查看: 3549|回复: 25
收起左侧

[病毒样本] #PACKAGE 0827

[复制链接]
Jerry.Lin
发表于 2018-8-27 20:57:23 | 显示全部楼层 |阅读模式
蓝奏

Total : 19


#勿传VT
#在样本有效期内(24小时),建议无需手动上报样本至厂商,便于其他人测试行为拦截,响应速度等
#样本序号以收集时间顺序排序,越大代表越接近现在时间

#原始样本在ESET LiveGrid 云系统 被发现的时间





IOC:
  1. 0827(2).exe  -  eceb968c929151242cf57783b27b38c1
  2. 0827(3).exe  -  4233a0dbef8a300b7610d2db3d40595a
  3. 0827(13).exe  -  97a30822ad4f74376ef8c013958bd4c9
  4. 0827(10).exe  -  4a3367a95c3408060a99a7b5bc370efb
  5. 0827(15).exe  -  d3d28b9665bdbc7a297e977134b90810
  6. 0827(7).exe  -  7330f8c8f20f1a6aa419470d2421ce27
  7. 0827(17).exe  -  0398d53bc37802082f8b710589a1f9f6
  8. 0827(11).exe  -  24cc4ad6883d1477c2dbf90d4df7b618
  9. 0827(4).exe  -  ba0b6e2dccc0bf82a92c86c52a8ca921
  10. 0827(8).exe  -  5eee8651cf210df9cf66da55d93a8d99
  11. 0827(18).exe  -  16a6c86092dcbf0b7dc483a4b2eca167
  12. 0827(9).exe  -  e4b92b9bef8dd114333febd04d131230
  13. 0827(5).exe  -  18a23b7daf7ccb3d3cb59780e9e10d4e
  14. 0827(19).exe  -  3825efd5fcbdde5bd2a250c08d335c91
  15. 0827(1).exe  -  21e6182ef3ec3f8bb806cecc945d0fc4
  16. 0827(12).exe  -  0bf5f61879df689ced502e18e13d2c32
  17. 0827(14).exe  -  790a2768b504dc976539fab4d7d6d3b3
  18. 0827(6).exe  -  ce3e9c09443110098104cc70b5e5bf20
  19. 0827(16).exe  -  3ad789016069bfcbce4aa217b62bf864
复制代码



回帖格式建议

杀软名称 + 时间
查杀数量+查杀率


例如:
XXX 20:39
Samples(5/10) 50%



评分

参与人数 1人气 +3 收起 理由
ELOHIM + 3 感谢解答: )

查看全部评分

Jirehlov1234
发表于 2018-8-27 20:59:27 | 显示全部楼层
本帖最后由 Jirehlov1234 于 2018-8-27 22:51 编辑

BD 21:00
TIU 11905561

扫描9x+双击8x=17/19

E:\TEST\PACKAGE 0827\0827(7).exeTrojan.Agent.DDOYDeleted
E:\TEST\PACKAGE 0827\0827(8).exeGen:Variant.Barys.51339Deleted
E:\TEST\PACKAGE 0827\0827(1).exeTrojan.GenericKD.40429263Deleted
E:\TEST\PACKAGE 0827\0827(18).exeTrojan.GenericKD.40428724Deleted
E:\TEST\PACKAGE 0827\0827(13).exeGen:Variant.Razy.378118Deleted
E:\TEST\PACKAGE 0827\0827(3).exeTrojan.GenericKD.40424759Deleted
E:\TEST\PACKAGE 0827\0827(12).exeGen:Variant.Johnnie.117678Deleted
E:\TEST\PACKAGE 0827\0827(5).exeTrojan.GenericKD.40429995Deleted
E:\TEST\PACKAGE 0827\0827(14).exeTrojan.GenericKD.40430006Deleted


2
ATD击杀(malicious behavior)
0827(2).exe
adobeservice.exe

4
允许外联37.187.155.228
ATD击杀(potentially malicious application)
0827(4).exe
dddw.lnk

6
ATD击杀(potentially malicious application)
0827(6).exe


9
ATD击杀(malicious behavior)
0827(9).exe
~df0eef58600b33e77c.tmp
udpsvc.exe
run.dat

10
自退出

11
ATD击杀(potentially malicious application)
0827(11).exe


15
ATD击杀(malicious behavior)
aemogrtinstall14-2-1.txt.lockedfile(勒索?)
execoutputhandlerunner.java.lockedfile
0827(15).exe
crypto.hash._sha256.pyd
crypto.util.strxor.pyd
crypto.cipher._des.pyd
crypto.cipher._aes.pyd
crypto.util._counter.pyd
crypto.random.osrng.winrandom.pyd
crypto.cipher._des3.pyd
lockyfud.exe
lockyfud.exe.manifest
safestreams.java
encodedstream.java
javaexechandlefactory.java
aemogrtinstall14-2-1.txt.lockymap
win32ui.pyd
signatures.xml.lockymap
defaultexechandlebuilder.java
locky-readme.txt
defaultexechandlebuilder.java.lockedfile
defaultexechandlebuilder.java.lockymap
aemogrtinstall14-2-1.txt
defaultjavaexecaction.java
streamsforwarder.java.lockymap
defaultjavaexecaction.java.lockedfile
defaultjavaexecaction.java.lockymap
defaultjavaforkoptions.java
safestreams.java.lockymap
defaultjavaforkoptions.java.lockedfile
defaultjavaforkoptions.java.lockymap
defaultprocessforkoptions.java
defaultprocessforkoptions.java.lockedfile
aemogrtinstall15-1.txt
aemogrtinstall15-1.txt.lockedfile
aemogrtinstall15-1.txt.lockymap
defaultprocessforkoptions.java.lockymap
execaction.java
等等

16
ATD击杀(potentially malicious application)
0827(16).exe


17
ATD阻止(vulnerability exploitation)
firefox.exe

19
ATD击杀(malicious behavior)
0827(19).exe
stupid1man
发表于 2018-8-27 21:01:39 | 显示全部楼层
本帖最后由 stupid1man 于 2018-8-27 22:21 编辑

紅傘 21:02
右鍵掃描:3
傳送APC待確定:9/15

21:27
隔離區掃(接近於雙擊APC):6/7
Total:18/19(94.7%)


——————掃描部份——————
  1. Start of the scan: 2018-08-27 21:02:40
  2. 08/27/2018,21-02-43        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(1).exe' needs to be uploaded to cloud. User confirmation is needed.
  3. 08/27/2018,21-02-43        [INFO]        The file 'c:\users\desktop\package 0827\0827(1).exe' was scanned with the Protection Cloud. SHA256 = DCF5A24AD263711F9105F1FDBFAA74800223680A0C700DFBE7EB60B7AC7151CD
  4. 08/27/2018,21-02-44        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(10).exe'
  5. 08/27/2018,21-02-44        [INFO]        c:\users\desktop\package 0827\0827(10).exe
  6. 08/27/2018,21-02-44        [INFO]        [DETECTION] file contains 'HEUR/AGEN.1008710'
  7. 08/27/2018,21-02-44        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(11).exe' needs to be uploaded to cloud. User confirmation is needed.
  8. 08/27/2018,21-02-44        [INFO]        The file 'c:\users\desktop\package 0827\0827(11).exe' was scanned with the Protection Cloud. SHA256 = CA43FD2FA781341E480F4782753B90870BB95DE0277DA32749B3B43CDECC073F
  9. 08/27/2018,21-02-45        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(12).exe' needs to be uploaded to cloud. User confirmation is needed.
  10. 08/27/2018,21-02-45        [INFO]        The file 'c:\users\desktop\package 0827\0827(12).exe' was scanned with the Protection Cloud. SHA256 = 6D450B882D64397617EE6EF876D5CE609004816FACDF944802FD850E0661C98D
  11. 08/27/2018,21-02-45        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(13).exe'
  12. 08/27/2018,21-02-45        [INFO]        c:\users\desktop\package 0827\0827(13).exe
  13. 08/27/2018,21-02-45        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.Gen'
  14. 08/27/2018,21-02-45        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(14).exe' needs to be uploaded to cloud. User confirmation is needed.
  15. 08/27/2018,21-02-45        [INFO]        The file 'c:\users\desktop\package 0827\0827(14).exe' was scanned with the Protection Cloud. SHA256 = 89E1D3659614A085BF49EF5602E7460CE5AAA1826D1FE27FFAD300C13088A6B9
  16. 08/27/2018,21-02-47        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(15).exe' needs to be uploaded to cloud. User confirmation is needed.
  17. 08/27/2018,21-02-47        [INFO]        The file 'c:\users\desktop\package 0827\0827(15).exe' was scanned with the Protection Cloud. SHA256 = D0AC8F97A60F6083AE3B4CF366F7EFCA5C6336E2542D02F53A680180C23B10F1
  18. 08/27/2018,21-02-47        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(16).exe' needs to be uploaded to cloud. User confirmation is needed.
  19. 08/27/2018,21-02-47        [INFO]        The file 'c:\users\desktop\package 0827\0827(16).exe' was scanned with the Protection Cloud. SHA256 = 6B75CE1BE0FA46CCF204790F1D95CB687765819E0395D8B79C1CD53F59448B84
  20. 08/27/2018,21-02-48        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(18).exe' needs to be uploaded to cloud. User confirmation is needed.
  21. 08/27/2018,21-02-48        [INFO]        The file 'c:\users\desktop\package 0827\0827(18).exe' was scanned with the Protection Cloud. SHA256 = FDF94226ABAB274C0FC6C7C2DC45AD808F01EA7E71D2C45A3835E6B745B150A1
  22. 08/27/2018,21-02-48        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(19).exe' needs to be uploaded to cloud. User confirmation is needed.
  23. 08/27/2018,21-02-48        [INFO]        The file 'c:\users\desktop\package 0827\0827(19).exe' was scanned with the Protection Cloud. SHA256 = 9FB0F93FC50564B2AC90D665C4F9C52F0C3773CD052C0135EFFE25FF5070CD23
  24. 08/27/2018,21-02-48        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(2).exe' needs to be uploaded to cloud. User confirmation is needed.
  25. 08/27/2018,21-02-48        [INFO]        The file 'c:\users\desktop\package 0827\0827(2).exe' was scanned with the Protection Cloud. SHA256 = B23EB7E70EC2486593E2B136251445AF2BBE84FFB90DF18C7D4226BC89AD5413
  26. 08/27/2018,21-02-49        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(3).exe' needs to be uploaded to cloud. User confirmation is needed.
  27. 08/27/2018,21-02-49        [INFO]        The file 'c:\users\desktop\package 0827\0827(3).exe' was scanned with the Protection Cloud. SHA256 = BD1A7F12F317F4EA877CD2EEA1035F9A907FCAA83E4333EDF8A44A019494BAA7
  28. 08/27/2018,21-02-49        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(4).exe'
  29. 08/27/2018,21-02-49        [INFO]        c:\users\desktop\package 0827\0827(4).exe
  30. 08/27/2018,21-02-49        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
  31. 08/27/2018,21-02-50        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(5).exe' needs to be uploaded to cloud. User confirmation is needed.
  32. 08/27/2018,21-02-50        [INFO]        The file 'c:\users\desktop\package 0827\0827(5).exe' was scanned with the Protection Cloud. SHA256 = 343BBA86BC43920C91AD1E17CF2FA8704A8071DC5F440ACFEE2D70F253A3B07B
  33. 08/27/2018,21-02-50        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(6).exe' needs to be uploaded to cloud. User confirmation is needed.
  34. 08/27/2018,21-02-50        [INFO]        The file 'c:\users\desktop\package 0827\0827(6).exe' was scanned with the Protection Cloud. SHA256 = E6460C86386E084AA21F9C4AE9CBE122D4CB81D6D6E58189FEA245BE6475DAE0
  35. 08/27/2018,21-02-51        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(7).exe' needs to be uploaded to cloud. User confirmation is needed.
  36. 08/27/2018,21-02-51        [INFO]        The file 'c:\users\desktop\package 0827\0827(7).exe' was scanned with the Protection Cloud. SHA256 = F94819DB8E5B8CD555D2935847075C15DC0A8856F9A0B8C0E000ECA1C772926D
  37. 08/27/2018,21-02-51        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(8).exe' needs to be uploaded to cloud. User confirmation is needed.
  38. 08/27/2018,21-02-51        [INFO]        The file 'c:\users\desktop\package 0827\0827(8).exe' was scanned with the Protection Cloud. SHA256 = 4C38FFFCE83E97941145568989C84CA55FF42146505AE07669B69688F7A68D4E
  39. 08/27/2018,21-02-52        [INFO]        [CLOUD] File 'c:\users\desktop\package 0827\0827(9).exe' needs to be uploaded to cloud. User confirmation is needed.
  40. 08/27/2018,21-02-52        [INFO]        The file 'c:\users\desktop\package 0827\0827(9).exe' was scanned with the Protection Cloud. SHA256 = 05647B61A26D1F4E363A9B0F8C17A3E76760C2CDD2D109A62EDF1139BFD12508
  41. 08/27/2018,21-03-17        [INFO]        Retry 1 for the file 'c:\users\desktop\package 0827\0827(1).exe'. SHA256 = DCF5A24AD263711F9105F1FDBFAA74800223680A0C700DFBE7EB60B7AC7151CD
  42. 08/27/2018,21-03-20        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(1).exe'
  43. 08/27/2018,21-03-20        [INFO]        The file 'c:\users\desktop\package 0827\0827(1).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = DCF5A24AD263711F9105F1FDBFAA74800223680A0C700DFBE7EB60B7AC7151CD
  44. 08/27/2018,21-03-20        [INFO]        c:\users\desktop\package 0827\0827(1).exe
  45. 08/27/2018,21-03-20        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.dcf5a2'
  46. 08/27/2018,21-03-38        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(11).exe'
  47. 08/27/2018,21-03-38        [INFO]        The file 'c:\users\desktop\package 0827\0827(11).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = CA43FD2FA781341E480F4782753B90870BB95DE0277DA32749B3B43CDECC073F
  48. 08/27/2018,21-03-38        [INFO]        c:\users\desktop\package 0827\0827(11).exe
  49. 08/27/2018,21-03-38        [INFO]        [DETECTION] file contains 'TR/Injector.ca43fd'
  50. 08/27/2018,21-03-58        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(12).exe'
  51. 08/27/2018,21-03-59        [INFO]        The file 'c:\users\desktop\package 0827\0827(12).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 6D450B882D64397617EE6EF876D5CE609004816FACDF944802FD850E0661C98D
  52. 08/27/2018,21-03-59        [INFO]        c:\users\desktop\package 0827\0827(12).exe
  53. 08/27/2018,21-03-59        [INFO]        [DETECTION] file contains 'TR/Injector.6d450b'
  54. 08/27/2018,21-04-13        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(14).exe'
  55. 08/27/2018,21-04-13        [INFO]        The file 'c:\users\desktop\package 0827\0827(14).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 89E1D3659614A085BF49EF5602E7460CE5AAA1826D1FE27FFAD300C13088A6B9
  56. 08/27/2018,21-04-13        [INFO]        c:\users\desktop\package 0827\0827(14).exe
  57. 08/27/2018,21-04-13        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.Gen'
  58. 08/27/2018,21-05-28        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(15).exe'
  59. 08/27/2018,21-05-28        [INFO]        The file 'c:\users\desktop\package 0827\0827(15).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = D0AC8F97A60F6083AE3B4CF366F7EFCA5C6336E2542D02F53A680180C23B10F1
  60. 08/27/2018,21-05-28        [INFO]        c:\users\desktop\package 0827\0827(15).exe
  61. 08/27/2018,21-05-28        [INFO]        [DETECTION] file contains 'HEUR/APC'
  62. 08/27/2018,21-05-43        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(16).exe'
  63. 08/27/2018,21-05-43        [INFO]        The file 'c:\users\desktop\package 0827\0827(16).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 6B75CE1BE0FA46CCF204790F1D95CB687765819E0395D8B79C1CD53F59448B84
  64. 08/27/2018,21-05-43        [INFO]        c:\users\desktop\package 0827\0827(16).exe
  65. 08/27/2018,21-05-43        [INFO]        [DETECTION] file contains 'TR/Injector.6b75ce'
  66. 08/27/2018,21-05-58        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(18).exe'
  67. 08/27/2018,21-05-58        [INFO]        The file 'c:\users\desktop\package 0827\0827(18).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = FDF94226ABAB274C0FC6C7C2DC45AD808F01EA7E71D2C45A3835E6B745B150A1
  68. 08/27/2018,21-05-58        [INFO]        c:\users\desktop\package 0827\0827(18).exe
  69. 08/27/2018,21-05-58        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.fdf942'
  70. 08/27/2018,21-06-12        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(19).exe'
  71. 08/27/2018,21-06-12        [INFO]        The file 'c:\users\desktop\package 0827\0827(19).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 9FB0F93FC50564B2AC90D665C4F9C52F0C3773CD052C0135EFFE25FF5070CD23
  72. 08/27/2018,21-06-12        [INFO]        c:\users\desktop\package 0827\0827(19).exe
  73. 08/27/2018,21-06-12        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.9fb0f9'
  74. 08/27/2018,21-06-29        [INFO]        Retry 1 for the file 'c:\users\desktop\package 0827\0827(2).exe'. SHA256 = B23EB7E70EC2486593E2B136251445AF2BBE84FFB90DF18C7D4226BC89AD5413
  75. 08/27/2018,21-06-33        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0827\0827(2).exe'
  76. 08/27/2018,21-06-33        [INFO]        The file 'c:\users\desktop\package 0827\0827(2).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = B23EB7E70EC2486593E2B136251445AF2BBE84FFB90DF18C7D4226BC89AD5413
  77. 08/27/2018,21-06-33        [INFO]        c:\users\desktop\package 0827\0827(2).exe
  78. 08/27/2018,21-06-33        [INFO]        [DETECTION] file contains 'TR/Kryptik.b23eb7'
  79. 08/27/2018,21-06-33        [INFO]        The file 'c:\users\desktop\package 0827\0827(3).exe' was scanned with the Protection Cloud. SHA256 = BD1A7F12F317F4EA877CD2EEA1035F9A907FCAA83E4333EDF8A44A019494BAA7
  80. 08/27/2018,21-06-34        [INFO]        The file 'c:\users\desktop\package 0827\0827(5).exe' was scanned with the Protection Cloud. SHA256 = 343BBA86BC43920C91AD1E17CF2FA8704A8071DC5F440ACFEE2D70F253A3B07B
  81. 08/27/2018,21-06-34        [INFO]        The file 'c:\users\desktop\package 0827\0827(6).exe' was scanned with the Protection Cloud. SHA256 = E6460C86386E084AA21F9C4AE9CBE122D4CB81D6D6E58189FEA245BE6475DAE0
  82. 08/27/2018,21-06-35        [INFO]        The file 'c:\users\desktop\package 0827\0827(7).exe' was scanned with the Protection Cloud. SHA256 = F94819DB8E5B8CD555D2935847075C15DC0A8856F9A0B8C0E000ECA1C772926D
  83. 08/27/2018,21-06-35        [INFO]        The file 'c:\users\desktop\package 0827\0827(8).exe' was scanned with the Protection Cloud. SHA256 = 4C38FFFCE83E97941145568989C84CA55FF42146505AE07669B69688F7A68D4E
  84. 08/27/2018,21-06-36        [INFO]        The file 'c:\users\desktop\package 0827\0827(9).exe' was scanned with the Protection Cloud. SHA256 = 05647B61A26D1F4E363A9B0F8C17A3E76760C2CDD2D109A62EDF1139BFD12508
复制代码


静影沉璧
发表于 2018-8-27 21:03:14 | 显示全部楼层
本帖最后由 静影沉璧 于 2018-8-27 22:09 编辑

AVAST高级版
扫描:11/19
双击:
IDP杀3,5,7,9,10,19号样本
剩余样本双击结果:
2号:过扫描后miss
15号样本(似乎是勒索),第一次双击成功防御,然而重启后……文件又被加密了
Total:17/19 89.5%
静影沉璧
发表于 2018-8-27 21:03:35 | 显示全部楼层
本帖最后由 静影沉璧 于 2018-8-27 22:34 编辑

SEP:SEP:
扫描:13/16
  1. 0827(1).exe        Downloader.Ponik        已通过删除清除        病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:14:44
  2. 0827(3).exe        Heur.AdvML.B        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:14:57
  3. 0827(2).exe        Heur.AdvML.B        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:15:08
  4. 0827(19).exe        Heur.AdvML.B        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:15:17
  5. 0827(14).exe        Trojan.Emotet!g5        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:15:27
  6. 0827(4).exe        Heur.AdvML.B        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:15:35
  7. 0827(11).exe        Packed.Generic.516        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:15:45
  8. 0827(5).exe        Heur.AdvML.B        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:16:12
  9. 0827(18).exe        Packed.Generic.521        已通过删除清除        病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:16:21
  10. 0827(16).exe        Packed.Generic.516        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:16:47
  11. 0827(6).exe        Packed.Generic.516        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:17:20
  12. 0827(13).exe        Heur.AdvML.B        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:17:30
  13. 0827(7).exe        Heur.AdvML.B        已通过删除清除        启发式病毒        自动防护扫描        C:\Users\Administrator\Desktop\PACKAGE 0827\        WIN-7L012NVDSMK        Administrator        已删除        已删除        清除安全风险        隔离        已成功地删除了文件。        2018/8/27 21:17:45
复制代码


双击:SONAR kill 5X(15号勒索样本的主体是图中的lockyfud.exe)



Total:18/19 94.7%

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
www-tekeze
发表于 2018-8-27 21:04:37 | 显示全部楼层
本帖最后由 www-tekeze 于 2018-8-28 00:39 编辑

21:05,17/19,89.5%,剩余#9、#17 。 补充:上报后补杀#9

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
YU2711
发表于 2018-8-27 21:12:52 | 显示全部楼层
本帖最后由 YU2711 于 2018-8-27 23:32 编辑

TREND  MICRO   21:04
SCAN  4/19
  1. 安全威脅:        Backdoor.MSIL.ASDROP.SMZSM
  2. 來源類型:        安全威脅
  3. 受影響的檔案:        C:\Users\USER\Downloa…\0827(19).exe
  4. 處理行動:        已移除
  5. 偵測方式:        手動掃瞄

  6. 安全威脅:        TrojanSpy.Win32.LOKI.SMBD1.hp
  7. 來源類型:        安全威脅
  8. 受影響的檔案:        C:\Users\USER\Download…\0827(6).exe
  9. 處理行動:        已移除
  10. 偵測方式:        手動掃瞄

  11. 安全威脅:        TrojanSpy.Win32.LOKI.SMBD1.hp
  12. 來源類型:        安全威脅
  13. 受影響的檔案:        C:\Users\USER\Downloa…\0827(11).exe
  14. 處理行動:        已移除
  15. 偵測方式:        手動掃瞄

  16. 安全威脅:        TrojanSpy.Win32.LOKI.SMBD1.hp
  17. 來源類型:        安全威脅
  18. 受影響的檔案:        C:\Users\USER\Downloa…\0827(16).exe
  19. 處理行動:        已移除
  20. 偵測方式:        手動掃瞄
复制代码
a445441
发表于 2018-8-27 21:23:54 | 显示全部楼层
本帖最后由 a445441 于 2018-8-27 21:49 编辑

卡巴:10/19=52.6%
心痛的伤不起
发表于 2018-8-27 21:46:37 | 显示全部楼层
微点15/19 79%

时间        类型        处理结果        病毒名称        病毒路径        创建者        描述
2018-08-27 21:44:13        蠕虫        处理成功                C:\USERS\555\APPDATA\ROAMING\C4F79B\B13E36.EXE        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(7).EXE        未发现任何修改动作...
2018-08-27 21:44:12        蠕虫        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(7).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        生成(1)个文件...
2018-08-27 21:43:40        木马        处理成功        未知间谍软件        C:\USERS\555\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\ADOBESERVICE.EXE        C:\WINDOWS\SYSTEM32\SVCHOST.EXE        未发现任何修改动作...
2018-08-27 21:43:01        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(5).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:42:24        木马        处理成功        未知木马        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(9).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:42:09        木马        删除文件失败        未知木马        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(9).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:42:04        木马        删除文件失败        未知木马        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(9).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:41:59        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(19).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:41:56        木马        处理成功                C:\USERS\555\APPDATA\LOCAL\TEMP\IS-S43D4.TMP\0827(17).TMP        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(17).EXE        未发现任何修改动作...
2018-08-27 21:41:56        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(17).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        生成(1)个文件...
2018-08-27 21:41:37        木马        处理成功                C:\USERS\555\APPDATA\LOCAL\MICROSOFT\WINDOWS\LUNAMUTE.EXE        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(14).EXE        未发现任何修改动作...
2018-08-27 21:41:37        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(14).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        生成(1)个文件...
2018-08-27 21:41:35        木马        处理成功                C:\USERS\555\APPDATA\LOCAL\TEMP\IS-FEKCV.TMP\0827(15).TMP        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(15).EXE        未发现任何修改动作...
2018-08-27 21:41:35        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(15).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        生成(1)个文件...
2018-08-27 21:41:33        木马        删除文件失败        未知木马        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(9).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:41:26        木马        删除文件失败        未知木马        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(9).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:41:26        木马        处理成功                C:\USERS\555\APPDATA\ROAMING\AE26E99B-688B-40DF-B67A-E7E11CAE2119\WPA MANAGER\WPAMGR.EXE        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(9).EXE        未发现任何修改动作...
2018-08-27 21:41:26        木马        删除文件失败                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(9).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        生成(1)个文件,注册表中修改(1)项...
2018-08-27 21:41:08        木马        处理成功                C:\USERS\555\APPDATA\ROAMING\CV.EXE        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(4).EXE        未发现任何修改动作...
2018-08-27 21:41:07        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(4).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        生成(1)个文件...
2018-08-27 21:41:01        木马        处理成功                C:\PROGRAMDATA\WINDOWS\CSRSS.EXE        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(3).EXE        未发现任何修改动作...
2018-08-27 21:41:01        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(3).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        生成(1)个文件,注册表中修改(1)项...
2018-08-27 21:40:58        木马        处理成功        未知间谍软件        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(2).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:40:57        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(2).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
2018-08-27 21:40:48        木马        处理成功                C:\USERS\555\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\{20949F-A734E6-ECD3-60272A203373}\TOOLSET.EXE        C:\USERS\555\DESKTOP\PACKAGE 0827\0827(8).EXE        未发现任何修改动作...
2018-08-27 21:40:48        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(8).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        生成(1)个文件...
2018-08-27 21:40:43        木马        处理成功                C:\USERS\555\DESKTOP\PACKAGE 0827\0827(12).EXE        C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE        未发现任何修改动作...
Jerry.Lin
 楼主| 发表于 2018-8-27 21:56:43 | 显示全部楼层
ESET
16/19
  1. Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
  2. 2018/8/27 21:55:20;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(2).exe;a variant of Win32/GenKryptik.CJHJ trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;E16EB4994751342F99359E87C053E3214E4D1A33;2018/8/27 21:55:11
  3. 2018/8/27 21:55:20;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(4).exe;a variant of MSIL/Agent.AQL trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;92C38DB9FC10B266CD77159A0AD460860E1D535C;2018/8/27 21:55:11
  4. 2018/8/27 21:55:20;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(13).exe;a variant of MSIL/Kryptik.PDT trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;06CB84248653A743F58751557FBC588BAF77306E;2018/8/27 21:55:10
  5. 2018/8/27 21:55:20;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(16).exe;a variant of Win32/Injector.EAAW trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;681E338D24D0C33A8F4D25AE28256329FD5DE2E6;2018/8/27 21:55:10
  6. 2018/8/27 21:55:20;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(11).exe;a variant of Win32/Injector.EAAW trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;825828A428E493298C8E02E6A1FBA6AA56DC40AC;2018/8/27 21:55:10
  7. 2018/8/27 21:55:20;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(18).exe;Win32/Spy.Ursnif.BW trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;B603A6FBE4F6FF986973841E5BBCD6CEB5913375;2018/8/27 21:55:11
  8. 2018/8/27 21:55:21;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(5).exe;a variant of MSIL/Kryptik.PHG trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;0F16CBC2B1C3DB261BD6D00A2806CC9D6A230B68;2018/8/27 21:55:11
  9. 2018/8/27 21:55:23;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(10).exe;a variant of Win32/Injector.EAAR trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;3EFB0EC8D65B7F379AA479A09EE065203A92ECDE;
  10. 2018/8/27 21:55:24;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(7).exe;Win32/PSW.Fareit.L trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;D93DCF0FD62080D11776C2F12E1AF4E941891DF3;2018/8/27 21:55:11
  11. 2018/8/27 21:55:25;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(14).exe;a variant of Win32/Kryptik.GKFJ trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;691AEA27DE5DFDBE3F607ECB2E7E313A0A44B7F3;2018/8/27 21:55:10
  12. 2018/8/27 21:55:26;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(1).exe;a variant of Win32/Injector.EAAM trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;5620FC5B8EECB8AB1065A362E42A50FE15BA6BBD;2018/8/27 21:55:10
  13. 2018/8/27 21:55:27;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(6).exe;a variant of Win32/Injector.EAAW trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;9C49859756D32E6D7D7A6AB24BF6200412016C27;2018/8/27 21:55:11
  14. 2018/8/27 21:55:29;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(12).exe;a variant of MSIL/Injector.TWG trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;4341A9FD4790727C642DAD514592AA946B66C23A;2018/8/27 21:55:10
  15. 2018/8/27 21:55:30;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(3).exe;a variant of Win32/Kryptik.GKEA trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;FDCFDEF2DED5A0CA24AE277CB7BF950A65706295;2018/8/27 21:55:11
  16. 2018/8/27 21:55:32;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(8).exe;a variant of MSIL/Agent.STM trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;26FD0B7970B58D6474A1643BE76F13C6E020FEE0;2018/8/27 21:55:11
  17. 2018/8/27 21:55:32;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\PACKAGE 0827\0827(9).exe;a variant of Win32/GenKryptik.CJHI trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;A27E429077ADDA29FCCD170F736F52B93365F983;2018/8/27 21:55:11
复制代码
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-27 10:10 , Processed in 0.133707 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表