【开放测试】卡饭病毒样本包 20250309 第262期

zhuzhu009

警告：

本主题帖中包含的文件和附件可能对计算机造成潜在危害。虽然没有任何安全软件能够做到100%防护，但这些样本仅供测试、交流与学习使用，严禁用于非法用途。

请注意，所有样本均为真实威胁，具有严重的危害性。在没有适当安全防护的情况下，请勿随意保存、打开或执行这些样本。建议在虚拟机环境中进行测试，以确保计算机安全。对于任何下载、打开样本或点击附件链接导致的个人数据泄露、系统破坏或其他损失，发布者及卡饭论坛不承担任何责任。

当前测试阶段：开放测试

---

文件信息：

• 文件名称：20250309.7z
• 样本数量：74
• 压缩包密码：infected
  

---

下载链接：

• https://wormhole.app/xkm3E0#u-ycDeQNLPW7LeWB5ieP5A https://pan.moe/s/jnvCD https://c.wss.cc/f/gh92xqmi99x
  

---

文件信息：

• SHA256： 71753AA4BB957B9CDD5AFDEE73C6543696E138FE9A7555934F66B654302B6AB6
  

---

注意：扫描/双击日志请以附件形式（压缩包）或图片上传，也可以 以1号字体放在回复中。         

          对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。

若样本中包含 .ps1（Powershell脚本）文件，请手动打开 cmd.exe，输入以下命令以允许运行脚本：

powershell
Powershell.exe Set-ExecutionPolicy Bypass

郭俊民

自制 68xLyNtien

已选择文件夹: E:/样本/测试/20250309
开始扫描...
启发深度: 1
扫描进程结束。
扫描完成，发现以下威胁：
- E:/样本/测试/20250309\2d0ce288985dfc9ee22313f2ce5376c1b15f72dcc45c96db5158822831b66446.bat: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\ab289a1dc9ad423e385c539a539feec8c04604d17656c663e52e02ceebd4409f.bat: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\0231d2d9b4bc4935dd4eed396ec39b0a6ed73bf239ccb2a049424175e42b42ce.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\075b1e0a7a7e2990d57a5e5d614cd804a7936ee71fd6d5be90fa937ca6454ec5.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\0a32d12f4d2f248e9c452169f53f3103d1551ca65c00c96464351950c2adbbca.exe: Talonflame!Score=70 (来源: Cloud API Scan)
- E:/样本/测试/20250309\0b7891b2cd2c16bac66ec4f815af883da8733e91349faa58a0f6e3a76b10a2b6.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\0f509d4c022c142dd43f6cdf4b3a23196a5ce9eac448a7540e9e8ad709de6ce2.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\15d967f9b7d1341aba49ef305373110ba1410c7a9d18c009aff331731a06d4a9.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\1b575237fe7710a37298b388977068f39b254944e0a3f61fc0902acb75bc9d1a.exe: Talonflame!Score=70 (来源: Cloud API Scan)
- E:/样本/测试/20250309\1bb045d646817966963f196f64d80855f23fc5763754013cb0715e87acc90ab0.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\1d2f14c8497b8cd9d78498827fac151d00d2359320607c5cd748df0ef50e4c73.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\218ea3221f1a07f6654e098dc86bd1a001790573d76cc8016dc9c69b93bc2cb9.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\2678ff9e7de004631e19523d40153b6c04c7a88732ca15e283b0f970adcb18ef.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\2959bef771b11c5180c49ab65c8e1db4d2a1c1b079a842f2300fefad35f7bb11.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\30b66b297519afdf1526eb092dae828b6a328d223acd237327c0162e316086ce.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\361eac6d7a1d710d57261b1c46a8c4f52690277ffd02dfd0ba53e585a5d1af5a.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\39063b8d0613596b7a2a4f2e8e45e945988276637a9f928a60e54224ce861b9c.exe: Talonflame!Score=70 (来源: Cloud API Scan)
- E:/样本/测试/20250309\394ed5e270bb760bee2b5ffea56421afb2a22aff35d78d29da92842f606b8d53.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\3a92a149d8f6a43920026f4218481659483afb75d0965ea26e90bcb9291a3f3a.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\3b011019d3bd4396023da31a7a6fd88d90bbbd725a1a4cbefa30cf116b94afca.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\3c64af44c80d0843cb6a50c395f4bca1848f1c7fc56865a81d5acd79fb7d7b49.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\3ded01ea01faecc2e3a30ab68959982aa7dfad1828284ecb4b7c3fae296644cf.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\556bb0a04f3a7b6f46af3ab63e51dd819de0ab533e7adf52b57d1e206c61d641.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\5e9e96b9e53a7d849b545872cec08f3ec4dc1b2ce51c841f647a2212ecff5b3a.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\5ed28c8706db880edc449e2fabe3bcd8e51d9335655bf5ea526df71b17e8eb5a.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\63ab3dbaa79738e9fc6bca985eb7ad751bb61aaf6d7ba7dd693bdd49715f914a.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\6405b747fde1c1d6236310d9f20c27b1e41c8c794fa5e7105c42e35be7429567.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\64d47e7c05d73ded8c5e3e88195f1173477e55527ad064aca606ef80fda9a38d.exe: Talonflame!Score=70 (来源: Cloud API Scan)
- E:/样本/测试/20250309\661fbb18ad3921c09efad5a71a07883c79b4db81ae8065dce828dfe1338d99e7.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\6771cb2cd76d2ce3cf81ee1defd8a2649fbd029c22a2d41412d3747211549724.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\68ce531bb69f2d028ef2f5b0d291db37582748bc812e270cf3246232f4f785a6.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\720264d1cb886a1fa9bb5f807acf3677a82701e8e0fc25e65d03252bb7c8f69f.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\770b494198e289dd91a8731dc4538bd36ac37b425f21e2a854cee956dec4452c.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\7963914b6101338d708fb1ca341aa42ea3d7858bb145bcc37da83d804ac0f664.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\808ea5f3c49d50f3ea6daeb52a6a5923c80c8a361a25048275077b12417c461b.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\87ac68555587584d749b7501b496bebdb865f34cf2a30ff1a6af1171768c932b.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\95930b643e2d7d09d9cdfb2776534744ebb101347bbfe8be84f376fa15d8033a.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\96415deeb9e8eef066e51a6bdea3ef37719fb2dd5a66f566451c9546a481a0eb.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\97816fec88967a1c4254752ff1cd00c53bb4da79b7069331a7566215e35a53e5.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\99d9f92fce1d62c67118449a44cfaab9fb50102934a83152b8d2edc5fd6d35b8.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\9dfb9989c7146240594e63aa7d40d3ded109edda93c8b7514a8f4c4b33b6fc77.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\9f808d76b8f08cda49d0ef1078b5cd98e9273bf4709556bd7184327c3ebfc4e8.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\a0c33d426acc6e09f9a58db5176f8b353dc7d29a1b2e9156d6c1e7fdfdf4ab79.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\a79f21c911c437962e8002a2ecbea1558b56cfe5e1c8a10219f5d5717091c26f.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\abd30485e613a4f9fff5b6bb8e0a10abdb331d10346ef3dd31cea53e34491ce9.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\accad70809d459d165750cf51e31f5703f590db6429de4a504c1843c02a7c0b3.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\b8f97aa41628ebb540a037b8f96294b77fb1d83c81593c6e61314204f05d7a40.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\bcc5dc78a52b10199756f260ae3feb106abc10ab630749bd902e8950e87bb38e.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\c1bfa0e9313ea896eba6329eb52b70374df276493468ca30d633f825f91f52a0.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\c4875eca80c1b5458aa8529ddf0d975d18e66af126dda3910846e305694b4982.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\c498735b89871dc42f522a389d3f2c63b347364fd8b03a6d788c092ce9353d77.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\c5b5c385184b5c2d7ed666beb38bb10b703097573f7a6b42b7fdef78acf99c96.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\c631b3586ae88b9952c7541fbc6d490f9906b870fc12397a8c7bb84e07eab6cd.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\cb3a38b5b53f478a2a83ea040885ccb2bea9d29e3d9db4af38914bcd21bf89db.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\ccdbeb9c3f27c634fdf13f9f8ad40123141bc5b883f0a22961d34bd3dbe7b897.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\ce7bfd72f24ff82c3721d5ea1c9fbadbe2b2e27654771a951caa5f873fae3aa7.exe: Talonflame!Score=70 (来源: Cloud API Scan)
- E:/样本/测试/20250309\cea7de59cf54019d818a1a1622e0dd0a28693a61f03b8a5d5d9f21b8ef0d451f.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\d458610e43d76a0547548ce5f9c0de856afcd7fe3fec9d4a42091e8d268ed41c.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\d4717111251ccd87aed19d387a50770f795dda04d454a97ebe53b27ea3afe1fb.exe: Win64:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\db8f521382508e27fe0e9d8ae708dd35e0d66025e99d92d980c4f2c56477ee55.exe: Arceus!LummaStealer (来源: Variant Scan)
- E:/样本/测试/20250309\dc25d718f31abfb22d767a38383cc4534ecec474e88e9b84b9e437fb97fd5017.exe: Win32:Arceus!Heuristic (来源: Heuristic Scan)
- E:/样本/测试/20250309\dea3b8dd3d416225d4ebcfecd61b28edc90f4d93e9ac42e65d77c619c6a17ec1.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\e1f2ed9abc3522cf4a7f1d4d6c126296fccd2aa309d2952bab94d2f064902fcd.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\e2b875684ea73c67806091b51f2fb27b7f784f93435074f570a3eb463efc573a.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\e45b701a7306aa4a47751b8166e369a719ac19648f37efb1a6d949de36a3d1af.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\ea0c32eb1b07b604286393d15aae41903485f8b1d4f2ab0d77f151323ec41b14.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\ebf04432efd04f6cef2c51164bb25c78867f0c8f7e361653408f74e7b5e1f2f6.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\ebf307b41bfe8a03497dbdeef5a69ff76acbb0d4f5c14a7ce6743c43e74c1946.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)
- E:/样本/测试/20250309\f1e99a7e9c48ecefd988f244085bd291f7d2c06e081338a9c104e8294ccb01bd.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\f76fde632a80c0c487fa71ac27699bdaf5d3b840ed3f1dd82448c80f4cd03fac.exe: Talonflame!Score=80 (来源: Cloud API Scan)
- E:/样本/测试/20250309\fd9ea5719df01b34d89eb0321b9814855cfc23488226e39e8dfa759a045a3b3b.exe: Arceus!MSIL.Jalapeno (来源: Variant Scan)

Fadouse

ES + S1 Kill All
解压静态 66/69, miss 8x (检出率 95.7%)

双击后剩下5x均无法正常运行或无行为 故不统计

bat 2x本机均编码错误
exe 3x双击后迅速自退，与joesandbox/微步沙箱结果一致

OrangeCell

K7 kill 17x，双击14x

PhozeAMTB

WD 扫描剩1x。

jijianan2007

EEA+360杀毒  重启前剩12，重启后剩1

QVM360

KIS 剩余
剩下三个运行自退

1. PS C:\Users\esetp\Desktop\1> ls
   
2. 
   
3. 
   
4.     目录: C:\Users\esetp\Desktop\1
   
5. 
   
6. 
   
7. Mode                 LastWriteTime         Length Name
   
8. ----                 -------------         ------ ----
   
9. -a----          2025/3/9      5:48        1752899 0a32d12f4d2f248e9c452169f53f3103d1551ca65c00c96464351950c2adbbca.exe
   
10. -a----          2025/3/9      5:47        1753499 1b575237fe7710a37298b388977068f39b254944e0a3f61fc0902acb75bc9d1a.exe
    
11. -a----          2025/3/9      5:47        1755992 6f40460d6d3b7e080fa9e9a176883895c25d586d1dd0670e44902f647a52c472.exe

复制代码

jijianan2007

FSP

qw8462

江民kill 68x

flyingyoung

DI 解压杀71x

ce7bf... 似乎为白文件（远程桌面）钓鱼
2d0ce... 和 ab289... 跑不起来