搜索
查看: 1033|回复: 11
收起左侧

[病毒样本] 样本14x (19.06.19)

[复制链接]
petr0vic
发表于 2019-6-19 22:12:55 | 显示全部楼层 |阅读模式
https://c-t.work/s/dca8d8e14f0240

infected

VTSS 1.09
  1. Win32.Trojan.Generic            sha256: 4f38dbe0390e00c340b53740cedba799f5e963e2c2456d21e0792731a8b93496    Path: C:\Users\User\Desktop\v\3.exe
  2. Win32.Backdoor.Bot              sha256: 1ad8afd5e8e0f7ab5fc134bc226e34b00f31d5f33fab6a277338632551663ca2    Path: C:\Users\User\Desktop\v\1.exe
  3. Win32.Trojan.Injector           sha256: 99502a834f951b9d029e8142ad245dac611df22daed2451d8e5d08fd55801a25    Path: C:\Users\User\Desktop\v\8.exe
  4. Win32.Trojan.Injector           sha256: 4650f487f98476e9b0e683ab23a8a9e4b5a45aec4c7060eaa2d7ac32e1482da5    Path: C:\Users\User\Desktop\v\4.exe
  5. Win32.Trojan.Generic            sha256: 94869576b92022ee8e17fd3d6663fdae331870eb9d83854787626b32f3ad84f8    Path: C:\Users\User\Desktop\v\9.exe
  6. Win32.Backdoor.Generic          sha256: ce40b19e76a6046023ed37dc08e20fddf5d006a21b30ac603c00babaaa1ad7d9    Path: C:\Users\User\Desktop\v\5.exe
  7. VBS.Worm.Generic                sha256: e91e821c14a5fe33982952d83be3917515e720dc8d6e7e91bc91b504a2fe7d95    Path: C:\Users\User\Desktop\v\11
  8. Win32.Trojan.Generic            sha256: fe16265680e080f79ae49f0aad84de61dbd3ec4c530484b5f21cb548cbe477d3    Path: C:\Users\User\Desktop\v\s.exe
  9. Win32.Trojan.Dropper            sha256: a50ba3142642e71386c062ea800f01d275e31aab350b0776fa74ed6ae741b6ad    Path: C:\Users\User\Desktop\v\12.exe
  10. Win32.Trojan.Generic            sha256: 9eead8f40678d728f90fb7677037fdad76aa6b0c29c0ecb0202f03a5b2049124    Path: C:\Users\User\Desktop\v\6.exe
  11. Win32.Trojan.Generic            sha256: 7f5caa4cec6ae2f3ff1fd85536ee9a3e8403a70b5c03ccdb3eecc8886e34810c    Path: C:\Users\User\Desktop\v\s2.exe
  12. Win32.Backdoor.Bot              sha256: b83bb5d53b48ed8f2516ad35376617ec4734fcf44871d5a4bdbff125e9f46412    Path: C:\Users\User\Desktop\v\2.exe
  13. Win32.Trojan.Generic            sha256: 5ed200405131b86ae834cf085d8550e434a0a098de81d31a68d6c3cccd065061    Path: C:\Users\User\Desktop\v\7.exe
  14. Win32.Trojan.Spy                sha256: bb6e91fe7418825a5b3fcac419f22a5ef96f8594df850cbb2a23fa16577fccd5    Path: C:\Users\User\Desktop\v\10.exe
复制代码


评分

参与人数 1人气 +3 收起 理由
191196846 + 3 版区有你更精彩: )

查看全部评分

a233
发表于 2019-6-19 22:18:52 | 显示全部楼层
本帖最后由 a233 于 2019-6-19 22:20 编辑

火绒Kill 5X 剩9个

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
petr0vic
 楼主| 发表于 2019-6-19 22:19:10 | 显示全部楼层
火绒5.0.11.2公测
5/14

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
a233
发表于 2019-6-19 22:25:25 | 显示全部楼层
本帖最后由 a233 于 2019-6-19 22:27 编辑

Avast Kill 13X(实际杀的数量) 剩下一个文件

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
温馨小屋
发表于 2019-6-19 22:26:08 | 显示全部楼层
Kaspersky kill all


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +2 收起 理由
dongwenqi + 2 版区有你更精彩: )

查看全部评分

静影沉璧
发表于 2019-6-19 22:27:09 | 显示全部楼层
本帖最后由 静影沉璧 于 2019-6-19 22:29 编辑

Bitdefender 2020 beta

14/14

Scan:

The file C:\Users\Joseph\Desktop\utf-8' 'v\v\1.exe is infected with Trojan.Autoruns.GenericKDS.32066001 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file C:\Users\Joseph\Desktop\utf-8' 'v\v\10.exe is infected with Gen:Suspicious.Cloud.8.CqW@aW4wyqd and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file C:\Users\Joseph\Desktop\utf-8' 'v\v\2.exe is infected with Trojan.Autoruns.GenericKDS.32067083 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file C:\Users\Joseph\Desktop\utf-8' 'v\v\4.exe is infected with AIT:Trojan.Nymeria.2124 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file C:\Users\Joseph\Desktop\utf-8' 'v\v\5.exe is infected with Gen:Suspicious.Cloud.1.CmW@aeqoumw and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file C:\Users\Joseph\Desktop\utf-8' 'v\v\7.exe is infected with Gen:Variant.Ser.Razy.2490 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file C:\Users\Joseph\Desktop\utf-8' 'v\v\6.exe is infected with Trojan.Downloader.GenericKDS.41380482 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file C:\Users\Joseph\Desktop\utf-8' 'v\v\9.exe is infected with Gen:Suspicious.Cloud.1.quW@aGpvd6cG and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file C:\Users\Joseph\Desktop\utf-8' 'v\v\s.exe is infected with Trojan.GenericKD.32066815 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.

Run:5X





本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
workhardsam
发表于 2019-6-19 23:13:45 | 显示全部楼层
mcafee scan 12
c/mm
发表于 2019-6-19 23:23:56 | 显示全部楼层
本帖最后由 c/mm 于 2019-6-19 23:26 编辑

Dr.web





6、10.exemiss   防火墙一次外联无反应  9.exe 拦截一次自启然后触发微软错误无法继续运行  12.exe 拦截阻止衍生物  11 文件暂时无法双击


日期:2019/6/19/周三 23:10        组件:防火墙        代码:201        事件:已允许连接        详细信息:规则名称: 规则不存在
PID: 8344
进程: C:\Users\us\Desktop\temp\v\10.exe
端点: 未知
方向: 出站
日期:2019/6/19/周三 23:00        组件:防火墙        代码:201        事件:已允许连接        详细信息:规则名称: 规则不存在PID: 7380
进程: C:\Users\us\Desktop\temp\v\6.exe
端点: 未知
方向: 出站
日期:2019/6/19/周三 23:09        组件:行为分析        代码:500        事件:行为分析组件已阻止访问受保护对象        详细信息:PID: 6612
进程: C:\Users\us\Desktop\temp\v\9.exe
对象: 软件自启动

日期:2019/6/19/周三 23:12        组件:行为分析        代码:500        事件:行为分析组件已阻止访问受保护对象        详细信息:PID: 2924进程: C:\Users\us\AppData\Local\Temp\ndjqzl.exe
对象: 已启动应用程序的完整性
日期:2019/6/19/周三 23:13        组件:抵御exploit        代码:512        事件:已阻止执行未验证码        详细信息:PID: 3264
原因: 试图执行可疑代码
日期:2019/6/19/周三 23:13        组件:行为分析        代码:501        事件:侦测到威胁        详细信息:对象: ndjqzl.exe威胁: DPH:Trojan.Inject.3.64
操作: 已隔离
路径: C:\Users\us\AppData\Local\Temp\ndjqzl.exe


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
www-tekeze
发表于 2019-6-19 23:28:47 | 显示全部楼层
本帖最后由 www-tekeze 于 2019-6-19 23:35 编辑


智量kill 13X(全是Heur杀),剩下一个无后缀的11 。。。补充:改后缀为js、vbs或ps1就可以杀了

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|卡饭乐购| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 苏ICP备07004770号 ) GMT+8, 2019-11-14 17:57 , Processed in 0.090648 second(s), 19 queries .

快速回复 返回顶部 返回列表