本帖最后由 小飞侠.net 于 2018-9-12 02:13 编辑
Emsisoft Emergency Kit - 版本 2018.6
上次更新: 2018-09-11 8:49:24
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10 x64
Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
Bitdefender(B)+Emsisoft(A) 双引擎
扫描设置:
扫描方式: 自定义扫描
对象: Rootkits, C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\
检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off
扫描开始于: 2018-09-11 12:20:07
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_0c2480b3aebde4a4a5ceaa2be4a31704c075674e81bf341e4a7ed43a394fbca6.exe -> (NSIS o) -> lzma_nsis0008 发现风险: Trojan.GenericKD.40468688 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_bdc6d148006292c393a48f790e67544f9619e05daf487433cf7ed8408f089e4c.exe -> (NSIS o) -> lzma_nsis0008 发现风险: Trojan.GenericKD.40468688 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_debf8693ca46cebad5a54f6824fb52d36ee24c90ccf53bf0abdea51a6e45b68d.exe -> (NSIS o) -> lzma_nsis0008 发现风险: Trojan.GenericKD.40468688 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_2373c0c77d9177247d183e1075537e1e1be2092f580765260b080704c63001cd.exe 发现风险: Trojan.Emotet (A) [295320]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_183cbe66d061727ece20583cd23194d77d70d9f9703c296b905bb22e19b6ebc3.exe 发现风险: Trojan.GenericKD.40470255 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_22db03c1eb144fc103f383f446a30ebe04509b41c41766219f2991ed85d7c6fb.exe 发现风险: Trojan.GenericKD.40469279 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_63fb361e21d64f2a9192100e75708b7497a1687e730714de0b2959b7120fb006.exe 发现风险: Trojan.GenericKD.40469927 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_7fb6abe7d332f2bf0b50e4ad3753ed1e45ef124d96bdb00b103c609f8c28300f.exe 发现风险: Trojan.Emotet (A) [295320]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_2826e9f46af1e53db85a45e0fb37683daa4773195a797025f6d39b0aa5da9d29.exe 发现风险: Gen:Variant.Jaik.30905 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_6f492d9bf91e289eb9e9953c36df63b9943a5fdf8e52a67a620746125ecb5606.exe 发现风险: Trojan.GenericKD.40469904 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe 发现风险: Trojan.Rasftuby.Gen.13 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_bfeaca6088a7069945b1d6fbec32d4f17765fbb89e80dcb7d81e6ed1cb13bb7f.exe 发现风险: Trojan.GenericKD.40470292 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_d7ad34aa329a9fbc4af3b07c19435fa8ab64a2d1710b0da150f82f06e6b6b841.exe 发现风险: Trojan.GenericKD.40469438 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_b324d2c5a763cf1c1bcd87201e9573fea463f0e2b2dd13342690792517a9003f.exe 发现风险: Trojan.GenericKD.40469316 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_df7b41cd9a4e0e4c729be3bdbac21f7841031e026d1e3c8528495c402c2294bb.exe 发现风险: Trojan.Injector (A) [295207]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_d9ec3fece87a0926fc7569e7654a15eab11215ef96137d365c1a12c4b252e6b8.exe 发现风险: Trojan.Agent.DEIN (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_e7f1eb00d16c1c4f2c64eb4c786b217d2c3b56b6f59ae89b18c76d22606c48e1.exe 发现风险: Trojan.GenericKD.40470279 (B) [krnl.xmd]
已扫描 612
发 现 17
扫描完成后: 2018-09-11 12:20:17
扫描时间: 0:00:10
Dr.Web CureIt! 简体中文绿色免费版---( Windows 7 Ultimate with SP1 简体中文旗舰版....):
Anti-rootkit module version ( ver: 11.5.201806181, api: 8.07 )
Using 137803332 as Dr.Web (R) Key file
Time from server is: 2018-09-11 06:57:41
Using language: "Chinese-Simplified (简体中文)"
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\49DE0749C -rpcpr:np
Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_2373c0c77d9177247d183e1075537e1e1be2092f580765260b080704c63001cd.exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_7fb6abe7d332f2bf0b50e4ad3753ed1e45ef124d96bdb00b103c609f8c28300f.exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_22db03c1eb144fc103f383f446a30ebe04509b41c41766219f2991ed85d7c6fb.exe - infected with Trojan.DownLoader27.1707
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_22db03c1eb144fc103f383f446a30ebe04509b41c41766219f2991ed85d7c6fb.exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_0c2480b3aebde4a4a5ceaa2be4a31704c075674e81bf341e4a7ed43a394fbca6.exe is NSIS container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_63fb361e21d64f2a9192100e75708b7497a1687e730714de0b2959b7120fb006.exe - infected with Trojan.Encoder.26275
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_63fb361e21d64f2a9192100e75708b7497a1687e730714de0b2959b7120fb006.exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_6f492d9bf91e289eb9e9953c36df63b9943a5fdf8e52a67a620746125ecb5606.exe - infected with Trojan.Encoder.26270
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_6f492d9bf91e289eb9e9953c36df63b9943a5fdf8e52a67a620746125ecb5606.exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_bfeaca6088a7069945b1d6fbec32d4f17765fbb89e80dcb7d81e6ed1cb13bb7f.exe - infected with Trojan.Gozi.324
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_bfeaca6088a7069945b1d6fbec32d4f17765fbb89e80dcb7d81e6ed1cb13bb7f.exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_0c2480b3aebde4a4a5ceaa2be4a31704c075674e81bf341e4a7ed43a394fbca6.exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_d7ad34aa329a9fbc4af3b07c19435fa8ab64a2d1710b0da150f82f06e6b6b841.exe - infected with Trojan.MulDrop7.11447
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_d7ad34aa329a9fbc4af3b07c19435fa8ab64a2d1710b0da150f82f06e6b6b841.exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_bdc6d148006292c393a48f790e67544f9619e05daf487433cf7ed8408f089e4c.exe is NSIS container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_b324d2c5a763cf1c1bcd87201e9573fea463f0e2b2dd13342690792517a9003f.exe - infected with Trojan.DownLoader17.62847
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_b324d2c5a763cf1c1bcd87201e9573fea463f0e2b2dd13342690792517a9003f.exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_debf8693ca46cebad5a54f6824fb52d36ee24c90ccf53bf0abdea51a6e45b68d.exe - infected with Trojan.PWS.Stealer.23680
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_debf8693ca46cebad5a54f6824fb52d36ee24c90ccf53bf0abdea51a6e45b68d.exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_bdc6d148006292c393a48f790e67544f9619e05daf487433cf7ed8408f089e4c.exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_d9ec3fece87a0926fc7569e7654a15eab11215ef96137d365c1a12c4b252e6b8.exe - infected with Trojan.MulDrop7.11447
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_d9ec3fece87a0926fc7569e7654a15eab11215ef96137d365c1a12c4b252e6b8.exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_df7b41cd9a4e0e4c729be3bdbac21f7841031e026d1e3c8528495c402c2294bb.exe - infected with BackDoor.Wirenet.351
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_df7b41cd9a4e0e4c729be3bdbac21f7841031e026d1e3c8528495c402c2294bb.exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_e7f1eb00d16c1c4f2c64eb4c786b217d2c3b56b6f59ae89b18c76d22606c48e1.exe - infected with Trojan.Inject3.10397
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_e7f1eb00d16c1c4f2c64eb4c786b217d2c3b56b6f59ae89b18c76d22606c48e1.exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe\data001 is ZLIB container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe\data002 is RAR archive
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe\data002 - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_183cbe66d061727ece20583cd23194d77d70d9f9703c296b905bb22e19b6ebc3.exe - infected with Trojan.PWS.Stealer.13052
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_183cbe66d061727ece20583cd23194d77d70d9f9703c296b905bb22e19b6ebc3.exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_2826e9f46af1e53db85a45e0fb37683daa4773195a797025f6d39b0aa5da9d29.exe - infected with Trojan.PWS.Stealer.13052
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910\Kafan_Sample_2826e9f46af1e53db85a45e0fb37683daa4773195a797025f6d39b0aa5da9d29.exe - infected
Total 9125685 bytes in 17 files scanned (42 objects)
Total 5 files (30 objects) are clean
Total 12 files are infected
Scan time is 00:00:02.751
文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\卡饭病毒样本包 20180910.rar
文件大小: 5.24 MB (5,502,897 字节)
修改时间: 2018年09月11日,11:42:44
MD5: D2C42D3D11CB6443DC98E0A1822D8C8A
SHA1: C5D5C136F42129CE0486A7748B1E7AD5172960C6
SHA256: 5472A4FFAED0A1267FACE0652088235D4053E8EF28646E223820A3A150925ED8
CRC32: BAF0CED6
计算时间: 0.13s
ESET Endpoint Security 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):
日志
正在扫描日志
检测引擎的版本: 18030P (20180910)
日期: 2018-09-11 时间: 12:14:16
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_0c2480b3aebde4a4a5ceaa2be4a31704c075674e81bf341e4a7ed43a394fbca6.exe - Generik.EGOMNVA 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_183cbe66d061727ece20583cd23194d77d70d9f9703c296b905bb22e19b6ebc3.exe - Win32/Injector.EAHW 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_22db03c1eb144fc103f383f446a30ebe04509b41c41766219f2991ed85d7c6fb.exe - Win32/TrojanDropper.Danabot.I 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_2373c0c77d9177247d183e1075537e1e1be2092f580765260b080704c63001cd.exe - Win32/Kryptik.GKQC 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe > WINRARSFX > CMT - RAR/Agent.AR 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe > WINRARSFX > mfiles.sfx.exe > WINRARSFX > mfiles.exe - 错误 - 文件受密码保护
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_2826e9f46af1e53db85a45e0fb37683daa4773195a797025f6d39b0aa5da9d29.exe - Win32/Injector.EAHW 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_63fb361e21d64f2a9192100e75708b7497a1687e730714de0b2959b7120fb006.exe - Win32/Filecoder.EQ 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_6f492d9bf91e289eb9e9953c36df63b9943a5fdf8e52a67a620746125ecb5606.exe - Win32/Kryptik.FWXM 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_7fb6abe7d332f2bf0b50e4ad3753ed1e45ef124d96bdb00b103c609f8c28300f.exe - Win32/GenKryptik.CKRV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_b324d2c5a763cf1c1bcd87201e9573fea463f0e2b2dd13342690792517a9003f.exe - MSIL/Kryptik.PBW 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_bdc6d148006292c393a48f790e67544f9619e05daf487433cf7ed8408f089e4c.exe > NSIS > Script.nsi - NSIS/Injector.ADE 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_bdc6d148006292c393a48f790e67544f9619e05daf487433cf7ed8408f089e4c.exe > NSIS > planter.dll - Win32/Injector.EAHZ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_bfeaca6088a7069945b1d6fbec32d4f17765fbb89e80dcb7d81e6ed1cb13bb7f.exe - Win32/GenKryptik.CKRT 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_d7ad34aa329a9fbc4af3b07c19435fa8ab64a2d1710b0da150f82f06e6b6b841.exe - Win32/Injector.EAIA 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_d9ec3fece87a0926fc7569e7654a15eab11215ef96137d365c1a12c4b252e6b8.exe - Win32/Injector.EAIA 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_debf8693ca46cebad5a54f6824fb52d36ee24c90ccf53bf0abdea51a6e45b68d.exe > NSIS > Script.nsi - NSIS/Injector.ADE 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_debf8693ca46cebad5a54f6824fb52d36ee24c90ccf53bf0abdea51a6e45b68d.exe > NSIS > magnetizer.dll - Win32/Injector.EAHZ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_df7b41cd9a4e0e4c729be3bdbac21f7841031e026d1e3c8528495c402c2294bb.exe - MSIL/Kryptik.PMV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212\卡饭病毒样本包 20180910\Kafan_Sample_e7f1eb00d16c1c4f2c64eb4c786b217d2c3b56b6f59ae89b18c76d22606c48e1.exe - Win32/Injector.EAHW 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 42
发现的威胁数: 19
已清除 对象数: 19
完成时间: 12:15:03 总扫描时间: 47 秒 (00:00:47)
备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。
瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)
瑞星反恶软引擎命令行扫描器(社区交流版)
编译于:Sep 22 2017 15:07:50
提示:
- 本工具供社区交流使用,请勿用于其他用途
- 本工具没有恶意软件删除、清除、隔离功能
- 本工具包含开发中的新特性,结果仅供参考
* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180911122846.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\卡饭病毒样本包 20180910Stealer1212
* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4931
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Tue Sep 11 12:30:11 2018
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_2373c0c77d9177247d183e1075537e1e1be2092f580765260b080704c63001cd.exe","infect":{"engine":"md5","signature":"bWQ1On8Cl+k4d10GwSm3HcmGyrE","threat":"Trojan.Emotet!8.B95"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_6f492d9bf91e289eb9e9953c36df63b9943a5fdf8e52a67a620746125ecb5606.exe","infect":{"engine":"md5","signature":"bWQ1OkQAp6zcP1Gb2QCSOkQ8PBE","threat":"Ransom.Encoder!8.FFD4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_63fb361e21d64f2a9192100e75708b7497a1687e730714de0b2959b7120fb006.exe","infect":{"engine":"md5","signature":"bWQ1OgB9zo7kyORgQFJzKE36fME","threat":"Ransom.Cryakl!8.560"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_2826e9f46af1e53db85a45e0fb37683daa4773195a797025f6d39b0aa5da9d29.exe","infect":{"engine":"md5","signature":"bWQ1OsuEsqY4qYViXgnIS1RaBWg","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_183cbe66d061727ece20583cd23194d77d70d9f9703c296b905bb22e19b6ebc3.exe","infect":{"engine":"md5","signature":"bWQ1Oo8rK8cz7BPjJoSempj0cX0","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_22db03c1eb144fc103f383f446a30ebe04509b41c41766219f2991ed85d7c6fb.exe","infect":{"engine":"md5","signature":"bWQ1Ohu+UgYZpLJ6gTRVbGI2g/Y","threat":"Dropper.Danabot!8.FAFD"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe","infect":{"engine":"md5","signature":"bWQ1Opm+4ECIpa+8QyxM1Yh8S8w","threat":"Trojan.Agent!8.B1E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_0c2480b3aebde4a4a5ceaa2be4a31704c075674e81bf341e4a7ed43a394fbca6.exe","infect":{"engine":"md5","signature":"bWQ1OsdSwtLaMYlO9RYxejLXGu4","threat":"Spyware.Noon!8.E7C9"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_7fb6abe7d332f2bf0b50e4ad3753ed1e45ef124d96bdb00b103c609f8c28300f.exe","infect":{"engine":"md5","signature":"bWQ1OlYiHWQ/E1LqT+i7D6s8zNU","threat":"Trojan.Emotet!8.B95"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_bfeaca6088a7069945b1d6fbec32d4f17765fbb89e80dcb7d81e6ed1cb13bb7f.exe","infect":{"engine":"md5","signature":"bWQ1Oh+Cs0iL0hu/qekhvhQTFwg","threat":"Trojan.Fuerboos!8.EFC8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_b324d2c5a763cf1c1bcd87201e9573fea463f0e2b2dd13342690792517a9003f.exe","infect":{"engine":"md5","signature":"bWQ1OkADI4us4DXtKvmrfc8J1ws","threat":"Backdoor.Agent!8.C5D"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_bdc6d148006292c393a48f790e67544f9619e05daf487433cf7ed8408f089e4c.exe","infect":{"engine":"md5","signature":"bWQ1OgxS+e1SBjTMH+yeelDCScc","threat":"Spyware.Noon!8.E7C9"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_d7ad34aa329a9fbc4af3b07c19435fa8ab64a2d1710b0da150f82f06e6b6b841.exe","infect":{"engine":"md5","signature":"bWQ1OrPBo664DivnQT9xyMn5/LA","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_df7b41cd9a4e0e4c729be3bdbac21f7841031e026d1e3c8528495c402c2294bb.exe","infect":{"engine":"md5","signature":"bWQ1Oq8zHG7/2+1j9dP2E7tYB7M","threat":"Spyware.Recam!8.5E5"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_debf8693ca46cebad5a54f6824fb52d36ee24c90ccf53bf0abdea51a6e45b68d.exe","infect":{"engine":"md5","signature":"bWQ1OtUHhMfx0elpt3dLtloJ5i4","threat":"Trojan.Cloxer!8.F54F"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_d9ec3fece87a0926fc7569e7654a15eab11215ef96137d365c1a12c4b252e6b8.exe","infect":{"engine":"md5","signature":"bWQ1Ol+26RSLZGxK2LOTRiTZMo4","threat":"Trojan.Injector!1.AFE3"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\卡饭病毒样本包 20180910Stealer1212\\卡饭病毒样本包 20180910\\Kafan_Sample_e7f1eb00d16c1c4f2c64eb4c786b217d2c3b56b6f59ae89b18c76d22606c48e1.exe","infect":{"engine":"md5","signature":"bWQ1OjGev2TEjP0YEL5F1dtiQec","threat":"Spyware.Noon!8.E7C9"},"type":"scan"}
扫描结束: Tue Sep 11 12:30:12 2018
总扫描耗时: 0:0:770(m:s:ms)
总扫描对象: 17
总扫描文件: 17
总恶意文件: 17
有效 检出率: 100.00%
Kaspersky Lab。
您发送的文件、URL 或两者在自动模式下扫描。
在以下文件中检测到恶意代码:
Kafan_Sample_0c2480b3aebde4a4a5ceaa2be4a31704c075674e81bf341e4a7ed43a394fbca6.exe - HEUR:Trojan-Spy.Win32.Noon.gen
Kafan_Sample_183cbe66d061727ece20583cd23194d77d70d9f9703c296b905bb22e19b6ebc3.exe - Trojan-PSW.Win32.Fareit.ejlm
Kafan_Sample_2373c0c77d9177247d183e1075537e1e1be2092f580765260b080704c63001cd.exe - Trojan-Banker.Win32.Emotet.bddn
Kafan_Sample_265e84247b6a5b434b3d2fd2152aff4265ae75f22fb67d0f905c5134b365213e.exe - HEUR:Trojan.Win32.Generic
Kafan_Sample_2826e9f46af1e53db85a45e0fb37683daa4773195a797025f6d39b0aa5da9d29.exe - Trojan-PSW.Win32.Fareit.ejlb
Kafan_Sample_63fb361e21d64f2a9192100e75708b7497a1687e730714de0b2959b7120fb006.exe - Trojan-Ransom.Win32.Cryakl.ary
Kafan_Sample_6f492d9bf91e289eb9e9953c36df63b9943a5fdf8e52a67a620746125ecb5606.exe - Trojan-Ransom.Win32.Encoder.mx
Kafan_Sample_7fb6abe7d332f2bf0b50e4ad3753ed1e45ef124d96bdb00b103c609f8c28300f.exe - Trojan-Banker.Win32.Emotet.bdds
Kafan_Sample_b324d2c5a763cf1c1bcd87201e9573fea463f0e2b2dd13342690792517a9003f.exe - HEUR:Backdoor.MSIL.Agent.gen
Kafan_Sample_bdc6d148006292c393a48f790e67544f9619e05daf487433cf7ed8408f089e4c.exe - HEUR:Trojan-Spy.Win32.Noon.gen
Kafan_Sample_bfeaca6088a7069945b1d6fbec32d4f17765fbb89e80dcb7d81e6ed1cb13bb7f.exe - Trojan.Win32.Yakes.xefj
Kafan_Sample_d7ad34aa329a9fbc4af3b07c19435fa8ab64a2d1710b0da150f82f06e6b6b841.exe - HEUR:Backdoor.Win32.Androm.gen
Kafan_Sample_d9ec3fece87a0926fc7569e7654a15eab11215ef96137d365c1a12c4b252e6b8.exe - HEUR:Backdoor.Win32.Androm.gen
Kafan_Sample_debf8693ca46cebad5a54f6824fb52d36ee24c90ccf53bf0abdea51a6e45b68d.exe - HEUR:Trojan-Spy.Win32.Noon.gen
Kafan_Sample_df7b41cd9a4e0e4c729be3bdbac21f7841031e026d1e3c8528495c402c2294bb.exe - HEUR:Trojan-Spy.MSIL.Recam.gen
Kafan_Sample_e7f1eb00d16c1c4f2c64eb4c786b217d2c3b56b6f59ae89b18c76d22606c48e1.exe - Trojan-Spy.Win32.Noon.sfp
在以下文件中找到已被使用 KSN 技术的 Kaspersky Lab 产品检测到的恶意代码:
Kafan_Sample_22db03c1eb144fc103f383f446a30ebe04509b41c41766219f2991ed85d7c6fb.exe - UDS:DangerousObject.Multi.Generic |
楼主: Jerry.Lin
[复制链接]
楼主
发表于 2018-9-11 10:34:41
