病毒样本测试 7X

wwwab

下载1：https://pan.huang1111.cn/s/z9BQfM
下载2：https://t.wss.ink/f/b4ybgup0ici

解压密码：infected

秋日之殇

卡巴清空

UNknownOoo

火绒
扫描：5X

东南大学

小红伞SAVAPI扫描

1. Global information:
   
2. -------------------
   
3. date: Fri, 05 May 2023 22:33:51 +0800
   
4. product version: 4.15.16.62
   
5. engine version: 8.3.66.80
   
6. VDF version: 8.19.40.6
   
7. VDF signature count: 5243914
   
8. license expire: 2023-09-30
   
9. 
   
10. Scan results:
    
11. -------------
    
12. alert_name=TR/AD.RedLineSteal.hjsxr type=trojan description=Is the Trojan horse TR/AD.RedLineSteal.hjsxr file=c:\Downloads\missed\1\11.exe
    
13. alert_name=TR/Crypt.XPACK.Gen type=APC/TR description=Detected by Avira APC file=c:\Downloads\missed\1\1F3D.exe
    
14. alert_name=TR/Redcap.teoox type=trojan description=Is the Trojan horse TR/Redcap.teoox file=c:\Downloads\missed\1\321.exe
    
15. alert_name=HEUR/AGEN.1357339 type=heuristic description=Contains suspicious code HEUR/AGEN.1357339 file=c:\Downloads\missed\1\3BAF.exe
    
16. alert_name=TR/Crypt.XPACK.Gen type=APC/TR description=Detected by Avira APC file=c:\Downloads\missed\1\4C26.exe
    
17. alert_name=TR/Crypt.XPACK.Gen type=APC/TR description=Detected by Avira APC file=c:\Downloads\missed\1\D64C.exe
    
18. 
    
19. Summary:
    
20. --------
    
21. total: 7
    
22. clean: 1
    
23. infected: 6
    
24. repairable: 0
    
25. not scanned: 0

复制代码

心醉咖啡

毒霸

761773275

BEST kill all

Eset小粉絲

ESET 7/7

wwwab

大蜘蛛Dr.Web：

1. Engine version: 7.0.59.12300
   
2. Total virus-finding records: 11568998

复制代码

1. 1.zip - archive ZIP
   
2. >1.zip/1/D64C.exe - Ok
   
3. >1.zip/1/3BAF.exe infected with Trojan.MulDropNET.43
   
4. >1.zip/1/321.exe packed by FLY-CODE
   
5. >>1.zip/1/321.exe - Ok
   
6. >1.zip/1/Install.exe - file too large, skipped
   
7. >1.zip/1/1F3D.exe - Ok
   
8. >1.zip/1/4C26.exe - Ok
   
9. >1.zip/1/11.exe packed by FLY-CODE
   
10. >>1.zip/1/11.exe packed by BINARYRES
    
11. >>>1.zip/1/11.exe packed by FLY-CODE
    
12. >>>>1.zip/1/11.exe - Ok

复制代码

Only Kill 1

hhhq316

EMSi

东南大学

骚护士扫描

1. Microsoft Windows [Version 6.1.7601]
   
2. Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
   
3. 
   
4. e:\GitHub\sav32cli>sav64cli -extensive -all -putf8=sav32cli.log -archive -cab -loopback -mime -oe -tnef -pua -suspicious -rename -mac c:\Downloads\missed\1\
   
5. Sophos Anti-Virus
   
6. Version 5.99.0 [Win32/AMD64]
   
7. Virus data version 6.00, April 2023
   
8. Includes detection for 83183875 viruses, trojans and worms
   
9. Copyright (c) 1989-2023 Sophos Limited. All rights reserved.
   
10. 
    
11. BY USING THIS TOOL YOU AGREE THAT YOU ARE FULLY BOUND BY, AND SUBJECT TO, ALL
    
12. OF THE OBLIGATIONS CONTAINED IN THE SOPHOS END USER LICENCE AGREEMENT ("EULA")
    
13. AND THE ONLY RIGHTS AND/OR REMEDIES AVAILABLE TO YOU (WITH RESPECT TO YOUR USE
    
14. OF THIS TOOL) ARE THOSE RIGHTS AND REMEDIES THAT ARE STATED IN THE EULA
    
15. (a copy of which is reproduced at : https://www.sophos.com/en-us/legal/sophos-en
    
16. d-user-license-agreement.aspx).
    
17. 
    
18. System time 22:59:58, System date 05 May 2023
    
19. Command line qualifiers are: -extensive -all -putf8=sav32cli.log -archive -cab -
    
20. loopback -mime -oe -tnef -pua -suspicious -rename -mac
    
21. 
    
22. IDE directory is: e:\GitHub\sav32cli
    
23. 
    
24. Using IDE file form-dlq.ide
    
25. .....
    
26. Using IDE file crypt-n.ide
    
27. 
    
28. Quick Scanning
    
29. 
    
30. >>> Virus 'Troj/Krypt-VZ' found in file c:\Downloads\missed\1\1F3D.exe
    
31. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
32. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
33. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
34. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
35. Renamed c:\Downloads\missed\1\1F3D.exe to c:\Downloads\missed\1\1F3D.exe.infected successfully
    
36. >>> Virus 'Troj/ILAgent-I' found in file c:\Downloads\missed\1\3BAF.exe
    
37. >>> Virus 'Troj/ILAgent-I' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
38. >>> Virus 'Troj/ILAgent-I' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
39. >>> Virus 'Troj/ILAgent-I' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
40. >>> Virus 'Troj/ILAgent-I' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
41. Renamed c:\Downloads\missed\1\3BAF.exe to c:\Downloads\missed\1\3BAF.exe.infected successfully
    
42. >>> Virus 'Troj/Krypt-VZ' found in file c:\Downloads\missed\1\4C26.exe
    
43. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
44. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
45. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
46. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
47. Renamed c:\Downloads\missed\1\4C26.exe to c:\Downloads\missed\1\4C26.exe.infected successfully
    
48. >>> Virus 'Troj/Krypt-VZ' found in file c:\Downloads\missed\1\D64C.exe
    
49. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
50. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
51. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
52. >>> Virus 'Troj/Krypt-VZ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
53. Renamed c:\Downloads\missed\1\D64C.exe to c:\Downloads\missed\1\D64C.exe.infected successfully
    
54. >>> Virus 'Mal/VMProtBad-A' found in file c:\Downloads\missed\1\Install.exe
    
55. >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
56. >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    
57. >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
58. >>> Virus 'Mal/VMProtBad-A' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
    
59. Renamed c:\Downloads\missed\1\Install.exe to c:\Downloads\missed\1\Install.exe.infected successfully
    
60. 
    
61. Registry was swept.
    
62. 7 files swept in 3 minutes and 35 seconds.
    
63. 25 viruses were discovered.
    
64. No PUAs were discovered.
    
65. 5 files out of 7 were infected.
    
66. If you need further advice regarding any detections please visit our
    
67. Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
    
68. Ending Sophos Anti-Virus.
    
69. 
    
70. e:\GitHub\sav32cli>

复制代码