可疑非PE样本19x

显示全部楼层 · 发表于 2020-2-23 18:07:08

https://lanzous.com/i9m2dhi

显示全部楼层 · 发表于 2020-2-23 18:19:08

Avast Kill 11X
其中修复1X

显示全部楼层 · 发表于 2020-2-23 18:22:50

ESET 8x

显示全部楼层 · 发表于 2020-2-23 18:30:56

本帖最后由 Nocria 于 2020-2-23 19:13 编辑

IKARUS - 11/19

[23.02.2020 19:13:07] On-demand scan started: "user_defined"
[23.02.2020 19:13:07] Found, 0.00s, SigName: "Trojan.Win32.Rozena", SigId: 268543971, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\1_borabora_metallurgy-invite.pdf.hta"
[23.02.2020 19:13:07] Found, 0.47s, SigName: "Trojan.JS.Crypt", SigId: 3379521, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\1.jar"
[23.02.2020 19:13:07] Found, 0.63s, SigName: "Trojan.Java.GenericGB", SigId: 293032524, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\3.jar"
[23.02.2020 19:13:07] Found, 0.00s, SigName: "Trojan.SuspectCRC", SigId: 288648239, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\Employee-entitlements-2020.doc"
[23.02.2020 19:13:07] Found, 0.15s, SigName: "Trojan-Downloader.VBS.Ursnif", SigId: 293148856, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\job_presentation_g2s.js"
[23.02.2020 19:13:07] Found, 0.31s, SigName: "VBS.ObfDldr", SigId: 293134568, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\JVC_36998.vbs"
[23.02.2020 19:13:07] Found, 0.16s, SigName: "Trojan-Downloader.O97M.Donoff", SigId: 293076899, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\Myriam_Marinna_987080.doc"
[23.02.2020 19:13:08] Found, 0.31s, SigName: "Exploit.Office.Doc", SigId: 3735052, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\PO_6008570AZ.doc"
[23.02.2020 19:13:08] Found, 0.00s, SigName: "Trojan.PowerShell.Splitfuse", SigId: 293052137, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\sample1.xlsm"
[23.02.2020 19:13:08] Found, 0.16s, SigName: "Trojan-Downloader.Script", SigId: 280856666, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\test.xlsm"
[23.02.2020 19:13:08] Found, 0.16s, SigName: "Exploit.CVE2012-0158", SigId: 3393716, Type: "VIRUS", File: "C:\Users\promi\Desktop\19x（20200223）\19x（20200223）\x.doc"
[23.02.2020 19:13:08] On-demand scan FINISHED: "user_defined"
[23.02.2020 19:13:08] ----------------------------------------------------
[23.02.2020 19:13:08] Directories scanned: 2
[23.02.2020 19:13:08] Files scanned: 20
[23.02.2020 19:13:08] Virus found: 11
[23.02.2020 19:13:08] ----------------------------------------------------

复制代码

显示全部楼层 · 发表于 2020-2-23 18:40:47

智量13x

显示全部楼层 · 发表于 2020-2-23 19:02:50

gdata解压后报毒10x,右键扫描后报2x

显示全部楼层 · 发表于 2020-2-23 19:13:40

卡巴检测14x

显示全部楼层 · 发表于 2020-2-23 19:16:21

智量扫描发现13个，火绒扫描发现4个

显示全部楼层 · 发表于 2020-2-23 19:21:56

本帖最后由汝航于 2020-2-23 19:34 编辑

智量实防kill 12X，扫描kill 1X，剩下一些网页，双击微点，智量均miss

显示全部楼层 · 发表于 2020-2-23 19:29:30

本帖最后由沈志鸣于 2020-2-23 19:32 编辑

卡巴斯基扫描 kill 15x，实杀 12x（打开了解析电子邮件格式）
双击kill
bUrxr_enc.vbe
cjLXbHZSRHeL.vbs
job_presentation_g2s.js
JVC_36998.vbs
另外两个html都指向钓鱼网站
还有一个php就不双击了

[可疑文件] 可疑非PE样本19x

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块