楼主: Jerry.Lin
收起左侧

[病毒样本] #PACKAGE 0802

  [复制链接]
帝辛
发表于 2018-8-2 19:49:18 | 显示全部楼层
ELOHIM 发表于 2018-8-2 19:31
大佬,请提示哪个是SE壳的。。。谢谢

举个例子。。这里可能没有SE。
ELOHIM
发表于 2018-8-2 19:50:08 | 显示全部楼层
帝辛 发表于 2018-8-2 19:49
举个例子。。这里可能没有SE。

好的。。。
不过怎么识别SE呢?
ELOHIM
发表于 2018-8-2 19:54:58 | 显示全部楼层


wiep kill 10
剩下的:
2018-08-02  18:52           131,587 0802(16).exe
2018-08-02  18:52           169,043 0802(7).exe
2018-08-02  18:52           210,435 0802(12).exe
2018-08-02  18:52           282,627 0802(9).exe
2018-08-02  18:52           315,395 0802(21).exe
2018-08-02  18:52           317,443 0802(19).exe
2018-08-02  18:52           344,067 0802(8).exe
2018-08-02  18:52           536,579 0802(17).exe
2018-08-02  18:52           540,675 0802(5).exe
2018-08-02  18:52           544,771 0802(18).exe
2018-08-02  18:52           545,283 0802(15).exe
2018-08-02  18:52           670,723 0802(14).exe
2018-08-02  18:52           707,587 0802(20).exe
2018-08-02  18:52           876,391 0802(11).exe
2018-08-02  18:52         1,274,203 0802(26).exe
2018-08-02  18:52         1,274,203 0802(6).exe

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
帝辛
发表于 2018-8-2 20:00:58 | 显示全部楼层
ELOHIM 发表于 2018-8-2 19:50
好的。。。
不过怎么识别SE呢?

PEID或者任何查壳工具。入口为SE。报壳为Safengine

评分

参与人数 1人气 +1 收起 理由
ELOHIM + 1 感谢解答: )

查看全部评分

YU2711
发表于 2018-8-2 20:03:04 | 显示全部楼层
本帖最后由 YU2711 于 2018-8-2 21:21 编辑

SEP  扫描  19:45
22/26
余(7 .11.20.23)


双击  20:06
7SONAR.Heuristic.159
11提示无权限
20提示无MSVCP100.dll
23SONAR.Heuristic.159 重启





本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 双击加分

查看全部评分

静影沉璧
发表于 2018-8-2 20:20:30 | 显示全部楼层
本帖最后由 静影沉璧 于 2018-8-2 20:59 编辑

趋势科技(虚拟机测试,防御等级:普通)手动扫描:0/26
双击:
以下样本被成功防御并清除:
2018/8/2 20:22,TSPY_FAREIT.MIP00000001,威胁,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(4).exe,已移除,实时扫描,,,,
2018/8/2 20:23,TSPY_FAREIT.MIP00000001,威胁,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(8).exe,已移除,实时扫描,,,,
2018/8/2 20:24,HEU_AEGISCS985,威胁,c:\users\administrator\desktop\package 0802\0802(11).exe,已移除,实时扫描,,,,
2018/8/2 20:25,HEU_FALCONTroj.Win32.Gen.XXBM100FF004,威胁,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(15).exe,已移除,实时扫描,,,,
2018/8/2 20:25,HEU_AEGISCS219,威胁,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(14).exe,已移除,实时扫描,,,,
2018/8/2 20:26,TSPY_FAREIT.MIP00000001,威胁,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(18).exe,已移除,实时扫描,,,,
2018/8/2 20:27,HEU_AEGISCS957,威胁,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(23).exe,已移除,实时扫描,,,,
2018/8/2 20:27,HEU_FALCONTroj.Win32.Gen.XXBM100FF004,威胁,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(26).exe,需要重新启动,实时扫描,,,,
2018/8/2 20:35,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(12).exe,未知,,,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(12).exe,已清除
2018/8/2 20:44,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(3).exe,未知,,,C:\Windows\explorer.exe,已清除
以下样本被终止,本体未删除:
2018/8/2 20:19,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(1).exe,未知,,,HKCU\Software\Microsoft\Windows\CurrentVersion\Run\remcos,已终止
2018/8/2 20:21,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(2).exe,Skype Technologies S.A.,8.25.0.5,(c) 2018 Skype and/or Microsoft,ZwWriteVirtualMemory,已终止
2018/8/2 20:23,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(9).exe,未知,,,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(9).exe,已终止
2018/8/2 20:26,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(19).exe,未知,,,ZwWriteVirtualMemory,已终止
2018/8/2 20:26,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(21).exe,未知,,,ZwWriteVirtualMemory,已终止
2018/8/2 20:28,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(25).exe,Heaventools Software,1.99.6.1400,Copyright ? 2000-2009 Heaventools Software,ZwWriteVirtualMemory,已终止
2018/8/2 20:52,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(16).exe,未知,,,C:\Users\Administrator\Desktop\PACKAGE 0802\0802(16).exe,已终止
剩余样本双击情况:
样本10,22成功运行并驻留内存
样本20提示缺少MSVCP100.dll,未运行
样本5,6,13运行一段时间后自退
样本17,24运行后提示停止工作
样本7弹窗后即关闭

Total:10/26=38.5%


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 双击加分

查看全部评分

Picca
发表于 2018-8-2 20:24:39 | 显示全部楼层
帝辛 发表于 2018-8-2 19:27
卡巴遇到强壳就这样。如果SE会资源管理器直接卡死。可能没用国内的SE壳吧

这确实是个问题
小飞侠.net
发表于 2018-8-2 20:59:41 | 显示全部楼层
本帖最后由 小飞侠.net 于 2018-8-2 21:42 编辑

Emsisoft Emergency Kit - 版本 2018.6
上次更新: 2018-08-02 20:35:25
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10 x64

Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
    Bitdefender(B)+Emsisoft(A) 双引擎

扫描设置:

扫描方式: 自定义扫描
对象: Rootkits, C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\

检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off

扫描开始于:        2018-08-02 21:32:43
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(23).exe -> (NSIS o) -> zlib_solid_nsis0000         发现风险: Gen:Variant.Nemesis.313 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(1).exe         发现风险: Trojan.GenericKD.31140542 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(13).exe         发现风险: Trojan.GenericKD.31142668 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(10).exe         发现风险: Gen:Variant.Jaik.28255 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(16).exe         发现风险: Generic.Ransom.GandCrab4.DBA40220 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(17).exe         发现风险: Trojan.Injector (A) [294905]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(18).exe         发现风险: Trojan.Injector (A) [294905]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(19).exe         发现风险: Trojan.GenericKD.40360645 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(2).exe         发现风险: Trojan.GenericKD.40359478 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(24).exe         发现风险: Trojan.Injector (A) [294905]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(25).exe         发现风险: Trojan.GenericKD.40360836 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(22).exe         发现风险: Gen:Variant.Razy.323165 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(3).exe         发现风险: Trojan.GenericKD.40330530 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(4).exe         发现风险: Trojan.GenericKD.40357480 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(5).exe         发现风险: Trojan.Injector (A) [294905]

已扫描        620
发现        15

扫描完成后:        2018-08-02 21:32:59
扫描时间:        0:00:16



Dr.Web CureIt! 简体中文绿色免费版---( Windows 7 Ultimate with SP1 简体中文旗舰版....):

Anti-rootkit module version ( ver: 11.5.201806181, api: 8.07 )

Using 137803332 as Dr.Web (R) Key file

Time from server is: 2018-08-02 16:16:19
Using language: "Chinese-Simplified (简体中文)"
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\1D9E58D40 -rpcpr:np

Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802


C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(12).exe - infected with Trojan.PWS.Stealer.24300
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(12).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(16).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(18).exe - infected with Trojan.PWS.Stealer.1932
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(18).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(14).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(14).exe\data001 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(14).exe\data002 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(14).exe\data004 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(14).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(19).exe - infected with Trojan.PWS.Stealer.19347
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(19).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(17).exe - infected with Trojan.PWS.Stealer.18836
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(17).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(22).exe - is adware program Adware.WizzMonetize.1
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(22).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(1).exe - infected with Trojan.MulDrop8.33209
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(1).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(13).exe - infected with Trojan.MulDrop8.33209
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(13).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(15).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(2).exe - packed by ASPROTECT
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(21).exe - infected with Trojan.PWS.Stealer.19347
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(21).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(24).exe - infected with Trojan.PWS.Stealer.1932
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(24).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(20).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(25).exe - packed by ASPROTECT
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(11).exe is RAR archive
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(11).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(11).exe - archive
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(4).exe - infected with Trojan.PWS.Stealer.23180
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(4).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(23).exe - infected with BackDoor.Remcos.1
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(23).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(25).exe - infected with Trojan.PWS.Stealer.1932
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(25).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(5).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(3).exe - infected with Trojan.Nanocore.23
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(3).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(9).exe - packed by FLY-CODE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(8).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(10).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(6).exe is ZLIB container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(6).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(26).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(2).exe - infected with BackDoor.Tordev.976
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(2).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(7).exe - infected with Trojan.BtcMine.2979
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(7).exe - infected
Error to send CureIt! statistics:  (12002)
Error to send CureIt! statistics:  (12002)
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(9).exe is ZLIB container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(9).exe - container

Total 17848425 bytes in 26 files scanned (44 objects)
Total 11 files (29 objects) are clean
Total 15 files are infected---VirusTotal?低于50%没人上传?
Scan time is 00:00:27.829


火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn,等处理中。。。

病毒库:2018-08-02 16:40
开始时间:2018-08-02 20:57
总计用时:00:00:36
扫描对象:325个
扫描文件:26个
发现风险:3个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个

病毒详情

风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(12).exe, 病毒名:HVM:VirTool/Obfuscator.gen!A, 病毒ID:[b27d4294cde6a1ec], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(15).exe, 病毒名:HVM:VirTool/Obfuscator.gen!A, 病毒ID:[b27d4294cde6a1ec], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802\0802(6).exe, 病毒名:HVM:VirTool/Obfuscator.gen!A, 病毒ID:[b27d4294cde6a1ec], 处理结果:已忽略

文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0802.zip
文件大小: 8.56 MB (8,983,076 字节)
修改时间: 2018年08月02日,20:54:09
MD5: C8FB9E201F77C0DA360E478054D3AE7B
SHA1: CDC180A5A3061874FC18AC30FC9CD8DE90DF59FC
SHA256: 68C183A13268B8E80EF4B33EED1655E59879420DBFBEBC55FE4853B408203303
SHA512: 973216326126B6AB2EB3B980150441EDDC4C80EEBA29D13DD767167284DB0C557E186F92934C379249AEDC2F0D7C0E6715454792107CA8B724B9A08332DB2AB0
CRC32: 7147D76D
计算时间: 0.45s

ESET Smart Security Premium 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):

日志
正在扫描日志
检测引擎的版本: 17817P (20180802)
日期: 2018-08-02  时间: 21:28:23
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(1).exe - Win32/Injector.DZNN 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(10).exe - Win32/Injector.DZNW 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(11).exe > WINRARSFX > uox.mp4 - Win32/Injector.Autoit.CNO 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(11).exe > WINRARSFX > oqd=usi - Win32/Injector.Autoit.CZQ 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(12).exe - Suspicious Object - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(13).exe - Win32/Injector.DZNN 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(14).exe - MSIL/Kryptik.PCS 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(15).exe - Suspicious Object - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(16).exe - Win32/Filecoder.GandCrab.D 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(17).exe - Win32/Injector.DZOE 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(18).exe - Win32/Injector.DZOE 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(19).exe - MSIL/Kryptik.OZZ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(2).exe - Win32/Injector.DZJG 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(20).exe - Win32/AutoRun.Spy.Agent.T 蠕虫 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(21).exe - MSIL/Kryptik.OZZ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(22).exe - MSIL/TrojanDownloader.Agent.EKS 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(23).exe > NSIS > botfly.dll - Win32/Injector.DZNF 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(24).exe - Win32/Injector.DZNS 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(25).exe - Win32/Injector.DYWV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(3).exe - MSIL/Injector.TVD 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(4).exe - Win32/Injector.DZOJ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(5).exe - Win32/Injector.DZOE 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(7).exe - Win32/CoinMiner.BPE 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(8).exe - Win32/Injector.DZOJ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101\PACKAGE 0802\0802(9).exe - Win32/GenKryptik.CGZC 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 88
发现的威胁数: 25
已清除对象数: 25
完成时间: 21:29:03  总扫描时间: 40 秒 (00:00:40)

备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。

瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)   

                瑞星反恶软引擎命令行扫描器(社区交流版)                 


编译于:Sep 22 2017   15:07:50

提示:
  - 本工具供社区交流使用,请勿用于其他用途
  - 本工具没有恶意软件删除、清除、隔离功能
  - 本工具包含开发中的新特性,结果仅供参考

* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180802214055.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\PACKAGE 0802Obfuscator2101

* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4694
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Thu Aug 02 21:41:17 2018

{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(14).exe","infect":{"engine":"md5","signature":"bWQ1OhiOGXLYGrgI3fgXfDJcYpA","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(16).exe","infect":{"engine":"md5","signature":"bWQ1Oiq7eom1XUbBuEeQQJnOQ8A","threat":"Trojan.Filecoder!8.68"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(11).exe","infect":{"engine":"md5","signature":"bWQ1OuGvs3gzg3fYj4lX2VN4hmY","threat":"Trojan.Autoit!8.150"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(10).exe","infect":{"engine":"md5","signature":"bWQ1OvwXmru6Kq/8X7GTE6nsPtY","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(15).exe","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(1).exe","infect":{"engine":"md5","signature":"bWQ1Or4pdBighVyA1gXxbYkvsVM","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(12).exe","infect":{"engine":"rdmk","signature":"cmRtazreej9a78zlxW8W3H0XI6ai","threat":"Trojan.Fuerboos!8.EFC8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(13).exe","infect":{"engine":"md5","signature":"bWQ1OvyONBvo34HDEkgWM2ZysXo","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(19).exe","infect":{"engine":"md5","signature":"bWQ1OkjlCCYtKjGPE5My9VRC5wE","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(18).exe","infect":{"engine":"md5","signature":"bWQ1Ok/kO++B3Ec4SZxteUTXoEs","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(17).exe","infect":{"engine":"md5","signature":"bWQ1Ok7Dy+VjFpHSF+GDMxpFAlk","threat":"Trojan.Generic!8.C3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(21).exe","infect":{"engine":"md5","signature":"bWQ1OvJJ/e97quQtUYAp16ftm3o","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(2).exe","infect":{"engine":"md5","signature":"bWQ1Ors9XDQVlydzorX0k12FcUc","threat":"Spyware.Agent!8.C6"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(23).exe","infect":{"engine":"md5","signature":"bWQ1OhoexzuWjS+4l5BMVY48qh0","threat":"Trojan.Genasep!8.EF85"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(22).exe","infect":{"engine":"md5","signature":"bWQ1Okne8UIj426dGBPLlIM1cq0","threat":"Downloader.Agent!8.B23"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(20).exe","infect":{"engine":"md5","signature":"bWQ1Oh8Iet6xYjENKESf/+6yX9Q","threat":"Spyware.Agent!1.B243"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(24).exe","infect":{"engine":"md5","signature":"bWQ1OtdEHCgNs8CzHsHbqeaXLkk","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(25).exe","infect":{"engine":"md5","signature":"bWQ1OrB6irodGpVo2ss9RJmrRbs","threat":"Malware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(4).exe","infect":{"engine":"md5","signature":"bWQ1OvpWfVasTPxkon6aDliAISM","threat":"Malware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(3).exe","infect":{"engine":"md5","signature":"bWQ1OnOncFI9Xkv+ToIBF3IK9+w","threat":"Backdoor.Noancooe!8.176"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(26).exe","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(5).exe","infect":{"engine":"md5","signature":"bWQ1OjiqhwMxyD65DbIvhUx/ktU","threat":"Spyware.Noon!8.E7C9"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(6).exe","infect":{"engine":"md5","signature":"bWQ1OknzGkW2L4D7fla7zvWnnic","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(9).exe","infect":{"engine":"md5","signature":"bWQ1OuktDOp+ncy7Be6TdZeaxv8","threat":"Trojan.Fuerboos!8.EFC8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(8).exe","infect":{"engine":"md5","signature":"bWQ1OgoPlTfAFO4DJg2rmL3uQ6U","threat":"Malware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0802Obfuscator2101\\PACKAGE 0802\\0802(7).exe","infect":{"engine":"md5","signature":"bWQ1OoYZO2mVJt8l2RUM8gtjC60","threat":"Spyware.Agent!1.B243"},"type":"scan"}

扫描结束: Thu Aug 02 21:41:19 2018

总扫描耗时: 0:1:669(m:s:ms)
总扫描对象: 26
总扫描文件: 26
总恶意文件: 24
有效检出率: 92.31%





www-tekeze
发表于 2018-8-2 21:00:19 | 显示全部楼层
火绒,3/26,11.5% 。。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
www-tekeze
发表于 2018-8-2 21:02:11 | 显示全部楼层
智量,25/26,96% 。。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-28 18:52 , Processed in 0.154479 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表