12
返回列表 发新帖
楼主: petr0vic
收起左侧

[病毒样本] x2 (2023-01-26)

[复制链接]
kuroandsan
发表于 2023-1-26 20:37:14 | 显示全部楼层
  1. 扫描开始:        2023/1/26 20:36:08
  2. D:\Download\vir\2\1.iso -> Invoice_97157.vbs         发现风险: VB:Trojan.Valyria.7861 (B) [krnl.xmd]
  3. D:\Download\vir\2\2.iso -> Invoice_20928.vbs         发现风险: VB:Trojan.Valyria.7861 (B) [krnl.xmd]
复制代码


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Eset小粉絲
发表于 2023-1-26 23:01:09 | 显示全部楼层
VBS/TrojanDropper.Agent.PCS trojan

expected version: 26650.
a2340145
发表于 2023-1-27 00:30:11 | 显示全部楼层
金山毒霸MISS
aboringman
发表于 2023-1-27 03:06:23 | 显示全部楼层
Avast:2(但应该是因为恶意文件在压缩包里,所以没有办法处理了??????后来尝试打开那些iso文件,触发IDP全部处理了)

  1. D:\测试专用\2\1.iso|>Invoice_97157.vbs [L] Script:SNH-gen [Trj] (0)
  2. While moving file to chest, error occurred: Error 0x0000A47F
  3. D:\测试专用\2\2.iso|>Invoice_20928.vbs [L] Script:SNH-gen [Trj] (0)
  4. While moving file to chest, error occurred: Error 0x0000A47F
复制代码


  1. <ChestId>00000114</ChestId>

  2. <FileTime>1674759778</FileTime>

  3. <OrigFileName>1.iso</OrigFileName>

  4. <OrigFolder>D:\测试专用\2</OrigFolder>

  5. <Comment/>

  6. <Virus>IDP.Generic.fa3a9b975c2a.3.2</Virus>

  7. <Category>Vir</Category>

  8. <Restore>yes</Restore>

  9. <TransferTime>1674759778</TransferTime>

  10. <FileSize>290816</FileSize>

  11. <Viruses>IDP.Generic.fa3a9b975c2a.3.2</Viruses>

  12. <SupportExceptions>yes</SupportExceptions>

  13. <SendToAnalysis>yes</SendToAnalysis>

  14. </ChestEntry>


  15. -<ChestEntry>

  16. <ChestId>00000115</ChestId>

  17. <FileTime>1674759801</FileTime>

  18. <OrigFileName>2.iso</OrigFileName>

  19. <OrigFolder>D:\测试专用\2</OrigFolder>

  20. <Comment/>

  21. <Virus>IDP.Generic.1649b879a199.3.2</Virus>

  22. <Category>Vir</Category>

  23. <Restore>yes</Restore>

  24. <TransferTime>1674759801</TransferTime>

  25. <FileSize>290816</FileSize>

  26. <Viruses>IDP.Generic.1649b879a199.3.2</Viruses>

  27. <SupportExceptions>yes</SupportExceptions>

  28. <SendToAnalysis>yes</SendToAnalysis>
复制代码


GDHJDSYDH
发表于 2023-1-27 09:00:47 | 显示全部楼层
MD一扫miss,过了一会儿二扫kill

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Jerry.Lin
发表于 2023-1-27 13:11:09 | 显示全部楼层
drweb scan miss
petr0vic
 楼主| 发表于 2023-1-27 18:35:12 | 显示全部楼层
您好,火绒暂不支持iso格式文件的识别,感谢您的反馈。



wwwab
发表于 2023-1-27 19:13:19 | 显示全部楼层

It means unpacking and scanning of iso files is not supported (Не поддерживается распаковка и сканирование файлов ISO)

iso file is usually used to store the system image, so they are often huge. For such extreme compression formats, there are usually many antivirus software that do not support unpacking and scanning, because it wastes resources and time. And even all compressed package files will not be scanned by WiseVector at present. However, all types of compressed package files, including iso files, must be decompressed to run the files in them, and anti-virus software can monitor them for processing at this time, so as long as the files in them can be detected, there will be no risk. You can manually decompress them to test the anti-virus software.
nikonikoni
发表于 2023-1-27 19:25:41 | 显示全部楼层
GDHJDSYDH 发表于 2023-1-27 09:00
MD一扫miss,过了一会儿二扫kill

其实直接把vbs从iso里拖出来就能直接杀了
网名丢失
发表于 2023-1-28 01:40:17 | 显示全部楼层
火绒MISS
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-2 14:20 , Processed in 0.195691 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表