样本集奉上_136

马甲账号

RT，未改后缀请小心食用，后果自负。。



载点：https://www.lanzous.com/iadrk8d密码：infected

请将样本分开扫描，否则没有任何意义

swizzer

智量
ASPack 3/6
Original&MD5 10/10
UPX  7/10
双击后:
UPX  剩余2、6，ASPack 剩余2、9，在我这里均报错/无行为自退
图太多不想放出来了

a233

Avast
Original 9/10

MD5 8/10

UPX 5/10

Aspack 3/6

不双击了，只上报

我如浮云般飘过

卡巴Original kill all
MD5 剩8
Aspack 剩 2和9
UPX 剩 2 3 8 9
双击后
MD5 PDM杀了2
UPX PDM杀了3
其他所有样本运行后没有看到明显的行为

pre

BD
Original 清空
MD5 Scan Miss#8，ATD Kill
UPX Scan Miss#5，ATD Kill
Aspack Scan Miss3x，ATD Kill1x，miss2x

静影沉璧

ESET清空

Aspack 6/6

1. Log
   
2. Scan Log
   
3. Version of detection engine: 21016P (20200318)
   
4. Date: 2020/3/18  Time: 14:52:59
   
5. Scanned disks, folders and files: C:\Users\Administrator\Desktop\样本集奉上_136\Aspack
   
6. C:\Users\Administrator\Desktop\样本集奉上_136\Aspack\1.exe - Win32/Filecoder.Sodinokibi.B trojan - cleaned by deleting [1]
   
7. C:\Users\Administrator\Desktop\样本集奉上_136\Aspack\10.exe - a variant of Win32/Kryptik.HBYE trojan - cleaned by deleting [1]
   
8. C:\Users\Administrator\Desktop\样本集奉上_136\Aspack\2.exe - a variant of Win32/Kryptik.GLLM trojan - cleaned by deleting [1]
   
9. C:\Users\Administrator\Desktop\样本集奉上_136\Aspack\4.exe - Win32/Filecoder.Phobos.C trojan - cleaned by deleting [1]
   
10. C:\Users\Administrator\Desktop\样本集奉上_136\Aspack\7.exe - Win32/FakeDoc.A worm - cleaned by deleting [1]
    
11. C:\Users\Administrator\Desktop\样本集奉上_136\Aspack\9.exe - Suspicious Object - cleaned by deleting [1]
    
12. Number of scanned objects: 6
    
13. Number of detections: 6
    
14. Number of cleaned objects: 6
    
15. Time of completion: 14:53:16  Total scanning time: 17 sec (00:00:17)
    
16. 
    
17. Notes:
    
18. [1] Object has been deleted as it only contained the virus body.
    

复制代码

MD5 10/10

1. Log
   
2. Scan Log
   
3. Version of detection engine: 21016P (20200318)
   
4. Date: 2020/3/18  Time: 14:54:15
   
5. Scanned disks, folders and files: C:\Users\Administrator\Desktop\样本集奉上_136\MD5
   
6. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\1.exe - Win32/Filecoder.Sodinokibi.B trojan - cleaned by deleting [1]
   
7. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\10.exe - a variant of Win32/Kryptik.HBYE trojan - cleaned by deleting [1]
   
8. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\2.exe - a variant of Win32/Kryptik.GLLM trojan - cleaned by deleting [1]
   
9. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\3.exe - a variant of Win32/Injector.ELCE trojan - cleaned by deleting [1]
   
10. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\4.exe - Win32/Filecoder.Phobos.C trojan - cleaned by deleting [1]
    
11. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\5.exe - a variant of Win32/GenKryptik.EAZV trojan - cleaned by deleting [1]
    
12. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\6.exe » NSIS » identity.dll - Win32/Injector.CEKO trojan - cleaned by deleting [1]
    
13. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\7.exe - Win32/FakeDoc.A worm - cleaned by deleting [1]
    
14. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\8.exe - a variant of Win32/Injector.ELCT trojan - cleaned by deleting [1]
    
15. C:\Users\Administrator\Desktop\样本集奉上_136\MD5\9.exe - a variant of Win32/Injector.ELCT trojan - cleaned by deleting [1]
    
16. Number of scanned objects: 21
    
17. Number of detections: 10
    
18. Number of cleaned objects: 10
    
19. Time of completion: 14:54:40  Total scanning time: 25 sec (00:00:25)
    
20. 
    
21. Notes:
    
22. [1] Object has been deleted as it only contained the virus body.
    

复制代码

Original 10/10

1. Log
   
2. Scan Log
   
3. Version of detection engine: 21016P (20200318)
   
4. Date: 2020/3/18  Time: 14:55:08
   
5. Scanned disks, folders and files: C:\Users\Administrator\Desktop\样本集奉上_136\Original
   
6. C:\Users\Administrator\Desktop\样本集奉上_136\Original\1.exe - Win32/Filecoder.Sodinokibi.B trojan - cleaned by deleting [1]
   
7. C:\Users\Administrator\Desktop\样本集奉上_136\Original\10.exe - a variant of Win32/Kryptik.HBYE trojan - cleaned by deleting [1]
   
8. C:\Users\Administrator\Desktop\样本集奉上_136\Original\2.exe - a variant of Win32/Kryptik.GLLM trojan - cleaned by deleting [1]
   
9. C:\Users\Administrator\Desktop\样本集奉上_136\Original\3.exe - a variant of Win32/Injector.ELCE trojan - cleaned by deleting [1]
   
10. C:\Users\Administrator\Desktop\样本集奉上_136\Original\4.exe - Win32/Filecoder.Phobos.C trojan - cleaned by deleting [1]
    
11. C:\Users\Administrator\Desktop\样本集奉上_136\Original\5.exe - a variant of Win32/GenKryptik.EAZV trojan - cleaned by deleting [1]
    
12. C:\Users\Administrator\Desktop\样本集奉上_136\Original\6.exe » NSIS » identity.dll - Win32/Injector.CEKO trojan - cleaned by deleting [1]
    
13. C:\Users\Administrator\Desktop\样本集奉上_136\Original\7.exe - Win32/FakeDoc.A worm - cleaned by deleting [1]
    
14. C:\Users\Administrator\Desktop\样本集奉上_136\Original\8.exe - a variant of Win32/Injector.ELCT trojan - cleaned by deleting [1]
    
15. C:\Users\Administrator\Desktop\样本集奉上_136\Original\9.exe - a variant of Win32/Injector.ELCT trojan - cleaned by deleting [1]
    
16. Number of scanned objects: 21
    
17. Number of detections: 10
    
18. Number of cleaned objects: 10
    
19. Time of completion: 14:55:20  Total scanning time: 12 sec (00:00:12)
    
20. 
    
21. Notes:
    
22. [1] Object has been deleted as it only contained the virus body.
    

复制代码

UPX 10/10

1. Log
   
2. Scan Log
   
3. Version of detection engine: 21016P (20200318)
   
4. Date: 2020/3/18  Time: 14:55:54
   
5. Scanned disks, folders and files: C:\Users\Administrator\Desktop\样本集奉上_136\UPX
   
6. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\1.exe - a variant of Win32/Kryptik.GXNR trojan - cleaned by deleting [1]
   
7. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\10.exe - a variant of Win32/Kryptik.HBYE trojan - cleaned by deleting [1]
   
8. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\2.exe - a variant of Win32/Kryptik.GLLM trojan - cleaned by deleting [1]
   
9. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\3.exe » UPX v12_m2 - a variant of Win32/Injector.ELCE trojan - deleted
   
10. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\4.exe - Win32/Filecoder.Phobos.C trojan - cleaned by deleting [1]
    
11. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\5.exe » UPX v13_m8 - a variant of Win32/GenKryptik.EAZV trojan - action selection postponed until scan completion
    
12. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\6.exe » NSIS » identity.dll - Win32/Injector.CEKO trojan - cleaned by deleting [1]
    
13. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\7.exe - Win32/FakeDoc.A worm - cleaned by deleting [1]
    
14. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\8.exe » UPX v12_m2 - a variant of Win32/Injector.ELCT trojan - deleted
    
15. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\9.exe - Suspicious Object - cleaned by deleting [1]
    
16. C:\Users\Administrator\Desktop\样本集奉上_136\UPX\5.exe » UPX v13_m8 - a variant of Win32/GenKryptik.EAZV trojan - deleted
    
17. Number of scanned objects: 27
    
18. Number of detections: 10
    
19. Number of cleaned objects: 10
    
20. Time of completion: 14:56:10  Total scanning time: 16 sec (00:00:16)
    
21. 
    
22. Notes:
    
23. [1] Object has been deleted as it only contained the virus body.
    

复制代码

www-tekeze

swizzer 发表于 2020-3-18 14:29
智量
ASPack 3/6
Original&MD5 10/10

估计入库杀的有点多，加壳后就不行了 (不谈双击)，如果源样本Heur杀，这两种壳影响很小。。

马甲账号

www-tekeze 发表于 2020-3-18 15:05
估计入库杀的有点多，加壳后就不行了 (不谈双击)，如果源样本Heur杀，这两种壳影响很小。。

看来还是ESET扫描强只不过主防。。

www-tekeze

火绒杀21X，不分开了，累。。。

马甲账号

www-tekeze 发表于 2020-3-18 15:08
火绒杀21X，不分开了，累。。。

我分开扫过，很垃圾。。