e99eec92a88be79f44ff558d935c7803898921ad0b046f7c3a9aeae9302426ec

Jirehlov1234

https://c-t.work/s/3edde9049aec43

https://www.virustotal.com/gui/f ... 9302426ec/detection

卡巴
13.07.2019 20.16.45;检测到 恶意软件;PDM:Trojan.Win32.Generic;Media Foundation AAC Encoder;e:\test\7.13\2019-07-13 121022.exe;07/13/2019 20:16:45

jdsh

Ashampoo Anti-Virus

54ss

火绒扫描 miss

Wandering...

360

1. 类型:木马-HEUR/QVM10.2.7EE5.Malware.Gen
   
2. 描述:木马是一种伪装成正常文件的恶意软件，会盗取您的帐号、密码等隐私资料。
   
3. 扫描引擎:云特征引擎
   
4. 文件路径:C:\Users\Administrator\Desktop\2019-07-13 121022.exe
   
5. 文件大小:430.4K (440,746 字节)
   
6. 文件版本:6.1.7600.16385 (win7_rtm.090713-1255)
   
7. 文件描述:Media Foundation AAC Encoder
   
8. 文件指纹（MD5）:a07e1cc89f537053a1f15984347106a5
   
9. 处理建议:隔离文件
   

复制代码

Nocria

G DATA.

1. AVA 25.22714
   
2. GD 25.15542
   
3. 
   
4. *** Process ***
   
5. 
   
6. Process: 4416
   
7. File name: лпорпароаыв.exe
   
8. Path: C:\ProgramData\лпорпароаыв.exe
   
9. 
   
10. Publisher: Unknown publisher
    
11. Creation date: 2019年7月13日 21:03:06
    
12. Modification date: 2019年7月13日 20:05:03
    
13. 
    
14. Started by: 2019-07-13 121022.exe
    
15. Publisher: Unknown publisher
    
16. 
    
17. 
    
18. *** Actions ***
    
19. 
    
20. The virus scanner has detected that the file is malicious.
    
21. An unknown process was accessed.
    
22. 
    
23. 
    
24. *** Quarantine ***
    
25. 
    
26. The following files were moved into quarantine:
    
27. C:\ProgramData\лпорпароаыв.exe
    
28. C:\Users\promi\AppData\Local\Temp\BNZ.5d29d6853ae52\2019-07-13 121022.exe
    
29. 
    
30. The following registry entries were deleted:
    
31. 
    
32. 
    
33. YHKSCy4nJycnJgYvJyonKiYGp0InKnSiYmJwKycqJyomBrlycg/pcoJiYnKCoCwnKCYmJwiscnJycmJi0CgnKCYmJwiPcqJyomJicPdycnJyYmJwupLhXmMqKBp6NbZykuFeYyoHpy0nKCYmJwi3LycnJycmBscvJygmJicI5ygn2HDecoJiYnKCcI9y4oCWcoKA+3JycnJiYoC+csJyonKCAAA
    
34. Rules version: 5.0.152
    
35. OS: Windows 6.3 Service Pack 0.0 Build: 9600 - Workstation 64bit OS
    
36. dll version: 76935
    
37. 
    
38. "C:\ProgramData\лпорпароаыв.exe"
    
39. MD5: A07E1CC89F537053A1F15984347106A5
    
40. "C:\Users\promi\AppData\Local\Temp\BNZ.5d29d6853ae52\2019-07-13 121022.exe"
    
41. MD5: A07E1CC89F537053A1F15984347106A5
    

复制代码

a233

www-tekeze

智量Heur杀，火绒miss，有空双击。。

静影沉璧

McAfee ENS 10.6.1

Artemis!A07E1CC89F53

温馨小屋

www-tekeze

www-tekeze 发表于 2019-7-13 21:37
智量Heur杀，火绒miss，有空双击。。

双击，首先被反攻击规则拦截，然后被智量主防连杀两次！

退出智量双击，被火绒主防杀！ PS：但杀的是释放的木马文件而不是本体。