收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 Jaff勒索
12
返回列表 发新帖
楼主: 3245076553
 收起左侧

[病毒样本] Jaff勒索

[复制链接]
www-tekeze
发表于 2018-11-24 20:18:35 | 显示全部楼层
还没回家,火绒、智量占楼。。
回复

举报

小Q机器人
发表于 2018-11-24 20:34:40 | 显示全部楼层
本帖最后由 小Q机器人 于 2018-11-24 21:05 编辑

智量   G-DATA 卡巴都能拦截   我虚拟机退出全部杀软后实机测试,中招了 。。。(CPU占满,杀软不停报毒,好几百个病毒。...........)
回复

举报

www-tekeze
发表于 2018-11-24 21:43:37 | 显示全部楼层
www-tekeze 发表于 2018-11-24 20:18
还没回家,火绒、智量占楼。。

总文件数60X,火绒kill 55X,智量kill 35X (20个是EML文件,智量不检测),剩余5个可以肯定是白文件。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

心醉咖啡
发表于 2018-11-25 01:59:46 | 显示全部楼层
电脑管家
  1. 【扫描信息】

  3. 开始时间:2018-11-25 01:58:08
  4. 扫描用时:00:00:05
  5. 扫描类型:指定位置杀毒
  6. 扫描引擎:管家云查杀引擎 管家反病毒引擎 管家系统修复引擎
  7. 扫描状态:扫描完成


  10. 【扫描结果】

  12. 扫描文件数:60
  13. 发现风险数:55
  14. 已处理风险数:55


  17. ---------------------
  18. 2018-11-25 01:58:28 MD5:77baa66842b2408f258a0759bad86e13 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-132708-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  19. 2018-11-25 01:58:29 MD5:4ab72e03756aa7238cc40c9f185727db F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\DC2ZPQ.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  20. 2018-11-25 01:58:30 MD5:e537adcbdee6cfd9728cacbb2c62fd68 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-161832-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  21. 2018-11-25 01:58:31 MD5:6816a6bf5428aa1445dfdf0e595ed9db F:\浏览器下载\Jaff勒索 密码:infected\attachments\78-8672.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  22. 2018-11-25 01:58:32 MD5:78fd1246dade9d3f35d36f0bb86efe39 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\VUG3FBFO.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  23. 2018-11-25 01:58:33 MD5:70d8ddbdfc224399cf5b100846b34440 F:\浏览器下载\Jaff勒索 密码:infected\attachments\53-3366.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  24. 2018-11-25 01:58:33 MD5:7dfe13dec07e92b392062573ec837348 F:\浏览器下载\Jaff勒索 密码:infected\attachments\08-4031.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  25. 2018-11-25 01:58:34 MD5:9644d242edde3149366e834fafc5120a F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-132244-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  26. 2018-11-25 01:58:35 MD5:fa99272a86391873386ff3981b86730e F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-172136-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  27. 2018-11-25 01:58:36 MD5:e6ea4b6c168a862eab7c7dfc58e9379c F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-133752-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  28. 2018-11-25 01:58:37 MD5:61ce2ee666e559526cfc63db07263d26 F:\浏览器下载\Jaff勒索 密码:infected\attachments\68-6414.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  29. 2018-11-25 01:58:38 MD5:ebca40e1b53c2e6ca857ce1252c1d903 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\Q1DOEY13.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  30. 2018-11-25 01:58:39 MD5:6f3090cf5fb621de204659b57a69c257 F:\浏览器下载\Jaff勒索 密码:infected\attachments\23-0458.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  31. 2018-11-25 01:58:40 MD5:4ed6b362e06606484df048258210856d F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\GYTKPVM.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  32. 2018-11-25 01:58:41 MD5:8e1d1544556eaf98d1e068c1c0b25c74 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-165313-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  33. 2018-11-25 01:58:42 MD5:0a03c3bdae435d282508a3870bb825e7 F:\浏览器下载\Jaff勒索 密码:infected\artifacts\2017-05-23-Jaff-ransomware-example-levinsky8.exe [Win32.Trojan.Win32.Trojan.Filecoder.jaff.supy]  [删除成功]
  34. 2018-11-25 01:58:43 MD5:70d8ddbdfc224399cf5b100846b34440 F:\浏览器下载\Jaff勒索 密码:infected\attachments\95-1750.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  35. 2018-11-25 01:58:44 MD5:4c7398f3667fe1faa993d560258bc2f3 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-133338-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  36. 2018-11-25 01:58:45 MD5:61ce2ee666e559526cfc63db07263d26 F:\浏览器下载\Jaff勒索 密码:infected\attachments\61-7808.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  37. 2018-11-25 01:58:46 MD5:d03b12716eb24924d2ef40cd8c2e75a2 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\NQBCXP4.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  38. 2018-11-25 01:58:47 MD5:b07b08474ae8b4003953f83e78563a7c F:\浏览器下载\Jaff勒索 密码:infected\attachments\19-9273.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  39. 2018-11-25 01:58:47 MD5:fe4badec6a88cd8eb48a6ffd4ae236d3 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-190052-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  40. 2018-11-25 01:58:48 MD5:a748f7f2f282cb9153d71a22bc974655 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-150939-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  41. 2018-11-25 01:58:49 MD5:40d727eb628bb54bb7b72124defc84e1 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-132523-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  42. 2018-11-25 01:58:50 MD5:9df45d898425b041b074d69b06a86794 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\RNOHLIAFU.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  43. 2018-11-25 01:58:51 MD5:4893369e1bd56d3e2ae9b1c8ebdb6154 F:\浏览器下载\Jaff勒索 密码:infected\attachments\27-7813.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  44. 2018-11-25 01:58:51 MD5:20a54945500ad80d4e72f4583ab97db4 F:\浏览器下载\Jaff勒索 密码:infected\attachments\00-5832.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  45. 2018-11-25 01:58:52 MD5:c77e08aa3aa70f9bf4168351721d7881 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\M4SQLA2.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  46. 2018-11-25 01:58:53 MD5:75c7dfa414ae8d474caeab45463eed3b F:\浏览器下载\Jaff勒索 密码:infected\attachments\98-9897.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  47. 2018-11-25 01:58:54 MD5:7c2b46fc6dd7b44c121d0bf20c4c1db5 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-171803-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  48. 2018-11-25 01:58:55 MD5:69b318701b24a8857ba777a4c4bead38 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-133655-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  49. 2018-11-25 01:58:56 MD5:ea6b2c677a700f60c1092dc48f683588 F:\浏览器下载\Jaff勒索 密码:infected\attachments\68-5182.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  50. 2018-11-25 01:58:57 MD5:04eed5726f2af0ea8e45240e0da116f7 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\PQQIDNQM.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  51. 2018-11-25 01:58:58 MD5:2ef8a0e669ac81576695b96d5d6b4a62 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-132916-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  52. 2018-11-25 01:58:58 MD5:ef8d4ee91d7e80ef560238c21736883b F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\DLDD7LH.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  53. 2018-11-25 01:58:59 MD5:4b7f580ccdef9f56d850c02062f4ffe6 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-164743-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  54. 2018-11-25 01:59:00 MD5:8a625a4cb3ee9820758268c1951f4ec6 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-133418-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  55. 2018-11-25 01:59:01 MD5:6278c6ee48f05a9d1f706d6ee31aeb78 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\TH1DZZPT.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  56. 2018-11-25 01:59:02 MD5:112b4b771a3edcb5055c69a6148ce67b F:\浏览器下载\Jaff勒索 密码:infected\attachments\88-6908.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  57. 2018-11-25 01:59:02 MD5:bfc94a596d59a055394120e11b9b75ca F:\浏览器下载\Jaff勒索 密码:infected\attachments\54-9434.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  58. 2018-11-25 01:59:03 MD5:2dcbe53542341cea20bc6a7eb09d7087 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\OLZNKWSOW.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  59. 2018-11-25 01:59:04 MD5:71c08bb07bbfae9c51b6c0816c397421 F:\浏览器下载\Jaff勒索 密码:infected\attachments\09-5337.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  60. 2018-11-25 01:59:05 MD5:f18d1d467b00cd0920bff8b739a46b62 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-142913-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  61. 2018-11-25 01:59:06 MD5:02389a95a4d021173cc6fbf70d4b7c85 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-132703-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  62. 2018-11-25 01:59:06 MD5:f704eb4316a750388bca9cbcdd1972da F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-184830-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  63. 2018-11-25 01:59:07 MD5:255fd960d1bad453e44cd984c6570319 F:\浏览器下载\Jaff勒索 密码:infected\attachments\72-6353.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  64. 2018-11-25 01:59:08 MD5:d17a5615322c3c614342b7475a942ea7 F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\RNJSMOVS.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  65. 2018-11-25 01:59:08 MD5:255fd960d1bad453e44cd984c6570319 F:\浏览器下载\Jaff勒索 密码:infected\attachments\28-3137.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  66. 2018-11-25 01:59:09 MD5:6f3090cf5fb621de204659b57a69c257 F:\浏览器下载\Jaff勒索 密码:infected\attachments\00-5523.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  67. 2018-11-25 01:59:09 MD5:dcf1e0962c6b8de05db2148f96958abc F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\KAR6WLU.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  68. 2018-11-25 01:59:09 MD5:ea6b2c677a700f60c1092dc48f683588 F:\浏览器下载\Jaff勒索 密码:infected\attachments\98-3753.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  69. 2018-11-25 01:59:10 MD5:f7f95b2e603c8f31c8cc9ddd4f575363 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-171154-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  70. 2018-11-25 01:59:10 MD5:4dbee7cfdc2546b5584e3a9439380347 F:\浏览器下载\Jaff勒索 密码:infected\emails\2017-05-23-Jaff-ransomware-malspam-133658-UTC.eml --> PART-00000001\PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  71. 2018-11-25 01:59:10 MD5:61ce2ee666e559526cfc63db07263d26 F:\浏览器下载\Jaff勒索 密码:infected\attachments\68-4200.pdf --> PDF-STREAM-4\word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  72. 2018-11-25 01:59:10 MD5:5dde3f1b56b564162aaebf6c6c78b21f F:\浏览器下载\Jaff勒索 密码:infected\embedded-Word-docs\PCHLUPL.docm --> word\vbaProject.bin [OLE.Win32.Macro.703748]  [删除成功]
  73. ---------------------
复制代码
回复

举报

天道酬善
发表于 2018-11-25 11:29:54 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

www-tekeze
发表于 2018-11-26 15:01:04 | 显示全部楼层
天道酬善 发表于 2018-11-25 11:29

样本比较老了,ESET只报36X,EML没报吧?
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-27 04:02 , Processed in 0.103490 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表