最新一期卡饭病毒样本测试结果
本帖最后由 ninjagaocc 于 2024-10-20 15:51 编辑样本下载:本帖隐藏的内容https://x.ws59.cn/f/fd8ij8plsmwhttps://wwzq.lanzouq.com/iwsMZ2cyqyzehttps://pan.huang1111.cn/s/1QaMZTv
压缩包密码:infected
如果样本中包含.ps1文件(Powershell脚本),则需要手动打开cmd.exe输入以下指令允许运行ps1脚本:
Powershell.exe Set-ExecutionPolicy Bypass
测试环境:微软沙盒
测试产品:瑞星V17
监控设置:高级
人工智能扫描引擎开+瑞星之剑
主防21x
剩余3x(扫描后2x)
剩余2x(双击后1x)
时间 事件 结果 附加信息
2024-10-20 13:16:50 文件监控 发现威胁cmd.exe/S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=[System.Security. 相关进程:C:\Windows\system32\cmd.exe
2024-10-20 13:16:12 文件监控 发现威胁cmd.exe/S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=[System.Security. 相关进程:C:\Windows\System32\cmd.exe
2024-10-20 13:15:02 文件监控 发现威胁cmd.exe/S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=[System.Security. 相关进程:C:\Windows\System32\cmd.exe
2024-10-20 13:14:37 文件监控 发现威胁cmd.exe/S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=[System.Security. 相关进程:C:\Windows\System32\cmd.exe
2024-10-20 13:14:14 右键查杀结束 扫描4个对象,发现1个威胁
2024-10-20 13:14:13 右键查杀开始 ——
2024-10-20 13:13:29 文件监控 发现威胁d53a7df671c51cfcbe6526e499e50664d129e9c80dfd44dde860bae39542c4e1.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\d53a7df671c51cfcbe6526e499e50664d129e9c80dfd44dde860bae39542c4e1.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:13:29 文件监控 发现威胁23d5d2532d745bb0257a4e5c89a322673990e43268fe2d1dd836a319477d4f48.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\23d5d2532d745bb0257a4e5c89a322673990e43268fe2d1dd836a319477d4f48.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:13:28 文件监控 发现威胁7e2090c4d0b8a81537beba1a052e96fcd50fa9efe75cdff10452c96d1a6f759f.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\7e2090c4d0b8a81537beba1a052e96fcd50fa9efe75cdff10452c96d1a6f759f.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:13:28 文件监控 发现威胁2cfc6fe46f2025a7aeab3dbb5d271c49cb3341545313582ab6603351e75ee19c.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\2cfc6fe46f2025a7aeab3dbb5d271c49cb3341545313582ab6603351e75ee19c.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:13:27 文件监控 发现威胁002ee006c22f11bc0ca54174aa801120194db34a8aa31211f8acd6be41e39b48.ps1 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\002ee006c22f11bc0ca54174aa801120194db34a8aa31211f8acd6be41e39b48.ps1 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:13:27 文件监控 发现威胁1f28042480cd4617e127e0a40f0bd958bacba132d5d41a78a1a002529ed7b6da.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\1f28042480cd4617e127e0a40f0bd958bacba132d5d41a78a1a002529ed7b6da.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:50 文件监控 发现威胁CypherRatV3.5Update7-24.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\CypherRatV3.5Update7-24.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:46 文件监控 发现威胁file (2).exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\file (2).exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:45 文件监控 发现威胁ed0b5bd7d8876e3f806d2b5c5ea58211159f8ed2f820dc08ee7fe44dc715ee76.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\ed0b5bd7d8876e3f806d2b5c5ea58211159f8ed2f820dc08ee7fe44dc715ee76.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:44 文件监控 发现威胁e9e42a94ff935c92a96d56ac230cba9eb6bb95fb9defe94a2e017f6822c2f19c.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\e9e42a94ff935c92a96d56ac230cba9eb6bb95fb9defe94a2e017f6822c2f19c.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:44 文件监控 发现威胁db0b65e19c5b94fe2d42cabdc6f048db5447c6c3c63190ae0349f09568ab95c3.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\db0b65e19c5b94fe2d42cabdc6f048db5447c6c3c63190ae0349f09568ab95c3.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:43 文件监控 发现威胁cfb2284581a02f2d451109559db3b36d3afad310ebf41b84a4d86b2768ec0c26.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\cfb2284581a02f2d451109559db3b36d3afad310ebf41b84a4d86b2768ec0c26.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:43 文件监控 发现威胁adcff21b19c76c3d2146599e98f8e26283a8fdae5fb451faaa404c503c4855aa.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\adcff21b19c76c3d2146599e98f8e26283a8fdae5fb451faaa404c503c4855aa.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:42 文件监控 发现威胁92054411881f9d2321b1735ca6440be8268f5f43532836b6f3854e515ad736ac.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\92054411881f9d2321b1735ca6440be8268f5f43532836b6f3854e515ad736ac.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:42 文件监控 发现威胁3d0a1f770b4f4be2a90e15fa29315199478f5c2c481fd9a1f1beb37eac46ed30.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\3d0a1f770b4f4be2a90e15fa29315199478f5c2c481fd9a1f1beb37eac46ed30.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:41 文件监控 发现威胁2ad5d4d619b473d95309340e9373908c9904e7e995cd38ca4facf4497ce9a424.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\2ad5d4d619b473d95309340e9373908c9904e7e995cd38ca4facf4497ce9a424.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:40 文件监控 发现威胁0d51dea89adc781645bb9845e65c2d45824d8fbee993d00102696e6ca62d466f.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\0d51dea89adc781645bb9845e65c2d45824d8fbee993d00102696e6ca62d466f.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:40 文件监控 发现威胁aimware.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\aimware.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:32 文件监控 发现威胁Setup.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\Setup.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:31 文件监控 发现威胁file.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\file.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:12:31 文件监控 发现威胁file s.exe 文件路径:C:\Users\WDAGUtilityAccount\Desktop\infected20241020\file s.exe 相关进程:C:\Windows\Explorer.EXE
2024-10-20 13:10:13 产品升级 升级到版本25.00.10.33 ?? ???? ???? ?? ????
2024-10-20 13:16:50 C:\Windows\system32\cmd.exe/S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=[System.Security. Trojan.Dyloader/CMDL!1.C5C6 ?? C:\Windows\system32\cmd.exe
2024-10-20 13:16:12 C:\Windows\system32\cmd.exe/S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=[System.Security. Trojan.Dyloader/CMDL!1.C5C6 ?? C:\Windows\System32\cmd.exe
2024-10-20 13:15:02 C:\Windows\system32\cmd.exe/S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=[System.Security. Trojan.Dyloader/CMDL!1.C5C6 ?? C:\Windows\System32\cmd.exe
2024-10-20 13:14:37 C:\Windows\system32\cmd.exe/S /D /c" echo cls;powershell -w hidden;function decrypt_function($param_var){ $aes_var=::Create(); $aes_var.Mode=::CBC; $aes_var.Padding=[System.Security. Trojan.Dyloader/CMDL!1.C5C6 ?? C:\Windows\System32\cmd.exe
2024-10-20 13:14:14 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\42de2729a8457deb93859902fccecf16_virlock.exe Trojan.Generic@AI.100 ??
2024-10-20 13:13:29 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\23d5d2532d745bb0257a4e5c89a322673990e43268fe2d1dd836a319477d4f48.exe Dropper.Agent!8.2F ?? C:\Windows\Explorer.EXE
2024-10-20 13:13:29 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\d53a7df671c51cfcbe6526e499e50664d129e9c80dfd44dde860bae39542c4e1.exe Backdoor.njRAT!1.9E49 ?? C:\Windows\Explorer.EXE
2024-10-20 13:13:28 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\2cfc6fe46f2025a7aeab3dbb5d271c49cb3341545313582ab6603351e75ee19c.exe Trojan.Exnet!8.11EDE ?? C:\Windows\Explorer.EXE
2024-10-20 13:13:28 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\7e2090c4d0b8a81537beba1a052e96fcd50fa9efe75cdff10452c96d1a6f759f.exe Trojan.Kryptik!8.8 ?? C:\Windows\Explorer.EXE
2024-10-20 13:13:27 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\1f28042480cd4617e127e0a40f0bd958bacba132d5d41a78a1a002529ed7b6da.exe Dropper.Agent!8.2F ?? C:\Windows\Explorer.EXE
2024-10-20 13:13:27 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\002ee006c22f11bc0ca54174aa801120194db34a8aa31211f8acd6be41e39b48.ps1 Trojan.PSCrypt/PS!1.D205 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:50 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\CypherRatV3.5Update7-24.exe Dropper.Dapato!8.2A2 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:46 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\file (2).exe Spyware.Agent!8.C6 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:45 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\ed0b5bd7d8876e3f806d2b5c5ea58211159f8ed2f820dc08ee7fe44dc715ee76.exe Trojan.Kryptik!8.8 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:44 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\db0b65e19c5b94fe2d42cabdc6f048db5447c6c3c63190ae0349f09568ab95c3.exe Trojan.AntiVM!1.CF63 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:44 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\e9e42a94ff935c92a96d56ac230cba9eb6bb95fb9defe94a2e017f6822c2f19c.exe Trojan.Generic!8.C3 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:43 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\adcff21b19c76c3d2146599e98f8e26283a8fdae5fb451faaa404c503c4855aa.exe Trojan.AntiVM!1.CF63 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:43 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\cfb2284581a02f2d451109559db3b36d3afad310ebf41b84a4d86b2768ec0c26.exe Trojan.Generic!8.C3 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:42 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\3d0a1f770b4f4be2a90e15fa29315199478f5c2c481fd9a1f1beb37eac46ed30.exe Trojan.AntiVM!1.CF63 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:42 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\92054411881f9d2321b1735ca6440be8268f5f43532836b6f3854e515ad736ac.exe Dropper.Agent!8.2F ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:41 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\2ad5d4d619b473d95309340e9373908c9904e7e995cd38ca4facf4497ce9a424.exe Trojan.AntiVM!1.CF63 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:40 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\aimware.exe Trojan.AntiVM!1.CF63 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:40 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\0d51dea89adc781645bb9845e65c2d45824d8fbee993d00102696e6ca62d466f.exe Backdoor.DcRat!8.129D9 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:32 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\Setup.exe Dropper.Agent!1.10426 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:31 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\file s.exe Trojan.Generic!8.C3 ?? C:\Windows\Explorer.EXE
2024-10-20 13:12:31 C:\Users\WDAGUtilityAccount\Desktop\infected20241020\file.exe Trojan.DInvoke!8.16EDB ?? C:\Windows\Explorer.EXE 是极安全测试的样本吗?卡饭的样本不用转了,谢谢,会有专人收集的 麦青儿 发表于 2024-10-22 16:55
是极安全测试的样本吗?卡饭的样本不用转了,谢谢,会有专人收集的
是卡饭的病毒样本;P
页:
[1]