【开放测试】卡饭病毒样本包 20250115 第235期

显示全部楼层 · 发表于 7 天前

本帖最后由 xcvbaby 于 2025-1-15 20:06 编辑

金山毒霸63x/65x

显示全部楼层 · 发表于 7 天前

本帖最后由吃瓜群众第123位于 2025-1-15 20:01 编辑

AhnLab kill 36x 剩余29x
补充：压缩上报过程中 kill 6x

显示全部楼层 · 发表于 7 天前

标题写错了，应该是“开放测试”

显示全部楼层 · 发表于 7 天前

真小读者发表于 2025-1-15 22:44
标题写错了，应该是“开放测试”

感谢提醒

显示全部楼层 · 发表于 7 天前

显示全部楼层 · 发表于 6 天前

Gridinsoft Trojan Killer Portable v.2.3.2
Report file date: 2025-01-16 11:48:54
Last update:    2025-01-16 11:48:22

Scanning for 179332298 virus strains and unwanted programs.

Licensed:       UNREGISTERED
Windows version:  Windows 10 Pro x64 (version 6.3)
Username:       Administrator
Computer name: WAJIKA

Starting the file scan:

Custom Scan started
Scanning process...
----- C:\Users\Administrator\Desktop\20250115\08db970d79e48ebb23f2dea2a125390428322f965b89ab6077a39e639bf48211.ps1 ---- General Threat
Malware.U.XWorm.tr
MD5: 85126C8693101A6BDF55B178D1BB98E6:201257

----- C:\Users\Administrator\Desktop\20250115\09dd3ed3ecfe134067a2f8b6640cfbc3c3b702a0714328856d2f6b7459342048.ps1 ---- General Threat
Malware.U.XWorm.tr
MD5: 4B3210CB8E8302866BF06AD0FE25F2B9:181457

----- C:\Users\Administrator\Desktop\20250115\163d05f2056c22509409fff995f5637d11280b6d840c3a0a681948b9dae1ac5e.exe ---- General Threat
Risk.Win32.Downloader.dd!n
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Signature verification: False
.NET TLID: {25D8A761-9A9F-4468-BE48-C48702ADE537}
.NET MVID: {E70BC9C8-84A8-459D-9B72-5E38864CCED2}
NAC: FD029D6A79CD0AB67EDD64222C0756FC:45
MD5: 8A49C4BA1731A17138BD6F2D3B962A60:67072
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 00011B5E
IBASE: 00400000
SEC:
.text:60000020:FCD8E49034624C44E4DF7C1DF9992D6B:64512
.rsrc:40000040:D1E3BD86534EA351B898BCF1136C1C31:1536
.reloc:42000040:14FA82843F239FC26183212975D10A9A:512

----- C:\Users\Administrator\Desktop\20250115\18f3749e057ca1d3899cb27c94dac6394e3716ab46be15e98594865e74b779bd.exe ---- General Threat
Spy.Win32.Gen.tr
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Name: diumh
Signature verification: False
.NET TLID: {C9B1C0D0-71D5-4C48-BE71-CA3DC4D68691}
.NET MVID: {850F292E-646C-406B-8593-72F4F3835C9C}
NAC: 0BA38BC2ED26F814C2B17E8E544CB194:5
MD5: 78BD1DFF11C56A3138F78FF061C34D5A:210432
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 00034B9B
IBASE: 00400000
SEC:
.text:60000020:83812F57E46ECB096D66F82393DB1F88:207872
.rsrc:40000040:7442FA63441D60CA05A2092014FED399:1536
.reloc:42000040:8DA434DF5A7F95992A096D73FF47D976:512

----- C:\Users\Administrator\Desktop\20250115\1bec44aa19ea8daa0b7151b312975f3f753e03f0bbce5ebeab8dfda5fb736a91.exe ---- General Threat
Trojan.Win32.Downloader.sa
Signature verification: False
MD5: BF9B75ADF866583299DBC8A5FAD66CFC:1161216
RIC: 29E776E1DB15F1F7E6BA9A725872B079:9640
SUBS: Win32 GUI
PE: x86
EP: 558BEC83C4F0B850D24600E8EC7FF9FF8B0D9C0E4700A18C0D47008B008B1500CB4600E884DEFEFFA18C0D47008B00E8F8DEFEFFE84B5EF9FF8D40000000000000
EPSEC: 1
EPRVA: 0006E80C
IBASE: 00400000
SEC:
.text:60000020:69C4173C38AD27686FB46F69FD79EC91:443904
.itext:60000020:639613140A642FAEDD01BFF468C3E3CF:2560
.data:C0000040:53B6DD6978C858DB7E9FAA57954B9C18:8192
.bss:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.idata:C0000040:F0F9A1156B641E5EA253CB6DDCAF08BA:10240
.tls:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.rdata:40000040:5B11E123DD9B7F6D94B27D2AD6E9BC83:512
.reloc:42000040:3B0F62DE599DC8A77438A9E2115A0B81:32256
.rsrc:40000040:8E5B14B617CF2CA7BBD558247631F0F7:662528

----- C:\Users\Administrator\Desktop\20250115\2195099bea2aa33cf3a585bc1ac1c22ce10b2ca5bf8ea9cf0fe1e041cc9945ac.exe ---- General Threat
Trojan.Win32.Downloader.sa
Signature verification: False
MD5: 14640C06F8494DA0AAC5BE1CB00865E0:1161216
RIC: 29E776E1DB15F1F7E6BA9A725872B079:9640
SUBS: Win32 GUI
PE: x86
EP: 558BEC83C4F0B850D24600E8EC7FF9FF8B0D9C0E4700A18C0D47008B008B1500CB4600E884DEFEFFA18C0D47008B00E8F8DEFEFFE84B5EF9FF8D40000000000000
EPSEC: 1
EPRVA: 0006E80C
IBASE: 00400000
SEC:
.text:60000020:69C4173C38AD27686FB46F69FD79EC91:443904
.itext:60000020:639613140A642FAEDD01BFF468C3E3CF:2560
.data:C0000040:53B6DD6978C858DB7E9FAA57954B9C18:8192
.bss:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.idata:C0000040:F0F9A1156B641E5EA253CB6DDCAF08BA:10240
.tls:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.rdata:40000040:5B11E123DD9B7F6D94B27D2AD6E9BC83:512
.reloc:42000040:3B0F62DE599DC8A77438A9E2115A0B81:32256
.rsrc:40000040:FFE361653333737046DCF1E306E598D4:662528

----- C:\Users\Administrator\Desktop\20250115\25e947b199af51b580a7bc98e1ecea3dfdb1bac24403757a8e832adfb52f6738.exe ---- General Threat
Trojan.Win32.Kryptik.sa
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Signature verification: False
.NET TLID: {0E0C82B8-8472-4563-B1CF-0CB3FAAE8E06}
.NET MVID: {44FC2771-9736-4EAE-B2C5-002EB999EFD6}
NAC: 88719ADC91F464ECBFECC94647FF21BB:43
MD5: D63F0D4CCF6DCEEB0DB924CE75A83251:365568
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 0005A97E
IBASE: 00400000
SEC:
.text:60000020:D2CA19AE7178665EADBDA2DAC9B663F4:363008
.rsrc:40000040:D73E5769A0AFB2D9A9A3C1152ABE6084:1536
.reloc:42000040:93E2D3F363BBC8046E2C6CBF9530B91E:512

----- C:\Users\Administrator\Desktop\20250115\2d3430ea4340df7c6d2e81b8147292f9423871efd5b0da115bd3e9bb7498e014.exe ---- General Threat
Hack.Win32.Patcher.cl
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Name: SharpHide
Signature verification: False
.NET TLID: {443D8CBF-899C-4C22-B4F6-B7AC202D4E37}
.NET MVID: {1E1D7A75-2E03-478D-BEEB-72ED91C4E992}
NAC: A5D366CCF0B1AAF8391AE0797A15137A:9
MD5: F6C2D2CC1E2016FDDB7654822411AB2B:9216
SUBS: Win32 Console
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 0000381A
IBASE: 00400000
SEC:
.text:60000020:840930D9992676C3CB69DC0A007E1137:6656
.rsrc:40000040:7236C0239093A47BF19192D5529118B5:1536
.reloc:42000040:29A97AD83F290CAE9501A94A893F529C:512

----- C:\Users\Administrator\Desktop\20250115\3cce82eff14a78c73dbc3f64a7abc6476d9b184763a5f6713ce68d6ee8df75f8.exe ---- General Threat
Trojan.Win32.Downloader.sa
Signature verification: False
MD5: E9802E45A66C963CED0E7C60C899C5CD:1161216
RIC: 29E776E1DB15F1F7E6BA9A725872B079:9640
SUBS: Win32 GUI
PE: x86
EP: 558BEC83C4F0B850D24600E8EC7FF9FF8B0D9C0E4700A18C0D47008B008B1500CB4600E884DEFEFFA18C0D47008B00E8F8DEFEFFE84B5EF9FF8D40000000000000
EPSEC: 1
EPRVA: 0006E80C
IBASE: 00400000
SEC:
.text:60000020:69C4173C38AD27686FB46F69FD79EC91:443904
.itext:60000020:639613140A642FAEDD01BFF468C3E3CF:2560
.data:C0000040:53B6DD6978C858DB7E9FAA57954B9C18:8192
.bss:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.idata:C0000040:F0F9A1156B641E5EA253CB6DDCAF08BA:10240
.tls:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.rdata:40000040:5B11E123DD9B7F6D94B27D2AD6E9BC83:512
.reloc:42000040:3B0F62DE599DC8A77438A9E2115A0B81:32256
.rsrc:40000040:56ED1027DDE62713B525386341887DD6:662528

----- C:\Users\Administrator\Desktop\20250115\276b08cdfcba38b36290db8a3162df343ba0f2bc3d3e48d22928ae61480b8183.exe ---- General Threat
Malware.Win32.Wacapew.bot
FileVer: 51.1052.0.0
Signature verification: True
Certificates: T H SUPPORT SERVICES LTD
MD5: D71663E0A0164A482C1FFC9D2C06539F:1625936
RIC: 76BF93F8343115251B3E67B965DB586F:75860
SUBS: Win32 GUI
PE: x86
EP: 558BEC83C4F0535657B830095000E86169F0FF6AECA15C5E50008B008B987001000053E80C78F0FF257FFFFFFF506AECA15C5E500053E8617AF0FF33C055685326
EPSEC: 1
EPRVA: 001025D8
IBASE: 00400000
SEC:
.text:60000020:680BF2B0BD4A28B3D7352F45FF6C3FCD:1048064
.itext:60000020:8E0D52126A75001416D71C23878BE2C1:6144
.data:C0000040:C2ACC8E96FC244753ABD1D87BB624BC0:12800
.bss:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.idata:C0000040:0E1E8128F777A5FF18A144305A4FB39C:14848
.tls:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.rdata:40000040:9CF98EA6BB17A35D99FA770A2E9A8FF0:512
.rsrc:40000040:BF317F12B51DCFD180A4B039A5F110FA:531968

----- C:\Users\Administrator\Desktop\20250115\4154e02a0d922fefb72812b972808dbf6c3f0a9108f577b641c9a57cf8d8d342.ps1 ---- General Threat
Spy.U.Gen.tr
MD5: 5259076D6FD45BF7DDBB866C169541DB:538493

----- C:\Users\Administrator\Desktop\20250115\4a695926850dfc9844b22c0c42a973776a5b2b17c5bbbf82301157ebbb62a707.exe ---- General Threat
Ransom.Win32.Wacatac.sa
Signature verification: False
MD5: 6F09759AF7EBB8F84690D4F0636761BC:1825280
RIC: 654847AC6163D921229EF9516AFFFE3F:165032
SUBS: Win32 GUI
PE: x86
EP: E86E050000E97AFEFFFF558BEC56FF75088BF1E858000000C706F0FD49008BC65E5DC20400836104008BC183610800C74104F8FD4900C701F0FD4900C3558BEC56
EPSEC: 0
EPRVA: 00020577
IBASE: 00400000
SEC:
.text:60000020:0A1473F3064DCBC32EF93C5C8A90F3A6:633856
.rdata:40000040:C9CF2468B60BF4F80F136ED54B3989FB:195584
.data:C0000040:53B9025D545D65E23295E30AFDBD16D9:18432
.rsrc:40000040:202F68D5F850026F98A0FDCA084DC660:946176
.reloc:42000040:C68EE8931A32D45EB82DC450EE40EFC3:30208

----- C:\Users\Administrator\Desktop\20250115\4d49933551f01cc730f63fd290ecb61f4bfa880a0660f0ec7363e148ef85645a.exe ---- General Threat
Trojan.Win32.Kryptik.sa
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Name: Media Foundation
Company: Microsoft
Signature verification: False
.NET TLID: {12A64AC1-0AD4-46C1-A1F4-67429EDA5831}
.NET MVID: {6AD99FBA-3183-4D2C-8F2B-1FBA8CB2A589}
NAC: 31CBD4D5822099E9CFFAA9691225CCE5:25
MD5: D9D98D244F3D4779C8AA532562FFB536:663040
SUBS: Win32 GUI
PE: x86
EP: FF25002040009A99993E0000003FCDCC4C3E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 000A3272
IBASE: 00400000
SEC:
.text:60000020:20BEC6C17B6D441D05820BB05F7F9966:660480
.rsrc:40000040:D0C7189329E4BCAA95EF17D16CFF8CBB:1536
.reloc:42000040:D87DC7069747865E713A6968A10A6E3F:512

----- C:\Users\Administrator\Desktop\20250115\5b3b169b48056c1cd8b84093c312de2f9ec1c7a1edcd7591743f6eac62c98ab9.vbe ---- General Threat
Trojan.U.AgentTesla.tr
MD5: 9FF77002FBCBDD6E749722541B423034:10722

----- C:\Users\Administrator\Desktop\20250115\65eec1c8b80867cf1ba83ea9b2dddb7d6704568f3a264200074599611f91b02f.exe ---- General Threat
Trojan.Win32.Packed.sa
Signature verification: False
MD5: 7E7F75092BAB936891BDF9B6FD47C4E7:333824
RIC: 4813A7DF2D46310A5B83C52CE6AA8026:43952
SUBS: Win32 GUI
PE: x86
EP: 55545D81EC24040000535657680C0400008D85E0FBFFFF6A0050C785DCFBFFFF00000000E8F71B000083C40C29C929FF29F6C745EC54000000C745F0153B0000C7
EPSEC: 0
EPRVA: 00001580
IBASE: 00400000
SEC:
.text:60000020:F549A92E61AFCEB57384E0E723B08458:284672
.rsrc:40000040:3F5256DB700A7918A9E4D7F41C895B58:44544

----- C:\Users\Administrator\Desktop\20250115\52f70aceaac84fb1b61e78e36a3f8642875ce6528819060470242fb5312d16e5.exe ---- General Threat
Trojan.Win32.Downloader.oa!s1
Signature verification: False
MD5: 421E68364BF99E35F1AF18E71327E994:1161216
RIC: 29E776E1DB15F1F7E6BA9A725872B079:9640
SUBS: Win32 GUI
PE: x86
EP: 558BEC83C4F0B850D24600E8EC7FF9FF8B0D9C0E4700A18C0D47008B008B1500CB4600E884DEFEFFA18C0D47008B00E8F8DEFEFFE84B5EF9FF8D40000000000000
EPSEC: 1
EPRVA: 0006E80C
IBASE: 00400000
SEC:
.text:60000020:69C4173C38AD27686FB46F69FD79EC91:443904
.itext:60000020:639613140A642FAEDD01BFF468C3E3CF:2560
.data:C0000040:53B6DD6978C858DB7E9FAA57954B9C18:8192
.bss:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.idata:C0000040:F0F9A1156B641E5EA253CB6DDCAF08BA:10240
.tls:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.rdata:40000040:5B11E123DD9B7F6D94B27D2AD6E9BC83:512
.reloc:42000040:3B0F62DE599DC8A77438A9E2115A0B81:32256
.rsrc:40000040:EF7AB4E1A00C81B31EBFABCFA215640D:662528

----- C:\Users\Administrator\Desktop\20250115\701cc76315954f7e5e8b0fb36db44cdb6e6e40384be529670490523be1429d8f.exe ---- General Threat
Trojan.Win32.Kryptik.sa
ProdVer: 0.1.0.0
FileVer: 0.1.0.0
Name: OxiteMigrator
Company: Hadi Eskandari
Signature verification: False
.NET TLID: {B0CA24EC-FD92-4A71-8683-2EC5CACD3E2D}
.NET MVID: {415CCE05-E954-45B9-BEAF-22C5A03CC83E}
NAC: 5B40395B352733F16B263E11591E4F25:27
MD5: EBA7FF0D3CB799AF22795E1D3C55360C:854016
RIC: 1D3DFD88D85FD834FC7DD8CEF60681E1:3039
SUBS: Win32 GUI
PE: x86
EP: FF2500204000ADDE0000EFBE0000FECA0000BEBA000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 000D0FAA
IBASE: 00400000
SEC:
.text:60000020:14A2EC87390FD5B67A0BF5C4D4BA1386:847872
.rsrc:40000040:D8F247ECD110BAFA6294CCDC426EE97E:5120
.reloc:42000040:20B73237AEEA3319BCD39CE4DE41D234:512

----- C:\Users\Administrator\Desktop\20250115\73c0f45b365444e09376cbea6f71b5f877af98eec65f809a6b078f206a6d4430.exe ---- General Threat
Trojan.Win32.FormBook.tr
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Name: Media Foundation
Company: Microsoft
Signature verification: False
.NET TLID: {12A64AC1-0AD4-46C1-A1F4-67429EDA5831}
.NET MVID: {1A1F4AAC-8633-424F-B427-1E799C9EC2ED}
NAC: 31CBD4D5822099E9CFFAA9691225CCE5:25
MD5: D3B75622F7855CDB9F3EB8DEAA37F75B:665600
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 000A3CCE
IBASE: 00400000
SEC:
.text:60000020:C42E8DED4105A278DEDA3323076D5A29:663040
.rsrc:40000040:B7DA216FB4F43BCD6170D5248C70720F:1536
.reloc:42000040:B85001F053EEA11814FF010202DD51E3:512

----- C:\Users\Administrator\Desktop\20250115\68fe78c0a8961da3a1121f95ebe63003c9a7c359edf68542d971d92632357422.exe ---- General Threat
Backdoor.Win32.Quasar.tr
ProdVer: 1.0.9145.13810
FileVer: 1.0.9145.13810
Name: PsiComponents
Company: Kyle Fiegener
Signature verification: False
.NET MVID: {83436D6D-34D0-4C5A-B69A-20296E5546B7}
NAC: 888B3F9051DEA9EF1CAF3866EC04E605:26
MD5: 948D8D109D5498949CB6DF8DDF011187:3794944
RIC: 0BA64B42553F0C003A9D0B3F9E0E9A9F:7760
SUBS: Win32 GUI
PE: x86
EP: FF2500204000210040002300240025005E0026002A00280029003F0000009A99993E0000003FCDCC4C3E0000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 0039DE7A
IBASE: 00400000
SEC:
.text:60000020:C8A6562797373C097B9293D5207048BA:3784704
.rsrc:40000040:A22C060EA630D5700B1B9536F5D727F1:9216
.reloc:42000040:4B62E2667C1C4529179FA5F498243005:512

----- C:\Users\Administrator\Desktop\20250115\778f9aa3775f01e8be291052165e046a6344d925f5014d2ebbebd6e46148ae1b.exe ---- General Threat
Trojan.Win32.Kryptik.sa
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Name: Media Foundation
Company: Microsoft
Signature verification: False
.NET TLID: {12A64AC1-0AD4-46C1-A1F4-67429EDA5831}
.NET MVID: {0129BCE8-E1EC-4429-A197-066E55450C15}
NAC: 31CBD4D5822099E9CFFAA9691225CCE5:25
MD5: 330E82D1533A039ED8C68E0C40BF7D61:666112
RIC: D2424DC18CEFC0910C28AA07F52F473B:99592
SUBS: Win32 GUI
PE: x86
EP: FF25002040009A99993E0000003FCDCC4C3E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 0008B72E
IBASE: 00400000
SEC:
.text:60000020:1D423B03ABAAFD6CF8E27DB535516ABE:563200
.rsrc:40000040:3188FC6202A10562C0542D10C70FA167:101888
.reloc:42000040:F31F015F1ACF10D36A328D78CEC6930F:512

----- C:\Users\Administrator\Desktop\20250115\744a3efa374159a40ea07cf1c6a295f40fef90685421d20ceda619847dbe6165.exe ---- General Threat
Ransom.Win32.Sabsik.sa
Signature verification: False
MD5: 17CBB82B7DB7A77DF6507DD32AF10563:1613824
RIC: ADE056D1418AF506887208F87622D456:23424
SUBS: Win32 GUI
PE: x86
EP: E86E050000E97AFEFFFF558BEC56FF75088BF1E858000000C706F0FD49008BC65E5DC20400836104008BC183610800C74104F8FD4900C701F0FD4900C3558BEC56
EPSEC: 0
EPRVA: 00020577
IBASE: 00400000
SEC:
.text:60000020:0A1473F3064DCBC32EF93C5C8A90F3A6:633856
.rdata:40000040:C9CF2468B60BF4F80F136ED54B3989FB:195584
.data:C0000040:53B9025D545D65E23295E30AFDBD16D9:18432
.rsrc:40000040:591BED869CB6D434460FFBE7270704EB:734720
.reloc:42000040:C68EE8931A32D45EB82DC450EE40EFC3:30208

----- C:\Users\Administrator\Desktop\20250115\7e9b9833268dae6e33c83b582ec7fb353f0dc6514f869e3228f0effa161da00f.exe ---- General Threat
Malware.Win32.Gen.tr
Signature verification: False
MD5: F8410BCD14256D6D355D7076A78C074F:1586688
RIC: ADE056D1418AF506887208F87622D456:23424
SUBS: Win32 GUI
PE: x86
EP: E86E050000E97AFEFFFF558BEC56FF75088BF1E858000000C706F0FD49008BC65E5DC20400836104008BC183610800C74104F8FD4900C701F0FD4900C3558BEC56
EPSEC: 0
EPRVA: 00020577
IBASE: 00400000
SEC:
.text:60000020:0A1473F3064DCBC32EF93C5C8A90F3A6:633856
.rdata:40000040:C9CF2468B60BF4F80F136ED54B3989FB:195584
.data:C0000040:53B9025D545D65E23295E30AFDBD16D9:18432
.rsrc:40000040:E36154ED43EC940A9DE96B4FD86BD35F:707584
.reloc:42000040:C68EE8931A32D45EB82DC450EE40EFC3:30208

----- C:\Users\Administrator\Desktop\20250115\939c125accb6e2f939bc239c45d3ead938a0c0bcd63d77fbde11ed96ed1a1c76.exe ---- General Threat
Trojan.Win32.Downloader.oa!s1
Signature verification: False
MD5: 7E6AF615A074F41EA63EF69A047E8F6D:1161216
RIC: 29E776E1DB15F1F7E6BA9A725872B079:9640
SUBS: Win32 GUI
PE: x86
EP: 558BEC83C4F0B850D24600E8EC7FF9FF8B0D9C0E4700A18C0D47008B008B1500CB4600E884DEFEFFA18C0D47008B00E8F8DEFEFFE84B5EF9FF8D40000000000000
EPSEC: 1
EPRVA: 0006E80C
IBASE: 00400000
SEC:
.text:60000020:69C4173C38AD27686FB46F69FD79EC91:443904
.itext:60000020:639613140A642FAEDD01BFF468C3E3CF:2560
.data:C0000040:53B6DD6978C858DB7E9FAA57954B9C18:8192
.bss:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.idata:C0000040:F0F9A1156B641E5EA253CB6DDCAF08BA:10240
.tls:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.rdata:40000040:5B11E123DD9B7F6D94B27D2AD6E9BC83:512
.reloc:42000040:3B0F62DE599DC8A77438A9E2115A0B81:32256
.rsrc:40000040:D053912A545242D9B45AF7295B4D7B07:662528

----- C:\Users\Administrator\Desktop\20250115\ad25549d450ba601baac64e5efd061cdafa3e5b6f78f679345d33ddc25e66dd2.exe ---- General Threat
Ransom.Win32.Wacatac.sa
Signature verification: False
MD5: 5FEA044A3E446F3D3790B6827790AD0A:1234944
RIC: ADE056D1418AF506887208F87622D456:23424
SUBS: Win32 GUI
PE: x86
EP: E86E050000E97AFEFFFF558BEC56FF75088BF1E858000000C706F0FD49008BC65E5DC20400836104008BC183610800C74104F8FD4900C701F0FD4900C3558BEC56
EPSEC: 0
EPRVA: 00020577
IBASE: 00400000
SEC:
.text:60000020:0A1473F3064DCBC32EF93C5C8A90F3A6:633856
.rdata:40000040:C9CF2468B60BF4F80F136ED54B3989FB:195584
.data:C0000040:53B9025D545D65E23295E30AFDBD16D9:18432
.rsrc:40000040:981C5580666B192BF3ED3DA48DDB2130:355840
.reloc:42000040:C68EE8931A32D45EB82DC450EE40EFC3:30208

----- C:\Users\Administrator\Desktop\20250115\ba54736b563266fd4f32553c63737596d3208a9112cb47d6513f68db2c2e6b67.hta ---- General Threat
Trojan.U.Remcos.tr
MD5: 6DC778742C1403851FF2659FCEE24150:48176

----- C:\Users\Administrator\Desktop\20250115\bd4e03da2b008e10bde459cf559c5eaeb1f8155ee6146dbeac9eb545eeddeda4.exe ---- General Threat
Risk.Win32.Downloader.dd!n
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Signature verification: False
.NET TLID: {25D8A761-9A9F-4468-BE48-C48702ADE537}
.NET MVID: {E70BC9C8-84A8-459D-9B72-5E38864CCED2}
NAC: FD029D6A79CD0AB67EDD64222C0756FC:45
MD5: E334D399AD45215A80860093BC56DEEA:67089
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 00011B5E
IBASE: 00400000
SEC:
.text:60000020:FCD8E49034624C44E4DF7C1DF9992D6B:64512
.rsrc:40000040:D1E3BD86534EA351B898BCF1136C1C31:1536
.reloc:42000040:14FA82843F239FC26183212975D10A9A:512

----- C:\Users\Administrator\Desktop\20250115\bd4f1621ebf7a983fe8e6839934289983f7e33c21b3f36c06559686113bc61e4.exe ---- General Threat
Ransom.Win32.Wacatac.sa
Signature verification: False
MD5: 36ED9B91ABBDDA0E0AEB246352E985A4:1619456
RIC: ADE056D1418AF506887208F87622D456:23424
SUBS: Win32 GUI
PE: x86
EP: E86E050000E97AFEFFFF558BEC56FF75088BF1E858000000C706F0FD49008BC65E5DC20400836104008BC183610800C74104F8FD4900C701F0FD4900C3558BEC56
EPSEC: 0
EPRVA: 00020577
IBASE: 00400000
SEC:
.text:60000020:0A1473F3064DCBC32EF93C5C8A90F3A6:633856
.rdata:40000040:C9CF2468B60BF4F80F136ED54B3989FB:195584
.data:C0000040:53B9025D545D65E23295E30AFDBD16D9:18432
.rsrc:40000040:7364D8EF8248FE567898C019312B50C3:740352
.reloc:42000040:C68EE8931A32D45EB82DC450EE40EFC3:30208

----- C:\Users\Administrator\Desktop\20250115\ce4f85d935fe68a1c92469367b945f26c40c71feb656ef844c30a5483dc5c0be.exe ---- General Threat
Trojan.Win32.Agent.sa
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Signature verification: False
.NET MVID: {736B7414-887B-4E11-8D24-F5AC9AD7A10A}
NAC: D30F18BCE3330AFC415D81A9E55D400B:39
MD5: 9DCD35FE3CAFEC7A25AA3CDD08DED1F4:46080
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 0000C70E
IBASE: 00400000
SEC:
.text:60000020:9D24FB5C6D931052766EC9573FB3764C:43008
.rsrc:40000040:0F68CE4DD77ED0BB9C1E6B31F6995D94:2048
.reloc:42000040:F65A5E081190AF50315D9BC15CE55CE3:512

----- C:\Users\Administrator\Desktop\20250115\e5393c34240b7e1b8a35052d7e151c324a4aa6424b5a6e1a45717157042fb9ab.exe ---- General Threat
Trojan.Win32.Downloader.sa
Signature verification: False
MD5: 483AB6BD562B28782D0999ABEC4F57F5:1161216
RIC: 29E776E1DB15F1F7E6BA9A725872B079:9640
SUBS: Win32 GUI
PE: x86
EP: 558BEC83C4F0B850D24600E8EC7FF9FF8B0D9C0E4700A18C0D47008B008B1500CB4600E884DEFEFFA18C0D47008B00E8F8DEFEFFE84B5EF9FF8D40000000000000
EPSEC: 1
EPRVA: 0006E80C
IBASE: 00400000
SEC:
.text:60000020:69C4173C38AD27686FB46F69FD79EC91:443904
.itext:60000020:639613140A642FAEDD01BFF468C3E3CF:2560
.data:C0000040:53B6DD6978C858DB7E9FAA57954B9C18:8192
.bss:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.idata:C0000040:F0F9A1156B641E5EA253CB6DDCAF08BA:10240
.tls:C0000000:D41D8CD98F00B204E9800998ECF8427E:0
.rdata:40000040:5B11E123DD9B7F6D94B27D2AD6E9BC83:512
.reloc:42000040:3B0F62DE599DC8A77438A9E2115A0B81:32256
.rsrc:40000040:D31868C6483367700B95815234A2E180:662528

----- C:\Users\Administrator\Desktop\20250115\e5eab0d46a0a0500431f1ef78dd03c8dc17b97794f558624dfa7a567e24245e1.exe ---- General Threat
Ransom.Win32.Wacatac.sa
ProdVer: 1.0.9145.9974
FileVer: 1.0.9145.9974
Name: PsiComponents
Company: Kyle Fiegener
Signature verification: False
.NET MVID: {41776F8A-96F7-452F-89CC-CB2167CDD68D}
NAC: 888B3F9051DEA9EF1CAF3866EC04E605:26
MD5: D16A155D98D41CF4109FC2EBE34C0AB4:578560
RIC: 0BA64B42553F0C003A9D0B3F9E0E9A9F:7760
SUBS: Win32 GUI
PE: x86
EP: FF2500204000210040002300240025005E0026002A00280029003F0000009A99993E0000003FCDCC4C3E0000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 0008CB3A
IBASE: 00400000
SEC:
.text:60000020:1FF71D1DF20CF885D3F1998CFF38A5D6:568320
.rsrc:40000040:5468A5643056F6BFA0FFB3E3C8442132:9216
.reloc:42000040:FE880A5FEE753DE0EB99881A72F7AB1D:512

----- C:\Users\Administrator\Desktop\20250115\f4da65fff4d9b2420e2375ce736d02b0dab3e4776115346c5219891ea8fc3c97.exe ---- General Threat
Trojan.Win32.Remcos.tr
ProdVer: 1.0.9145.8364
FileVer: 1.0.9145.8364
Name: PsiComponents
Company: Kyle Fiegener
Signature verification: False
.NET MVID: {9124659B-B860-4896-859D-E0D29379F1F9}
NAC: 888B3F9051DEA9EF1CAF3866EC04E605:26
MD5: ECAD35AA0A2834EDDE088DBA8063486D:996915
RIC: 0BA64B42553F0C003A9D0B3F9E0E9A9F:7760
SUBS: Win32 GUI
PE: x86
EP: FF2500204000210040002300240025005E0026002A00280029003F0000009A99993E0000003FCDCC4C3E0000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 000F2CB2
IBASE: 00400000
SEC:
.text:60000020:80888DF617365AEE698F8F25B0A09FB7:986624
.rsrc:40000040:D2A77AA96F4FCF8AAB34EFD86BDB4428:9216
.reloc:42000040:B481AE60064C9BA77D35D6B31B1FCF5A:512

----- C:\Users\Administrator\Desktop\20250115\f64fd24b1ed93b6a39e59aebf0fa3ed6ede6f1fd2dbae2e33c4da9ed92defd6e.exe ---- General Threat
Trojan.Win32.AI.sa
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Name: SharpHide
Signature verification: False
.NET TLID: {443D8CBF-899C-4C22-B4F6-B7AC202D4E37}
.NET MVID: {88EAF0DC-6B11-41FA-A347-7337A33A8ED7}
NAC: A5D366CCF0B1AAF8391AE0797A15137A:9
MD5: C35163510810CDE1AC38D423444ACF2B:8704
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 000036D6
IBASE: 00400000
SEC:
.text:60000020:F006D9D2655F5937E8E033002A12C8E0:6144
.rsrc:40000040:7236C0239093A47BF19192D5529118B5:1536
.reloc:42000040:882F0483619037353873F3174C3397F1:512

----- C:\Users\Administrator\Desktop\20250115\b0c71e2b19b3cde4f32ccf2159ab94beca188ffab5d761f2d610989821c772c3.exe ---- General Threat
Malware.Generic.cld
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Name: SharpHide
Signature verification: False
.NET TLID: {443D8CBF-899C-4C22-B4F6-B7AC202D4E37}
.NET MVID: {7B3EA4E9-DE56-480E-9800-698A9C3B5D44}
NAC: A5D366CCF0B1AAF8391AE0797A15137A:9
MD5: 38DAED645E94ECDB07C10FA81DCBC9A5:8704
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 000036D6
IBASE: 00400000
SEC:
.text:60000020:1FDF18B2E4E8C75BA00924E7CC1DEC0C:6144
.rsrc:40000040:7236C0239093A47BF19192D5529118B5:1536
.reloc:42000040:882F0483619037353873F3174C3397F1:512

----- C:\Users\Administrator\Desktop\20250115\cd9ee0f4a8ad57856d636dd1f2f34c2196804791bff45332d729203ce1459226.exe ---- General Threat
PUP.Win32.BundleInstaller.dd!c
ProdVer: 1.0.0.0
FileVer: 1.0.0.0
Name: Bnfvqzuqaio
Signature verification: False
Certificates: FH Manager
.NET TLID: {5569FE40-85AE-4329-950F-3077C2AA4B91}
.NET MVID: {E6A81953-385A-4627-A306-3A3D912064E3}
NAC: 15B3774A3214D3E89E5B57C1B4E10E46:11
MD5: 58A83CBFBD24495D3427075426C7BB6C:48032
SUBS: Win32 GUI
PE: x86
EP: FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
EPSEC: 0
EPRVA: 0000A596
IBASE: 00400000
SEC:
.text:60000020:5DAAD51418E7986E6A251BA9E808F29B:34304
.rsrc:40000040:5B98D163025A612F8ECF5B3D71E2ADF5:1536
.reloc:42000040:154D60DB6BFF012B4AC53DB65C2B2B64:512

----- C:\Users\Administrator\Desktop\20250115\dd82f88cdd4a62e9e9b5a081cbd3f98b542614ee6b0e33c2385817af92c704a1.exe ---- General Suspicious
Malware.Heur.02014001.nn
Signature verification: False
MD5: 289754998D1520E2BEC7190452C464AC:1464832
RIC: 426DB4985E0C8C14D64F4CB39E86BDBB:30873
SUBS: Win32 GUI
PE: x86
EP: E86E050000E97AFEFFFF558BEC56FF75088BF1E858000000C706F0FD49008BC65E5DC20400836104008BC183610800C74104F8FD4900C701F0FD4900C3558BEC56
EPSEC: 0
EPRVA: 00020577
IBASE: 00400000
SEC:
.text:60000020:0A1473F3064DCBC32EF93C5C8A90F3A6:633856
.rdata:40000040:C9CF2468B60BF4F80F136ED54B3989FB:195584
.data:C0000040:53B9025D545D65E23295E30AFDBD16D9:18432
.rsrc:40000040:E88A52C86F0770433FC89E1EF187F7B3:585728
.reloc:42000040:C68EE8931A32D45EB82DC450EE40EFC3:30208

Scan completed

Scan result:       35 detected items
Scan completed in: Scan completed in 4 seconds.
Files were scanned:  187

显示全部楼层 · 发表于 6 天前

本帖最后由 OrangeCell 于 2025-1-16 17:27 编辑

Bitdefender Endpoint Security Tool扫描4x。实时文件监控在文件落地的过程中杀了一些文件，实际剩余28x。

双击测试剩余样本：

7e9b9833268dae6e33c83b582ec7fb353f0dc6514f869e3228f0effa161da00f -> 自动上传云鉴定后报毒:Gen:Suspicious.Cloud.2.GvW@auxFskpi

2b1896722cbf593dbd9c5561659ee8d9f3085f9d3eced0173be6918bb962ea3e -> 双击阻止恶意命令行执行，报毒:Gen:Suspicious.Cloud.1.00AC4295560000

2d3430ea4340df7c6d2e81b8147292f9423871efd5b0da115bd3e9bb7498e014 -> 弹出黑窗后自退。

3e7395ddfc7e38e08e6be54e3ba7c9de2d7ea1a73c9926ab607c76f3031394f6 -> 自动上传云鉴定后报毒：Gen:Suspicious.Cloud.2.II2@aiSzjUCi

4d49933551f01cc730f63fd290ecb61f4bfa880a0660f0ec7363e148ef85645a -> 拒绝访问，报毒Gen:Variant.Jalapeno.19331

5b3b169b48056c1cd8b84093c312de2f9ec1c7a1edcd7591743f6eac62c98ab9 -> 阻止执行恶意命令行，报毒:Trojan.GenericKD.75380391

9c8f5f4608285717b7605f0eeca941916081d70f57159d0e761f78e471deaefe -> 阻止执行恶意命令行，报毒:Trojan.GenericKD.75367269

8fe9724cf6b6ab32348aaedaa20646f6cbdce0aa09ed317a635602acfb603f0c （XLS文件，无法执行）

18f3749e057ca1d3899cb27c94dac6394e3716ab46be15e98594865e74b779bd -> 拒绝访问，报毒Gen:Variant.Jalapeno.19334

26b53cef2e34ea99b37ad6e84736eeaa1851043d98b85ce831c946674b1ad1d8（XLS文件，无法执行）
140cc4e8f36d4403a99ed1557d11771bcdcd169f70b014f99e658b917f9ced2d（DOCM文件，无法执行）

68fe78c0a8961da3a1121f95ebe63003c9a7c359edf68542d971d92632357422 -> 拒绝访问，报毒Gen:Variant.Jalapeno.19324

70c1d9f480bba58360e42af222d4c1a3ff7dc5d0f2a6d96b1650dc6076027d52 -> 拒绝访问，报毒Trojan.GenericKD.75371950

74cf029cea455234dfa9b311bb2598aa02459f3fcca68d1d5017e59de974e85f -> 阻止执行恶意命令行，报毒:Trojan.GenericKD.75363321

276b08cdfcba38b36290db8a3162df343ba0f2bc3d3e48d22928ae61480b8183 -> 自动上传云鉴定，报毒：Gen:Suspicious.Cloud.2.JH2@ai7yBlji

701cc76315954f7e5e8b0fb36db44cdb6e6e40384be529670490523be1429d8f -> 拒绝访问，报毒Gen:Variant.Jalapeno.19337

744a3efa374159a40ea07cf1c6a295f40fef90685421d20ceda619847dbe6165 -> 拒绝访问，报毒Trojan.GenericKD.7537212

778f9aa3775f01e8be291052165e046a6344d925f5014d2ebbebd6e46148ae1b -> 拒绝访问，报毒：Gen:Variant.Jalapeno.19331

942d9e96f053c02c029afd39ec71386285190e972457be9d8e0d310c4c5b4f28 -> 拒绝访问，报毒：Trojan.GenericKD.75390191

ad25549d450ba601baac64e5efd061cdafa3e5b6f78f679345d33ddc25e66dd2 -> 拒绝访问，实时防护杀。

b6c22e7ae8a0058a9c51edd8941feac20f88a86a3db2038689161368bd802875 -> 双击ATC拦截，威胁名称: ATC.SuspiciousBehavior.AD3B0F861E1CA5A1和Generic.ShellCode.Donut.Marte.4.93AA96DE。

bd4f1621ebf7a983fe8e6839934289983f7e33c21b3f36c06559686113bc61e4 -> 拒绝访问，报毒：Trojan.GenericKD.75380182

cd9ee0f4a8ad57856d636dd1f2f34c2196804791bff45332d729203ce1459226 -> 拒绝防护，实时防护杀。

dd82f88cdd4a62e9e9b5a081cbd3f98b542614ee6b0e33c2385817af92c704a1 -> 拒绝访问，实时防护杀。

e5eab0d46a0a0500431f1ef78dd03c8dc17b97794f558624dfa7a567e24245e1 -> 拒绝访问，报毒：Gen:Variant.Ser.Jalapeno.122

e075807417590255de4d395fa3dfbc336e88c96bbab8afca1d5e5d5abbac0237 -> 拒绝访问，报毒: Trojan.Autoruns.GenericKD.196

f4da65fff4d9b2420e2375ce736d02b0dab3e4776115346c5219891ea8fc3c97 -> 拒绝访问，报毒：Gen:Variant.Ser.Jalapeno.122。

剩余图下5x（其中4x无环境运行，1x反虚拟机）

显示全部楼层 · 发表于 6 天前

OrangeCell 发表于 2025-1-16 17:01
Bitdefender Endpoint Security Tool扫描4x。实时文件监控在文件落地的过程中杀了一些文件，实际剩余28x。
...

BD属实离谱。。。

显示全部楼层 · 发表于 6 天前

裂空我爱杰发表于 2025-1-16 18:12
BD属实离谱。。。

这次几乎都是云鉴定杀的，ATC就杀了一个样本

显示全部楼层 · 发表于 4 天前

malwarebytes：剩25x

[病毒样本] 【开放测试】卡饭病毒样本包 20250115 第235期

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源