#DirectSyscall

显示全部楼层 · 发表于 2022-7-14 16:57:18

智量扫描miss，双击WIBD:HEUR.DirectSyscall.B
VT发帖时10检出

显示全部楼层 · 发表于 2022-7-14 17:22:40

Filename: 7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706.exe
Threat name: Trojan.Gen.MBTFull Path: C:\Users\山一程\Desktop\7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706\7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706.exe

____________________________

____________________________

On computers as of
2022/7/14 at 17:22:29

Last Used
2022/7/14 at 17:22:29

Startup Item
No

Launched
No

Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.

____________________________

7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706.exe Threat name: Trojan.Gen.MBT
Locate

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week ago.

High
This file risk is high.

____________________________

Source: External Media

____________________________

File Actions

File: C:\Users\山一程\Desktop\7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706\ 7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706.exe Blocked
____________________________

File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

显示全部楼层 · 发表于 2022-7-14 17:44:55

Gen:Suspicious.Cloud.2.5OW@amre52j

显示全部楼层 · 发表于 2022-7-14 18:16:03

ESET

Win64/Agent_AGen.GR

显示全部楼层 · 发表于 2022-7-14 20:44:51

360： 0

时间操作说明次数
2022-07-05 22:51:49 [已阻止] 远程线程注入防护 1 次
详细描述：
进程：C:\USERS\123\DESKTOP\7C519F4B8C79AEEBF44CC9C9C2B5C4E1AB5EE279616578C79B08C273A2BA4706.EXE
动作：远程线程注入
路径：C:\Windows\System32\notepad.exe
风险文件：C:\USERS\123\DESKTOP\7C519F4B8C79AEEBF44CC9C9C2B5C4E1AB5EE279616578C79B08C273A2BA4706.EXE
防护信息: AD|2, 88|30, 30, -1||

复制代码

显示全部楼层 · 发表于 2022-7-14 20:56:18

卡巴双击
过两分钟主防报毒：
Event: Malicious object detected
Application: 7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706.exe
User: GP76\Xzz123
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: PDM:Trojan.Win32.Generic
Threat level: High
Object type: Process
Object path: C:\Users\Xzz123\Desktop
Object name: 7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706.exe
Reason: Behavior analysis
Databases release date: Today, 2022/7/14 17:48:00
MD5: A433878CBE188F2FD719DBF12E26A70A

Event: Malicious object detected
Application: Kaspersky Standard
User: GP76\Xzz123
User type: Active user
Component: System Watcher
Result description: Detected
Type: Trojan
Name: MEM:Trojan.Win32.Cometer.gen
Threat level: High
Object type: File
Object name: System Memory
Reason: Expert analysis
Databases release date: Today, 2022/7/14 17:48:00

显示全部楼层 · 发表于 2022-7-14 20:59:28

pal家族发表于 2022-7-14 20:56
卡巴双击
过两分钟主防报毒：
Event: Malicious object detected

Ohhh，报内存了耶

而且pdm也报了，内存也报了

显示全部楼层 · 发表于 2022-7-14 21:00:12

wwwab 发表于 2022-7-14 20:59
Ohhh，报内存了耶

而且pdm也报了，内存也报了

说实话我不知道这个cometer是啥意思

显示全部楼层 · 发表于 2022-7-14 21:00:54

pal家族发表于 2022-7-14 21:00
说实话我不知道这个cometer是啥意思

卡巴的内存报法报毒名称好像向来都很奇怪

显示全部楼层 · 发表于 2022-7-14 21:09:44

实时防护检测到威胁。文件已被隔离。C:\Users\83722\Downloads\7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706\7c519f4b8c79aeebf44cc9c9c2b5c4e1ab5ee279616578c79b08c273a2ba4706.exe 是恶意软件 Gen:Suspicious.Cloud.2.5OW@amre52j

[病毒样本] #DirectSyscall

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块