#Downloader #AHK (2022/4/9)

显示全部楼层 · 发表于 2022-4-10 13:27:46

夜光星发表于 2022-4-9 17:43
火绒不会是盯着样本区入库的吧

火绒没有特殊情况一天就更新一次库也没有云，你在说什么？

显示全部楼层 · 发表于 2022-4-11 00:28:05

Sophos 分析如下：

We checked the below mentioned files with SOPHOS labs team and it shows below result:-
lock.txt => not detect-worthy
JSON.ahk => not detect-worthy
ssleay32.dll => not detect-worthy
libeay32.dll => not detect-worthy
kdsd3.ahk => not detect-worthy
BA7753740AD8417EEFD87B7CA6~.msi => identity associated
kdsd3.exe => identity associated

Not-detect worthy doesn't mean the file is clean, it could be a file created or used by malware but by itself, it can't do anything malicious, or it was randomly created file that would only have ever been used once.
Identity Associated means file is no longer detected by Sophos as malicious.

[病毒样本] #Downloader #AHK (2022/4/9)