fake app 9x vt首传

zhuzhu009

https://x.ws28.cn/f/flnuvhi64f5 复制链接到浏览器打开

https://pan.huang1111.cn/s/NkezGs1

VirusTotal - File - 5041024327e5138cd3c9c7a1c42a0ff616a42606bfea38f07efd251469e1dc2f
VirusTotal - File - 7bff2404c2816c4e1576d449820f01e3f46e7c972beb1843e3b8da2e065f8dc3
VirusTotal - File - 4037df6c0b60bb7d411ba6f760843830bcb80483713e6eb91db5b9c8b9f0711d
VirusTotal - File - 4d4e3019430140be9369e194c1f11cf07fc6f99d490aba1c1a7066332914de33
VirusTotal - File - 08e95c9f0b50b59c0448859a57731c0cccc0aa7ca3b76f73e5de37ad4c4f1c80
VirusTotal - File - 6ebab96c646c237a7ec23f6354bc12134b67350c93ea0177549c8ac0f66f03f2
VirusTotal - File - ab19e924a39061592b76fe0a932403fba4440f5503a0dbf250958d4ed4ab5fe5
VirusTotal - File - 9e61eb2d2be564e1cf08562eddd1ceb4988386f2b6d91602593eeb52cc81af71
VirusTotal - File - b3da905e4bafe1de070df58424022eecbde3dc29c1fd59adf7890ddaa9179596

心醉咖啡

金山毒霸

dght432

两个链接都失效了

Fadouse

DI 静态4x

zhuzhu009

dght432 发表于 2024-11-18 22:32
两个链接都失效了

huang111我这边能下载就是很慢

dght432

zhuzhu009 发表于 2024-11-18 22:37
huang111我这边能下载就是很慢

很奇怪，刚才还打不开的，现在又能打开了

MrDeep

ESET扫描 7x

1. C:\Users\1\08e95c9f0b50b59c0448859a57731c0cccc0aa7ca3b76f73e5de37ad4c4f1c80.exe » INDIGOROSE » %AppFolder%\plugin\p.exe - a variant of Win64/Injector.JN trojan - cleaned by deleting [1]
   
2. C:\Users\1\4d4e3019430140be9369e194c1f11cf07fc6f99d490aba1c1a7066332914de33.exe » INDIGOROSE » %AppFolder%\Kuai\tdata\emoji\kll.exe - a variant of Win64/Injector.JN trojan - cleaned by deleting [1]
   
3. C:\Users\1\5041024327e5138cd3c9c7a1c42a0ff616a42606bfea38f07efd251469e1dc2f.exe - Suspicious Object - cleaned by deleting [1]
   
4. C:\Users\1\6ebab96c646c237a7ec23f6354bc12134b67350c93ea0177549c8ac0f66f03f2.exe - a variant of Win32/GenKryptik_AGen.AUB trojan - cleaned by deleting [1]
   
5. C:\Users\1\9e61eb2d2be564e1cf08562eddd1ceb4988386f2b6d91602593eeb52cc81af71.exe - a variant of Win32/Packed.7Zip.AU trojan - cleaned by deleting [1]
   
6. C:\Users\1\7bff2404c2816c4e1576d449820f01e3f46e7c972beb1843e3b8da2e065f8dc3.msi » MSI » disk1.cab » CAB » ziplib.dll - a variant of Win64/Runner.AI trojan - deleted
   
7. C:\Users\1\ab19e924a39061592b76fe0a932403fba4440f5503a0dbf250958d4ed4ab5fe5.exe » INNO » {app}\LLetsXorp.exe » NSIS » Script.nsi - MSIL/Lets[过滤].A potentially unwanted application - cleaned by deleting [1]

复制代码

其余两个，虚拟机被搞得不太正常，等大佬运行试试

dght432

卡巴扫描就杀一个

UNknownOoo

火绒
扫描：9x

1. 病毒库时间：2024-11-18 18:42
   
2. 开始时间：2024-11-19 00:28
   
3. 总计用时：00:00:31
   
4. 扫描对象：10125
   
5. 扫描文件：9
   
6. 发现风险：9
   
7. 已处理风险：0
   
8. 病毒详情：
   
9. 风险路径：C:\Users\Administrator\Desktop\abcd\7bff2404c2816c4e1576d449820f01e3f46e7c972beb1843e3b8da2e065f8dc3.msi, 病毒名：Trojan/BAT.Starter.dr, 病毒ID：59f615b14ad5372b, 处理结果：暂不处理
   
10. 风险路径：C:\Users\Administrator\Desktop\abcd\6ebab96c646c237a7ec23f6354bc12134b67350c93ea0177549c8ac0f66f03f2.exe, 病毒名：HEUR:Backdoor/Lotok.bb, 病毒ID：d46826b55974cb62, 处理结果：暂不处理
    
11. 风险路径：C:\Users\Administrator\Desktop\abcd\08e95c9f0b50b59c0448859a57731c0cccc0aa7ca3b76f73e5de37ad4c4f1c80.exe, 病毒名：Trojan/BAT.Starter.bz, 病毒ID：83b957c13e5e9beb, 处理结果：暂不处理
    
12. 风险路径：C:\Users\Administrator\Desktop\abcd\4d4e3019430140be9369e194c1f11cf07fc6f99d490aba1c1a7066332914de33.exe, 病毒名：Trojan/BAT.Starter.ce, 病毒ID：e8f565ceb7fab691, 处理结果：暂不处理
    
13. 风险路径：C:\Users\Administrator\Desktop\abcd\4037df6c0b60bb7d411ba6f760843830bcb80483713e6eb91db5b9c8b9f0711d.msi, 病毒名：Trojan/VBS.Starter.ah, 病毒ID：b2cde3f4d32fc0a3, 处理结果：暂不处理
    
14. 风险路径：C:\Users\Administrator\Desktop\abcd\ab19e924a39061592b76fe0a932403fba4440f5503a0dbf250958d4ed4ab5fe5.exe, 病毒名：Trojan/Fake.bo, 病毒ID：635463ef4eb74e3e, 处理结果：暂不处理
    
15. 风险路径：C:\Users\Administrator\Desktop\abcd\b3da905e4bafe1de070df58424022eecbde3dc29c1fd59adf7890ddaa9179596.exe >> cgsc.exe, 病毒名：HEUR:Backdoor/Lotok.bt, 病毒ID：7f6fda0c4a538c38, 处理结果：暂不处理
    
16. 风险路径：C:\Users\Administrator\Desktop\abcd\9e61eb2d2be564e1cf08562eddd1ceb4988386f2b6d91602593eeb52cc81af71.exe >> u1.exe, 病毒名：Trojan/Injector.btl, 病毒ID：c39ed4eb3b0b61e1, 处理结果：暂不处理
    
17. 风险路径：C:\Users\Administrator\Desktop\abcd\b3da905e4bafe1de070df58424022eecbde3dc29c1fd59adf7890ddaa9179596.exe >> hormbmsfu.exe, 病毒名：HEUR:Backdoor/Lotok.bt, 病毒ID：7f6fda0c4a538c38, 处理结果：暂不处理
    

复制代码

剩下运行：
5041024327e5138cd3c9c7a1c42a0ff616a42606bfea38f07efd251469e1dc2f.exe -> 实时监控捉衍生物

1. 病毒名称：HEUR:Backdoor/Lotok.bt
   
2. 病毒ID：7F6FDA0C4A538C38
   
3. 病毒路径：C:\Users\Administrator\AppData\Local\Temp\nxvhlps.exe
   
4. 操作类型：执行
   
5. 操作结果：已处理，删除文件
   

复制代码

scottxzt

ESET8X