GandCrab (19.01.25)

petr0vic

https://my.mixtape.moe/otnveg.7z

infected

dreams521

1. [code]25.01.2019 23.08.52;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\crb\crab1.exe;C:\Users\Administrator\Desktop\crb\crab1.exe;HEUR:Exploit.Win32.CVE-2018-8120.a;木马程序;01/25/2019 23:08:52
   
2. 25.01.2019 22.59.32;检测到的对象 ( 处理内存 ) 已删除;c:\users\administrator\desktop\otnveg\crb\crab.exe;c:\users\administrator\desktop\otnveg\crb\crab.exe;PDM:Trojan.Win32.Generic;木马程序;01/25/2019 22:59:32

复制代码

Jerry.Lin

con16

cis kill

BE_HC

Norton Kill All

https://www.symantec.com/security-center/writeup/2018-050116-2819-99?ssdcat=118&vid=56275&product=Norton+Security&version=22.16.3.21&plang=sym%3aCS&layouttype=ESD&buildname=Retail&heartbeatID=058C9C67-7822-494D-8A4A-B79AC998244B&eapenabled=false&env=prod&vendorid=1000&plid=762&plgid=30&skup=21352329&skum=21376863&skuf=21350739&endpointid=058C9C67-7822-494D-8A4A-B79AC998244B&partnerid=1000&lic_type=16&lic_attr=16928786&psn=KGQKFGVP3FT9&puid=5039&templatecat=SBU_W_1000_5039_NS_ESD_2&schemacat=SBU_W&schemaver=1.0.0.0&olpchannel=SESD&osvers=10.0&oslocale=iso%3aCHN&oslang=iso%3aZHS&os=windows

A packer is a tool that compresses, encrypts, or obfuscates executable files. Malware authors often use packers to conceal threats from detection by antivirus software. Packed.Generic.525 detects a packer that is not known to be used for legitimate purposes.

This heuristic detection is used to detect threats associated with the following family:

• Ransom.GandCrab
  

BE_HC

Malwarebytes Free MISS All

kim545

Avira kill all

1. 01/25/2019,23-23-17        [INFO]        FP reports status 'NO False Positive' for file 'e:\idm\downloads\compressed\otnveg\crb\crab.exe'
   
2. 01/25/2019,23-23-17        [INFO]        e:\idm\downloads\compressed\otnveg\crb\crab.exe
   
3. 01/25/2019,23-23-17        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.Gen2'
   
4. 01/25/2019,23-23-20        [INFO]        FP reports status 'NO False Positive' for file 'e:\idm\downloads\compressed\otnveg\crb\crab1.exe'
   
5. 01/25/2019,23-23-20        [INFO]        The file 'e:\idm\downloads\compressed\otnveg\crb\crab1.exe' was scanned with the Protection Cloud. SHA256 = 68E35D86A0BE94EB80BA125F0669AE0B703E304B5A2A5C4D2DEA70B037345243
   
6. 01/25/2019,23-23-20        [INFO]        e:\idm\downloads\compressed\otnveg\crb\crab1.exe
   
7. 01/25/2019,23-23-20        [INFO]        [DETECTION] file contains 'TR/AD.GandCrab.B'

复制代码

www-tekeze

火绒、智量都是清空。。

www-tekeze

安天智甲、管家无BD，miss all 。。

PS：加BD的管家可以杀一个，看报法是BD的。

wenshui1013

G Data