purchase Order

boluo

PW: infected

这种利用office漏洞的，是不是我更新了新的补丁安装包就不会有影响了？

诸葛亮

卡巴 HEUR:Exploit.MSWord.CVE-2010-3333.gen

Jerry.Lin

1. 2018-07-31 21:36:09        C:\Users\zhong\Downloads\Compressed\VIRUS TEST\卡饭\purchase Order.zipThe file has been deleted. You could recover this file from quarantine as needed        virus.exp.20103333

复制代码

漏洞攻击的话绝大部分打好补丁就没事，零日除外
当然还有宏->powershell/cmd 这样的payload,一般OFFICE有自带保护机制，不要手贱打开陌生宏即可

EnZhSTReLniKoVa

小红伞 解压 直接隔离 并阻止注册表访问

WHALE-FALL

BitDefender Log File


Product : Bitdefender Internet Security
Scanning task : Contextual Scan
Log date : 2018年7月31日 21:41:34
Log path : 1533044470_1_02.xml


Scan Paths:
Path :purchase Order.zip


[-]Scan Results

[-]Resolved issues:
Object Path Threat Name Final Status

purchase Order.zip=>purchase Order.doc Trojan.Exploit.ANVZ Deleted


[-]Detailed Scan Summary

[-]Basic
Scanned items : 2
Infected items : 1
Suspicious items : 0 (no suspected items have been detected)
Resolved items : 1
Unresolved items : 0 (no issues remained unresolved)

[-]Advanced
Scan time : 0: 0: 01
Files per second : 2
Skipped items : 0
Password-protected items : 0
Overcompressed items : 0
Scanned archives : 0
Input-output errors : 0
Scanned boot sectors : 0
Scanned processes : 0
Infected processes : 0
Scanned registry keys : 0
Infected registry keys : 0
Scanned cookies : 0
Infected cookies : 0


[-]Scan Options

[-]Target Threat Types:
Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No
Scan for keyloggers : Yes

[-]Target Selection Options:
Scan registry keys : No
Scan cookies : No
Scan boot sectors : No
Scan memory processes : No
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions : none configured
Excluded extensions : none configured

[-]Target Processing:
Default primary action for infected objects : None
Default secondary action for infected objects : None
Default primary action for suspicious objects : None
Default secondary action for suspicious objects : None
Default action for hidden objects : None
Default action for password-protected objects : Prompt for password

[-]Scan engines summary
Number of virus signatures : 12324012

ELOHIM

Exploit:Win32/CVE-2010-3333

欧阳宣

avast

Other:Malware-gen [Trj]

YU2711

SEP

W97M.Downloader

WhiteCruel

ESET

Win32/Exploit.Agent.NOQ

驭龙

君陌潇 发表于 2018-7-31 21:43
小红伞 解压 直接隔离 并阻止注册表访问

红伞也太不智能了吧，解压的文件，没有运行，咋就访问注册表了？