farfli

不知起什么名

UNknownOoo 发表于 2023-10-15 14:11
emmm...没更新毒库嘛？

最新库甚至有通杀特征了已经（需修改文件特征）

em，能问下怎么修改文件特征吗病毒库是最新的，但是发现有点问题，现在能正常扫描了

UNknownOoo

不知起什么名 发表于 2023-10-15 14:13
em，能问下怎么修改文件特征吗病毒库是最新的，但是发现有点问题，现在能正常扫描了

随便改，换个图标，套个火绒能脱的壳，用Winhex往文件里加点字符什么的，反正别光改个MD5都行（）

awsl10000次

ESET missed

不知起什么名

UNknownOoo 发表于 2023-10-15 14:24
随便改，换个图标，套个火绒能脱的壳，用Winhex往文件里加点字符什么的，反正别光改个MD5都行（）

彳亍

装甲未被击穿

block 咋没有密码

biue

hansyu

McAfee
ti!0C3A4C82FAF7

t0kenzero

DI Kill

GreatMOLA

F-S
Suspicious:W32/Malware!DeepGuard.h

GreatMOLA

kaspersky与火绒 发表于 2023-10-15 13:44
诺顿扫描miss，未双击

执行，IPS检测到。

1. Category: Norton Community Watch
   
2. Date & Time,Risk,Activity,Status,Recommended Action,Date Updated,Submitted By,Description,Submission Details
   
3. 10/15/2023 4:37:48 PM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,10/15/2023 4:37:49 PM,Norton 360,IPS Detection Statistical Submission,"Signature ID: 11681  <br>Local or Remote Attacker: 2  <br>Remote Port: 280  <br>Local Port: 49796  <br>Protocol: 6  <br>Signature Set Version: 20231013.001  <br>Application Name: \DEVICE\HARDDISKVOLUME3\USERS\USER\DESKTOP\MFC520 (3).EXE  <br>Offending URL: http://45.249.93.80:280/output.txt  <br>Date Detected: Sun, 15 Oct 2023 08:37:48 GMT  <br>Application File Checksum: 579F5C2ABE9A19155532F9E1C82EBF97  <br>Application File Information: 1.0.0.1  <br>Network Data: 434D50520014000078DAED90DD4AC3301886BFB02AEAEA18C8C44BF0C42ADD06CEB3D0A44BA06D6692821EE512F4A0036FC73B3549BB51E8A987DF534A7FF2E47DC9D7B0825E430A37D04346CFF0EFF7A9FFBAF4F7857FBB823BB0CAD2CA19AB39AD9D2A4BC3AD80D3BEAD57C3D605144256CC95B2E20DADF9D7B1FB3E7659F7D3017984C43B09DC8234EEA0D5C7A76B0D677D401A03525882E6EF2D37D609A69D50C66EB659BED965BB75F6FA02440C21F713CF15AA6D6C3C09C9076B35B50E4ADB87609175AC5CFAA39D254E199FB6BEE5A1793E642ECE7AED27A058121B750C9B8D1AFBD53030D9ECF7DC02994567EEAF93D36AF93C1A1182200882200882200882200882FC0B7FB0E948FC  <br>Sub-signature ID: 65536  <br>Signature Properties: 29714  <br>Referer URL:   <br>Application File SHA256: 0C3A4C82FAF7E71DCBB037E0A9261CBA6423B10681D3AE60E8A53F73648B8821  <br>Application File CreateTime: 133418326651232424  <br>IPSSubmissionID: e04a8a8d-ff42-11ee-96cd-806e6f6e6963  <br>Application File Reputation: -25  <br>Application File Prevalence: 3  <br>Forwarded For:   <br>Process ancestors: C:\Windows\explorer.exe|C:\Windows\System32\userinit.exe|C:\Windows\System32\winlogon.exe|C:\Windows\System32\smss.exe|C:\Windows\System32\smss.exe  <br>Signature Response: 2  <br>Remote Address: 45.249.93.80  <br>Message Disposition: 1  <br>  <br>OS-Country:86  <br>OS-Language:Chinese (Simplified)  <br>Processor:Intel64 Family 6 Model 154 Stepping 3  <br>System:Windows 10 build 19045   <br>Platform-GUID:BE48A62E-59DC-4C9C-8A76-7D90B3DF5B9A  <br>Telem-ID:C1D9E9D4-2660-4DF4-BB92-AB9ABAE8F9C8  <br>HWID:0B804B9D-5602-3659-A496-5AB46B85A8AC  <br>Hostname-MD5:E947355724F38F3CA15F7AB2FE631C3B  <br>DateSubmitted:Sun, 15 Oct 2023 08:37:48 GMT  <br>Product:Norton Security 22.23.9.7"
   

复制代码

之后检查Insight，信誉已被判定为不良。