盗号木马

猥琐大叔

www-tekeze 发表于 2018-11-21 15:46
我自己几年前就不用QQ了(邮箱除外)，这个酷Q我没亲自玩过，但我儿子天天都用，爱不释手。。。酷Q有自己的 ...

这个东西做什么的

桑德尔

www-tekeze 发表于 2018-11-21 15:18
我的意思很明显，数字就是误报。。。可以把主程序CQA.exe传到VT看看，大厂只有咖啡和ESET，但ESET只是报 ...

ESET报的是易语言的通杀

www-tekeze

猥琐大叔 发表于 2018-11-21 16:07
这个东西做什么的

和QQ自带的小冰差不多 (也许正是这个原因，抢了小冰的生意，管家才报毒？)，机器人群聊用的吧，我没实际玩过，不清楚，你在网上搜一下。

www-tekeze

桑德尔 发表于 2018-11-21 16:14
ESET报的是易语言的通杀

是吧，我看Packed，以为报壳，确实也加了个UPX压缩壳。

桑德尔

www-tekeze 发表于 2018-11-21 16:27
是吧，我看Packed，以为报壳，确实也加了个UPX压缩壳。

主要是后面的FlyStudio.AA报法

www-tekeze

桑德尔 发表于 2018-11-21 16:34
主要是后面的FlyStudio.AA报法

哦，学习了。。

Luca.l

三天前测得时候FSP是miss的，当时把他上报给FS了，今天看邮箱发现有返回了，结果FS认定是有问题了

Greetings,

Thank you for your submission.

Our analysis indicates that the file you submitted is malicious and will be detected in an upcoming database update via Automatic updates.

In the meantime, the file has been blocked via F-Secure's Security Cloud (otherwise known as ORSP) for immediate protection.

About automatic updates:
Automatic updates are turned on as soon as you install the F-Secure software. When your computer is connected to the Internet, the F-Secure product checks for new updates every two hours and downloads the daily updates automatically.

If you would like to check the latest updates installed please visit:
https://community.f-secure.com/t ... have-the/ta-p/82268

If you wish to manually update your security product's database, you can use the tools and instructions at:
https://www.f-secure.com/en/web/ ... -/carousel/view/140


If there is anything else we can help you with, please do not hesitate to contact us again.

Best regards,
Nabil
Malware Analyst
F-Secure Security Labs

Visit our Labs blog at https://labsblog.f-secure.com/
Give and get advice in our F-Secure Community at https://community.f-secure.com
Contact Support at https://www.f-secure.com/support

in response to:




ref:_00Db0JXpV._5000X1bR4ZF:ref