【开放测试】卡饭病毒样本包 20240712 第143期

Nocria

EMSISOFT - 10/21

1. Emsisoft Anti-Malware - Version 2024.7
   
2. Last update: 2024/7/12 20:52:51
   
3. OS version: Windows 10x64
   
4. 
   
5. Scan settings:
   
6. 
   
7. Scan type: Custom Scan
   
8. Objects: C:\Users\promi\Desktop\infected2024071201
   
9. 
   
10. Detect PUPs: On
    
11. Scan archives: On
    
12. Scan mail archives: Off
    
13. ADS Scan: On
    
14. 
    
15. Scan start:        2024/7/12 21:03:58
    
16. C:\Users\promi\Desktop\infected2024071201\Download\0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1.lnk         detected: Trojan.PowerShell.Gen (A) [289634]
    
17. C:\Users\promi\Desktop\infected2024071201\Download\0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1.lnk -> (CommandArguments)         detected: Heur.BZC.YAX.Boxter.241.78B2BE04 (B) [krnl.xmd]
    
18. C:\Users\promi\Desktop\infected2024071201\Download\02072024_1624_02072024_NUMER FAKTURY PILNIE WYMAGANY 240702.vbs         detected: Trojan.GenericFCA.Script.33933 (B) [krnl.xmd]
    
19. C:\Users\promi\Desktop\infected2024071201\Download\19c968f716107aea4fb7bf7fdeb9f8821b4aa1ea8593137a08322356c80460cd.vbs         detected: Trojan.Generic.36507602 (B) [krnl.xmd]
    
20. C:\Users\promi\Desktop\infected2024071201\Download\732a6bf2345e9cc40b9a6a1164dc2e823955cbc56a5d3750e675d1c4db7f7415.lnk         detected: Trojan.GenericKD.73402369 (B) [krnl.xmd]
    
21. C:\Users\promi\Desktop\infected2024071201\Download\147e7953d3b54a9e8367d9e9670a4a182824f56cf30d35a315799a1953e5cdb1.vbs         detected: Trojan.Generic.36506455 (B) [krnl.xmd]
    
22. C:\Users\promi\Desktop\infected2024071201\Download\IT01879020517_uGIim_xml路pdf.exe         detected: Trojan.GenericKD.73435720 (B) [krnl.xmd]
    
23. C:\Users\promi\Desktop\infected2024071201\Download\aa012e5b757959f95b14b9866f36c49335096a95b4f058ee9a85b6552a0e168d.vbs         detected: Trojan.Generic.36503891 (B) [krnl.xmd]
    
24. C:\Users\promi\Desktop\infected2024071201\Download\QUOTATION_JULQTRA071244煤PDF.scr.exe         detected: Trojan.GenericKD.73401216 (B) [krnl.xmd]
    
25. C:\Users\promi\Desktop\infected2024071201\Download\vNrcPvMYLZmn2cc.exe         detected: Trojan.GenericKD.73435978 (B) [krnl.xmd]
    
26. 
    
27. Scanned        81
    
28. Found        10
    
29. Scanning files... Done!
    
30. 
    
31. Scan end:        2024/7/12 21:04:02
    
32. Scan time:        0:00:04
    

复制代码

hansyu

McAfee 扫描 12x 双击+2x
missed 7x

1. {"timestamp":"2024-07-12T13:02:09.504Z","target_name":"\\\\?\\C:\\Users\\anna\\Desktop\\infected2024071201\\Download\\19c968f716107aea4fb7bf7fdeb9f8821b4aa1ea8593137a08322356c80460cd.vbs","initiator_name":"VBScript","sensor":"IAntiMalware","target_hash":"19c968f716107aea4fb7bf7fdeb9f8821b4aa1ea8593137a08322356c80460cd","target_url":"","detection_name":"Trojan:Script/remcos.AD","final_result":"infection quarantined","all":[{"final_detection_source":"neo","file_rep":0,"hti_rep":1,"url_rep":0,"cert_rep":[]},{"detection_source":"cache","file_rep":0,"hti_rep":50,"url_rep":0,"cert_rep":[]},{"detection_source":"signature","file_rep":0,"hti_rep":50,"url_rep":0,"cert_rep":[]},{"detection_source":"rp-fileless","file_rep":0,"hti_rep":50,"url_rep":0,"cert_rep":[]},{"detection_source":"av","file_rep":0,"hti_rep":50,"url_rep":0,"cert_rep":[]},{"detection_source":"neo","file_rep":0,"hti_rep":1,"url_rep":0,"cert_rep":[]}]}
   
2. {"timestamp":"2024-07-12T13:08:07.126Z","target_name":"\\\\?\\C:\\Users\\anna\\AppData\\Local\\Temp\\faultrep.dll","initiator_name":"\\\\?\\C:\\Users\\anna\\AppData\\Local\\Temp\\WerFault.exe","sensor":"section execute","target_hash":"0fbb21dd4fd0e0305b57e64f18129682a0416cf852d6bc88b53960e6b48603eb","target_url":"","detection_name":"ti!0FBB21DD4FD0","final_result":"infection quarantined","all":[{"final_detection_source":"hti","file_rep":2,"hti_rep":2,"url_rep":0,"cert_rep":[]},{"detection_source":"cache","file_rep":0,"hti_rep":0,"url_rep":0,"cert_rep":[]},{"detection_source":"uwp","file_rep":0,"hti_rep":0,"url_rep":0,"cert_rep":[]},{"detection_source":"signature","file_rep":0,"hti_rep":50,"url_rep":0,"cert_rep":[]},{"detection_source":"trust-dat","file_rep":0,"hti_rep":50,"url_rep":0,"cert_rep":[]},{"detection_source":"hti","file_rep":2,"hti_rep":2,"url_rep":0,"cert_rep":[]},{"detection_source":"rp-s","file_rep":2,"hti_rep":2,"url_rep":0,"cert_rep":[]},{"detection_source":"av","file_rep":0,"hti_rep":50,"url_rep":0,"cert_rep":[]},{"detection_source":"neo","file_rep":0,"hti_rep":50,"url_rep":0,"cert_rep":[]}]}
   

复制代码

00006666

QaxVirusRemoval  SCAN: 18X

1. 病毒扫描日志
   
2. 
   
3. 程序版本: 2.3.1.4129
   
4. 系统名称: Windows 10 Enterprise
   
5. 系统版本: 10.0.19045
   
6. 主机名称:
   
7. IPv4 地址:
   
8. Mac 地址:
   
9. 域:
   
10. 开始时间: 2024-07-12 21:01:38
    
11. 扫描用时: 00:00:03
    
12. 扫描类型: 自定义扫描
    
13. 扫描引擎: QOWL - 本地引擎 QCE - 云引擎 QDE - AI引擎
    
14. 扫描项目数: 21
    
15. 发现安全威胁: 18
    
16. 已处理安全威胁: 18
    
17. 
    
18. -----------------------------------------------------------------------------------------
    
19. 威胁标识                        扫描引擎                        文件MD5                                清理结果                        文件路径
    
20. Trojan.GuLoader.a1ec8576        本地引擎        9441ee81236c508d5bef4a029f067e55        清理成功        C:\Users\Administrator\Desktop\Download\147e7953d3b54a9e8367d9e9670a4a182824f56cf30d35a315799a1953e5cdb1.vbs
    
21. Trojan.Agent.a6dbba80        本地引擎        7b5889dd0e754b146ff199e1555942f6        清理成功        C:\Users\Administrator\Desktop\Download\02072024_1624_02072024_NUMER FAKTURY PILNIE WYMAGANY 240702.vbs
    
22. Trojan.GuLoader.604d6fcc        本地引擎        c652927fa30836add56b1c767de19548        清理成功        C:\Users\Administrator\Desktop\Download\19c968f716107aea4fb7bf7fdeb9f8821b4aa1ea8593137a08322356c80460cd.vbs
    
23. Lnk.Win32.PowerShellHR.B        本地引擎        7e7b20e421442d74655685583b4036de        清理成功        C:\Users\Administrator\Desktop\Download\0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1.lnk
    
24. Trojan/Lnk.Win32.Dropper.A        本地引擎        e449e8239ec8d3910d2f81ed22ec762c        清理成功        C:\Users\Administrator\Desktop\Download\732a6bf2345e9cc40b9a6a1164dc2e823955cbc56a5d3750e675d1c4db7f7415.lnk
    
25. Trojan.GuLoader.e427257a        本地引擎        815a26732b8fb0b36d6cf93858def357        清理成功        C:\Users\Administrator\Desktop\Download\aa012e5b757959f95b14b9866f36c49335096a95b4f058ee9a85b6552a0e168d.vbs
    
26. QDE.V2.3.ECKTGXT6T.IL        云引擎        a4ea8865bd6dd79b043ecb17fb1d1a64        清理成功        C:\Users\Administrator\Desktop\Download\04.exe
    
27. QDE.V2.3.36SMJRIHLU.VX        云引擎        a3a55457b08e66b8246b3ab4f5afc5f8        清理成功        C:\Users\Administrator\Desktop\Download\CATALOGUE.exe
    
28. QDE.V2.3.ECKTGXT6O.FX        云引擎        a4ada4d174edbc7a29ab1989d365cb08        清理成功        C:\Users\Administrator\Desktop\Download\IT01879020517_uGIim_xml路pdf.exe
    
29. Trojan.Win32.Makoob.649        云引擎        d0600192505848cd995a4fd00409fd4d        清理成功        C:\Users\Administrator\Desktop\Download\doc20240712-00041.exe
    
30. Trojan.BAT.Agent.29bf        云引擎        a94e4dec22b09ea37e33fdfa3638e5de        清理成功        C:\Users\Administrator\Desktop\Download\Loader.bat
    
31. Trojan/MSIL.Win32.Taskun.667        云引擎        897eed97e49be61757f1a9a4297f669a        清理成功        C:\Users\Administrator\Desktop\Download\Purchase order(600010310,10303).exe
    
32. QDE.V2.3.ECKTGXT6T.IL        云引擎        68e0165684e6817fa57a9291a9430b63        清理成功        C:\Users\Administrator\Desktop\Download\PO#76215720223.exe
    
33. QDE.V2.3.36SMJRIHLU.VX        AI引擎        965690b2881041a12b0b63d8d68be854        清理成功        C:\Users\Administrator\Desktop\Download\inquiry for AP-103- FM-2400 project.exe
    
34. Backdoor.Win32.FBHZQ.A        本地引擎        8e9b751ecbb040e9893199329566c826        清理成功        C:\Users\Administrator\Desktop\Download\vNrcPvMYLZmn2cc.exe
    
35. QDE.V2.3.ECKTGXT6T.IL        云引擎        ba8f4e01db94f311b3ccf3ffa1374010        清理成功        C:\Users\Administrator\Desktop\Download\ss.exe
    
36. QDE.V2.3.76AEPADWP.1LP        AI引擎        cebdb3ab9bebdd5e76b39393289d41f8        清理成功        C:\Users\Administrator\Desktop\Download\QUOTATION_JULQTRA071244煤PDF.scr.exe
    
37. Trojan.PS.Encpe.0153        云引擎        85a84eff8bf73e4661824726438e21ee        清理成功        C:\Users\Administrator\Desktop\Download\update.ps1
    

复制代码

haol

Emsisoft found 10 threats.
Microsoft cloud found 21 threats.

hipoxiaxxx

FortiClient扫描KILL 6X

inquiry for AP-103- FM-2400 project.exe W64/AI.Pallas.Suspicious
剩余双击全MISS

心痛的伤不起

真娱乐pyas 2x

东南大学

CS解压杀7，扫描杀0，余14

1. 0040de802062e7a83c6f785781873e9c78ec3fe70b8a3c7c3274fdce08b6a6c1.lnk
   
2. 02072024_1624_02072024_NUMER FAKTURY PILNIE WYMAGANY 240702.vbs
   
3. 04.exe
   
4. 147e7953d3b54a9e8367d9e9670a4a182824f56cf30d35a315799a1953e5cdb1.vbs
   
5. 19c968f716107aea4fb7bf7fdeb9f8821b4aa1ea8593137a08322356c80460cd.vbs
   
6. 2c778d65ff3ddb44732faf2be85ca0205667be3d87ac14acc48675dca9439e97.dll
   
7. 732a6bf2345e9cc40b9a6a1164dc2e823955cbc56a5d3750e675d1c4db7f7415.lnk
   
8. aa012e5b757959f95b14b9866f36c49335096a95b4f058ee9a85b6552a0e168d.vbs
   
9. crosscheckrosefloweronhairbeauty.vbs
   
10. I-MY-5323785035-D03395124_20240711081006.vbs
    
11. Loader.bat
    
12. PO#76215720223.exe
    
13. ss.exe
    
14. update.ps1

复制代码

驭龙

诺顿V22，监控状态触发信誉杀的情况下，剩余样本5个，如果双击应该会拦截外连，但我实机就不作死了

GreatMOLA

驭龙 发表于 2024-7-13 00:14
诺顿V22，监控状态触发信誉杀的情况下，剩余样本5个，如果双击应该会拦截外连，但我实机就不作死了

实测SONAR杀2个，IPS拦1个。

真小读者

金山11X


剩余（话说为啥有的不显示修改日期呢

1. 扫描时间：[2024-07-13 09:48:11]
   
2. 扫描用时：[00:00:09]
   
3. 扫描类型：自定义查杀
   
4. 扫描文件总数：42
   
5. 扫描速度：4文件/秒
   
6. 发现威胁：11个
   
7. 清除威胁：11个
   
8. =============================================
   
9. [2024-07-13 09:48:11]
   
10. 威胁：D:\下载\infected2024071201\Download\04.exe
    
11. 类型：Win32.Trojan.Strab.lrf.(kcloud)
    
12. 处理方式：已删除
    
13. 
    
14. [2024-07-13 09:48:11]
    
15. 威胁：D:\下载\infected2024071201\Download\doc20240712-00041.exe
    
16. 类型：Win32.Trojan.Makoob.gen.(kcloud)
    
17. 处理方式：已删除
    
18. 
    
19. [2024-07-13 09:48:11]
    
20. 威胁：D:\下载\infected2024071201\Download\IT01879020517_uGIim_xml路pdf.exe
    
21. 类型：Win32.Trojan.Makoob.gen.(kcloud)
    
22. 处理方式：已删除
    
23. 
    
24. [2024-07-13 09:48:11]
    
25. 威胁：D:\下载\infected2024071201\Download\2c778d65ff3ddb44732faf2be85ca0205667be3d87ac14acc48675dca9439e97.dll
    
26. 类型：Win64.Trojan-Dropper.Agent.all.(kcloud)
    
27. 处理方式：已删除
    
28. 
    
29. [2024-07-13 09:48:11]
    
30. 威胁：D:\下载\infected2024071201\Download\CATALOGUE.exe
    
31. 类型：MSIL.Trojan-Spy.Stealer.gen.(kcloud)
    
32. 处理方式：已删除
    
33. 
    
34. [2024-07-13 09:48:11]
    
35. 威胁：D:\下载\infected2024071201\Download\inquiry for AP-103- FM-2400 project.exe
    
36. 类型：MSIL.Trojan-PSW.Stealer.gen.(kcloud)
    
37. 处理方式：已删除
    
38. 
    
39. [2024-07-13 09:48:11]
    
40. 威胁：D:\下载\infected2024071201\Download\PO#76215720223.exe
    
41. 类型：Win32.Trojan.Strab.lre.(kcloud)
    
42. 处理方式：已删除
    
43. 
    
44. [2024-07-13 09:48:11]
    
45. 威胁：D:\下载\infected2024071201\Download\Purchase order(600010310,10303).exe
    
46. 类型：MSIL.Backdoor.Remcos.gen.(kcloud)
    
47. 处理方式：已删除
    
48. 
    
49. [2024-07-13 09:48:11]
    
50. 威胁：D:\下载\infected2024071201\Download\QUOTATION_JULQTRA071244煤PDF.scr.exe
    
51. 类型：MSIL.Trojan-PSW.Agensla.gen.(kcloud)
    
52. 处理方式：已删除
    
53. 
    
54. [2024-07-13 09:48:11]
    
55. 威胁：D:\下载\infected2024071201\Download\ss.exe
    
56. 类型：Win32.Trojan.Strab.lrh.(kcloud)
    
57. 处理方式：已删除
    
58. 
    
59. [2024-07-13 09:48:11]
    
60. 威胁：D:\下载\infected2024071201\Download\vNrcPvMYLZmn2cc.exe
    
61. 类型：MSIL.Trojan-PSW.Agensla.gen.(kcloud)
    
62. 处理方式：已删除
    

复制代码