查看: 1756|回复: 14
收起左侧

[病毒样本] 样本10X

[复制链接]
www-tekeze
发表于 2019-12-30 13:27:26 | 显示全部楼层 |阅读模式
本帖最后由 www-tekeze 于 2019-12-30 13:44 编辑


RT,来试试你的杀软咋样。。   PS:发晚了,已经被火绒拉黑了3X 。



载点: https://www.lanzous.com/i8clc0d    密码:infected



a233
发表于 2019-12-30 13:33:51 | 显示全部楼层
Avast扫描隔离5X 修复1X

双击
Samp(1)


Samp(2)双击无反应

Samp(5)



Samp(6)pdf里面的链接全都不能打开

Samp(9)双击无反应

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Nocria
发表于 2019-12-30 14:07:18 | 显示全部楼层
G DATA 5x.

  1. Virus check with G DATA INTERNET SECURITY
  2. Version 25.5.5.43 (12/3/2019)
  3. Virus signature dated 12/30/2019
  4. Start time: 12/30/2019 14:05:51
  5. Engine(s): Engine A (AVA 25.24413), Engine B (GD 26.17176)
  6. Heuristics: On
  7. Archives: On
  8. System areas: Off
  9. Check rootkits: Off

  10. Check the following directories and files:
  11.   C:\Users\promi\Desktop\样本10X\

  12. Analysis performed in full: 12/30/2019 14:05:52
  13.     10 files checked
  14.     5 infected files detected
  15.     0 suspicious files found


  16. Object: Samp(3).dll
  17.         Path: C:\Users\promi\Desktop\样本10X
  18.         Status: Virus removed
  19.         Virus: Gen:Variant.Cerbu.35755 (Engine A)

  20. Object: Samp(2).doc
  21.         Path: C:\Users\promi\Desktop\样本10X
  22.         Status: Virus removed
  23.         Virus: Trojan.VBA.Agent.BAG (Engine A)

  24. Object: Samp(8).dll
  25.         Path: C:\Users\promi\Desktop\样本10X
  26.         Status: Virus removed
  27.         Virus: Trojan.Agent.EJIA (Engine A)

  28. Object: Samp(5).vbs
  29.         Path: C:\Users\promi\Desktop\样本10X
  30.         Status: File moved to quarantine
  31.         Virus: VBS.ObfDldr.22.Gen (Engine A)

  32. Object: Samp(10).dll
  33.         Path: C:\Users\promi\Desktop\样本10X
  34.         Status: Virus removed
  35.         Virus: Gen:Variant.Graftor.623441 (Engine A), Win32.Adware.BlackMoon.B (Engine B)
复制代码

dreams521
发表于 2019-12-30 14:09:43 | 显示全部楼层
本帖最后由 dreams521 于 2019-12-30 14:12 编辑

卡巴 5X
  1. 30.12.2019 14.10.17;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\样本10X\Samp(2).doc//word/vbaProject.bin//JIM;C:\Users\Administrator\Desktop\样本10X\Samp(2).doc//word/vbaProject.bin//JIM;HEUR:Trojan-Dropper.MSOffice.SDrop.gen;木马程序;12/30/2019 14:10:17
  2. 30.12.2019 14.10.17;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\样本10X\Samp(2).doc;C:\Users\Administrator\Desktop\样本10X\Samp(2).doc;VHO:Trojan-Dropper.MSOffice.SDrop.gen;木马程序;12/30/2019 14:10:17
  3. 30.12.2019 14.10.11;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\样本10X\Samp(5).vbs;C:\Users\Administrator\Desktop\样本10X\Samp(5).vbs;Trojan-Dropper.VBS.Agent.ng;木马程序;12/30/2019 14:10:11
  4. 30.12.2019 14.10.11;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\样本10X\Samp(9).doc//ThisDocument;C:\Users\Administrator\Desktop\样本10X\Samp(9).doc//ThisDocument;HEUR:Trojan-Dropper.MSOffice.SDrop.gen;木马程序;12/30/2019 14:10:11
  5. 30.12.2019 14.10.11;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\样本10X\Samp(9).doc;C:\Users\Administrator\Desktop\样本10X\Samp(9).doc;12/30/2019 14:10:11
  6. 30.12.2019 14.10.11;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\样本10X\Samp(10).dll;C:\Users\Administrator\Desktop\样本10X\Samp(10).dll;HEUR:Packed.Win32.Vemply.gen;木马程序;12/30/2019 14:10:11
  7. 30.12.2019 14.10.10;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\样本10X\Samp(1).vbs;C:\Users\Administrator\Desktop\样本10X\Samp(1).vbs;UDS:Trojan-Banker.Win32.IcedID;木马程序;12/30/2019 14:10:10
复制代码




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
傻猪猪米走鸡
发表于 2019-12-30 14:41:18 | 显示全部楼层
  1. ESET Log
  2. Scan Log
  3. Version of detection engine: 20588P (20191229)
  4. Date: 2019/12/30  Time: 14:40:03
  5. Scanned disks, folders and files: C:\Users\Galaxy\Desktop\样本10X\Samp(5).vbs;C:\Users\Galaxy\Desktop\样本10X\Samp(6).pdf;C:\Users\Galaxy\Desktop\样本10X\Samp(7).dll;C:\Users\Galaxy\Desktop\样本10X\Samp(8).dll;C:\Users\Galaxy\Desktop\样本10X\Samp(9).doc;C:\Users\Galaxy\Desktop\样本10X\Samp(10).dll;C:\Users\Galaxy\Desktop\样本10X\Samp(1).vbs;C:\Users\Galaxy\Desktop\样本10X\Samp(2).doc;C:\Users\Galaxy\Desktop\样本10X\Samp(3).dll;C:\Users\Galaxy\Desktop\样本10X\Samp(4).dll
  6. C:\Users\Galaxy\Desktop\样本10X\Samp(10).dll » UPX v13_m14_dll - a variant of Win32/Packed.VMProtect.ABO trojan - deleted
  7. C:\Users\Galaxy\Desktop\样本10X\Samp(2).doc » ZIP » word/vbaProject.bin - a variant of Generik.ICFUIBQ trojan - action selection postponed until scan completion
  8. C:\Users\Galaxy\Desktop\样本10X\Samp(5).vbs - a variant of Generik.IPXADYU trojan - cleaned by deleting [1]
  9. C:\Users\Galaxy\Desktop\样本10X\Samp(8).dll - a variant of MSIL/Kryptik.UAT trojan - cleaned by deleting [1]
  10. C:\Users\Galaxy\Desktop\样本10X\Samp(2).doc » ZIP » word/vbaProject.bin - a variant of Generik.ICFUIBQ trojan - deleted
  11. Number of scanned objects: 31
  12. Number of detections: 4
  13. Number of cleaned objects: 4
  14. Time of completion: 14:40:32  Total scanning time: 29 sec (00:00:29)

  15. Notes:
  16. [1] Object has been deleted as it only contained the virus body.
复制代码


www-tekeze
 楼主| 发表于 2019-12-30 14:46:20 | 显示全部楼层

才4X?应该有9个恶意,pdf不算吧,VT上只有4家报,红伞带头芬安全当然跟进。。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
傻猪猪米走鸡
发表于 2019-12-30 15:15:29 | 显示全部楼层
www-tekeze 发表于 2019-12-30 14:46
才4X?应该有9个恶意,pdf不算吧,VT上只有4家报,红伞带头芬安全当然跟进。。

上报了 看看反馈吧
Jerry.Lin
发表于 2019-12-30 15:27:24 | 显示全部楼层
Fortinet
9/10
  1. time: Mon Dec 30 15:25:47 2019, virus found: VBA/Agent.8797!tr, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(2).doc
  2. time: Mon Dec 30 15:25:47 2019, virus found: W32/Kryptik.RXGV!tr, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(3).dll
  3. time: Mon Dec 30 15:25:47 2019, virus found: W32/AGEN.1041!tr, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(4).dll
  4. time: Mon Dec 30 15:25:48 2019, virus found: VBS/Agent.SII!tr.dldr, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(5).vbs
  5. time: Mon Dec 30 15:25:48 2019, virus found: PDF/Agent.833A!tr, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(6).pdf
  6. time: Mon Dec 30 15:25:48 2019, virus found: W32/AGEN.1041!tr, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(7).dll
  7. time: Mon Dec 30 15:25:48 2019, virus found: MSIL/Kryptik.UAT!tr, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(8).dll
  8. time: Mon Dec 30 15:25:48 2019, virus found: VBA/Agent.ARC!tr, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(9).doc
  9. time: Mon Dec 30 15:25:48 2019, virus found: Riskware/Application, action: Quarantined, C:\Users\zhong\Downloads\MalwareTest\Kafan\样本10X2\Samp(10).dll
复制代码
Luca.l
发表于 2019-12-30 15:36:56 | 显示全部楼层
Avira

  1. 扫描开始时间: 2019-12-30 15:33:42
  2. 12/30/2019,15:33:43.703        [INFO]        FP 报告文件 'C:\Users\Downloads\Compressed\样本10X\Samp(10).dll' 的“无误报”状态 [I:10, S:111]
  3. 12/30/2019,15:33:43.704        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(10).dll
  4. 12/30/2019,15:33:43.704        [INFO]        [DETECTION] file contains 'TR/Downloader.Gen'
  5. 12/30/2019,15:33:43.954        [INFO]        FP 报告文件 'C:\Users\Downloads\Compressed\样本10X\Samp(3).dll' 的“无误报”状态 [I:10, S:111]
  6. 12/30/2019,15:33:43.955        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(3).dll
  7. 12/30/2019,15:33:43.955        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.Gen2'
  8. 12/30/2019,15:33:44.189        [INFO]        FP 报告文件 'C:\Users\Downloads\Compressed\样本10X\Samp(4).dll' 的“无误报”状态 [I:10, S:111]
  9. 12/30/2019,15:33:44.190        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(4).dll
  10. 12/30/2019,15:33:44.190        [INFO]        [DETECTION] file contains 'HEUR/AGEN.1041102'
  11. 12/30/2019,15:33:44.202        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(6).pdf
  12. 12/30/2019,15:33:44.203        [INFO]        [DETECTION] file contains 'HTML/Malicious.PDF.Gen'
  13. 12/30/2019,15:33:44.440        [INFO]        FP 报告文件 'C:\Users\Downloads\Compressed\样本10X\Samp(7).dll' 的“无误报”状态 [I:10, S:111]
  14. 12/30/2019,15:33:44.441        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(7).dll
  15. 12/30/2019,15:33:44.441        [INFO]        [DETECTION] file contains 'HEUR/AGEN.1041102'
  16. 12/30/2019,15:33:44.666        [INFO]        FP 报告文件 'C:\Users\Downloads\Compressed\样本10X\Samp(8).dll' 的“无误报”状态 [I:10, S:111]
  17. 12/30/2019,15:33:44.667        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(8).dll
  18. 12/30/2019,15:33:44.667        [INFO]        [DETECTION] file contains 'TR/Kryptik.yfrda'
  19. 12/30/2019,15:34:04.710        [INFO]        repair.rdf loaded (version: 1.0.1912.689)
  20. 12/30/2019,15:34:04.732        [INFO]        Repair of Generic started.
  21. 12/30/2019,15:34:04.737        [WARN]        Can't set registry value:  RootKey: HKEY_USERS SubKey: S-1-5-21-2899959253-3639271498-3261437045-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ValueName: shell (64 bit): 系统找不到指定的文件。
  22. 12/30/2019,15:34:04.738        [WARN]        Can't set registry value:  RootKey: HKEY_USERS SubKey: S-1-5-21-2899959253-3639271498-3261437045-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ValueName: shell (32 bit): 系统找不到指定的文件。
  23. 12/30/2019,15:34:09.058        [INFO]        Repair of Generic finished successfully.
  24. 12/30/2019,15:34:09.059        [INFO]        Repair of TR/Downloader.Gen started.
  25. 12/30/2019,15:34:20.556        [INFO]        Repair of TR/Downloader.Gen finished successfully.
  26. 12/30/2019,15:34:20.558        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(10).dll
  27. 12/30/2019,15:34:20.558        [INFO]        [ACTION] Clean
  28. 12/30/2019,15:34:20.560        [INFO]        Repair of TR/Crypt.XPACK.Gen2 started.
  29. 12/30/2019,15:34:31.718        [INFO]        Repair of TR/Crypt.XPACK.Gen2 finished successfully.
  30. 12/30/2019,15:34:31.719        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(3).dll
  31. 12/30/2019,15:34:31.720        [INFO]        [ACTION] Clean
  32. 12/30/2019,15:34:31.721        [INFO]        Repair of HEUR/AGEN.1041102 started.
  33. 12/30/2019,15:34:41.600        [INFO]        Repair of HEUR/AGEN.1041102 finished successfully.
  34. 12/30/2019,15:34:41.601        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(4).dll
  35. 12/30/2019,15:34:41.602        [INFO]        [ACTION] Clean
  36. 12/30/2019,15:34:41.603        [INFO]        Repair of HTML/Malicious.PDF.Gen started.
  37. 12/30/2019,15:34:41.660        [INFO]        Repair of HTML/Malicious.PDF.Gen finished successfully.
  38. 12/30/2019,15:34:41.661        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(6).pdf
  39. 12/30/2019,15:34:41.661        [INFO]        [ACTION] Clean
  40. 12/30/2019,15:34:41.663        [INFO]        Repair of HEUR/AGEN.1041102 started.
  41. 12/30/2019,15:34:51.563        [INFO]        Repair of HEUR/AGEN.1041102 finished successfully.
  42. 12/30/2019,15:34:51.565        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(7).dll
  43. 12/30/2019,15:34:51.565        [INFO]        [ACTION] Clean
  44. 12/30/2019,15:34:51.567        [INFO]        Repair of TR/Kryptik.yfrda started.
  45. 12/30/2019,15:35:03.078        [INFO]        Repair of TR/Kryptik.yfrda finished successfully.
  46. 12/30/2019,15:35:03.079        [INFO]        C:\Users\Downloads\Compressed\样本10X\Samp(8).dll
  47. 12/30/2019,15:35:03.079        [INFO]        [ACTION] Clean

  48. ---------------------------------------------------------

  49. End of scan : 2019-12-30 15:35:03
  50. Duration : 01m:20s:787ms

  51. The scan has been done completely.

  52.       1 Scanned directories
  53.       3 Scanned archives
  54.      10 Scanned files
  55.       0 Skipped files
  56.       0 Ignored files
  57.       6 Detected files
  58.       6 Infected files cleaned
  59.       2 Warnings

  60. ---------------------------------------------------------
复制代码



dreams521
发表于 2019-12-30 15:51:12 | 显示全部楼层
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 21:00 , Processed in 0.134932 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表