银狐衍生物

显示全部楼层 · 发表于 2024-9-17 15:35:52

Avira暂时杀一个DLL，没有杀SYS

[2024-09-17 15:27:53.099] [info] [OndemandScan] [thread id: 7092] Ondemand version: 1.0.2409.1701
[2024-09-17 15:27:53.133] [info] [OndemandScan] [thread id: 7092] Ondemand rdf version: 1.0.2409.1701
[2024-09-17 15:27:57.652] [info] [RealTimeProtection] [thread id: 4028] [Mitigation] Host file needed no mitigation.
[2024-09-17 15:27:57.818] [info] [OndemandScan] [thread id: 7092] Scan of paths {E:\vir\银狐衍生物\新建文件夹\WPiTpU.exe;E:\vir\银狐衍生物\新建文件夹\1.gif;E:\vir\银狐衍生物\新建文件夹\2.jpg;E:\vir\银狐衍生物\新建文件夹\hccutils.dll;E:\vir\银狐衍生物\新建文件夹\TTruespanl.sys} started.
[2024-09-17 15:28:03.804] [info] [Core] [thread id: 5520] [CoreLoader] loading core sdk plugin C:\Program Files\Avira\Endpoint Protection SDK\coresdk\apcscanner2.dll
[2024-09-17 15:28:10.432] [info] [RealTimeProtection] [thread id: 3316] [Mitigation] Host file needed no mitigation.
[2024-09-17 15:28:14.753] [warning] [EndpointProtection] [thread id: 7224] OnDemandScan is still running, update request is ignored.
[2024-09-17 15:28:14.904] [info] [EndpointProtection] [thread id: 7224] UpdateScoped - started
[2024-09-17 15:28:15.117] [info] [Core] [thread id: 5520] [CoreLoader] Plugin C:\Program Files\Avira\Endpoint Protection SDK\coresdk\apcscanner2.dll license status: enabled
[2024-09-17 15:28:16.563] [info] [Core] [thread id: 5520] [ProtectionCloud] [apcsdk] Memory cache was successfully loaded from file 'C:\Program Files\Avira\Endpoint Protection SDK\coresdk\temp-epp\avcp_apc2_cache.dat' (4 items)
[2024-09-17 15:28:16.563] [info] [Core] [thread id: 5520] [ProtectionCloud] [apcsdk] Setting the proxy server '' with the certificate path ''
[2024-09-17 15:28:19.007] [info] [BaseScan] [thread id: 4828] [ProtectionCloud] The file '\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll' was unknown in the Protection Cloud. SHA256: '581e8f8948e5a143f4c470cd7fc680926491486f9fd74cd1709f811ed8bd91f6' Requestor: 'OnDemandScan' Flags: '{Upload needed}' Status: successful
[2024-09-17 15:28:19.031] [info] [BaseScan] [thread id: 5520] [ProtectionCloud] The file '\\?\E:\vir\银狐衍生物\新建文件夹\TTruespanl.sys' was scanned with the Protection Cloud. SHA256: '2076e52665e419bb4001119a08c5cee2cb8931e534b2fa92a01112866ec0bd5a' Requestor: 'OnDemandScan' Flags: '' Status: successful
[2024-09-17 15:28:22.704] [info] [Core] [thread id: 4828] [ProtectionCloud] Starting upload of file 'E:\vir\银狐衍生物\新建文件夹\hccutils.dll'
[2024-09-17 15:28:36.386] [info] [Core] [thread id: 4828] [ProtectionCloud] Upload of file 'E:\vir\银狐衍生物\新建文件夹\hccutils.dll' was successful
[2024-09-17 15:28:44.848] [info] [BaseScan] [thread id: 4828] [ProtectionCloud] The file '\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll' has been uploaded to the Protection Cloud and analyzed. SHA256: '581e8f8948e5a143f4c470cd7fc680926491486f9fd74cd1709f811ed8bd91f6' Requestor: 'OnDemandScan' Flags: '{Detected}{Upload done}' Status: successful
[2024-09-17 15:28:44.848] [info] [BaseScan] [thread id: 4828] [ProtectionCloud] The file '\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll' was scanned with the Protection Cloud. SHA256: '581e8f8948e5a143f4c470cd7fc680926491486f9fd74cd1709f811ed8bd91f6' Requestor: 'OnDemandScan' Flags: '{Detected}{Upload done}' Status: successful
[2024-09-17 15:28:44.865] [info] [BaseScan] [thread id: 4828] [ProtectionCloud] Detection by Protection Cloud: '{HEUR/APC} File: '\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll' SHA256:'581e8f8948e5a143f4c470cd7fc680926491486f9fd74cd1709f811ed8bd91f6'
[2024-09-17 15:28:44.866] [info] [Core] [thread id: 4828] [CoreLoader] loading core sdk plugin C:\Program Files\Avira\Endpoint Protection SDK\coresdk\afpcchecker.dll
[2024-09-17 15:28:45.174] [info] [Core] [thread id: 4828] [CoreLoader] Plugin C:\Program Files\Avira\Endpoint Protection SDK\coresdk\afpcchecker.dll license status: enabled
[2024-09-17 15:28:46.088] [info] [BaseScan] [thread id: 4828] [FalsePositiveCloud] The file '\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll' has been checked with the false positive checker. Is false positive: false SHA256:'581e8f8948e5a143f4c470cd7fc680926491486f9fd74cd1709f811ed8bd91f6' Status: successful
[2024-09-17 15:28:46.088] [warning] [BaseScan] [thread id: 4828] [Detection] The file '\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll' was detected. Detection name: HEUR/APC
[2024-09-17 15:28:46.256] [warning] [OndemandScan] [thread id: 4828] [Detection] Identified: 'HEUR/APC'. File: '\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll'
[2024-09-17 15:28:47.178] [info] [Remediation] [thread id: 3932] remediation.rdf version: 1.0.2409.1609
[2024-09-17 15:28:47.681] [info] [Remediation] [thread id: 3932] Remediation of Generic started.
[2024-09-17 15:28:47.924] [info] [RealTimeProtection] [thread id: 3932] [Configuration] Add Acl: 1 : \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs
[2024-09-17 15:28:47.925] [info] [RealTimeProtection] [thread id: 3932] [Configuration] Add Acl: 1 : \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs
[2024-09-17 15:28:47.925] [info] [RealTimeProtection] [thread id: 3932] [Configuration] Add Acl: 1 : \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows : LoadAppInit_DLLs
[2024-09-17 15:28:47.925] [info] [RealTimeProtection] [thread id: 3932] [Configuration] Add Acl: 1 : \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows : LoadAppInit_DLLs
[2024-09-17 15:28:52.196] [info] [Remediation] [thread id: 3932] Remediation of Generic finished successfully.
[2024-09-17 15:28:52.205] [info] [EndpointProtection] [thread id: 3932] Create new file operations context from filepath
[2024-09-17 15:28:52.206] [info] [EndpointProtection] [thread id: 3932] Successfully created the file operations context from path: '\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll'
[2024-09-17 15:28:52.209] [info] [Remediation] [thread id: 3932] Remediation of HEUR/APC started.
[2024-09-17 15:28:52.275] [info] [RealTimeProtection] [thread id: 3932] [Configuration] Add Acl: 2 : e:\vir\银狐衍生物\新建文件夹\hccutils.dll :
[2024-09-17 15:28:52.986] [info] [Quarantine] [thread id: 3932] File with original location [\\?\E:\vir\银狐衍生物\新建文件夹\hccutils.dll] was copied to quarantined file [C:\ProgramData\Avira\Endpoint Protection SDK\quarantine\8d6ace6b.qua]
[2024-09-17 15:28:58.653] [info] [Remediation] [thread id: 3932] Remediation of HEUR/APC finished successfully.
[2024-09-17 15:28:58.705] [info] [EndpointProtection] [thread id: 3932] [OnDemandSummary] Total amount of files to be scanned: 5
[2024-09-17 15:28:58.705] [info] [EndpointProtection] [thread id: 3932] [OnDemandSummary] Scanned files: 5
[2024-09-17 15:28:58.705] [info] [EndpointProtection] [thread id: 3932] [OnDemandSummary] Detected files: 1
[2024-09-17 15:28:58.706] [info] [EndpointProtection] [thread id: 3932] [OnDemandSummary] Successful remediation: 1
[2024-09-17 15:28:58.706] [info] [EndpointProtection] [thread id: 3932] [OnDemandSummary] Scan end status: 2
[2024-09-17 15:28:58.727] [info] [OndemandScan] [thread id: 3932] Scan of paths {E:\vir\银狐衍生物\新建文件夹\WPiTpU.exe;E:\vir\银狐衍生物\新建文件夹\1.gif;E:\vir\银狐衍生物\新建文件夹\2.jpg;E:\vir\银狐衍生物\新建文件夹\hccutils.dll;E:\vir\银狐衍生物\新建文件夹\TTruespanl.sys} finished in 60888 milliseconds.
[2024-09-17 15:28:58.727] [info] [OndemandScan] [thread id: 3932] Total amount of files to be scanned: 5. Scanned files: 5. Clean files: 4. Excluded files: 0. Detected files: 1. Repaired files: 0. Successful remediation: 1. Failed remediation: 0. Error scan files: 0
[2024-09-17 15:28:58.737] [info] [BaseScan] [thread id: 7092] [ProtectionCloud] Cloud scan cancelled.
[2024-09-17 15:28:58.737] [info] [BaseScan] [thread id: 5520] [ProtectionCloud] Cloud scan cancelled.
[2024-09-17 15:28:58.737] [info] [BaseScan] [thread id: 4828] [ProtectionCloud] Cloud scan cancelled.

显示全部楼层 · 发表于 2024-9-17 15:56:45

驭龙发表于 2024-9-17 15:35
Avira暂时杀一个DLL，没有杀SYS

WD

显示全部楼层 · 发表于 2024-9-17 17:13:52

莒县小哥发表于 2024-9-17 15:56
WD

笑死我了，看看打包发给MDB的结果
Researcher comment
The submitted files do not meet our criteria for malware or potentially unwanted applications. No detection will be added for these files. More detailed information about the approach and criteria categories currently used by the Microsoft researchers are available here: https://docs.microsoft.com/windo ... telligence/criteria Thank you for contacting Microsoft.

显示全部楼层 · 发表于 2024-9-17 22:21:36

腾讯电脑管家

显示全部楼层 · 发表于 2024-9-17 22:44:49

显示全部楼层 · 发表于 2024-9-18 09:36:23

显示全部楼层 · 发表于 2024-9-18 22:28:02

驭龙发表于 2024-9-17 17:13
笑死我了，看看打包发给MDB的结果
Researcher comment
The submitted files do not meet our criteria ...

乐，我再上报一次

显示全部楼层 · 发表于 2024-9-18 22:28:48

微软目前结果为：
TTruespanl.sys>易受攻击的驱动程序
hccutils.dll>Trojan:Win32/Wacatac.B!ml

显示全部楼层 · 发表于 2024-9-18 22:32:50

驭龙发表于 2024-9-17 17:13
笑死我了，看看打包发给MDB的结果
Researcher comment
The submitted files do not meet our criteria ...

wd有点幽默了

显示全部楼层 · 发表于 2024-9-18 22:37:35

QVM360 发表于 2024-9-18 22:32
wd有点幽默了

我都没敢上报说malware，填写的是PUA，结果还是这样好笑

[病毒样本] 银狐衍生物

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

评分