【开放测试】卡饭病毒样本包 20240709 第140期

QVM360

杰伦Ｊ时代 发表于 2024-7-9 19:03
管家要是有智量的主防和机学在配合管家的云端，我相信管家不管在国际还是我们中国可以直接第一阶梯队了！

可惜智量的机器学习模型没有给其他厂商使用

Komeiji-Reimu

QVM360 发表于 2024-7-9 18:48
卡巴主动防御开头都是PDM，你日志里没看到PDM这个字符串

pdm是系统监控报的，这个双击是文件反病毒报的

QVM360

Komeiji-Reimu 发表于 2024-7-9 19:15
pdm是系统监控报的，这个双击是文件反病毒报的

文件反病毒=扫描

wuming_bpnes

BD纸面上26个,但是实际上余两个DLL....都不知道怎么统计了

1. <font size="1">C:\Users\test\Downloads\27x (2024-07-09)\1\e4c4990451cfa8c8a75a65d68c8dc7efde67ba3cdca812636895f8488005da54.exe Gen:Suspicious.Cloud.2.jiW@am4aEQ Deleted
   
2. C:\Users\test\Downloads\27x (2024-07-09)\1\1b159fa01a8af6dc08e1e371203362f5a9ba4cf4128c3c234f1e53d492ee0eab.exe Trojan.GenericKD.73405068 Deleted
   
3. C:\Users\test\Downloads\27x (2024-07-09)\1\f6cbc49b4d78b007e50e81a36ad9fe723e8869350385dff56b02e6bbe0f886de.js=>(INFECTED_JS) JS:Trojan.Cryxos.13469 Deleted
   
4. C:\Users\test\Downloads\27x (2024-07-09)\1\050e979722f8a3be5a07806d3ebbbac067ff293ed225faff452aa6145ef21c96.exe Gen:Variant.Marsilia.110224 Deleted
   
5. C:\Users\test\Downloads\27x (2024-07-09)\1\e33fda9ea628ee0efe54b54a20a9e6aff7cd64d293f3b67c71f11d3035c17764.vbs Trojan.GenericKD.73401111 Deleted
   
6. C:\Users\test\Downloads\27x (2024-07-09)\1\f71c34128bf5c4a4ecc05e5aa4fbd02740b96c4aaf075124f3a4e33f36c17c92.exe Trojan.GenericKD.73407265 Deleted
   
7. C:\Users\test\Downloads\27x (2024-07-09)\1\5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d.exe Gen:Suspicious.Cloud.2.QTW@a4tBUzci Deleted
   
8. C:\Users\test\Downloads\27x (2024-07-09)\1\de8a9c273adc8bd2c615a7e09c87cb8b9cfc38ef6317bfa435b4a3474f1b670f.exe Gen:Variant.Barys.412544 Deleted
   
9. C:\Users\test\Downloads\27x (2024-07-09)\1\95ff9b2516243fd104555cb9b3fa51b27adeba8f27a80c0f69f7918599938e27.exe Gen:Suspicious.Cloud.2.In0@a8yleDn Deleted
   
10. C:\Users\test\Downloads\27x (2024-07-09)\1\01b7eea92bb27df73a6972f00927ba3a5989771f90052297f4027fc33e804ffd.exe IL:Trojan.MSILZilla.81201 Deleted
    
11. C:\Users\test\Downloads\27x (2024-07-09)\1\bb8b3acb02f86a5c9db1d935ee81c832330c8ff9d76971dd712737a6330947e6.exe=>(RAR Sfx o)=>providerbrokerSvc.exe Trojan.MSIL.Basic.8.Gen Deleted
    
12. C:\Users\test\Downloads\27x (2024-07-09)\1\93ef803a0a6d30205faaee49199b47907fa378e2350016cc63088eeb9514931d.exe Gen:Variant.Lazy.550625 Deleted
    
13. C:\Users\test\Downloads\27x (2024-07-09)\1\b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1.exe Gen:Suspicious.Cloud.2.QTW@aCXbqPdi Deleted
    
14. C:\Users\test\Downloads\27x (2024-07-09)\1\f0c3e45b96e2fa1bcd7f39a9a80337314cc27ea3df30a90c594b43fa8487adc6.exe Gen:Suspicious.Cloud.2.@Z0@a4MPRioi Deleted
    
15. C:\Users\test\Downloads\27x (2024-07-09)\1\8c415f6e9e4ddc4df9433b33035ee3c9750283cc9306cdf97d4f9b9df1036946.exe Trojan.GenericKD.73402377 Deleted
    
16. C:\Users\test\Downloads\27x (2024-07-09)\1\bb8b3acb02f86a5c9db1d935ee81c832330c8ff9d76971dd712737a6330947e6.exe=>(Embedded 0) Trojan.MSIL.Basic.8.Gen Deleted
    
17. C:\Users\test\Downloads\27x (2024-07-09)\1\3d27f5ef39dec06f86331e298842bad015f9f0ee0c608e408c7d9b0daef210f6.exe Gen:Variant.Bulz.262606 Deleted
    
18. C:\Users\test\Downloads\27x (2024-07-09)\1\510c31a30c94c1d46332356d8d4cf24171f3969c8d05e3dcecb492faa12fdc66.exe Trojan.GenericKDZ.102657 Deleted
    
19. C:\Users\test\Downloads\27x (2024-07-09)\1\d4db39743a54bacc03cdb4d4d772000823f099febea271a44d40631cc01a2a0c.exe Gen:Variant.Lazy.548203 Deleted
    
20. C:\Users\test\Downloads\27x (2024-07-09)\1\306f6928f04ff30ced95163cc97981ea9d0c4a51da496df9b1f44aeecc29e63f.vbs Trojan.GenericKD.73402735 Deleted
    
21. C:\Users\test\Downloads\27x (2024-07-09)\1\1d0bbe107346b8d5d1ed6bf86b4a5c561d426b4c06bb488b7fbbb8c93bfae9f2.exe Gen:Suspicious.Cloud.2.3uW@a0aDNFki Deleted
    
22. C:\Users\test\Downloads\27x (2024-07-09)\1\04684dfe5b251dd66125708589b7b21f3403ba7a624f4457b3fd95bbfbe4f6cc.js=>(INFECTED_JS) JS:Trojan.Cryxos.13469 Deleted
    
23. C:\Users\test\Downloads\27x (2024-07-09)\1\1b5fbf0fffc028708def7f8b1510dd668da7abbd0d0f63b597669339005e33e0.exe Gen:Suspicious.Cloud.2.kC0@a88WKDmG Deleted
    
24. C:\Users\test\Downloads\27x (2024-07-09)\1\1b5a9c840d8932be77aa43135038742007e1e1ca5d9b8954966ddedb703a0ee4.exe Gen:Variant.Lazy.549022 Deleted
    
25. C:\Users\test\Downloads\27x (2024-07-09)\1\04aea1458bbe0debfdc6cbd993d9d3ebf52e5742cac8d5ad53a44ac2c8010d12.exe Gen:Suspicious.Cloud.2.Vu3@auO8R@ni Deleted
    
26. C:\Users\test\Downloads\27x (2024-07-09)\1\540496b0cde097cb083d1c501af7b0ed84c5e94922be37700bfa44c2090ecfbc.exe Gen:Variant.Lazy.487114 Deleted </font>
    

复制代码

Komeiji-Reimu

QVM360 发表于 2024-7-9 19:17
文件反病毒=扫描

日志里有

Microsoft ® Windows Based Script Host        wscript.exe        C:\Windows\System32\wscript.exe        

后面还有发起者
说明肯定是双击后杀的启发了几下是不是也会被文件反病毒杀

多变的风向

111

GreatMOLA

Deep Instinct
扫描 23x


执行
306f6928f04ff30ced95163cc97981ea9d0c4a51da496df9b1f44aeecc29e63f.vbs



04684dfe5b251dd66125708589b7b21f3403ba7a624f4457b3fd95bbfbe4f6cc.js



e33fda9ea628ee0efe54b54a20a9e6aff7cd64d293f3b67c71f11d3035c17764.vbs




f6cbc49b4d78b007e50e81a36ad9fe723e8869350385dff56b02e6bbe0f886de.js

syswow64

Komeiji-Reimu 发表于 2024-7-9 19:38
日志里有
后面还有发起者
说明肯定是双击后杀的启发了几下是不是也会被文件反病毒杀

卡巴一如既往的特点，扫描不杀脚本，双击才杀，报法是入库的报法

YU2711

Avira 扫描20x


执行
050e979722f8a3be5a07806d3ebbbac067ff293ed225faff452aa6145ef21c96.exe


306f6928f04ff30ced95163cc97981ea9d0c4a51da496df9b1f44aeecc29e63f.vbs


其余Miss