楼主: www-tekeze
收起左侧

[病毒样本] 样本集奉上_51

  [复制链接]
www-tekeze
 楼主| 发表于 2018-8-22 23:10:09 | 显示全部楼层
cloud01 发表于 2018-8-22 23:07
我改成exe都不杀


改成exe?还是改回eml较好,你试下上面那个附件。
www-tekeze
 楼主| 发表于 2018-8-22 23:15:40 | 显示全部楼层
WHALE-FALL 发表于 2018-8-22 23:09
请问能否传个网盘,不知道为什么我这里打开卡饭都很难,附件也下不下来。其他网站都正常。

估计论坛服务器又出问题,我也准备下线了,放到蓝奏了。。

https://www.lanzous.com/i1plvcf
WHALE-FALL
发表于 2018-8-22 23:19:20 | 显示全部楼层
www-tekeze 发表于 2018-8-22 23:15
估计论坛服务器又出问题,我也准备下线了,放到蓝奏了。。

https://www.lanzous.com/i1plvcf

谢谢,我用批处理把它们全改成.eml了。
好像没什么变化除了修复了2个。
Log
Scan Log
Version of detection engine: 17926P (20180822)
Date: 2018/8/22  Time: 23:13:11
Scanned disks, folders and files: D:\下载\VirusSamples_51
D:\下载\VirusSamples_51\Samp(100).eml - VBA/TrojanDownloader.Agent.HJJ trojan - cleaned
D:\下载\VirusSamples_51\Samp(107).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CEF trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(109).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(110).eml - VBA/TrojanDropper.Agent.UE trojan - cleaned
D:\下载\VirusSamples_51\Samp(112).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(114).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CEF trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(115).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CEF trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(119).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BMA trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(12).eml - VBA/TrojanDownloader.Agent.ECN trojan - cleaned
D:\下载\VirusSamples_51\Samp(120).eml - a variant of Generik.LCODPYH trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(126).eml - VBA/TrojanDownloader.Agent.FTY trojan - cleaned
D:\下载\VirusSamples_51\Samp(129).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CCI trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(13).eml - VBA/TrojanDownloader.Agent.HOO trojan - cleaned
D:\下载\VirusSamples_51\Samp(134).eml - PowerShell/TrojanDownloader.Agent.DV trojan - cleaned
D:\下载\VirusSamples_51\Samp(136).eml - VBA/TrojanDownloader.Agent.IDD trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(137).eml - VBA/DDE.F trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(14).eml - VBA/TrojanDownloader.Agent.FHL trojan - cleaned
D:\下载\VirusSamples_51\Samp(141).eml - VBA/TrojanDownloader.Agent.FHL trojan - cleaned
D:\下载\VirusSamples_51\Samp(142).eml - Win32/Agent.SEQ trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(143).eml - VBA/TrojanDownloader.Agent.IDD trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(144).eml - VBA/TrojanDownloader.Agent.ILB trojan - cleaned
D:\下载\VirusSamples_51\Samp(145).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(146).eml - Win32/Agent.SEQ trojan - cleaned
D:\下载\VirusSamples_51\Samp(147).eml - VBA/TrojanDownloader.Agent.IFY trojan - cleaned
D:\下载\VirusSamples_51\Samp(15).eml - a variant of Generik.FVSGXRS trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(150).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CCI trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(153).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CTS trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(155).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BMA trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(159).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CTS trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(16).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(160).eml » ZIP » word/embeddings/oleObject1.bin - PowerShell/Agent.BT trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(165).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(166).eml » OLEDATA » 1.exe - a variant of Win32/GenKryptik.BWRH trojan - deleted
D:\下载\VirusSamples_51\Samp(168).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(173).eml - PowerShell/TrojanDownloader.Agent.Q trojan - cleaned
D:\下载\VirusSamples_51\Samp(180).eml - Win32/Agent.SEQ trojan - cleaned
D:\下载\VirusSamples_51\Samp(182).eml - VBA/Kryptik.AM trojan - cleaned
D:\下载\VirusSamples_51\Samp(189).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CCI trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(191).eml - VBA/TrojanDownloader.Agent.GE trojan - cleaned
D:\下载\VirusSamples_51\Samp(200).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.DIL trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(204).eml - VBA/TrojanDropper.Agent.ZN trojan - cleaned
D:\下载\VirusSamples_51\Samp(206).eml - VBA/TrojanDownloader.Agent.IHF trojan - cleaned
D:\下载\VirusSamples_51\Samp(209).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(21).eml - VBA/TrojanDownloader.Agent.FSY trojan - cleaned
D:\下载\VirusSamples_51\Samp(216).eml - a variant of Generik.NBAPNKH trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(217).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(218).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BCW trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(221).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(225).eml - a variant of Generik.DBANJLM trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(228).eml - Win32/Exploit.CVE-2012-0158.AEN trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(233).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.CFL trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(235).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CCI trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(237).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(241).eml - W97M/TrojanDownloader.Agent.NCI trojan - cleaned
D:\下载\VirusSamples_51\Samp(243).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CCI trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(244).eml - Win32/Agent.SEQ trojan - cleaned
D:\下载\VirusSamples_51\Samp(248).eml - a variant of Generik.JNVQOKM trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(25).eml - VBA/TrojanDownloader.Agent.FHL trojan - cleaned
D:\下载\VirusSamples_51\Samp(254).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(259).eml - VBA/TrojanDownloader.Agent.CIV trojan - cleaned
D:\下载\VirusSamples_51\Samp(260).eml - a variant of Generik.HYNAMAG trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(264).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CED trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(270).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(271).eml - BAT/TrojanDownloader.Agent.NNQ trojan - cleaned by deleting [1]
D:\下载\VirusSamples_51\Samp(275).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CED trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(279).eml - VBA/TrojanDownloader.Agent.ILA trojan - cleaned
D:\下载\VirusSamples_51\Samp(28).eml - VBA/TrojanDownloader.Agent.CJC trojan - cleaned
D:\下载\VirusSamples_51\Samp(280).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CEF trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(287).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CCI trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(29).eml - VBA/TrojanDownloader.Agent.IHF trojan - cleaned
D:\下载\VirusSamples_51\Samp(290).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CEF trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(291).eml - Win32/Agent.SLF trojan - cleaned
D:\下载\VirusSamples_51\Samp(292).eml - VBA/TrojanDownloader.Agent.FSY trojan - cleaned
D:\下载\VirusSamples_51\Samp(293).eml - VBA/TrojanDownloader.Agent.FTY trojan - cleaned
D:\下载\VirusSamples_51\Samp(294).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BCW trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(31).eml - VBA/TrojanDownloader.Agent.FHL trojan - cleaned
D:\下载\VirusSamples_51\Samp(35).eml - W97M/TrojanDownloader.Agent.NDL trojan - cleaned
D:\下载\VirusSamples_51\Samp(38).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BCW trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(39).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.DCE trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(41).eml - PowerShell/TrojanDownloader.Agent.ANW trojan - cleaned
D:\下载\VirusSamples_51\Samp(43).eml - VBA/TrojanDownloader.Agent.DQG trojan - cleaned
D:\下载\VirusSamples_51\Samp(5).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.DCE trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(50).eml - VBA/TrojanDownloader.Agent.EMJ trojan - cleaned
D:\下载\VirusSamples_51\Samp(51).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.CFL trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(53).eml - W97M/TrojanDownloader.Agent.NDL trojan - cleaned
D:\下载\VirusSamples_51\Samp(54).eml - VBA/TrojanDownloader.Agent.ERG trojan - cleaned
D:\下载\VirusSamples_51\Samp(55).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(56).eml - VBA/TrojanDownloader.Agent.FHL trojan - cleaned
D:\下载\VirusSamples_51\Samp(58).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.DIL trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(6).eml - VBA/TrojanDownloader.Agent.FUT trojan - cleaned
D:\下载\VirusSamples_51\Samp(63).eml - VBA/TrojanDropper.Agent.BDO trojan - cleaned
D:\下载\VirusSamples_51\Samp(65).eml - VBA/TrojanDownloader.Agent.CIV trojan - cleaned
D:\下载\VirusSamples_51\Samp(66).eml - VBA/TrojanDownloader.Agent.HTZ trojan - cleaned
D:\下载\VirusSamples_51\Samp(70).eml - VBA/TrojanDownloader.Agent.GE trojan - cleaned
D:\下载\VirusSamples_51\Samp(73).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BMA trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(76).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(77).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CCI trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(81).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(83).eml » ZIP » xl/vbaProject.bin - VBA/TrojanDownloader.Agent.CTS trojan - action selection postponed until scan completion
D:\下载\VirusSamples_51\Samp(86).eml - VBA/TrojanDownloader.Agent.HJJ trojan - cleaned
D:\下载\VirusSamples_51\Samp(88).eml - VBA/TrojanDownloader.Agent.CJQ trojan - cleaned
D:\下载\VirusSamples_51\Samp(89).eml - Win32/Agent.SEQ trojan - cleaned
D:\下载\VirusSamples_51\Samp(90).eml - VBA/Kryptik.T trojan - cleaned
D:\下载\VirusSamples_51\Samp(94).eml » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.CFL trojan - action selection postponed until scan completion
Number of scanned objects: 658
Number of threats found: 104
Number of cleaned objects: 104
Time of completion: 23:16:36  Total scanning time: 205 sec (00:03:25)

Notes:
[1] Object has been deleted as it only contained the virus body.


WHALE-FALL
发表于 2018-8-22 23:23:40 | 显示全部楼层
www-tekeze 发表于 2018-8-22 23:15
估计论坛服务器又出问题,我也准备下线了,放到蓝奏了。。

https://www.lanzous.com/i1plvcf

我试了
好像eset真的对这个无感,漏杀不至于全漏吧360还扫了20个
不知该说些什么
Log
Scan Log
Version of detection engine: 17926P (20180822)
Date: 2018/8/22  Time: 23:20:43
Scanned disks, folders and files: D:\下载\eml样本
Number of scanned objects: 30
Number of threats found: 0
Time of completion: 23:20:43  Total scanning time: 0 sec (00:00:00)


Picca
发表于 2018-8-22 23:53:02 | 显示全部楼层
本帖最后由 Karna 于 2018-8-22 23:58 编辑
www-tekeze 发表于 2018-8-22 20:39
ESET昨天49/300,今天44/300,有点想不通,为何会这样?      @B100D1E55  @Karna

楼主你问我啊,ESET怎么检测我个小白怎么知道。。。

这个样本集我下了扫了扫,卡巴报了好多downloader。从介绍eset的文章来看,eset报毒策略较为保守,如果病毒本身不包含恶意payload,只要下载回来的真病毒eset报了,也不算漏吧。。。   随便猜的,别当真
WHALE-FALL
发表于 2018-8-23 00:06:56 | 显示全部楼层
Tencent PCManager 余76个 修复48个
WHALE-FALL
发表于 2018-8-23 00:10:17 | 显示全部楼层
Karna 发表于 2018-8-22 23:53
楼主你问我啊,ESET怎么检测我个小白怎么知道。。。

这个样本集我下了扫了扫,卡巴报了好多down ...

我觉得很有可能,downloader报不报很可能取决于各家的策略,有时候大数字也会放过它们,等到病毒下来了就会报了。
随风飞翔2424
发表于 2018-8-23 00:18:57 | 显示全部楼层
用了卡巴斯基、火绒、腾讯电脑管家三家联合手动扫描,卡巴甚至启发最高,还剩下95个……
xudengshan
发表于 2018-8-23 00:21:21 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
xudengshan
发表于 2018-8-23 00:29:53 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
www-tekeze + 1 感谢支持,欢迎常来: )

查看全部评分

您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-24 15:23 , Processed in 0.118507 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表