收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 Kovter-Nemucod勒索
返回列表 发新帖
查看: 1585|回复: 5
收起左侧

[病毒样本] Kovter-Nemucod勒索

[复制链接]
3245076553
发表于 2018-11-18 18:49:06 | 显示全部楼层 |阅读模式
https://pan.baidu.com/s/1a0ZKpoQhCD4H8ZnxW8FJ2A
回复

举报

静影沉璧
发表于 2018-11-18 19:01:15 | 显示全部楼层
EMSI

C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\Kovter-Nemucod勒索 密码:infected\c2556.bat  Trojan.BAT.Poweliks.Gen (B)
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\Kovter-Nemucod勒索 密码:infected\UPS-Parcel-ID-003634085.doc.js  Trojan-Downloader.Nemucod (A)
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\Kovter-Nemucod勒索 密码:infected\UPS-Delivery-01049711.doc.js  Trojan-Downloader.Nemucod (A)
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\Kovter-Nemucod勒索 密码:infected\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK2.exe  Trojan.Generic.21981039 (B)
C:\Users\Administrator.SXCSXC-AJKJJUBR\Desktop\Kovter-Nemucod勒索 密码:infected\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.php  Trojan.GenericKD.3003338 (B)

回复

举报

BE_HC
发表于 2018-11-18 19:11:39 | 显示全部楼层
Norton Kill 9x Repair 4x
  1. Resolved Threats:
  2. JS.Downloader
  3. Type: Compressed
  4. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  5. Categories: Virus
  6. Status: Fully Resolved
  7. -----------
  8. 1 Infected File
  9. [ups-delivery-01049711.doc.js] inside of [c:\users\drclef\desktop\s\ups-delivery-01049711.zip] - Deleted


  12. JS.Downloader
  13. Type: Compressed
  14. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  15. Categories: Virus
  16. Status: Fully Resolved
  17. -----------
  18. 1 Infected File
  19. [ups-parcel-id-003634085.doc.js] inside of [ups-parcel-id-003634085.zip] inside of [c:\users\drclef\desktop\s\2017-07-09-kovter-malspam-1439-utc.eml] - Deleted


  22. JS.Downloader
  23. Type: Compressed
  24. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  25. Categories: Virus
  26. Status: Fully Resolved
  27. -----------
  28. 1 Infected File
  29. [ups-parcel-id-003634085.doc.js] inside of [c:\users\drclef\desktop\s\ups-parcel-id-003634085.zip] - Deleted


  32. JS.Downloader
  33. Type: Compressed
  34. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  35. Categories: Virus
  36. Status: Fully Resolved
  37. -----------
  38. 1 Infected File
  39. [ups-delivery-01049711.doc.js] inside of [ups-delivery-01049711.zip] inside of [c:\users\drclef\desktop\s\2017-07-10-kovter-malspam-1020-utc.eml] - Deleted


  42. JS.Downloader
  43. Type: Anomaly
  44. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  45. Categories: Virus
  46. Status: Fully Resolved
  47. -----------
  48. 2 Infected Files
  49. C:\Users\DrClef\Desktop\s\UPS-Delivery-01049711.doc.js - Deleted
  50. C:\Users\DrClef\Desktop\s\UPS-Parcel-ID-003634085.doc.js - Deleted
  51. 1 Browser Cache



  55. Trojan.Gen.NPE
  56. Type: Anomaly
  57. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  58. Categories: Virus
  59. Status: Fully Resolved
  60. -----------
  61. 3 Infected Files
  62. C:\Users\DrClef\Desktop\s\UPS-Delivery-01049711.doc.js - No Action Required
  63. C:\Users\DrClef\Desktop\s\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.php - Deleted
  64. C:\Users\DrClef\Desktop\s\UPS-Parcel-ID-003634085.doc.js - No Action Required
  65. 1 Browser Cache



  69. Ransom.Nemucod.B!php
  70. Type: Anomaly
  71. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  72. Categories: Virus
  73. Status: Fully Resolved
  74. -----------
  75. 1 Infected File
  76. C:\Users\DrClef\Desktop\s\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.php - No Action Required
  77. 1 Browser Cache



  81. Trojan.Malscript
  82. Type: Anomaly
  83. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  84. Categories: Virus
  85. Status: Fully Resolved
  86. -----------
  87. 1 Infected File
  88. C:\Users\DrClef\Desktop\s\2017-07-10-www.shisashop.com-domiains-shaishopcom-counter.txt - Deleted
  89. 1 Browser Cache



  93. Trojan.Gen.7
  94. Type: Anomaly
  95. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  96. Categories: Heuristic Virus
  97. Status: Fully Resolved
  98. -----------
  99. 1 Infected File
  100. C:\Users\DrClef\Desktop\s\2017-07-10-www.shisashop.com-domiains-shaishopcom-counter.txt - No Action Required
  101. 1 Browser Cache



  105. Ransom.Kovter
  106. Type: Anomaly
  107. Risk: High (High Stealth, High Removal, High Performance, High Privacy)
  108. Categories: Virus
  109. Status: Fully Resolved
  110. -----------
  111. 1 Infected File
  112. C:\Users\DrClef\Desktop\s\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK2.exe - Deleted
  113. 1 Browser Cache
复制代码

回复

举报

dreams521
发表于 2018-11-18 19:29:21 | 显示全部楼层
  1. 18.11.2018 19.28.28;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\2017-07-09-Kovter-malspam-1439-UTC.eml;C:\Users\Administrator\Desktop\123\2017-07-09-Kovter-malspam-1439-UTC.eml;11/18/2018 19:28:28
  2. 18.11.2018 19.28.28;检测到的对象 ( 邮件附件 ) 已删除;C:\Users\Administrator\Desktop\123\2017-07-09-Kovter-malspam-1439-UTC.eml//UPS-Parcel-ID-003634085.zip//UPS-Parcel-ID-003634085/UPS-Parcel-ID-003634085.doc.js;C:\Users\Administrator\Desktop\123\2017-07-09-Kovter-malspam-1439-UTC.eml//UPS-Parcel-ID-003634085.zip//UPS-Parcel-ID-003634085/UPS-Parcel-ID-003634085.doc.js;HEUR:Trojan.Script.Agent.gen;木马程序;11/18/2018 19:28:28
  3. 18.11.2018 19.28.28;检测到的对象 ( 邮件附件 ) 已删除;C:\Users\Administrator\Desktop\123\2017-07-10-Kovter-malspam-1020-UTC.eml//UPS-Delivery-01049711.zip//UPS-Delivery-01049711/UPS-Delivery-01049711.doc.js;C:\Users\Administrator\Desktop\123\2017-07-10-Kovter-malspam-1020-UTC.eml//UPS-Delivery-01049711.zip//UPS-Delivery-01049711/UPS-Delivery-01049711.doc.js;HEUR:Trojan.Script.Agent.gen;木马程序;11/18/2018 19:28:28
  4. 18.11.2018 19.28.28;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\2017-07-10-Kovter-malspam-1020-UTC.eml;C:\Users\Administrator\Desktop\123\2017-07-10-Kovter-malspam-1020-UTC.eml;11/18/2018 19:28:28
  5. 18.11.2018 19.28.18;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\UPS-Delivery-01049711.doc.js;C:\Users\Administrator\Desktop\123\UPS-Delivery-01049711.doc.js;HEUR:Trojan.Script.Agent.gen;木马程序;11/18/2018 19:28:18
  6. 18.11.2018 19.28.18;检测到的对象 ( 文件 ) 已被清除;C:\Users\Administrator\Desktop\123\UPS-Delivery-01049711.zip;C:\Users\Administrator\Desktop\123\UPS-Delivery-01049711.zip;11/18/2018 19:28:18
  7. 18.11.2018 19.28.18;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\UPS-Delivery-01049711.zip//UPS-Delivery-01049711/UPS-Delivery-01049711.doc.js;C:\Users\Administrator\Desktop\123\UPS-Delivery-01049711.zip//UPS-Delivery-01049711/UPS-Delivery-01049711.doc.js;HEUR:Trojan.Script.Agent.gen;木马程序;11/18/2018 19:28:18
  8. 18.11.2018 19.28.17;检测到的对象 ( 文件 ) 已被清除;C:\Users\Administrator\Desktop\123\UPS-Parcel-ID-003634085.zip;C:\Users\Administrator\Desktop\123\UPS-Parcel-ID-003634085.zip;11/18/2018 19:28:17
  9. 18.11.2018 19.28.17;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\UPS-Parcel-ID-003634085.zip//UPS-Parcel-ID-003634085/UPS-Parcel-ID-003634085.doc.js;C:\Users\Administrator\Desktop\123\UPS-Parcel-ID-003634085.zip//UPS-Parcel-ID-003634085/UPS-Parcel-ID-003634085.doc.js;HEUR:Trojan.Script.Agent.gen;木马程序;11/18/2018 19:28:17
  10. 18.11.2018 19.28.16;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\UPS-Parcel-ID-003634085.doc.js;C:\Users\Administrator\Desktop\123\UPS-Parcel-ID-003634085.doc.js;HEUR:Trojan.Script.Agent.gen;木马程序;11/18/2018 19:28:16
  11. 18.11.2018 19.28.16;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\2017-07-10-www.shisashop.com-domiains-shaishopcom-counter.txt;C:\Users\Administrator\Desktop\123\2017-07-10-www.shisashop.com-domiains-shaishopcom-counter.txt;Trojan.JS.Agent.dyn;木马程序;11/18/2018 19:28:16
  12. 18.11.2018 19.28.15;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK2.exe;C:\Users\Administrator\Desktop\123\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK2.exe;Trojan.Win32.Poweliks.adtx;木马程序;11/18/2018 19:28:15
  13. 18.11.2018 19.28.15;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.php;C:\Users\Administrator\Desktop\123\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.php;Trojan.PHP.Agent.ss;木马程序;11/18/2018 19:28:15
  14. 18.11.2018 19.28.15;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\c2556.bat;C:\Users\Administrator\Desktop\123\c2556.bat;Trojan.VBS.Starter.hj;木马程序;11/18/2018 19:28:15
复制代码
回复

举报

www-tekeze
发表于 2018-11-18 20:05:17 | 显示全部楼层

火绒 kill 8X (其中修复2X),智量不检测文本文件,只 kill 3X 。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

松竹承茂
发表于 2018-11-18 20:56:24 | 显示全部楼层
www-tekeze 发表于 2018-11-18 20:05
火绒 kill 8X (其中修复2X),智量不检测文本文件,只 kill 3X 。

360kill8x
360杀毒扫描日志

病毒库版本:2018-11-18 14:39
扫描时间:2018-11-18 20:53:31
扫描用时:00:00:09
扫描类型:右键扫描
扫描文件总数:15
项目总数:8
清除项目数:8

扫描选项
----------------------
扫描所有文件:否
扫描压缩包:否
发现病毒处理方式:由用户选择处理
扫描磁盘引导区:是
扫描 Rootkit:是
使用云查杀引擎:是
使用QVM人工智能引擎:是
扫描建议修复项:是
常规引擎设置:Avira(小红伞)

扫描内容
----------------------
C:\Windows.old\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.php
C:\Windows.old\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK2.exe
C:\Windows.old\2017-07-09-Kovter-malspam-1439-UTC.eml
C:\Windows.old\2017-07-10-Kovter-malspam-1020-UTC.eml
C:\Windows.old\2017-07-10-www.shisashop.com-domiains-shaishopcom-counter.txt
C:\Windows.old\c2556.bat
C:\Windows.old\DECRYPT.hta
C:\Windows.old\e2c39.733a25
C:\Windows.old\UPS-Delivery-01049711.doc.js
C:\Windows.old\UPS-Delivery-01049711.zip
C:\Windows.old\UPS-Parcel-ID-003634085.doc.js
C:\Windows.old\UPS-Parcel-ID-003634085.zip
C:\Windows.old\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.bmp
C:\Windows.old\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.doc
C:\Windows.old\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK.exe


白名单设置
----------------------


扫描结果
======================
高危风险项
----------------------
C:\Windows.old\15FEWz6pAjz1k2pNFtGLHddjxHq2G8LmjK2.exe        TR.Crypt.XPACK.vmdzw        已删除
C:\Windows.old\c2556.bat        感染型病毒(Win32/Trojan.script.f44)        已删除
C:\Windows.old\UPS-Delivery-01049711.doc.js        virus.js.qexvmc.1        已删除
C:\Windows.old\2017-07-09-Kovter-malspam-1439-UTC.eml        virus.js.qexvmc.1        已删除
C:\Windows.old\2017-07-10-Kovter-malspam-1020-UTC.eml        virus.js.qexvmc.1        已删除
C:\Windows.old\UPS-Parcel-ID-003634085.doc.js        virus.js.qexvmc.1        已删除
C:\Windows.old\UPS-Delivery-01049711.zip        virus.js.qexvmc.1        已删除
C:\Windows.old\UPS-Parcel-ID-003634085.zip        virus.js.qexvmc.1        已删除



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-26 09:21 , Processed in 0.128652 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表