#NanoCore.Botnet

显示全部楼层 · 发表于 2020-3-3 16:57:30

本帖最后由 BE_HC 于 2020-3-3 17:10 编辑

下载:https://www.lanzous.com/i9wjaej 密码:g4mn

http://adikaremix.duckdns.org

复制代码

显示全部楼层 · 发表于 2020-3-3 17:04:05

卡巴

03.03.2020 17.03.53;检测到的对象( 文件 );Z:\draw\draw.exe;Windows Explorer;Z:\draw\draw.exe;03/03/2020 17:03:53;HEUR:Backdoor.MSIL.NanoBot.gen

显示全部楼层 · 发表于 2020-3-3 17:06:56

Filename: draw.exe
Threat name: SONAR.Heuristic.170Full Path: Not Available

____________________________

____________________________

On computers as of
3/3/2020 at 5:06:16 PM

Last Used
3/3/2020 at 5:06:16 PM

Startup Item
No

Launched
Yes

SONAR Protection monitors for suspicious program activity on your computer.

____________________________

draw.exe Threat name: SONAR.Heuristic.170
Locate

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week ago.

High
This file risk is high.

____________________________

Source: External Media

Source File:
WinRAR.exe

File Created:
draw.exe

____________________________

File Actions

File: c:\Users\VPC\downloads\ draw.exe Threat Removed
File: c:\Users\VPC\AppData\Roaming\ htkjucryhyfpj.exe Threat Removed
File: c:\Users\VPC\downloads\ draw.zip Threat Removed
File: c:\Users\VPC\AppData\Local\Temp\ tmpD479.tmp Threat Removed
____________________________

System Settings Actions

Event: Browser process start (Performed by c:\users\vpc\downloads\draw.exe, PID:6428) No action taken
Event: PE file creation: c:\users\vpc\appdata\roaming\ htkjucryhyfpj.exe (Performed by c:\users\vpc\downloads\draw.exe, PID:6428) No action taken
Event: Process start: c:\Windows\SysWOW64\ schtasks.exe, PID:1088 (Performed by c:\users\vpc\downloads\draw.exe, PID:6428) No action taken
Event: Process start: c:\users\vpc\downloads\ draw.exe, PID:6428 (Performed by c:\users\vpc\downloads\draw.exe, PID:6428) No action taken
____________________________

File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

显示全部楼层 · 发表于 2020-3-3 17:11:50

ESET

a variant of MSIL/Kryptik.UXD

显示全部楼层 · 发表于 2020-3-3 17:15:53

ESET
draw.exe - MSIL/Kryptik.UXD 特洛伊木马的变种待会双击@QVM360

显示全部楼层 · 发表于 2020-3-3 17:26:06

本帖最后由 swizzer 于 2020-3-3 17:27 编辑

智量扫描&双击both kill

显示全部楼层 · 发表于 2020-3-3 17:27:47

显示全部楼层 · 发表于 2020-3-3 17:33:31

双击，会添加自启项，然后火绒主防没反应
火绒剑占楼@QVM360

显示全部楼层 · 发表于 2020-3-3 17:41:06

自适应威胁防护已阻止基于无文件的攻击，因为其信誉 (已知恶意文件) 低于配置的提示阈值。
分析器/检测程序
产品名称 McAfee Endpoint Security
产品版本 10.7.0.1740
功能名称 Real Protect Cloud

威胁
执行的操作清理
威胁类别检测到恶意软件
威胁事件 ID 35107
威胁已被处理是
威胁名称 Real Protect-EC!6FEBBE53D50D
威胁严重性严重
威胁时间戳 3/3/2020 5:39 PM
威胁类型特洛伊木马程序

显示全部楼层 · 发表于 2020-3-3 17:50:42

BD扫描miss

[病毒样本] #NanoCore.Botnet

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块