【开放测试】卡饭病毒样本包 20250301 第261期

zhuzhu009

警告：

本主题帖中包含的文件和附件可能对计算机造成潜在危害。虽然没有任何安全软件能够做到100%防护，但这些样本仅供测试、交流与学习使用，严禁用于非法用途。

请注意，所有样本均为真实威胁，具有严重的危害性。在没有适当安全防护的情况下，请勿随意保存、打开或执行这些样本。建议在虚拟机环境中进行测试，以确保计算机安全。对于任何下载、打开样本或点击附件链接导致的个人数据泄露、系统破坏或其他损失，发布者及卡饭论坛不承担任何责任。

当前测试阶段：开放测试

---

文件信息：

• 文件名称：20250301.zip
• 样本数量：44
• 压缩包密码：infected
  

---

下载链接：

• https://pan.moe/s/Aaat0     https://wwzq.lanzouq.com/inAbo2p84xyh
  

---

文件信息：

• SHA256：32B320BC5343F12AAFCB587F0EAD0BFB8050EB7F97BD97097C28D2F92F671E14
  

---

注意：扫描/双击日志请以附件形式（压缩包）或图片上传，也可以 以1号字体放在回复中。         

          对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。

若样本中包含 .ps1（Powershell脚本）文件，请手动打开 cmd.exe，输入以下命令以允许运行脚本：

powershell
Powershell.exe Set-ExecutionPolicy Bypass

zhuzhu009

2345

OrangeCell

K7扫描kill 12x

hipoxiaxxx

FortiClient 扫描 40X，云沙盒检出 3X，剩余 1X上报

1. 19e14be57c94313e04b88e75c70d9f1f327d5c01b53c3fa9b09c0c925bffb5a8.exe - FSA/RISK_MALICIOUS
   
2. 25f9393f1913c00a1adc9852da6685f28e1e36cf2713ace9b821426a98860e00.exe - Riskware/Generic.H2
   
3. 26e2c88d2a944816044b66afbd7d259a623de712bfda14b32109a1674ab9581c.exe - FSA/RISK_MALICIOUS
   
4. 277b6737f6781a4be2bec82a031a0b977a32ef8a4811bb7b4c3727219dc4958a.exe - FSA/RISK_MALICIOUS
   
5. 41ca7b1fec13032e9630fa4b2a311b2a493904de1e8cbc0f5a1a307fef5997f9.exe - Riskware/Application
   
6. 480696a157ec8af6be222acb12e24a375a1819ed739f703c5eec8a7fe3d2355f.exe - W32/PossibleThreat
   
7. 4ee733cc6445803ca9372072768021d716bbc34a1d9272de58d4d02c00965b06.exe - Riskware/Application
   
8. 570883baaf5872e7c0a9ee6d002d9f45ce30a67280d8fef5108c25c75d5926e4.exe - MSIL/Bladabindi.LX!tr
   
9. 57f0dedc47e762eb1a823827ea45410beb404c2d23b552eebaa18002afff158e.exe - MSIL/Agent.ECL!tr
   
10. 664dc635c3c070d0c8bbf3f0247fe2d5f11b33f3cd3151c61bf7ad1c6eed1b49.exe - MSIL/Crypt.SS!tr.spy
    
11. 69965b983b33f9db4bd10d90886ce2d62b3c0cee70e8fea18d2815446a7ca22c.exe - PossibleThreat.MU
    
12. 6bd2c5089a89aa8f21c249360848478e029a3cacb8e6da30b40b821eb1057d82.exe - FSA/RISK_MALICIOUS
    
13. 72d3b030a8441c8c242e24e86b6d4ee3b1be8520712243ad71e5d498f5b05cee.exe - Malware_Generic.P0
    
14. 782cbe7f5999e817a6e3b4cf87a30bf31b9fb0fd8ce4552c6f4edd7f89eef2ca.exe - Riskware/NDAoF
    
15. 7bd2b9b7c76481189c03291c7daebaf4cc92d85c18e7543be91b20ad3f876bc4.exe - MSIL/Agent.LI!tr
    
16. 7f8da99a109bbb8863f0defafbea8160fb21457c2cb977881e577323907d1a36.exe - MSIL/Agent.KFG!tr
    
17. 8979349c501e985918d443e413710cd0c6a9e1f6e6d9de0083076d2ab3ac31cb.exe - W64/ValleyRat.A!tr.spy
    
18. 9e6671879ea388e5eed6fde2f699de7a4cef1a22543e002a966fe86b55066729.exe - W64/Agent.GF!tr.spy
    
19. a53273f7e3a89fbaa4cdfeaa72653db86bbcac260de7091dd313693a7836ee66.exe - MSIL/Crypt.SS!tr.spy
    
20. a5a3d7d85bb739cc10085984cd815286daaaad48480200978df72f999772f0ff.hta - VBS/Obfuscated.AO!tr
    
21. ab47b22c60374f96043c135bbc16f9be05859648141b5f0b4fe6aad7a562236c.exe - MSIL/Agent.ECL!tr
    
22. b172a503d1063a63f07c71918c3e9d97768aec3827e78adfa030b83f0fcc6fad.exe - MSIL/Crypt.SS!tr.spy
    
23. bcacf515be6124d0b5b238a43f5b87542e07ddfd8b9d1883547c3f31db395b4f.exe - MSIL/Crypt.SS!tr.spy
    
24. c4f56ecbf394eed6001f8308a054c1e80de8227c016560b21bea6401c202080b.exe - NSIS/Runner.CN!tr
    
25. d774ef6a941440ef5f401219cff62f06a1f0be1df70d8763102765edc7a0cc21.exe - MSIL/Crypt.SS!tr.spy
    
26. d94ddc5fd9bfdc0e0757c0615c094c1050331aabc55f4fbc14a05c4662632f92.exe - W64/AI.Pallas.Suspicious.AVEN
    
27. de597170b2f0a8562f72d7e4eb1a42da52b5e4cc3db87d216e1f108e724aa2e6.exe - Malware_Generic.P0
    
28. df3fe0375443e5497f8306ff950d30c51de571920b1be2a76934f5d7880a4492.exe - W64/Agent.0TIZOP!tr
    
29. e4f0e540556ae31bb842c7dfb668a5b0c05b70dd13c220170dde56c94d1262bb.exe - W64/Kryptik.BVR!tr
    
30. efcc2d6182fcd4be8815aee606cf0f3f10ebf9efeba0ed04a5b1c2a6adc23462.exe - MSIL/Crypt.SS!tr.spy
    
31. f0e2fb0bbd3a98e22ff2defbf711d2ab078b9807f34e0f8f81dcb4124f20588b.exe - W64/Kryptik.BVR!tr
    
32. f54d38c602d64dc36e00201f688132f39ef2b4cd94a1511cad05c2fd8ded6475.exe - FSA/RISK_MALICIOUS
    
33. 234ea596c74a48e69cee880ce2bf83bfa7cc616220655726ee8e8e57b4fea1be.exe - MSIL/Agent.ECL!tr
    
34. 7767e93b4e0deccedc27a7d74afc511903daa6b7652964e61d68e5743dd7729e.exe - W32/CoinMiner.PHP!tr
    
35. 351dd177e0a45db020ef0adc9cf1e31e74357c955107ca608edb07b9817353a1.exe - MSIL/Agent.ECL!tr
    
36. dcc45e1ba87417f020636be47e043fc7abe2127282a1c6abcd195d3b87575573.exe - Riskware/Application
    
37. d1d80eeeeb8487baa0b0bb394937317a8dd504bcec4d597c532a1f41637032c3.exe - FSA/RISK_MALICIOUS
    
38. 4cce47120f72fbe9625b1a6802cd7d102be2b247887c48e4ac48ffdfe0a1c2e7.exe - MSIL/RevengeRat.APN!tr
    
39. 6cb306e6ca3ec40725c5181299d3d771e1ac468d09df35a8ae45871d571c6c34.exe - Malicious_Behavior.SB
    
40. 68a48b85b26a63d37b965a012cf555112b2eab5ffab0833356e9f23902d9a7fb.exe - W32/AI.Pallas.Suspicious.AVEN

复制代码

PhozeAMTB

WD 解压剩 1x，双击 all

电脑发烧迷

360扫描 miss 1x，双击拦截不杀

jijianan2007

ESSP  解压剩余5X，liveguard杀2个，最终剩3

jijianan2007

FSP

mmmaoo

KVRT  40x:

UNknownOoo

火绒
扫描：剩 7x


X-Sec
扫描：剩 2x