收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 FakeAPP 3x
12
返回列表 发新帖
楼主: UNknownOoo
 收起左侧

[病毒样本] FakeAPP 3x

[复制链接]
谈谈MEMZ
发表于 18 小时前 | 显示全部楼层
本帖最后由 谈谈MEMZ 于 2026-2-3 01:20 编辑

Cortex XDR 执行杀衍生物 ALL

  1. Application Information:
  2. Source process ID: 8880
  3. Source process name: msiexec.exe
  4. Source application location: C:\Windows\System32\msiexec.exe
  5. Source process command line: C:\Windows\System32\MsiExec.exe -Embedding B91D2223E932564B3E00C7ADF336A807
  6. Source application version: 5.0.20348.2849
  7. Source application publisher: Microsoft Corporation
  8. Source application signers: Microsoft Windows,Microsoft Windows
  9. Source process user name: User


  12. Prevention Information:
  13. Prevention date: 2026年2月3日
  14. Prevention time: 1:17:10
  15. OS version: 10.0.20348
  16. Component: WildFire
  17. Cortex XDR code: C0400058
  18. Prevention description: 检测到可疑 DLL
  19. Verdict: 2
  20. Quarantined: False
  21. Post-Detected: False
  22. Hash: b7106927fb4b51f2784b2f0e433a9af7f48c9a9855d4dcfe85f252dc841d6f29
  23. Additional information 1: C:\Program Files (x86)\网易有道翻译_11.2.5.0_1748003245\网易有道翻译_11.2.5.0_1748003245\ThereD.dll
  24. Additional information 2: B7106927FB4B51F2784B2F0E433A9AF7F48C9A9855D4DCFE85F252DC841D6F29
  25. Additional information 3: B7106927FB4B51F2784B2F0E433A9AF7F48C9A9855D4DCFE85F252DC841D6F29
  26. Additional information 4: 2
复制代码
  1. Application Information:
  2. Source process ID: 7024
  3. Source process name: men.exe
  4. Source application location: C:\Users\Public\Documents\men.exe
  5. Source process command line: "C:\Users\Public\Documents\men.exe"
  6. Source application version:
  7. Source application publisher:
  8. Source application signers:
  9. Source process user name: User


  12. Prevention Information:
  13. Prevention date: 2026年2月3日
  14. Prevention time: 1:16:23
  15. OS version: 10.0.20348
  16. Component: WildFire
  17. Cortex XDR code: C0400055
  18. Prevention description: 检测到可疑可执行文件
  19. Verdict: 2
  20. Quarantined: False
  21. Post-Detected: False
  22. Hash: f05c112ea9c71720a7e9879178de1318347bbb1092847be0f96788abcd84ea9c
  23. Additional information 1: C:\Users\Public\Documents\men.exe
  24. Additional information 2: F05C112EA9C71720A7E9879178DE1318347BBB1092847BE0F96788ABCD84EA9C
  25. Additional information 3: F05C112EA9C71720A7E9879178DE1318347BBB1092847BE0F96788ABCD84EA9C
  26. Additional information 4: 2
复制代码
  1. Application Information:
  2. Source process ID: 9924
  3. Source process name: VC_radist.x64.exe
  4. Source application location: C:\ProgramData\O3s2yT\VC_radist.x64.exe
  5. Source process command line: "C:\ProgramData\O3s2yT\VC_radist.x64.exe"
  6. Source application version: 19.184.451.38
  7. Source application publisher:
  8. Source application signers:
  9. Source process user name: User


  12. Prevention Information:
  13. Prevention date: 2026年2月3日
  14. Prevention time: 1:17:34
  15. OS version: 10.0.20348
  16. Component: WildFire
  17. Cortex XDR code: C0400055
  18. Prevention description: 检测到可疑可执行文件
  19. Verdict: 2
  20. Quarantined: False
  21. Post-Detected: False
  22. Hash: 914552b1570764b08cc273329c2cc0833f2a753fb1ba8f86b5d6edc344a240f8
  23. Additional information 1: C:\ProgramData\O3s2yT\VC_radist.x64.exe
  24. Additional information 2: 914552B1570764B08CC273329C2CC0833F2A753FB1BA8F86B5D6EDC344A240F8
  25. Additional information 3: 914552B1570764B08CC273329C2CC0833F2A753FB1BA8F86B5D6EDC344A240F8
  26. Additional information 4: 2
复制代码



回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2026-2-3 20:17 , Processed in 0.075620 second(s), 2 queries , Redis On.

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表