【开放测试】卡饭病毒样本包 20241118 第192期

zhuzhu009

警告：

       本主题帖中所包含的任何文件和附件都有危害你的计算机的可能，并且没有安全软件可以100%防护这些样本。样本仅供测试、交流和学习，禁止用于任何非法用途。
       请在虚拟机中测试样本。对于下载样本、附件以及点击链接所导致的任何数据泄露、破坏，以及所产生的任何损失，本人和卡饭论坛不负任何责任。

样本下载: https://pan.huang1111.cn/s/aEk3NUG https://x.ws28.cn/f/fll90o4noml https://wwzq.lanzouq.com/igbDX2ffe0vi
https://homeserver.iepose.cn/dow ... 2C35A59141D3501.zip



sha256:  DFC75F9EC3C36B36F6C747AF2E12DEAC887EEF6603279A0932C35A59141D3501

压缩包密码：infected

如果样本中包含.ps1文件(Powershell脚本)，则需要手动打开cmd.exe输入以下指令允许运行ps1脚本:

Powershell.exe Set-ExecutionPolicy Bypass

奖励/惩罚规则：
正式测试期间的奖励规则：
1、参加完整扫描测试，+5经验
2、上传相关截图（不再需要提供扫描日志），+5经验。
3、上传双击结果（必须带图或日志），+10~30经验。
4、测试多款安全软件的，奖励累加。

惩罚规则：
1、占楼后2小时内未能给出测试结果的，视为灌水，按照论坛规定处理
2、其他违规行为，按照论坛相关规定处理。

注意：扫描/双击日志请以附件形式（压缩包）或图片上传，也可以 以1号字体放在回复中。         
          对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。
当前测试阶段：开放测试

YU2711

McAfee 53x



Trend Micro 54x


双击(Sandboxie)4x

1. 名稱:        WINWORD.EXE
   
2. 來源:        Microsoft Corporation
   
3. 版本:        16.0.17328.20612
   
4. 版權所有:        
   
5. 偵測到的資源或程序 ID:        C:\Windows\SysWOW64\cmd.exe
   
6. 處理行動:        已終止

复制代码

1. 名稱:        cmd.exe
   
2. 來源:        Microsoft Corporation
   
3. 版本:        10.0.19041.4522 (WinBuild.160101.0800)
   
4. 版權所有:        © Microsoft Corporation. All rights reserved.
   
5. 偵測到的資源或程序 ID:        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
   
6. 處理行動:        已終止

复制代码

1. 名稱:        90888d7d6c1e7e54c3e21064aba0773abfca84c15ccf644bde92feefcd76f43e.exe
   
2. 來源:        Node.js
   
3. 版本:        18.5.0
   
4. 版權所有:        Copyright Node.js contributors. MIT license.
   
5. 偵測到的資源或程序 ID:        C:\Windows\System32\cmd.exe
   
6. 處理行動:        已終止

复制代码

1. 名稱:        093825c6dbcf5b3904e770148f5a111be196e7b5d000ceb5cd162bb29aa25c3d.exe
   
2. 來源:        Node.js
   
3. 版本:        18.5.0
   
4. 版權所有:        Copyright Node.js contributors. MIT license.
   
5. 偵測到的資源或程序 ID:        C:\Windows\System32\cmd.exe
   
6. 處理行動:        已終止

复制代码

zhuzhu009

火绒 开高启发剩6个

默认36个+文件实时防护1个=37个

Fadouse

S1 + DI

静态51x

Miss 8x

---

运行测试


2fe37dc42d17e2c09b03e07daf07a7dea4751051a9d8043d47cd2b70bc4ab791.js -> DI Kill


6ce7a20cb14613c68fec5d6579b0431fe898d78db9b141cf57217aa019044237.bat -> 疑似没跑起来，自退

56f92bcf7ada15ed99e5cd14825ae94d208ccdaafb7e611dbc6035070f31948c.vbs -> DI Kill


148d980403054089e7ac0a3ae1c9db3a7863d2a1696dcbd226acb5df06efc4ab.js -> DI Kill

dd6bac4d20cf0425bf3e70a785b10ee1f3c0c6b543d7a8126afd6855b3b7a768.js -> DI Kill


f855665d2e619540baf439f2ab2b0601a5689293b02666528ad35ee589535336.js -> DI Kill

King、暮光

ESET miss 9x


360补杀72edf..

防护措施翻车还没清理干净，先不双击了

Loyisa

MD 51X剩余8x


双击就1x

其余的毛豆自动入沙

GalaxyS24Ultra

火绒6.0.4.0高级启发式查杀，剩余六个

Nocria

IKARUS - 49/59

1. [18.11.2024 17:23:06] On-demand scan started: "TemporaryScan"
   
2. [18.11.2024 17:23:06] Found, 0.12s, SigName: "Trojan.Win32.Themida", SigId: 517485878, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\01948f54d7fd507a58778c42b07ff1422a4895e4596cc1c6d2fc74c49dcd643e.exe"
   
3. [18.11.2024 17:23:06] Found, 0.16s, SigName: "Trojan.JS.Cryxos", SigId: 517485790, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\148d980403054089e7ac0a3ae1c9db3a7863d2a1696dcbd226acb5df06efc4ab.js"
   
4. [18.11.2024 17:23:06] Found, 0.31s, SigName: "Trojan.Win32.Themida", SigId: 517483043, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\03186163270deda153db2cfed3005d415c6059326b0a86439ac6b043a5a5346e.exe"
   
5. [18.11.2024 17:23:06] Found, 0.20s, SigName: "Trojan.Win32.Themida", SigId: 517485879, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\1ca5139c418e9b35343e0aa06671ac121a350d5437fe406ab6b2a62dc0d9b2c8.exe"
   
6. [18.11.2024 17:23:06] Found, 0.26s, SigName: "Trojan.Win32.Themida", SigId: 517485882, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\18fabc1fc091d6726ca2e5b045990d57af2da9d9d64d8fa4bfe02e50761919a4.exe"
   
7. [18.11.2024 17:23:06] Found, 0.12s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\20d0fda98664988be3ff79e706af18c213c447e460923250392820a2a63a3b5e.exe"
   
8. [18.11.2024 17:23:06] Found, 0.08s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\24d9ce8310c3eb716a874406d624659a7ffb4e4fdf7f51140084a633831e94b0.exe"
   
9. [18.11.2024 17:23:06] Found, 0.09s, SigName: "Trojan.Win32.Themida", SigId: 517483617, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\2587bee40a1bc2b122d521a5068a01b7a02b13333da8b164874a93165e2b603f.exe"
   
10. [18.11.2024 17:23:06] Found, 0.03s, SigName: "Trojan-Dropper.MSIL.Agent", SigId: 517483032, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\3c323dacc7a0b9e69acfcd23a9b2266e3803600de184f5684541223f2f0ac85b.exe"
    
11. [18.11.2024 17:23:06] Found, 0.05s, SigName: "Trojan.JS.Cryxos", SigId: 517485791, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\2fe37dc42d17e2c09b03e07daf07a7dea4751051a9d8043d47cd2b70bc4ab791.js"
    
12. [18.11.2024 17:23:06] Found, 0.02s, SigName: "Trojan.Win32.Autoit", SigId: 517482283, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\3e536a086d58f3527341961fec58a1128590a64b7d5978407ddc244a2368872d.exe"
    
13. [18.11.2024 17:23:07] Found, 0.38s, SigName: "Trojan.Win32.Autoit", SigId: 5626838, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\43a22b0d68aa9ae517f0d42195f3382de10dc0bcb222dd3717abbdfc9c3b7cd7.exe"
    
14. [18.11.2024 17:23:07] Found, 0.52s, SigName: "Trojan-Downloader.MSIL.Agent", SigId: 517258622, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\4a2c971c295d5f317a2aef95a404322e7fcd0d3a74200e4fe30b9e46da623cfb.exe"
    
15. [18.11.2024 17:23:07] Found, 0.19s, SigName: "Trojan.Win32.AutoitInject", SigId: 517483002, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\4fae3c9f5d094331098e06bd94823df6f3c6a049398c1f7c46712a46a06dd66e.exe"
    
16. [18.11.2024 17:23:07] Found, 0.14s, SigName: "Win32.SuspectCrc", SigId: 517485167, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\56bd84e77da1de080c2d5c42b6f101574e7146b200026ea9468703d742edec10.exe"
    
17. [18.11.2024 17:23:07] Found, 0.12s, SigName: "Win32.SuspectCrc", SigId: 517481669, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\56f92bcf7ada15ed99e5cd14825ae94d208ccdaafb7e611dbc6035070f31948c.vbs"
    
18. [18.11.2024 17:23:07] Found, 0.10s, SigName: "Trojan.Win32.Themida", SigId: 517482293, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\5b925045e850cc5704bbe0d7d9ebab9372699b97a54a29832b09c01c2e868433.exe"
    
19. [18.11.2024 17:23:07] Found, 0.12s, SigName: "Trojan.MSIL.Krypt", SigId: 4967107, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\5e0fca97a0d1f7abf543f5f9028681148de67780c584dc59c4163fefcbcca07f.exe"
    
20. [18.11.2024 17:23:07] Found, 0.16s, SigName: "Trojan.Win64.Clipbanker", SigId: 517482883, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\5d5e5e00b2683092a89e16c271369a03aea176e466b29205df5730b26e19b4b7.exe"
    
21. [18.11.2024 17:23:07] Found, 0.38s, SigName: "Trojan.Win32.Themida", SigId: 517483035, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\678f3ff74a341bc6d6bff5f334508e4ea8305aba0e33c134fd5b0af3cd957d87.exe"
    
22. [18.11.2024 17:23:08] Found, 1.22s, SigName: "Trojan.Win32.Autoit", SigId: 5626838, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\655f882ec532146793aba0f4a4a872b96ed7d03b561339e6b02fe8cd01a82ef6.exe"
    
23. [18.11.2024 17:23:08] Found, 0.31s, SigName: "Win32.SuspectCrc", SigId: 517485172, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\72edf084c9542b902e064b7a933bb7662aa98906b59e3c0d9a76a00da82f898c.exe"
    
24. [18.11.2024 17:23:08] Found, 0.99s, SigName: "Win32.SuspectCrc", SigId: 517481238, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\72405ed5a8262e043ccba2e0042bd517774108ebd15c8b34e185735a7235ad92.exe"
    
25. [18.11.2024 17:23:08] Found, 0.04s, SigName: "Exploit.MSOffice", SigId: 517384688, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\8b9499461cf329f72b0f6958be4a89d48596ad2c7bbf1162b2ba679f0a57596e.doc"
    
26. [18.11.2024 17:23:09] Found, 0.47s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\7dd6b27024e8e98d4524c57a890283580ea7d7f8d5c7de5fda39cd0e2a7115c9.exe"
    
27. [18.11.2024 17:23:10] Found, 1.03s, SigName: "Win32.SuspectCrc", SigId: 517481595, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\90e512c7bcc7ff595750229a34b01cdaea4fb77bb688c24192c92096b0848111.exe"
    
28. [18.11.2024 17:23:10] Found, 0.11s, SigName: "Trojan.Win32.AutoitInject", SigId: 517482998, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\985729c4a77f2146cf65fe2c8c63222ba27ed1fc643e02cae53e0b64a075f622.exe"
    
29. [18.11.2024 17:23:10] Found, 0.09s, SigName: "Win32.SuspectCrc", SigId: 517482351, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\a6383c0e6d1660f45356eb6b6cfcb90d7558682c94994b7f23c02764a7d4fc08.exe"
    
30. [18.11.2024 17:23:10] Found, 0.17s, SigName: "Win32.SuspectCrc", SigId: 517478509, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\a949711a2548287c4da624ebf136e41df1deba6b67783bf3dc3a30fded99d12c.exe"
    
31. [18.11.2024 17:23:10] Found, 0.19s, SigName: "Trojan.Win32.Autoit", SigId: 5368535, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\c99b8aeb0f16d3bbbff6a38bed88adb5280b4c20ad3af15b87f4785c6f41ca17.exe"
    
32. [18.11.2024 17:23:10] Found, 0.20s, SigName: "Trojan.Win32.Themida", SigId: 517481035, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\cb2359039ddc3d53fdc47eaef40afeb7e4bc7895b90d15586a4ce5a9aa00452c.exe"
    
33. [18.11.2024 17:23:10] Found, 0.06s, SigName: "Backdoor.MSIL.NJRat", SigId: 5556786, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\ccaa9f9e4a61111b9814917dcb9703768743dffc8faec938bc480c7b091c33dc.exe"
    
34. [18.11.2024 17:23:10] Found, 0.04s, SigName: "PUA.NoobyProtect", SigId: 3296670, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\d7c0d4bacce76821bc6300becf05e5d15e279175a2abb50f5f84bfe78a58b678.exe"
    
35. [18.11.2024 17:23:10] Found, 0.10s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\cfccf0b1e8f8ab2be4d51838403d07d56c068b0a500c2afeb7f38d4176a11713.exe"
    
36. [18.11.2024 17:23:10] Found, 0.16s, SigName: "Trojan.Win32.Themida", SigId: 517483049, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\dd19c480ab45acf19038eed898ed4e0c39eec6d9f9a1252f06a740da920711bc.exe"
    
37. [18.11.2024 17:23:11] Found, 0.19s, SigName: "Trojan.Win32.Autoit", SigId: 5420221, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\e22168ba0a3db464cbcde6bfbd535c280b7f785f296ec9135035b1e8de98c019.exe"
    
38. [18.11.2024 17:23:11] Found, 0.12s, SigName: "Win32.SuspectCrc", SigId: 517481087, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\eb1013e9c5e299ef83895ad225dc8a68697a06c846ec868379c401ea02de652b.exe"
    
39. [18.11.2024 17:23:11] Found, 0.09s, SigName: "Trojan.Win32.Themida", SigId: 517483625, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\ecbc507946a694aed41cfb1817e17796fbacfb8b553a633413d6979cb74c47b9.exe"
    
40. [18.11.2024 17:23:11] Found, 0.17s, SigName: "Trojan-Downloader.LNK.Agent", SigId: 517482628, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\ee7357e3b3ae2812e9b29782ea48d820dac4dff338ed97b05b6998b6202f3f27.lnk"
    
41. [18.11.2024 17:23:11] Found, 0.46s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\ea7c561281e1e0689f5b142616ec29f16f527923ba6fabde584a82f92eda4be9.exe"
    
42. [18.11.2024 17:23:11] Found, 0.49s, SigName: "Trojan.Win32.Themida", SigId: 517482301, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\ee7d5306fc5dc4530796f75bb21c954111d9069db969b3b1249bdc6690015b8f.exe"
    
43. [18.11.2024 17:23:11] Found, 0.48s, SigName: "Trojan.NSIS.Agent", SigId: 5680674, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\f0e96ef67f19326d7a5333b21da44bf521dee61bbd3eac4d7fdd86b24babcaeb.exe"
    
44. [18.11.2024 17:23:12] Found, 0.32s, SigName: "Trojan.Win32.Themida", SigId: 517482297, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\f4b3a3e58bfa294ae8509a9bd41f224e67eeb7a2919d49410f9fa018fdcb4e20.exe"
    
45. [18.11.2024 17:23:12] Found, 0.20s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\f98d8e6aa8d6bdf79c13ce7408520431f23938f40d559cbcb41b2be0fe109057.exe"
    
46. [18.11.2024 17:23:12] Found, 0.24s, SigName: "Trojan.Win32.Autoit", SigId: 5603855, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\ff7f7f05e8337d9d9b0bd85191257441dcc8ff62275fda513a36641973568a1c.exe"
    
47. [18.11.2024 17:23:12] Found, 0.10s, SigName: "Trojan.MSIL.Krypt", SigId: 517485921, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\ffc6b173f9b255702bdcbe65dd606f6154865c7fea2b2488305ba8f0d9ccef58.exe"
    
48. [18.11.2024 17:23:12] Found, 1.55s, SigName: "Trojan.Crypt", SigId: 5294356, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\e3bddf483a9abcd5df07b13cb6007c030a0467c85876d58aa9ab52dd2e2583c3.exe"
    
49. [18.11.2024 17:23:12] Found, 0.12s, SigName: "Trojan.Crypt", SigId: 5275398, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\ffe17c4f7d5290ce0aa4336bb5d01e0ec61e26dadf1ea63cab06ed1d45d3a40d.exe"
    
50. [18.11.2024 17:23:13] Found, 1.66s, SigName: "Trojan.Win32.Warzone", SigId: 4630191, Type: "VIRUS", File: "C:\Users\promi\Desktop\infected20241118\f3165a426e73b3dce639c5f44c0c6dca403a363fa07abf4458e61f7a61d7d880.exe"
    
51. [18.11.2024 17:23:13] On-demand scan FINISHED: "TemporaryScan"
    
52. [18.11.2024 17:23:13] ----------------------------------------------------
    
53. [18.11.2024 17:23:13] Directories scanned: 1
    
54. [18.11.2024 17:23:13] Files scanned: 118
    
55. [18.11.2024 17:23:13] Virus found: 49
    
56. [18.11.2024 17:23:13] ----------------------------------------------------
    

复制代码

dght432

卡巴剩余5d5e5e00b2683092a89e16c271369a03aea176e466b29205df5730b26e19b4b7.exe

玛姆库特

卡巴免费，扫描54x，清除1x，剩下实机双击。


8b9499461cf329f72b0f6958be4a89d48596ad2c7bbf1162b2ba679f0a57596e.doc 清除
5d5e5e00b2683092a89e16c271369a03aea176e466b29205df5730b26e19b4b7.exe主防杀

1. 组件: 系统监控
   
2. 结果说明: 检测到
   
3. 类型: 木马
   
4. 名称: PDM:Trojan.Win32.Generic
   
5. 威胁级别: 高
   
6. 对象类型: 进程
   
7. 对象路径: C:\Users\Administrator\Desktop\infected20241118
   
8. 对象名称: 5d5e5e00b2683092a89e16c271369a03aea176e466b29205df5730b26e19b4b7.exe
   
9. 原因: 行为分析

复制代码

90888d7d6c1e7e54c3e21064aba0773abfca84c15ccf644bde92feefcd76f43e.exe主防杀

1. 组件: 系统监控
   
2. 结果说明: 检测到
   
3. 类型: 木马
   
4. 名称: PDM:Trojan.Win32.Generic
   
5. 威胁级别: 高
   
6. 对象类型: 进程
   
7. 对象路径: C:\Users\Administrator\Desktop\infected20241118
   
8. 对象名称: 90888d7d6c1e7e54c3e21064aba0773abfca84c15ccf644bde92feefcd76f43e.exe
   
9. 原因: 行为分析

复制代码

093825c6dbcf5b3904e770148f5a111be196e7b5d000ceb5cd162bb29aa25c3d.exe主防杀

1. 
   
2. 组件: 系统监控
   
3. 结果说明: 检测到
   
4. 类型: 木马
   
5. 名称: PDM:Trojan.Win32.Bazon.a
   
6. 威胁级别: 高
   
7. 对象类型: 进程
   
8. 对象路径: C:\Users\Administrator\Desktop\infected20241118
   
9. 对象名称: 093825c6dbcf5b3904e770148f5a111be196e7b5d000ceb5cd162bb29aa25c3d.exe
   
10. 原因: 行为分析
    

复制代码

01948f54d7fd507a58778c42b07ff1422a4895e4596cc1c6d2fc74c49dcd643e.exe

1. 组件: 文件反病毒
   
2. 结果说明: 检测到
   
3. 类型: 木马
   
4. 名称: VHO:Trojan.Win32.Phpw.gen
   
5. 精确度: 启发式分析
   
6. 威胁级别: 高
   
7. 对象类型: 文件
   
8. 对象名称: 01948f54d7fd507a58778c42b07ff1422a4895e4596cc1c6d2fc74c49dcd643e.exe
   
9. 原因: 云保护

复制代码