29x (2020-05-03)

显示全部楼层 · 发表于 2020-5-3 17:15:59

测试时间：2020-05-03 17:05测试产品：KIS (macOS)
测试结果：解压查杀 27/29（剩余 7.xlsm, 27.exe)
双击结果：（exe程序无法运行在macOS）
日志：
已处理的对象
/Users/null/Downloads/29x (2020-05-03)/14.exe,已删除,木马程序,UDS:Backdoor.MSIL.NanoBot.gen,2020-05-03 17:05:34 +08:00
/Users/null/Downloads/29x (2020-05-03)/18.exe,已删除,木马程序,UDS:Backdoor.MSIL.Remcos.gen,2020-05-03 17:05:31 +08:00
/Users/null/Downloads/29x (2020-05-03)/23.exe,已删除,木马程序,UDS:Backdoor.MSIL.NanoBot.gen,2020-05-03 17:05:29 +08:00
/Users/null/Downloads/29x (2020-05-03)/25.exe,已删除,木马程序,UDS:Trojan-PSW.MSIL.Agensla.gen,2020-05-03 17:05:26 +08:00
/Users/null/Downloads/29x (2020-05-03)/4.exe,已删除,木马程序,Trojan-Downloader.Win32.Deyma.bdo,2020-05-03 17:05:23 +08:00
/Users/null/Downloads/29x (2020-05-03)/10.exe,已删除,木马程序,Trojan-Banker.Win32.Emotet.fepw,2020-05-03 17:05:23 +08:00
/Users/null/Downloads/29x (2020-05-03)/12.exe,已删除,木马程序,HEUR:Backdoor.MSIL.Remcos.gen,2020-05-03 17:05:23 +08:00
/Users/null/Downloads/29x (2020-05-03)/20.exe,已删除,木马程序,UDS:Trojan-PSW.MSIL.Agensla.gen,2020-05-03 17:05:22 +08:00
/Users/null/Downloads/29x (2020-05-03)/2.exe,已删除,木马程序,Trojan.Win32.Zenpak.aacx,2020-05-03 17:05:21 +08:00
/Users/null/Downloads/29x (2020-05-03)/21.exe,已删除,木马程序,HEUR:Backdoor.MSIL.Remcos.gen,2020-05-03 17:05:21 +08:00
/Users/null/Downloads/29x (2020-05-03)/16.exe,已删除,未受感染,UDS:DangerousObject.Multi.Generic,2020-05-03 17:05:19 +08:00
/Users/null/Downloads/29x (2020-05-03)/29.exe,已删除,木马程序,HEUR:Backdoor.Win32.Remcos.gen,2020-05-03 17:05:18 +08:00
/Users/null/Downloads/29x (2020-05-03)/1.exe,已删除,木马程序,Backdoor.Win32.Emotet.epw,2020-05-03 17:05:18 +08:00
/Users/null/Downloads/29x (2020-05-03)/11.exe,已删除,木马程序,Backdoor.Win32.Emotet.gjx,2020-05-03 17:05:18 +08:00
/Users/null/Downloads/29x (2020-05-03)/13.exe,已删除,木马程序,HEUR:Backdoor.MSIL.Remcos.gen,2020-05-03 17:05:18 +08:00
/Users/null/Downloads/29x (2020-05-03)/15.exe,已删除,木马程序,Trojan-Banker.Win32.Danabot.fxy,2020-05-03 17:05:16 +08:00
/Users/null/Downloads/29x (2020-05-03)/17.exe,已删除,木马程序,HEUR:Backdoor.MSIL.Remcos.gen,2020-05-03 17:05:15 +08:00
/Users/null/Downloads/29x (2020-05-03)/19.exe,已删除,木马程序,Trojan-Banker.Win32.Qbot.ssy,2020-05-03 17:05:13 +08:00
/Users/null/Downloads/29x (2020-05-03)/22.exe,已删除,木马程序,Backdoor.Win32.Emotet.gjy,2020-05-03 17:05:13 +08:00
/Users/null/Downloads/29x (2020-05-03)/24.exe,已删除,木马程序,Trojan.Win32.Zenpak.aahe,2020-05-03 17:05:13 +08:00
/Users/null/Downloads/29x (2020-05-03)/3.exe,已删除,木马程序,Trojan-Banker.Win32.Emotet.fehn,2020-05-03 17:05:13 +08:00
/Users/null/Downloads/29x (2020-05-03)/26.exe,已删除,木马程序,Backdoor.Win32.Emotet.gjz,2020-05-03 17:05:13 +08:00
/Users/null/Downloads/29x (2020-05-03)/28.exe,已删除,木马程序,HEUR:Backdoor.Win32.Remcos.gen,2020-05-03 17:05:13 +08:00
/Users/null/Downloads/29x (2020-05-03)/6.exe,已删除,木马程序,UDS:Trojan-PSW.MSIL.Agensla.gen,2020-05-03 17:05:10 +08:00
/Users/null/Downloads/29x (2020-05-03)/5.exe,已删除,木马程序,HEUR:Backdoor.Win32.Remcos.gen,2020-05-03 17:05:09 +08:00
/Users/null/Downloads/29x (2020-05-03)/8.exe,已删除,木马程序,UDS:Trojan-Spy.MSIL.Noon.gen,2020-05-03 17:05:08 +08:00
/Users/null/Downloads/29x (2020-05-03)/9.exe,已删除,木马程序,Trojan.Win32.Zenpak.aamm,2020-05-03 17:05:05 +08:00

显示全部楼层 · 发表于 2020-5-3 17:25:43

测试时间：2020.5.3 17：23
测试产品：亚信趋势12个人版
扫描结果：10/29=34.5%
双击结果：实机no

显示全部楼层 · 发表于 2020-5-3 17:32:45

QVM360 发表于 2020-5-3 16:58
7.xlsm 会释放文件到ProgramData，是恶意文件

8.exe是什么东西

我实机双击，咖啡没拦

显示全部楼层 · 发表于 2020-5-3 18:17:20

本帖最后由 QVM360 于 2020-5-3 18:20 编辑

Xw1nd极风发表于 2020-5-3 16:49
测试时间：16：50
测试产品：KIS
扫描结果：27/29=93.1%

7.xlsm的衍生物，ESET拦截了

显示全部楼层 · 发表于 2020-5-3 18:18:34

本帖最后由 QVM360 于 2020-5-3 18:24 编辑

暗_黑发表于 2020-5-3 17:32
8.exe是什么东西

我实机双击，咖啡没拦

8.exe
https://app.any.run/tasks/8ea84fdb-5f0d-43fd-a79f-efd56188de3d
#Formbook #Stealer #HawkEye #KeyLogger
这玩意还会添加自启动

建议删除的衍生物：

显示全部楼层 · 发表于 2020-5-3 19:09:23

QVM360 发表于 2020-5-3 18:18
8.exe
https://app.any.run/tasks/8ea84fdb-5f0d-43fd-a79f-efd56188de3d
#Formbook #Stealer #HawkEye ...

我愣是一个也没找到

显示全部楼层 · 发表于 2020-5-3 19:33:50

测试时间：2020/05/03 PM7:15
测试产品：Dr.Web
病毒库日期：2020/05/03 04:40
扫描结果：16/29（55.1%）
双击结果（图一乐）：2/13（15%）（总数包括缺失组件，双击失败。Office无，java无，elf文件无法双击。）
合计：18/29（62.1%）
2.exe 衍生物：vdsvd.exe -DPH:Trojan.Inject.Hollowing.4.0（母体自毁后杀衍生物）
15.exe - DPD:Trojan.PWS.DanaBot.286（释放衍生物后杀本体）

P.S：在虚拟机双击后，不知道哪个样本尝试对外联网，被宿主机杀软拦截。

显示全部楼层 · 发表于 2020-5-3 19:48:24

暗_黑发表于 2020-5-3 19:09
我愣是一个也没找到

那就是自删除了，没事，电脑没重要信息就好。。

显示全部楼层 · 发表于 2020-5-4 09:35:10

本帖最后由上上谦于 2020-5-4 09:40 编辑

测试时间：5.4  9：36
测试产品：360
扫描结果：29/29=100%
双击结果：-
日志：360木马查杀扫描日志
开始时间: 2020-5-4 09:36:22
扫描用时: 00:00:05
扫描类型: 自定义扫描
扫描引擎:360云查杀引擎（本地木马库）  360启发式引擎  QEX脚本查杀引擎
         QVM Ⅱ人工智能引擎小红伞本地查杀引擎
扫描文件数: 29
系统关键位置文件: 0
系统内存运行模块: 0
压缩包文件: 0
安全的文件数: 0
发现安全威胁: 29
已处理安全威胁: 29

扫描选项
----------------------
扫描后自动关机: 否
扫描模式: 速度最快
管理员：是

扫描内容
----------------------
E:\下载\29x (2020-05-03)\

白名单设置
----------------------
可疑的快捷方式：scrnsave.lnk
可疑的快捷方式：scrnsave.lnk
d:\temp\temp\nsgf65c.tmp\kmpaddedcode_oppercd.exe 4f789460fd743c7169142a02834da8e2

扫描结果
======================

危险文件：29个
----------------------------------------------------------------
E:\下载\29x (2020-05-03)\1.exe 7639a1d038c84e929275cd00ff997b15 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Backdoor.f59][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\10.exe ab60eceae6ca85a01ea7e4f86c0b7844 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.653][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\11.exe 337288dfdf00679882abad5d47762ebd 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.653][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\12.exe be9b777561bcac8ddf57f732b4f4d48e 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Backdoor.23a][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\13.exe bc6bfe1fdbac5f0330e54aab7786c471 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Backdoor.23a][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\14.exe a92763d7bd4453551647dd2df4c40b65 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Trojan.IM.f18][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\15.exe adc8c26038ab606b280ce3ea693b5bc4 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.BO.be1][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\16.exe 53c36f8db33e033b932fe1cd5ed8653a 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.Downloader.4d0][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\17.exe 8307d2b88f6fc1373da2cad7e7505df1 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Backdoor.23a][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\18.exe 62d2c5f606e9f2e19dea14690bdf3929 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Trojan.IM.f18][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\19.exe f4ca7b214d00804ab2a0dd7110b6526f 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.BO.dcd][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\2.exe b06031dc60ccd951ba2d4afa2d5c77e0 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.508][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\20.exe a703eddc151334c7cb9d76411e7867f8 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Trojan.IM.f18][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\21.exe 8b823db94a1781f560041f4a68d8cbae 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Backdoor.23a][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\22.exe 306b006c0d16aaff267b3c67895d9c93 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Trojan.Generic][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\23.exe c132501f57681f7307e29f080627821d 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Trojan.IM.f18][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\24.exe 47283441b976b47cc684ca38807f1e4a 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.e60][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\25.exe e41e41dfd92ef895620582a946b6259b 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Trojan.f1c][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\26.exe a2967aa2f6ab820da1fd31f0e0d482e3 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Backdoor.218][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\27.exe bff9f7d8fdc95cc95c50ad9610e873dc 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Trojan.Generic][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\28.exe 196a4d29a5041e416b393b8ba2acd235 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Backdoor.a07][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\29.exe e5987854f0b9c778dfd7b4735ab30969 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Backdoor.a07][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\3.exe af182d89a96ed986226888f8d9af8116 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.e74][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\4.exe b7d1f9e128f1cb3c959f8abd4b112ee6 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.Downloader.70e][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\5.exe 6d38a6eeb1e385948ed0fba6074ba6c4 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Backdoor.a07][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\6.exe 7d5172b9bf7c9b4b445dcc63a88f0f32 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/HEUR/QVM03.0.F934.Malware.Gen][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\7.xlsm 7595dc40f4afafd883b97b2690c04fe0 70,0,70,2000,8449,1,100,0 ERT=2_0_0_1,23_100_2000_8193,11_100_2000_256 [QEX引擎][木马-macro.office.07defname.gen][修复文件][处理成功]
E:\下载\29x (2020-05-03)\8.exe d31f34a4cef032fc66739bb571e243bc 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Generic/Trojan.cb6][隔离文件][处理成功]
E:\下载\29x (2020-05-03)\9.exe 766963f23a59de5f3bda29b6ea5001e6 70,0,70,2000,256,1,100,0 ERT=2_0_0_1,11_100_2000_256 [云安全引擎][木马-Win32/Trojan.091][隔离文件][处理成功]

显示全部楼层 · 发表于 2020-5-4 12:54:55

本帖最后由 YorkWaugh 于 2020-5-4 12:58 编辑

测试时间：13:00 4/5/2020
测试产品：智量2.61
扫描结果：28
双击结果：未测试
日志：

2020-05-04 12:57:05 C:\Users\Lenovo\Desktop\29x (2020-05-03)\9.exe Heur.ML.PE.A
2020-05-04 12:57:05 C:\Users\Lenovo\Desktop\29x (2020-05-03)\8.exe Heur.ML.PE.C
2020-05-04 12:57:05 C:\Users\Lenovo\Desktop\29x (2020-05-03)\6.exe Heur.ML.PE.C
2020-05-04 12:57:04 C:\Users\Lenovo\Desktop\29x (2020-05-03)\5.exe BackDoor.Generic
2020-05-04 12:57:03 C:\Users\Lenovo\Desktop\29x (2020-05-03)\4.exe Trojan.Generic
2020-05-04 12:57:03 C:\Users\Lenovo\Desktop\29x (2020-05-03)\3.exe BackDoor.Generic
2020-05-04 12:57:03 C:\Users\Lenovo\Desktop\29x (2020-05-03)\29.exe BackDoor.Generic
2020-05-04 12:57:02 C:\Users\Lenovo\Desktop\29x (2020-05-03)\28.exe BackDoor.Generic
2020-05-04 12:57:01 C:\Users\Lenovo\Desktop\29x (2020-05-03)\24.exe Heur.ML.PE.A
2020-05-04 12:57:01 C:\Users\Lenovo\Desktop\29x (2020-05-03)\25.exe Heur.ML.PE.C
2020-05-04 12:57:00 C:\Users\Lenovo\Desktop\29x (2020-05-03)\26.exe BackDoor.Generic
2020-05-04 12:57:00 C:\Users\Lenovo\Desktop\29x (2020-05-03)\27.exe Heur.ML.PE.D
2020-05-04 12:56:59 C:\Users\Lenovo\Desktop\29x (2020-05-03)\23.exe Heur.ML.PE.C
2020-05-04 12:56:59 C:\Users\Lenovo\Desktop\29x (2020-05-03)\22.exe Heur.ML.PE.A
2020-05-04 12:56:58 C:\Users\Lenovo\Desktop\29x (2020-05-03)\21.exe Heur.ML.PE.C
2020-05-04 12:56:58 C:\Users\Lenovo\Desktop\29x (2020-05-03)\20.exe Heur.ML.PE.C
2020-05-04 12:56:57 C:\Users\Lenovo\Desktop\29x (2020-05-03)\2.exe Trojan.Generic
2020-05-04 12:56:57 C:\Users\Lenovo\Desktop\29x (2020-05-03)\19.exe Heur.ML.PE.A
2020-05-04 12:56:56 C:\Users\Lenovo\Desktop\29x (2020-05-03)\16.exe Trojan.Generic
2020-05-04 12:56:56 C:\Users\Lenovo\Desktop\29x (2020-05-03)\17.exe Heur.ML.PE.C
2020-05-04 12:56:55 C:\Users\Lenovo\Desktop\29x (2020-05-03)\18.exe Heur.ML.PE.C
2020-05-04 12:56:55 C:\Users\Lenovo\Desktop\29x (2020-05-03)\15.exe Heur.ML.PE.A
2020-05-04 12:56:55 C:\Users\Lenovo\Desktop\29x (2020-05-03)\14.exe Heur.ML.PE.C
2020-05-04 12:56:54 C:\Users\Lenovo\Desktop\29x (2020-05-03)\13.exe Heur.ML.PE.C
2020-05-04 12:56:54 C:\Users\Lenovo\Desktop\29x (2020-05-03)\12.exe Heur.ML.PE.C
2020-05-04 12:56:53 C:\Users\Lenovo\Desktop\29x (2020-05-03)\11.exe BackDoor.Generic
2020-05-04 12:56:51 C:\Users\Lenovo\Desktop\29x (2020-05-03)\10.exe Heur.ML.PE.A

复制代码

[病毒样本] 29x (2020-05-03)

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块