样本8x (19.06.29)

petr0vic

6/8

petr0vic

huang1111 发表于 2019-6-29 21:05
kaspersky kill x3

may be miss x3

Nocria

ESET killed 5x.
C:\Users\promi\Desktop\8\1.exe - a variant of Win32/Injector.EGIR trojan
C:\Users\promi\Desktop\8\2.hta - VBS/TrojanDownloader.Agent.RLT trojan
C:\Users\promi\Desktop\8\3.exe - a variant of Win32/Kryptik.GUIH trojan
C:\Users\promi\Desktop\8\4.exe - a variant of Win32/Kryptik.GUIH trojan
C:\Users\promi\Desktop\8\8.exe - a variant of MSIL/Kryptik.RYY trojan


To ESET.

1. 2019/6/29 21:44:30;ESET Kernel;File  'C:\Users\promi\Desktop\8\6.exe' was sent to ESET for analysis.;SYSTEM
   
2. 2019/6/29 21:44:39;ESET Kernel;File  'C:\Users\promi\Desktop\8\7.exe' was sent to ESET for analysis.;SYSTEM
   
3. 2019/6/29 21:44:42;ESET Kernel;File  'C:\Users\promi\Desktop\8\5.lnk' was sent to ESET for analysis.;SYSTEM
   

复制代码

wenshui1013

Cylance 4X
Miss 4X,  未双击

huang1111

petr0vic 发表于 2019-6-29 21:21
may be miss x3

seems to be wrong

mr_bean_forever

McAfee  剩下 2 5 6 7  ，杀了 1 3 4 8

c/mm

MISS 4X

Jerry.Lin

ESET
5/8

1. 时间;扫描程序;对象类型;对象;检测;操作;用户;信息;哈希;此处首次所见
   
2. 2019/6/29 23:35:51;文件系统实时防护;文件;C:\Users\zhong.000\Downloads\Compressed\卡饭\8\2.hta;VBS/TrojanDownloader.Agent.RLT 特洛伊木马;通过删除清除;DESKTOP-VPBE70N\zhong;在应用程序新建的文件上发生事件: C:\Users\zhong.000\Downloads\Programs\WinRAR\x64\WinRAR.exe (606C685D54E2680C05BAF2D901D159C30513DC03).;ACF8D1F3FFD0029ED2D9360E04C4C289D601BE63;2019/6/29 23:35:45
   
3. 2019/6/29 23:35:51;文件系统实时防护;文件;C:\Users\zhong.000\Downloads\Compressed\卡饭\8\1.exe;Win32/Injector.EGIR 特洛伊木马 的变种;通过删除清除;DESKTOP-VPBE70N\zhong;在应用程序新建的文件上发生事件: C:\Users\zhong.000\Downloads\Programs\WinRAR\x64\WinRAR.exe (606C685D54E2680C05BAF2D901D159C30513DC03).;DB3D02950A79B03392B4723B0218B17B9D8777E5;2019/6/29 23:35:45
   
4. 2019/6/29 23:35:51;文件系统实时防护;文件;C:\Users\zhong.000\Downloads\Compressed\卡饭\8\8.exe;MSIL/Kryptik.RYY 特洛伊木马 的变种;通过删除清除;DESKTOP-VPBE70N\zhong;在应用程序新建的文件上发生事件: C:\Users\zhong.000\Downloads\Programs\WinRAR\x64\WinRAR.exe (606C685D54E2680C05BAF2D901D159C30513DC03).;434BFEDE7A91B9AF81C84E6DD1E3DF532FE874F5;2019/6/29 23:35:45
   
5. 2019/6/29 23:35:51;文件系统实时防护;文件;C:\Users\zhong.000\Downloads\Compressed\卡饭\8\3.exe;Win32/Kryptik.GUIH 特洛伊木马 的变种;通过删除清除;DESKTOP-VPBE70N\zhong;在应用程序新建的文件上发生事件: C:\Users\zhong.000\Downloads\Programs\WinRAR\x64\WinRAR.exe (606C685D54E2680C05BAF2D901D159C30513DC03).;644C7583F99709506CCB863834F9C5442ED2226E;2019/6/29 23:35:45
   
6. 2019/6/29 23:35:53;文件系统实时防护;文件;C:\Users\zhong.000\Downloads\Compressed\卡饭\8\4.exe;Win32/Kryptik.GUIH 特洛伊木马 的变种;通过删除清除;DESKTOP-VPBE70N\zhong;在应用程序新建的文件上发生事件: C:\Users\zhong.000\Downloads\Programs\WinRAR\x64\WinRAR.exe (606C685D54E2680C05BAF2D901D159C30513DC03).;C6326A56C9A56196570025407725B9CE10436BA9;2019/6/29 23:35:45
   

复制代码

www-tekeze

把这个贴搞漏了。。。今天火绒更新后只入库6X，智量也是只杀6X，留下的都是6、7 。