#PACKAGE 0818

c/mm

大蜘蛛

随便测了几个双击 都能查杀剩余的就不试了     
Neutralized object: \Device\HarddiskVolume3\Users\Desktop\tempx\0818(11).exe - quarantined [threat name: DPH:Trojan.Inject.Hollowing.4.0, action: 3, type: 0, ret: 8]

Agu

Malwarebytes - 7/13


Fortinet - 8/13


SecureAPlus(只開APEX) -
敏感度(中)：6/13


敏感度(高)：11/13

温馨小屋

Norton
11/13  


1 Heur.AdvML.B
2 SONAR.Heuristic.170
3 Heur.AdvML.B
4 Trojan Horse/Heur.AdvML.C
5 Heur.AdvML.B
6
7 Heur.AdvML.B
8 SONAR.Heur.RGC!g69
9 Heur.AdvML.B
10 Heur.AdvML.B
11 Heur.AdvML.B
12
13 Heur.AdvML.B

YU2711

McAfee  23:02
1/13
(5)Packed-FJS!FB6D0CB6C56E
双击
(1)Real protect-EC!9241EF5F8515
    衍生物Generic.adu
(2)Miss
(3)Real Protect-EC!779BF0DE17EC
    封锁158.58.131.54
(4)封锁传入
(6)Miss
(7)Miss
(8)Miss
(9)Miss
(10)杀衍生物

(11)Real Protect-LS!FB5D3AD5EA78
(12)Real Protect-LS!5F6BC58DD7E6
(13)衍生物杀

DF快递

小A剩下2个

BeatTrojan

www-tekeze 发表于 2018-8-18 22:40
厉害了我的哥，手动更新一下，清空，之前的#2、#10报Trojan.Generic，已被流式更新检出。。    @Be ...

应该是被某位热心用户第一时间上报了

果团团

卡巴已清空，不得不说响应速度还是很快的

WHALE-FALL

没红伞的
补充一下12/13
miss 10

stupid1man

紅傘 11:28


實時防護：6
右鍵掃描：9
Total：13/13 (100%)

————————掃描部份—————————

1. Start of the scan: 2018-08-19 11:28:17
   
2. 08/19/2018,11-28-17        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\ desktop\package 0818\0818(1).exe'
   
3. 08/19/2018,11-28-17        [INFO]        c:\users\desktop\package 0818\0818(1).exe
   
4. 08/19/2018,11-28-17        [INFO]        [DETECTION] file contains 'TR/Kryptik.krkkt'
   
5. 08/19/2018,11-28-17        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0818\0818(11).exe'
   
6. 08/19/2018,11-28-17        [INFO]        c:\users\desktop\package 0818\0818(11).exe
   
7. 08/19/2018,11-28-17        [INFO]        [DETECTION] file contains 'TR/ATRAPS.Gen'
   
8. 08/19/2018,11-28-18        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0818\0818(12).exe'
   
9. 08/19/2018,11-28-18        [INFO]        c:\users\desktop\package 0818\0818(12).exe
   
10. 08/19/2018,11-28-18        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
    
11. 08/19/2018,11-28-18        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0818\0818(13).exe'
    
12. 08/19/2018,11-28-18        [INFO]        c:\users\desktop\package 0818\0818(13).exe
    
13. 08/19/2018,11-28-18        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.Gen'
    
14. 08/19/2018,11-28-20        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0818\0818(3).exe'
    
15. 08/19/2018,11-28-20        [INFO]        Successful Cloud SDK initialization and license check.
    
16. 08/19/2018,11-28-20        [INFO]        The file 'c:\users\desktop\package 0818\0818(3).exe' was scanned with the Protection Cloud. SHA256 = 9861D52E37D42293FF8893CA834BD3F5B249764DE924442028BF55F4908FDC05
    
17. 08/19/2018,11-28-20        [INFO]        c:\users\desktop\package 0818\0818(3).exe
    
18. 08/19/2018,11-28-20        [INFO]        [DETECTION] file contains 'TR/TrickBot.roatv'
    
19. 08/19/2018,11-28-21        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0818\0818(5).exe'
    
20. 08/19/2018,11-28-21        [INFO]        c:\users\desktop\package 0818\0818(5).exe
    
21. 08/19/2018,11-28-21        [INFO]        [DETECTION] file contains 'TR/ATRAPS.Gen'
    
22. 08/19/2018,11-28-21        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0818\0818(6).exe'
    
23. 08/19/2018,11-28-21        [INFO]        The file 'c:\users\desktop\package 0818\0818(6).exe' was scanned with the Protection Cloud. SHA256 = 32A3D8A6BA79F0415F5B9B1299A01E5528177B0715CF5C0F24101F835A89B320
    
24. 08/19/2018,11-28-21        [INFO]        c:\users\desktop\package 0818\0818(6).exe
    
25. 08/19/2018,11-28-21        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.32a3d8'
    
26. 08/19/2018,11-28-22        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0818\0818(8).exe'
    
27. 08/19/2018,11-28-22        [INFO]        The file 'c:\users\desktop\package 0818\0818(8).exe' was scanned with the Protection Cloud. SHA256 = 89498786ED516BFC06F3517CEB8A89F97062055BB7E05F2D1AF9E137899E2C32
    
28. 08/19/2018,11-28-22        [INFO]        c:\users\desktop\package 0818\0818(8).exe
    
29. 08/19/2018,11-28-22        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.894987'
    
30. 08/19/2018,11-28-23        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0818\0818(9).exe'
    
31. 08/19/2018,11-28-23        [INFO]        The file 'c:\users\desktop\package 0818\0818(9).exe' was scanned with the Protection Cloud. SHA256 = 1BEFB1F6B09FCF8DC34A596B9901A96F50EB8D174E2C06A8FACB11BFBA2170A8
    
32. 08/19/2018,11-28-23        [INFO]        c:\users\desktop\package 0818\0818(9).exe
    
33. 08/19/2018,11-28-23        [INFO]        [DETECTION] file contains 'TR/Kryptik.1befb1'

复制代码

迟到的Panda测试：3/13=23.08%
扫描：
1，8，11，均报Trj/GdSda.A

双击：
2：添加自启动项目，进程驻留，持续外联IP：185.68.83.18
3：添加自启动项目，Panda移除衍生物（0919(3).exe:Trj/TrickBot.A），未移除本体4：运行后删除自身，外联地址：incitecpivot-au.com/lerty67/loivet56/fre.php5：报错，无法启动
6：Panda报告为安全
7：运行后删除自身
9：miss
10：Panda移除衍生物（crypted.exe:Trj/GdSda.A）,疑似添加启动项（YJJUXERZMY.URL）
12：Panda移除衍生物（Windows Update.exe:可疑文件/Trj/Dropper.gen，疑似行为分析移除）
13：miss

Panda提示外联项目：



Panda将6号分类为安全：



有趣的12号样本：

（1）Panda最初将其衍生物分类为安全



（2）执行一段时间后，Panda移除衍生物，日志显示检测到Trj/Dropper.gen，疑似为行为分析抑制



（3）隔离区显示为可疑文件