楼主: aiqinghe
收起左侧

[病毒样本] 2022年0107检测率百包测试——病毒样本100x

  [复制链接]
ikochina
头像被屏蔽
发表于 2022-1-7 22:47:01 | 显示全部楼层

牛掰啊,这货你还能找到
huorong
发表于 2022-1-7 22:49:32 | 显示全部楼层
aiqinghe 发表于 2022-1-7 22:46
超级巡警竟然还存在?

已经去世了
破解
发表于 2022-1-7 22:51:01 | 显示全部楼层
ikochina 发表于 2022-1-7 22:46
我虚拟机都被穿了,2个病毒被大蜘蛛拦了

我没有双击。我打算明天把几个主流的杀软装一遍轮番扫描一遍。
aiqinghe
 楼主| 发表于 2022-1-7 22:52:00 | 显示全部楼层

那这玩意扫描率还能这么高?就离谱。。。
断簪
发表于 2022-1-7 22:57:25 | 显示全部楼层
本帖最后由 断簪 于 2022-1-7 23:05 编辑

fsp


双击之后剩下这两个,.jar打不开

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Zzzz666
头像被屏蔽
发表于 2022-1-7 22:58:22 | 显示全部楼层
ICzcz 发表于 2022-1-7 20:04
ESET:left 4-3(LiveGuard)
ESET扫描永远的神

主防不行的话,miss的这个也能让你万劫不复
ICzcz
发表于 2022-1-7 23:04:36 | 显示全部楼层

不冲突啊,也不卡占用就100多(是MDE Plan2,不是MD)
54ss
发表于 2022-1-7 23:08:24 | 显示全部楼层
BD for mac 扫描 剩余5x
swizzer
发表于 2022-1-7 23:12:54 | 显示全部楼层
本帖最后由 swizzer 于 2022-1-7 23:55 编辑

Win10 x64的虚拟机删了,就拿Win7 x64的虚拟机测试了
@aiqinghe

锁库智量
病毒库日期:2021/12/8

将所有压缩包解压出来,并在双击过程中剔除无效样本,得到98x有效样本。
扫描+双击剩余3x
其中,Office样本主防没有删除本体,但是识别并阻断了恶意行为,计入成绩。
有一个msi样本的Payload是dll,智量内存防护在样本外联之前杀了rundll32,计入成绩。
有几个杀了衍生物,本体无外联无启动/注入进程行为,认为是Dropper,计入成绩。——————————————————
更新:剩余的doc是调用eqnedt32.exe下载payload的,但是被智量拦截了外联
2022-01-07 22:53:50|C:\Windows\System32\svchost.exe|恶意程序网址: kizitox.cf

日志如上


有效检测率:
(95+1)/98≈97.9%

截图:

完整的主防日志(扫描日志太长,略去)
  1. 2022-01-07 22:51:32|C:\Users\Dolphiner\lsdvxmyxnj.js|WIBD:HEUR.JavaAgent.A01
  2. 2022-01-07 22:51:35|C:\Users\Dolphiner\AppData\Roaming\yjhzaxew.txt|WIBD:HEUR.JavaAgent.A01
  3. 2022-01-07 22:51:39|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\e58a24b433a523b44e80a23d1993113b965850e9260970f3fed211a3e641503c.jar|WIBD:HEUR.JavaAgent.A
  4. 2022-01-07 22:51:45|C:\Users\Dolphiner\AppData\Roaming\yjhzaxew.txt|威胁回滚(隔离)
  5. 2022-01-07 22:51:45|C:\Users\Dolphiner\lsdvxmyxnj.js|威胁回滚(隔离)
  6. 2022-01-07 22:51:57|C:\Users\Dolphiner\AppData\Roaming\macjoe597.exe|Heur.ML.PE.C
  7. 2022-01-07 22:52:02|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\8c348ba34d087d796edd19b5955ec0ffd0befd0c72d373a2ebdd73d37d7e3bbb.js|WIBD:HEUR.MalBehavior.D5111
  8. 2022-01-07 22:52:02|C:\Users\Dolphiner\AppData\Local\Temp\Scanned Copy of Documents.exe|WIBD:HEUR.MalBehavior.D5111
  9. 2022-01-07 22:52:11|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\78b85eb30ba4c6994d56a5c2da5b02a1f8ee4129af94d41873328c92ca982ce2.js|WIBD:HEUR.MalBehavior.D5111
  10. 2022-01-07 22:52:11|C:\Users\Dolphiner\AppData\Local\Temp\Scanned Copy of Documents.exe|WIBD:HEUR.MalBehavior.D5111
  11. 2022-01-07 22:52:45|C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE->180.214.237.30|事件: 访问网络  操作: 允许
  12. 2022-01-07 22:52:47|C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE->127.0.0.1|事件: 访问网络  操作: 允许
  13. 2022-01-07 22:52:47|C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE->180.214.237.30|事件: 访问网络  操作: 允许
  14. 2022-01-07 22:52:50|C:\Program Files\Microsoft Office\Office16\EXCEL.EXE->52.109.112.104|事件: 访问网络  操作: 允许
  15. 2022-01-07 22:53:34|C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe->104.77.65.186|事件: 访问网络  操作: 允许
  16. 2022-01-07 22:53:50|C:\Windows\System32\svchost.exe|恶意程序网址: kizitox.cf
  17. 2022-01-07 22:53:55|C:\Program Files\Microsoft Office\Office16\WINWORD.EXE->52.109.6.42|事件: 访问网络  操作: 允许
  18. 2022-01-07 22:54:21|C:\Users\Dolphiner\AppData\Local\Temp\jotow.exe|WIBD:Exploit.Office.A0
  19. 2022-01-07 22:54:43|C:\Users\Public\vbc.exe|WIBD:Exploit.Office.A0
  20. 2022-01-07 22:54:59|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\0489580169589b78f5529ca327fee05921ff44c32c87ef456eeda6367b0d779f.vbs->154.120.66.200|事件: 访问网络  操作: 允许
  21. 2022-01-07 22:55:15|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\SOA with double PO.exe|Heur.ML.PE.A
  22. 2022-01-07 22:55:18|C:\Users\Public\\Videos\\hml.HtA|WIBD:HEUR.MalBehavior.A0
  23. 2022-01-07 22:55:34|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\Overdue invoice.exe|Heur.ML.PE.C
  24. 2022-01-07 22:55:34|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\RFQ.exe|Trojan.Generic
  25. 2022-01-07 22:55:35|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\SOA.exe|Heur.ML.PE.C
  26. 2022-01-07 22:55:51|C:\Users\Public\\Videos\\hml.HtA|WIBD:HEUR.MalBehavior.A0
  27. 2022-01-07 22:56:29|C:\Program Files\CatsxpSoftware\Catsxp-Browser\Application\catsxp.exe->[2001:4860:4860::8888]|事件: 访问网络  操作: 允许
  28. 2022-01-07 22:56:42|C:\Users\Dolphiner\Documents\dvzlxhvpvlhjzpocrvn.exe->20.195.224.239|事件: 访问网络  操作: 允许
  29. 2022-01-07 22:57:01|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6a7156a5145f236ba7d54846283937e7de223a933539b3869ac72a0bf7e8bbe9.exe|WIBD:HEUR.Injector.H
  30. 2022-01-07 22:57:04|C:\Windows\SysWOW64\rundll32.exe|MEMRAY:MalThread.A0
  31. 2022-01-07 22:57:28|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\1d885d15d44ee25d356b70b392b8e28afd66c96703653108224ae7337def768b.exe|WIBD:HEUR.PEObfuscator.C
  32. 2022-01-07 22:57:33|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\5a6642f8f39567bfe0ce22c317f536d79deed32f63c6b7fa39eab7f60e7a8fb0.exe|WIBD:HEUR.PEObfuscator.C
  33. 2022-01-07 22:57:40|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736.exe|WIBD:HEUR.Injector.H
  34. 2022-01-07 22:57:52|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\a1457e7a591877c3732325e462c479a450b19bda91ecaca0a37cdb137ed152ae.exe|WIBD:HEUR.Trojan.FB
  35. 2022-01-07 22:57:52|C:\Users\Dolphiner\AppData\Roaming\Microsoft\Security\Windows SecurityL.exe|WIBD:HEUR.Trojan.FB
  36. 2022-01-07 22:57:59|C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE->127.0.0.2|事件: 访问网络  操作: 允许
  37. 2022-01-07 22:57:59|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6c0a4d3b03b1331dc9c31134c621f45bcd9bf6bc6818d61b3d7f455bf65b0b66.exe|WIBD:HEUR.PEObfuscator.C
  38. 2022-01-07 22:58:01|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)gwejglkaj3kjalkjw.exe|Heur.ML.PE.B
  39. 2022-01-07 22:58:02|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)gwejglkaj3kjalkjw.exe|Heur.ML.PE.B
  40. 2022-01-07 22:58:02|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\5a6642f8f39567bfe0ce22c317f536d79deed32f63c6b7fa39eab7f60e7a8fb0.exe|WIBD:HEUR.PEObfuscator.C
  41. 2022-01-07 22:58:03|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\d371f62ae8c1c2eb6d69c932db494cc48975b89082e9b22cb15ab79021f3b0c0.exe|WIBD:HEUR.Trojan.KD
  42. 2022-01-07 22:58:07|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6d7c3090846a9b2c49370bc771aba3bce06900206e4cebf868de1da018d03656.exe|WIBD:HEUR.PEObfuscator.C
  43. 2022-01-07 22:58:11|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\4baac3b8ad518a9997d8c0f869b119c7a537349a1a8e1fc75ad1c765cb8d15cb.exe|WIBD:HEUR.PEObfuscator.C
  44. 2022-01-07 22:58:14|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\PRODUCTS INQUIRIES.exe|WIBD:HEUR.MalPersistence.M0
  45. 2022-01-07 22:58:17|C:\Users\Dolphiner\AppData\Local\Temp\tmp1821.tmp|WIBD:HEUR.MalPersistence.M0
  46. 2022-01-07 22:58:22|C:\Users\Dolphiner\AppData\Roaming\DTeQwDsPYAV.exe|威胁回滚(隔离)
  47. 2022-01-07 22:58:29|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\b1090fca7443fd9d5fae0f8490badf5676aeb2f79b0a08e6cb3b299d7c4fc4f2.exe|WIBD:HEUR.PEObfuscator.C
  48. 2022-01-07 22:58:37|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6f605c15b2480a3a0e93a9f45dd658cdfc0cd03349c8da5380976d65f1c747c5.exe|WIBD:HEUR.Injector.H
  49. 2022-01-07 22:58:41|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\acc1c22f2003ccec8114d0cf6f022836c8e00ab0e895a6a59f6a11cdec2db3b4.exe|WIBD:HEUR.MalPersistence.M0
  50. 2022-01-07 22:58:44|C:\Users\Dolphiner\AppData\Local\Temp\tmp82F4.tmp|WIBD:HEUR.MalPersistence.M0
  51. 2022-01-07 22:58:48|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6f02b05562b44a280abe0c931812caa9b2e9d68ba89d4826c0973f9cea6e84b8.exe|WIBD:HEUR.MalPowerShell.B0
  52. 2022-01-07 22:58:49|C:\Users\Dolphiner\AppData\Roaming\vDaZiF.exe|威胁回滚(隔离)
  53. 2022-01-07 22:59:00|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe->C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe|事件: 启动程序  操作: 允许
  54. 2022-01-07 22:59:18|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe->C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe|事件: 启动程序  操作: 允许
  55. 2022-01-07 22:59:23|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\16cd4a163cda21b2501d650ab0c0a4fce57f2d7845bdd42268a27d6bfbab282d.exe|WIBD:HEUR.PEObfuscator.C
  56. 2022-01-07 22:59:23|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6d9cffad54a9be6a0bf146b1a4cb1257d432c133a8dd5d8379f7b791833a695b.exe|WIBD:HEUR.PEObfuscator.C
  57. 2022-01-07 22:59:29|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\8592d578f269100d67bf1faa464e23de7bf0c1266bad19d2bf6bcce0501158a3.exe|WIBD:HEUR.MalPowerShell.B0
  58. 2022-01-07 22:59:33|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\85648195f2224ec1ad0531e85ae3128ef57d59b408edbfb5a3c817812960429a.exe|WIBD:HEUR.MalPersistence.M0
  59. 2022-01-07 22:59:36|C:\Users\Dolphiner\AppData\Local\Temp\tmp4F28.tmp|WIBD:HEUR.MalPersistence.M0
  60. 2022-01-07 22:59:41|C:\Users\Dolphiner\AppData\Roaming\AIIklJG.exe|威胁回滚(隔离)
  61. 2022-01-07 22:59:49|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe->C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe|事件: 启动程序  操作: 允许
  62. 2022-01-07 22:59:55|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\53173bd6c646d3f4a8404d0f508caa27fb4ab7a3c2df3e4fe3912bfaa94093c3.exe|WIBD:HEUR.MalPersistence.M0
  63. 2022-01-07 22:59:58|C:\Users\Dolphiner\AppData\Local\Temp\tmpA218.tmp|WIBD:HEUR.MalPersistence.M0
  64. 2022-01-07 23:00:03|C:\Users\Dolphiner\AppData\Roaming\lwiDJbaJaBVdq.exe|威胁回滚(隔离)
  65. 2022-01-07 23:00:08|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe->C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe|事件: 启动程序  操作: 允许
  66. 2022-01-07 23:00:14|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\006836c6ebc6735312cfd54835457bda86ef1b77fb30d48261e004dc8cd7c382.exe|MEMRAY:MalCode.B01
  67. 2022-01-07 23:00:33|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\43be4008732481434fc9a4f2bf3ceab8a9c467b0ea0acde7d701a82b3083396b.exe|WIBD:HEUR.MalPowerShell.B0
  68. 2022-01-07 23:00:39|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\24ae0691d84b4cf88375147998be588fb378bf50c03487ae65e2c25139baea81.exe|WIBD:HEUR.MalPowerShell.B0
  69. 2022-01-07 23:00:46|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe|WIBD:HEUR.Trojan.KD00
  70. 2022-01-07 23:01:11|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\677ea3bde24fd6ccb8945d584eab801c52309dd46f98b2ea6f433e173379c91a.exe|WIBD:HEUR.MalPersistence.M0
  71. 2022-01-07 23:01:14|C:\Users\Dolphiner\AppData\Local\Temp\tmpCBC6.tmp|WIBD:HEUR.MalPersistence.M0
  72. 2022-01-07 23:01:18|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\937f8a1fdba02c0f423af925d4820b23cdfa18dc82e46f76bd8ff9c121ef5022.exe|WIBD:HEUR.MalPersistence.M0
  73. 2022-01-07 23:01:21|C:\Users\Dolphiner\AppData\Local\Temp\tmpD420.tmp|WIBD:HEUR.MalPersistence.M0
  74. 2022-01-07 23:01:24|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6821b08cb8ebc1e38504de290856429fed68be2fcaa455e6dde2e6f9926787c1.exe|WIBD:HEUR.PEObfuscator.C
  75. 2022-01-07 23:01:28|C:\Users\Dolphiner\AppData\Roaming\ExJzQxPdaUBiEk.exe|威胁回滚(隔离)
  76. 2022-01-07 23:01:29|C:\Users\Dolphiner\AppData\Roaming\ceJnQOvB.exe|威胁回滚(隔离)
  77. 2022-01-07 23:02:55|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\39c6a2772606c2c89e4fe626ac94d9b6435420e752a987803947bce3248697e0.exe|WIBD:HEUR.PEObfuscator.C
复制代码

@智量官方 剩下的那个doc主防没杀?似乎也是漏洞利用ednedt32.exe干坏事儿的
另外,拦截恶意网址的弹窗为啥只在第一次双击时出现,之后双击就没有显示呢
是为了解决同一个恶意网址多次弹窗的问题吗···但是这样又导致了上面这个问题的出现。。。


企稳向好
发表于 2022-1-7 23:31:32 | 显示全部楼层
有趣,FS的DG和APC联动了,这样APC就参与FS的全程防护了(监控、扫描、执行)





希望FS自己的云再加强点(fsmind),白皮书吹自己的云,把Avira一笔带过,实际表现存在感却完全反过来,这是不是也不太好

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 19:38 , Processed in 0.091122 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表