楼主: Jerry.Lin
收起左侧

[病毒样本] #PACKAGE 0815

  [复制链接]
√×√×√√×
发表于 2018-8-15 20:20:34 | 显示全部楼层
本帖最后由 √×√×√√× 于 2018-8-15 20:26 编辑
ELOHIM 发表于 2018-8-15 20:13
感谢大神解答。。
拉黑报法,我现在灵光一现,好有一比。
“孩子:我想去游泳。

囧,其实不用这么着急云拉黑,数字QVM引擎的成绩也还不错的,检测了23个 囧囧 可能蹲点的人急了点吧  @191196846



剩下4个样本我开始测双击主防



1号样本双击主防无反应,有进程驻留,虽然没看到有其他明显行为,但还是算防御失败


3号样本主防拦截,多次弹窗拦截后系统无异常



8号样本主防拦截,多次弹窗拦截后系统无异常




20号样本主防拦截,多次弹窗拦截后系统无异常




评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

ELOHIM
发表于 2018-8-15 20:25:10 | 显示全部楼层
√×√×√√× 发表于 2018-8-15 20:20
囧,其实不用这么着急云拉黑,数字QVM引擎的成绩也还不错的,检测了23个 囧囧 可能蹲点的人急了点吧  @19 ...

拉黑了好拉黑了好。光鲜。
www-tekeze
发表于 2018-8-15 20:26:37 | 显示全部楼层
191196846 发表于 2018-8-15 19:39
@360主动防御 你们这种操作也太明显了点
这样算作弊了,你们想重蹈金山覆辙吗?

哈哈,同意。。。不过智量检测的是基因码,虽然误报略高,但显示的还是真功夫吧。。
stupid1man
发表于 2018-8-15 20:32:43 | 显示全部楼层
本帖最后由 stupid1man 于 2018-8-15 20:45 编辑

紅傘 20:33

實時防護:6
右鍵掃描:22
Total:27/27 (100%)


——————掃描部份——————
Start of the scan: 2018-08-15 20:32:57
08/15/2018,20-32-57        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(10).exe'
08/15/2018,20-32-57        [INFO]        c:\users\shane siu\desktop\package 0815\0815(10).exe
08/15/2018,20-32-57        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/15/2018,20-32-58        [INFO]        repair.rdf loaded (version: 1.0.44.0)
08/15/2018,20-33-00        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(11).exe'
08/15/2018,20-33-00        [INFO]        Successful Cloud SDK initialization and license check.
08/15/2018,20-33-00        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(11).exe' was scanned with the Protection Cloud. SHA256 = 12B50BA7E06D5CC551200F1908149D66937E043C98FFD46D71498366FFB6509B
08/15/2018,20-33-00        [INFO]        c:\users\shane siu\desktop\package 0815\0815(11).exe
08/15/2018,20-33-00        [INFO]        [DETECTION] file contains 'TR/Crypt.Agent.12b50b'
08/15/2018,20-33-00        [INFO]        Repair of Generic started.
08/15/2018,20-33-00        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(12).exe'
08/15/2018,20-33-00        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(12).exe' was scanned with the Protection Cloud. SHA256 = 81A228C46910AD5D57B20DF5A32986BA4F37BC161A22E95822A6770763B2DF19
08/15/2018,20-33-00        [INFO]        c:\users\shane siu\desktop\package 0815\0815(12).exe
08/15/2018,20-33-00        [INFO]        [DETECTION] file contains 'TR/AD.NetWiredRc.Y'
08/15/2018,20-33-01        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(13).exe'
08/15/2018,20-33-01        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(13).exe' was scanned with the Protection Cloud. SHA256 = A56AC9255FE2615330B9A532F5DE37087E54C53423D378CA124E279C048D60DD
08/15/2018,20-33-01        [INFO]        c:\users\shane siu\desktop\package 0815\0815(13).exe
08/15/2018,20-33-01        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.a56ac9'
08/15/2018,20-33-01        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(14).exe'
08/15/2018,20-33-01        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(14).exe' was scanned with the Protection Cloud. SHA256 = 704FE64A2947C8783FCD0E2AA2315BFBB8FB2F3A4D353C2CF787A073ECF3A44E
08/15/2018,20-33-01        [INFO]        c:\users\shane siu\desktop\package 0815\0815(14).exe
08/15/2018,20-33-01        [INFO]        [DETECTION] file contains 'TR/AD.NetWiredRc.Y'
08/15/2018,20-33-02        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(15).exe'
08/15/2018,20-33-02        [INFO]        c:\users\shane siu\desktop\package 0815\0815(15).exe
08/15/2018,20-33-02        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/15/2018,20-33-02        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(16).exe'
08/15/2018,20-33-02        [INFO]        c:\users\shane siu\desktop\package 0815\0815(16).exe
08/15/2018,20-33-02        [INFO]        [DETECTION] file contains 'HEUR/AGEN.1020337'
08/15/2018,20-33-03        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(17).exe'
08/15/2018,20-33-03        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(17).exe' was scanned with the Protection Cloud. SHA256 = A9052C51C3DB05B6F3CCF6C4496F83FC28423FA17C18891B420D4296D140F42F
08/15/2018,20-33-03        [INFO]        c:\users\shane siu\desktop\package 0815\0815(17).exe
08/15/2018,20-33-03        [INFO]        [DETECTION] file contains 'TR/AD.LokiBot.B'
08/15/2018,20-33-04        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(19).exe'
08/15/2018,20-33-04        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(19).exe' was scanned with the Protection Cloud. SHA256 = B6A386E9A30DD74C7BF9B21B8B4532A2CF06E87F3A3EB40DE2B09F93A51572B6
08/15/2018,20-33-04        [INFO]        c:\users\shane siu\desktop\package 0815\0815(19).exe
08/15/2018,20-33-04        [INFO]        [DETECTION] file contains 'TR/Crypt.Agent.b6a386'
08/15/2018,20-33-04        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(2).exe'
08/15/2018,20-33-04        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(2).exe' was scanned with the Protection Cloud. SHA256 = 9A13541F7E6A58661AB8947587E09D831AFA370A4D4440A1724BEC72B044FBC2
08/15/2018,20-33-04        [INFO]        c:\users\shane siu\desktop\package 0815\0815(2).exe
08/15/2018,20-33-04        [INFO]        [DETECTION] file contains 'TR/AD.LokiBot.B'
08/15/2018,20-33-05        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(20).exe'
08/15/2018,20-33-05        [INFO]        c:\users\shane siu\desktop\package 0815\0815(20).exe
08/15/2018,20-33-05        [INFO]        [DETECTION] file contains 'HEUR/AGEN.1021633'
08/15/2018,20-33-05        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(21).exe'
08/15/2018,20-33-05        [INFO]        c:\users\shane siu\desktop\package 0815\0815(21).exe
08/15/2018,20-33-05        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/15/2018,20-33-05        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(22).exe'
08/15/2018,20-33-05        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(22).exe' was scanned with the Protection Cloud. SHA256 = 334F7CF52528C37838C420D4A5E3736196B711837BB1FD4C22CEF00418BAE8D9
08/15/2018,20-33-05        [INFO]        c:\users\shane siu\desktop\package 0815\0815(22).exe
08/15/2018,20-33-05        [INFO]        [DETECTION] file contains 'TR/AD.Fareit.Y'
08/15/2018,20-33-06        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(23).exe'
08/15/2018,20-33-06        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(23).exe' was scanned with the Protection Cloud. SHA256 = ECF1F4417BCD8A2F46B33392BE5C9ECE7981B160C58B8E41BF61C599E4869991
08/15/2018,20-33-06        [INFO]        c:\users\shane siu\desktop\package 0815\0815(23).exe
08/15/2018,20-33-06        [INFO]        [DETECTION] file contains 'TR/AD.Fareit.Y'
08/15/2018,20-33-06        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(24).exe'
08/15/2018,20-33-06        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(24).exe' was scanned with the Protection Cloud. SHA256 = 69BA3CEECB79D61ABDE45EBCD852A2D1079CD7ED184BDEBEAD1A2E2820D2A291
08/15/2018,20-33-06        [INFO]        c:\users\shane siu\desktop\package 0815\0815(24).exe
08/15/2018,20-33-06        [INFO]        [DETECTION] file contains 'TR/AD.Fareit.Y'
08/15/2018,20-33-07        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(25).exe'
08/15/2018,20-33-07        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(25).exe' was scanned with the Protection Cloud. SHA256 = D324D33233EDF16F00BB4C9A06A14EEE0EF15F8D90A3B9F62213E0EA9054312D
08/15/2018,20-33-07        [INFO]        c:\users\shane siu\desktop\package 0815\0815(25).exe
08/15/2018,20-33-07        [INFO]        [DETECTION] file contains 'TR/AD.LokiBot.B'
08/15/2018,20-33-07        [INFO]        Repair of Generic finished successfully.
08/15/2018,20-33-07        [INFO]        Repair of TR/Dropper.Gen started.
08/15/2018,20-33-08        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(26).exe'
08/15/2018,20-33-08        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(26).exe' was scanned with the Protection Cloud. SHA256 = 6E86DB5160C5BB204ED34AC3F96C266196C102215FC28430F1AB227A5B1DE1DC
08/15/2018,20-33-08        [INFO]        c:\users\shane siu\desktop\package 0815\0815(26).exe
08/15/2018,20-33-08        [INFO]        [DETECTION] file contains 'TR/AD.Fareit.Y'
08/15/2018,20-33-08        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(4).exe'
08/15/2018,20-33-08        [INFO]        c:\users\shane siu\desktop\package 0815\0815(4).exe
08/15/2018,20-33-08        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/15/2018,20-33-08        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(5).exe'
08/15/2018,20-33-08        [INFO]        c:\users\shane siu\desktop\package 0815\0815(5).exe
08/15/2018,20-33-08        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/15/2018,20-33-09        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(6).exe'
08/15/2018,20-33-09        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(6).exe' was scanned with the Protection Cloud. SHA256 = 6EC70F4B56C9E20A8CF39BF8EB76FE394EEA237B03801D7FC52C44B4DCDF880E
08/15/2018,20-33-09        [INFO]        c:\users\shane siu\desktop\package 0815\0815(6).exe
08/15/2018,20-33-09        [INFO]        [DETECTION] file contains 'TR/Crypt.Agent.6ec70f'
08/15/2018,20-33-10        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(8).exe'
08/15/2018,20-33-10        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(8).exe' was scanned with the Protection Cloud. SHA256 = 4E4F7CD785EE293600E00F4DFA5B34898A117541C574FF9FD364D03F396B5777
08/15/2018,20-33-10        [INFO]        c:\users\shane siu\desktop\package 0815\0815(8).exe
08/15/2018,20-33-10        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.4e4f7c'
08/15/2018,20-33-10        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0815\0815(9).exe'
08/15/2018,20-33-10        [INFO]        The file 'c:\users\shane siu\desktop\package 0815\0815(9).exe' was scanned with the Protection Cloud. SHA256 = 42E6AE1FCE970D1E097059174BA1513DD77C9FC81A7FABD2819CCB25060260A5
08/15/2018,20-33-10        [INFO]        c:\users\shane siu\desktop\package 0815\0815(9).exe
08/15/2018,20-33-10        [INFO]        [DETECTION] file contains 'TR/AD.Emotet.B'
08/15/2018,20-33-34        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/15/2018,20-33-34        [ERROR]        Repair of TR/Dropper.Gen failed.
08/15/2018,20-33-34        [INFO]        c:\users\shane siu\desktop\package 0815\0815(10).exe
08/15/2018,20-33-34        [INFO]        [ACTION] Clean

www-tekeze
发表于 2018-8-15 20:35:45 | 显示全部楼层
刚好装了安天智甲,秀一把。。。但改了MD5,吃了个鸭蛋。。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Jerry.Lin
 楼主| 发表于 2018-8-15 20:37:56 | 显示全部楼层
y3312068 发表于 2018-8-15 19:50
kfa 扫描15/27 双击
5.08.2018 19.45.39        已移除 恶意软件        PDM:Trojan.Win32.Badur.a        应用程序名称: C:%use ...

额……写个双击杀掉多少个?
梦想起航.
发表于 2018-8-15 20:52:59 | 显示全部楼层
金山 0/27    。。。。。。。。。  
拉黑速度不够快

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
c/mm
发表于 2018-8-15 21:36:12 | 显示全部楼层
大蜘蛛
19/27


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
New_Start.
发表于 2018-8-15 22:55:58 | 显示全部楼层
梦想起航. 发表于 2018-8-15 20:52
金山 0/27    。。。。。。。。。  
拉黑速度不够快

这是连个人开发的X-SEC都不如啊,看来金山真的放弃了
ccboxes
发表于 2018-8-15 23:36:36 | 显示全部楼层
静影沉璧 发表于 2018-8-15 19:09
KIS19.0.0.1088(b):扫描:15/27
15.08.2018 19.18.57        检测到的对象 ( 文件 ) 已删除        C:%users\Administra ...

看来你这边也有这个问题,有时候扫描触发不了云杀,非要双击才行。
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 13:48 , Processed in 0.098897 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表