【开放测试】卡饭病毒样本包 20241116 第190期

yeahnangua

解压后扫描 kill 23x  miss 5x

2d51501f41d1e5e88b3ecfa3b830f504a5b086f18cda4ed0f61c805bfa7795d6.exe HyperDetect

70a7fe185abdb61705138746efe719db1c4902ba447c4be00f7bbd978c7475fa.exe HyperDetect

c92a412016aed1dce46050fc073d08b0ea3157001cbd439788cbd7b13216c1f3.exe 云杀

rgty50_64.msi 和 yghj50_64.msi 运行后bd的SecurityService.exe似乎直接被干掉了，被干掉后之前HyperDetect杀的毒都不拦截了
共计miss 2x

ongarabazanade

Avast扫描24X剩余10X（可能包含有已修复的文件）

hhjjjjjj123

卡巴已拉黑，全检

Kaspersky Threat Intelligence Portal — Report — 376AF3D6EC15FAF350BBB7A3A5F17933BF11C895F6B7119C...

ytysh

ASCU 17 Miss 7x

ninjagaocc

剩余5x


360 Total Security扫描日志


扫描时间：2024-11-16 14:01:20
扫描用时：00:00:08
扫描项目总数：38
威胁总数：23
处理威胁数：23


扫描选项
----------------------
扫描压缩包：否
常规引擎设置：未开启鲲鹏引擎


扫描内容
----------------------
F:\infected20241116\


扫描结果
======================
高风险项目
----------------------
F:\infected20241116\108dc6a35258471a280a4a714694a4f9dfb1590434ff92f80cff28ee54d68da2.exe 25858025EEC4EA9A0C4A8EC63D6143C4 F8697DD52D805109954E71703CC7C2019D332836 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\2cb8109695addeeff4fbd5fb4905544d80d345c2eb26d406ec7da35cd27fcea6.exe 8CA08B6DB08A74DD452B1090B9CE2362 271E31E00959F347F914507863BD6BA20B2A4814 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HgIATksA][隔离文件][已处理]
F:\infected20241116\2d51501f41d1e5e88b3ecfa3b830f504a5b086f18cda4ed0f61c805bfa7795d6.exe 430605E11B75FA0BD6CD8304915295ED C842A2DD6E68FDC8155CF04B6403739482158B44 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HgIATksA][隔离文件][已处理]
F:\infected20241116\31fa84c2fd1626a571dd7895fd2e149d7eb003a7bc9037615cb71f07571edb0f.exe 6BAAC82565614419657461187756F86E E5759600F149ACDE660E3C174FD0C853E2DBEDD6 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HgIATksA][隔离文件][已处理]
F:\infected20241116\1ae1e60715ad410a546030d10fea265d9a6ab3ff9700965c6e71e2b4e8d685df.exe 2485B1DD39D368FAB4041377F9E7583D F36D14D4F089D3CA2420CA0F0DE1ABC3592386A9 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Ransom.CrySiS.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\4b40ee0f6bfdab8c8e216ad2a52228f2968d4391f5de5dd788445129949c38a1.exe 541C6CF626AC4AEF9C2667111945277C FFA83C243DAFEEE0D8961DCF1AC4A8FE7F20ACFA 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Backdoor.Emotet.HwcBZuIA][隔离文件][已处理]
F:\infected20241116\70a7fe185abdb61705138746efe719db1c4902ba447c4be00f7bbd978c7475fa.exe 4CC7839FDCA129D312F68697A106642B 6F11D33C984E23AB723A1B0F095254AB89589A42 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\7923500b376d6b5025212ae1633f7a13262e38ae99c0e0d3b1fa45b4f0a66dfe.exe 9EA90EA45DA390B841C806D93255E1A9 D0B63CB5F083A958165C78E6608FEA08C64E3B68 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/TrojanDownloader.Generic.HgIATksA][隔离文件][已处理]
F:\infected20241116\8e23b3582853710875fb30abdbdb639371f3263b7b573f4fd594d35d9b8604d8.exe 8787E810108C1F384D909EBD558F93EF 2B7E9DBC05B8D865313F643546862124221A46B3 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Ransom.Cryptor.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\91de4a08b3eb11061eec9a0423a6b968414a7cc0788523205acf0f5b7704fdae.exe 8C9571E2ACC06B08B5D4901D40276F26 905EEEC9B680B490478F11D6808045246C348667 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\967b5ab007e10eab5b4ac022153cd0f03a964e946ae203409b64cfc762a2480d.exe FF45573EB2C3BBCB325FF87AC318971B B3BF595245913DB1642C8B0696E1AE0BA0D2BC41 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Backdoor.Generic.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\9c6cacfa7f390ef5215e44a4a59009854e78be610520c148531b55ead5743a7e.exe 1C605F84EF6E2C53CB4C8452419FAECA D4D24C469A73BD2F1479F111901FCBA4DA027A8C 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\b59ec4d90f698cd7a52bdb6c6b4ca018729418800643ba2afe0c25972fdcd3be.exe 1159A6ACCB4E1B49FBE7F6B69E5909E2 8F3EA865BBE6F40EDA2B1FA3208C53D65273BC83 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Generic.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\b6d765a5becd81297d4e744bc142391744171fd46e1ad8aa9ae1b4a9a1404d2a.exe 8BBABE450B9875FBE19DFA4855F0921E D3471D007F559EE9F39823844B0AA080E8887359 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Backdoor.Generic.HykCZdEA][隔离文件][已处理]
F:\infected20241116\785711b6a961825ed0b534b88ba2826e2309fa0d35be82e249907dbc2fc623c7.exe A5F0899F814CB37CB43D37FF21D5EDF6 321661588CB94A3CDA87AF1714E8F56ACBC8E4E8 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\c92a412016aed1dce46050fc073d08b0ea3157001cbd439788cbd7b13216c1f3.exe A7E71DBF8225EBCDA72006607C0F9D29 2B4A5BF7EB269F676A0EC70D19CEA2CE02D81380 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Generic.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\d5c1749976539f8bc24fe0ebd9032a743688266dab0ef4f22ade7562759493bb.exe FA1582E782135FBB85839A45E3C30AD1 1CB8B7CF5D5E31214B02C95C2C514BEBB69BB9AA 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HxMBZdEA][隔离文件][已处理]
F:\infected20241116\376af3d6ec15faf350bbb7a3a5f17933bf11c895f6b7119cf3eefc1ccd33cbe7.cmd 0F462E74B2A23796863DD0AEC8DB4833 21F5B3B475009E0FC11A26EB67CE4A9646FEB5DE 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Script/Trojan.Generic.HhsATksA][隔离文件][已处理]
F:\infected20241116\5c7f1d6ac7671a1b1764dba808cf52f5c5c48ce1cbd0f1c16d8f6cf0afe5d3c8.hta 43F15554D66E784D988AA2DA3ED2A136 6D0FB362A8AA62A046E25435E6A525E2CA61492D 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Script/Trojan.Generic.HkcATksA][隔离文件][已处理]
F:\infected20241116\8745092d873a1d66ebc31d1e107b207baaf043a98468678c0514505439daf4c9.ps1 BD06A031DEABC50AB1606D2D1D99ED0C B7CFF48B862A2E431093B000C8E3B2F382192C2C 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Script/Trojan.Generic.HhsATkgA][隔离文件][已处理]
F:\infected20241116\962b95012dcccd8bf8fbd2c14d36e5c6e3bf9ac81eff4d6fa8bc8dbeb33eaf3e.js 356A79B0CE55C0261040F71EAB19F7B5 F370CC7D153B6A8F018F85B2909125C46255F535 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Generic/TrojanPSW.Strela.HskATksA][隔离文件][已处理]
F:\infected20241116\a56a8e48af48214867d72d01dd02be3815e71eaf9e10c07722143bc422451876.js B772530EE2FE2786897EF74CEBCD1C4F EB55ACF9E09208118E1B77992E35F0BDDFC4AAFE 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Generic/TrojanPSW.Strela.HskATksA][隔离文件][已处理]
F:\infected20241116\ec97b59bc0398eb50eb842046e017755dbbc8d6764a6c26db85cd90853760669.hta 5476BA599869D81ABEE08F38F1C1A1D9 46748779EC123145FDF90942C9DF65D0099C9A99 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Script/Trojan.Generic.HkcATksA][隔离文件][已处理]

ninjagaocc

123456aaaafsdeg 发表于 2024-11-16 10:54
360

你这是什么360

xmt12

EIS 23/28（见图
QAX 22/28（见图
360 23/28（见图
西瓜杀毒 17/28（见图
自制 19/28（这报毒名？？？

1. XAS扫描日志
   
2. 扫描开始时间:2024/11/16 14:58:10
   
3. 
   
4. 主程序版本:3.0.3 病毒库版本:17719(2024.11.15)
   
5. 特征库个数：17357
   
6. 黑md5个数：2332419
   
7. 白md5个数：150459
   
8. 
   
9. 危险文件:
   
10. ---------
    
11. 
    
12. D:/用户文件/2/桌面/infected20241116\108dc6a35258471a280a4a714694a4f9dfb1590434ff92f80cff28ee54d68da2.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
13. D:/用户文件/2/桌面/infected20241116\1ae1e60715ad410a546030d10fea265d9a6ab3ff9700965c6e71e2b4e8d685df.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
14. D:/用户文件/2/桌面/infected20241116\2cb8109695addeeff4fbd5fb4905544d80d345c2eb26d406ec7da35cd27fcea6.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
15. D:/用户文件/2/桌面/infected20241116\2d51501f41d1e5e88b3ecfa3b830f504a5b086f18cda4ed0f61c805bfa7795d6.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
16. D:/用户文件/2/桌面/infected20241116\31fa84c2fd1626a571dd7895fd2e149d7eb003a7bc9037615cb71f07571edb0f.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
17. D:/用户文件/2/桌面/infected20241116\4b40ee0f6bfdab8c8e216ad2a52228f2968d4391f5de5dd788445129949c38a1.exe[ANK云引擎][Trojan(0.9996)]
    
18. D:/用户文件/2/桌面/infected20241116\70a7fe185abdb61705138746efe719db1c4902ba447c4be00f7bbd978c7475fa.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
19. D:/用户文件/2/桌面/infected20241116\785711b6a961825ed0b534b88ba2826e2309fa0d35be82e249907dbc2fc623c7.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
20. D:/用户文件/2/桌面/infected20241116\7923500b376d6b5025212ae1633f7a13262e38ae99c0e0d3b1fa45b4f0a66dfe.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
21. D:/用户文件/2/桌面/infected20241116\8e23b3582853710875fb30abdbdb639371f3263b7b573f4fd594d35d9b8604d8.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
22. D:/用户文件/2/桌面/infected20241116\91de4a08b3eb11061eec9a0423a6b968414a7cc0788523205acf0f5b7704fdae.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
23. D:/用户文件/2/桌面/infected20241116\967b5ab007e10eab5b4ac022153cd0f03a964e946ae203409b64cfc762a2480d.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
24. D:/用户文件/2/桌面/infected20241116\9c6cacfa7f390ef5215e44a4a59009854e78be610520c148531b55ead5743a7e.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
25. D:/用户文件/2/桌面/infected20241116\b59ec4d90f698cd7a52bdb6c6b4ca018729418800643ba2afe0c25972fdcd3be.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
26. D:/用户文件/2/桌面/infected20241116\b6d765a5becd81297d4e744bc142391744171fd46e1ad8aa9ae1b4a9a1404d2a.exe[ANK云引擎][Trojan(0.88)]
    
27. D:/用户文件/2/桌面/infected20241116\c92a412016aed1dce46050fc073d08b0ea3157001cbd439788cbd7b13216c1f3.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
28. D:/用户文件/2/桌面/infected20241116\d5c1749976539f8bc24fe0ebd9032a743688266dab0ef4f22ade7562759493bb.exe[特征引擎][Trojan.Generic!id=BFE4957E]
    
29. D:/用户文件/2/桌面/infected20241116\rgty50_64.msi[msi查杀引擎][BinarylBinarC -> Trojan.Generic!id=469E9624]
    
30. D:/用户文件/2/桌面/infected20241116\yghj50_64.msi[msi查杀引擎][BinarylBinarC -> Trojan.Generic!id=469E9624]
    
31. 
    
32. 总文件数:28
    
33. 病毒文件个数:19
    
34. 查杀率:67.86%
    
35. 扫描结束时间:2024/11/16 14:58:17

复制代码

123456aaaafsdeg

ninjagaocc 发表于 2024-11-16 14:04
你这是什么360

国内版没有杀毒日志吧。。。这是统计工具的结果

https://bbs.kafan.cn/thread-2273117-1-1.html

inhh1

yeahnangua 发表于 2024-11-16 11:41
解压后扫描 kill 23x  miss 5x

2d51501f41d1e5e88b3ecfa3b830f504a5b086f18cda4ed0f61c805bfa7795d6.exe ...

那两个msi的bd是半死不活状态，虽然安全服务挂了，但是还是拦了计划任务创建，你可以试试看

ANY.LNK

微软
解压+扫描





运行

两个ps1均被受控文件夹访问拦截





MSI均为银狐，在Win11和Win10上运行效果不同

Win11报告可疑服务注册随后系统自动重启





样本未运行，MDAV状态正常，扫描击杀了释放出来的Undate.png

Win10上样本运行，加载漏洞驱动并干掉了MDAV的进程，重启后恢复，扫描杀掉样本





值得注意的是，样本runtime.exe这次直接由计划任务拉起了