【开放测试】卡饭病毒样本包 20241129 第199期

显示全部楼层 · 发表于 2024-11-29 10:54:22

本帖最后由 QVM360 于 2024-11-30 11:24 编辑

警告：

   本主题帖中所包含的任何文件和附件都有危害你的计算机的可能，并且没有安全软件可以100%防护这些样本。样本仅供测试、交流和学习，禁止用于任何非法用途。
   请在虚拟机中测试样本。对于下载样本、附件以及点击链接所导致的任何数据泄露、破坏，以及所产生的任何损失，本人和卡饭论坛不负任何责任。

样本下载:  https://pan.huang1111.cn/s/vVWwjCE https://f.ws28.cn/f/foo29uu5fai https://wwzq.lanzouq.com/iYlWb2gljj7a
https://homeserver.iepose.cn/dow ... 70CE138B2D07E97.zip

sha256:

游客，如果您要查看本帖隐藏内容请回复

压缩包密码：infected

如果样本中包含.ps1文件(Powershell脚本)，则需要手动打开cmd.exe输入以下指令允许运行ps1脚本:

Powershell.exe Set-ExecutionPolicy Bypass

奖励/惩罚规则：
正式测试期间的奖励规则：
1、参加完整扫描测试，+5经验
2、上传相关截图（不再需要提供扫描日志），+5经验。
3、上传双击结果（必须带图或日志），+10~30经验。
4、测试多款安全软件的，奖励累加。
5、每期样本包会在正式测试期间评选最佳测试贴，只评选1贴，加80经验。
   被评选次数达到5次可PM我领取1魅力奖励。长期测试样本，也有魅力奖励。
惩罚规则：
1、占楼后2小时内未能给出测试结果的，视为灌水，按照论坛规定处理
2、其他违规行为，按照论坛相关规定处理。

注意：扫描/双击日志请以附件形式（压缩包）或图片上传，也可以以1号字体放在回复中。
      对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。

当前测试阶段：开放测试

显示全部楼层 · 发表于 2024-11-29 10:59:54

本帖最后由 wywt123 于 2024-11-29 11:26 编辑

卡巴手动扫描56x

剩余1x

传opentip检出
https://opentip.kaspersky.com/3b ... 2b9562976ab/results

显示全部楼层 · 发表于 2024-11-29 11:01:11

本帖最后由 Fadouse 于 2024-11-29 11:49 编辑

DI
静态 DI 51x

Action	Threat Type	Details	File Type
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\fefa5a798486db3831161eb4beaa9fac76d663e5f912ccf55bc0962e33691926.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\f36c39084b68e1c96f6d960a9def941304a3b2f93907d6650587125627baa89f.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\efbc8318bac69fdbc43aa14cd7d82273b6208b290f9fc612292c10480a679776.exe	PE
Prevented	Malware - Dropper	E:\Code\Virus\infected20241129\ea97b8c535708adc91e9105e9e0a9be397ffce10c614bd4f74c11019abf11c8d.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\db88438ee923ac26f052f3795bafcb88d1e174538b97f44754609fb7ad6bb02e.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\d73a27f150378fb9554c0d0aa903ff7b80991d70d676220c7d015dd69690fa4d.exe	PE
Prevented	Malware - Spyware	E:\Code\Virus\infected20241129\cfa09d8be79d17ab62922eae0012591e42855ec86ac92266cf700a25b75369e9.exe	PE
Prevented	Malware - Spyware	E:\Code\Virus\infected20241129\c4b9e32bcad533dacda9ca8b964b562746c7d01201245611b3b8a90fb8255563.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\c208e6f9ba39de74c5e47c9ab78c5c9d5af0fa55d1ed96f2bc6092ed91f1df07.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\c172b272c0f831f7a5dee03f5f30bd3ccd530687f05efb6d08c9d974f611a306.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\be216b28e913aa50967e47c5fc1b5b735faeb7f5260a4de20710d78e335b931f.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\b7638472a1f3a20066a092708db884020d62a30dae15cdc474b2360e40b93f8e.exe	PE
Prevented	Malware - Dropper	E:\Code\Virus\infected20241129\b7228f1612c886d9e36fe88d67561c3f99398f65094d7721c773a3d9a4cc5238.exe	PE
Prevented	Malware - Dropper	E:\Code\Virus\infected20241129\b40bca0264f21f6ad389319dd05a41d8168a8ac3e150ac1b2e21293711e62f18.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\b363c3f6c453d1801916e18abdb3d5d5758a88d9787e162d29874e1a594d4b98.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\b0ebf31b0ded84953d0b471f380c0743832dc360eed391b5195c997d99f34d85.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\aadc5df9b60a87ade5c319c6723d16aa4401f531d89aaf4d8b3f0f3e1cf54551.exe	PE
Prevented	Malware - Spyware	E:\Code\Virus\infected20241129\aa0766db9945bf02ba2332f0cde32da92e9404c788fa4e3915d96c6d63ed97b7.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\a875cd0460e299d7ae970887f1ae09a784ddd8c7ec57bc990403ab802dbe311a.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\a506706effdd7a8dcb2eabf5eacd8a6d449ad42128b7678483121437a44beff9.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\a42e0282a85c39bcbbf541166f3cd286ac23d198568beaa84b2f6c2d95f6bbf1.exe	PE
Prevented	Malware - Dropper	E:\Code\Virus\infected20241129\a282d4d53d357d09937258f40173211d6fadcbbf7130d82f08e17f45d77ab9ce.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\9c2774ca399a3ad03866edbc247992d3a627b864f06135f60a0e1c6b4d3db3be.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\9b27c57dae063524bf36712f950c52281ce0271fe7a3c3fcd851cf5b0e36435c.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\96ef1f138dd07423563b32cfe30e7c73dd2ab38957d553f5e8e5b651fedb3333.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\94e9c559c60e8a72d7bcbbbcfd97850404591c48103b3243b4d9100bcbd892d3.exe	PE
Prevented	Malware - Spyware	E:\Code\Virus\infected20241129\8e20ea51962a668c224c83364f334c897d0aa65467f74542bfb4fa2dc07de0bb.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\445c05ab18917bcc80fe2e712ead44f6452ed03a4d06d0200d6e3cbf434997c3.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\89c92a7b7d2e7f95c16969df01608d661a024d0711beda0d9fc47e890ad8d8e0.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\7e95e9802322db67a6d9e43d78a4014763b20b81111c3a5ba78fff692cd3ba36.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\7bb0b4f94c9d83320238f7a2004f92acf7bb619277128092704f0da6bb2eefc4.exe	PE
Prevented	Malware - Ransomware	E:\Code\Virus\infected20241129\7a7320ea11f7363ba658c1e371e89cf4964d9eb4f88bb92e18490bf1f506c18f.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\7357d0ba376e4063acea7e419521607158965f9a61c7bd20994fc3962aee66e9.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\6c8a2ebe3061f4cba5540d03c6c20cacb70173ca6d250862fe51a173c74ea0d4.exe	PE
Prevented	Malware - Ransomware	E:\Code\Virus\infected20241129\65f3e689122a5939d1879f28a64eb5d7668c09b0d3ce4dbb2c1a6ab1f0bb6a86.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\6ae49ce07044cf9d3ab5662409332891670ee241aaa3ac265b5ff9b42440b834.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\4c71bf2cae2a0fa7f4dd4fbce6761f2adec3cc1ea81c6c733edaf301431c163a.exe	PE
Prevented	Malware - Virus	E:\Code\Virus\infected20241129\496357be019ded9cae676d6a12a9a2b83402c35db4ce8fe1cff0df05f395baa2.exe	PE
Prevented	Malware - Ransomware	E:\Code\Virus\infected20241129\37e8ff5c6198af2865003e77948f401cdd2a5cfd6112b8dc13b216c3f9322ad2.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\35474256b3661321a2d3d222fc56e0d2c2de391307827d35b27a55c7cd7c44ba.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\31e8b8eeb5f0836ecadd1025a538a9d0ed8ae94fc35a882ec5222f3d64c94d5e.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\30f5b7fa5436f94dc04d5967a768323b0518db57ea8c272bb4b3370d6a51836c.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\2f8b625544a974b1d801bc2de338dca23abb89fd6d49b5b9bb8ad2dbbb7e41ba.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\2b14c5f774be3ee4e0ff7d5a4857d58e10421cf3d8034170bc2a5eb9257f22af.exe	PE
Prevented	Malware - Spyware	E:\Code\Virus\infected20241129\27839a08e38d2e14b02e974f203a36d1bac7da9e4c64f3f40739e06f2d632f22.exe	PE
Prevented	PUA - Generic PUA	E:\Code\Virus\infected20241129\19de0fd6ffb9e81c5d82212a4c90a84415849fed81b01c173cc90a4c422117ae.exe	PE
Prevented	Malware - Ransomware	E:\Code\Virus\infected20241129\18d26db7f0947e666dbc3e65b165ad0ce621f6269c637a6eb5a258f816686dfc.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\0bad2fa4944dae8e4f2d8caea0cadd687fb97d78bf5c9b4a04676f6b5d739d44.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\infected20241129\0b84cbf4fa7c5be869aaa09b09cbb49edcdaa3e88675304db0ee4fa498adc4c5.exe	PE
Prevented	Malware - Backdoor	E:\Code\Virus\infected20241129\0283fef3b47afce2a1ed714725231750ee0362f7ab97f622b98cc420339a9491.exe	PE
Prevented	Malware - Trojan	E:\Code\Virus\00ab0bed92db3e769575f2e107740ef488cb436454e2175a39007d9fe2f69992.exe	PE

Miss 6x

运行测试
3b610a00394a31a88d9a3c0b3da71ca156edc27dd127f2849aece2b9562976ab.js -> 自退

6bfa3b21293ad79037e13886fd6b0b3c0ee8afdc1422ba2748ade815db010aa7.hta -> DI Kill

20100ee5a74b50849ea1a00363a6751320c9aab43ba31859f79147af1b56b509.vbs -> DI Kill

b84004b60d9ee0ef798bcc43f8344f06bc775198e04b707eb98f79d6260895f2.exe -> 沙箱自退

c4bb10027e4210695683e75fd8cb3d90fad1195ec87d737a73df26c4975dc2d6.js -> 沙箱自退

ca8e65cafe7eb214910027c2900c1fac4893bf010fd5030acdc3978b5383e8d9.js -> 沙箱自退

显示全部楼层 · 发表于 2024-11-29 11:05:10

本帖最后由 1094947421 于 2024-11-29 11:08 编辑

9月3号病毒库：

显示全部楼层 · 发表于 2024-11-29 11:07:02

本帖最后由 ninjagaocc 于 2024-11-29 11:28 编辑

瑞星V17
剩余7x

显示全部楼层 · 发表于 2024-11-29 11:16:09

本帖最后由 jijianan2007 于 2024-11-29 11:18 编辑

FSP右键扫描52X

显示全部楼层 · 发表于 2024-11-29 12:06:27

本帖最后由 scottxzt 于 2024-11-29 12:37 编辑

MD扫描测试 53X剩余4
间隔5分钟第二次扫描，再次扫除2X 剩余2
剩余二个JS文件无法运行

显示全部楼层 · 发表于 2024-11-29 12:16:05

本帖最后由 Aufwachsen 于 2024-11-29 13:15 编辑

卡巴斯基免费版 21.19.7.527(b)数据库2024年11月29日12:26:44最新，连接KSN
解压kill 53x

剩余
3b610a00394a31a88d9a3c0b3da71ca156edc27dd127f2849aece2b9562976ab.js
6bfa3b21293ad79037e13886fd6b0b3c0ee8afdc1422ba2748ade815db010aa7.hta
c4bb10027e4210695683e75fd8cb3d90fad1195ec87d737a73df26c4975dc2d6.js
ca8e65cafe7eb214910027c2900c1fac4893bf010fd5030acdc3978b5383e8d9.js

双击kill all，让人感到十分安心。

日志见附件

显示全部楼层 · 发表于 2024-11-29 12:26:50

本帖最后由 King、暮光于 2024-11-29 12:34 编辑

ESET 右键 miss 2x

腾管补杀剩余两个
20100ee5a74b50849ea1a00363a6751320c9aab43ba31859f79147af1b56b509.vbs [Vbs.Trojan.Sagent.ctgl] [删除成功]
6bfa3b21293ad79037e13886fd6b0b3c0ee8afdc1422ba2748ade815db010aa7.hta [Script.Trojan.Generic.ckjl] [删除成功]

清空

显示全部楼层 · 发表于 2024-11-29 12:29:32

jijianan2007 发表于 2024-11-29 11:16
FSP右键扫描52X

红伞数量一致，360补杀2个。

感觉fsp基本就是全面被套娃了。自己的技术应该是都没了。就看fsp啥时候启用防火墙模块了。

[病毒样本] 【开放测试】卡饭病毒样本包 20241129 第199期

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

评分

本帖子中包含更多资源