【开放测试】卡饭病毒样本包 20240729 第151期

QVM360

警告：

       本主题中所包含的任何文件和附件都有危害你的计算机的可能，并且没有安全软件可以100%防护这些样本。
       请在虚拟机中测试样本。对于下载样本、附件以及点击链接所导致的任何数据泄露、破坏，以及所产生的任何损失，本人和卡饭论坛不负任何责任。

样本下载：
https://mc163.lanzoue.com/i0E3625w3nij
SHA256:7EFF90C25C0E7E1C310AF35FF8D91DF25FD55B9169DF448E2F415B4D2EC3099F
压缩包密码：infected

如果样本中包含.ps1文件(Powershell脚本)，则需要手动打开cmd.exe输入以下指令允许运行ps1脚本:

Powershell.exe Set-ExecutionPolicy Bypass

奖励/惩罚规则：
奖励规则：
1、参加完整扫描测试并提供未检测的样本名，+5经验
2、上传扫描日志 (在 (1) 的前提下)，+5经验。
3、上传双击结果，+15经验。
4、测试多款安全软件的，奖励累加。
惩罚规则：
1、占楼后2小时内未能给出测试结果的，视为灌水，按照论坛规定处理
2、其他违规行为，按照论坛相关规定处理。

注意：扫描/双击日志请以附件形式（压缩包）或图片上传，也可以 以1号字体放在回复中。         
          对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。

当前测试阶段：开放测试

----------------------------------------------------
往期测试样本包下载：
https://mc163.lanzoue.com/b0edaxo1g
密码:GkNO64bFD5bf

莒县小哥

WD杀44枚

Shake2333

BD扫描34X


McAfee扫描42X+双击1X

DisaPDB

360 初扫39x

二扫3x
双击

合计44/45.

PYAS_Security

PYAS V3.1.5 启发查杀测试

默认设置 Kill 10x
引擎全开 Kill 20x

PYAS 深度学习引擎测试

默认设置 Kill 38x

xmt12

自制 34x

biue

腾讯电脑管家 43X
剩余
911a322297f8fcd094434e0715e276e85adb150454cd36588841cbd77fb7c89d.exe
93ae43c7147c28dcbca2f9bad423d22224b6acf746e19e40891f860e1f42c504.exe



fsp 43X
剩余
924f953de2ee0ba094a76e5001b8f445d5e80f37e1fa6c5943a13b971f63b0fb.doc
911a322297f8fcd094434e0715e276e85adb150454cd36588841cbd77fb7c89d.exe

ANY.LNK

微软清空

1. 2024-07-29T09:01:09.123Z Version: Product 4.18.24060.7 Service 4.18.24060.7 Engine 1.1.24060.5 AS 1.415.378.0 AV 1.415.378.0
   
2. 2024-07-29T10:51:59.262Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\07a89eff230f0a111d2609d1a5281512c5b4ec5f215415c04304ad605a484541.exe
   
3. 2024-07-29T10:52:00.549Z DETECTION Trojan:Script/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\015a04303ee4a925095311e60593fa100951986713324c118d067684d6dd5787.lnk
   
4. 2024-07-29T10:52:00.592Z DETECTION Trojan:Win32/AgentTesla.KHGM file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\103f4d06040d2969d8bab013101432b632b6c472263c10b214a1c235d2c24901.exe
   
5. 2024-07-29T10:52:01.092Z DETECTION Backdoor:MSIL/DCRat!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\13b6effdaeff58f2ec36b3d353c6d7da8a3294e0f3486de26b5832c63bca91a7.exe
   
6. 2024-07-29T10:52:01.181Z DETECTION Trojan:Win32/GuLoader.KJHM file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\115a1dd2eebc9c6d6407faee5afa7cf6ba02fbaafbd99612ea14e96ea399e860.exe
   
7. 2024-07-29T10:52:01.980Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\15299cddb4e03bc2bbc2e2c057c1abf3ab063a5839e7fc933939797aa5c38fb5.exe
   
8. 2024-07-29T10:52:02.097Z DETECTION Trojan:MSIL/SnakeLogger.ASI!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\38ab1533c224b90043299dc9b2a42bf456d0521de6d89a8eeb44336771943c3f.exe
   
9. 2024-07-29T10:52:02.621Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\160ce30c3733a5d4fb1647d727a0a90147f795779d5b5ae153890adf7c515588.exe
   
10. 2024-07-29T10:52:02.956Z DETECTION Backdoor:MSIL/DCRat!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\47159fe5dc5b2812344f7ec698e318cef30ec35f4425fd386ee8a7856cdaa646.exe
    
11. 2024-07-29T10:52:03.087Z DETECTION Trojan:MSIL/SnakeLogger.ASI!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\5390645d905bb685705fd00b242961c6b59ec0dd22073e20f4036d15b6eb613e.exe
    
12. 2024-07-29T10:52:03.598Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\4da3bff89fc796886ca615a29a2595c4109f86fff2a9e699ea1036195719cb3b.exe
    
13. 2024-07-29T10:52:04.700Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\191272e200345dcb0a7a8c8c975a8b07847f07b9d9f0c3af472fdb88092aee0b.exe
    
14. 2024-07-29T10:52:04.882Z DETECTION Trojan:MSIL/AsyncRAT.S!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\546c2ba68b57f679a7004f438b1822d90a8adddf681d99858cb7140f29b77a2f.exe
    
15. 2024-07-29T10:52:04.912Z DETECTION Trojan:MSIL/RedLine.RDEZ!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\67a73e526c7ac4e1eca31c3de759c45574678f53f452d0261f6c11ba8dfd16f8.exe
    
16. 2024-07-29T10:52:05.041Z DETECTION Backdoor:MSIL/AsyncRat.AD!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\70c6d555938fdc95c03f98a7a3a37b607d1dce623663479082c5b9514caa04fd.exe
    
17. 2024-07-29T10:52:08.988Z DETECTION Trojan:MSIL/Redline.MG!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\6985ec7f67fabd26633c991be04ce5f899224a56bb078ba186b4be21f9e4714d.exe
    
18. 2024-07-29T10:52:12.174Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\27c6f92ce148b9ea03ca564c57474665b02a1f2e266f0175a548de7a90fd08bf.exe
    
19. 2024-07-29T10:52:12.948Z DETECTION Trojan:Win32/AgentTesla.SKAV file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\29b58398a3f8919e2f48727df6044f4adf4b786278c86842464768b5e712a984.exe
    
20. 2024-07-29T10:52:19.954Z DETECTION Ransom:Win32/CyberVolk.PA!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\102276ae1f518745695fe8f291bf6e69856b91723244881561bb1a2338d54b12.exe
    
21. 2024-07-29T10:52:20.903Z DETECTION Trojan:Win32/HeavensGate.RPY!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\0a99030a240947af81b26659ab5d740920b5caac8dee8cd415c1bc14ca410f8a.exe
    
22. 2024-07-29T10:52:21.791Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\8636f8c4fe1fe4859a3feec23a0cecf12391ddbffbb3d2bec5efe8f3aaac74b3.exe
    
23. 2024-07-29T10:52:22.207Z DETECTION Trojan:Win32/FormBook.NF!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\86d535d54ed2e30a80ddc2c530c330d8898ded55ad6ba35310f14c3f23a19a0d.exe
    
24. 2024-07-29T10:52:23.035Z DETECTION Trojan:Win32/Formbook!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\7fa9b053816bd3c505b2f57b3d804522a627f613746dda7161479c08205d0fac.exe
    
25. 2024-07-29T10:52:23.471Z DETECTION Trojan:MSIL/DCRat.MA!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\92e0f273870ba2a539d80cfc3eb811463d19aa255ba282a59846cbe842bacbe4.exe
    
26. 2024-07-29T10:52:24.193Z DETECTION Program:Win32/Wacapew.C!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\911a322297f8fcd094434e0715e276e85adb150454cd36588841cbd77fb7c89d.exe
    
27. 2024-07-29T10:52:24.656Z DETECTION Trojan:O97M/Sadoca.C!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\924f953de2ee0ba094a76e5001b8f445d5e80f37e1fa6c5943a13b971f63b0fb.doc
    
28. 2024-07-29T10:52:25.583Z DETECTION Trojan:Win32/Strab.NJ!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\5a6f48061ceebc2c6862669061b00b2f624199b62eea18764563689e91c6f1e0.exe
    
29. 2024-07-29T10:52:25.661Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\b6cd2923b2592b7a5f6fbeb01c61a851a471db6a76ed3e67156c31ee9dc38aa5.exe
    
30. 2024-07-29T10:52:26.271Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\93ae43c7147c28dcbca2f9bad423d22224b6acf746e19e40891f860e1f42c504.exe
    
31. 2024-07-29T10:52:26.360Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\c20046a5e5da38647ee18263ac2cbe72a6312d3cb53a9e38c9a11f187d6e4bd0.exe
    
32. 2024-07-29T10:52:30.356Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\52d5c762af537da5608ae0f3d41a2333b67ded34eec044ef1bf2fb55ef64a346.exe
    
33. 2024-07-29T10:52:30.967Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\9ef975e93768f270dfb2923e1848ac26d98789ffdf4fb7f9785e2a4260a32cdb.exe
    
34. 2024-07-29T10:52:31.140Z DETECTION Trojan:MSIL/PureLogStealer.RNAA!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\d20a7cebff22eea0ab3b252f0b63373e007bf863ac9df929db61c5f7622c3fbf.exe
    
35. 2024-07-29T10:52:33.314Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\876afb8f4ec6fb2b57baed79f49acee5ee47fb1cc47dd0ad3091f8b244cc77e8.exe
    
36. 2024-07-29T10:52:33.747Z DETECTION Backdoor:Win64/CobaltStrike!pz file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\e129ee72f0bd796d7cee6b721cae70ed540e178a49607af64947e2329aa76bae.exe
    
37. 2024-07-29T10:52:35.163Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\c7098b1b6f81bbae1f65c0b81b536130bd1535f76cc275d19c457901d70a2b7b.exe
    
38. 2024-07-29T10:52:35.259Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\f6acb83ac599ec60d6820c081521a00e3701e7191c8ff2772c3682196a28e531.exe
    
39. 2024-07-29T10:52:36.867Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\d34897490f4867f62272bf35bbf133e839eec660a01a94159860fcf6921f4f97.exe
    
40. 2024-07-29T10:52:37.668Z DETECTION Trojan:Win32/Strab.NJ!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\bc7552a14462b18607de035f754f15abe5c0d141a20bcb8353d85bae3d810c00.exe
    
41. 2024-07-29T10:52:40.374Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\cac0b5218693311e4bd40e0dfa76a0f080876640a4c992324c6926d70f228db2.exe
    
42. 2024-07-29T10:52:42.700Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\fd8aed52f0a913f9d59e2f1116da4ce8c8d35d95e631b11972aba80933160923.exe
    
43. 2024-07-29T10:52:49.169Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\9b49b86c88117138c7dbf0b1ffdcf2ec3d193ffdb44cdbdd96c2899d260dfffb.exe
    
44. 2024-07-29T10:52:56.158Z DETECTION Backdoor:Win32/Remcos.GA!MTB file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\fdb4361702ff1a7dbab2ad1a6251f3e74d608e47e8090e074e9e3b091bf18fac.exe
    
45. 2024-07-29T10:53:00.493Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\da2ff4dcc816f9cf370622ab8143a11bedf02c20c7b40a357ca469b3a51b5623.exe
    
46. 2024-07-29T10:53:12.802Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\45x (2024-07-29)\1\71e5f01d2d760b202d6fc19ddc4256c384a08be1ea49e552b7a5cf96c1241d25.exe
    

复制代码

金山毒霸第一次扫描共查出62个

其中：

金山毒霸下载拦截25个


扫描查杀37个


剩余7个

文件剩余实际显示8个，因为包含一个被病毒感染修复后的文档

二扫（离第一次扫描结束五分钟后）剩余样本无反应，剩余样本已打包反馈

御坂14857号

智量 扫描（解压）杀 27x，双击测试拦截14x
共kill 41x，miss 4x
（注：双击拦截中有勒索病毒样本，文件未被加密）