#Anti-VM #APT #VT:9/61

BE_HC

下载:https://www.lanzous.com/ia7rjib 密码:337d


2020-01-20 老东西，在WIN7 X86下可以运行

1. YARA signature "IronTiger_Gh0stRAT_variant" classified file "all.bstring" as "apt,irontiger,gh0strat,rat" based on indicators: "Winds Update" (Reference: http://goo.gl/T5fSJC, Author: Cyber Safety Solutions, Trend Micro)
   
2. YARA signature "EnfalStrings" classified file "all.bstring" as "enfal" based on indicators: "Crpq2.cgi" (Author: Seth Hardy)
   
3. YARA signature "Enfal" classified file "all.bstring" as "enfal" (Author: Seth Hardy)
   
4. YARA signature "gh0st" classified file "all.bstring" as "rat,gh0st" based on indicators: "Gh0st Update" (Author: https://github.com/jackcr/)
   
5. YARA signature "update_PcMain" matched file "all.bstring" as "Chinese Hacktool Set - file PcMain.dll" based on indicators: "Global\%s-key-event,%d%d.exe,%d.exe,Global\%s-key-metux,GET / HTTP/1.1,\Services" (Reference: http://tools.zjqhr.com/, Author: Florian Roth)
   
6. YARA signature "CN_Honker_T00ls_Lpk_Sethc_v4_LPK" matched file "all.bstring" as "Sample from CN Honker Pentest Toolset - file LPK.DAT" based on indicators: "c:\1.exe" (Reference: Disclosed CN Honker Pentest Toolset, Author: Florian Roth)
   
7. YARA signature "Typical_Malware_String_Transforms" matched file "all.bstring" as "Detects typical strings in a reversed or otherwise modified form" based on indicators: "exe.tsohcvs" (Reference: Internal Research, Author: Florian Roth)
   
8. Internal YARA signature matched on file "all.bstring"

复制代码

https://www.hybrid-analysis.com/sample/ed2038ca387e15e3c3a177624541c5c851e71eaa3d7858eb285e43c07b7cab10?environmentId=110


https://www.virustotal.com/gui/file/ed2038ca387e15e3c3a177624541c5c851e71eaa3d7858eb285e43c07b7cab10/details

a233

CHURP

卡巴斯基不报现在卡巴都要废了

YorkWaugh

火绒miss

lifan88

有没有驱动

巍巍

BD miss
智量miss

静影沉璧

ESET miss
已上报

BE_HC

lifan88 发表于 2020-3-13 15:53
有没有驱动

不清楚，这个可能是Exploit

a445441

反虚拟机微点MISS