8
[原创][庆祝建党]一次上当受骗的样本分析经验
source link: https://bbs.pediy.com/thread-268281.htm
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
[原创][庆祝建党]一次上当受骗的样本分析经验-软件逆向-看雪论坛-安全社区|安全招聘|bbs.pediy.com
样本sha1: 21766239b79ece18b15a03f4517f3be6ed9c07ed
今天工作时遇到一个样本,很小,只有4096字节,拖到虚拟机里运行直接退出了,但是在VT里查可以看到很多报毒
_________________________________________________________________________________|Bkav | W32.AIDetectVM.malware1||Elastic | malicious (high confidence)||MicroWorld-eScan | Trojan.GenericKD.42989135||ALYac | Trojan.GenericKD.42989135||VIPRE | Trojan.Win32.Generic!BT||Sangfor | Malware||K7AntiVirus | Trojan ( 0056483b1 )||BitDefender | Trojan.GenericKD.42989135||K7GW | Trojan ( 0056483b1 )||Cybereason | malicious.9b79ec||BitDefenderTheta | Gen:NN.ZexaF.34152.auW@ay!9nhc||Cyren | W32/Trojan.ETUW-3889||Symantec | ML.Attribute.HighConfidence||APEX | Malicious||Paloalto | generic.ml||Kaspersky | HEUR:Trojan.Win32.Generic||Alibaba | Trojan:Win32/MBRlock.df6e613f||NANO-Antivirus | Trojan.Win32.KillMBR.hjmtoj||AegisLab | Trojan.Win32.Generic.4!c||Tencent | Win32.Trojan.Generic.Ednp||Ad-Aware | Trojan.GenericKD.42989135||F-Secure | Trojan.TR/Ransom.MBRlock.rcdja||DrWeb | Trojan.KillMBR.24847||Zillya | Trojan.MBRlock.Win32.591||Invincea | heuristic||FireEye | Generic.mg.f1ddcdfec9784f92||Sophos | Troj/KillMBR-V||Jiangmin | Trojan.Generic.erchp||Avira | TR/Ransom.MBRlock.rcdja||Fortinet | W32/Generic.BF!tr.ransom||Antiy-AVL | Trojan/Win32.Wacatac||Arcabit | Trojan.Generic.D28FF64F||ViRobot | Trojan.Win32.Z.Wacatac.4096.Q||Microsoft | Trojan:Win32/Occamy.C50||AhnLab-V3 | Malware/Win32.Generic.C4087080||McAfee | RDN/Ransom||MAX | malware (ai score=83)||VBA32 | Trojan.Occamy||Panda | Trj/GdSda.A||ESET-NOD32 | a variant of Win32/MBRlock.BF||Rising | Trojan.MBRlock!8.751 (CLOUD)||Yandex | Trojan.MBRlock!fGxkbNwgCDw||SentinelOne | DFI - Malicious PE||eGambit | Unsafe.AI_Score_99%||GData | Trojan.GenericKD.42989135||AVG | Win32:TrojanX-gen [Trj]||Avast | Win32:TrojanX-gen [Trj]||CrowdStrike | win/malicious_confidence_80% (W)||Qihoo-360 | Generic/HEUR/QVM20.1.8F85.Malware.Gen|---------------------------------------------------------------------------------Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK