【开放测试】卡饭病毒样本包 20241117 第191期

显示全部楼层 · 发表于 2024-11-17 09:21:35

本帖最后由 QVM360 于 2024-11-22 19:31 编辑

警告：

   本主题帖中所包含的任何文件和附件都有危害你的计算机的可能，并且没有安全软件可以100%防护这些样本。样本仅供测试、交流和学习，禁止用于任何非法用途。
   请在虚拟机中测试样本。对于下载样本、附件以及点击链接所导致的任何数据泄露、破坏，以及所产生的任何损失，本人和卡饭论坛不负任何责任。

样本下载:  https://pan.huang1111.cn/s/1QZO6cv https://x.ws28.cn/f/fl81m89ki5d https://wwzq.lanzouq.com/iecZS2fawq7i
https://homeserver.iepose.cn/dow ... 3828F861F70E30D.zip

sha256:  C1463B00B6C41115E1EAD13CF093C16DA94A1D2367E4DD4A03828F861F70E30D

压缩包密码：infected

如果样本中包含.ps1文件(Powershell脚本)，则需要手动打开cmd.exe输入以下指令允许运行ps1脚本:

Powershell.exe Set-ExecutionPolicy Bypass

奖励/惩罚规则：
正式测试期间的奖励规则：
1、参加完整扫描测试，+5经验
2、上传相关截图（不再需要提供扫描日志），+5经验。
3、上传双击结果（必须带图或日志），+10~30经验。
4、测试多款安全软件的，奖励累加。

惩罚规则：
1、占楼后2小时内未能给出测试结果的，视为灌水，按照论坛规定处理
2、其他违规行为，按照论坛相关规定处理。

注意：扫描/双击日志请以附件形式（压缩包）或图片上传，也可以以1号字体放在回复中。
      对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。
当前测试阶段：开放测试

显示全部楼层 · 发表于 2024-11-17 09:23:29

本帖最后由 Loyisa 于 2024-11-17 10:01 编辑

MD 扫描24x
剩余7x

2f963135f37ea0629039e4e5f19fa09d7366547840b67aa95d9318fd16e8289e.lnk
双击后未发现外联

kerty49_64.msi/tefr50_64.msi
拦截到衍生物的时候银狐都跑完了

显示全部楼层 · 发表于 2024-11-17 09:24:39

本帖最后由 Raven95676 于 2024-11-17 10:46 编辑

elastic

总结：miss 2x
3x 未计入

9bb934796222d0c53cad0c6672fd46faaa4fce73955c54b3d9f8f33436cfee0b.xlsx miss

a141ffc673ab3eb0a9a73dc3c3f7d1f2d19da126bd5da7a28679110a8d8ee78c.xlsx miss

2f963135f37ea0629039e4e5f19fa09d7366547840b67aa95d9318fd16e8289e.lnk 未计入
c2炸了

3bd73772c6043d6ce588ab017bbfd2d0a347f0693e6b92f64e99c0c7dd0df1c8.ps1 未计入
c2炸了

40bdd6a0966f96a0fd666aa7b01e92989e3012f9a9c3da8bfe676777c197a83c.bat 未计入
疑似没跑起来

cc830b8a3cc75800b4e33d5baef4528935c3531ddfd3efe0587340f5075ce18e.lnk

8620fa4c62bd53e5b70aa10e6205f1ceffcd49bd7ca3b01cbe8f539273dd6695.bat

其余均为malware alert

显示全部楼层 · 发表于 2024-11-17 09:33:50

本帖最后由 Fadouse 于 2024-11-17 19:46 编辑

DI + S1 Kill All 2x没计入
静态 25x

miss 6x

运行测试
3bd73772c6043d6ce588ab017bbfd2d0a347f0693e6b92f64e99c0c7dd0df1c8.ps1 -> 下载服务器死亡

40bdd6a0966f96a0fd666aa7b01e92989e3012f9a9c3da8bfe676777c197a83c.bat -> 没跑起来

8620fa4c62bd53e5b70aa10e6205f1ceffcd49bd7ca3b01cbe8f539273dd6695.bat asyncrat -> 样本运行后下载bab.zip（Python环境）并解压

http://goninvoicceme.shop:7070/bab.zip

复制代码

S1双击 Kill

triage沙箱结果: https://tria.ge/241117-em282s1cle/

cc830b8a3cc75800b4e33d5baef4528935c3531ddfd3efe0587340f5075ce18e.ink -> 运行同8620fa4c62bd...bat的powershell指令。结果参考8620fa4c62bd..bat的结果
kerty49_64.msi / tefr50_64.msi 均为利用tprotect.dll的银狐样本 -> 双击 SentinelOne 行为AI监测并回滚

显示全部楼层 · 发表于 2024-11-17 10:18:17

本帖最后由 453125415 于 2024-11-17 10:22 编辑

火绒高启发扫描25X
卡巴斯基扫描 29x miss3x

显示全部楼层 · 发表于 2024-11-17 10:29:11

本帖最后由 ongarabazanade 于 2024-11-17 10:38 编辑

Avast扫描26X剩余5X

显示全部楼层 · 发表于 2024-11-17 10:35:54

本帖最后由 xmt12 于 2024-11-17 11:37 编辑

360初扫 26/31（见图
卡巴 26/31（见图
QAX 17/31（见图
自制 26/31

XAS扫描日志
扫描开始时间:2024/11/17 11:33:53
主程序版本:3.0.4 病毒库版本:17721(2024.11.16)
特征库个数：17360
黑md5个数：2332457
白md5个数：150459
危险文件:
---------
D:/用户文件/2/桌面/infected20241117\25b9aba533d955355406863543ee7998ba935d26871532395d348b7011363cc5.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\261fdc7510bb87afc431c66650b7eca3cb39c3be5ca3816fa21f20b322b94e61.exe[ANK云引擎][Trojan(0.9665)]
D:/用户文件/2/桌面/infected20241117\2965cecc8e11e1e4817626926dd78cdc92e071b323f4fec46f0c3800ab7b3d92.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\30f2d18a347941d704d5644eb563910d7a77e1a7e64ad0855dcbf36176d8fd55.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\3bd73772c6043d6ce588ab017bbfd2d0a347f0693e6b92f64e99c0c7dd0df1c8.ps1[文档查杀引擎][virus.2]
D:/用户文件/2/桌面/infected20241117\4285ecd850e79da45739c8ee248cb3276f3bb42977db9556ef0c848e55a6554a.exe[ANK云引擎][Trojan(0.9793)]
D:/用户文件/2/桌面/infected20241117\56665f54eed1500068ebf12e44eb37fd090e38c979d470dad06dc8a2610bb0db.exe[ANK云引擎][Trojan(0.9113)]
D:/用户文件/2/桌面/infected20241117\5767c14a179f38900dea1284c6f0814149bbeed53b63177fa94199825b7bbe3d.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\581118fa50f149aa83b140445af9ba80dd774bb7ed68417cf89a6d618195f27c.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\58c5b18352be4d33dc116c61ef6d78cbb0e817dd0020869a87d934e70d76f087.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\6392895d3f4d711b258e78e4f9966abd0b115d04866e7e573a996d395c17ccfb.exe[特征引擎][Trojan.Generic!id=51A3141B]
D:/用户文件/2/桌面/infected20241117\6443fc550ec4d11cddaa8487b4d5bdeacc22f62f95db1167839b129a46a3c6cb.exe[特征引擎][Trojan.Generic!id=51A3141B]
D:/用户文件/2/桌面/infected20241117\67f6bc35f167c485702ca21c48861aed2b2c1b92b5624c39daa33f47754bc70e.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\6f1cf7e7a7d52a6404f6b5e224cfaa8d6dea2f462ac1ba1cc09ec37ca4ed636f.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\8620fa4c62bd53e5b70aa10e6205f1ceffcd49bd7ca3b01cbe8f539273dd6695.bat[文档查杀引擎][virus.2]
D:/用户文件/2/桌面/infected20241117\a73d528bff9160d541ec02e7afd0630f268ee18a6c926a5169a0d7d070982bcd.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\ab4928096fc04c17dc732b9440950b21d89d8e030bdb061d5a90d69215072d59.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\ba41abdab95771fdaf9e90b3bc8bc7e17e875c01a3118052c984d88238749340.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\ce61cddec8560155f358e475e185463e26e9340465573bf643e0307910c8a1c3.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\dc2f8ca0bbd1554625e169c1bb64faf178699c3f0bafd6c56441eb67ef720c99.exe[特征引擎][Trojan.Generic!id=51A3141B]
D:/用户文件/2/桌面/infected20241117\f03f2e2f46e8a4bdb7f89ff51177e76b5adc860bc8a9a5f9fb614d68093d3e8e.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\fa9b3263042b364913cf7d0773da1c66ef85d967c61c60c2dbbdaa9495dfb855.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\fe5bcaeebd1b1ec308d5b4315f78912801ca049ec1293e632ad06d71f72e56d3.exe[特征引擎][Trojan.Generic!id=F758B5EA]
D:/用户文件/2/桌面/infected20241117\ff9d2a6132e95cd78fffb1fe0badf1219adc2d1cf0f695f0f3ad0ec98c73a393.exe[特征引擎][Trojan.Generic!id=BFE4957E]
D:/用户文件/2/桌面/infected20241117\kerty49_64.msi[msi查杀引擎][BinarylBinarC -> HashKill/01643a4a93]
D:/用户文件/2/桌面/infected20241117\tefr50_64.msi[msi查杀引擎][BinarylBinarC -> HashKill/01643a4a93]
总文件数:31
病毒文件个数:26
查杀率:83.87%
扫描结束时间:2024/11/17 11:34:02

复制代码

显示全部楼层 · 发表于 2024-11-17 11:07:09

本帖最后由 netweb 于 2024-11-17 11:57 编辑

eset
监控 kill 29x
ELG kill 1x

miss 1x
kerty49_64.msi

监控

ELG kill tefr50_64.msi

虚拟机双击
kerty49_64.msi

再次双击 kerty49_64.msi

火绒扫描杀
kerty49_64.msi

eset+火绒清空

显示全部楼层 · 发表于 2024-11-17 11:59:33

本帖最后由 Nocria 于 2024-11-17 12:09 编辑

IKARUS - 17/31

[17.11.2024 12:03:03] On-demand scan started: "TemporaryScan"
[17.11.2024 12:03:03] Found, 0.05s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\25b9aba533d955355406863543ee7998ba935d26871532395d348b7011363cc5.exe"
[17.11.2024 12:03:04] Found, 0.53s, SigName: "Trojan.NSIS.Agent", SigId: 5675964, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\261fdc7510bb87afc431c66650b7eca3cb39c3be5ca3816fa21f20b322b94e61.exe"
[17.11.2024 12:03:04] Found, 0.03s, SigName: "Trojan.MSIL.Crypt", SigId: 5138751, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\4285ecd850e79da45739c8ee248cb3276f3bb42977db9556ef0c848e55a6554a.exe"
[17.11.2024 12:03:04] Found, 0.08s, SigName: "Trojan-Banker.Agent", SigId: 3900682, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\56665f54eed1500068ebf12e44eb37fd090e38c979d470dad06dc8a2610bb0db.exe"
[17.11.2024 12:03:04] Found, 0.09s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\581118fa50f149aa83b140445af9ba80dd774bb7ed68417cf89a6d618195f27c.exe"
[17.11.2024 12:03:04] Found, 0.12s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\58c5b18352be4d33dc116c61ef6d78cbb0e817dd0020869a87d934e70d76f087.exe"
[17.11.2024 12:03:04] Found, 0.12s, SigName: "Trojan.Win32.Autoit", SigId: 5626838, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\6392895d3f4d711b258e78e4f9966abd0b115d04866e7e573a996d395c17ccfb.exe"
[17.11.2024 12:03:04] Found, 0.12s, SigName: "Trojan.Win32.Autoit", SigId: 5590873, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\6443fc550ec4d11cddaa8487b4d5bdeacc22f62f95db1167839b129a46a3c6cb.exe"
[17.11.2024 12:03:04] Found, 0.38s, SigName: "BZC.MNT.Boxter", SigId: 5574624, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\8620fa4c62bd53e5b70aa10e6205f1ceffcd49bd7ca3b01cbe8f539273dd6695.bat"
[17.11.2024 12:03:04] Found, 0.03s, SigName: "Trojan-Downloader.Excel.Agent", SigId: 4354974, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\9bb934796222d0c53cad0c6672fd46faaa4fce73955c54b3d9f8f33436cfee0b.xlsx"
[17.11.2024 12:03:04] Found, 0.02s, SigName: "Trojan-Downloader.XLM.Agent", SigId: 4395892, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\a141ffc673ab3eb0a9a73dc3c3f7d1f2d19da126bd5da7a28679110a8d8ee78c.xlsx"
[17.11.2024 12:03:05] Found, 0.95s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\ab4928096fc04c17dc732b9440950b21d89d8e030bdb061d5a90d69215072d59.exe"
[17.11.2024 12:03:07] Found, 0.45s, SigName: "Trojan-Spy.LokiBot", SigId: 3339512, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\fe5bcaeebd1b1ec308d5b4315f78912801ca049ec1293e632ad06d71f72e56d3.exe"
[17.11.2024 12:03:07] Found, 1.27s, SigName: "Trojan.Autoit", SigId: 5667467, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\dc2f8ca0bbd1554625e169c1bb64faf178699c3f0bafd6c56441eb67ef720c99.exe"
[17.11.2024 12:03:07] Found, 0.52s, SigName: "Trojan.Win32.Themida", SigId: 517040334, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\fa9b3263042b364913cf7d0773da1c66ef85d967c61c60c2dbbdaa9495dfb855.exe"
[17.11.2024 12:03:07] Found, 0.36s, SigName: "PUA.VMProtect", SigId: 517269290, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\kerty49_64.msi"
[17.11.2024 12:03:07] Found, 0.36s, SigName: "PUA.VMProtect", SigId: 517269290, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241117\tefr50_64.msi"
[17.11.2024 12:03:07] On-demand scan FINISHED: "TemporaryScan"
[17.11.2024 12:03:07] ----------------------------------------------------
[17.11.2024 12:03:07] Directories scanned: 1
[17.11.2024 12:03:07] Files scanned: 61
[17.11.2024 12:03:07] Virus found: 17
[17.11.2024 12:03:07] ----------------------------------------------------

复制代码

_______________________________

EMSISOFT - 21/31

显示全部楼层 · 发表于 2024-11-17 12:05:16

本帖最后由 ninjagaocc 于 2024-11-17 12:20 编辑

360 Total Security  剩余5x

INSERT COIN
Round 1 Ready go!
360 Total Security扫描日志

扫描时间：2024-11-17 12:08:23
扫描用时：00:00:04
扫描项目总数：32
威胁总数：15
处理威胁数：15

扫描选项
----------------------
扫描压缩包：否
常规引擎设置：未开启鲲鹏引擎

扫描内容
----------------------
F:\infected20241117\6f1cf7e7a7d52a6404f6b5e224cfaa8d6dea2f462ac1ba1cc09ec37ca4ed636f.exe
F:\infected20241117\9bb934796222d0c53cad0c6672fd46faaa4fce73955c54b3d9f8f33436cfee0b.xlsx
F:\infected20241117\25b9aba533d955355406863543ee7998ba935d26871532395d348b7011363cc5.exe
F:\infected20241117\30f2d18a347941d704d5644eb563910d7a77e1a7e64ad0855dcbf36176d8fd55.exe
F:\infected20241117\40bdd6a0966f96a0fd666aa7b01e92989e3012f9a9c3da8bfe676777c197a83c.bat
F:\infected20241117\58c5b18352be4d33dc116c61ef6d78cbb0e817dd0020869a87d934e70d76f087.exe
F:\infected20241117\67f6bc35f167c485702ca21c48861aed2b2c1b92b5624c39daa33f47754bc70e.exe
F:\infected20241117\261fdc7510bb87afc431c66650b7eca3cb39c3be5ca3816fa21f20b322b94e61.exe
F:\infected20241117\2965cecc8e11e1e4817626926dd78cdc92e071b323f4fec46f0c3800ab7b3d92.exe
F:\infected20241117\4285ecd850e79da45739c8ee248cb3276f3bb42977db9556ef0c848e55a6554a.exe
F:\infected20241117\5767c14a179f38900dea1284c6f0814149bbeed53b63177fa94199825b7bbe3d.exe
F:\infected20241117\6443fc550ec4d11cddaa8487b4d5bdeacc22f62f95db1167839b129a46a3c6cb.exe
F:\infected20241117\8620fa4c62bd53e5b70aa10e6205f1ceffcd49bd7ca3b01cbe8f539273dd6695.bat
F:\infected20241117\56665f54eed1500068ebf12e44eb37fd090e38c979d470dad06dc8a2610bb0db.exe
F:\infected20241117\581118fa50f149aa83b140445af9ba80dd774bb7ed68417cf89a6d618195f27c.exe
F:\infected20241117\6392895d3f4d711b258e78e4f9966abd0b115d04866e7e573a996d395c17ccfb.exe
F:\infected20241117\a73d528bff9160d541ec02e7afd0630f268ee18a6c926a5169a0d7d070982bcd.exe
F:\infected20241117\a141ffc673ab3eb0a9a73dc3c3f7d1f2d19da126bd5da7a28679110a8d8ee78c.xlsx
F:\infected20241117\ab4928096fc04c17dc732b9440950b21d89d8e030bdb061d5a90d69215072d59.exe
F:\infected20241117\ba41abdab95771fdaf9e90b3bc8bc7e17e875c01a3118052c984d88238749340.exe
F:\infected20241117\cc830b8a3cc75800b4e33d5baef4528935c3531ddfd3efe0587340f5075ce18e.lnk
F:\infected20241117\ce61cddec8560155f358e475e185463e26e9340465573bf643e0307910c8a1c3.exe
F:\infected20241117\dc2f8ca0bbd1554625e169c1bb64faf178699c3f0bafd6c56441eb67ef720c99.exe
F:\infected20241117\f03f2e2f46e8a4bdb7f89ff51177e76b5adc860bc8a9a5f9fb614d68093d3e8e.exe
F:\infected20241117\fa9b3263042b364913cf7d0773da1c66ef85d967c61c60c2dbbdaa9495dfb855.exe
F:\infected20241117\fe5bcaeebd1b1ec308d5b4315f78912801ca049ec1293e632ad06d71f72e56d3.exe
F:\infected20241117\ff9d2a6132e95cd78fffb1fe0badf1219adc2d1cf0f695f0f3ad0ec98c73a393.exe
F:\infected20241117\kerty49_64.msi
F:\infected20241117\tefr50_64.msi
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
F:\infected20241117\2f963135f37ea0629039e4e5f19fa09d7366547840b67aa95d9318fd16e8289e.lnk
F:\infected20241117\3bd73772c6043d6ce588ab017bbfd2d0a347f0693e6b92f64e99c0c7dd0df1c8.ps1

扫描结果
======================
高风险项目
----------------------
F:\infected20241117\25b9aba533d955355406863543ee7998ba935d26871532395d348b7011363cc5.exe 8A22EB031E1CC219F7D7C7932616EB11 323FEF7B5C0E29020571B58604859BF8F9EF67D0 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HxMBag8A][隔离文件][已处理]
F:\infected20241117\9bb934796222d0c53cad0c6672fd46faaa4fce73955c54b3d9f8f33436cfee0b.xlsx 692870C5ADC156F8C82DD479BEEB209E 4B902F66F5DBDCF6BE89D8F0C03EBEB222569CFB 70,6,2,4,280,1,8449, || 0_0_0  [QEX脚本查杀引擎][macro.office.07defname.gen][修复文件][已处理]
F:\infected20241117\261fdc7510bb87afc431c66650b7eca3cb39c3be5ca3816fa21f20b322b94e61.exe 8B955AAC04B3A8C53CB1F68404096B11 F4B50358A668915198FFCAC9570341927F41A261 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/TrojanDownloader.GuLoader.HoMATkcA][隔离文件][已处理]
F:\infected20241117\30f2d18a347941d704d5644eb563910d7a77e1a7e64ad0855dcbf36176d8fd55.exe BDC56948AE92968DD03685F176D82952 68D97B5441573567FF1B2361D14F167D2F759232 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HgIATksA][隔离文件][已处理]
F:\infected20241117\5767c14a179f38900dea1284c6f0814149bbeed53b63177fa94199825b7bbe3d.exe 1311CECE45188DF5FE51D6C00E85A759 24055BFE2A01ADF7592538395F839D6894A40F36 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Generic.HgIATksA][隔离文件][已处理]
F:\infected20241117\a73d528bff9160d541ec02e7afd0630f268ee18a6c926a5169a0d7d070982bcd.exe E2B4AD896B6B95121ABC835984B6AE8A 9859F91940F15B1B429B3FE73C61C6ADFDB63087 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HxMBa3EA][隔离文件][已处理]
F:\infected20241117\ba41abdab95771fdaf9e90b3bc8bc7e17e875c01a3118052c984d88238749340.exe 953B92C78BBBFE19CE63934057BEC688 19353387568C6436B50EDAA573F0E7381789A14C 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HxMBDJQA][隔离文件][已处理]
F:\infected20241117\ce61cddec8560155f358e475e185463e26e9340465573bf643e0307910c8a1c3.exe D75F68BE199632AB8811CBAA9E817FCC EA8A4D161BBADA484CE506E3A40A0E20339D7DE0 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Ransom.CrySiS.HgIATksA][隔离文件][已处理]
F:\infected20241117\dc2f8ca0bbd1554625e169c1bb64faf178699c3f0bafd6c56441eb67ef720c99.exe 54BCF789F9084FD1727BF4620D93B0A5 45C15FFEE077C969EC4A143D178B67E859F60D6C 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/TrojanDropper.Generic.HwoCDJQA][隔离文件][已处理]
F:\infected20241117\fa9b3263042b364913cf7d0773da1c66ef85d967c61c60c2dbbdaa9495dfb855.exe 02D2FE5EAA2CD0273701CBA643A85275 B22E5F9D24B5B20A400BC2FB4343952B092C266D 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/TrojanDropper.Generic.HxMBDJQA][隔离文件][已处理]
F:\infected20241117\f03f2e2f46e8a4bdb7f89ff51177e76b5adc860bc8a9a5f9fb614d68093d3e8e.exe 94AAC30065FE1780AFE1A0CB1BC107DA 8CC8B365F75CB569D6943EB99A6F287D794EBE43 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HxMBDJQA][隔离文件][已处理]
F:\infected20241117\a141ffc673ab3eb0a9a73dc3c3f7d1f2d19da126bd5da7a28679110a8d8ee78c.xlsx 1BD274BE149F6C88868F6ED69BAEF15E 54378FFD34BE34648FDC3524E94AB65435CE5B8F 70,6,2,4,280,1,8449, || 0_0_0  [QEX脚本查杀引擎][macro.office.07defname.gen][修复文件][已处理]
F:\infected20241117\ff9d2a6132e95cd78fffb1fe0badf1219adc2d1cf0f695f0f3ad0ec98c73a393.exe F373903154200AE4D75D16954E1DC2C1 9672A2E737961FF0E8EA3383C8FD3B41B673F706 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Miner.Generic.HxMBDJQA][隔离文件][已处理]
F:\infected20241117\tefr50_64.msi 2D444D425BE1B2F63C4455881CA74508 960961DB5BA146A52481EAD99A23234630A40DC4 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Win32/Trojan.Generic.HnoATkwA][隔离文件][已处理]
F:\infected20241117\kerty49_64.msi 7B06B2034ABEC89B0EFD0D1D3AA61253 21BBFE5125FFD4E4B71C45BD91A85A7AA731F96A 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Win32/Trojan.Generic.HnoATkwA][隔离文件][已处理]

Round 2
Ready go!
360 Total Security扫描日志

扫描时间：2024-11-17 12:12:18
扫描用时：00:02:34
扫描项目总数：70
威胁总数：11
处理威胁数：11

扫描选项
----------------------
扫描压缩包：否
常规引擎设置：未开启鲲鹏引擎

扫描内容
----------------------
F:\infected20241117\9bb934796222d0c53cad0c6672fd46faaa4fce73955c54b3d9f8f33436cfee0b.xlsx
F:\infected20241117\40bdd6a0966f96a0fd666aa7b01e92989e3012f9a9c3da8bfe676777c197a83c.bat
F:\infected20241117\58c5b18352be4d33dc116c61ef6d78cbb0e817dd0020869a87d934e70d76f087.exe
F:\infected20241117\67f6bc35f167c485702ca21c48861aed2b2c1b92b5624c39daa33f47754bc70e.exe
F:\infected20241117\2965cecc8e11e1e4817626926dd78cdc92e071b323f4fec46f0c3800ab7b3d92.exe
F:\infected20241117\4285ecd850e79da45739c8ee248cb3276f3bb42977db9556ef0c848e55a6554a.exe
F:\infected20241117\6443fc550ec4d11cddaa8487b4d5bdeacc22f62f95db1167839b129a46a3c6cb.exe
F:\infected20241117\8620fa4c62bd53e5b70aa10e6205f1ceffcd49bd7ca3b01cbe8f539273dd6695.bat
F:\infected20241117\56665f54eed1500068ebf12e44eb37fd090e38c979d470dad06dc8a2610bb0db.exe
F:\infected20241117\581118fa50f149aa83b140445af9ba80dd774bb7ed68417cf89a6d618195f27c.exe
F:\infected20241117\6392895d3f4d711b258e78e4f9966abd0b115d04866e7e573a996d395c17ccfb.exe
F:\infected20241117\a141ffc673ab3eb0a9a73dc3c3f7d1f2d19da126bd5da7a28679110a8d8ee78c.xlsx
F:\infected20241117\ab4928096fc04c17dc732b9440950b21d89d8e030bdb061d5a90d69215072d59.exe
\\fit-retired-athletics-marathon.trycloudflare.com@SSL\DavWWWRoot\new.vbs
F:\infected20241117\cc830b8a3cc75800b4e33d5baef4528935c3531ddfd3efe0587340f5075ce18e.lnk
F:\infected20241117\fe5bcaeebd1b1ec308d5b4315f78912801ca049ec1293e632ad06d71f72e56d3.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
F:\infected20241117\2f963135f37ea0629039e4e5f19fa09d7366547840b67aa95d9318fd16e8289e.lnk
F:\infected20241117\3bd73772c6043d6ce588ab017bbfd2d0a347f0693e6b92f64e99c0c7dd0df1c8.ps1
F:\infected20241117\6f1cf7e7a7d52a6404f6b5e224cfaa8d6dea2f462ac1ba1cc09ec37ca4ed636f.exe

扫描结果
======================
高风险项目
----------------------
F:\infected20241117\58c5b18352be4d33dc116c61ef6d78cbb0e817dd0020869a87d934e70d76f087.exe AE91F27BDAB28B23F933D44A3520B96B C1B473494396770D1304A44D2DB00608BC6FA1D7 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HxMBaAkB][隔离文件][已处理]
F:\infected20241117\67f6bc35f167c485702ca21c48861aed2b2c1b92b5624c39daa33f47754bc70e.exe 87D0A89CD6E89E8B816F7D1217369D01 5578E7A41949B2B84A492DB02EC312A8C5D9BBF8 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/TrojanDownloader.Generic.HxMBaAkB][隔离文件][已处理]
F:\infected20241117\2965cecc8e11e1e4817626926dd78cdc92e071b323f4fec46f0c3800ab7b3d92.exe 53A815EA818141D183590391331490AD 666554CA5B327427DB1BDCB3B8880F2F4373FD5F 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Generic.HxMBaAkB][隔离文件][已处理]
F:\infected20241117\4285ecd850e79da45739c8ee248cb3276f3bb42977db9556ef0c848e55a6554a.exe CD028A39B8C0C2FE459E27A680949CA6 5796C805512956A2A4F7B20F412C6A105D4AB0A1 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Backdoor.DCRat.HwMBaAkB][隔离文件][已处理]
F:\infected20241117\6443fc550ec4d11cddaa8487b4d5bdeacc22f62f95db1167839b129a46a3c6cb.exe 84BF72B2694826A8271589F5DD039D1D D6F99A25376E410C0B30802EC59611EC0153CF50 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Generic.HwoCaAkB][隔离文件][已处理]
F:\infected20241117\581118fa50f149aa83b140445af9ba80dd774bb7ed68417cf89a6d618195f27c.exe F644A4819452EA2CE5CCCD7F4A59C11E AFC7F3E67E76D02DD54552D5ACE3A39E692BA505 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HxMBaAkB][隔离文件][已处理]
F:\infected20241117\6392895d3f4d711b258e78e4f9966abd0b115d04866e7e573a996d395c17ccfb.exe 952788032E27BA3CCFFC3ED742C20143 D84CF6DF9018C57324A2EA33F30C8A5B6EF980B6 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Loda.HwoCaAkB][隔离文件][已处理]
F:\infected20241117\ab4928096fc04c17dc732b9440950b21d89d8e030bdb061d5a90d69215072d59.exe 819FF1EE751D7154F836AAF5A0B5E3DD D3D9F4E1524383D277C6590F2050C50D5410316F 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Injurer.HxMBaAkB][隔离文件][已处理]
F:\infected20241117\56665f54eed1500068ebf12e44eb37fd090e38c979d470dad06dc8a2610bb0db.exe 1D60C36101B685C7EF804728E738FDC5 1990FB98301E206B8D895941A086C681D777AC47 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Backdoor.Emotet.HgIATkwA][隔离文件][已处理]
F:\infected20241117\fe5bcaeebd1b1ec308d5b4315f78912801ca049ec1293e632ad06d71f72e56d3.exe 151D339D07266DA06E071AE300C7D386 971C14BAEA8058460AE1C34DF366211F253DCBD4 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/TrojanPSW.Primarypass.HxQBaAkB][隔离文件][已处理]
F:\infected20241117\6f1cf7e7a7d52a6404f6b5e224cfaa8d6dea2f462ac1ba1cc09ec37ca4ed636f.exe 9EA9935BE7E022C3C028426DECBDEADC 719E5CDCE4EDBB08582914A32A29AAE65FA56A5A 70,3,2,4,280,1,256, || 0_0_1  [360云查杀引擎][Win32/Trojan.Generic.HxMBaAkB][隔离文件][已处理]

Round 3
Ready go!

360 Total Security扫描日志

扫描时间：2024-11-17 12:16:36
扫描用时：00:00:12
扫描项目总数：59
威胁总数：2
处理威胁数：2

扫描选项
----------------------
扫描压缩包：否
常规引擎设置：未开启鲲鹏引擎

扫描内容
----------------------
F:\infected20241117\a141ffc673ab3eb0a9a73dc3c3f7d1f2d19da126bd5da7a28679110a8d8ee78c.xlsx
\\fit-retired-athletics-marathon.trycloudflare.com@SSL\DavWWWRoot\new.vbs
F:\infected20241117\cc830b8a3cc75800b4e33d5baef4528935c3531ddfd3efe0587340f5075ce18e.lnk
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
F:\infected20241117\2f963135f37ea0629039e4e5f19fa09d7366547840b67aa95d9318fd16e8289e.lnk
F:\infected20241117\3bd73772c6043d6ce588ab017bbfd2d0a347f0693e6b92f64e99c0c7dd0df1c8.ps1
F:\infected20241117\9bb934796222d0c53cad0c6672fd46faaa4fce73955c54b3d9f8f33436cfee0b.xlsx
F:\infected20241117\40bdd6a0966f96a0fd666aa7b01e92989e3012f9a9c3da8bfe676777c197a83c.bat
F:\infected20241117\8620fa4c62bd53e5b70aa10e6205f1ceffcd49bd7ca3b01cbe8f539273dd6695.bat

扫描结果
======================
高风险项目
----------------------
F:\infected20241117\9bb934796222d0c53cad0c6672fd46faaa4fce73955c54b3d9f8f33436cfee0b.xlsx 18B48CE2D1D1915EA486BC9133A71DDA 5AB504BE4EC64E1DD6A816EBC30D27B7659D871E 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Generic/Backdoor.Emotet.HtwASsYA][隔离文件][已处理]
F:\infected20241117\a141ffc673ab3eb0a9a73dc3c3f7d1f2d19da126bd5da7a28679110a8d8ee78c.xlsx 1801F9DBA328CCAD88E8A64211945332 1DC58B9D886E2FCA76FFA83C29828691ADE8A728 70,3,2,4,280,1,256, || 0_0_0  [360云查杀引擎][Generic/Trojan.Generic.HtwASoUA][隔离文件][已处理]

[病毒样本] 【开放测试】卡饭病毒样本包 20241117 第191期

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源