低级样本一枚

显示全部楼层 · 发表于 2018-8-11 17:50:56

大家自己测试吧，至少在我这里没跑出行为。下载:https://www.lanzous.com/i1miqqd 密码:90sm
解压密码：infected

显示全部楼层 · 发表于 2018-8-11 17:56:34

BD扫描miss 实机未双击
BitDefender Log File

Product : Bitdefender Internet Security
Scanning task : Contextual Scan
Log date : 2018年8月11日 17:54:12
Log path :
Scan Paths:
Path : D:\infected.exe

[-]Detailed Scan Summary

[-]Basic
Scanned items : 1
Infected items : 0 (no infected items have been detected)
Suspicious items : 0 (no suspected items have been detected)
Resolved items : 0 (no threats have been detected during this scan)
Unresolved items :0(no issues remained unresolved)

[-]Advanced
Scan time : 0:0:01
Files per second : 1
Skipped items : 1
Password-protected items : 0
Overcompressed items : 0
Scanned archives : 0
Input-output errors : 0
Scanned boot sectors : 0
Scanned processes : 0
Infected processes : 0
Scanned registry keys : 0
Infected registry keys : 0
Scanned cookies : 0
Infected cookies : 0

[-]Scan Options

[-]Target Threat Types:
Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : No
Scan for keyloggers : Yes

[-]Target Selection Options:
Scan registry keys : No
Scan cookies : No
Scan boot sectors : No
Scan memory processes : No
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions : none configured
Excluded extensions : none configured

[-]Target Processing:
Default primary action for infected objects : None
Default secondary action for infected objects : None
Default primary action for suspicious objects : None
Default secondary action for suspicious objects : None
Default action for hidden objects : None
Default action for password-protected objects : Prompt for password

[-]Scan engines summary
Number of virus signatures : 12017354

显示全部楼层 · 发表于 2018-8-11 18:00:42

本帖最后由 Kaspersky用户于 2018-8-11 18:55 编辑

Avira
TR/Crypt.XPACK.Gen
哈勃分析不出什么，看了一下魔盾的结果，给自己加开机启动项，投放Desktop.exe，ntfs.dll，Thumbs.exe，这两个EXE也会加启动项,VT分别是57，58，51，看样子是老毒了：https://habo.qq.com/file/showdetail?pk=AD0Gbl1lB2EIPVs0
https://habo.qq.com/file/showdetail?pk=AD0Gbl1lB2EIPFs7
https://habo.qq.com/file/showdetail?pk=AD0Gbl1lB2EIPls5

显示全部楼层 · 发表于 2018-8-11 18:02:49

紅傘

显示全部楼层 · 发表于 2018-8-11 18:11:19

显示全部楼层 · 发表于 2018-8-11 18:16:40

Trojan:Win32/Fuerboos.E!cl

显示全部楼层 · 发表于 2018-8-11 18:30:38

Norton报毒。

显示全部楼层 · 发表于 2018-8-11 18:39:27

本帖最后由静影沉璧于 2018-8-11 18:40 编辑

BD2019 虚拟机测试：扫描miss
双击ATD杀，成功防御

PS：这次是把时间改到2056/1/1

显示全部楼层 · 发表于 2018-8-11 18:49:14

Kaspersky

infected.exe;VHO:Trojan.Multi.Generic

显示全部楼层 · 发表于 2018-8-11 19:35:41

本帖最后由 √×√×√√× 于 2018-8-11 19:37 编辑

囧，数字扫描报高风险程序，修改md5后过监控扫描QVM，运行主防拦截提示修改应用程序文件，目标竟然是QQ拼音

或许触发环境里需要有QQ拼音或者直接注入当前系统运行中的输入法？囧，阻止后弹出程序不完整提示样本自动退出，系统无异常囧囧囧

[病毒样本] 低级样本一枚

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

评分