收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 FakeAPP 35X
返回列表 发新帖
查看: 974|回复: 3
收起左侧

[病毒样本] FakeAPP 35X

[复制链接]
hsks
发表于 2025-1-26 19:12:06 | 显示全部楼层 |阅读模式
本帖最后由 hsks 于 2025-1-26 20:06 编辑

https://pan.huang1111.cn/s/dkEyYtV
https://www.123684.com/s/FJUmjv-NRVN

回复

举报

lsop1349987
发表于 2025-1-27 10:44:50 | 显示全部楼层
本帖最后由 lsop1349987 于 2025-1-27 11:22 编辑

卡巴斯基next 扫描剩17x双击kill all
大部分内存杀+回滚
有两个高级清除才弄干净
这个结果感觉比个人版强一些?
另外:重启后MD好像被干掉了。。。好像是某个msi弄得

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

早上起来不刷牙
发表于 2025-1-27 15:44:47 | 显示全部楼层
lsop1349987 发表于 2025-1-27 10:44
卡巴斯基next 扫描剩17x双击kill all
大部分内存杀+回滚
有两个高级清除才弄干净

火绒6 kill all
火绒5 miss 4个
回复

举报

DisaPDB
发表于 2025-1-27 18:38:18 | 显示全部楼层
本帖最后由 DisaPDB 于 2025-1-27 19:35 编辑

DI 静态15x

双击 应该是剩下全杀
  1. DateTime: 2025-01-27 18:34:22.317 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\AnyDesk_12.24652_Setup.exe FileType: PE32FileType
  2. DateTime: 2025-01-27 18:34:33.776 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\Fytnsllatengin_Flash.exe FileType: PE32FileType
  3. DateTime: 2025-01-27 18:34:46.786 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\Ggle_Chrome25162_install.exe FileType: PE32FileType
  4. DateTime: 2025-01-27 18:34:57.615 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\Gog_Chrome25.1251_install.exe FileType: PE32FileType
  5. DateTime: 2025-01-27 18:35:06.678 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\GoleChrome25.12135_install.exe FileType: PE32FileType
  6. DateTime: 2025-01-27 18:35:12.474 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\GoleChrome_25.12135_install.exe FileType: PE32FileType
  7. DateTime: 2025-01-27 18:35:18.803 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\Google_Setups _64.exe FileType: PE32FileType
  8. DateTime: 2025-01-27 18:35:39.068 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\iQlYl-setup.exe FileType: PE32FileType
  9. DateTime: 2025-01-27 18:35:42.973 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\ldplayer9_ld_9ius9_ld.exe FileType: PE32FileType
  10. DateTime: 2025-01-27 18:35:51.270 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\letspn-latest.exe FileType: PE32FileType
  11. DateTime: 2025-01-27 18:35:58.786 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\OOsgFu11xjOla_seutep_0.1.114.exe FileType: PE32FileType
  12. DateTime: 2025-01-27 18:36:10.928 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\wpsKLL50.exe FileType: PE32FileType
  13. DateTime: 2025-01-27 18:36:22.333 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\wps_windows_v7.98.79_Setup.zip.exe FileType: PE32FileType
  14. DateTime: 2025-01-27 18:36:30.770 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\Xshell-Setups.exe FileType: PE32FileType
  15. DateTime: 2025-01-27 18:36:37.085 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\Desktop\35\35\youdaofyD-sjndpoc.exe FileType: PE32FileType
  16. DateTime: 2025-01-27 18:38:58.783 - Message: MalwarePrevented Path: C:\Program Files\OutlineExhibit\2_AdministerShowcase.exe FileType: PE32FileType
  17. DateTime: 2025-01-27 18:39:01.017 - Message: MalwarePrevented Path: C:\Program Files\OutlineExhibit\2_ClearTarget.exe FileType: PE32FileType
  18. DateTime: 2025-01-27 18:39:02.861 - Message: MalwarePrevented Path: C:\Program Files\OutlineExhibit\DefineResearch.exe FileType: PE32FileType
  19. DateTime: 2025-01-27 18:39:03.173 - Message: SuspiciousPowershellCommandExecution
  20. DateTime: 2025-01-27 18:39:05.704 - Message: MalwarePrevented Path: C:\Program Files\OutlineExhibit\2_TpyhbfpMngsDIBt.exe FileType: PE64FileType
  21. DateTime: 2025-01-27 18:39:58.595 - Message: MalwarePrevented Path: C:\ProgramData\NVIDIARV\svchost.exe FileType: PE32FileType
  22. DateTime: 2025-01-27 18:39:59.308 - Message: MalwarePrevented Path: C:\ProgramData\Packas\scrok.exe FileType: PE64FileType
  23. DateTime: 2025-01-27 18:40:02.423 - Message: MalwarePrevented Path: C:\ProgramData\Smart\setup.exe FileType: PE32FileType
  24. DateTime: 2025-01-27 18:41:08.730 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Local\Utils\arctrl.dll FileType: PE32FileType
  25. DateTime: 2025-01-27 18:41:09.112 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Local\Utils\HaloHelper.exe FileType: PE32FileType
  26. DateTime: 2025-01-27 18:41:09.845 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Local\HaloDesktop.exe FileType: PE32FileType
  27. DateTime: 2025-01-27 18:41:12.408 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Local\HaloTray.exe FileType: PE32FileType
  28. DateTime: 2025-01-27 18:41:22.111 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Local\Bin\stardict-editor.dll FileType: PE32FileType
  29. DateTime: 2025-01-27 18:42:12.505 - Message: SuspiciousPowershellCommandExecution
  30. DateTime: 2025-01-27 18:42:14.458 - Message: MalwarePrevented Path: C:\Program Files\ControlCenter\2_EventSpecify.exe FileType: PE32FileType
  31. DateTime: 2025-01-27 18:42:28.765 - Message: ArbitraryShellcodePrevented Path: C:\Program Files\ControlCenter\hZfIDoNLbTYVrwY.exe
  32. DateTime: 2025-01-27 18:42:30.933 - Message: ArbitraryShellcodePrevented Path: C:\Program Files\ControlCenter\OverseerEmphasize.exe
  33. DateTime: 2025-01-27 18:43:11.402 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\bcd498c9\aefd6\eebf26038\30586\48a8e8f\is-RD3K5.tmp FileType: PE64FileType
  34. DateTime: 2025-01-27 18:43:36.605 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\25d35c135\db4a5e7\05552015\4259f4b21\538de8\a9afe2\is-363BJ.tmp FileType: PE64FileType
  35. DateTime: 2025-01-27 18:44:14.124 - Message: NetworkStatusUpToDate
  36. DateTime: 2025-01-27 18:44:34.072 - Message: SuspiciousPowershellCommandExecution
  37. DateTime: 2025-01-27 18:44:48.199 - Message: ArbitraryShellcodePrevented Path: C:\Program Files\GuideSmartSolution\XQqmSsNjPMtB.exe
  38. DateTime: 2025-01-27 18:44:49.137 - Message: ArbitraryShellcodePrevented Path: C:\Program Files\GuideSmartSolution\HoyEYCFweXlKqXx.exe
  39. DateTime: 2025-01-27 18:44:57.856 - Message: SuspiciousPowershellCommandExecution
  40. DateTime: 2025-01-27 18:45:29.928 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\29147e43\9c0374\3dfa34ab\cf6333b\bbe668b\a48732be6\is-OMMCT.tmp FileType: PE64FileType
  41. DateTime: 2025-01-27 18:46:17.223 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\019badb1\6ae163a\c480ce4c\c9c1b\af0c6fa66\is-U2FTU.tmp FileType: PE64FileType
  42. DateTime: 2025-01-27 18:46:30.545 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\65e4e9\c8980\115e663\is-FIP43.tmp FileType: PE64FileType
  43. DateTime: 2025-01-27 18:47:32.545 - Message: ArbitraryShellcodePrevented Path: C:\Windows\System32\wbem\WmiApSrv.exe
  44. DateTime: 2025-01-27 18:48:31.192 - Message: ReflectivePEDetected
  45. DateTime: 2025-01-27 18:48:31.241 - Message: InjectionBlocked Path: C:\Program Files (x86)\dfsgsyhdrse\Kakao v2.2.5 p2Jsse\update.exe
  46. DateTime: 2025-01-27 18:49:12.491 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\6c7f34\0b22f1bfef\0f5743\is-P6IV3.tmp FileType: PE64FileType
  47. DateTime: 2025-01-27 18:49:40.501 - Message: SuspiciousPowershellCommandExecution
  48. DateTime: 2025-01-27 18:49:44.298 - Message: MalwarePrevented Path: C:\Program Files\PursueIllustrate\2_DeveloperDetail.exe FileType: PE32FileType
  49. DateTime: 2025-01-27 18:49:48.735 - Message: ArbitraryShellcodePrevented Path: C:\Program Files\PursueIllustrate\dhYCGsAUsiTkRAv.exe
  50. DateTime: 2025-01-27 18:50:05.860 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\75f69a23a1\f42650d7\6ff044\c7bc7\is-1RP12.tmp FileType: PE64FileType
  51. DateTime: 2025-01-27 18:50:46.103 - Message: RestoreSuccess
  52. DateTime: 2025-01-27 18:51:39.141 - Message: ArbitraryShellcodePrevented Path: C:\Windows\System32\wbem\WmiApSrv.exe
  53. DateTime: 2025-01-27 18:54:14.667 - Message: NetworkStatusUpToDate
  54. DateTime: 2025-01-27 18:54:52.102 - Message: ArbitraryShellcodePrevented Path: C:\Windows\System32\wbem\WmiApSrv.exe
  55. DateTime: 2025-01-27 18:57:54.227 - Message: ArbitraryShellcodePrevented Path: C:\Windows\System32\wbem\WmiApSrv.exe
  56. DateTime: 2025-01-27 19:01:05.735 - Message: ArbitraryShellcodePrevented Path: C:\Windows\System32\wbem\WmiApSrv.exe
  57. DateTime: 2025-01-27 19:02:58.550 - Message: ArbitraryShellcodePrevented Path: C:\Program Files\System Informer\SystemInformer.exe
  58. DateTime: 2025-01-27 19:04:14.952 - Message: NetworkStatusUpToDate
  59. DateTime: 2025-01-27 19:04:18.826 - Message: ArbitraryShellcodePrevented Path: C:\Windows\System32\wbem\WmiApSrv.exe
  60. DateTime: 2025-01-27 19:07:52.031 - Message: MalwarePrevented Path: C:\Program Files (x86)\AefdBSDLV\libcurl.dll FileType: PE32FileType
  61. DateTime: 2025-01-27 19:08:02.018 - Message: MalwarePrevented Path: C:\Program Files (x86)\AefdBSDLV\libcurl.dll FileType: PE32FileType
  62. DateTime: 2025-01-27 19:08:17.338 - Message: MalwarePrevented Path: C:\Program Files (x86)\UVgVyDdtQ\libcurl.dll FileType: PE32FileType
  63. DateTime: 2025-01-27 19:08:59.338 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\19aa2\9e47d020\da1db36\e2378a8f4b\7f5655f\is-Q5TQF.tmp FileType: PE64FileType
  64. DateTime: 2025-01-27 19:09:12.284 - Message: MalwarePrevented Path: C:\Users\Disa_Tale\AppData\Roaming\7f3d6684a9\d3331ab08\6b40123096\0d048d\496cb\1fbc72087\is-5JDRG.tmp FileType: PE64FileType
  65. DateTime: 2025-01-27 19:10:30.291 - Message: DClientLogsCollected
复制代码




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-6 20:37 , Processed in 0.139079 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表