EXE样本5X_122

www-tekeze

RT，想双击自己改后缀，风险自负。。



载点：https://www.lanzous.com/i84l18h     密码：infected

Miostartos

1. 
   
2. 结果
   
3. 
   
4.     已扫描项目： 5
   
5.     找到的恶意项目： 5
   
6. 
   
7. 详细信息
   
8. Trojan.TR/Kryptik.tuiag
   
9. 
   
10.     D:\test\123\Samp(3).vir: 已清除
    
11. 
    
12. Trojan.TR/Kryptik.tuibr
    
13. 
    
14.     D:\test\123\Samp(1).vir: 已清除
    
15. 
    
16. Trojan.TR/AD.Inject.eoaat
    
17. 
    
18.     D:\test\123\Samp(4).vir: 已清除
    
19. 
    
20. Trojan.TR/Kryptik.qmtyj
    
21. 
    
22.     D:\test\123\Samp(2).vir: 已清除
    
23. 
    
24. TR/Crypt.XPACK.Gen7
    
25. 
    
26.     D:\test\123\Samp(5).vir: 已清除
    
27. 
    
28. 版本信息
    
29. 
    
30. 扫描引擎：
    
31. 
    
32.     F-Secure Capricorn: 18.0.595, 2019-12-19
    
33.     F-Secure Hydra: 6.0.138, 2019-12-17
    
34.     F-Secure Lynx: 2.3.151
    
35.     F-Secure Online: 17.5.1341
    
36.     F-Secure USS: 6.0.23, 2019-09-03
    
37.     F-Secure Virgo Detection: 17.5.1341
    
38. 
    

复制代码

pre

BD清空

傻猪猪米走鸡

ESET剩下一个Samp(5)
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here

2019/12/19 16:38:24;Real-time file system protection;file;C:\Users\Galaxy\Desktop\EXE样本5X_122\Samp(3).vir;a variant of MSIL/Kryptik.UCZ trojan;cleaned by deleting;Galaxy-PC\Galaxy;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (E71D982B30CBB40CA90426B48BB9B327663392B6).;EF57291714DAEA7266F2E3855493BB2C7DB453D6;2019/12/19 16:38:15
2019/12/19 16:38:24;Real-time file system protection;file;C:\Users\Galaxy\Desktop\EXE样本5X_122\Samp(4).vir;a variant of MSIL/Kryptik.UCD trojan;cleaned by deleting;Galaxy-PC\Galaxy;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (E71D982B30CBB40CA90426B48BB9B327663392B6).;FFCEC200BE1B79177EF9D1E8128B9B243E37059E;2019/12/19 16:38:15
2019/12/19 16:38:24;Real-time file system protection;file;C:\Users\Galaxy\Desktop\EXE样本5X_122\Samp(2).vir;a variant of MSIL/Kryptik.UCZ trojan;cleaned by deleting;Galaxy-PC\Galaxy;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (E71D982B30CBB40CA90426B48BB9B327663392B6).;D9AD1C7DD58C7FED3DBC621196E229734E26D487;2019/12/19 16:38:15
2019/12/19 16:38:25;Real-time file system protection;file;C:\Users\Galaxy\Desktop\EXE样本5X_122\Samp(1).vir;a variant of MSIL/Kryptik.UCZ trojan;cleaned by deleting;Galaxy-PC\Galaxy;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (E71D982B30CBB40CA90426B48BB9B327663392B6).;6BC2490E471F033FADAD8A26C29CB8E1DB94FA33;2019/12/19 16:38:10



Time;Module;Event;User
2019/12/19 16:44:51;ESET Kernel;File 'C:\Users\Galaxy\Desktop\EXE样本5X_122\Samp(5).exe' was sent to ESET Virus Lab for analysis.;SYSTEM

Time;Module;Event;User
2019/12/19 16:39:01;ESET Kernel;File 'C:\Users\Galaxy\Desktop\EXE样本5X_122\Samp(5).vir' was sent to ESET Virus Lab for analysis.;SYSTEM



双击samp(5)后,
提示:
Time;Event;Action;Source;Target;Protocol;Rule/worm name;Application;User
2019/12/19 16:44:59;Suspected botnet detected;Blocked;89.223.100.19:80;10.0.2.15:57322;TCP;Win32/Ursnif;C:\Program Files\Internet Explorer\iexplore.exe;Galaxy-PC\Galaxy

www-tekeze

虚拟机里火绒可以杀4X，实机里的吃鸭蛋。。   @火绒工程师

找到原因了，影子里升级的锅。。。二次手动升级就行了。

54ss

www-tekeze 发表于 2019-12-19 17:02
虚拟机里火绒可以杀4X，实机里的吃鸭蛋。。   @火绒工程师

我实机也杀四个

sichuanwenxuan

eav清空。扫描日志只显示4个。看隔离区有5个。

www-tekeze

54ss 发表于 2019-12-19 17:08
我实机也杀四个

找到原因了，影子里升级的锅。。   二次手动升级就行了。

sichuanwenxuan

a233

AVG清空