一个病毒，两个白文件

兔子大大

下载地址:  https://share.weiyun.com/5dbEMPO

小Q机器人

1.智量  扫描安全2.卡巴  解压后就被卡巴删除了一个（PE系统安全器）  剩下两个扫描安全

兔子大大

小Q机器人 发表于 2018-11-20 10:02
1.智量  扫描安全2.卡巴  解压后就被卡巴删除了一个（PE系统安全器）  剩下两个扫描安全

这几个我非常确定是白文件，看来智量误报并不高

Luca.l

解压，FSP就爆掉了PE系统安全器，原因： Trojan.TR/Dldr.Delphi.Gen4，其他两个扫描安全

哈勃：高度风险（https://habo.qq.com/file/showdetail?pk=ADQGb11sB2EIMVs%2BU2Q%3D）
微步：4/25（https://s.threatbook.cn/report/f ... p1_enx64_office2013）

www-tekeze

火绒、智量均不报。

Luca.l

那个PE系统安全器，上报给了FS，返回邮件认定是存在恶意

Greetings,

Thank you for your submission.

Our analysis indicates that the file you submitted is malicious and is already detected as Trojan.Agent.DJHM in the latest database update.


About automatic updates:
Automatic updates are turned on as soon as you install the F-Secure software. When your computer is connected to the Internet, the F-Secure product checks for new updates every two hours and downloads the daily updates automatically.

If you would like to check the latest updates installed please visit:
https://community.f-secure.com/t ... have-the/ta-p/82268

If you wish to manually update your security product's database, you can use the tools and instructions at:
https://www.f-secure.com/en/web/ ... -/carousel/view/140


If there is anything else we can help you with, please do not hesitate to contact us again.

Best regards,
Azim
Malware Analyst
F-Secure Security Labs

Visit our Labs blog at https://labsblog.f-secure.com/
Give and get advice in our F-Secure Community at https://community.f-secure.com
Contact Support at https://www.f-secure.com/support

in response to:




ref:_00Db0JXpV._5000X1bQo3F:ref

兔子大大

a1121611810 发表于 2018-11-22 18:13
那个PE系统安全器，上报给了FS，返回邮件认定是存在恶意

知道了，谢谢您，您非常认真负责哈，原来我还认为这个是白文件，没想到有一个是病毒

www-tekeze

刚才上传智量，十分钟后拉黑了，但火绒还是没入库。。