收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0824
123下一页
返回列表 发新帖
查看: 3376|回复: 24
收起左侧

[病毒样本] #PACKAGE 0824

[复制链接]
Jerry.Lin
发表于 2018-8-24 17:49:13 | 显示全部楼层 |阅读模式
蓝奏


Total : 14


#勿传VT
#在样本有效期内(24小时),建议无需手动上报样本至厂商,便于其他人测试行为拦截,响应速度等
#样本序号以收集时间顺序排序,越大代表越接近现在时间

#原始样本在ESET LiveGrid 云系统 被发现的时间



回帖格式建议

杀软名称 + 时间
查杀数量+查杀率


例如:
XXX 20:39
Samples(5/10) 50%

回复

举报

静影沉璧
发表于 2018-8-24 17:56:02 | 显示全部楼层
本帖最后由 静影沉璧 于 2018-8-24 18:06 编辑

BD2019

时间:17:57-18:04

扫描:10/14
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(10).exe Trojan.GenericKD.40422092 Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(9).exe Trojan.Generic.8628969 Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(12).exe Trojan.Agent.DDMP Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(3).exe Trojan.GenericKD.40422914 Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(11).exe Trojan.GenericKD.40422178 Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(2).exe Trojan.GenericKD.40421687 Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(8).exe Gen:Variant.Kovter.1 Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(1).exe=>(AutoIT r)=>(AutoIT Script)=>(unicode) AIT:Trojan.Nymeria.949 Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(13).exe Gen:Variant.Razy.314080 Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0824\0824(5).exe Gen:Suspicious.Cloud.8.lu1@aqM3THeG Deleted
双击:
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0824\0824(4).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0824\0824(6).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0824\0824(14).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
剩余样本双击结果:
7号样本外联后自退
Total:13/14 92.9%

评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

Picca
发表于 2018-8-24 18:17:01 | 显示全部楼层
18:06 卡巴扫描 9 + 双击
1  建立了一堆外联,全部没速度,然后就常驻内存,卡巴不杀
3  PDM:Trojan.Win32.Badur.a
4  自退出
5  PDM:Trojan.Win32.Generic
6  PDM:Trojan.Win32.Badur.a



*测试单个样本未重启,未使用高级清除

评分

参与人数 2人气 +2 收起 理由
dongwenqi + 1 版区有你更精彩: )
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

静影沉璧
发表于 2018-8-24 18:22:45 | 显示全部楼层
Emsisoft Anti-Malware - 版本 2018.7
最后更新: 2018/8/24 18:07:40
发起者: WIN-7L012NVDSMK\Administrator
电脑名称: WIN-7L012NVDSMK
操作系统版本: Windows 7x86 Service Pack 1
---------------------扫描部分---------------------
  1. 扫描设置:



  5. 扫描方式:

  7. 对象: C:\Users\Administrator\Desktop\PACKAGE 0824\



  11. 检测流氓软件(PUPs): 开

  13. 扫描存档: 开

  15. 扫描邮件档案: 关

  17. ADS数据流扫描: 开

  19. 文件扩展名过滤: 关

  21. 直接磁盘访问: 关



  25. 扫描开始:        2018/8/24 18:08:28

  27. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(1).exe -> (AutoIT r) -> (AutoIT Script) -> (unicode)          AIT:Trojan.Nymeria.949 (B) [krnl.xmd]

  29. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(2).exe          Trojan.Injector (A) [295142]

  31. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(10).exe          Trojan.Injector (A) [295142]

  33. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(11).exe          Trojan.GenericKD.40422178 (B) [krnl.xmd]

  35. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(3).exe          Trojan.GenericKD.40422914 (B) [krnl.xmd]

  37. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(12).exe          Trojan.Agent.DDMP (B) [krnl.xmd]

  39. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(9).exe          Trojan.Generic.8628969 (B) [krnl.xmd]

  41. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(13).exe          Gen:Variant.Razy.314080 (B) [krnl.xmd]

  43. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(8).exe          Gen:Variant.Kovter.1 (B) [krnl.xmd]



  47. 扫描        14

  49. 发现        9



  53. 扫描结束:        2018/8/24 18:08:33

  55. 扫描时间:        0:00:05



  59. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(8).exe        已删除: Gen:Variant.Kovter.1 (B)

  61. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(13).exe        已删除: Gen:Variant.Razy.314080 (B)

  63. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(9).exe        已删除: Trojan.Generic.8628969 (B)

  65. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(12).exe        已删除: Trojan.Agent.DDMP (B)

  67. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(3).exe        已删除: Trojan.GenericKD.40422914 (B)

  69. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(11).exe        已删除: Trojan.GenericKD.40422178 (B)

  71. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(10).exe        已删除: Trojan.Injector (A)

  73. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(2).exe        已删除: Trojan.Injector (A)

  75. C:\Users\Administrator\Desktop\PACKAGE 0824\0824(1).exe        已删除: AIT:Trojan.Nymeria.949 (B)



  79. 已删除:        9
复制代码

--------------------双击部分-------------------
  1. 2018/8/24 18:16:41        用户 WIN-7L012NVDSMK\ADMINISTRATOR        隔离威胁        中危 恶意软件 "Behavior.HiddenInstallation" 来自于 "0824(6).exe".       
  2. 2018/8/24 18:19:16
  3. 中危 恶意软件 "Behavior.CodeInjector" 来自于 "C:\Users\Administrator\Desktop\PACKAGE 0824\0824(14).exe" 已隔离。 用户 WIN-7L012NVDSMK\ADMINISTRATOR
  4. 2018/8/24 18:18:12
  5. 中危 恶意软件 "Behavior.Spyware" 来自于 "C:\Users\Administrator\Desktop\PACKAGE 0824\0824(7).exe" 已隔离。 用户 WIN-7L012NVDSMK\ADMINISTRATOR
复制代码
剩余样本双击结果:
4号样本运行后自退
5号样本无法运行,这两个样本似乎反虚拟机
Total:12/14 85.7%


回复

举报

心痛的伤不起
发表于 2018-8-24 18:22:47 | 显示全部楼层
火绒  

【1】2018-08-24 18:17:24,系统防御,注册表保护,RegAsm.exe触犯注册表防护规则, 已阻止

操作者:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
命令行:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
风险动作:修改启动项
目标注册表:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WPA Manager
操作类型:写入
数据内容:C:\Users\555\AppData\Roaming\AE26E99B-688B-40DF-B67A-E7E11CAE2119\WPA Manager\wpamgr.exe
用户操作:已阻止

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【2】2018-08-24 18:16:49,系统防御,注册表保护,lunamute.exe触犯注册表防护规则, 已阻止

操作者:C:\Users\555\AppData\Local\Microsoft\Windows\lunamute.exe
命令行:"C:\Users\555\AppData\Local\Microsoft\Windows\lunamute.exe"
风险动作:修改启动项
目标注册表:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lunamute
操作类型:写入
数据内容:"C:\Users\555\AppData\Local\Microsoft\Windows\lunamute.exe"
用户操作:已阻止

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【3】2018-08-24 18:16:35,系统防御,文件保护,svchost.exe触犯文件防护规则, 已阻止

操作者:C:\Windows\system32\svchost.exe
命令行:C:\Windows\system32\svchost.exe -k netsvcs -p
风险动作:修改启动目录(扩展保护)
目标文件:C:\Users\555\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Legit Program.exe
用户操作:已阻止

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【4】2018-08-24 18:16:01,病毒防御,病毒查杀,自定义扫描,发现0个风险项目

病毒库:2018-08-24 16:28
开始时间:2018-08-24 18:15
总计用时:00:00:07
扫描对象:65个
扫描文件:8个
发现风险:0个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【5】2018-08-24 18:15:25,病毒防御,文件实时监控,发现病毒HEUR:Trojan/VBCode.be, 已清除

操作者:C:\Program Files (x86)\360\360zip\360zip.exe
病毒路径:C:\Users\555\Desktop\PACKAGE 0824\0824(10).exe
病毒名称:HEUR:Trojan/VBCode.be
病毒ID:D38A4A7DE3D69B77
用户操作:已清除

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【6】2018-08-24 18:15:25,病毒防御,文件实时监控,发现病毒Trojan/MSIL.Obfuscated.aw, 已清除

操作者:C:\Program Files (x86)\360\360zip\360zip.exe
病毒路径:C:\Users\555\Desktop\PACKAGE 0824\0824(13).exe
病毒名称:Trojan/MSIL.Obfuscated.aw
病毒ID:A66B30BF251D9F00
用户操作:已清除

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【7】2018-08-24 18:15:25,病毒防御,文件实时监控,发现病毒HEUR:Trojan/VBCode.be, 已清除

操作者:C:\Windows\Explorer.EXE
病毒路径:C:\Users\555\Desktop\PACKAGE 0824\0824(2).exe
病毒名称:HEUR:Trojan/VBCode.be
病毒ID:D38A4A7DE3D69B77
用户操作:已清除

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【8】2018-08-24 18:15:25,病毒防御,文件实时监控,发现病毒HVM:TrojanDownloader/Small.gen!A, 已清除

操作者:C:\Program Files (x86)\360\360zip\360zip.exe
病毒路径:C:\Users\555\Desktop\PACKAGE 0824\0824(7).exe
病毒名称:HVM:TrojanDownloader/Small.gen!A
病毒ID:3771D7B34EE4BE40
用户操作:已清除

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【9】2018-08-24 18:15:25,病毒防御,文件实时监控,发现病毒Trojan/VBInject.b, 已清除

操作者:C:\Program Files (x86)\360\360zip\360zip.exe
病毒路径:C:\Users\555\Desktop\PACKAGE 0824\0824(8).exe
病毒名称:Trojan/VBInject.b
病毒ID:E4BEEE39EA2E9885
用户操作:已清除

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【10】2018-08-24 18:15:25,病毒防御,文件实时监控,发现病毒Worm/Gamarue, 已清除

操作者:C:\Windows\Explorer.EXE
病毒路径:C:\Users\555\Desktop\PACKAGE 0824\0824(9).exe
病毒名称:Worm/Gamarue
病毒ID:9E44ED12248E3A0D
用户操作:已清除

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

【11】2018-08-24 18:13:48,其他,升级日志,手动升级成功,版本号:4.0.69.10

升级方式:手动升级
升级结果:成功
版本号:4.0.69.10
下载文件:
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\db\behav.db
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\db\malurl.db
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\virdb\prop.db
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\virdb\pset.db
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\virdb\troj.db
修改文件:
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\db\behav.db
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\db\malurl.db
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\virdb\prop.db
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\virdb\pset.db
        2018-08-24 18:13:48 C:\ProgramData\Huorong\Sysdiag\virdb\troj.db

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

最后剩5个

评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

静影沉璧
发表于 2018-8-24 18:40:18 | 显示全部楼层
本帖最后由 静影沉璧 于 2018-8-24 19:09 编辑

avast高级版:扫描:8/14

双击:4/14




Total:12/14 85.7%

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

YU2711
发表于 2018-8-24 20:28:06 | 显示全部楼层
本帖最后由 YU2711 于 2018-8-24 20:29 编辑

趋势科技  扫描  19:50
3/14
0824(12).exe   TrojanSpy.Win32.LOKI.SMBD1.hp
0824(13).exe   BKDR_ASDROP.SMZVP
0824(9).exe     TSPY_DOWNLOADER_BK08494B.TOMC
                 双击
0824(1)MISS
0824(2)MISS
0824(3)HTTP_HANCITOR_REQUEST  移除
0824(4)MISS运行自删
0824(5)MISS
0824(6)阻止行为本体未删
0824(7)HEU_AEGISCS968
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\revvy.exe  HEU_CDPLCEXT
0824(8)阻止行为本体未删
0824(10)HEU_AEGISCS985
0824(11)HTTP_LOKI_REQUEST 移除
0824(14)阻止行为本体未删


评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

solstice1988
发表于 2018-8-24 17:53:18 | 显示全部楼层
本帖最后由 solstice1988 于 2018-8-24 18:05 编辑

红伞展位
17:55

全K
回复

举报

WHALE-FALL
发表于 2018-8-24 17:54:11 | 显示全部楼层
本帖最后由 WHALE-FALL 于 2018-8-24 17:57 编辑

360 一扫 11/14   78.6%
回复

举报

Jerry.Lin
 楼主| 发表于 2018-8-24 17:55:33 | 显示全部楼层
本帖最后由 191196846 于 2018-8-24 17:56 编辑

ESET (17935P (20180824))
14/14
  1. Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
  2. 2018/8/24 17:53:56;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(7).exe;a variant of Win32/Agent.ZIW trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;680BFCE483269CEDF56C590A2740B8CE52326E91;2018/8/24 17:53:42
  3. 2018/8/24 17:53:56;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(14).exe;a variant of MSIL/Kryptik.PIQ trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;C7006C12CA6A9CF3FD4D04FBA3CFC62C93AAEA23;2018/8/24 17:53:42
  4. 2018/8/24 17:53:56;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(4).exe;a variant of Win32/GenKryptik.CHXV trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;688525BB6A40037875CA34EF1E8ACED38C1A294D;2018/8/24 17:53:42
  5. 2018/8/24 17:53:56;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(13).exe;a variant of MSIL/Injector.SHI trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;8B784055ACD2E0B15F25E24970AF8A6F8BE127B0;2018/8/24 17:53:42
  6. 2018/8/24 17:53:56;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(8).exe;a variant of Win32/Injector.DZZL trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;7BA441DD7160D06E251EFCA7030F9A340BAE0BF4;2018/8/24 17:53:42
  7. 2018/8/24 17:53:56;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(12).exe;a variant of Win32/Injector.DZZQ trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;38C7041B1E1899C00FD2B40CDBAD56FE25EFAF4F;2018/8/24 17:53:42
  8. 2018/8/24 17:53:59;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(5).exe;a variant of Win32/Kryptik.GKDT trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;C0B655666FC4A18DD8D36A3EA4CF535C881530A8;2018/8/24 17:53:42
  9. 2018/8/24 17:53:59;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(11).exe;a variant of Win32/Injector.DZZM trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;6F470003D579A875BF0D144FB7F541FB5CF0A1A1;2018/8/24 17:53:42
  10. 2018/8/24 17:54:02;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(2).exe;a variant of Win32/Injector.DZZB trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;4801897B50746613EAF2F4FA3E077E630A0B0259;2018/8/24 17:53:42
  11. 2018/8/24 17:54:05;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(9).exe;a variant of Win32/Injector.WWW trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;6801348A36BCA8B81E390B1A11766E7C61F0B158;2018/8/24 17:53:42
  12. 2018/8/24 17:54:07;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(6).exe;a variant of Win32/GenKryptik.CJBE trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;A8AB3446A388B4D512FDAFC2723B3D7AB4C3103C;2018/8/24 17:53:42
  13. 2018/8/24 17:54:08;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(3).exe;a variant of Win32/GenKryptik.CJAD trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;83FA1B607EB71FE66AF1FECC2F4832027C5759F9;2018/8/24 17:53:42
  14. 2018/8/24 17:54:10;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(10).exe;a variant of Win32/Injector.DZZB trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;BE76B02664E657E52E862BD0488CA8E451552E7F;2018/8/24 17:53:42
  15. 2018/8/24 17:54:12;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0824\0824(1).exe;Win32/Autoit.OEV trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;B98F467393A926F38E233DFD24E937D75FFFC5FE;
复制代码
回复

举报

WHALE-FALL
发表于 2018-8-24 18:00:40 | 显示全部楼层
WHALE-FALL 发表于 2018-8-24 17:54
360 一扫 11/14   78.6%

二扫(初次云鉴定完成后)12/14    85.71%。
另附剩余文件云鉴定结果:7 低风险    4 暂未发现风险
回复

举报

WHALE-FALL
发表于 2018-8-24 18:02:32 | 显示全部楼层
WHALE-FALL 发表于 2018-8-24 18:00
二扫(初次云鉴定完成后)12/14    85.71%。
另附剩余文件云鉴定结果:7 低风险    4 暂未发现风险

在沙盘中试运行7和4,
7:一段时间后自退;
4;打开cmd后自退;
(估计都反沙盘)
回复

举报

XZ8SM7Sx0bVkoUV
发表于 2018-8-24 18:12:23 | 显示全部楼层
火绒

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

WHALE-FALL
发表于 2018-8-24 18:19:04 | 显示全部楼层
WHALE-FALL 发表于 2018-8-24 18:00
二扫(初次云鉴定完成后)12/14    85.71%。
另附剩余文件云鉴定结果:7 低风险    4 暂未发现风险

目前补杀  7   4  
(4是拉黑)
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-4-30 16:59 , Processed in 0.136063 second(s), 21 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表