14 files (116 objects) are clean
Total 10 files are infected....?从昨天到现在为止,没人上传VirusTotal!
Scan time is 00:00:05.283


ESET Smart Security Premium 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):

日志
正在扫描日志
检测引擎的版本: 17806P (20180731)
日期: 2018-08-01  时间: 1:12:10
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(1).exe - Win32/GenKryptik.CGTH 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(10).exe - MSIL/Injector.TVD 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(11).exe - Win32/Injector.DZNP 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(12).exe - Win32/Injector.DZMV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(13).exe - Win32/Injector.DZMV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(14).exe - Win32/Injector.DZMV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(15).exe - Win32/Kryptik.GJJE 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(17).exe - Win32/Injector.DZNK 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(18).exe - Win32/GenKryptik.CGEF 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(19).exe - Win32/Injector.DZNR 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(2).exe - Win32/Injector.DZMZ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(20).exe - MSIL/Kryptik.PAI 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(22).exe - MSIL/Injector.TVD 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(23).dll - MSIL/Spy.Agent.AES 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(3).exe - Win32/Spy.Ursnif.BW 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(4).exe - Win32/Injector.DZNK 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(5).exe - Win32/Injector.DZMZ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(6).exe - Win32/Injector.DZNK 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(7).exe - Win32/Spy.Agent.PME 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(8).exe - Win32/PSW.Fareit.L 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(9).exe - Win32/GenKryptik.CGUH 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 23
发现的威胁数: 21
已清除对象数: 21
完成时间: 1:12:49  总扫描时间: 39 秒 (00:00:39)

备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。


Emsisoft Emergency Kit - 版本 2018.6
上次更新: 2018-07-31 23:53:25
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10 x64

Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
    Bitdefender(B)+Emsisoft(A) 双引擎

扫描设置:

扫描方式: 自定义扫描
对象: Rootkits, C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\

检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off

扫描开始于:        2018-08-01 1:17:53
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(11).exe         发现风险: Trojan.Injector (A) [294905]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(15).exe         发现风险: Trojan.Emotet (A) [294903]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(14).exe         发现风险: Trojan.GenericKD.40352684 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(18).exe         发现风险: Trojan.Injector (A) [294780]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(1).exe         发现风险: Gen:Variant.Ursu.259132 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(17).exe         发现风险: Trojan.Agent.DCMQ (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(13).exe         发现风险: Gen:Variant.Ursu.262650 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(12).exe         发现风险: Gen:Variant.Ursu.262650 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(20).exe         发现风险: Gen:Variant.Barys.16547 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(22).exe         发现风险: Trojan.GenericKD.40352649 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(2).exe         发现风险: Gen:Variant.Strictor.169372 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(4).exe         发现风险: Trojan.Agent.DCMQ (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(19).exe         发现风险: Gen:Variant.Ursu.263278 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(23).dll         发现风险: Gen:Variant.Ursu.128726 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(6).exe         发现风险: Trojan.Agent.DCMQ (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(5).exe         发现风险: Gen:Variant.Strictor.169372 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(21).exe         发现风险: Gen:Variant.MSILPerseus.101138 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(9).exe         发现风险: Trojan.Emotet (A) [294903]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(7).exe         发现风险: Gen:Variant.Razy.356257 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(8).exe         发现风险: Trojan.Lethic.Gen.7 (B) [krnl.xmd]

已扫描        617
发现        20

扫描完成后:        2018-08-01 1:18:06
扫描时间:        0:00:13

X-Sec Antivirus ---(Windows 10 Creators Update(Redstone 4)....1803):

Basic Info:
---------------------
Database Version: 2018.07.24.01
Program Version: 2.1.1.0
Heuristic Engine: Enabled
Cloud Engine: Enabled
Enhanced Mode: Disabled
Backup Before Resolve: Yes
Resolve Threats: Scan only
Scan Priority: Normal
---------------------
Targets:
---------------------
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002
---------------------
2018-08-01 01:28:14 Threat Detected: C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(21).exe -- [Classic] Hacktool.Win32.Confuser.Aa
2018-08-01 01:28:15 Threat Detected: C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(3).exe -- [Heuristic] Heur:Trojan.Dropper.Gen.5
2018-08-01 01:28:24 Threat Detected: C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002\PACKAGE 0731\0731(23).dll -- [Heuristic] Heur:Trojan.Ransom.Generic


    瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)     

                瑞星反恶软引擎命令行扫描器(社区交流版)                 


编译于:Sep 22 2017   15:07:50

提示:
  - 本工具供社区交流使用,请勿用于其他用途
  - 本工具没有恶意软件删除、清除、隔离功能
  - 本工具包含开发中的新特性,结果仅供参考

* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180801012155.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\PACKAGE 0731Obfuscator0002

* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4683
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Wed Aug 01 01:23:10 2018

{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(10).exe","infect":{"engine":"md5","signature":"bWQ1OhDRu2H0K2OHOFdaqk6KMHE","threat":"Trojan.Generic!8.C3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(12).exe","infect":{"engine":"md5","signature":"bWQ1OjhQIFFKnI+JB4A4Gq7+3l0","threat":"Trojan.Azden!8.F0E3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(11).exe","infect":{"engine":"rdmk","signature":"cmRtazpmlGcbs4ex9/1wEm9e+ZLX","threat":"Trojan.Fuerboos!8.EFC8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(13).exe","infect":{"engine":"md5","signature":"bWQ1OoZfNB+FIMC1lF9ponbhSF8","threat":"Trojan.Azden!8.F0E3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(15).exe","infect":{"engine":"md5","signature":"bWQ1OvAQqTU2dE3xjhazP6koQAM","threat":"Trojan.Vucha!8.E18A"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(16).exe","infect":{"engine":"md5","signature":"bWQ1OhEy+8xP33GEAlMYmtLgJqA","threat":"Trojan.Generic!8.C3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(1).exe","infect":{"engine":"md5","signature":"bWQ1OirCZGp6UJa1yAgKff/UXhY","threat":"Trojan.Inject!8.103"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(14).exe","infect":{"engine":"md5","signature":"bWQ1Ou/CoX7K6uhFn3K/JIaobvs","threat":"Trojan.Azden!8.F0E3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(18).exe","infect":{"engine":"md5","signature":"bWQ1Ojeh4hAKy6kdSVzTcLSREd0","threat":"Trojan.Khalesi!8.F103"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(20).exe","infect":{"engine":"md5","signature":"bWQ1Ooxlhx20ENWqbuCQZY3e5+k","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(22).exe","infect":{"engine":"md5","signature":"bWQ1OntmsQ5aekzbXyOrzBI7pFA","threat":"Trojan.Generic!8.C3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(19).exe","infect":{"engine":"md5","signature":"bWQ1Opi/ow0Vwz5zU5iQVPbeYU8","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(2).exe","infect":{"engine":"rdmk","signature":"cmRtazpcJVAtLqBEgkc3xPeqM4uX","threat":"Malware.Heuristic!ET#83%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(3).exe","infect":{"engine":"md5","signature":"bWQ1OgwPD0CJY3fr5yZPEW5GhWU","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(4).exe","infect":{"engine":"rdmk","signature":"cmRtazp92mHiwqa05VKH/6WOR1B0","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(5).exe","infect":{"engine":"rdmk","signature":"cmRtazp7we/3h3RKUqrJUl1wEAvw","threat":"Malware.Heuristic!ET#83%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(21).exe","infect":{"engine":"md5","signature":"bWQ1Oj5ucS2GTe9+Osxv5J1Pf5w","threat":"HackTool.Agent!8.335"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(6).exe","infect":{"engine":"rdmk","signature":"cmRtazoonIPa5Khg7LyCLKfxibiY","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(23).dll","infect":{"engine":"md5","signature":"bWQ1Ojao0EKFdL5N1M4y9beJELY","threat":"Backdoor.Quasar!8.EF2E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(7).exe","infect":{"engine":"md5","signature":"bWQ1OiRjpytJ7DXIRRgbKixCqII","threat":"Spyware.Agent!8.C6"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(9).exe","infect":{"engine":"md5","signature":"bWQ1OhGpeHITol4luoO3/8tg/3k","threat":"Trojan.Vucha!8.E18A"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(17).exe","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0731Obfuscator0002\\PACKAGE 0731\\0731(8).exe","infect":{"engine":"md5","signature":"bWQ1OpDbWzIP/6LOOjAhpfSA18k","threat":"Trojan.Kryptik!8.8"},"type":"scan"}

扫描结束: Wed Aug 01 01:23:12 2018

总扫描耗时: 0:1:475(m:s:ms)
总扫描对象: 23
总扫描文件: 23
总恶意文件: 22
有效检出率: 95.65%


回复

举报

Tom179090
发表于 2018-8-1 01:23:20 | 显示全部楼层
NS,解压自动防护kill 20,剩余 8, 21,23。 检测率:20/23≈87%

双击:
8 : SONAR.SuspLaunch!g12
21:SONAR.Heur.RGC!g298
剩余23
总检测率:22/23≈95%。

回复

举报

540923555
发表于 2018-8-1 08:36:22 | 显示全部楼层
驭龙 发表于 2018-7-31 21:25
WD 4.18.1807版本,21点22分
21/23=91.30%
保护级别:高+

和你相同配置,1803版,,,MISS10,看来我这里WD有问题了
回复

举报

驭龙
发表于 2018-8-1 09:07:17 | 显示全部楼层
540923555 发表于 2018-8-1 08:36
和你相同配置,1803版,,,MISS10,看来我这里WD有问题了

而且我这次不是edge下载,不存在未知信誉封锁的情况呢
回复

举报

540923555
发表于 2018-8-1 09:33:16 | 显示全部楼层
驭龙 发表于 2018-8-1 09:07
而且我这次不是edge下载,不存在未知信誉封锁的情况呢

我知道,看来我的WD又要重置了
回复

举报

驭龙
发表于 2018-8-1 09:39:05 | 显示全部楼层
540923555 发表于 2018-8-1 09:33
我知道,看来我的WD又要重置了

不过我也奇怪,另一个用户也是跟你一样啊,难道是云不稳定?或者被墙了?我这里全部是云杀,其中三个报毒名就干掉十八个样本
回复

举报

540923555
发表于 2018-8-1 09:43:14 | 显示全部楼层
驭龙 发表于 2018-8-1 09:39
不过我也奇怪,另一个用户也是跟你一样啊,难道是云不稳定?或者被墙了?我这里全部是云杀,其中三个报毒 ...

间隙抽风吧。。。就像我那天改了组策略,立马好了两天
回复

举报

下一页 »
123456下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 22:40 , Processed in 0.109970 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表