收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0828
123下一页
返回列表 发新帖
查看: 3919|回复: 22
收起左侧

[病毒样本] #PACKAGE 0828

  [复制链接]
Jerry.Lin
发表于 2018-8-28 19:13:53 | 显示全部楼层 |阅读模式
本帖最后由 191196846 于 2018-8-28 19:37 编辑

蓝奏

Total : 16


#勿传VT
#在样本有效期内(24小时),建议无需手动上报样本至厂商,便于其他人测试行为拦截,响应速度等
#样本序号以收集时间顺序排序,越大代表越接近现在时间

启用VT自动分类系统
MD5FileNameVerdict
235c2e48f5d2cb09e6f7dc90cf6b27ae  0828(8).exeUnknown
1b5c16787bd51ca87960c400842163f7 0828(7).exeTrojan.PasswordStealer
4a4fc8be4098b4fd66d2a367762340de 0828(6).exeTrojan.PasswordStealer
de7e424cd112b03aee774cd49eebe347 0828(9).exeUnknown
0767514c92739b044ec9d2c2031c9811 0828(5).exeTrojan.Banker
1c4592bd87eca7507001faba4b966c55 0828(10).exeUnknown
ae633810806c4f815ff045734ebab219  0828(4).exeUnknown
5b0cbb6abbb24bcf52c189e9efdab9eb 0828(3).exeTrojan.Generic
ccf3c9665d4ffe7eba4585839c0dd092  0828(2).exeTrojan.Generic
1dd510bc5cfe4a3f886b3ae04aa556a3  0828(16).exeTrojan.Generic
cd3c130a0d161ea4d94c812a5b6a1edb 0828(15).exeUnknown
1b30b61f0e8c68a02829f8fb0ad8ed26  0828(14).exeTrojan.Spy
56940633fee15ebb180a1a2acc4671af  0828(13).exeUnknown
bcd0b2c54b456c19a85473615d74b421 0828(12).exeTrojan.PasswordStealer
3d2e18790cbfafe725d0093f97d7c841  0828(11).exeTrojan.PasswordStealer
15194866a0f2e05d8613076e13b78328 0828(1).exeTrojan.Generic


回帖格式建议

杀软名称 + 时间
查杀数量+查杀率


例如:
XXX 20:39
Samples(5/10) 50%

评分

参与人数 2人气 +6 收起 理由
B100D1E55 + 3 版区有你更精彩: )
Agu + 3 禮尚往來

查看全部评分

回复

举报

stupid1man
发表于 2018-8-28 19:20:15 | 显示全部楼层
本帖最后由 stupid1man 于 2018-8-28 19:39 编辑

紅傘 19:21

實時防護:2
右鍵掃描:2
傳送APC待確定:12/12
Total:16/16(100%)

——————掃描部份——————
  1. Start of the scan: 2018-08-28 19:20:28
  2. 08/28/2018,19-20-30        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(1).exe' needs to be uploaded to cloud. User confirmation is needed.
  3. 08/28/2018,19-20-30        [INFO]        The file 'c:\users\desktop\package 0828\0828(1).exe' was scanned with the Protection Cloud. SHA256 = 4F808253DFDE47F45844FE053E8F88F11F0D226F4AEA542D0F4858165F22684B
  4. 08/28/2018,19-20-30        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(10).exe'
  5. 08/28/2018,19-20-30        [INFO]        c:\users\desktop\package 0828\0828(10).exe
  6. 08/28/2018,19-20-30        [INFO]        [DETECTION] file contains 'HEUR/AGEN.1008710'
  7. 08/28/2018,19-20-31        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(12).exe' needs to be uploaded to cloud. User confirmation is needed.
  8. 08/28/2018,19-20-31        [INFO]        The file 'c:\users\desktop\package 0828\0828(12).exe' was scanned with the Protection Cloud. SHA256 = 872F3C7BA0D86C9DDEFAD031E35F2B70EBB48AFEBAF5B4193AFAC7EC6D6BDDEC
  9. 08/28/2018,19-20-31        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(13).exe' needs to be uploaded to cloud. User confirmation is needed.
  10. 08/28/2018,19-20-31        [INFO]        The file 'c:\users\desktop\package 0828\0828(13).exe' was scanned with the Protection Cloud. SHA256 = F8CD61A10BFD7B3CC281467B257A2027C77EB39FE63D83E53690B5912FE3C216
  11. 08/28/2018,19-20-31        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(14).exe' needs to be uploaded to cloud. User confirmation is needed.
  12. 08/28/2018,19-20-31        [INFO]        The file 'c:\users\desktop\package 0828\0828(14).exe' was scanned with the Protection Cloud. SHA256 = E54FBACA447DD8F57EA2D749F65CEC406612594AFDA8D7F86727A9D8CF1F6A87
  13. 08/28/2018,19-20-32        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(15).exe'
  14. 08/28/2018,19-20-32        [INFO]        c:\users\desktop\package 0828\0828(15).exe
  15. 08/28/2018,19-20-32        [INFO]        [DETECTION] file contains 'TR/ATRAPS.Gen'
  16. 08/28/2018,19-20-32        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(16).exe' needs to be uploaded to cloud. User confirmation is needed.
  17. 08/28/2018,19-20-32        [INFO]        The file 'c:\users\desktop\package 0828\0828(16).exe' was scanned with the Protection Cloud. SHA256 = 03FDC9FA0CCC9F2FF890F6A4B553DAA1E5F71EA070728295B2DB8BD08B6EA572
  18. 08/28/2018,19-20-32        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(2).exe' needs to be uploaded to cloud. User confirmation is needed.
  19. 08/28/2018,19-20-32        [INFO]        The file 'c:\users\desktop\package 0828\0828(2).exe' was scanned with the Protection Cloud. SHA256 = 32F134CAFA3BCBC71792E83C7B182A21980C6BB755247AD264641CC45BF68CBB
  20. 08/28/2018,19-20-33        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(3).exe' needs to be uploaded to cloud. User confirmation is needed.
  21. 08/28/2018,19-20-33        [INFO]        The file 'c:\users\desktop\package 0828\0828(3).exe' was scanned with the Protection Cloud. SHA256 = 220B9AB1CC604B8B7868CE58BF04F98B38CF0DC33FABA7A5A5070FA2F74E358D
  22. 08/28/2018,19-20-33        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(4).exe' needs to be uploaded to cloud. User confirmation is needed.
  23. 08/28/2018,19-20-33        [INFO]        The file 'c:\users\desktop\package 0828\0828(4).exe' was scanned with the Protection Cloud. SHA256 = E7D22A8D922BBF6ED560AF6F0578964CFEA2B56AF26A398B4F695DE80DCFDA1D
  24. 08/28/2018,19-20-33        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(5).exe' needs to be uploaded to cloud. User confirmation is needed.
  25. 08/28/2018,19-20-33        [INFO]        The file 'c:\users\desktop\package 0828\0828(5).exe' was scanned with the Protection Cloud. SHA256 = 722412BB83E0BA34BCB586FEEDED270B5161CA23FF9DA895FA6219FE3151DAF4
  26. 08/28/2018,19-20-33        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(7).exe' needs to be uploaded to cloud. User confirmation is needed.
  27. 08/28/2018,19-20-33        [INFO]        The file 'c:\users\desktop\package 0828\0828(7).exe' was scanned with the Protection Cloud. SHA256 = 5F38FE3232085EC3BCF1411036241F6F23E587641B4E96818A63C3F2E3F9F0DE
  28. 08/28/2018,19-20-34        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(8).exe' needs to be uploaded to cloud. User confirmation is needed.
  29. 08/28/2018,19-20-34        [INFO]        The file 'c:\users\desktop\package 0828\0828(8).exe' was scanned with the Protection Cloud. SHA256 = 15B6295F6BB8E0BCE49A6782A700CA3CD7A32E5BBF30DDDA83D2A0930E25640C
  30. 08/28/2018,19-20-34        [INFO]        [CLOUD] File 'c:\users\desktop\package 0828\0828(9).exe' needs to be uploaded to cloud. User confirmation is needed.
  31. 08/28/2018,19-20-34        [INFO]        The file 'c:\users\desktop\package 0828\0828(9).exe' was scanned with the Protection Cloud. SHA256 = FBE70DB42E6C7A2A8618769BA10B7AFD2536D9E01F22C79A4CFB4A1B95FABA00
  32. 08/28/2018,19-21-53        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(1).exe'
  33. 08/28/2018,19-21-53        [INFO]        The file 'c:\users\desktop\package 0828\0828(1).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 4F808253DFDE47F45844FE053E8F88F11F0D226F4AEA542D0F4858165F22684B
  34. 08/28/2018,19-21-53        [INFO]        c:\users\desktop\package 0828\0828(1).exe
  35. 08/28/2018,19-21-53        [INFO]        [DETECTION] file contains 'DR/Delphi.Gen'
  36. 08/28/2018,19-22-12        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(12).exe'
  37. 08/28/2018,19-22-12        [INFO]        The file 'c:\users\desktop\package 0828\0828(12).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 872F3C7BA0D86C9DDEFAD031E35F2B70EBB48AFEBAF5B4193AFAC7EC6D6BDDEC
  38. 08/28/2018,19-22-12        [INFO]        c:\users\desktop\package 0828\0828(12).exe
  39. 08/28/2018,19-22-12        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.Gen9'
  40. 08/28/2018,19-22-43        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(13).exe'
  41. 08/28/2018,19-22-43        [INFO]        The file 'c:\users\desktop\package 0828\0828(13).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = F8CD61A10BFD7B3CC281467B257A2027C77EB39FE63D83E53690B5912FE3C216
  42. 08/28/2018,19-22-43        [INFO]        c:\users\desktop\package 0828\0828(13).exe
  43. 08/28/2018,19-22-43        [INFO]        [DETECTION] file contains 'DR/Delphi.Gen'
  44. 08/28/2018,19-23-05        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(14).exe'
  45. 08/28/2018,19-23-05        [INFO]        The file 'c:\users\desktop\package 0828\0828(14).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = E54FBACA447DD8F57EA2D749F65CEC406612594AFDA8D7F86727A9D8CF1F6A87
  46. 08/28/2018,19-23-05        [INFO]        c:\users\desktop\package 0828\0828(14).exe
  47. 08/28/2018,19-23-05        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.e54fba'
  48. 08/28/2018,19-23-25        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(16).exe'
  49. 08/28/2018,19-23-25        [INFO]        The file 'c:\users\desktop\package 0828\0828(16).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 03FDC9FA0CCC9F2FF890F6A4B553DAA1E5F71EA070728295B2DB8BD08B6EA572
  50. 08/28/2018,19-23-25        [INFO]        c:\users\desktop\package 0828\0828(16).exe
  51. 08/28/2018,19-23-25        [INFO]        [DETECTION] file contains 'DR/Delphi.03fdc9'
  52. 08/28/2018,19-23-40        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(2).exe'
  53. 08/28/2018,19-23-40        [INFO]        The file 'c:\users\desktop\package 0828\0828(2).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 32F134CAFA3BCBC71792E83C7B182A21980C6BB755247AD264641CC45BF68CBB
  54. 08/28/2018,19-23-40        [INFO]        c:\users\desktop\package 0828\0828(2).exe
  55. 08/28/2018,19-23-40        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.32f134'
  56. 08/28/2018,19-23-54        [INFO]        Retry 1 for the file 'c:\users\desktop\package 0828\0828(3).exe'. SHA256 = 220B9AB1CC604B8B7868CE58BF04F98B38CF0DC33FABA7A5A5070FA2F74E358D
  57. 08/28/2018,19-24-06        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(3).exe'
  58. 08/28/2018,19-24-06        [INFO]        The file 'c:\users\desktop\package 0828\0828(3).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 220B9AB1CC604B8B7868CE58BF04F98B38CF0DC33FABA7A5A5070FA2F74E358D
  59. 08/28/2018,19-24-06        [INFO]        c:\users\desktop\package 0828\0828(3).exe
  60. 08/28/2018,19-24-06        [INFO]        [DETECTION] file contains 'TR/AD.ShellcodeCrypter.220b9a'
  61. 08/28/2018,19-24-24        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(4).exe'
  62. 08/28/2018,19-24-24        [INFO]        The file 'c:\users\desktop\package 0828\0828(4).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = E7D22A8D922BBF6ED560AF6F0578964CFEA2B56AF26A398B4F695DE80DCFDA1D
  63. 08/28/2018,19-24-24        [INFO]        c:\users\desktop\package 0828\0828(4).exe
  64. 08/28/2018,19-24-24        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.e7d22a'
  65. 08/28/2018,19-24-38        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(5).exe'
  66. 08/28/2018,19-24-38        [INFO]        The file 'c:\users\desktop\package 0828\0828(5).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 722412BB83E0BA34BCB586FEEDED270B5161CA23FF9DA895FA6219FE3151DAF4
  67. 08/28/2018,19-24-38        [INFO]        c:\users\desktop\package 0828\0828(5).exe
  68. 08/28/2018,19-24-38        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.722412'
  69. 08/28/2018,19-24-58        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(7).exe'
  70. 08/28/2018,19-24-58        [INFO]        The file 'c:\users\desktop\package 0828\0828(7).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 5F38FE3232085EC3BCF1411036241F6F23E587641B4E96818A63C3F2E3F9F0DE
  71. 08/28/2018,19-24-58        [INFO]        c:\users\desktop\package 0828\0828(7).exe
  72. 08/28/2018,19-24-58        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.5f38fe'
  73. 08/28/2018,19-25-14        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(8).exe'
  74. 08/28/2018,19-25-14        [INFO]        The file 'c:\users\desktop\package 0828\0828(8).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 15B6295F6BB8E0BCE49A6782A700CA3CD7A32E5BBF30DDDA83D2A0930E25640C
  75. 08/28/2018,19-25-14        [INFO]        c:\users\desktop\package 0828\0828(8).exe
  76. 08/28/2018,19-25-14        [INFO]        [DETECTION] file contains 'DR/Delphi.Gen'
  77. 08/28/2018,19-25-29        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0828\0828(9).exe'
  78. 08/28/2018,19-25-29        [INFO]        The file 'c:\users\desktop\package 0828\0828(9).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = FBE70DB42E6C7A2A8618769BA10B7AFD2536D9E01F22C79A4CFB4A1B95FABA00
  79. 08/28/2018,19-25-29        [INFO]        c:\users\desktop\package 0828\0828(9).exe
  80. 08/28/2018,19-25-29        [INFO]        [DETECTION] file contains 'DR/Delphi.fbe70d'
复制代码

回复

举报

YU2711
发表于 2018-8-28 19:28:40 | 显示全部楼层
本帖最后由 YU2711 于 2018-8-28 20:02 编辑

趋势   19:19
SCAN  6/19
  1. 安全威脅:        Trojan.MSIL.BOILOD.SM1.hp
  2. 來源類型:        安全威脅
  3. 受影響的檔案:        C:\Users\USER\Downloa…\0828(15).exe
  4. 安全威脅:        TSPY_HPLOKI.SMBD
  5. 來源類型:        安全威脅
  6. 受影響的檔案:        C:\Users\USER\Downloa…\0828(13).exe
  7. 安全威脅:        TSPY_HPLOKI.SMBD
  8. 來源類型:        安全威脅
  9. 受影響的檔案:        C:\Users\USER\Download…\0828(8).exe
  10. 安全威脅:        Trojan.Win32.NYMAIM.SMB
  11. 來源類型:        安全威脅
  12. 受影響的檔案:        C:\Users\USER\Download…\0828(4).exe
  13. 安全威脅:        TrojanSpy.Win32.LOKI.SMBD1.hp
  14. 來源類型:        安全威脅
  15. 受影響的檔案:        C:\Users\USER\Downloa…\0828(16).exe
  16. 安全威脅:        TSPY_HPLOKI.SMBD
  17. 來源類型:        安全威脅
  18. 受影響的檔案:        C:\Users\USER\Download…\0828(9).exe
复制代码
双击19:30
  1. 安全威脅:        HEU_AEGISTT708
  2. 來源類型:        安全威脅
  3. 受影響的檔案:        C:\Users\USER\Download…\0828(3).exe
  4. 處理行動:        已移除
  5. 名稱:        0828(3).exe
  6. 來源:        未知
  7. 版本:       
  8. 版權所有:       
  9. 偵測到的資源或程序 ID:        C:\Users\USER\AppData\Roaming\vsmcd\0929(3).exe
  10. 處理行動:        已清除
  11. 名稱:        0828(5).exe
  12. 來源:        Oracle Corporation
  13. 版本:        5.1.26.117224
  14. 版權所有:        Copyright (C) 2009-2017 Oracle Corporation
  15. 偵測到的資源或程序 ID:        C:\Users\USER\Downloads\PACKAGE 0828\0828(5).exe
  16. 處理行動:        已終止
  17. 安全威脅:        TSPY_FAREIT.MIP00000001
  18. 來源類型:        安全威脅
  19. 受影響的檔案:        C:\Users\USER\Download…\0828(6).exe
  20. 處理行動:        已移除
  21. 安全威脅:        TSPY_FAREIT.MIP00000001
  22. 來源類型:        安全威脅
  23. 受影響的檔案:        C:\Users\USER\Download…\0828(7).exe
  24. 處理行動:        已移除
  25. 名稱:        0828(10).exe
  26. 來源:        未知
  27. 版本:       
  28. 版權所有:       
  29. 偵測到的資源或程序 ID:        ZwWriteVirtualMemory
  30. 處理行動:        已終止
  31. 安全威脅:        TSPY_FAREIT.MIP00000001
  32. 來源類型:        安全威脅
  33. 受影響的檔案:        C:\Users\USER\Downloa…\0828(11).exe
  34. 處理行動:        已移除
  35. 安全威脅:        TSPY_FAREIT.MIP00000001
  36. 來源類型:        安全威脅
  37. 受影響的檔案:        C:\Users\USER\Downloa…\0828(12).exe
  38. 處理行動:        已移除
复制代码
19:53
  1. 安全威脅:        TSPY_HPLOKI.SMBD
  2. 來源類型:        安全威脅
  3. 受影響的檔案:        C:\Users\USER\Download…\0828(1).exe
  4. 處理行動:        已移除
复制代码
#2#14MISS

评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

静影沉璧
发表于 2018-8-28 19:30:43 | 显示全部楼层
本帖最后由 静影沉璧 于 2018-8-28 20:02 编辑

BD2019

时间:20:01

扫描11/16
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(9).exeTrojan.Delf.QGEDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(1).exeTrojan.Delf.QGEDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(6).exeGen:Variant.Trojan.VB.Ransom.1Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(4).exeGen:Variant.Razy.383865Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(13).exeTrojan.Delf.QGEDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(12).exeGen:Variant.Trojan.VB.Ransom.1Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(7).exeGen:Variant.Trojan.VB.Ransom.1Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(16).exeTrojan.Agent.DDOYDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(8).exeTrojan.Delf.QGEDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(14).exeGen:Variant.Trojan.VB.Ransom.1Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(11).exeGen:Variant.Trojan.VB.Ransom.1Deleted
双击:4/16
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0828\0828(2).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0828\0828(5).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The process C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0828\0828(10).exe manifests ransomware behavior and was blocked. Several files were encrypted but we successfully restored all of them. You can find the restored files list below.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0828\0828(15).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
备注:3号样本报错无法运行
Total:15/16=93.75%


评分

参与人数 1人气 +1 收起 理由
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

Jerry.Lin
 楼主| 发表于 2018-8-28 19:38:28 | 显示全部楼层
stupid1man 发表于 2018-8-28 19:20
紅傘 19:21

實時防護:2

抱歉我忘记改样本数量了

是16个
回复

举报

StarlitFuture
发表于 2018-8-28 19:38:57 | 显示全部楼层
360卫士(无红伞) 19:37
Samples(16/16) 100%




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

stupid1man
发表于 2018-8-28 19:40:00 | 显示全部楼层
191196846 发表于 2018-8-28 19:38
抱歉我忘记改样本数量了

是16个

剛剛查了查隔離區,以為是我看錯了,辛苦了!
回复

举报

Picca
发表于 2018-8-28 19:56:38 | 显示全部楼层
19:29 卡巴斯基2018
扫描 2 + 双击

1  运行退出

2  PDM:Exploit.Win32.Generic.nblk
    PDM:Exploit.Win32.Generic

3  PDM:Exploit.Win32.Generic.nblk
    PDM:Exploit.Win32.Generic

4  c:\windows\syswow64\dllhost.exe;PDM:Exploit.Win32.Generic
    本体不删除

5  自删除,常驻boosttvout.exe外联,发送了0.73KB,卡巴拦截恶意网址,其实就是联网的瞬间杀掉
    PDM:Trojan.Win32.Badur.a

6  PDM:Trojan.Win32.Generic

7  外联发送了0.18KB,卡巴拦截恶意网址,其实就是联网的瞬间杀掉
    PDM:Trojan.Win32.Badur.a

8  运行退出

9  运行退出

10 UDS:DangerousObject.Multi.Generic

11 外联发送了0.18KB,卡巴拦截恶意网址,其实就是联网的瞬间杀掉
     PDM:Trojan.Win32.Badur.a

12 C:\Users\AppData\Local\Temp\1326859.bat;Trojan.BAT.Selfdel.e

13 运行退出

15 c:\users\documents\app.exe;PDM:Trojan.Win32.Generic



*测试单个样本未重启,未使用高级清除

评分

参与人数 2人气 +4 收起 理由
dongwenqi + 3 版区有你更精彩: )
Jerry.Lin + 1 版区有你更精彩: )

查看全部评分

回复

举报

終極小壞蛋
发表于 2018-8-28 20:00:01 | 显示全部楼层
微点智能防御软件 占楼
回复

举报

静影沉璧
发表于 2018-8-28 20:15:33 | 显示全部楼层
本帖最后由 静影沉璧 于 2018-8-28 20:21 编辑

Symantec Endpoint Protection

时间:20:19

16/16=100%





本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-4-30 16:24 , Processed in 0.133503 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表