【开放测试】卡饭病毒样本包 20201002 第114期

a233

测试软件：Panda Free Antivirus
结果：扫描(5/23) 21.74%
截图：

QWQxd

测试产品：腾讯电脑管家国际版
测试结果：0/23=0%

lexsm

huorong 发表于 2020-10-2 18:34
测试产品：2345安全卫士 6.2版本测试结果：0/23=0%
测试截图如下：

2 3 4 5 稳 如 老 狗

LSPD

测试软件：EIS 13.1
结果：扫描 17/22 双击2/5
6420ce5331f51a271e4b9bc2357b7fe035de37e41171d099f4ae94999f7e5439 无启用宏提示
c8dc8ebef199b27a854ec7ec33d76a15ac7d8cfbd1ba7afa3dc48d9332e90f92
dfe54a5cc97c3d0b44b7182c6b7d43d161f27bd7bba0959f988e8ddd4be3d631双击报错
截图：

dg1vg4

• 测试软件：ESET NOD32 4.0 For Linux(环境：deepin V20 keneral:5.4)
• 结果：文件监控（17/23）+手动扫描（0/6）=(17/23)=73.91%
• 截图：
  

YU2711

• 测试软件：Trend Micro Apex One
• 结果：扫描7/23   双击6/16
• 截图：
  

swizzer

川建国代{过}{滤}理人 发表于 2020-10-2 18:26
测试软件：智量终端安全V2.67高启发
结果：扫描19/23+主防 2/4=21/23=91.3%
截图：

稍等一下，这个jar由我来双击
——————————————————

payload下载可真慢。。。看了一眼，估计跟前几天双击的那个是一个家族，先下载白文件（node相关组件）再下载黑js···

等待ing···

--------------------
半个小时了，payload竟然还没完全落地
----------------

终于。。

川建国代理人

swizzer 发表于 2020-10-2 21:48
稍等一下，这个jar由我来双击

这个新虚拟机今天刚弄，Office和Java等等都没装等会我给装上

Nocria

IK - 19/23

1. [02.10.2020 22:19:02] On-demand scan started: "user_defined"
   
2. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Trojan.VBA.Agent", SigId: 3848143, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\1b51d0ffc92c95be92b7da71bd49b75910839d15203a0fc8a52172ed51e3ed87.doc"
   
3. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Trojan-Spy.Agent", SigId: 312941500, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\1266fa18e0ae0fa01e2cf72e9055c62ccb1712ee52f94ec80d26ce27196e6897.dll"
   
4. [02.10.2020 22:19:02] Found, 0.15s, SigName: "Win32.SuspectCrc", SigId: 312964451, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\4941926b3a6b027248ec257184b0a0f6128193947288dc313208eed459f19d6a.jar"
   
5. [02.10.2020 22:19:02] Found, 0.15s, SigName: "Trojan.MSIL.Inject", SigId: 3936729, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\4e0d9011480354268839674ee979b89b902a9672dc5b728c3428bd613ba65154.exe"
   
6. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Trojan.Win32.Krypt", SigId: 312970110, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\6103b1c38fc1eed6098eccf623cc093d0d54288d08ed5e90849f06688fe8b250.dll"
   
7. [02.10.2020 22:19:02] Found, 0.16s, SigName: "Exploit.CVE-2017-0199", SigId: 3849876, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\6420ce5331f51a271e4b9bc2357b7fe035de37e41171d099f4ae94999f7e5439.xlsx"
   
8. [02.10.2020 22:19:02] Found, 0.16s, SigName: "Trojan.Win32.Injector", SigId: 312970111, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\7a30279d9a17f60370018e2e519d9f3a5a423b79c996e2ce25649505206d0d53.exe"
   
9. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Trojan.DOC.Crypt", SigId: 312934310, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\80ecd0d16acabdf0b51b841b978ae9b02ee4a475ce5069bbd28c203af8f92841.xls"
   
10. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Exploit.CVE-2017-0199", SigId: 3849876, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\8bc5f10aeb794d356df1974f501ed3712ef105793bc793c99246fec6cc770001.xlsx"
    
11. [02.10.2020 22:19:02] Found, 0.16s, SigName: "Trojan.SuspectCRC", SigId: 312955080, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\8c8896ec10234612dd5063dfa4f84ca815ace19c4c2b0b3def9c29be0029f390.dll"
    
12. [02.10.2020 22:19:02] Found, 0.16s, SigName: "Trojan.Win32.Injector", SigId: 312902862, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\a2a95abdc357f8ebb4ad5ac4017cca21882d67431e7afc49dd268182c8214506.exe"
    
13. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Win32.SuspectCrc", SigId: 312934452, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\a6470f4a3b0b76de33c62703bd5c8559a6555440c977a2632c37444847c5a693.exe"
    
14. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Exploit.CVE-2017-0199", SigId: 3849876, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\ad6b1ee638251f696964e6cedf93d55eea5442a83843a4fbd5676114d46cd645.xlsx"
    
15. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Trojan-Downloader.PowerShell.Agent", SigId: 312931166, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\b877fc9ef1769ee3f788c2da68b077d515c2b8356756e8cab9ececed99bbb7c1.ps1"
    
16. [02.10.2020 22:19:02] Found, 0.15s, SigName: "Trojan-Banker.Emotet", SigId: 312917568, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\ccb02b2a1d25f645bbac7b889e83db30be8fc71f8ef9b2a16d651fe556d170f0.exe"
    
17. [02.10.2020 22:19:02] Found, 0.15s, SigName: "Trojan-Downloader.DOC.Agent", SigId: 312965275, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\d21af67a9556d136d8ae6985a9492d47ee5ce2261658af2e5e7a30971b0c3372.doc"
    
18. [02.10.2020 22:19:02] Found, 0.00s, SigName: "Trojan.Win64.Crypt", SigId: 312941108, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\d6952e516964bb1e9e333a0decbcde399c8863569a950feb4c825b41b2f7a3e9.exe"
    
19. [02.10.2020 22:19:03] Found, 0.219s, SigName: "Trojan-Spy.Agent", SigId: 3918197, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\dddaa72573b6b7c2fa0559290c70ee18c5a0236bf43d99bd1c7fb866929ea6e8.msi"
    
20. [02.10.2020 22:19:03] Found, 0.00s, SigName: "Trojan.Win32.Gencbl", SigId: 312936538, Type: "VIRUS", File: "C:\Users\promi\Desktop\23x (2020-10-02)\23x (2020-10-02)\f895652916dd67be2dd3f14e92ee3795a6ff3888a6b255eee0a9554350d6726a.exe"
    
21. [02.10.2020 22:19:03] On-demand scan FINISHED: "user_defined"
    
22. [02.10.2020 22:19:03] ----------------------------------------------------
    
23. [02.10.2020 22:19:03] Directories scanned: 2
    
24. [02.10.2020 22:19:03] Files scanned: 23
    
25. [02.10.2020 22:19:03] Virus found: 19
    
26. [02.10.2020 22:19:03] ----------------------------------------------------

复制代码

swizzer

川建国代理人 发表于 2020-10-2 21:53
这个新虚拟机今天刚弄，Office和Java等等都没装等会我给装上

等了40min，payload终于落地了···主防杀
https://s1.ax1x.com/2020/10/02/019Zvj.png

但本体还在。不过也是成功防御。