收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0830
123456下一页
返回列表 发新帖
楼主: Jerry.Lin
 收起左侧

[病毒样本] #PACKAGE 0830

  [复制链接]
killmatt01
发表于 2018-8-30 22:10:43 | 显示全部楼层
www-tekeze 发表于 2018-8-30 22:07
收到,这个文件太大,上传花了些时间。

额 上传文件似乎没有明显的进度条?
回复

举报

www-tekeze
发表于 2018-8-30 22:18:17 | 显示全部楼层
killmatt01 发表于 2018-8-30 22:10
额 上传文件似乎没有明显的进度条?

是啊,没进度条只是告知已加入上传队列,不够人性化。。。但有个简单办法,删这个样本,上传完就能删否则告诉你文件正在使用无法删,你可以随便上传个样本试试。
回复

举报

www-tekeze
发表于 2018-8-30 23:12:20 | 显示全部楼层
a445441 发表于 2018-8-30 20:09
win7系统拦截能力不是一般的差 不同系统 拦截效果相差很大

我虚拟机是32位8.1,微点主防也不咋的,不同系统表现相差这么大,微点官方知道吧,他们是如何解释的?
回复

举报

Jerry.Lin
 楼主| 发表于 2018-8-30 23:32:05 | 显示全部楼层
ESET
22/24
回复

举报

飞碟1234
头像被屏蔽
发表于 2018-8-30 23:45:47 | 显示全部楼层
23:45

MFTP  7/24
回复

举报

www-tekeze
发表于 2018-8-30 23:57:19 | 显示全部楼层
本帖最后由 www-tekeze 于 2018-8-31 00:00 编辑
√×√×√√× 发表于 2018-8-30 20:53
囧,你要的火绒双击来了,扫出6个,去掉24号样本是个dll,还剩17个样本,双击结果就拦了1、13、14号样本 ...

早跟你说了,火绒得自己加点规则,拦截cmd和powershell是必须的,联网控制也必须开启,有这两项很多病毒木马都得残废。。。看下我的结果吧。。。

#2加驱、联网;  #3联网;  #5调用cmd、联网;  #9、#11、#12无法运行,提示相同只上一个图;  #17、#19、#20、#22调用cmd;  #18运行出错;  #8反虚拟机,实机里会联网。

当然这种并不算拦截成功,只是演示下罢了。。。


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

小飞侠.net
发表于 2018-8-31 02:42:40 | 显示全部楼层

火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):

病毒库:2018-08-30 18:42
开始时间:2018-08-31 02:39
总计用时:00:00:18
扫描对象:306个
扫描文件:24个
发现风险:6个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个

病毒详情

风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0830\0830(15).exe, 病毒名:Trojan/VBInject.b, 病毒ID:[e4beee39ea2e9885], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0830\0830(16).exe, 病毒名:VirTool/Kovter.p, 病毒ID:[e92bbf97494898d2], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0830\0830(21).exe, 病毒名:Trojan/VBInject.b, 病毒ID:[e4beee39ea2e9885], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0830\0830(4).exe, 病毒名:HackTool/Vbinder, 病毒ID:[c2478fb1dc169ce1], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0830\0830(7).exe, 病毒名:Trojan/MSIL.Obfuscated.bo, 病毒ID:[95c9571141e82cc1], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0830\0830(23).exe, 病毒名:Ransom/Cerber.t, 病毒ID:[7aae945e7838180], 处理结果:已忽略

文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0830.zip
文件大小: 19.4 MB (20,356,775 字节)
修改时间: 2018年08月31日,02:37:30
MD5: D8369F31F60EA9EBE3A2E7D67A331CF1
SHA1: F4CFC743216398D6FADCEC41B68D59D54D467DF2
SHA256: D36BDA8C42AB1BF59FF50C2A945B0A7ABFD14C09D7517CD57BFE378E58CCAE16
CRC32: 34BEBE37
计算时间: 0.59s

回复

举报

静影沉璧
发表于 2018-8-31 08:00:09 | 显示全部楼层
BD2019:
扫描:9/24
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(23).exe=>(heurC)Zum.Ransom.Philadelphia.1Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(13).exeTrojan.Agent.DDSJDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(23).exe=>(Dropped 0)=>(AutoIT Script)=>(unicode)Trojan.Ransom.Philadelphia.DDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(23).exe=>(Dropped 0)=>(AutoIT r)=>(AutoIT Script)=>(unicode)Trojan.Ransom.Philadelphia.DDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(7).exeGen:Variant.Razy.378118Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(23).exe=>(AutoIT r)=>(AutoIT Script)=>(unicode)Trojan.Ransom.Philadelphia.DDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(14).exeGen:Heur.PonyStealer.2Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(4).exeGen:Variant.Binder.1Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(1).exeTrojan.GenericKD.40434172Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(10).exeGen:Suspicious.Cloud.4.Wm1@aGGruJqiDeleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(15).exeGen:Variant.Kovter.1Deleted
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\PACKAGE 0830\0830(21).exeGen:Suspicious.Cloud.8.0m1@a0u4WudiDeleted
双击:
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(2).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(6).exe is infected with Gen:Suspicious.Cloud.8.TGX@a0R8Csdi and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(8).exe is infected with Gen:Variant.Razy.385050 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(9).exe is infected with Trojan.GenericKD.40437033 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(11).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(12).exe is infected with Trojan.GenericKD.40436896 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(16).exe is infected with Trojan.Agent.DDXC and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(17).exe is infected with Trojan.Agent.DDWX and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(18).exe is infected with Trojan.GenericKD.40436910 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(19).exe is infected with Trojan.GenericKD.40436275 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator.sxcsxc-ajkjjubr\desktop\package 0830\0830(20).exe is infected with Trojan.GenericKD.40436676 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
0830(5)运行后自删本体,之后衍生物被BD拦截
剩余样本双击结果:
22号样本运行后自删本体,BD无反应
3号样本miss
24号样本改.exe后仍然无法运行
Total:21/24=87.5%
回复

举报

Miostartos
发表于 2018-8-31 09:15:19 | 显示全部楼层
renyifei 发表于 2018-8-30 19:58
macfee 7/24....

双击中

这才过一个晚上检测率飙升到21/24就剩11,23和24了

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

renyifei
发表于 2018-8-31 10:31:55 | 显示全部楼层
STCn1000 发表于 2018-8-31 09:15
这才过一个晚上检测率飙升到21/24就剩11,23和24了

macfee的云相应很快的,毕竟这两年云化了
回复

举报

下一页 »
123456下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-26 01:04 , Processed in 0.102760 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表