8x (2024-03-27)

swizzer

https://funami.lanzoue.com/igszN1st85qd

DI 7/8 (Win平台似乎不检测其他平台的恶意软件?)

keen-qv

火绒 2个（6.0版本，开启高启发，病毒库日期2024-03-27 18:13）

DisaPDB

360 扫描4x

双击 2x


合计6/8

Fadouse

1. Event: Malicious object detected
   
2. User: LAPTOP\Fadouse
   
3. User type: Active user
   
4. Application name: explorer.exe
   
5. Application path: C:\Windows
   
6. Component: File Anti-Virus
   
7. Result description: Detected
   
8. Name: UDS:DangerousObject.Multi.Generic
   
9. Precision: Exactly
   
10. Threat level: High
    
11. Object type: File
    
12. Object name: timeSync.exe
    
13. Object path: E:\Code\Virus
    
14. MD5 of an object: 2B635D5080590A14D5AEA4D77BF03CD7
    
15. Reason: Cloud Protection
    
16. Event: Malicious object detected
    
17. User: LAPTOP\Fadouse
    
18. User type: Active user
    
19. Application name: explorer.exe
    
20. Application path: C:\Windows
    
21. Component: File Anti-Virus
    
22. Result description: Detected
    
23. Type: Trojan
    
24. Name: Trojan-PSW.Win32.Disco.wks
    
25. Precision: Exactly
    
26. Threat level: High
    
27. Object type: File
    
28. Object name: Mauqes.exe
    
29. Object path: E:\Code\Virus
    
30. MD5 of an object: 75CCB6ED3C85A68633E0DD8319A2CF36
    
31. Reason: Databases
    
32. Databases release date: Today, 3/27/2024 4:20:00 AM
    
33. Event: Malicious object detected
    
34. User: LAPTOP\Fadouse
    
35. User type: Active user
    
36. Application name: explorer.exe
    
37. Application path: C:\Windows
    
38. Component: File Anti-Virus
    
39. Result description: Detected
    
40. Name: UDS:DangerousObject.Multi.Generic
    
41. Precision: Exactly
    
42. Threat level: High
    
43. Object type: File
    
44. Object name: 7d18e238febf88bc7c868e3ee4189fd12a2aa4db21f66151bb4c15c0600eca6e.exe
    
45. Object path: E:\Code\Virus
    
46. MD5 of an object: 3E56975127F436AA5E8A9B9C7AF5EB23
    
47. Reason: Cloud Protection
    
48. Event: Malicious object detected
    
49. User: LAPTOP\Fadouse
    
50. User type: Initiator
    
51. Application name: smartscreen.exe
    
52. Application path: C:\Windows\System32
    
53. Component: File Anti-Virus
    
54. Result description: Detected
    
55. Type: Trojan
    
56. Name: HEUR:Trojan.VBS.SAgent.gen
    
57. Precision: Heuristic Analysis
    
58. Threat level: High
    
59. Object type: File
    
60. Object name: Angel.vbs
    
61. Object path: E:\Code\Virus
    
62. MD5 of an object: A22712D23B2775C205038A1AC865442A
    
63. Reason: Machine learning
    
64. Databases release date: Today, 3/27/2024 4:20:00 AM

复制代码

1. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
   
2. 3/27/2024 3:02:59 PM;Real-time file system protection;file;E:\Code\Virus\cvtres.bat;BAT/TrojanDropper.Agent.NKP trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;19F2B5B063B11D8ED5A61178EB1BA4E1243AE21F;3/27/2024 3:02:17 PM
   
3. 3/27/2024 3:03:02 PM;Real-time file system protection;file;E:\Code\Virus\Vbnhtlkdfw.exe;a variant of MSIL/TrojanDownloader.Agent.QNG trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;7B8D97CEF22C86E4C514B78D9AC529357C98D4D3;3/27/2024 3:02:18 PM
   
4. 3/27/2024 3:03:03 PM;Real-time file system protection;file;E:\Code\Virus\Qmpjm.exe;a variant of MSIL/Kryptik.AIZW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;35C32BCAE2F8ECBEADB8D22CF70E254E3E4F9CFA;3/27/2024 3:02:18 PM
   
5. 3/27/2024 3:03:04 PM;Real-time file system protection;file;E:\Code\Virus\timeSync.exe;ML/Augur trojan;cleaned by deleting (after the next restart);LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;2BAF94CEA34CDA8BF542BF63AD117F4243345B65;3/27/2024 3:02:18 PM
   
6. 3/27/2024 3:03:09 PM;Real-time file system protection;file;E:\Code\Virus\00ea585591b87304ac152936bbd2ab9b9c68583a76c5c3cc5da5646dd6614f96.exe;a variant of Win32/Kryptik.HWRX trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;F372B5BFB1BFFAEEFAABF18E40DE5B3C72F8794C;3/27/2024 3:02:17 PM
   
7. 3/27/2024 3:03:11 PM;Real-time file system protection;file;E:\Code\Virus\Ljauypuypg.exe;a variant of MSIL/TrojanDownloader.Agent_AGen.BFI trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;993807041F53F2E254671687AE4F3444E8D313EF;3/27/2024 3:02:17 PM
   
8. 3/27/2024 3:14:00 PM;Real-time file system protection;file;C:\Users\ASUS\AppData\Local\Temp\BNZ.6603c7241bc6a8\x.vbs;VBS/TrojanDownloader.Agent.AADP trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;8506F5EE6F4D65207E953CCB98EE7FB97AB55526;3/27/2024 3:13:41 PM
   
9. 3/27/2024 3:18:02 PM;HTTP filter;file;https://bbs.kafan.cn/forum.php?mod=attachment&aid=MzM4NDcwNXw1MjFlOWQ4YXwxNzExNTIzODU5fDEzMDY5NTl8MjI2NzU2OA==;a variant of Win64/TrojanDownloader.Agent.ARC trojan;connection terminated;LAPTOP\Fadouse;Event occurred during an attempt to access the web by the application: C:\Program Files\Google\Chrome\Application\chrome.exe (29D461DAEB9214C9100A2CFA2FF59BE60F9452B9).;843C898EDE02ACCA58F0F731E3BD0BC524BCA184;
   
10. 3/27/2024 4:08:06 PM;Real-time file system protection;file;E:\Code\Virus\#DarkGate\script.ahk;Win32/AHK.DT trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;C40B80BC4947D4AC52BC9C17D6D218B1FA9CD452;3/27/2024 4:07:41 PM
    
11. 3/27/2024 4:08:10 PM;Real-time file system protection;file;E:\Code\Virus\#Vidar\sqlite.dll;a variant of Win64/TrojanDownloader.Rugmi.AU trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;D94C6D5A8933D7FA7BF5C4020031020FB0E41747;3/27/2024 4:07:41 PM
    
12. 3/27/2024 4:08:12 PM;Real-time file system protection;file;E:\Code\Virus\Telecaster.exe;a variant of Win32/Injector.ETQY trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;857FA64483F911AAF2ED6238DEC1B46D7017A1EB;3/27/2024 4:07:41 PM
    
13. 3/27/2024 4:08:13 PM;Real-time file system protection;file;E:\Code\Virus\Angle.exe;a variant of MSIL/Kryptik.ALGI trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;6C58DDFFEC036207692A8C65EBC844D3AB3AAFCF;3/27/2024 4:07:41 PM
    

复制代码

祸兮福所倚

解压1+扫描7=8X

swizzer

祸兮福所倚 发表于 2024-3-27 17:53
解压1+扫描7=8X

按截图来看，扫描的7x里有3个都是同一文件吧

123456aaaafsdeg

-----------------------------------
总检测数量: 6
总清除数量: 6
C:/Users/Administrator/Desktop/Mazoku\Amos.dmg --- 已检出
C:/Users/Administrator/Desktop/Mazoku\Angel.vbs --- 已检出
C:/Users/Administrator/Desktop/Mazoku\Anger.vbs --- 已检出
C:/Users/Administrator/Desktop/Mazoku\Angle.exe --- 已检出
C:/Users/Administrator/Desktop/Mazoku\Telecaster.exe --- 已检出
C:/Users/Administrator/Desktop/Mazoku\Telephonk.exe --- 未检出
C:/Users/Administrator/Desktop/Mazoku\#DarkGate\AutoHotkey.exe --- 未检出
C:/Users/Administrator/Desktop/Mazoku\#DarkGate\script.ahk --- 未检出
C:/Users/Administrator/Desktop/Mazoku\#DarkGate\test.txt --- 未检出
C:/Users/Administrator/Desktop/Mazoku\#Vidar\griddlecake.bmp --- 未检出
C:/Users/Administrator/Desktop/Mazoku\#Vidar\podium.cfg --- 未检出
C:/Users/Administrator/Desktop/Mazoku\#Vidar\Setup.exe --- 未检出
C:/Users/Administrator/Desktop/Mazoku\#Vidar\sqlite.dll --- 已检出
-----------------------------------

祸兮福所倚

swizzer 发表于 2024-3-27 18:21
按截图来看，扫描的7x里有3个都是同一文件吧

大佬您好，我小学文化，是什么文件真看不大懂，每次就是下载-解压-扫描-截图-发出来-删除样本和隔离区，如有操作不当，一定改正，谢谢指正

hhjjjjjj123

卡巴扫描5x

tjsh

Hezhong 3x

1. 
   
2. ------------------------HEZHONG ANTIVIRUS SCAN LOG------------------------
   
3. 开始于:  2024.3.27-21.46.56
   
4. 病毒库版本:  528
   
5. 软件版本:  6.29
   
6. 引擎版本:  6.27.1100
   
7. 记录病毒数量:  0
   
8. ------------------------HEZHONG ANTIVIRUS SCAN LOG------------------------
   
9.             
   
10.             
    
11. 扫描文件：D:\IDM\Compressed\Mazoku\Amos.dmg    ......
    
12. 扫描文件：D:\IDM\Compressed\Mazoku\Angel.vbs    ......
    
13. 扫描文件：D:\IDM\Compressed\Mazoku\Anger.vbs    ......
    
14. 扫描文件：D:\IDM\Compressed\Mazoku\Angle.exe    ......-> 发现了：HEUR:Trojan.Generic
    
15. 扫描文件：D:\IDM\Compressed\Mazoku\Telecaster.exe    ......
    
16. 扫描文件：D:\IDM\Compressed\Mazoku\Telephonk.exe    ......-> 发现了：DL.Trojan.100.a
    
17. 扫描文件：D:\IDM\Compressed\Mazoku\#DarkGate\AutoHotkey.exe    ......-> 发现了：DL.Trojan.99.a
    
18. 扫描文件：D:\IDM\Compressed\Mazoku\#DarkGate\script.ahk    ......
    
19. 扫描文件：D:\IDM\Compressed\Mazoku\#DarkGate\test.txt    ......
    
20. 扫描文件：D:\IDM\Compressed\Mazoku\#Vidar\griddlecake.bmp    ......
    
21. 扫描文件：D:\IDM\Compressed\Mazoku\#Vidar\podium.cfg    ......
    
22. 扫描文件：D:\IDM\Compressed\Mazoku\#Vidar\Setup.exe    ......
    
23. 扫描文件：D:\IDM\Compressed\Mazoku\#Vidar\sqlite.dll    ......
    
24. 扫描已经完成。耗时10.69秒钟，扫描13文件，扫描3个检测。

复制代码