【开放测试】卡饭病毒样本包 20210214 第124期

hsks

qwerwer 发表于 2021-2-14 21:30
火绒这次翻车得太厉害了，顺便问下，上报了没

不会上报
而且也懒得搞账号

火绒爃

https://s.threatbook.cn/report/f ... p1_enx86_office2013
https://s.threatbook.cn/report/f ... p1_enx86_office2013
两个我认为并没有明显危害的程序
https://s.threatbook.cn/report/f ... p1_enx86_office2013
https://s.threatbook.cn/report/f ... p1_enx86_office2013
两个远控木马
https://s.threatbook.cn/report/f ... p1_enx86_office2013
一个会让鼠标失控的恶搞程序

DPT1

金山

av_lab

mcafeeVSE 剩7个
剩下的除了一个jar包和一个exe，其他基本上是脚本文件，简单的看了一眼，主要是下载恶意文件和关闭杀毒软件的。

没当病毒杀掉也是意料之中，偷懒一下，就不下载那几个恶意样本了。

1. 2021/2/14        13:13:01                引擎版本                                    =        6200.9189
   
2. 2021/2/14        13:13:01                防病毒 DAT 版本                              =        9894.0
   
3. 2021/2/14        13:13:01                EXTRA.DAT 中的检测项特征码数                     =        无
   
4. 2021/2/14        13:13:01                EXTRA.DAT 中的检测项特征码名称                    =        无
   
5. 2021/2/14        21:47:30        已删除         10x (2020-02-14)\10x (2020-02-14)\64cfb10817f12511be4941e97e4eb396194a0f7ab84e6ae33618e7d10f1f252f.xls        RDN/Qakbot (特洛伊)       
   
6. 2021/2/14        21:47:30        已删除         10x (2020-02-14)\10x (2020-02-14)\1ebcb4a768f8b9e0aab94043cae179a841a9c77e496a00676f6c4a3e023f135d.exe        RDN/Generic.grp (特洛伊)       
   
7. 2021/2/14        21:47:31        已删除         10x (2020-02-14)\10x (2020-02-14)\ccea3ec883dbebf01bf405a8191e375dcdad2ab03b4601bd34b5261a3acf3fea.exe        Trojan-FSCN!5B030FC33A27 (特洛伊)

复制代码

火绒爃

几个可执行程序并没有感觉到样本质量高

hsks

火绒爃 发表于 2021-2-14 21:50
几个可执行程序并没有感觉到样本质量高

也许还有行为没分析出来

火绒爃

远控的行为肯定分析不全

qwerwer

hsks 发表于 2021-2-14 21:32
不会上报
而且也懒得搞账号

那我去上报下

renyifei

Bitdefender kill all




Contextual ScanLog File
C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\S-1-5-21-3634809091-2012328782-2489728151-500\2ab858ed-450b-4bb6-b67c-8e3c45ec13ac\1613345317_1_02.xml
Scan date:2021年2月15日 7:28:51

Scanned items11

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\mFlZH7HUXLN7qoKFo5Lh.dll

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\mT7254twc0u28G1WiMFY.exe

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\q0m14U2047PnCwT5IPoH.xlsm

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\qk2g8KqSWQaNBsDmsMFl.xls

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\wupV98El0qZkpEvMqX4q.exe

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\00p86q8O9A8Wt3xwIx1h.exe

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\5AKpkW1MReljH1l7JR9t.dll

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\5LSOYd0Bp9PPAZ15eR2p.dll

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\7U7O9BEXC93933dY12f4.xlsb

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\C5daPw1V44tZhUX8y1tO.exe

C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\ltEg29MK5zQ07PB7hvbJ.vbs

Scan Results Summary
Resolved issues
Item pathThreat NameAction taken
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\5LSOYd0Bp9PPAZ15eR2p.dllTrojan.GenericKD.36341062Deleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\wupV98El0qZkpEvMqX4q.exeTrojan.GenericKD.45710257Deleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\qk2g8KqSWQaNBsDmsMFl.xlsTrojan.DOC.Exploit.RDeleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\q0m14U2047PnCwT5IPoH.xlsmTrojan.GenericKD.36326954Deleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\mT7254twc0u28G1WiMFY.exeTrojan.GenericKD.36327207Deleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\ltEg29MK5zQ07PB7hvbJ.vbsVB:Trojan.VBS.Agent.BOYDeleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\5AKpkW1MReljH1l7JR9t.dllTrojan.GenericKD.36326576Deleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\7U7O9BEXC93933dY12f4.xlsbTrojan.GenericKD.45717026Deleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\C5daPw1V44tZhUX8y1tO.exeTrojan.GenericKDZ.72961Deleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\00p86q8O9A8Wt3xwIx1h.exeTrojan.GenericKD.36329541Deleted
C:\Users\Administrator\Downloads\11x (2021-02-11)\11x (2021-02-11)\mFlZH7HUXLN7qoKFo5Lh.dllGen:Variant.Graftor.918720DeletedDetailed Scan Summary
Basic

Scanned items	11
Infected items	11
Suspicious items	0(no suspected items have been detected)
Resolved items	11
Unresolved items	0 (no issues remained unresolved)

Advanced

Scan time	00:00:02
Files per second	5
Skipped items	0
Password protected:	0
Overcompressed items	0
Scanned archives	0
Input-output errors	0
Scanned boot sectors	0
Scanned processes	0
Infected processes	0
Scanned registry keys	0
Infected registry keys	0
Scanned cookies	0
Infected cookies	0

Scan Options
Targeted threat types

Scan for threats	Yes
Scan for adware	Yes
Scan for spyware	Yes
Scan for applications	Yes
Scan for dialers	Yes
Scan for rootkits	No
Scan for keyloggers	Yes

Scan options

Scan registry keys	No
Scan cookies	No
Scan boot sectors	No
Scan memory processes	No
Scan archives	Yes
Scan runtime packers	Yes
Scan emails	Yes
Scan all files	Yes
Heuristic Scan	Yes
Scanned extensions	not configured
Excepted extensions	not configured

Target Processing

Primary action taken on infected items	None
Secondary action taken on infected items	None
Primary action taken on suspicious items	None
Secondary action taken on suspicious items	None
Action taken on hidden items	None
Action taken on password protected items	Prompt for password

Scan Engines Summary

Number of threat information updates

10346241

k2132

智量