#APT32 (2022-08-10)

anthonyqian

anxiety520 发表于 2022-8-10 18:09
KES missed  虚拟机里装的是wps，

卡巴斯基  装office也missed

胡淇允

Mcafee miss all

UNknownOoo

anthonyqian 发表于 2022-8-10 19:03
卡巴斯基  装office也missed

跟这个似乎没关系，我wps和office都没装。

病毒双击后衍生物目录：C:\ProgramData\MicrosoftSyncData

DPT1

金山本地

LMHZSZNB

360 kill DLL

pal家族

Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.

Trojan.Win32.Hijacking.c

Best regards, Roman Rybachek, Malware Analyst
实测dll已经拉黑，需要清一下缓存就可以杀了

心心相印

essp kill

pal家族

pal家族 发表于 2022-8-10 20:14
Hello,

New malicious software was found in the attached file. Its detection will be included in t ...

MSVCR100.dll - HEUR:Trojan.Win32.Hijacking.gen
本帖内几个dll统一

wwwab

pal家族 发表于 2022-8-10 20:14
Hello,

New malicious software was found in the attached file. Its detection will be included in t ...

这个分析师我之前上报的时候入过Trojan.Win32.Hijack.b

现在怎么又变成Hijacking.c了，卡巴变迁这么快的吗

wwwab

pal家族 发表于 2022-8-10 21:08
MSVCR100.dll - HEUR:Trojan.Win32.Hijacking.gen
本帖内几个dll统一

我能看出来这个分析师非常喜欢用Hijack和Hijacking