Ransom.Phobos (19.07.01)

petr0vic

https://c-t.work/s/7bde0d5d989b4f

infected

https://twitter.com/petrovic082/status/1145782682930044928

欧阳宣

sentinelOne kill both

Jirehlov1234

卡巴

p1.exe - Trojan-Ransom.Win32.Foreign.ogtu

230f4

ESET 2/2

Nocria

G DATA blocked 2x.

1. AVA 25.22600
   
2. GD 25.15438
   
3. 
   
4. *** Process ***
   
5. 
   
6. Process: 4808
   
7. File name: p1.exe
   
8. Path: C:\Users\promi\Desktop\p\p1.exe
   
9. 
   
10. Publisher: Unknown publisher
    
11. Creation date: 2019年7月2日 8:04:42
    
12. Modification date: 2019年7月2日 3:49:07
    
13. 
    
14. Started by: explorer.exe
    
15. Publisher: Microsoft Windows
    
16. 
    
17. 
    
18. *** Actions ***
    
19. 
    
20. The cloud server recognized this file and identified it as malicious.
    

复制代码

1. AVA 25.22600
   
2. GD 25.15438
   
3. 
   
4. *** Process ***
   
5. 
   
6. Process: 5520
   
7. File name: p.exe
   
8. Path: C:\Users\promi\Desktop\p\p.exe
   
9. 
   
10. Publisher: Unknown publisher
    
11. Creation date: 2019年7月2日 8:04:42
    
12. Modification date: 2019年7月2日 3:49:07
    
13. 
    
14. Started by: explorer.exe
    
15. Publisher: Microsoft Windows
    
16. 
    
17. 
    
18. *** Actions ***
    
19. 
    
20. The program is trying to create a startup item to launch a program automatically at system startup.
    
21. An unknown process was accessed.
    
22. The program has created or manipulated an executable file.
    
23. The program has read data from its own program file.
    
24. The program created a copy of itself.
    
25. An executable file was stored in a suspicious location.
    
26. A suspicious location is referenced in startup.
    

复制代码

Jirehlov1234

Jirehlov1234 发表于 2019-7-2 05:57
卡巴

p1.exe - Trojan-Ransom.Win32.Foreign.ogtu

p.exe已拉黑UDS:Trojan.Win32.Yakes

www-tekeze

智量清空，火绒miss，有空双击。。

www-tekeze

www-tekeze 发表于 2019-7-2 08:40
智量清空，火绒miss，有空双击。。

p是p1加UPX而来，行为基本相同，双击，约半分钟后才有动作，首先被智量主防杀！
退出智量双击，会添加自启，然后被火绒主防杀！(开启勒索诱捕)，未加壳的p1还会被ADV主防杀！

ELOHIM

wd scan miss all.

我是不是用了一个假WD啊！！！

https://www.virustotal.com/gui/f ... 681952e3d/detection

SecureAge APEX

Malicious

Avira (no cloud)

TR/Crypt.ULPM.Gen

CrowdStrike Falcon

Win/malicious_confidence_60% (D)

Cylance

Unsafe

ESET-NOD32

A Variant Of Win32/GenKryptik.DLYI

F-Secure

Trojan.TR/Crypt.ULPM.Gen

Microsoft

Trojan:Win32/Wacatac.B!ml

Rising

Trojan.Generic!8.C3/N3#90% (RDM+:cmRtazoyBuRrrcxMDhfvqM8bJP9l)

SentinelOne (Static ML)

DFI - Malicious PE

Sophos ML

Heuristic

VBA32

BScope.Backdoor.Androm

Acronis

Undetected

猥琐大叔