2022年0107检测率百包测试——病毒样本100x

ikochina

huorong 发表于 2022-1-7 22:23
超级巡警 39个

牛掰啊，这货你还能找到

huorong

aiqinghe 发表于 2022-1-7 22:46
超级巡警竟然还存在？

已经去世了

破解

ikochina 发表于 2022-1-7 22:46
我虚拟机都被穿了，2个病毒被大蜘蛛拦了

我没有双击。我打算明天把几个主流的杀软装一遍轮番扫描一遍。

aiqinghe

huorong 发表于 2022-1-7 22:49
已经去世了

那这玩意扫描率还能这么高？就离谱。。。

断簪

fsp


双击之后剩下这两个，.jar打不开

Zzzz666

ICzcz 发表于 2022-1-7 20:04
ESET：left 4-3（LiveGuard）
ESET扫描永远的神

主防不行的话，miss的这个也能让你万劫不复

ICzcz

bbs2811125 发表于 2022-1-7 22:28
这两个不冲突吗

不冲突啊，也不卡占用就100多（是MDE Plan2，不是MD）

54ss

BD for mac 扫描 剩余5x

swizzer

Win10 x64的虚拟机删了，就拿Win7 x64的虚拟机测试了
@aiqinghe

锁库智量
病毒库日期：2021/12/8
将所有压缩包解压出来，并在双击过程中剔除无效样本，得到98x有效样本。
扫描+双击剩余3x
其中，Office样本主防没有删除本体，但是识别并阻断了恶意行为，计入成绩。
有一个msi样本的Payload是dll，智量内存防护在样本外联之前杀了rundll32，计入成绩。
有几个杀了衍生物，本体无外联无启动/注入进程行为，认为是Dropper，计入成绩。——————————————————
更新：剩余的doc是调用eqnedt32.exe下载payload的，但是被智量拦截了外联

2022-01-07 22:53:50|C:\Windows\System32\svchost.exe|恶意程序网址: kizitox.cf

日志如上


有效检测率：
(95+1)/98≈97.9%

截图：

完整的主防日志（扫描日志太长，略去）

1. 2022-01-07 22:51:32|C:\Users\Dolphiner\lsdvxmyxnj.js|WIBD:HEUR.JavaAgent.A01
   
2. 2022-01-07 22:51:35|C:\Users\Dolphiner\AppData\Roaming\yjhzaxew.txt|WIBD:HEUR.JavaAgent.A01
   
3. 2022-01-07 22:51:39|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\e58a24b433a523b44e80a23d1993113b965850e9260970f3fed211a3e641503c.jar|WIBD:HEUR.JavaAgent.A
   
4. 2022-01-07 22:51:45|C:\Users\Dolphiner\AppData\Roaming\yjhzaxew.txt|威胁回滚(隔离)
   
5. 2022-01-07 22:51:45|C:\Users\Dolphiner\lsdvxmyxnj.js|威胁回滚(隔离)
   
6. 2022-01-07 22:51:57|C:\Users\Dolphiner\AppData\Roaming\macjoe597.exe|Heur.ML.PE.C
   
7. 2022-01-07 22:52:02|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\8c348ba34d087d796edd19b5955ec0ffd0befd0c72d373a2ebdd73d37d7e3bbb.js|WIBD:HEUR.MalBehavior.D5111
   
8. 2022-01-07 22:52:02|C:\Users\Dolphiner\AppData\Local\Temp\Scanned Copy of Documents.exe|WIBD:HEUR.MalBehavior.D5111
   
9. 2022-01-07 22:52:11|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\78b85eb30ba4c6994d56a5c2da5b02a1f8ee4129af94d41873328c92ca982ce2.js|WIBD:HEUR.MalBehavior.D5111
   
10. 2022-01-07 22:52:11|C:\Users\Dolphiner\AppData\Local\Temp\Scanned Copy of Documents.exe|WIBD:HEUR.MalBehavior.D5111
    
11. 2022-01-07 22:52:45|C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE->180.214.237.30|事件: 访问网络  操作: 允许
    
12. 2022-01-07 22:52:47|C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE->127.0.0.1|事件: 访问网络  操作: 允许
    
13. 2022-01-07 22:52:47|C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE->180.214.237.30|事件: 访问网络  操作: 允许
    
14. 2022-01-07 22:52:50|C:\Program Files\Microsoft Office\Office16\EXCEL.EXE->52.109.112.104|事件: 访问网络  操作: 允许
    
15. 2022-01-07 22:53:34|C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe->104.77.65.186|事件: 访问网络  操作: 允许
    
16. 2022-01-07 22:53:50|C:\Windows\System32\svchost.exe|恶意程序网址: kizitox.cf
    
17. 2022-01-07 22:53:55|C:\Program Files\Microsoft Office\Office16\WINWORD.EXE->52.109.6.42|事件: 访问网络  操作: 允许
    
18. 2022-01-07 22:54:21|C:\Users\Dolphiner\AppData\Local\Temp\jotow.exe|WIBD:Exploit.Office.A0
    
19. 2022-01-07 22:54:43|C:\Users\Public\vbc.exe|WIBD:Exploit.Office.A0
    
20. 2022-01-07 22:54:59|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\0489580169589b78f5529ca327fee05921ff44c32c87ef456eeda6367b0d779f.vbs->154.120.66.200|事件: 访问网络  操作: 允许
    
21. 2022-01-07 22:55:15|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\SOA with double PO.exe|Heur.ML.PE.A
    
22. 2022-01-07 22:55:18|C:\Users\Public\\Videos\\hml.HtA|WIBD:HEUR.MalBehavior.A0
    
23. 2022-01-07 22:55:34|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\Overdue invoice.exe|Heur.ML.PE.C
    
24. 2022-01-07 22:55:34|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\RFQ.exe|Trojan.Generic
    
25. 2022-01-07 22:55:35|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\SOA.exe|Heur.ML.PE.C
    
26. 2022-01-07 22:55:51|C:\Users\Public\\Videos\\hml.HtA|WIBD:HEUR.MalBehavior.A0
    
27. 2022-01-07 22:56:29|C:\Program Files\CatsxpSoftware\Catsxp-Browser\Application\catsxp.exe->[2001:4860:4860::8888]|事件: 访问网络  操作: 允许
    
28. 2022-01-07 22:56:42|C:\Users\Dolphiner\Documents\dvzlxhvpvlhjzpocrvn.exe->20.195.224.239|事件: 访问网络  操作: 允许
    
29. 2022-01-07 22:57:01|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6a7156a5145f236ba7d54846283937e7de223a933539b3869ac72a0bf7e8bbe9.exe|WIBD:HEUR.Injector.H
    
30. 2022-01-07 22:57:04|C:\Windows\SysWOW64\rundll32.exe|MEMRAY:MalThread.A0
    
31. 2022-01-07 22:57:28|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\1d885d15d44ee25d356b70b392b8e28afd66c96703653108224ae7337def768b.exe|WIBD:HEUR.PEObfuscator.C
    
32. 2022-01-07 22:57:33|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\5a6642f8f39567bfe0ce22c317f536d79deed32f63c6b7fa39eab7f60e7a8fb0.exe|WIBD:HEUR.PEObfuscator.C
    
33. 2022-01-07 22:57:40|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\f10d43cfd07a986f1f3c75eb7c90af7e1d841530709f8dcac64bfbfcb53ec736.exe|WIBD:HEUR.Injector.H
    
34. 2022-01-07 22:57:52|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\a1457e7a591877c3732325e462c479a450b19bda91ecaca0a37cdb137ed152ae.exe|WIBD:HEUR.Trojan.FB
    
35. 2022-01-07 22:57:52|C:\Users\Dolphiner\AppData\Roaming\Microsoft\Security\Windows SecurityL.exe|WIBD:HEUR.Trojan.FB
    
36. 2022-01-07 22:57:59|C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE->127.0.0.2|事件: 访问网络  操作: 允许
    
37. 2022-01-07 22:57:59|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6c0a4d3b03b1331dc9c31134c621f45bcd9bf6bc6818d61b3d7f455bf65b0b66.exe|WIBD:HEUR.PEObfuscator.C
    
38. 2022-01-07 22:58:01|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)gwejglkaj3kjalkjw.exe|Heur.ML.PE.B
    
39. 2022-01-07 22:58:02|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)gwejglkaj3kjalkjw.exe|Heur.ML.PE.B
    
40. 2022-01-07 22:58:02|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\5a6642f8f39567bfe0ce22c317f536d79deed32f63c6b7fa39eab7f60e7a8fb0.exe|WIBD:HEUR.PEObfuscator.C
    
41. 2022-01-07 22:58:03|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\d371f62ae8c1c2eb6d69c932db494cc48975b89082e9b22cb15ab79021f3b0c0.exe|WIBD:HEUR.Trojan.KD
    
42. 2022-01-07 22:58:07|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6d7c3090846a9b2c49370bc771aba3bce06900206e4cebf868de1da018d03656.exe|WIBD:HEUR.PEObfuscator.C
    
43. 2022-01-07 22:58:11|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\4baac3b8ad518a9997d8c0f869b119c7a537349a1a8e1fc75ad1c765cb8d15cb.exe|WIBD:HEUR.PEObfuscator.C
    
44. 2022-01-07 22:58:14|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\PRODUCTS INQUIRIES.exe|WIBD:HEUR.MalPersistence.M0
    
45. 2022-01-07 22:58:17|C:\Users\Dolphiner\AppData\Local\Temp\tmp1821.tmp|WIBD:HEUR.MalPersistence.M0
    
46. 2022-01-07 22:58:22|C:\Users\Dolphiner\AppData\Roaming\DTeQwDsPYAV.exe|威胁回滚(隔离)
    
47. 2022-01-07 22:58:29|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\b1090fca7443fd9d5fae0f8490badf5676aeb2f79b0a08e6cb3b299d7c4fc4f2.exe|WIBD:HEUR.PEObfuscator.C
    
48. 2022-01-07 22:58:37|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6f605c15b2480a3a0e93a9f45dd658cdfc0cd03349c8da5380976d65f1c747c5.exe|WIBD:HEUR.Injector.H
    
49. 2022-01-07 22:58:41|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\acc1c22f2003ccec8114d0cf6f022836c8e00ab0e895a6a59f6a11cdec2db3b4.exe|WIBD:HEUR.MalPersistence.M0
    
50. 2022-01-07 22:58:44|C:\Users\Dolphiner\AppData\Local\Temp\tmp82F4.tmp|WIBD:HEUR.MalPersistence.M0
    
51. 2022-01-07 22:58:48|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6f02b05562b44a280abe0c931812caa9b2e9d68ba89d4826c0973f9cea6e84b8.exe|WIBD:HEUR.MalPowerShell.B0
    
52. 2022-01-07 22:58:49|C:\Users\Dolphiner\AppData\Roaming\vDaZiF.exe|威胁回滚(隔离)
    
53. 2022-01-07 22:59:00|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe->C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe|事件: 启动程序  操作: 允许
    
54. 2022-01-07 22:59:18|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe->C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe|事件: 启动程序  操作: 允许
    
55. 2022-01-07 22:59:23|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\16cd4a163cda21b2501d650ab0c0a4fce57f2d7845bdd42268a27d6bfbab282d.exe|WIBD:HEUR.PEObfuscator.C
    
56. 2022-01-07 22:59:23|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6d9cffad54a9be6a0bf146b1a4cb1257d432c133a8dd5d8379f7b791833a695b.exe|WIBD:HEUR.PEObfuscator.C
    
57. 2022-01-07 22:59:29|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\8592d578f269100d67bf1faa464e23de7bf0c1266bad19d2bf6bcce0501158a3.exe|WIBD:HEUR.MalPowerShell.B0
    
58. 2022-01-07 22:59:33|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\85648195f2224ec1ad0531e85ae3128ef57d59b408edbfb5a3c817812960429a.exe|WIBD:HEUR.MalPersistence.M0
    
59. 2022-01-07 22:59:36|C:\Users\Dolphiner\AppData\Local\Temp\tmp4F28.tmp|WIBD:HEUR.MalPersistence.M0
    
60. 2022-01-07 22:59:41|C:\Users\Dolphiner\AppData\Roaming\AIIklJG.exe|威胁回滚(隔离)
    
61. 2022-01-07 22:59:49|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe->C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe|事件: 启动程序  操作: 允许
    
62. 2022-01-07 22:59:55|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\53173bd6c646d3f4a8404d0f508caa27fb4ab7a3c2df3e4fe3912bfaa94093c3.exe|WIBD:HEUR.MalPersistence.M0
    
63. 2022-01-07 22:59:58|C:\Users\Dolphiner\AppData\Local\Temp\tmpA218.tmp|WIBD:HEUR.MalPersistence.M0
    
64. 2022-01-07 23:00:03|C:\Users\Dolphiner\AppData\Roaming\lwiDJbaJaBVdq.exe|威胁回滚(隔离)
    
65. 2022-01-07 23:00:08|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe->C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe|事件: 启动程序  操作: 允许
    
66. 2022-01-07 23:00:14|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\006836c6ebc6735312cfd54835457bda86ef1b77fb30d48261e004dc8cd7c382.exe|MEMRAY:MalCode.B01
    
67. 2022-01-07 23:00:33|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\43be4008732481434fc9a4f2bf3ceab8a9c467b0ea0acde7d701a82b3083396b.exe|WIBD:HEUR.MalPowerShell.B0
    
68. 2022-01-07 23:00:39|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\24ae0691d84b4cf88375147998be588fb378bf50c03487ae65e2c25139baea81.exe|WIBD:HEUR.MalPowerShell.B0
    
69. 2022-01-07 23:00:46|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\64246a8aca42d61e9ee61a831c588a57bd2e3ced31dbc3e189683c1f4bddc1a5.exe|WIBD:HEUR.Trojan.KD00
    
70. 2022-01-07 23:01:11|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\677ea3bde24fd6ccb8945d584eab801c52309dd46f98b2ea6f433e173379c91a.exe|WIBD:HEUR.MalPersistence.M0
    
71. 2022-01-07 23:01:14|C:\Users\Dolphiner\AppData\Local\Temp\tmpCBC6.tmp|WIBD:HEUR.MalPersistence.M0
    
72. 2022-01-07 23:01:18|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\937f8a1fdba02c0f423af925d4820b23cdfa18dc82e46f76bd8ff9c121ef5022.exe|WIBD:HEUR.MalPersistence.M0
    
73. 2022-01-07 23:01:21|C:\Users\Dolphiner\AppData\Local\Temp\tmpD420.tmp|WIBD:HEUR.MalPersistence.M0
    
74. 2022-01-07 23:01:24|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\6821b08cb8ebc1e38504de290856429fed68be2fcaa455e6dde2e6f9926787c1.exe|WIBD:HEUR.PEObfuscator.C
    
75. 2022-01-07 23:01:28|C:\Users\Dolphiner\AppData\Roaming\ExJzQxPdaUBiEk.exe|威胁回滚(隔离)
    
76. 2022-01-07 23:01:29|C:\Users\Dolphiner\AppData\Roaming\ceJnQOvB.exe|威胁回滚(隔离)
    
77. 2022-01-07 23:02:55|C:\Users\Dolphiner\Desktop\100x0107\新建文件夹 (2)\39c6a2772606c2c89e4fe626ac94d9b6435420e752a987803947bce3248697e0.exe|WIBD:HEUR.PEObfuscator.C
    

复制代码

@智量官方 剩下的那个doc主防没杀？似乎也是漏洞利用ednedt32.exe干坏事儿的
另外，拦截恶意网址的弹窗为啥只在第一次双击时出现，之后双击就没有显示呢
是为了解决同一个恶意网址多次弹窗的问题吗···但是这样又导致了上面这个问题的出现。。。

企稳向好

有趣，FS的DG和APC联动了，这样APC就参与FS的全程防护了（监控、扫描、执行）





希望FS自己的云再加强点（fsmind），白皮书吹自己的云，把Avira一笔带过，实际表现存在感却完全反过来，这是不是也不太好