搜索
楼主: Jerry.Lin
收起左侧

[病毒样本] #PACKAGE 0806

  [复制链接]
Sailer.X
发表于 2018-8-6 23:34:07 来自手机 | 显示全部楼层
B100D1E55 发表于 2018-8-6 23:08
嗯,可能有的沙盒看到加驱+加自启动+没签名就觉得非常可疑了,但很多正常程序也这么做……

至于这个程 ...

以前atd误报过我的一个u盘量产工具,也是无签名加驱。刚才测了下,这个样本也会被atd杀掉。我怀疑这个样本是先被atd移除后,自动上报,被bd自动生成特征拉黑了。另外有趣的是,这个样本不知道被谁上传了vt,已经能查到hash了,起初清一色bd系,刷新了一下,现在又多了mcafee报月神和avast/avg报filerepmalware。
B100D1E55
发表于 2018-8-6 23:39:18 | 显示全部楼层

interesting, 近10期的virusradar都没有提到这个定义

最大的可能性就是这个老早就入库了,然后免杀者稍微改了一下样本过了扫描,被云捕获后侦测到和已知混淆手段的近似性,因此ESET在新定义发布里静默修改了CHIW的DNA检测,这种情况就不会出现在virusradar更新日志里面。但是为什么我一两个小时前没扫出来就是个谜了,下次我开一下相似性检测看看
B100D1E55
发表于 2018-8-6 23:42:29 | 显示全部楼层
霄栋 发表于 2018-8-6 23:34
以前atd误报过我的一个u盘量产工具,也是无签名加驱。刚才测了下,这个样本也会被atd杀掉。我怀疑这个样 ...

是的,BD这一套体系误报仍旧是个大问题。VT肯定不是我传的,毕竟lz要知道了肯定要灭了我

mcafee和avast都是抄抄榜上的常驻成员了hhh,特别是mcafee那跟进拉黑的速度,啧啧啧
WhiteCruel
发表于 2018-8-6 23:45:13 | 显示全部楼层
B100D1E55 发表于 2018-8-6 23:39
interesting, 近10期的virusradar都没有提到这个定义

最大的可能性就是这个老早就入库了,然后免杀者 ...

感谢解答
Agu
发表于 2018-8-7 00:31:38 | 显示全部楼层
本帖最后由 Agu 于 2018-8-7 10:42 编辑

Malwarebytes - 22/28


360國際版(無Avira/BD) - 26/28
  1. C:\Users\PC\Downloads\PACKAGE 0806\0806(1).exe        Win32/Trojan.Spy.627        Resolved
  2. C:\Users\PC\Downloads\PACKAGE 0806\0806(10).exe        HEUR/QVM05.1.00D5.Malware.Gen        Resolved
  3. C:\Users\PC\Downloads\PACKAGE 0806\0806(14).exe        HEUR/QVM10.2.00D5.Malware.Gen        Resolved
  4. C:\Users\PC\Downloads\PACKAGE 0806\0806(15).exe        Win32/Trojan.7f5        Resolved
  5. C:\Users\PC\Downloads\PACKAGE 0806\0806(12).exe        Win32/Backdoor.6e0        Resolved
  6. C:\Users\PC\Downloads\PACKAGE 0806\0806(17).exe        Win32/Trojan.74b        Resolved
  7. C:\Users\PC\Downloads\PACKAGE 0806\0806(16).exe        Win32/Trojan.5e4        Resolved
  8. C:\Users\PC\Downloads\PACKAGE 0806\0806(19).exe        HEUR/QVM03.0.00D5.Malware.Gen        Resolved
  9. C:\Users\PC\Downloads\PACKAGE 0806\0806(18).exe        HEUR/QVM11.1.00D5.Malware.Gen        Resolved
  10. C:\Users\PC\Downloads\PACKAGE 0806\0806(13).exe        Win32/Trojan.dd4        Resolved
  11. C:\Users\PC\Downloads\PACKAGE 0806\0806(21).exe        Win32/Trojan.PSW.dee        Resolved
  12. C:\Users\PC\Downloads\PACKAGE 0806\0806(22).exe        HEUR/QVM03.0.00D5.Malware.Gen        Resolved
  13. C:\Users\PC\Downloads\PACKAGE 0806\0806(23).exe        Win32/Trojan.Ransom.b44        Resolved
  14. C:\Users\PC\Downloads\PACKAGE 0806\0806(20).exe        Win32/Trojan.Dropper.43b        Resolved
  15. C:\Users\PC\Downloads\PACKAGE 0806\0806(25).exe        HEUR/QVM03.0.00D5.Malware.Gen        Resolved
  16. C:\Users\PC\Downloads\PACKAGE 0806\0806(24).exe        HEUR/QVM03.0.00D5.Malware.Gen        Resolved
  17. C:\Users\PC\Downloads\PACKAGE 0806\0806(2).exe        HEUR/QVM05.1.00D5.Malware.Gen        Resolved
  18. C:\Users\PC\Downloads\PACKAGE 0806\0806(26).exe        HEUR/QVM03.0.00D5.Malware.Gen        Resolved
  19. C:\Users\PC\Downloads\PACKAGE 0806\0806(27).exe        Win32/Trojan.c6d        Resolved
  20. C:\Users\PC\Downloads\PACKAGE 0806\0806(4).exe        HEUR/QVM42.2.00D5.Malware.Gen        Resolved
  21. C:\Users\PC\Downloads\PACKAGE 0806\0806(6).exe        HEUR/QVM09.0.00D5.Malware.Gen        Resolved
  22. C:\Users\PC\Downloads\PACKAGE 0806\0806(7).exe        Win32/Trojan.Ransom.0d9        Resolved
  23. C:\Users\PC\Downloads\PACKAGE 0806\0806(3).exe        Win32/Trojan.1b4        Resolved
  24. C:\Users\PC\Downloads\PACKAGE 0806\0806(9).exe        HEUR/QVM05.1.00D5.Malware.Gen        Resolved
  25. C:\Users\PC\Downloads\PACKAGE 0806\0806(8).exe        HEUR/QVM05.1.00D5.Malware.Gen        Resolved
  26. C:\Users\PC\Downloads\PACKAGE 0806\0806(28).exe        Win32/Trojan.f64        Resolved
复制代码

剩餘檔案已上報360:

0806(5).exe -
VT:https://www.virustotal.com/#/fil ... 4520cc5b3/detection
微步:https://s.threatbook.cn/report/f ... p1_enx86_office2013

0806(11).exe -
VT:https://www.virustotal.com/#/fil ... 6deb73c28/detection
微步:https://s.threatbook.cn/report/f ... p1_enx86_office2013

更新後已殺:
  1. C:\Users\PC\Downloads\Malware\360\PACKAGE 0806\0806(11).exe        HEUR/QVM03.0.02F1.Malware.Gen        Resolved
复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
小飞侠.net
发表于 2018-8-7 02:09:02 | 显示全部楼层
本帖最后由 小飞侠.net 于 2018-8-7 02:58 编辑

                          ,,,                               ,,,      
瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)     

                瑞星反恶软引擎命令行扫描器(社区交流版)                 


编译于:Sep 22 2017   15:07:50

提示:
  - 本工具供社区交流使用,请勿用于其他用途
  - 本工具没有恶意软件删除、清除、隔离功能
  - 本工具包含开发中的新特性,结果仅供参考

* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180807025428.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210

* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4719
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Tue Aug 07 02:54:49 2018

{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(11).exe","infect":{"engine":"md5","signature":"bWQ1Ot+FzknxPaKcIqxtc3IIUP8","threat":"Spyware.KeyLogger!8.12F"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(14).exe","infect":{"engine":"rdmk","signature":"cmRtazqSTyWVkJREYY3sBAY8vvSp","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(15).exe","infect":{"engine":"rdmk","signature":"cmRtazo8kMNIIMyXQ+ZgJGGt5eOt","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(13).exe","infect":{"engine":"md5","signature":"bWQ1Oi0jb2ZRiH5IM5+WHtcF2Eo","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(1).exe","infect":{"engine":"md5","signature":"bWQ1OqxTYJjGGfsAZLjUb9Ycvs4","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(12).exe","infect":{"engine":"rdmk","signature":"cmRtazq9CsblwvzZm9CWwQuLQAYD","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(16).exe","infect":{"engine":"md5","signature":"bWQ1OvsZQ0/BMoWDz4agZEKWD9Q","threat":"Backdoor.Noancooe!8.176"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(10).exe","infect":{"engine":"rdmk","signature":"cmRtazq2Vc3rdhu11PoPCLCgF0tH","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(19).exe","infect":{"engine":"md5","signature":"bWQ1OrfDk9VuxZK9ttvrgF7wogI","threat":"Trojan.Fuery!8.EAFB"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(22).exe","infect":{"engine":"rdmk","signature":"cmRtazqWu7yYQgRZQgkYYvAIZd76","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(20).exe","infect":{"engine":"rdmk","signature":"cmRtazoi6yNfBDbsyIn7dvuw3GdO","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(2).exe","infect":{"engine":"rdmk","signature":"cmRtazofp54/6oWmdF5r3vAOK0P6","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(21).exe","infect":{"engine":"md5","signature":"bWQ1OlS8cbxIAktYx5cExumnPo0","threat":"Trojan.Agent!8.B1E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(23).exe","infect":{"engine":"md5","signature":"bWQ1OkhiMQCJVpTH8rrO1NscwG0","threat":"Ransom.Agent!8.6B7"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(17).exe","infect":{"engine":"md5","signature":"bWQ1OsuGaId5AQurUZz/t0xlZj4","threat":"Trojan.Spatet!8.22F"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(24).exe","infect":{"engine":"md5","signature":"bWQ1OrvJpsxui5zG3/KGZ+DqYIc","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(3).exe","infect":{"engine":"md5","signature":"bWQ1OshWASxWTf6kJ38nwFnnAgc","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(27).exe","infect":{"engine":"rdmk","signature":"cmRtazrsh+J3d7YDVEtSi+XFHGbz","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(26).exe","infect":{"engine":"rdmk","signature":"cmRtazpfuXq5dH9XXxvDGTUQwphY","threat":"Malware.Heuristic!ET#89%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(25).exe","infect":{"engine":"rdmk","signature":"cmRtazpfuXq5dH9XXxvDGTUQwphY","threat":"Malware.Heuristic!ET#89%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(28).exe","infect":{"engine":"rdmk","signature":"cmRtazoKfwUK8VMT9ieVAJGWj7NO","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(7).exe","infect":{"engine":"rdmk","signature":"cmRtazplrPA8k2/bQMyV68Bdbu6V","threat":"Malware.Heuristic!ET#91%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(6).exe","infect":{"engine":"rdmk","signature":"cmRtazo4BVlHBD89usOcy5rOv58B","threat":"Trojan.Azden!8.F0E3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(8).exe","infect":{"engine":"rdmk","signature":"cmRtazqCTlK6Qdued6AHIg8aZ4OQ","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(9).exe","infect":{"engine":"rdmk","signature":"cmRtazo5hf4vb96ki9qzYAqxuD/m","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(4).exe","infect":{"engine":"rdmk","signature":"cmRtazpx/hfo/5qKCBwTnzKgCeIQ","threat":"Malware.Heuristic!ET#82%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(5).exe","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0806VBInject0210\\PACKAGE 0806VBInject0210\\0806(18).exe","type":"scan"}

扫描结束: Tue Aug 07 02:54:51 2018

总扫描耗时: 0:2:254(m:s:ms)
总扫描对象: 29
总扫描文件: 28
总恶意文件: 26
有效检出率: 92.86%---VirusTotal?没人上传就不会超过50%



Emsisoft Emergency Kit - 版本 2018.6
上次更新: 2018-08-06 22:59:16
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10 x64

Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
    Bitdefender(B)+Emsisoft(A) 双引擎

扫描设置:

扫描方式: 自定义扫描
对象: Rootkits, 恶意残留, C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\

检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off

扫描开始于:        2018-08-07 2:46:31
C:\Users\Admin\AppData\Roaming\baidu         发现风险: Application.AppInstall (A) [224507]
C:\Users\Admin\AppData\Local\baidu         发现风险: Application.AppInstall (A) [226898]
C:\Users\Admin\AppData\Local\sysassistbyhotwheel         发现风险: Application.Toolbar (A) [230313]
Key: HKEY_USERS\S-1-5-21-1320124207-2627790254-4257915705-1001\SOFTWARE\PPSTREAM         发现风险: Application.Toolbar (A) [281127]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(1).exe         发现风险: Trojan.GenericKD.40371387 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(12).exe         发现风险: Trojan.GenericKD.40371770 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(10).exe         发现风险: Trojan.Agent.DCQE (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(11).exe         发现风险: Gen:Variant.Zusy.160900 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(14).exe         发现风险: Gen:Variant.Graftor.507704 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(13).exe         发现风险: Gen:Variant.Barys.15557 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(15).exe         发现风险: Gen:Variant.Ursu.5156 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(18).exe         发现风险: Trojan.GenericKD.40371863 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(20).exe         发现风险: Gen:Variant.Razy.373960 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(2).exe         发现风险: Trojan.Agent.DCQE (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(21).exe         发现风险: Gen:Variant.Razy.373344 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(23).exe         发现风险: Gen:Variant.MSILPerseus.41172 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(25).exe         发现风险: Gen:Trojan.Heur.VP2.pn3@amUnMzni (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(27).exe         发现风险: Trojan.GenericKD.40372236 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(26).exe         发现风险: Gen:Trojan.Heur.VP2.nn3@amUnMzni (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(28).exe         发现风险: Gen:Variant.Razy.373960 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(5).exe         发现风险: Trojan.Generic.23023437 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(3).exe         发现风险: Gen:Variant.Johnnie.120617 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(7).exe         发现风险: Gen:Variant.Ransom.Xorist.79 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(9).exe         发现风险: Trojan.Agent.DCQE (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(8).exe         发现风险: Trojan.Agent.DCQE (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(16).exe         发现风险: Trojan.Lethic.Gen.7 (B) [krnl.xmd]

已扫描        61715
发现        26---VirusTotal?没人上传就不会超过50%

扫描完成后:        2018-08-07 2:46:52
扫描时间:        0:00:21



ESET Endpoint Security 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):

日志
正在扫描日志
检测引擎的版本: 17838P (20180806)
日期: 2018-08-07  时间: 2:37:53
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(1).exe - Win32/GenKryptik.CFHT 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(10).exe - Win32/Injector.DZPV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(11).exe - MSIL/Spy.Keylogger.AWS 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(12).exe - Win32/Injector.DZPV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(13).exe - MSIL/GenKryptik.CHEX 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(14).exe - Win32/Kryptik.GJOF 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(15).exe - Win32/Injector.DZQH 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(16).exe - Win32/Injector.DZPZ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(17).exe - Win32/Spatet.T 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(18).exe - Win32/Injector.DZPZ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(19).exe - Win32/GenKryptik.CHIW 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(2).exe - MSIL/NanoCore.E 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(20).exe - Win32/Injector.DZQF 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(21).exe - MSIL/Agent.SSK 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(22).exe - Win32/Injector.DZQF 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(23).exe > DOTNETREACTOR - MSIL/Filecoder.JobCrypter.C 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(24).exe - Win32/Injector.DZQO 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(25).exe - Win32/Injector.DZQH 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(26).exe - Win32/Injector.DZQH 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(27).exe - Win32/Injector.DZQF 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(28).exe - Win32/Injector.DZQF 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(3).exe - MSIL/GenKryptik.CHEX 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(4).exe > INNO > {tmp}\nklaprok.dll - Win32/Tinukebot.K 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(6).exe - Win32/Spy.Ursnif.BW 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(7).exe - MSIL/Kryptik.PBW 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(8).exe - Win32/Injector.DZPV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0806VBInject0210\PACKAGE 0806VBInject0210\0806(9).exe - Win32/Injector.DZPV 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 92
发现的威胁数: 27
已清除对象数: 27---VirusTotal?没人上传就不会超过50%
完成时间: 2:38:46  总扫描时间: 53 秒 (00:00:53)

备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。



火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn,等处理中。。。

病毒库:2018-08-06 16:47
开始时间:2018-08-07 02:06
总计用时:00:00:30
扫描对象:447个
扫描文件:28个
发现风险:9个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个

病毒详情

风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(1).exe, 病毒名:HVM:VirTool/Obfuscator.gen!A, 病毒ID:[b27d4294cde6a1ec], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(11).exe, 病毒名:TrojanSpy/KeyLogger.s, 病毒ID:[7775e7defe5e3928], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(19).exe, 病毒名:Trojan/VBInject.b, 病毒ID:[e4beee39ea2e9885], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(20).exe, 病毒名:HEUR:VirTool/VB.Obfuscator.gen!A, 病毒ID:[636e99dfed83873b], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(23).exe, 病毒名:Ransom/MSIL.JobCrypter.a, 病毒ID:[42056f958e55cfb8], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(22).exe, 病毒名:HEUR:VirTool/VB.Obfuscator.gen!A, 病毒ID:[636e99dfed83873b], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(27).exe, 病毒名:HEUR:VirTool/VB.Obfuscator.gen!A, 病毒ID:[636e99dfed83873b], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(28).exe, 病毒名:HEUR:VirTool/VB.Obfuscator.gen!A, 病毒ID:[636e99dfed83873b], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806\0806(6).exe, 病毒名:HVM:VirTool/Obfuscator.gen!A, 病毒ID:[b27d4294cde6a1ec], 处理结果:已忽略

文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806.zip
文件大小: 14.1 MB (14,787,297 字节)
修改时间: 2018年08月07日,02:05:35
MD5: 22B964B4B84FC4B88E9F7395F0DFDDA5
SHA1: 1D3F0CCD62E264AE5E0B872AFDC7B34B17A5347F
SHA256: B0B93630CED8A5B1EE4346B061168D72095F4ED241C5F6D821BFA037900CC0B1
CRC32: 10BF7B91
计算时间: 1.48s (9.98 MB/s)

Dr.Web CureIt! 简体中文绿色免费版---( Windows 7 Ultimate with SP1 简体中文旗舰版....):

-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\8F433B9A6 -rpcpr:np

Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210


C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(10).exe - infected with Trojan.PWS.Stealer.21154
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(10).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(11).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(11).exe\data003 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(11).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(15).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(18).exe - infected with Trojan.PWS.Stealer.18836
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(18).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(12).exe - infected with Trojan.PWS.Stealer.21154
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(12).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(17).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(17).exe\data001 is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(20).exe - infected with Trojan.DownLoader25.11684
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(14).exe - infected with Trojan.Encoder.24384
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(14).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(20).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(17).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(19).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(16).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(2).exe - infected with Trojan.PWS.Stealer.21154
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(2).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(1).exe is ZLIB container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(24).exe - infected with Trojan.PWS.Stealer.1932
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(24).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(1).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(23).exe - infected with Trojan.MulDrop8.34069
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(23).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(3).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(3).exe\data001 is NET container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(3).exe\data002 - packed by XOREXE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(3).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(21).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(27).exe - infected with Trojan.PWS.Stealer.13052
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(27).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(5).exe - packed by BINARYRES
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(5).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(6).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(7).exe - infected with Trojan.Nanocore.24
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(7).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(28).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(25).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(22).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(13).exe is NET container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(13).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(9).exe - infected with Trojan.PWS.Stealer.21154
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(9).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(8).exe - infected with Trojan.PWS.Stealer.21154
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(8).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(26).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(4).exe - infected with Trojan.TinyNuke.30
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0806VBInject0210\0806(4).exe - infected

Total 22494975 bytes in 28 files scanned (39 objects)
Total 15 files (26 objects) are clean
Total 13 files are infected---VirusTotal?没人上传就不会超过50%
Scan time is 00:00:04.797




Jirehlov1234
发表于 2018-8-7 07:16:53 | 显示全部楼层
Jirehlov1234 发表于 2018-8-6 20:42
BD 20:44 (SD)

扫描24/28+双击3/28=27/28

BD 7:14 扫描
27x,剩下4号
E:\TEST\PACKAGE 0806_3\0806(5).exeTrojan.Generic.23023437Deleted
E:\TEST\PACKAGE 0806_3\0806(6).exeTrojan.GenericKD.40373877Deleted
E:\TEST\PACKAGE 0806_3\0806(27).exeTrojan.GenericKD.40372166Deleted
E:\TEST\PACKAGE 0806_3\0806(9).exeTrojan.Agent.DCQEDeleted
E:\TEST\PACKAGE 0806_3\0806(8).exeTrojan.Agent.DCQEDeleted
E:\TEST\PACKAGE 0806_3\0806(7).exeGen:Variant.Ransom.Xorist.79Deleted
E:\TEST\PACKAGE 0806_3\0806(3).exeGen:Variant.Johnnie.120617Deleted
E:\TEST\PACKAGE 0806_3\0806(28).exeGen:Variant.Razy.373960Deleted
E:\TEST\PACKAGE 0806_3\0806(20).exeGen:Variant.Razy.373960Deleted
E:\TEST\PACKAGE 0806_3\0806(24).exeTrojan.GenericKD.40372615Deleted
E:\TEST\PACKAGE 0806_3\0806(22).exeTrojan.GenericKD.40372695Deleted
E:\TEST\PACKAGE 0806_3\0806(23).exeGen:Variant.MSILPerseus.41172Deleted
E:\TEST\PACKAGE 0806_3\0806(18).exeTrojan.GenericKD.40371863Deleted
E:\TEST\PACKAGE 0806_3\0806(2).exeTrojan.Agent.DCQEDeleted
E:\TEST\PACKAGE 0806_3\0806(19).exeTrojan.GenericKD.40373485Deleted
E:\TEST\PACKAGE 0806_3\0806(13).exeGen:Variant.Barys.15557Deleted
E:\TEST\PACKAGE 0806_3\0806(12).exeTrojan.GenericKD.40371770Deleted
E:\TEST\PACKAGE 0806_3\0806(26).exeGen:Variant.Graftor.507879Deleted
E:\TEST\PACKAGE 0806_3\0806(21).exeGen:Variant.Razy.373344Deleted
E:\TEST\PACKAGE 0806_3\0806(17).exeTrojan.GenericKD.40372937Deleted
E:\TEST\PACKAGE 0806_3\0806(10).exeTrojan.Agent.DCQEDeleted
E:\TEST\PACKAGE 0806_3\0806(14).exeGen:Variant.Graftor.507704Deleted
E:\TEST\PACKAGE 0806_3\0806(15).exeGen:Variant.Ursu.5156Deleted
E:\TEST\PACKAGE 0806_3\0806(11).exeGen:Variant.Zusy.160900Deleted
E:\TEST\PACKAGE 0806_3\0806(25).exeGen:Variant.Graftor.507879Deleted
E:\TEST\PACKAGE 0806_3\0806(1).exeTrojan.GenericKD.40371387Deleted
E:\TEST\PACKAGE 0806_3\0806(16).exeTrojan.Lethic.Gen.7Deleted

TIU: 12187774
ccboxes
发表于 2018-8-7 08:14:01 | 显示全部楼层
B100D1E55 发表于 2018-8-6 22:42
虽然exe本身是新的,但是释放的sys早在05年就有了而且是白文件,对应行为也没match到什么特别的。当然我 ...

BD这个估计也是老误报没人上报。

报的是Trojan.Generic.23023437,至少两年前 Trojan.Generic系列就不再增加新特征了,现在的入库都是Trojan.GenericKD和Trojan.GenericKDZ
Jerry.Lin
 楼主| 发表于 2018-8-7 08:36:23 | 显示全部楼层
B100D1E55 发表于 2018-8-6 23:42
是的,BD这一套体系误报仍旧是个大问题。VT肯定不是我传的,毕竟lz要知道了肯定要灭了我

mcafee ...

趋势也入库了
Jirehlov1234
发表于 2018-8-7 08:44:07 | 显示全部楼层
ccboxes 发表于 2018-8-7 08:14
BD这个估计也是老误报没人上报。

报的是Trojan.Generic.23023437,至少两年前 Trojan.Generic系列就不 ...

好像还有一种是Trojan.GenericKDV?现在还有新入库的是这个报法的吗

Sample
Trojan.GenericKDV.1409270
https://my.mixtape.moe/gsekiy.rar
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|纳美地| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 苏ICP备07004770号 ) GMT+8, 2019-6-27 20:57 , Processed in 0.042534 second(s), 5 queries , MemCache On.

快速回复 返回顶部 返回列表