13x (2024-01-29, a.m.)

swizzer

https://wormhole.app/no3yN#kYKaxqljGxEgeANiZRs2Xw
https://pan.huang1111.cn/s/zyGasM

UNknownOoo

火绒
扫描：7X

1. 扫描文件：13
   
2. 发现风险：7
   
3. 已处理风险：0
   
4. 病毒详情：
   
5. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240129\80eda703.apk >> classes.dex, 病毒名：TrojanSpy/Android.Agent.ay, 病毒ID：febe3a22122e6c2d, 处理结果：暂不处理
   
6. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240129\b8a23a7c.exe, 病毒名：Trojan/MSIL.Agent.fb, 病毒ID：9c15edef518bfd15, 处理结果：暂不处理
   
7. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240129\24ca31f5.exe, 病毒名：VirTool/MSIL.Obfuscator.su, 病毒ID：a50a174513711fa8, 处理结果：暂不处理
   
8. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240129\1dac794e.exe, 病毒名：TrojanDropper/CoinMiner.f, 病毒ID：3db073aa0b47200a, 处理结果：暂不处理
   
9. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240129\4ffb292d.exe, 病毒名：Trojan/MSIL.Agent.fb, 病毒ID：9c15edef518bfd15, 处理结果：暂不处理
   
10. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240129\d29b5951.exe, 病毒名：HEUR:TrojanDownloader/Agent.bf, 病毒ID：7bec03d7fe2662cb, 处理结果：暂不处理
    
11. 风险路径：C:\Users\UnknownOoo\Downloads\Compressed\240129\0a80be5a.exe, 病毒名：HVM:Trojan/SelfLoader.a, 病毒ID：dfd4668b4850b54f, 处理结果：暂不处理

复制代码

X-Sec
扫描：9X

1. ---------------------
   
2. 2024/01/29 10:59:50 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\1545fa27.exe -- [rame-classic] Stealer.NovaSentinel/JS!1.F2BA
   
3. 2024/01/29 10:59:51 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\1dac794e.exe -- [rame-classic] Stealer.Agent/SFX!1.F3AF
   
4. 2024/01/29 10:59:51 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\24ca31f5.exe -- [rame-classic] Trojan.AntiVM!1.CF63
   
5. 2024/01/29 10:59:53 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\80eda703.apk -- [rame-topis] Spyware.Agent/Android!8.3BE
   
6. 2024/01/29 10:59:54 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\4b420904.exe -- [rame-classic] Trojan.Obfus/JS!1.F3B0
   
7. 2024/01/29 10:59:54 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\9c6740c6.exe -- [rame-rdm.msil2] Malware.Obfus/MSIL@AI.100
   
8. 2024/01/29 10:59:55 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\b8a23a7c.exe -- [rame-cloud] Trojan.Dynara!8.18D9F
   
9. 2024/01/29 10:59:57 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\d29b5951.exe -- [rame-cloud] Stealer.Convagent!8.1326D
   
10. 2024/01/29 10:59:59 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\240129\d41a9a63.exe -- [rame-cloud] Stealer.Agent!8.C2

复制代码

hhjjjjjj123

卡巴扫描11x   剩余安恒云沙箱-下一代沙箱的领航者 (dbappsecurity.com.cn)
安恒云沙箱-下一代沙箱的领航者 (dbappsecurity.com.cn)

wenshui1013

checkpoint mac版本，使用sophos的anti-malware库，9x， anti-malware 1x，文件信誉7x，威胁仿真1x

checkpoint windows版，使用kaspersky的anti-malware库，13x，anti-malware 12x，文件信誉1x，卡巴主防kill 1X

tjsh

河众3x 两个Generic 一个DLInjecter
ClamAV 3x

1. Loading:    27s, ETA:   0s [========================>]    8.68M/8.68M sigs
   
2. Compiling:   4s, ETA:   0s [========================>]       41/41 tasks
   
3. 
   
4. C:\Users\tjsh\Desktop\240129\0a80be5a.exe: Win.Trojan.Scar-6903585-0 FOUND
   
5. C:\Users\tjsh\Desktop\240129\1545fa27.exe: OK
   
6. C:\Users\tjsh\Desktop\240129\1dac794e.exe: Win.Keylogger.Gencbl-9969771-0 FOUND
   
7. C:\Users\tjsh\Desktop\240129\24ca31f5.exe: Win.Packed.Msilzilla-10018301-0 FOUND
   
8. C:\Users\tjsh\Desktop\240129\4b420904.exe: OK
   
9. C:\Users\tjsh\Desktop\240129\4ffb292d.exe: OK
   
10. C:\Users\tjsh\Desktop\240129\527eb44a.exe: OK
    
11. C:\Users\tjsh\Desktop\240129\80eda703.apk: OK
    
12. C:\Users\tjsh\Desktop\240129\9a992de6.exe: OK
    
13. C:\Users\tjsh\Desktop\240129\9c6740c6.exe: OK
    
14. C:\Users\tjsh\Desktop\240129\b8a23a7c.exe: OK
    
15. C:\Users\tjsh\Desktop\240129\d29b5951.exe: OK
    
16. C:\Users\tjsh\Desktop\240129\d41a9a63.exe: OK
    
17. 
    
18. ----------- SCAN SUMMARY -----------
    
19. Known viruses: 8683593
    
20. Engine version: 1.2.1
    
21. Scanned directories: 1
    
22. Scanned files: 13
    
23. Infected files: 3
    
24. Data scanned: 631.81 MB
    
25. Data read: 178.04 MB (ratio 3.55:1)
    
26. Time: 160.235 sec (2 m 40 s)
    
27. Start Date: 2024:01:29 11:17:42
    
28. End Date:   2024:01:29 11:20:23

复制代码

Allure361

金山毒霸：kill 5

——————————分割线————————————————

瑞星静态结果：7个移除，1个修复


双击：
0a80be5a.exe  有进程，瑞星无反应 miss
4ffb292d.exe    没有看到进程？
9a992de6.exe   外联被实体机卡巴拦截了，虚拟机报错
527eb44a.exe   运行报错
1545fa27.exe    运行UAC cmd 请求通过后，程序报错

GreatMOLA

Cy 静态8x

mmmaoo

江民静态7x：

anxiety520

hhjjjjjj123 发表于 2024-1-29 11:05
卡巴扫描11x   剩余安恒云沙箱-下一代沙箱的领航者 (dbappsecurity.com.cn)
安恒云沙箱-下一代沙箱的领航 ...

附上双击结果
1dac794e.exe PDM:Trojan.Win32.Generic
527eb44a.exe MISSED   



卡巴现已云拉黑UDS:Trojan.Win64.Agentb.a

z614606517

华为7x剩余三个双击没有触发行为