EXE样本5X_266

显示全部楼层 · 发表于 2020-4-19 09:52:58

RT，未改后缀请小心食用，后果自负。。

载点：https://kafanealg.lanzous.com/ibknshe 密码：infected

显示全部楼层 · 发表于 2020-4-19 09:55:38

本帖最后由病毒探索者于 2020-4-19 11:56 编辑

Malwarebytes

Scan
MD5 2/5 40.0%
Original 3/5 60.0%
UPX 2/3 66.7%

Run
MD5       1/3 33.3%
Original 1/2 50.0%
UPX       0/1

In Total 69.2%

显示全部楼层 · 发表于 2020-4-19 10:13:02

本帖最后由 Xw1nd极风于 2020-4-19 10:54 编辑

Norton
扫描（10/13）=76.92%
双击（3/3）=100%

显示全部楼层 · 发表于 2020-4-19 10:26:52

Panda Dome
扫描2/13≈15.38%
双击1/11≈9.09%

显示全部楼层 · 发表于 2020-4-19 10:47:59

Avira

MD5  Scan 5/5  100%

Original  Scan 5/5  100%

UPX Scan 3/3  100% [1]

[1]:包含云2x：

04/19/2020,10:43:17.419 [INFO] FP 报告文件 'C:\Users\ft-cai\桌面\UPX\4.exe' 的“无误报”状态 [I:10, S:111]
04/19/2020,10:43:17.424 [INFO] 文件 'C:\Users\ft-cai\桌面\UPX\4.exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = 64312A632066C16086FC993496FBFF88B8B5B09FB60DB0F4FCD65B429CCFB16A [I:2, S:0]
04/19/2020,10:43:17.426 [INFO] C:\Users\ft-cai\桌面\UPX\4.exe
04/19/2020,10:43:17.428 [INFO] [DETECTION] file contains 'TR/Ransom.CryptoWall.64312a'
04/19/2020,10:43:50.139 [INFO] FP 报告文件 'C:\Users\ft-cai\桌面\UPX\5.exe' 的“无误报”状态 [I:10, S:111]
04/19/2020,10:43:50.142 [INFO] 文件 'C:\Users\ft-cai\桌面\UPX\5.exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = F84F712C4663A3D766C28AB06CD0431A34338D578850A210F5209708C51CB597 [I:2, S:0]
04/19/2020,10:43:50.144 [INFO] C:\Users\ft-cai\桌面\UPX\5.exe
04/19/2020,10:43:50.145 [INFO] [DETECTION] file contains 'TR/PSW.Stealer.f84f71'

复制代码

显示全部楼层 · 发表于 2020-4-19 10:50:27

本帖最后由 Nocria 于 2020-4-19 11:14 编辑

IKARUS

不知是不是错觉，自从上次程序更新后，妖刀对抗MD5和UPX混淆的能力比之前强了不少。

Original - 4/5

[19.04.2020 10:57:15] On-demand scan started: "user_defined"
[19.04.2020 10:57:15] Found, 0.78s, SigName: "Trojan-PSW.Agent", SigId: 3775382, Type: "VIRUS", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\Original\1.exe"
[19.04.2020 10:57:15] Found, 0.78s, SigName: "Trojan.MSIL.Crypt", SigId: 298177898, Type: "VIRUS", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\Original\2.exe"
[19.04.2020 10:57:17] Found, 1.437s, SigName: "PUA.Multibar", SigId: 3548421, Type: "PUA", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\Original\4.exe"
[19.04.2020 10:57:17] Found, 1.610s, SigName: "Trojan.Win32.Autoit", SigId: 3794850, Type: "VIRUS", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\Original\5.exe"
[19.04.2020 10:57:17] On-demand scan FINISHED: "user_defined"
[19.04.2020 10:57:17] ----------------------------------------------------
[19.04.2020 10:57:17] Directories scanned: 1
[19.04.2020 10:57:17] Files scanned: 10
[19.04.2020 10:57:17] Virus found: 4
[19.04.2020 10:57:17] ----------------------------------------------------

复制代码

MD5 - 3/5

[19.04.2020 10:58:20] On-demand scan started: "user_defined"
[19.04.2020 10:58:20] Found, 0.62s, SigName: "Trojan-PSW.Agent", SigId: 3775382, Type: "VIRUS", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\MD5\1.exe"
[19.04.2020 10:58:21] Found, 1.344s, SigName: "PUA.Multibar", SigId: 3548421, Type: "PUA", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\MD5\4.exe"
[19.04.2020 10:58:22] Found, 1.484s, SigName: "Trojan.Win32.Autoit", SigId: 3794850, Type: "VIRUS", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\MD5\5.exe"
[19.04.2020 10:58:22] On-demand scan FINISHED: "user_defined"
[19.04.2020 10:58:22] ----------------------------------------------------
[19.04.2020 10:58:22] Directories scanned: 1
[19.04.2020 10:58:22] Files scanned: 10
[19.04.2020 10:58:22] Virus found: 3
[19.04.2020 10:58:22] ----------------------------------------------------

复制代码

UPX - emptied

[19.04.2020 10:58:20] On-demand scan started: "user_defined"
[19.04.2020 10:58:20] Found, 0.62s, SigName: "Trojan-PSW.Agent", SigId: 3775382, Type: "VIRUS", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\MD5\1.exe"
[19.04.2020 10:58:21] Found, 1.344s, SigName: "PUA.Multibar", SigId: 3548421, Type: "PUA", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\MD5\4.exe"
[19.04.2020 10:58:22] Found, 1.484s, SigName: "Trojan.Win32.Autoit", SigId: 3794850, Type: "VIRUS", File: "C:\Users\promi\Desktop\EXE样本5X_266\EXE样本5X_266\MD5\5.exe"
[19.04.2020 10:58:22] On-demand scan FINISHED: "user_defined"
[19.04.2020 10:58:22] ----------------------------------------------------
[19.04.2020 10:58:22] Directories scanned: 1
[19.04.2020 10:58:22] Files scanned: 10
[19.04.2020 10:58:22] Virus found: 3
[19.04.2020 10:58:22] ----------------------------------------------------

复制代码

显示全部楼层 · 发表于 2020-4-19 10:50:30

kaspersky:
MD5:清空
Original:清空
UPX:剩2个

显示全部楼层 · 发表于 2020-4-19 11:13:46

Avast
扫描(13/13) 100%

显示全部楼层 · 发表于 2020-4-19 11:37:19

360

显示全部楼层 · 发表于 2020-4-19 19:23:30

mcafee endpoint
扫描（13/13）=100%

[病毒样本] EXE样本5X_266