TrojanDownloader及其下载的DLL(样本下载的恶意DLL带有效数字签名)

00006666

TrojanDownloader及其下载的恶意DLL



519263b8e1799cd9ee3b5aa08606aa6d4600301f22ecbeb9bd998b1e69619f28.xlsb为TrojanDownloader

VT:https://www.virustotal.com/gui/file/519263b8e1799cd9ee3b5aa08606aa6d4600301f22ecbeb9bd998b1e69619f28



360沙箱:https://ata.360.cn/report/16026806075396/analyse





780519a4fcd9214963c401601874354ef8c2b3974983d50a7030564faefbd5b5.dll是该TrojanDownloader下载的其中一个恶意DLL

VT:https://www.virustotal.com/gui/file/780519a4fcd9214963c401601874354ef8c2b3974983d50a7030564faefbd5b5





DLL带有效数字签名



360沙箱:https://ata.360.cn/report/16026828353543/analyse

kaba666

卡巴拉黑DLL

aiqinghe

BEST 机器学习杀dll，扫描miss那个文档
进云沙盒等待分析云沙盒kill

心心相印

McAfee kill 1x

MegaFlyer

fsp 1x

anthonyqian

BDTS 扫描miss xlsb

780519a4fcd9214963c401601874354ef8c2b3974983d50a7030564faefbd5b5.dll is infected with Gen:Variant.Midie.105437

aboringman

360：

1. 2021-12-08 17:30:32     感染型病毒(Win32/Trojan.Injuke.HgkAShkA)MD5:970e09d821ef6d31d4433324f5649b11已删除此文件，如果您发现误删，可从隔离区恢复此文件。        d:\360极速浏览器下载\test\780519a4fcd9214963c401601874354ef8c2b3974983d50a7030564faefbd5b5.dll
   
2. D:\360极速浏览器下载\test\519263b8e1799cd9ee3b5aa08606aa6d4600301f22ecbeb9bd998b1e69619f28.xlsb        Office/Trojan.Generic.HtsAShkA        已删除

复制代码

红伞：1

1. 12/08/2021,21:16:56.334        [INFO]        FP 报告文件 'D:\test\780519a4fcd9214963c401601874354ef8c2b3974983d50a7030564faefbd5b5.dll' 的“无误报”状态 [I:10, S:111]
   
2. 12/08/2021,21:16:56.336        [INFO]        文件已通过 Protection Cloud扫描。 SHA256 = D:\test\780519a4fcd9214963c401601874354ef8c2b3974983d50a7030564faefbd5b5.dll [I:2, S:0]
   
3. 12/08/2021,21:16:56.338        [INFO]        D:\test\780519a4fcd9214963c401601874354ef8c2b3974983d50a7030564faefbd5b5.dll
   
4. 12/08/2021,21:16:56.340        [INFO]        [DETECTION] file contains 'TR/AD.KBot.780519'

复制代码

xiaobao233

心醉咖啡

毒霸

正在缓冲

Avast all
Win32:DangerousSig[Trj]   VBS:Malware-gen