样本集奉上_138

病毒探索者

BD 扫描
MD5 11/13
Original 12/13
UPX 7/7
扫UPX的时候没有截图

对missed样本双击
ATD killed all

anthonyqian

卡巴剩余一个UPX的13

病毒探索者

anthonyqian 发表于 2020-3-19 12:07
卡巴剩余一个UPX的13

双击怎么样？

anthonyqian

病毒探索者 发表于 2020-3-19 12:14
双击怎么样？

这个样本在我电脑上打不开。。。

SayWhat13

Malwarebytes all clear.



-Log Details-
Scan Date: 3/21/20
Scan Time: 11:56 PM
Log File: 8ed0a0bc-6b8c-11ea-916b-2c6e85b935b5.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.854
Update Package Version: 1.0.21130
License: Premium

-System Information-
OS: Windows 10 (Build 19041.21)
CPU: x64
File System: NTFS
User: DESKTOP-O5U42T0\preston

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 14473
Threats Detected: 41
Threats Quarantined: 0
Time Elapsed: 4 min, 1 sec

-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 41
Ransom.Nemty, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\13.EXE, No Action By User, 7759, 801842, 1.0.21130, FB3EC1FE8E03D144C686B5FE, dds, 00641654
Generic.Malware/Suspicious, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\9.EXE, No Action By User, 0, 392686, 1.0.21130, , shuriken,
Backdoor.NanoCore, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\2.EXE, No Action By User, 3684, 550638, 1.0.21130, 808D2635470D628BCCC61649, dds, 00641654
Trojan.Crypt.MSIL.Generic, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\12.EXE, No Action By User, 9271, 516114, 1.0.21130, 55545CEC53A551AB90A2A3A8, dds, 00641654
Trojan.MSCrypt.MSIL.Generic, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\1.EXE, No Action By User, 10460, 801674, 1.0.21130, , ame,
Trojan.GuLoader, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\7.EXE, No Action By User, 9278, 800849, 1.0.21130, 3230BFCD8907F5FF05DD286A, dds, 00641654
Trojan.Injector, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\10.EXE, No Action By User, 686, 800242, 1.0.21130, 002E4954034637809A07E163, dds, 00641654
Trojan.MalPack.DLF, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\11.EXE, No Action By User, 7776, 801031, 1.0.21130, BA03DB81957A1FCD0AB1F1AE, dds, 00641654
RiskWare.Agent, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\8.EXE, No Action By User, 3931, 801547, 1.0.21130, 3311CB45927849A6FD99F477, dds, 00641654
Trojan.Crypt.MSIL.Generic, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\12.EXE, No Action By User, 9271, 516114, 1.0.21130, 55545CEC53A551AB90A2A3A8, dds, 00641654
Trojan.PasswordStealer.MSIL, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\5.EXE, No Action By User, 3760, 87249, 1.0.21130, A8005C61F5DAB9AD5A9A12DE, dds, 00641654
Ransom.Nemty, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\13.EXE, No Action By User, 7759, 801842, 1.0.21130, FB3EC1FE8E03D144C686B5FE, dds, 00641654
Trojan.GuLoader, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\7.EXE, No Action By User, 9278, 800849, 1.0.21130, 3230BFCD8907F5FF05DD286A, dds, 00641654
Spyware.PasswordStealer, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\4.EXE, No Action By User, 546, 801792, 1.0.21130, DDBBED19C441C01848303677, dds, 00641654
Backdoor.NetWiredRC.AutoIt.Generic, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\3.EXE, No Action By User, 10239, 734843, 1.0.21130, F02F47F2645DB547313B3D9C, dds, 00641654
Trojan.MSCrypt.MSIL.Generic, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\1.EXE, No Action By User, 10460, 801674, 1.0.21130, , ame,
Backdoor.NetWiredRC.AutoIt.Generic, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\3.EXE, No Action By User, 10239, 734843, 1.0.21130, F02F47F2645DB547313B3D9C, dds, 00641654
Trojan.Crypt, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\9.EXE, No Action By User, 4117, 801752, 1.0.21130, E4783F3DEC96F8FC5E7E6136, dds, 00641654
Backdoor.NanoCore, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\2.EXE, No Action By User, 3684, 550638, 1.0.21130, 808D2635470D628BCCC61649, dds, 00641654
Spyware.PoullightStealer, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\8.EXE, No Action By User, 8933, 801804, 1.0.21130, 3311CB45927849A6FD99F477, dds, 00641654
Generic.Malware/Suspicious, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\MD5\6.EXE, No Action By User, 0, 392686, 1.0.21130, , shuriken,
Generic.Malware/Suspicious, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\6.EXE, No Action By User, 0, 392686, 1.0.21130, , shuriken,
Generic.Malware/Suspicious, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\UPX\10.EXE, No Action By User, 0, 392686, 1.0.21130, , shuriken,
MachineLearning/Anomalous.97%, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\UPX\13.EXE, No Action By User, 0, 392687, 1.0.21130, , shuriken,
Generic.Malware/Suspicious, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\UPX\6.EXE, No Action By User, 0, 392686, 1.0.21130, , shuriken,
Trojan.Injector, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\10.EXE, No Action By User, 686, 800242, 1.0.21130, 002E4954034637809A07E163, dds, 00641654
Spyware.LokiBot, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\UPX\3.EXE, No Action By User, 4193, 801525, 1.0.21130, , ame,
Spyware.PasswordStealer, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\4.EXE, No Action By User, 546, 801792, 1.0.21130, DDBBED19C441C01848303677, dds, 00641654
Trojan.MalPack.DLF, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\11.EXE, No Action By User, 7776, 801031, 1.0.21130, BA03DB81957A1FCD0AB1F1AE, dds, 00641654
Trojan.PasswordStealer.MSIL, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\ORIGINAL\5.EXE, No Action By User, 3760, 87249, 1.0.21130, A8005C61F5DAB9AD5A9A12DE, dds, 00641654
Trojan.MalPack.VB, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\UPX\7.EXE, No Action By User, 831, 802353, 1.0.21130, 3230BFCD8907F5FF05DD286A, dds, 00641654
Spyware.FormBook, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\UPX\11.EXE, No Action By User, 4482, 802075, 1.0.21130, 0059BBB4013EEDA212FEB1DD, dds, 00641654
PUP.Optional.DriveTheLife, C:\PROGRAMDATA\DTLTOOLBOX\ONEKEYINST.7Z, No Action By User, 1106, 797772, 1.0.21130, , ame,
Bootkit.Agent, C:\$RECYCLE.BIN\S-1-5-21-3726173578-1355515081-3920758824-1001\$R9E0R2W.61\GEOMETRY DASH AUTO SPEEDHACK.EXE, No Action By User, 8028, 313617, 1.0.21130, 89A523BA64067D117AA8B315, dds, 00641654
RiskWare.Packed.Enigma, C:\$RECYCLE.BIN\S-1-5-21-3726173578-1355515081-3920758824-1001\$RLWSEFR\1.EXE, No Action By User, 8866, 801742, 1.0.21130, 577D6DD4C51BCD40FC9EA224, dds, 00641654
Trojan.GuLoader, C:\$RECYCLE.BIN\S-1-5-21-3726173578-1355515081-3920758824-1001\$RLWSEFR\4.EXE, No Action By User, 9278, 801429, 1.0.21130, , ame,
Bootkit.Agent, C:\$RECYCLE.BIN\S-1-5-21-3726173578-1355515081-3920758824-1001\$RKZY4CF.ZIP, No Action By User, 8028, 313617, 1.0.21130, 89A523BA64067D117AA8B315, dds, 00641654
Generic.Malware/Suspicious, C:\USERS\PRESTON\DOWNLOADS\COMPRESSED\样本集奉上_138\UPX\4.EXE, No Action By User, 0, 392686, 1.0.21130, , shuriken,
Generic.Malware/Suspicious, C:\USERS\PRESTON\APPDATA\ROAMING\OpenShell\Pinned\破解启动器 (2).lnk, No Action By User, 0, 392686, , , ,
Generic.Malware/Suspicious, C:\USERS\PRESTON\APPDATA\ROAMING\OpenShell\Pinned\破解启动器.lnk, No Action By User, 0, 392686, , , ,
Generic.Malware/Suspicious, D:\PROGRAM FILES (X86)\THUNDER NETWORK\THUNDERVIP\PROGRAM\THUNDER-LOADER.EXE, No Action By User, 0, 392686, 1.0.21130, , shuriken,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)