Posts

Showing posts from November, 2017

满血满魔,原地复活!

好了,满血满魔,原地复活!
帝都某处的一场大火,再加上人口控制的压力,让整个帝都的外来人员都陷入了恐慌之中。
当然,我也属于这群人中的一个,虽然情况相比起来算是好很多的,但是仍然是有概率“中奖”的。
实际上我并没有“中奖”,但是在某一刻,我感觉我自己和“大奖”擦肩而过。
与其等着概率性被拆,不如主动行动起来去寻找新的住处。现在一切恢复正常,我换了一间非隔断的房间,今天一下午把所有东西搬了过去。
明天还有一天的缓冲时间,还有一些事情需要处理,剩下的时间可以好好休息下,准备周三恢复正常工作,还有正常的生活。
===============================
与“大奖”擦肩而过的那一刻:
我在第n轮搬东西的时候,下电梯正好碰到几个人,戴着什么工作证之类的,当时就感觉情况有些不妙。走出大厅后听见几个常住居民在外面议论那堆人进去干嘛,有几个人就说应该是来检查群租房的...

VC52 Malware Sample Test(2017.11.24)

Database Version: 2017.11.24.01
Heuristic Engine: Enabled
Cloud Engine: Disabled
Detection Rate: 7/100(5 by Signature, 2 by Heuristic)
====================
Malware Samples from VC52 have the lowest priority for me to process, if you see [To Be Analyzed] from the following detailed information, it means at that time I have sample which is more important for me to be processed.
====================
Total Clean File Count: 11
Clean File List:
016.vir: Brave Web Browser portable
019.vir: Hawaii Bios Reader
030.vir
051.vir
059.vir: Paket
063.vir
083.vir
090.vir
091.vir: KMS Activate Script
093.vir: GOM Player UnInstaller
097.vir: FP from Heuristic Engine, removed already
====================
Something needed to mention:
075.vir: Malicious, try to plug-in an USB drive, you will get a surprise. Or just analyze it with IDA Pro
====================
Malware Download URL: https://pan.baidu.com/s/1eSMsUie
Access Password: ixa2
Archive Password: http://bbs.vc52.cn

VC52 Malware Sample Test(2017.11.17)

Database Version: 2017.11.16.01
Heuristic Engine: Enabled
Cloud Engine: Disabled
Detection Rate: 12/100(7 by Signature, 5 by Heuristic)
====================
Malware Samples from VC52 have the lowest priority for me to process, if you see [To Be Analyzed] from the following detailed information, it means at that time I have sample which is more important for me to be processed.
====================
Total Clean File Count: 15
Clean File List:
001.vir: Module of GoodbyeDPI
011.vir: Bash Script
023.vir: Nvidia UnInstaller
025.vir: Corrupted PE file
047.vir: Bat2Exe
048.vir
062.vir
068.vir: Corrupted  PE file
071.vir: Module of GoodbyeDPI
080.vir
082.vir
083.vir: local signature FP, will be removed on the next update
084.vir: Wordlist Generator
091.vir: local signature FP, will be removed on the next update
094.vir
====================
Something needed to mention:
007, 017, 026, 051, 079.vir: malicious
====================
Malware Download URL: https://pan.baidu.com/s/1hr3HmqK
Access Passw…

X-Sec Antivirus开发者日志 - 常规病毒特征数破6k

刚刚统计了下,X-Sec Antivirus的常规病毒特征数破6000条了。
讲真,等之后新的特征格式出来后,特征数会增加的更快。
当前的特征格式局限性还是挺大的,导致部分样本想提特征但是没有办法,最后hash拉黑了事。
看到这6k+条特征,让我不得不想起以前疯狂加特征的那段日子了,早期X-Sec Antivirus还没正式对外放出的时候就开始加特征。
记得最开始加特征处理的病毒叫做“犇牛病毒”(第一个字读bēn,你要是读“四牛病毒”我也没办法),如果不知道这是啥病毒的话我可以换个更接地气的称呼:usp10病毒、lpk病毒。就算是目前我也不敢保证X-Sec Antivirus对这玩意做到了检测全面覆盖,毕竟从我第一次对其进行针对性处理之后,后续我还是多次对其补了检测特征。
然后在2014年的时候,对国产的单文件远控木马进行了针对性的处理(处理了上千个文件),只不过至今还有不少漏网之鱼(虽然检测率还是挺可观的)
之后,还有对精睿样本包内常见样本的针对性处理,还有对国产流氓软件下载器的针对性处理。只不过这两类都没有之前提到的处理犇牛病毒和国产远控木马那么疯狂,那么的印象深刻。

VC52 Malware Sample Test(2017.11.10)

Database Version: 2017.11.08.01
Heuristic Engine: Enabled
Cloud Engine: Disabled
Detection Rate: 13/100(8 by Signature, 5 by Heuristic)
====================
Malware Samples from VC52 have the lowest priority for me to process, if you see [To Be Analyzed] from the following detailed information, it means at that time I have sample which is more important for me to be processed.
====================
Total Clean File Count: 17
Clean File List:
002.vir
004.vir
008.vir
023.vir
028.vir: Sysinternals - AccessChk
032.vir: Winbox(Heuristic Engine got a false positive, already removed)
036.vir: NirCmd(Heuristic Engine got a false positive, already removed)
039.vir
043.vir: Bat2Exe
049.vir
050.vir: WeChat 3rd-party client
051.vir: Youtube Video Downloader
055.vir
067.vir: Installer for Squirrel-based applications
073.vir
087.vir
091.vir: NSIS-based UnInstaller
====================
Something needed to mention:
096.vir: Backdoor.NanoCore Embedded
====================
Malware Download URL: https://…

VC52 Malware Sample Test(2017.11.03)

From the beginning of this test, I will post the detection rate of X-Sec Antivirus no matter the result is good or bad.
Database Version: 2017.11.02.01
Heuristic Engine: Enabled
Cloud Engine: Disabled
Detection Rate: 10/100(4 by Signature, 6 by Heuristic)
====================
Malware Samples from VC52 have the lowest priority for me to process, if you see [To Be Analyzed] from the following detailed information, it means at that time I have sample which is more important for me to be processed.
====================
Total Clean File Count: 13
Clean File List:
009.vir
016.vir: Oh, seems like a real Gift Card Bot
031.vir: Auto Vote Tool
038.vir
041.vir: Only contain encoded codes, no decode function
044.vir
049.vir: A fake ransomware, it's a joke
053.vir
055.vir: A command-line program
079.vir: MT Backup
085.vir: Password-Protected WinRAR SFX Archive
095.vir: Click-to-Run Software Installer(Heuristic Engine got a false positive, already removed)
099.vir: Very simple Batch Script
====…