掛馬樣本包(3X) #0828

显示全部楼层 · 发表于 2018-8-28 17:33:42

5g5vn6bCzY.exe
掛馬網址：regionsnews.net/OEqhU8Lg5
VT(9/66)：https://www.virustotal.com/#/fil ... fa04aeba9/detection

file.exe
掛馬網址：waystoeat.track.cat/wp-content/themes/sket4/inc/file.exe
VT(8/67)：https://www.virustotal.com/#/fil ... 47ffd7b19/detection

29140.exe
掛馬網址：sunflowerschoolandcollege.com/ibb/papkaa17/OWFktY
VT(10/68)：https://www.virustotal.com/#/fil ... 0f594f907/detection

樣本載點(密碼infected)：
（主要）https://we.tl/t-LqoBVnBkcg
（備用）https://1.bitsend.jp/download/2d ... 227.html?setLang=en

測試：
Malwarebytes - Miss All

显示全部楼层 · 发表于 2018-8-28 17:40:34

火绒不报，智量报2X 。

显示全部楼层 · 发表于 2018-8-28 17:44:02

微点清空

时间类型处理结果病毒名称病毒路径创建者描述
2018-08-28 17:41:58 木马处理成功 C:\USERS\555\APPDATA\LOCAL\MICROSOFT\WINDOWS\LUNAMUTE.EXE C:\USERS\555\DESKTOP\MALWAREPACK#0828\5G5VN6BCZY.EXE 未发现任何修改动作...
2018-08-28 17:41:58 木马处理成功 C:\USERS\555\DESKTOP\MALWAREPACK#0828\5G5VN6BCZY.EXE C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE 生成(1)个文件...
2018-08-28 17:41:15 木马处理成功 C:\USERS\555\APPDATA\LOCAL\MICROSOFT\WINDOWS\LUNAMUTE.EXE C:\USERS\555\DESKTOP\MALWAREPACK#0828\29140.EXE 未发现任何修改动作...
2018-08-28 17:41:13 木马处理成功 C:\USERS\555\DESKTOP\MALWAREPACK#0828\29140.EXE C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE 生成(1)个文件...
2018-08-28 17:41:08 木马处理成功 C:\USERS\555\DESKTOP\MALWAREPACK#0828\FILE.EXE C:\PROGRAM FILES (X86)\360\360ZIP\360ZIP.EXE 未发现任何修改动作...

显示全部楼层 · 发表于 2018-8-28 18:00:34

Norton KILL

文件名: 29140.exe
威胁名称: Trojan.Emotet!g5

文件名: 5g5vn6bczy.exe
威胁名称: Trojan.Emotet!g5
-----------------------
MISS

文件名: file.exe
完整路径: C:\Users\Administrator\Desktop\MP\file.exe

显示全部楼层 · 发表于 2018-8-28 18:03:04

本帖最后由静影沉璧于 2018-8-28 18:07 编辑

BD2019:扫描全部miss，双击全部kill
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\malwarepack#0828\5g5vn6bczy.exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\malwarepack#0828\29140.exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\malwarepack#0828\file.exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.

显示全部楼层 · 发表于 2018-8-28 18:05:54

本帖最后由 fuzhk 于 2018-8-28 18:07 编辑

恶意软件(QVM20.1.D4C1.Malware.Gen)	MD5:f67f0339237530fe39082d57acdb1f45	49487.exe
恶意软件(HEUR/QVM202.0.7C03.Malware.Gen)	MD5:17e27e6b5d2634987eac8155aa060a33	file.exe
恶意软件(QVM20.1.D4C1.Malware.Gen)	MD5:966e0f3d41ef4352d281daf5db80fd18	UutSASCXpr.exe

360杀毒
5.0.0.8140 下载保护未知，但是杀毒可以杀。

显示全部楼层 · 发表于 2018-8-28 18:07:12

紅傘

全報

显示全部楼层 · 发表于 2018-8-28 18:19:27

ESET
2/3

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
2018/8/28 18:18:52;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\卡饭\MalwarePack#0828\5g5vn6bCzY.exe;a variant of Win32/Kryptik.GKGL trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;AC460745FC477F5DB59B9694A53C5C9E159DFAD4;2018/8/28 18:18:46
2018/8/28 18:18:52;Real-time file system protection;file;C:\Users\zhong\Downloads\Compressed\VIRUS TEST\卡饭\MalwarePack#0828\29140.exe;a variant of Win32/Kryptik.GKGK trojan;cleaned by deleting;DESKTOP-VPBE70N\zhong;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;0E74350A4342F52A4CE39A3E6E3ED39DCF5B6F41;2018/8/28 18:18:46

复制代码

显示全部楼层 · 发表于 2018-8-28 22:03:33

卡巴全杀

[病毒样本] 掛馬樣本包(3X) #0828

评分

本帖子中包含更多资源

本帖子中包含更多资源