#PACKAGE 0822

显示全部楼层 · 发表于 2018-8-22 22:05:48

WHALE-FALL 发表于 2018-8-22 21:58
大数字（无红伞）余4个 12/16 统计： 75 %
剩余 1 10 11 15 其中 1 低风险 10 11 15 暂未发现风险

二扫中 10 11 15 已被云端qvm击杀余1 统计：15/16 93.75%

显示全部楼层 · 发表于 2018-8-22 22:10:55

本帖最后由 WHALE-FALL 于 2018-8-22 22:26 编辑

ESET 击杀14 余 11 15

Log
Scan Log
Version of detection engine: 17925P (20180822)
Date: 2018/8/22 Time: 22:07:14
Scanned disks, folders and files: D:\下载\PACKAGE 0822
D:\下载\PACKAGE 0822\0822(1).exe - Win32/TrojanDropper.Agent.RZO trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(10).exe - a variant of Win32/Injector.DZYL trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(12).exe » NSIS » Script.nsi - NSIS/Injector.ADB trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(12).exe » NSIS » Heyduck.dll - Win32/Injector.DZYF trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(13).exe - a variant of MSIL/Kryptik.PFC trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(14).exe - a variant of Win32/Injector.DZYK trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(16).exe - a variant of Win32/Injector.DZYP trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(2).exe » NSIS » Script.nsi - NSIS/Injector.ADB trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(2).exe » NSIS » excusal.dll - Win32/Injector.DZYF trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(3).exe - a variant of Win32/GenKryptik.CIVE trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(4).exe - a variant of Win32/Injector.DZYS trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(5).exe - a variant of Win32/Injector.DZYL trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(6).exe - a variant of Win32/Kryptik.GJWB trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(7).exe - a variant of Win32/Injector.DZYK trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(8).exe - a variant of Win32/Kryptik.GKBV trojan - cleaned by deleting [1]
D:\下载\PACKAGE 0822\0822(9).exe - a variant of Win32/CoinMiner.DV potentially unwanted application - action selection postponed until scan completion
Number of scanned objects: 42
Number of threats found: 16
Number of cleaned objects: 16
Time of completion: 22:08:08 Total scanning time: 54 sec (00:00:54)

Notes:
[1] Object has been deleted as it only contained the virus body.

显示全部楼层 · 发表于 2018-8-22 22:17:10

本帖最后由 YU2711 于 2018-8-22 22:30 编辑

KSC 扫描8/16

#1看似没行为
#322.08.2018 21.50.01;Detected object (process memory) deleted;c:\users\use\downloads\package%200822\0822(3).exe;c:\users\use\downloads\package%200822\0822(3).exe;PDM:Trojan.Win32.Generic;Trojan program;08/22/2018 21:50:01
#422.08.2018 21.50.26;Detected object (process memory) deleted;c:\users\use\downloads\package%200822\0822(4).exe;c:\users\use\downloads\package%200822\0822(4).exe;PDM:Trojan.Win32.Generic;Trojan program;08/22/2018 21:50:26
#522.08.2018 22.01.38;Detected object (process memory) not processed;c:\users\use\downloads\package%200822\0822(5).exe;c:\users\use\downloads\package%200822\0822(5).exe;PDM:Trojan.Win32.Generic;Trojan program;08/22/2018 22:01:38
#622.08.2018 22.04.38;Detected object (process memory) not processed;c:\users\use\downloads\package%200822\0822(6).exe;c:\users\use\downloads\package%200822\0822(6).exe;PDM:Trojan.Win32.Badur.a;Trojan program;08/22/2018 22:04:38
#822.08.2018 22.07.08;Blocked malware;PDM:Exploit.Win32.Generic;Windows PowerShell;c:\windows\system32\windowspowershell\v1.0\powershell.exe;08/22/2018 22:07:08
#1322.08.2018 22.11.51;Application added to the Low Restricted group;Recovery Manager for Active Directory Forest Edition;Recovery Manager for Active Directory Forest Edition;default;C:\Users\Use\Downloads\PACKAGE%200822\0822(13).exe;08/22/2018 22:11:51
22.08.2018 22.12.02;Application added to the Trusted group;Visual Basic Command Line Compiler;Visual Basic Command Line Compiler;KSN information;C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe;08/22/2018 22:12:02
#1622.08.2018 22.14.54;Malicious program deleted;C:\Users\Use\Downloads\PACKAGE%200822\0822(16).exe;C:\Users\Use\Downloads\PACKAGE%200822\0822(16).exe;UDS:Trojan-PSW.Win32.Fareit.ehyx;C:\Users\Use\Downloads\PACKAGE%200822\0822(16).exe;C:\Users\Use\Downloads\PACKAGE%200822\0822(16).exe

复制代码

剩下 #1#13

显示全部楼层 · 发表于 2018-8-23 00:02:11

上个Tencent pcmanager 6/16

显示全部楼层 · 发表于 2018-8-23 09:16:13

火绒安全---（ Windows 7 Ultimate with SP1 简体中文旗舰版....）：

病毒库：2018-08-22 17:17
开始时间：2018-08-23 09:11
总计用时：00:00:21
扫描对象：152个
扫描文件：16个
发现风险：3个
已处理风险：0个
发现系统修复项：0个
处理系统修复项：0个

病毒详情

风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0822\0822(4).exe, 病毒名：HEUR:Trojan/VBCode.be, 病毒ID：[d38a4a7de3d69b77], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0822\0822(3).exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：[b27d4294cde6a1ec], 处理结果：已忽略
风险路径：C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0822\0822(9).exe, 病毒名：HackTool/CoinMiner.a, 病毒ID：[21cb8dc8777aca7], 处理结果：已忽略

文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0822.zip
文件大小: 6.31 MB (6,623,224 字节)
修改时间: 2018年08月23日，09:09:45
MD5: 6ABB9CDF63BB4029A2210DBD13597F8A
SHA1: 3DE17F4B8EDAB6E39D6AE00CCAB7BD70575451B7
SHA256: 4A56FE34D40EC9F23D1063F8CE64C3F4CD016DF9D6F20B29750E3B172A899284
CRC32: C0F58260
计算时间: 0.30s

显示全部楼层 · 发表于 2018-8-23 09:59:40

WHALE-FALL 发表于 2018-8-23 00:02
上个Tencent pcmanager 6/16

现在杀13个

显示全部楼层 · 发表于 2018-8-23 10:27:13

咖啡扫描加双击生剩余
四号剩余0kb，日期变当前，应该是修改过了
14/16

显示全部楼层 · 发表于 2018-8-23 12:09:18

ESET 现已清空

[病毒样本] #PACKAGE 0822

评分

本帖子中包含更多资源