【开放测试】卡饭病毒样本包 20241104 第184期

显示全部楼层 · 发表于 2024-11-4 16:06:21

本帖最后由 QVM360 于 2024-11-5 18:18 编辑

警告：

本主题帖中所包含的任何文件和附件都有危害你的计算机的可能，并且没有安全软件可以100%防护这些样本。样本仅供测试、交流和学习，禁止用于任何非法用途。
请在虚拟机中测试样本。对于下载样本、附件以及点击链接所导致的任何数据泄露、破坏，以及所产生的任何损失，本人和卡饭论坛不负任何责任。

样本下载: https://pan.huang1111.cn/s/gg2QPfQ https://t.wss.pet/f/fhlcp20jvxp https://wwzq.lanzouq.com/iKGDF2e8iytg
https://homeserver.iepose.cn/dow ... 3F4143ECD8FA1C3.zip

sha256:

游客，如果您要查看本帖隐藏内容请回复

压缩包密码：infected

如果样本中包含.ps1文件(Powershell脚本)，则需要手动打开cmd.exe输入以下指令允许运行ps1脚本:

Powershell.exe Set-ExecutionPolicy Bypass

奖励/惩罚规则：
正式测试期间的奖励规则：
1、参加完整扫描测试，+5经验
2、上传相关截图（不再需要提供扫描日志），+5经验。
3、上传双击结果（必须带图或日志），+10~30经验。
4、测试多款安全软件的，奖励累加。
5、每期样本包会在正式测试期间评选最佳测试贴，只评选1贴，加80经验。
   被评选次数达到5次可PM我领取1魅力奖励。长期测试样本，也有魅力奖励。
惩罚规则：
1、占楼后2小时内未能给出测试结果的，视为灌水，按照论坛规定处理
2、其他违规行为，按照论坛相关规定处理。

注意：扫描/双击日志请以附件形式（压缩包）或图片上传，也可以以1号字体放在回复中。
      对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。
当前测试阶段：开放测试

显示全部楼层 · 发表于 2024-11-4 16:07:59

本帖最后由 ongarabazanade 于 2024-11-4 22:42 编辑

Avast扫描+双击31X剩余3X

显示全部楼层 · 发表于 2024-11-4 16:17:19

本帖最后由 1073328164 于 2024-11-4 16:35 编辑

迈克菲扫描 kill 31x

miss以下

KVRT kill 24x

miss 以下

发opentip后只miss 5726ebbe448fcda8688f3a817d9ed8fcfe798780107e54c6bfdf13811ec41193.exe和f5101032fb19d96a6a332e53f1e8c9ffc97ab20afeaa6692666db6522d708bbe.msi，已反馈

显示全部楼层 · 发表于 2024-11-4 16:18:32

本帖最后由 Nocria 于 2024-11-4 22:50 编辑

IKARUS - 26/34

[04.11.2024 22:46:54] On-demand scan started: "TemporaryScan"
[04.11.2024 22:46:54] Found, 0.00s, SigName: "Trojan.VBS.GuLoader", SigId: 515989968, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\2cf7c281f3da8e7704ec351412a1af85bbca64c49660caac152397987026576d.vbs"
[04.11.2024 22:46:54] Found, 0.01s, SigName: "Gen.MSIL.Lagos", SigId: 515985738, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\32aaddf41bbed77709a5db74ed8a62e179f65486945cfb20ccaa6023686a6871.exe"
[04.11.2024 22:46:54] Found, 0.04s, SigName: "Trojan.Win32.Themida", SigId: 515985868, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\2cca0a25397124db83b5c1622eb3891cabecaac96deceae02594fed3f9a1e7d4.exe"
[04.11.2024 22:46:54] Found, 0.04s, SigName: "Trojan-Ransom.BitMan", SigId: 5491345, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\3422698cf8d3e2f47d7fb9b06417fef348012f15f0cde1d5b8a22e23699962dc.exe"
[04.11.2024 22:46:54] Found, 0.04s, SigName: "Trojan.Win32.Autoit", SigId: 515986644, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\3dc6990e18b607ddc615c4c97ab730f1afb2c5a685035311cea069b2730f187a.exe"
[04.11.2024 22:46:55] Found, 0.15s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\3354a62a460c0022e55d548c877c3de59b00f942acdb3512a0803cf4f4a11525.exe"
[04.11.2024 22:46:55] Found, 0.02s, SigName: "Trojan-Downloader.PS.Agent", SigId: 515841106, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\4a63c47b66ecf036f43e1063db9bf4265f056aa65452a3aafb1ead9380beb5ce.lnk"
[04.11.2024 22:46:55] Found, 0.01s, SigName: "Trojan.VBS.Agent", SigId: 5621892, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\4e89b2370b3b6d0f3a291c41ad01427fcbd928d4e4fcbd697adbfef005be340a.vbs"
[04.11.2024 22:46:55] Found, 0.09s, SigName: "Trojan.Win32.Themida", SigId: 515986646, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\47ce6c887771d5cf0511a4dc56c92a4dcf1a9bd36fb135e934a79a7a19f8d205.exe"
[04.11.2024 22:46:55] Found, 0.02s, SigName: "Trojan.Crypt", SigId: 4861684, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\6034da5194443b7ec48e33efe5269dbacb0a3e0921d4b1038b8a2e5f4d8b927fN.exe"
[04.11.2024 22:46:55] Found, 0.02s, SigName: "Trojan.Win32.AutoitInject", SigId: 515985742, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\8ee137a7c9d2a0a3f2ca8d20c607251393bb5f6ab5370a5ece3ee7b4711d0606.exe"
[04.11.2024 22:46:55] Found, 0.03s, SigName: "Virus.Win32.Sality", SigId: 3265422, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\9311d4738f0a47e15631253cd664a364330858ed885a95f5083e28cbf5066959N.exe"
[04.11.2024 22:46:55] Found, 0.02s, SigName: "Trojan.Autoit", SigId: 515983299, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\999793a77939720fd339a4a06bfb8af07523f433009b1895b8dec743d4026008.exe"
[04.11.2024 22:46:55] Found, 0.34s, SigName: "Trojan.Win32.Crypt", SigId: 5474015, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\2a224a457817440e088360685b4f43a2.exe"
[04.11.2024 22:46:55] Found, 0.12s, SigName: "Trojan.SuspectCRC", SigId: 515784174, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\a7d359a9654ff1ec52a55fd1b675eeea3e6f319fb0a962d2a10239439f174be8N.exe"
[04.11.2024 22:46:55] Found, 0.02s, SigName: "Trojan.MSIL.Inject", SigId: 515973613, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\b4809d12158679aa7f01db86c54fa984305c8521a499b405ee130c5d91ed6540.exe"
[04.11.2024 22:46:55] Found, 0.19s, SigName: "Trojan.PS.Agent", SigId: 5622892, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\9f70762284a7775f68d953b58cc09a732d425f41a2f1b15e5740b28dd9973fa3.hta"
[04.11.2024 22:46:55] Found, 0.04s, SigName: "Trojan-Downloader.VBS.Agent", SigId: 515944690, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\d5d4fab81408eb3fcceeaebae060cc5d1d275139c52f17659998325fd5b7a76b.vbs"
[04.11.2024 22:46:55] Found, 0.01s, SigName: "Trojan-Downloader.PS.Agent", SigId: 515827821, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\d8793d615bea39c6273872800b4a3514e55a51231a2a8e6b81ba5a88dc81d613.lnk"
[04.11.2024 22:46:59] Found, 4.73s, SigName: "Trojan.Win64.Pyinstaller", SigId: 5609694, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\5726ebbe448fcda8688f3a817d9ed8fcfe798780107e54c6bfdf13811ec41193.exe"
[04.11.2024 22:46:59] Found, 4.62s, SigName: "Trojan.Win32.Crypt", SigId: 5474015, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\e3ee5e8df55aaa874cb1cf285b1e7db4951d92e38d2afda75daf7b8fd46643a0.exe"
[04.11.2024 22:46:59] Found, 0.16s, SigName: "Trojan.SuspectCRC", SigId: 515881904, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\e8dcd706f41cb2bffff4621bb30a5febce1cdc6ad3825a62f535b9af1cf50d56.exe"
[04.11.2024 22:46:59] Found, 0.03s, SigName: "Trojan.Win32.AutoitInject", SigId: 515985741, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\ed676ea7909a8f07a74920987dcbc4d861e9d8704849828c4a733eb6733d8975.exe"
[04.11.2024 22:46:59] Found, 0.04s, SigName: "GT.VB.Downloader", SigId: 5564224, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\f5101032fb19d96a6a332e53f1e8c9ffc97ab20afeaa6692666db6522d708bbe.msi"
[04.11.2024 22:46:59] Found, 0.02s, SigName: "Exploit.CVE-2017-11882", SigId: 4317801, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\ff221c26a6ad233a179ede24b8156649e2e4338af867571943a2f114650bffa2.doc"
[04.11.2024 22:47:03] Found, 8.18s, SigName: "Trojan.Spy.Agent", SigId: 514965151, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241104\dca94ef6bd0c8b234268eae00a0711399e44e16eecdfdacaa9cbe9e91150024b.exe"
[04.11.2024 22:47:11] On-demand scan FINISHED: "TemporaryScan"
[04.11.2024 22:47:11] ----------------------------------------------------
[04.11.2024 22:47:11] Directories scanned: 1
[04.11.2024 22:47:11] Files scanned: 67
[04.11.2024 22:47:11] Virus found: 26
[04.11.2024 22:47:11] ----------------------------------------------------

复制代码

———————————————

VIPRE - (17+8)/34

———————————————

G DATA - (24+1)/34

显示全部楼层 · 发表于 2024-11-4 16:30:46

本帖最后由 ninjagaocc 于 2024-11-4 16:56 编辑

卡巴斯基免费版
右键扫描(剩余10x)

显示全部楼层 · 发表于 2024-11-4 16:36:14

本帖最后由 tony099 于 2024-11-4 16:40 编辑

火绒 30x

显示全部楼层 · 发表于 2024-11-4 16:51:56

本帖最后由 Fadouse 于 2024-11-4 17:08 编辑

S1 + DI / Elastic
S1 + DI All(排除2x 双击自退)

静态 Miss 11x

双击 9f70762284a7775f68d953b58cc09a732d425f41a2f1b15e5740b28dd9973fa3.hta -> DI拦截
双击 ba89646f6eb6932bf276be6cf18c4016b77125d92b4b267803aa772343450a05.vbe -> DI拦截
双击 0bf7c4713620f1c36fd682cfbc84c20664cde9ae5731ffee6ad57dbd711dc237.vbs -> DI拦截
双击 2cf7c281f3da8e7704ec351412a1af85bbca64c49660caac152397987026576d.vbs -> DI拦截
双击 3e3da0990a7a0ec7287bede75ea413d4beb4c0d0dc5fcd04ae37ee1129f6b46d.vbs -> DI拦截
双击 4e89b2370b3b6d0f3a291c41ad01427fcbd928d4e4fcbd697adbfef005be340a.vbs -> DI拦截
双击 d5d4fab81408eb3fcceeaebae060cc5d1d275139c52f17659998325fd5b7a76b.vbs -> DI拦截
双击 d7d87050073e14ea054e3d2bf7f7b7335a30af2d640b7b9baf87b175a64a4cf2.vbs -> DI拦截
双击 f592c9039e109241cbfd30ae6b0ec2c1098b10ca1dfa80eb427edea6564265f5.vbs -> DI拦截

Microsfot 365 双击 421895be443167f773741e1681d27ba2052fbef90d4def330cadb3206dbd651c.xlsx -> 崩溃自退
双击 f5101032fb19d96a6a332e53f1e8c9ffc97ab20afeaa6692666db6522d708bbe.msi -> 崩溃自退
Elastic测到一半虚拟机被样本干崩了

显示全部楼层 · 发表于 2024-11-4 17:14:23

本帖最后由 aoqiwsw 于 2024-11-4 17:16 编辑

360扫描miss10x

显示全部楼层 · 发表于 2024-11-4 17:23:55

本帖最后由 King、暮光于 2024-11-4 17:55 编辑

亚信合计kill 25x
右键kill 8x
沙箱运行 kill 17x
2a224a457817440e088360685b4f43a2.exe  Virus.Win.Generic.ML.9da00
2cca0a25397124db83b5c1622eb3891cabecaac96deceae02594fed3f9a1e7d4.exe  Virus.Win.Generic.ML.2e3800
47ce6c887771d5cf0511a4dc56c92a4dcf1a9bd36fb135e934a79a7a19f8d205.exe  Virus.Win.Generic.ML.20a000
6034da5194443b7ec48e33efe5269dbacb0a3e0921d4b1038b8a2e5f4d8b927fN.exe  Trojan.Win32.Berbew.aIIIS
421895be443167f773741e1681d27ba2052fbef90d4def330cadb3206dbd651c.xlsx  HEUR_CVE170199.L
3422698cf8d3e2f47d7fb9b06417fef348012f15f0cde1d5b8a22e23699962dc.exe  Trojan.Win32.Banload

b4809d12158679aa7f01db86c54fa984305c8521a499b405ee130c5d91ed6540.exe  Virus.Win.Generic.ML.a0c00
3354a62a460c0022e55d548c877c3de59b00f942acdb3512a0803cf4f4a11525.exe  Troj.Win32.TRX.XXPE50FFF086
e3ee5e8df55aaa874cb1cf285b1e7db4951d92e38d2afda75daf7b8fd46643a0.exe  Virus.Win.Generic.ML.9da00
e8dcd706f41cb2bffff4621bb30a5febce1cdc6ad3825a62f535b9af1cf50d56.exe  Backdoor.Win32.Androm
ed676ea7909a8f07a74920987dcbc4d861e9d8704849828c4a733eb6733d8975.exe  TrojanSpy.MSIL.SNAKEKEYLOGGER.SMTPTEGNL
d1ebe167dbce01d79870346377887837657c92efe99cbd662cccf1cebaee6b3a.exe  TROJ.Win32.TRX.XXPE50FFF086
dca94ef6bd0c8b234268eae00a0711399e44e16eecdfdacaa9cbe9e91150024b.exe  TROJ.Win32.TRX.XXPE50FFF086
ff221c26a6ad233a179ede24b8156649e2e4338af867571943a2f114650bffa2.doc  Trojan.W97M.CVE201711882.SMTPTEGNL
5726ebbe448fcda8688f3a817d9ed8fcfe798780107e54c6bfdf13811ec41193.exe  TROJ.Win32.TRX.XXPE50FFF086

32aaddf41bbed77709a5db74ed8a62e179f65486945cfb20ccaa6023686a6871.exe  TROJ.Win32.TRX.XXPE50FFF086

8ee137a7c9d2a0a3f2ca8d20c607251393bb5f6ab5370a5ece3ee7b4711d0606.exe  Troj.Win32.TRX.XXPE50FFF086

显示全部楼层 · 发表于 2024-11-4 17:42:20

本帖最后由 Raven95676 于 2024-11-4 18:26 编辑

Avira

总结：miss 3x

2cf7c281f3da8e7704ec351412a1af85bbca64c49660caac152397987026576d.vbs miss
f592c9039e109241cbfd30ae6b0ec2c1098b10ca1dfa80eb427edea6564265f5.vbs miss
421895be443167f773741e1681d27ba2052fbef90d4def330cadb3206dbd651c.xlsx miss

解压+扫描 kill 23x

隔离区数量仅供参考

双击：

未计入：
9f70762284a7775f68d953b58cc09a732d425f41a2f1b15e5740b28dd9973fa3.hta

421895be443167f773741e1681d27ba2052fbef90d4def330cadb3206dbd651c.xlsx

Elastic

总结：miss 3x

3422698cf8d3e2f47d7fb9b06417fef348012f15f0cde1d5b8a22e23699962dc.exe miss
421895be443167f773741e1681d27ba2052fbef90d4def330cadb3206dbd651c.xlsx miss
ff221c26a6ad233a179ede24b8156649e2e4338af867571943a2f114650bffa2.doc miss

e8dcd706f41cb2bffff4621bb30a5febce1cdc6ad3825a62f535b9af1cf50d56.exe

f5101032fb19d96a6a332e53f1e8c9ffc97ab20afeaa6692666db6522d708bbe.msi

所有vbs/vbe/lnk/hta
共三类报法，全部 kill

其余所有解压kill

[病毒样本] 【开放测试】卡饭病毒样本包 20241104 第184期

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分