adware 5x

落华无痕

样本（infected）：https://free.lanzoui.com/iPj7nsbjl5e

haroomini

下载压缩包扫描剩下xNotepadSev和xxNotepad_vsd
安全大脑xNotepadSev  Generic/Trojan.Generic.6359
xxNotepad_vsd             Generic/Trojan.Generic.6359

anthonyqian

BullGuard

lock_SetupWIFI.exe
ADWARE/Qjwmonkey.Gen

双击

xxnotepad_vsd.exe  DR/AutoIt.Gen


xnotepadsev.exe  HEUR/APC


setup_15.exe  TR/Redcap.68ae60


notes_215_1.exe   Drop.Win32.GEN.FL.100

aboringman

KIS：3

ANY.LNK

Microsoft Defender：
压缩包一下载下来就触发了自动上报
随后解压+扫描清空

846472713

cylance 2/5；智量 5/5；360 3/5

wwwab

aboringman 发表于 2021-8-7 02:26
KIS：3

Hello,

New malicious software was found in the following files, the detection will be included to the next update:
8B26077DC1FC55C8E9CAAE84E0A8D91AF1512E0219071E3809796F67D82F3361 - Trojan-Downloader.Win32.Autoit.wcn
BA2BD3FD4F373C5B41357C4C02D74167220BCBA9D98275EA996B9E147396EA5D - Trojan-Downloader.Win32.Autoit.wcn

Thank you for your help.

救命稻草

ESET 2X



双击kill 1衍生物

心心相印

红伞清空

Nocria

IKARUS - 3/5

1. [07.08.2021 09:26:19] On-demand scan started: "user_defined"
   
2. [07.08.2021 09:26:19] Found, 0.62s, SigName: "Trojan.Win32.CoinMiner", SigId: 3623568, Type: "VIRUS", File: "C:\Users\promi\Desktop\adware5x\adware5x\lock_SetupWIFI.exe"
   
3. [07.08.2021 09:26:20] Found, 0.391s, SigName: "PUA.Autoit", SigId: 3346002, Type: "VIRUS", File: "C:\Users\promi\Desktop\adware5x\adware5x\xNotepadSev.exe"
   
4. [07.08.2021 09:26:21] Found, 1.78s, SigName: "PUA.Autoit", SigId: 3346002, Type: "VIRUS", File: "C:\Users\promi\Desktop\adware5x\adware5x\xxNotepad_vsd.exe"
   
5. [07.08.2021 09:26:21] On-demand scan FINISHED: "user_defined"
   
6. [07.08.2021 09:26:21] ----------------------------------------------------
   
7. [07.08.2021 09:26:21] Directories scanned: 2
   
8. [07.08.2021 09:26:21] Files scanned: 5
   
9. [07.08.2021 09:26:21] Virus found: 3
   
10. [07.08.2021 09:26:21] ----------------------------------------------------
    

复制代码