0129新样本100x测试

显示全部楼层 · 发表于 2022-1-29 16:49:48

aiqinghe 发表于 2022-1-29 16:47
这。。。。认真的？腾管国际这么弱了吗

不知道为什么，我的腾管病毒库是最新的，而且腾管挂载了BD引擎

显示全部楼层 · 发表于 2022-1-29 16:50:03

迈克菲：

McAfee Labs - Beaverton
Current Scan Engine Version:6100.8979
Current DAT Version:10241.0000
Thank you for your submission.

Analysis ID: 11089821

File Name          Findings                      Detection                   Type       Extra
--------------------|------------------------------|----------------------------|------------|-----
00c1508c4aa5a05f1784|inconclusive                |                         |          |no
02d420f415d9b6f0a78d|inconclusive                |                         |          |no
062852ac31db2530dc6a|inconclusive                |                         |          |no
074e6674b9a1792bdf02|inconclusive                |                         |          |no
0892a03bad95665f31ee|inconclusive                |                         |          |no
0961253848c2324b1d37|inconclusive                |                         |          |no
0b668d0ac89d5da1526b|current detection          |pws-fcuf!4bb6c620715f    |Trojan    |no
0b919795439bfca71282|current detection          |packed-gee!12a52ecfadb4    |Trojan    |no
0c14228da4e8a8b11d0a|inconclusive                |                         |          |no
0db12c5640841c41de52|inconclusive                |                         |          |no
16baebd1adfc1bae6e35|inconclusive                |                         |          |no
16ea27ea74e262cd7927|inconclusive                |                         |          |no
18c2d978e426897c9109|inconclusive                |                         |          |no
1c602add0bd1296d58b6|current detection          |genericrxes-wd!3654577a5bbb |Trojan    |no
1f95063441e9d231e0e2|inconclusive                |                         |          |no
21087a9952d89aaad69f|current detection          |agenttesla-fdge!0d0b84ff5a24|Trojan    |no
24a80a4b6c6625d42c81|current detection          |agenttesla-fdcv!d20f7b0c9a0a|Trojan    |no
2518a50e9483da255cb0|inconclusive                |                         |          |no
268f5e4b066f55e8c8f9|detection escalated          |emotet-fsy!5ca4822d29b2    |Trojan    |no
2cfc1750ac535aebfe7f|current detection          |genericrxbn-lv!c51aa59d00c8 |Trojan    |no
2f3378a274de14150633|inconclusive                |                         |          |no
2f38c5807d6840f70db5|current detection          |backdoor-feod!42e4994342dd  |Trojan    |no
326e3995924b292caaf2|inconclusive                |                         |          |no
363e106f6ad1800b1192|inconclusive                |                         |          |no
3aa7c1756484419ea491|inconclusive                |                         |          |no
3d99629aa662a13fea19|inconclusive                |                         |          |no
41b58cddca86e32e7034|detection escalated          |exploit-cve2017-11882.yx |Trojan    |no
44f2a5350a712bfefe9c|inconclusive                |                         |          |no
4e8676bf3affb95f5a67|inconclusive                |                         |          |no
4f91e4f43561ff1fb717|inconclusive                |                         |          |no
53ca800262b15721bf84|detection escalated          |packed-gee!b6b48f39779a    |Trojan    |no
562c7815dd2bbe330531|current detection          |genericrxkr-ze!87100cb600d8 |Trojan    |no
58495c71874df2ad597c|inconclusive                |                         |          |no
5879d39a0bab80032ebc|inconclusive                |                         |          |no
58e1144f23db9178e2d8|inconclusive                |                         |          |no
601121c30531ce26c85a|inconclusive                |                         |          |no
637dd7cb5c579d38f6e1|inconclusive                |                         |          |no
67741e596f4d59713a23|detection escalated          |rdn/generic downloader.x |Trojan    |no
68e3294f4cf973ccbff4|inconclusive                |                         |          |no
69bae63d802887e2d994|inconclusive                |                         |          |no
6cceb976e0d0be07b251|detection escalated          |exploit-cve2017-11882.bu |Trojan    |no
6e5b76a27edc9ab83b71|detection escalated          |genericrxaa-aa!70576b065b76 |Trojan    |no
6f401d7546fc2bd85b65|detection escalated          |exploit-cve2017-11882.bu |Trojan    |no
6fc6d0526995ef4c7ab8|inconclusive                |                         |          |no
71f51f194201d9d3a86f|inconclusive                |                         |          |no
7649a43612652c0b3235|inconclusive                |                         |          |no
7babdd2c7d3752b7b487|inconclusive                |                         |          |no
7c8843dc287993015255|inconclusive                |                         |          |no
7f998f0b351d2086150d|current detection          |packed-gee!acc8f0bb0c17    |Trojan    |no
80640acf5225beaf70c8|inconclusive                |                         |          |no
80891c5a3008823875c7|inconclusive                |                         |          |no
808cd132e03833c31a84|detection escalated          |genericrxaa-fa!a97df03e684b |Trojan    |no
83ea16c53988fd7e522f|inconclusive                |                         |          |no
892504033a259f380c1e|inconclusive                |                         |          |no
8a1f3bf6fede5567536e|detection escalated          |agenttesla-fdgf!cb3872a682a6|Trojan    |no
8e24cc8ba2e09ecce201|inconclusive                |                         |          |no
90b83f9b54a431d5cd69|inconclusive                |                         |          |no
9b7096636d51d6644a50|inconclusive                |                         |          |no
9ba99ef6e07d224b950b|current detection          |agent-fpx!4eab9b3da4a3    |Trojan    |no
9d17ef60c2fe51c9ddd8|current detection          |genericrxow-gx!291f186dea7b |Trojan    |no
9fc1ca762f63a2905e2a|inconclusive                |                         |          |no
a13ee864c6a802001850|inconclusive                |                         |          |no
a2d288606d3dc7e6f0d6|inconclusive                |                         |          |no
a61597b6be41455ecc22|detection escalated          |agenttesla-fdfm!6117a1b44bed|Trojan    |no
a62bc659475f4e3f0ec1|inconclusive                |                         |          |no
a64d9d8b157c7f638aaf|detection escalated          |emotet-fsy!9768f0959b5c    |Trojan    |no
a7a9d11f1cfcd60a6548|current detection          |backdoor-ckb.gen.ck       |Trojan    |no
acb77cf0d80fc513aa1d|inconclusive                |                         |          |no
b54aee457447364797a7|current detection          |js/agent.ed                |Trojan    |no
b74765beafc62048d68a|current detection          |nsis/obfusinjector.h       |Trojan    |no
bc79a9662ee07c43bbec|inconclusive                |                         |          |no
c744fe5aa2ab646ac1a0|inconclusive                |                         |          |no
c7e3e8581a05333303a4|inconclusive                |                         |          |no
ca5bfc42daf3182e1989|inconclusive                |                         |          |no
ce947d559a8e2a9e23b7|inconclusive                |                         |          |no
d30325befb2f43f1e9dd|inconclusive                |                         |          |no
d31f7a4a68a38581a88a|inconclusive                |                         |          |no
d393bc3918eb1f83e3e3|inconclusive                |                         |          |no
d47bd2ff5d90d64d1848|inconclusive                |                         |          |no
d54edb4986821e6032b6|inconclusive                |                         |          |no
d626d2dd320f5f66816b|current detection          |agenttesla-fdcv!cee9ec3f7478|Trojan    |no
d72ff8708ffeb9a95f55|inconclusive                |                         |          |no
dc224bc7816a6cc723d2|inconclusive                |                         |          |no
e08ea21bb1cca3123c6c|inconclusive                |                         |          |no
e17667b8c4d4bed90c02|inconclusive                |                         |          |no
e1a536b8240ce1bbc44c|inconclusive                |                         |          |no
e61a47624bb059436072|inconclusive                |                         |          |no
e72933335f52ad7d35ce|inconclusive                |                         |          |no
e9830182ff1836ba0718|inconclusive                |                         |          |no
eab58be07fca76485cc8|inconclusive                |                         |          |no
eb406a29c93e891ac7f1|inconclusive                |                         |          |no
ebd5734b8f564757409c|inconclusive                |                         |          |no
ec05558f0ce0cba4365d|inconclusive                |                         |          |no
f36a543cfcddf76b99df|current detection          |nsis/obfusinjector.h       |Trojan    |no
f7a17e64f94e0d3c223e|inconclusive                |                         |          |no
f838f941564e4ef74d60|inconclusive                |                         |          |no
fa51b3b1d130a540d92f|inconclusive                |                         |          |no
fc97ba23d9fa7b6a40d0|current detection          |genericrxfe-cy!185dbf67d9a5 |Trojan    |no

detection escalated [268f5e4b066f55e8c8f920b68ac1092fef1bac7e80822991043acc7f2d5fd2de.dll
41b58cddca86e32e7034daf8e97dcdaa04ac6cdcb41eae86be1c3fa7fd05c871.xlsx
53ca800262b15721bf8451e7999c935e65d4eb058126e3c1d4eb9942c9c60858.exe
67741e596f4d59713a232bfb45d6cb0b2592f67b867773f72c2bb0fa2f749685.exe
6cceb976e0d0be07b25183e8f862680e5cb39d39142ab1f94c6ec29cf44ffd4f.xlsx
6e5b76a27edc9ab83b7158d8395bc2f8c14b3bf420907b5645feddb17672c03e.dll
6f401d7546fc2bd85b659a1d30a89bf21451e327e2712ab86f1a3dec421b7e64.xlsx
808cd132e03833c31a8487f3bed33b4b1190c05619b56cda6ff21b4f796a83db.dll
8a1f3bf6fede5567536ef4d0b5d96451cfb1bea8b6c643752cf8475747410063.exe
a61597b6be41455ecc22339454e7329b2ae05a73c5b79babe7de02c44cadeabf.exe
a64d9d8b157c7f638aaf8d4955d751339a902fcb4a2502daf382c023e2ea2524.dll]

The file submitted may be malware. This file is being sent for further processing and
the DAT files will potentially be updated if detection of this sample is warranted.

inconclusive [00c1508c4aa5a05f1784539c4e6ce0b52a0967d380eefd85a5b7ed6dd8b71ba6.dll
02d420f415d9b6f0a78d91d174ae890dcd1d07aaed96631caf6425d482f2839b.exe
062852ac31db2530dc6a1cb617d90f8fe313f8bda5e407d5e38a03a6e4897b6f.dll
074e6674b9a1792bdf0231ce092a5eee912a011fa2b146fbd3e3a2f42ba58c13.dll
0892a03bad95665f31ee47c90cc5d71b89ab102ffb192ecad52c22fd4e3fb83e.dll
0961253848c2324b1d374aab1e29315c60c28ed1dd42cbc4ca819aae5c8a7fac.xlsx
0c14228da4e8a8b11d0a818d1d616647ccb54760be58e626ee82773b17878865.dll
0db12c5640841c41de52f0e307ee4420c6a76f021ea5f48f4cf6677e0c39dc31.dll
16baebd1adfc1bae6e35773b383875ac831a011fefed63a0506b875596274b8c.exe
16ea27ea74e262cd792709a6e19ff6bc0781f609023d508e262df14686ef69d7.xlsx
18c2d978e426897c9109aa5bf6aac52bec2b834edea77978c6342d2109e41cab.xlsx
1f95063441e9d231e0e2b15365a8722c5136c2a6fe2716f3653c260093026354.msi
2518a50e9483da255cb061cb5eb966f41f39daf912341e7cf4442da4b362da8c.exe
2f3378a274de141506335d57ed39a2ad9ef7f585c9a38d3bb3dca30b2da05c7e.dll
326e3995924b292caaf2c8db8ed234c959c32867c0279263ba86c3a34a1a9454.vbs
363e106f6ad1800b11928f8b254828c08a5c74b98939578803106e19b3f2db56.exe
3aa7c1756484419ea491d279ee27158c784eddbb6257211a4b52cb5cb95d45b8.exe
3d99629aa662a13fea1981e06dffdb31557c08b96dbad360622705c07a614c8c.dll
44f2a5350a712bfefe9c3dc2827697208ed9c144407bce66eb2ee1626e82003d.dll
4e8676bf3affb95f5a67ce79c3f38cfc45587eb91e324d0797f7a4c282979880.xlsx
4f91e4f43561ff1fb717505dda23724c0184f5dea64bf0aadd0bbb88de71a4db.exe
58495c71874df2ad597c4bcf9d06dcc4ecbbc9f27b2a7b55cdd813c439f83a31.exe
5879d39a0bab80032ebc751728e034cf7ec7fb30749090b5df8c37100034ef95.exe
58e1144f23db9178e2d8fc84a5494950b6da143d71705e112a65c687471156d5.xlsx
601121c30531ce26c85a232f1e76df6a0eec591296ff711d45912db421d67a10.xls
637dd7cb5c579d38f6e17ed3befe1b5852a2e49d2a1cc1428ba2d290bbf60c94.xlsx
68e3294f4cf973ccbff43440a3fe6c631a246a648756a994c7aeca6d223fb668.dll
69bae63d802887e2d994022011465c7f0bc42b1f0adefcee8dcbbfe243118b15.exe
6fc6d0526995ef4c7ab87e092759ef93e84495a8c71b9ec36b924bcf7c2fa75c.exe
71f51f194201d9d3a86fa99255909017632302bd7007b50b400490a5cd4a4043.vbs
7649a43612652c0b32353e7ae9898150f885a770db0d024d0d034c4171d5d684.xls
7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0.exe
7c8843dc287993015255cfdfe0cb688629119f71c695c37387064a7d0968cbaf.exe
80640acf5225beaf70c891a63dfeab8b6c4c1cc16e3ea8ebbc4938a6712f3114.xls
80891c5a3008823875c7401d8df90c02989e65832b0b2681eea2c1448ddd31ce.exe
83ea16c53988fd7e522fa373ee71089ac84cdfbd8cdea6c5a54afc61a5fc0389.exe
892504033a259f380c1e2a35db15b95bffcff4f96c36a84731afde6c5b35371a.exe
8e24cc8ba2e09ecce201cc8cb0d23331f19b197d6cd707ff1ae306a398f718e9.xlsx
90b83f9b54a431d5cd69ad1408ef2b46f5072cb1a7c1a8e69d9ae524d68abe97.exe
9b7096636d51d6644a508c265c0564052663b16f7e4992d8e35f8167f0e3d978.dll
9fc1ca762f63a2905e2a6b132401335fdc588316b00119a5dfd4d0c1d61a16df.dll
a13ee864c6a802001850dd93f933b4d1fac54b6a8028917c783d95ae901642c9.dll
a2d288606d3dc7e6f0d6bf972637254f12d8e4921ef39d0e921f89dfdc8adfe7.dll
a62bc659475f4e3f0ec13841df523cbf813f4b2c2116c3501ebd10e7adede04a.xls
acb77cf0d80fc513aa1d6bbb098615fe73bac7ab4791d9d52958923f19bd517d.exe
bc79a9662ee07c43bbec9321f04e2f186d22b2d7c10c790b828b51de0df1604a.exe
c744fe5aa2ab646ac1a0583348316b13bf7ad12435edeb658aa5e0f09e494b89.exe
c7e3e8581a05333303a4e4fd78a42fdc4724457bdb0b2961c00b257a6a63f68c.js
ca5bfc42daf3182e19891fca776764678e338143367bc203cdf598e72eb32293.exe
ce947d559a8e2a9e23b7a10e625906241ab0dad626562d8c8378ec5aa019fb3c.dll
d30325befb2f43f1e9dd1107efea16b599a62204315516fcfcaef6761c3d71c8.xlsx
d31f7a4a68a38581a88a343cbc9be8480acdba021c3bca39f6d45c4cac352be1.exe
d393bc3918eb1f83e3e3b481ada09a63931b366137e5a7c5542f32ac4ddad4bb.dll
d47bd2ff5d90d64d18485203e59a952e485a39f98e3d54258a578b13d9136ae7.exe
d54edb4986821e6032b6d63787036b23d7e04b95a95a5d4487b7cd306958ffc4.exe
d72ff8708ffeb9a95f559828938dc1439884e7c224579127418e285b1aa1d235.exe
dc224bc7816a6cc723d2748796568a9b6cd48634e50340bca46a544be719960b.xls
e08ea21bb1cca3123c6c095b67c504f733ac252ea58034471eee06f4c8a76c1a.xlsx
e17667b8c4d4bed90c02026d543308a93691b52fef1ae66633987df3d83e7424.xlsx
e1a536b8240ce1bbc44c2ab1777c8c611cd6b2a1dfd49eddf475aadacc33e9ca.dll
e61a47624bb05943607226214bb45d5209d551dc5e28581d71c60ab4b2ea44ca.xlsx
e72933335f52ad7d35ce5042a6bf42f1e97e5365407a314fd54346fb92331411.dll
e9830182ff1836ba071864616c85546fd9611854a674e0dbf5001c5e358a84bc.dll
eab58be07fca76485cc82eccb8f5dfff166c518db37f950c42c4682f6b6e86be.xlsx
eb406a29c93e891ac7f18e70b9c4b09118615eea4d4fc849d353e5caab031c66.exe
ebd5734b8f564757409c396dd7a9a7678c762f67d62342ac344f44eae361d644.dll
ec05558f0ce0cba4365d379c300561112878e5e71bdb0bb8cae1335594187686.exe
f7a17e64f94e0d3c223e9d4509c9fc81754706e413aa29b72c27aac723e0c57a.dll
f838f941564e4ef74d60ec08d8149e96f9776f6e7f675a64517ed6b062605ab0.dll
fa51b3b1d130a540d92f8864a6daeb74b25a3b34306dd2d0d61e4a24c4ad5744.exe]

Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted.

current detection [0b668d0ac89d5da1526be831f7b8c3f2af54c5dbc68c0c9ce886183ec518c051.exe
0b919795439bfca71282fc1c6991ed0df9fbcf742a5472762d7607ff4e6c929a.exe
1c602add0bd1296d58b6d64283cfd033163bbc5e210603a2dd8a8b1b725aa8ba.exe
21087a9952d89aaad69f40e4b206105fae75d1d3b2fabffbb4bd4f5297d84cc5.exe
24a80a4b6c6625d42c81248be8783903cd10d4704763dc725955900fab72dfab.exe
2cfc1750ac535aebfe7fcd10fe714091c37f89021c4898e617f5e08b6e5ff02d.exe
2f38c5807d6840f70db50dc14a8610c2370a1ecff1760e4aa19a9e2f265713c6.exe
562c7815dd2bbe330531f3ba64f189b11669214fc94263cdf961ce5dc833d105.exe
7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f.exe
9ba99ef6e07d224b950b451c6e414e9c12ef7429d8e59d5cd841ffbc3c5369ec.exe
9d17ef60c2fe51c9ddd8c03a519059d3eddfd2ac8803ac5d7d91a71075810887.exe
a7a9d11f1cfcd60a6548d3f5033f0d621a0c383e4d02af3e2782af0eab8085e7.dll
b54aee457447364797a7f8d2231847d91d13af1da13bd5c8df57d97d90902b67.js
b74765beafc62048d68a5c2ee9bd76c96fc4c007e165f4aa6ec30db7b826f8b3.exe
d626d2dd320f5f66816bf3c97a8dd37f1be24b722fa32601c45e3be87791ed97.exe
f36a543cfcddf76b99df925bf70b22d560792d1059387e00bfe782bffd6e8a2b.exe
fc97ba23d9fa7b6a40d087fe9f41ab16f3f561f527d8c05fbfaea85b5ee1095c.exe]

The file submitted is malware that can be detected with current DAT files. It is
recommended that you update your DAT and engine files and scan your computer again.

Note –

Due to the prevalence of network gateway AV products, it is important that all
submissions be zipped and the zip file password-protected (password - infected). Some
products will reject an email that contains a virus that is not sent in this way. In
addition, often we receive a file that appears not to have been infected, to find
later that the file was infected when it left the sender, and was cleaned somewhere
along the line.

Regards,

McAfee Labs

显示全部楼层 · 发表于 2022-1-29 16:54:04

aiqinghe 发表于 2022-1-29 16:47
这。。。。认真的？腾管国际这么弱了吗

按照Emsisoft的BD引擎检出率，腾管的BD库如果再更新的慢点还真差不多，我扫描的时候用的还是一个小时之前的病毒库

显示全部楼层 · 发表于 2022-1-29 16:54:48

aiqinghe 发表于 2022-1-29 16:47
这。。。。认真的？腾管国际这么弱了吗

可以统计一下360卫士下载防护这种特殊情况

，输入解压密码后整包隔离了，一个不剩

显示全部楼层 · 发表于 2022-1-29 16:56:07

00006666 发表于 2022-1-29 16:54
可以统计一下360卫士下载防护这种特殊情况，输入解压密码后整包隔离了，一个不剩

这不科学

这玩意咋比诺顿的下载云信誉防护还猛

显示全部楼层 · 发表于 2022-1-29 16:56:46

aiqinghe 发表于 2022-1-29 16:56
这不科学这玩意咋比诺顿的下载云信誉防护还猛

应该是压缩包里面恶意文件占比太高了，所以就整包隔离了

显示全部楼层 · 发表于 2022-1-29 17:00:19

761773275 发表于 2022-1-29 16:38
感觉护士检出率追上来了之前都不如Norton

从av-c和av-t看，sophos检测率应该不低

就是在样本区挫了点

显示全部楼层 · 发表于 2022-1-29 17:02:06

wwwab 发表于 2022-1-29 16:50
迈克菲：

统计后：

迈克菲一扫检测率28%，28/100

扫描由迈克菲上报系统自动进行

显示全部楼层 · 发表于 2022-1-29 17:03:53

大蜘蛛扫描检出60x，扫描速度真是慢。。。

"c:\Downloads\20220129\100x\0b668d0ac89d5da1526be831f7b8c3f2af54c5dbc68c0c9ce886183ec518c051.exe.aviradetected" infected with Trojan.PWS.Stealer.31544 - deleted
"c:\Downloads\20220129\100x\2cfc1750ac535aebfe7fcd10fe714091c37f89021c4898e617f5e08b6e5ff02d.exe.aviradetected" infected with Trojan.DownLoader23.52613 - deleted
"c:\Downloads\20220129\100x\02d420f415d9b6f0a78d91d174ae890dcd1d07aaed96631caf6425d482f2839b.exe.aviradetected" infected with Trojan.DownLoader44.35569 - deleted
"c:\Downloads\20220129\100x\2f38c5807d6840f70db50dc14a8610c2370a1ecff1760e4aa19a9e2f265713c6.exe.aviradetected" infected with BackDoor.SpyBotNET.25 - deleted
"c:\Downloads\20220129\100x\3aa7c1756484419ea491d279ee27158c784eddbb6257211a4b52cb5cb95d45b8.exe.aviradetected" infected with Trojan.Inject4.24979 - deleted
"c:\Downloads\20220129\100x\4f91e4f43561ff1fb717505dda23724c0184f5dea64bf0aadd0bbb88de71a4db.exe.aviradetected" infected with Trojan.MulDrop19.27103 - deleted
"c:\Downloads\20220129\100x\6cceb976e0d0be07b25183e8f862680e5cb39d39142ab1f94c6ec29cf44ffd4f.xlsx.aviradetected" infected with Exploit.Siggen3.26601 - deleted
"c:\Downloads\20220129\100x\6e5b76a27edc9ab83b7158d8395bc2f8c14b3bf420907b5645feddb17672c03e.dll.aviradetected" infected with Trojan.Emotet.1143 - deleted
"c:\Downloads\20220129\100x\6f401d7546fc2bd85b659a1d30a89bf21451e327e2712ab86f1a3dec421b7e64.xlsx.aviradetected" infected with Exploit.Siggen3.26584 - deleted
"c:\Downloads\20220129\100x\6fc6d0526995ef4c7ab87e092759ef93e84495a8c71b9ec36b924bcf7c2fa75c.exe" infected with Trojan.Siggen16.38406 - deleted
"c:\Downloads\20220129\100x\7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0.exe.aviradetected" - deleted
"c:\Downloads\20220129\100x\7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0.exe.aviradetected/script.bin" - infected
"c:\Downloads\20220129\100x\7babdd2c7d3752b7b48729110f0ab94de7cf74c478b7e1ea7a71a468748e70c0.exe.aviradetected/script.bin" infected with Trojan.Siggen16.37964
"c:\Downloads\20220129\100x\7c8843dc287993015255cfdfe0cb688629119f71c695c37387064a7d0968cbaf.exe.aviradetected" infected with Trojan.DownLoader44.35570 - deleted
"c:\Downloads\20220129\100x\7f998f0b351d2086150d75ae51ca411e6343f5859e55caecf6873d0e637add7f.exe" infected with Trojan.PWS.Stealer.26952 - deleted
"c:\Downloads\20220129\100x\8a1f3bf6fede5567536ef4d0b5d96451cfb1bea8b6c643752cf8475747410063.exe.aviradetected" infected with Trojan.Siggen16.30975 - deleted
"c:\Downloads\20220129\100x\8e24cc8ba2e09ecce201cc8cb0d23331f19b197d6cd707ff1ae306a398f718e9.xlsx.aviradetected" infected with Exploit.Siggen3.26600 - deleted
"c:\Downloads\20220129\100x\9ba99ef6e07d224b950b451c6e414e9c12ef7429d8e59d5cd841ffbc3c5369ec.exe.aviradetected" infected with Trojan.InjectNET.14 - deleted
"c:\Downloads\20220129\100x\9d17ef60c2fe51c9ddd8c03a519059d3eddfd2ac8803ac5d7d91a71075810887.exe.aviradetected" infected with BackDoor.AsyncRATNET.2 - deleted
"c:\Downloads\20220129\100x\16ea27ea74e262cd792709a6e19ff6bc0781f609023d508e262df14686ef69d7.xlsx.aviradetected" infected with Exploit.Siggen3.26700 - deleted
"c:\Downloads\20220129\100x\24a80a4b6c6625d42c81248be8783903cd10d4704763dc725955900fab72dfab.exe.aviradetected" infected with Trojan.Siggen16.35505 - deleted
"c:\Downloads\20220129\100x\41b58cddca86e32e7034daf8e97dcdaa04ac6cdcb41eae86be1c3fa7fd05c871.xlsx.aviradetected" infected with Exploit.Siggen3.26598 - deleted
"c:\Downloads\20220129\100x\53ca800262b15721bf8451e7999c935e65d4eb058126e3c1d4eb9942c9c60858.exe" infected with Trojan.PWS.Stealer.26952 - deleted
"c:\Downloads\20220129\100x\58e1144f23db9178e2d8fc84a5494950b6da143d71705e112a65c687471156d5.xlsx.aviradetected" infected with Exploit.Siggen3.26706 - deleted
"c:\Downloads\20220129\100x\90b83f9b54a431d5cd69ad1408ef2b46f5072cb1a7c1a8e69d9ae524d68abe97.exe" infected with Trojan.PWS.Siggen3.10809 - deleted
"c:\Downloads\20220129\100x\363e106f6ad1800b11928f8b254828c08a5c74b98939578803106e19b3f2db56.exe.aviradetected" infected with Trojan.PWS.Stealer.31726 - deleted
"c:\Downloads\20220129\100x\562c7815dd2bbe330531f3ba64f189b11669214fc94263cdf961ce5dc833d105.exe.aviradetected" - deleted
"c:\Downloads\20220129\100x\562c7815dd2bbe330531f3ba64f189b11669214fc94263cdf961ce5dc833d105.exe.aviradetected/data001" - infected
"c:\Downloads\20220129\100x\562c7815dd2bbe330531f3ba64f189b11669214fc94263cdf961ce5dc833d105.exe.aviradetected/data001" infected with Trojan.DownLoader33.59617
"c:\Downloads\20220129\100x\562c7815dd2bbe330531f3ba64f189b11669214fc94263cdf961ce5dc833d105.exe.aviradetected/data002" - infected
"c:\Downloads\20220129\100x\562c7815dd2bbe330531f3ba64f189b11669214fc94263cdf961ce5dc833d105.exe.aviradetected/data002" infected with Trojan.DownLoader33.59617
"c:\Downloads\20220129\100x\808cd132e03833c31a8487f3bed33b4b1190c05619b56cda6ff21b4f796a83db.dll" infected with Trojan.Emotet.1141 - deleted
"c:\Downloads\20220129\100x\2518a50e9483da255cb061cb5eb966f41f39daf912341e7cf4442da4b362da8c.exe.aviradetected" infected with Trojan.Hosts.49687 - deleted
"c:\Downloads\20220129\100x\5879d39a0bab80032ebc751728e034cf7ec7fb30749090b5df8c37100034ef95.exe" infected with Trojan.Gozi.850 - deleted
"c:\Downloads\20220129\100x\7649a43612652c0b32353e7ae9898150f885a770db0d024d0d034c4171d5d684.xls.aviradetected" infected with X97M.DownLoader.901 - deleted
"c:\Downloads\20220129\100x\21087a9952d89aaad69f40e4b206105fae75d1d3b2fabffbb4bd4f5297d84cc5.exe.aviradetected" infected with Trojan.Siggen16.711 - deleted
"c:\Downloads\20220129\100x\58495c71874df2ad597c4bcf9d06dcc4ecbbc9f27b2a7b55cdd813c439f83a31.exe" infected with Trojan.Siggen16.38402 - deleted
"c:\Downloads\20220129\100x\80640acf5225beaf70c891a63dfeab8b6c4c1cc16e3ea8ebbc4938a6712f3114.xls" infected with X97M.DownLoader.901 - deleted
"c:\Downloads\20220129\100x\601121c30531ce26c85a232f1e76df6a0eec591296ff711d45912db421d67a10.xls.aviradetected" infected with Exploit.Siggen3.26591 - deleted
"c:\Downloads\20220129\100x\892504033a259f380c1e2a35db15b95bffcff4f96c36a84731afde6c5b35371a.exe" infected with Trojan.Gozi.850 - deleted
"c:\Downloads\20220129\100x\0961253848c2324b1d374aab1e29315c60c28ed1dd42cbc4ca819aae5c8a7fac.xlsx.aviradetected" infected with Exploit.Siggen3.26705 - deleted
"c:\Downloads\20220129\100x\a7a9d11f1cfcd60a6548d3f5033f0d621a0c383e4d02af3e2782af0eab8085e7.dll.aviradetected" infected with Trojan.DownLoader13.13019 - deleted
"c:\Downloads\20220129\100x\a13ee864c6a802001850dd93f933b4d1fac54b6a8028917c783d95ae901642c9.dll.aviradetected" infected with Trojan.Emotet.1143 - deleted
"c:\Downloads\20220129\100x\a62bc659475f4e3f0ec13841df523cbf813f4b2c2116c3501ebd10e7adede04a.xls.aviradetected" infected with Exploit.Siggen3.26592 - deleted
"c:\Downloads\20220129\100x\a64d9d8b157c7f638aaf8d4955d751339a902fcb4a2502daf382c023e2ea2524.dll" infected with Trojan.Emotet.1141 - deleted
"c:\Downloads\20220129\100x\a61597b6be41455ecc22339454e7329b2ae05a73c5b79babe7de02c44cadeabf.exe.aviradetected" infected with Trojan.PWS.Steam.24014 - deleted
"c:\Downloads\20220129\100x\bc79a9662ee07c43bbec9321f04e2f186d22b2d7c10c790b828b51de0df1604a.exe" infected with Trojan.Inject4.24979 - deleted
"c:\Downloads\20220129\100x\c744fe5aa2ab646ac1a0583348316b13bf7ad12435edeb658aa5e0f09e494b89.exe.aviradetected" infected with Trojan.PWS.Stealer.29163 - deleted
"c:\Downloads\20220129\100x\c067194e9d005c09c7b36d0315d10d749e113f1e2e280e0957d13689bfd277a5.rar.aviradetected" - deleted
"c:\Downloads\20220129\100x\c067194e9d005c09c7b36d0315d10d749e113f1e2e280e0957d13689bfd277a5.rar.aviradetected/new_order.exe" - infected
"c:\Downloads\20220129\100x\c067194e9d005c09c7b36d0315d10d749e113f1e2e280e0957d13689bfd277a5.rar.aviradetected/new_order.exe" infected with Trojan.Siggen16.38314
"c:\Downloads\20220129\100x\ca5bfc42daf3182e19891fca776764678e338143367bc203cdf598e72eb32293.exe" infected with Trojan.Siggen16.38417 - deleted
"c:\Downloads\20220129\100x\cdd50bfb40670c4797a74e5d09156d0acab73bcff3cc011754ec5ca1f2a8ec18.rar.aviradetected" - deleted
"c:\Downloads\20220129\100x\cdd50bfb40670c4797a74e5d09156d0acab73bcff3cc011754ec5ca1f2a8ec18.rar.aviradetected/SOA_Balance_Payment.exe" - infected
"c:\Downloads\20220129\100x\cdd50bfb40670c4797a74e5d09156d0acab73bcff3cc011754ec5ca1f2a8ec18.rar.aviradetected/SOA_Balance_Payment.exe" infected with BackDoor.SpyBotNET.25
"c:\Downloads\20220129\100x\d31f7a4a68a38581a88a343cbc9be8480acdba021c3bca39f6d45c4cac352be1.exe" infected with Trojan.Gozi.850 - deleted
"c:\Downloads\20220129\100x\d47bd2ff5d90d64d18485203e59a952e485a39f98e3d54258a578b13d9136ae7.exe.aviradetected" infected with Trojan.Siggen16.38430 - deleted
"c:\Downloads\20220129\100x\d72ff8708ffeb9a95f559828938dc1439884e7c224579127418e285b1aa1d235.exe.aviradetected" infected with Trojan.PackedNET.1171 - deleted
"c:\Downloads\20220129\100x\d393bc3918eb1f83e3e3b481ada09a63931b366137e5a7c5542f32ac4ddad4bb.dll.aviradetected" infected with Trojan.Emotet.1143 - deleted
"c:\Downloads\20220129\100x\d626d2dd320f5f66816bf3c97a8dd37f1be24b722fa32601c45e3be87791ed97.exe.aviradetected" infected with Trojan.PWS.Steam.25027 - deleted
"c:\Downloads\20220129\100x\d30325befb2f43f1e9dd1107efea16b599a62204315516fcfcaef6761c3d71c8.xlsx.aviradetected" infected with Exploit.Siggen3.26588 - deleted
"c:\Downloads\20220129\100x\dc224bc7816a6cc723d2748796568a9b6cd48634e50340bca46a544be719960b.xls.aviradetected" infected with Exploit.Siggen3.26589 - deleted
"c:\Downloads\20220129\100x\e08ea21bb1cca3123c6c095b67c504f733ac252ea58034471eee06f4c8a76c1a.xlsx.aviradetected" infected with Exploit.Siggen3.26632 - deleted
"c:\Downloads\20220129\100x\e61a47624bb05943607226214bb45d5209d551dc5e28581d71c60ab4b2ea44ca.xlsx.aviradetected" infected with Exploit.Siggen3.26707 - deleted
"c:\Downloads\20220129\100x\e17667b8c4d4bed90c02026d543308a93691b52fef1ae66633987df3d83e7424.xlsx" infected with Exploit.Siggen3.26714 - deleted
"c:\Downloads\20220129\100x\eab58be07fca76485cc82eccb8f5dfff166c518db37f950c42c4682f6b6e86be.xlsx.aviradetected" infected with Exploit.Siggen3.26681 - deleted
"c:\Downloads\20220129\100x\ec05558f0ce0cba4365d379c300561112878e5e71bdb0bb8cae1335594187686.exe.aviradetected" infected with Trojan.PWS.Steam.24014 - deleted
"c:\Downloads\20220129\100x\f36a543cfcddf76b99df925bf70b22d560792d1059387e00bfe782bffd6e8a2b.exe.aviradetected" infected with Trojan.Siggen16.38409 - deleted
"c:\Downloads\20220129\100x\fa51b3b1d130a540d92f8864a6daeb74b25a3b34306dd2d0d61e4a24c4ad5744.exe.aviradetected" infected with Trojan.Inject4.24979 - deleted
"c:\Downloads\20220129\100x\fc97ba23d9fa7b6a40d087fe9f41ab16f3f561f527d8c05fbfaea85b5ee1095c.exe.aviradetected" infected with Trojan.MulDrop19.27095 - deleted

复制代码

显示全部楼层 · 发表于 2022-1-29 17:06:22

本帖最后由 ANY.LNK 于 2022-1-29 17:33 编辑

MS Defender：解压+扫描kill 99x，双击清空，总计100%击杀
之前忘截图了，加一下截屏，由于全部击杀，所以没有日志。@aiqinghe，已完成双击+二扫，请更新日志

[病毒样本] 0129新样本100x测试

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块