EXE样本10X_6

显示全部楼层 · 发表于 2019-9-15 08:55:47

RT，想双击自己改后缀，风险自负。。

载点：https://www.lanzous.com/i66c36d 密码：infected

显示全部楼层 · 发表于 2019-9-15 09:17:15

本帖最后由 xtmatao 于 2019-9-15 09:22 编辑

MES

3和7改名后双击被拦截，10改名双击报错

显示全部楼层 · 发表于 2019-9-15 09:25:24

Avira

扫描开始时间： 2019-09-15 09:22:08
09/15/2019,09:22:13.124       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(1).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:22:13.128       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(1).vir
09/15/2019,09:22:13.129       [INFO]       [DETECTION] file contains 'TR/Kryptik.kovcj'
09/15/2019,09:22:36.780       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(10).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:22:36.928       [INFO]       Cloud SDK 初始化和许可证检查成功. [I:2, S:0]
09/15/2019,09:22:36.929       [INFO]       文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(10).vir' 已上传至 Protection Cloud 并已进行分析。 SHA256 = 947257766E308221FDF0162BF85227A9E78115C45282623BEEEE79A1ABACE0D5 [I:2, S:0]
09/15/2019,09:22:36.931       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(10).vir
09/15/2019,09:22:36.932       [INFO]       [DETECTION] file contains 'HEUR/APC'
09/15/2019,09:22:39.240       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(2).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:22:39.262       [INFO]       文件已通过 Protection Cloud扫描。 SHA256 = C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(2).vir [I:2, S:0]
09/15/2019,09:22:39.264       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(2).vir
09/15/2019,09:22:39.265       [INFO]       [DETECTION] file contains 'TR/Redcap.ladiq'
09/15/2019,09:23:00.937       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(3).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:23:00.972       [INFO]       文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(3).vir' 已上传至 Protection Cloud 并已进行分析。 SHA256 = D2CB829F5030D95DD036A0122BFCCF18F17FCDD030DD7C5032582FE65836A5B8 [I:2, S:0]
09/15/2019,09:23:01.002       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(3).vir
09/15/2019,09:23:01.003       [INFO]       [DETECTION] file contains 'TR/Crypt.Agent.ynvoi'
09/15/2019,09:23:01.369       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(4).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:23:01.373       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(4).vir
09/15/2019,09:23:01.374       [INFO]       [DETECTION] file contains 'HEUR/AGEN.1043700'
09/15/2019,09:23:02.078       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(5).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:23:02.089       [INFO]       文件已通过 Protection Cloud扫描。 SHA256 = C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(5).vir [I:2, S:0]
09/15/2019,09:23:02.094       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(5).vir
09/15/2019,09:23:02.095       [INFO]       [DETECTION] file contains 'TR/Crypt.Agent.stayu'
09/15/2019,09:23:07.415       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(6).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:23:07.453       [INFO]       文件已通过 Protection Cloud扫描。 SHA256 = C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(6).vir [I:2, S:0]
09/15/2019,09:23:07.454       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(6).vir
09/15/2019,09:23:07.456       [INFO]       [DETECTION] file contains 'TR/Redcap.rxqkq'
09/15/2019,09:23:46.937       [WARN]       上传至 Protection Cloud of file 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(7).vir' 失败。 SHA256 = 32EFDD69761440E3FA7F03A26A33BA2C7EE330214D4AE578130594CB985A6BAB，错误代码为 0x3FF0021. [I:2, S:100]
09/15/2019,09:23:49.793       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(8).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:23:49.796       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(8).vir
09/15/2019,09:23:49.797       [INFO]       [DETECTION] file contains 'HEUR/AGEN.1043415'
09/15/2019,09:24:18.883       [INFO]       FP 报告文件 'C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(9).vir' 的“无误报”状态 [I:10, S:111]
09/15/2019,09:24:19.006       [INFO]       文件已通过 Protection Cloud扫描。 SHA256 = C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(9).vir [I:2, S:0]
09/15/2019,09:24:19.008       [INFO]       C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(9).vir
09/15/2019,09:24:19.010       [INFO]       [DETECTION] file contains 'TR/Crypt.ZPACK.Gen8'

HitmanPro 3.8.0.292
www.hitmanpro.com

Computer name . . . . : QH-20150516EUNE
Windows . . . . . . . : 6.1.1.7601.X86/4
User name . . . . . . : QH-20150516EUNE\Administrator
UAC . . . . . . . . . : Disabled
License . . . . . . . : Paid (255 days left)

Scan date . . . . . . : 2019-09-15 09:22:15
Scan mode . . . . . . : Context
Scan duration . . . . : 3m 24s
Disk access mode  . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot  . . . . . . . : No

Threats . . . . . . . : 9

Objects scanned . . . : 10
Files scanned . . . . : 10
Remnants scanned  . . : 0 files / 0 keys

Malware _____________________________________________________________________

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(1).vir
   Size . . . . . . . : 685,568 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:56)
   Entropy  . . . . . : 6.6
   SHA-256  . . . . . : AD77FB358CB29E7B2D25BAF8AAB801B04484FCE0D35ABBDABD6AD28853BA29A0
   Product  . . . . . : SnakeIO
   Publisher
   Description  . . . : SnakeIO
   Version  . . . . . : 1.4.4.4
   LanguageID . . . . : 0
> Bitdefender  . . . : Gen:Variant.MSILPerseus.194159
> Kaspersky  . . . . : HEUR:Trojan.MSIL.Scarsi.gen
> HitmanPro  . . . . : Mal/Generic-S

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(2).vir
   Size . . . . . . . : 2,549,248 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:56)
   Entropy  . . . . . : 8.0
   SHA-256  . . . . . : 7DB9A8259D321CDD40BA66328425A58C11547187F2CAE271AAFD7C5874B13020
> Bitdefender  . . . : Trojan.GenericKD.32448079
> HitmanPro  . . . . : Mal/Generic-S

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(3).vir
   Size . . . . . . . : 496,644 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:56)
   Entropy  . . . . . : 7.8
   SHA-256  . . . . . : D2CB829F5030D95DD036A0122BFCCF18F17FCDD030DD7C5032582FE65836A5B8
> Bitdefender  . . . : Trojan.GenericKD.32447630

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(4).vir
   Size . . . . . . . : 610,820 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:56)
   Entropy  . . . . . : 6.5
   SHA-256  . . . . . : 68EF20A076963A65E27171F4A57977E8DFAC76CE8D6C37DDE8F9E878620FE22A
   Version  . . . . . : 1.0.0.1
   Copyright  . . . . : Ssdfd (c) 2019
> HitmanPro  . . . . : Mal/GandCrab-G

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(5).vir
   Size . . . . . . . : 658,432 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:56)
   Entropy  . . . . . : 6.7
   SHA-256  . . . . . : 85C886E2039791F85FDF3E9FE0E770F13EC0F7C0329FD6169F4C5D8E4539B219
   Product  . . . . . : Its
   Publisher  . . . . : ConocoPhillips
   Description  . . . : Philosophies Anistrpic Sprite Bumpmapping Quick Reassure
   Version  . . . . . : 4.2.5.6
   Copyright  . . . . : (c) 2015 Company  ConocoPhillips
   LanguageID . . . . : 1033
> Bitdefender  . . . : Gen:Variant.Fugrafa.4267

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(6).vir
   Size . . . . . . . : 2,302,464 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:56)
   Entropy  . . . . . : 8.0
   SHA-256  . . . . . : EEE52AD7F2C13FE0DC5B3A76EF5BC77973B35C2A593F6CB8FC2ED225D2D04A26
> Bitdefender  . . . : Trojan.GenericKD.41759138
> HitmanPro  . . . . : Mal/Generic-S

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(7).vir
   Size . . . . . . . : 433,152 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:57)
   Entropy  . . . . . : 7.9
   SHA-256  . . . . . : 32EFDD69761440E3FA7F03A26A33BA2C7EE330214D4AE578130594CB985A6BAB
> Bitdefender  . . . : Generic.Application.CoinMiner.1.9A829C66
> Kaspersky  . . . . : not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(8).vir
   Size . . . . . . . : 459,264 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:57)
   Entropy  . . . . . : 6.9
   SHA-256  . . . . . : C58119BBCFE1833A78441543AC22B0ACF086C4DAD6782A1F03550DB0565ECA3B
> Bitdefender  . . . : Trojan.GenericKD.32447628
> HitmanPro  . . . . : Mal/GandCrab-H

C:\Users\Administrator\Desktop\EXE样本10X_6\Samp(9).vir
   Size . . . . . . . : 443,392 bytes
   Age  . . . . . . . : 0.0 days (2019-09-15 09:21:57)
   Entropy  . . . . . : 6.7
   SHA-256  . . . . . : B2AE04F78A4E171F14B8205B21325390CD17D20C950B668E0C56559858F8F8AA
> Bitdefender  . . . : Trojan.GenericKD.32310565
> Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
> HitmanPro  . . . . : Mal/Generic-S

显示全部楼层 · 发表于 2019-9-15 09:34:35

本帖最后由 wangyuhe 于 2019-9-15 09:38 编辑

rising反恶意9X

显示全部楼层 · 发表于 2019-9-15 09:37:34

Avast扫描Kill 9X

剩余一个双击报错

显示全部楼层 · 发表于 2019-9-15 09:38:03

火绒

显示全部楼层 · 发表于 2019-9-15 09:41:39

360国际版引擎全开清空

显示全部楼层 · 发表于 2019-9-15 10:24:38

eset扫描9x

显示全部楼层 · 发表于 2019-9-15 10:36:40

安天报8项实杀7X 。。。无BD管家，Killed 4X 。

显示全部楼层 · 发表于 2019-9-15 10:39:32

EMSI kill 9

扫描开始： 2019/9/15 10:38:18
\Desktop\EXE样本10X_6\Samp(3).vir 发现风险： Trojan.GenericKD.32447630 (B) [krnl.xmd]
\Desktop\EXE样本10X_6\Samp(2).vir 发现风险： Trojan.GenericKD.32448079 (B) [krnl.xmd]
\Desktop\EXE样本10X_6\Samp(1).vir 发现风险： Gen:Variant.MSILPerseus.194159 (B) [krnl.xmd]
\Desktop\EXE样本10X_6\Samp(8).vir 发现风险： Trojan.GenericKD.32447628 (B) [krnl.xmd]
\Desktop\EXE样本10X_6\Samp(9).vir 发现风险： Trojan.GenericKD.32310565 (B) [krnl.xmd]
\Desktop\EXE样本10X_6\Samp(6).vir 发现风险： Trojan.GenericKD.41759138 (B) [krnl.xmd]
\Desktop\EXE样本10X_6\Samp(7).vir 发现风险： Generic.Application.CoinMiner.1.9A829C66 (B) [krnl.xmd]
\Desktop\EXE样本10X_6\Samp(5).vir 发现风险： Gen:Variant.Fugrafa.4267 (B) [krnl.xmd]
\Desktop\EXE样本10X_6\Samp(4).vir 发现风险： Gen:Variant.Graftor.629958 (B) [krnl.xmd]

扫描 10
发现 9

[病毒样本] EXE样本10X_6

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源