楼主: 川建国代理人
收起左侧

[病毒样本] 31X

  [复制链接]
救命稻草
发表于 2022-1-16 10:37:56 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
正在缓冲
头像被屏蔽
发表于 2022-1-16 10:38:25 | 显示全部楼层
a233 发表于 2022-1-16 10:37
没有被修复,因为修改日期没有变当前时间

据说有的杀软修复是不修改日期的
anthonyqian
发表于 2022-1-16 10:47:48 | 显示全部楼层
诺顿扫描剩余8个,NPE再杀7个。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
a233
发表于 2022-1-16 10:50:49 | 显示全部楼层
正在缓冲 发表于 2022-1-16 10:38
据说有的杀软修复是不修改日期的

Avast修复是会变修改日期的

评分

参与人数 1人气 +1 收起 理由
正在缓冲 + 1 感谢解答: )

查看全部评分

东南大学
发表于 2022-1-16 11:09:00 | 显示全部楼层
本帖最后由 东南大学 于 2022-1-16 16:09 编辑

大蜘蛛扫描Kill 16x,Miss 15x(其中13x小红伞可杀)
  1. "c:\Downloads\20220116\31x\11 (1).doc" - deleted
  2. "c:\Downloads\20220116\31x\11 (1).doc/word/embeddings/oleObject1.bin" - infected container
  3. "c:\Downloads\20220116\31x\11 (1).doc/word/embeddings/oleObject1.bin/stream000" - infected container
  4. "c:\Downloads\20220116\31x\11 (1).doc/word/embeddings/oleObject1.bin/stream000/data001" - infected
  5. "c:\Downloads\20220116\31x\11 (1).doc/word/embeddings/oleObject1.bin/stream000/data001" infected with Trojan.PackedNET.1156
  6. "c:\Downloads\20220116\31x\11 (1).exe" infected with Trojan.Siggen16.33979 - deleted
  7. "c:\Downloads\20220116\31x\11 (1).iso" infected with Linux.Mirai.53 - deleted
  8. "c:\Downloads\20220116\31x\11 (1).js" infected with Trojan.DownLoader44.33124 - deleted
  9. "c:\Downloads\20220116\31x\11 (2).exe" infected with Trojan.PWS.Steam.24797 - deleted
  10. "c:\Downloads\20220116\31x\11 (2).iso" infected with Linux.Mirai.631 - deleted
  11. "c:\Downloads\20220116\31x\11 (3).iso" infected with Linux.Mirai.58 - deleted
  12. "c:\Downloads\20220116\31x\11 (4).exe" infected with Trojan.Siggen16.33964 - deleted
  13. "c:\Downloads\20220116\31x\11 (4).iso" infected with Linux.Mirai.20 - deleted
  14. "c:\Downloads\20220116\31x\11 (5).doc" - deleted
  15. "c:\Downloads\20220116\31x\11 (5).doc/OLEstream-0" - infected
  16. "c:\Downloads\20220116\31x\11 (5).doc/OLEstream-0" infected with Exploit.CVE-2017-11882.123
  17. "c:\Downloads\20220116\31x\11 (5).exe" infected with Trojan.PWS.Siggen3.10374 - deleted
  18. "c:\Downloads\20220116\31x\11 (7).exe" infected with Trojan.DownLoader44.33532 - deleted
  19. "c:\Downloads\20220116\31x\11 (8).exe" infected with Trojan.Siggen16.31248 - deleted
  20. "c:\Downloads\20220116\31x\11 (10).exe" infected with Trojan.Siggen16.33976 - deleted
  21. "c:\Downloads\20220116\31x\11 (14).exe" - deleted, password protected
  22. "c:\Downloads\20220116\31x\11 (14).exe/data002" - infected archive, password protected
  23. "c:\Downloads\20220116\31x\11 (14).exe/data002/payload.data" - archive, password protected
  24. "c:\Downloads\20220116\31x\11 (14).exe/data002/payload.data/file_5.zip" - password protected
  25. "c:\Downloads\20220116\31x\11 (14).exe/data002/svchost.cmd" - infected
  26. "c:\Downloads\20220116\31x\11 (14).exe/data002/svchost.cmd" infected with Trojan.Starter.8002
  27. "c:\Downloads\20220116\31x\11 (16).exe" infected with Trojan.PWS.Stealer.31836 - deleted
复制代码
  1. 11 (1).msi.aviradetected
  2. 11 (2).doc.aviradetected
  3. 11 (2).msi.aviradetected
  4. 11 (3).doc.aviradetected
  5. 11 (3).exe.aviradetected
  6. 11 (3).msi.aviradetected
  7. 11 (4).msi.aviradetected
  8. 11 (6).exe.aviradetected
  9. 11 (11).exe.aviradetected
  10. 11 (12).exe.aviradetected
  11. 11 (13).exe.aviradetected
  12. 11 (15).exe.aviradetected
  13. 11 (17).exe.aviradetected
复制代码
  1. 11 (4).doc
  2. 11 (9).exe
复制代码
川建国代理人
 楼主| 发表于 2022-1-16 11:29:47 | 显示全部楼层
aiqinghe 发表于 2022-1-16 10:25
智量扫描miss4个iso
双击都显示出错无法加载

那几个iso似乎是elf文件,要在Linux里运行
心醉咖啡
发表于 2022-1-16 11:36:40 | 显示全部楼层
360

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
ANY.LNK
发表于 2022-1-16 12:09:21 | 显示全部楼层
MS Defender:目前解压+扫描kill 23x

  1. 杀软名称:Win11 MD
  2. 文件总个数:31
  3. 删除:23
  4. 清除:0
  5. 未检测到:8
  6. 共检测出:23
  7. 查杀率:74.19%

  8. 详细信息:

  9. 11 (1).exe  -  已删除。
  10. 11 (1).js  -  已删除。
  11. 11 (10).exe  -  已删除。
  12. 11 (11).exe  -  已删除。
  13. 11 (12).exe  -  已删除。
  14. 11 (13).exe  -  已删除。
  15. 11 (14).exe  -  已删除。
  16. 11 (15).exe  -  已删除。
  17. 11 (16).exe  -  已删除。
  18. 11 (17).exe  -  已删除。
  19. 11 (2).doc  -  已删除。
  20. 11 (2).exe  -  已删除。
  21. 11 (2).msi  -  已删除。
  22. 11 (3).doc  -  已删除。
  23. 11 (3).exe  -  已删除。
  24. 11 (4).doc  -  已删除。
  25. 11 (4).exe  -  已删除。
  26. 11 (5).doc  -  已删除。
  27. 11 (5).exe  -  已删除。
  28. 11 (6).exe  -  已删除。
  29. 11 (7).exe  -  已删除。
  30. 11 (8).exe  -  已删除。
  31. 11 (9).exe  -  已删除。


  32. 11 (1).doc  -  未能检测到。
  33. 11 (1).iso  -  未能检测到。
  34. 11 (1).msi  -  未能检测到。
  35. 11 (2).iso  -  未能检测到。
  36. 11 (3).iso  -  未能检测到。
  37. 11 (3).msi  -  未能检测到。
  38. 11 (4).iso  -  未能检测到。
  39. 11 (4).msi  -  未能检测到。


  40. 由Srr  1.7.10.2生成。
复制代码

以后可能会更新

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Nocria
发表于 2022-1-16 13:43:58 | 显示全部楼层
IKARUS - 26/31

  1. [16.01.2022 13:43:27] On-demand scan started: "user_defined"
  2. [16.01.2022 13:43:27] Found, 0.15s, SigName: "Trojan.Linux.Mirai", SigId: 3511795, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (1).iso"
  3. [16.01.2022 13:43:27] Found, 0.31s, SigName: "Trojan.JS.Crypt", SigId: 4286751, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (1).js"
  4. [16.01.2022 13:43:28] Found, 0.484s, SigName: "Trojan.Win32.FileCrypter", SigId: 3933927, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (1).exe"
  5. [16.01.2022 13:43:28] Found, 0.485s, SigName: "Trojan.Win32.FileCrypter", SigId: 3933927, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (10).exe"
  6. [16.01.2022 13:43:28] Found, 0.594s, SigName: "Trojan-Downloader.Win32.Banload", SigId: 4190019, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (1).msi"
  7. [16.01.2022 13:43:28] Found, 0.891s, SigName: "Trojan.Win32.FileCrypter", SigId: 3933927, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (11).exe"
  8. [16.01.2022 13:43:28] Found, 0.578s, SigName: "Trojan.Win32.FileCrypter", SigId: 3933927, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (12).exe"
  9. [16.01.2022 13:43:29] Found, 0.750s, SigName: "Trojan.Win32.FileCrypter", SigId: 3933927, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (15).exe"
  10. [16.01.2022 13:43:29] Found, 1.203s, SigName: "Trojan.Win32.FileCrypter", SigId: 3933927, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (13).exe"
  11. [16.01.2022 13:43:29] Found, 0.78s, SigName: "Trojan-Downloader.O97M.Donoff", SigId: 352270495, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (2).doc"
  12. [16.01.2022 13:43:29] Found, 0.47s, SigName: "Trojan.Win32.Crypt", SigId: 352269032, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (2).exe"
  13. [16.01.2022 13:43:29] Found, 0.00s, SigName: "Trojan.Linux.Mirai", SigId: 3840606, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (2).iso"
  14. [16.01.2022 13:43:29] Found, 1.110s, SigName: "Trojan.Win32", SigId: 4327574, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (16).exe"
  15. [16.01.2022 13:43:29] Found, 1.125s, SigName: "Trojan.Win32.FileCrypter", SigId: 3933927, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (17).exe"
  16. [16.01.2022 13:43:29] Found, 0.453s, SigName: "Trojan-Downloader.O97M.Donoff", SigId: 352270494, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (3).doc"
  17. [16.01.2022 13:43:29] Found, 0.47s, SigName: "Trojan.Linux.Mirai", SigId: 3477205, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (3).iso"
  18. [16.01.2022 13:43:29] Found, 0.62s, SigName: "Trojan-Spy.MSIL.Agent", SigId: 3954635, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (3).exe"
  19. [16.01.2022 13:43:29] Found, 0.15s, SigName: "Trojan.Office.Doc", SigId: 4251666, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (4).doc"
  20. [16.01.2022 13:43:30] Found, 0.656s, SigName: "Trojan.Win32.Contuedo", SigId: 2459616, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (2).msi"
  21. [16.01.2022 13:43:30] Found, 0.172s, SigName: "Trojan.Linux.Mirai", SigId: 3451006, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (4).iso"
  22. [16.01.2022 13:43:30] Found, 0.672s, SigName: "Trojan-Downloader.Win32.Banload", SigId: 4190019, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (3).msi"
  23. [16.01.2022 13:43:30] Found, 0.469s, SigName: "Exploit.CVE-2017-11882", SigId: 3386025, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (5).doc"
  24. [16.01.2022 13:43:30] Found, 0.563s, SigName: "Trojan-Downloader.Win32.Banload", SigId: 4190019, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (4).msi"
  25. [16.01.2022 13:43:31] Found, 1.110s, SigName: "Trojan.Win32.Obsidium", SigId: 4290630, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (4).exe"
  26. [16.01.2022 13:43:31] Found, 0.297s, SigName: "Trojan.MSIL.Crypt", SigId: 352577011, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (8).exe"
  27. [16.01.2022 13:43:31] Found, 0.531s, SigName: "Trojan.Win64.Enigma", SigId: 4251533, Type: "VIRUS", File: "C:\Users\promi\Desktop\test (1)\test\11 (7).exe"
  28. [16.01.2022 13:43:31] On-demand scan FINISHED: "user_defined"
  29. [16.01.2022 13:43:31] ----------------------------------------------------
  30. [16.01.2022 13:43:31] Directories scanned: 2
  31. [16.01.2022 13:43:31] Files scanned: 31
  32. [16.01.2022 13:43:31] Virus found: 26
  33. [16.01.2022 13:43:31] ----------------------------------------------------
复制代码
aboringman
发表于 2022-1-16 15:12:14 | 显示全部楼层
本帖最后由 aboringman 于 2022-1-16 15:15 编辑
anthonyqian 发表于 2022-1-16 10:47
诺顿扫描剩余8个,NPE再杀7个。

人麻了,实机不报,拖进虚拟机又阻止,这云是真抽风。。。。。。(但是又不杀掉,还能正常打开)



@ericdj

双击剩下的脚本和文档(除了那些iso之外),脚本触发监控和SONAR,其他三个文档都不正常。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +3 收起 理由
ericdj + 3 感谢提供分享

查看全部评分

您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 18:44 , Processed in 0.102693 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表