ElementPsi
0
业力
用户评论的正面和负面反应总和
访客
{online_note}
评论 1
Трейнер / Trainer (+14) [2.0] [h4x0r]
4 周
请勿解压!解压后包含自安装木马(里面有第二个压缩包):
下载页面上的文件报告是错误的,扫描无法通过双重加密(密码保护)。因为里面有一个.zip:
-文件包含后门BScope.Backdoor.Bifrose !
-这是实际内容的扫描结果,去掉密码保护后:
(我无法直接发布链接,
请访问virustotal ... gui / file / e42dc91c66e33d349e005bb13d16add152881e2acbb7867865fac32ad9ed34ad
(你必须去掉空格并输入网站名称)
VGTimes应该显示这个(这是中间的扫描报告),3个标志:
这是扫描结果链接的结尾:/ 02e3fd01436077a65e87fcea67e5398a5f16698202bcfc45c48bb89177c80c0c
所以,它是双重密码保护的,大小刚超过3mb,显然是为了隐藏它以避免扫描。
测试:解压一次。现在你需要用允许输入密码的AV进行扫描。顺便说一下,密码是一样的。不要解压第二个,或者如果没有经验,根本不要解压。
下载页面上的文件报告是错误的,扫描无法通过双重加密(密码保护)。因为里面有一个.zip:
-文件包含后门BScope.Backdoor.Bifrose !
-这是实际内容的扫描结果,去掉密码保护后:
(我无法直接发布链接,
请访问virustotal ... gui / file / e42dc91c66e33d349e005bb13d16add152881e2acbb7867865fac32ad9ed34ad
(你必须去掉空格并输入网站名称)
VGTimes应该显示这个(这是中间的扫描报告),3个标志:
这是扫描结果链接的结尾:/ 02e3fd01436077a65e87fcea67e5398a5f16698202bcfc45c48bb89177c80c0c
所以,它是双重密码保护的,大小刚超过3mb,显然是为了隐藏它以避免扫描。
测试:解压一次。现在你需要用允许输入密码的AV进行扫描。顺便说一下,密码是一样的。不要解压第二个,或者如果没有经验,根本不要解压。
评论已翻译 显示原文 (EN)显示翻译 (ZH-CN)
Do not unpack! Contains self-installing trojan upon unzipping (2nd zip inside it):
File report on download page is false, the scan doesn't go through the double-encryption (password-protection). Because there is a .zip inside a .zip:
-File contains backdoor BScope.Backdoor.Bifrose !
- Here is the scan result of the actual content, after PW-protection removed:
(I can't post links directly,
Go to virustotal ... gui / file / e42dc91c66e33d349e005bb13d16add152881e2acbb7867865fac32ad9ed34ad
(you have to remove spaces and enter the website name)
VGTimes should show this (it's the middle scan report), 3 flags:
This is the ending of the scan result link: / 02e3fd01436077a65e87fcea67e5398a5f16698202bcfc45c48bb89177c80c0c
So, it is 2x password protected, and just above 3mb, apparently to hide it from scans.
For testing: Unpack once. Now you need to scan with an AV that allows to enter the password. By the way, same password. Don't unpack second one, or if in unexperienced, don't unpack at all.
File report on download page is false, the scan doesn't go through the double-encryption (password-protection). Because there is a .zip inside a .zip:
-File contains backdoor BScope.Backdoor.Bifrose !
- Here is the scan result of the actual content, after PW-protection removed:
(I can't post links directly,
Go to virustotal ... gui / file / e42dc91c66e33d349e005bb13d16add152881e2acbb7867865fac32ad9ed34ad
(you have to remove spaces and enter the website name)
VGTimes should show this (it's the middle scan report), 3 flags:
This is the ending of the scan result link: / 02e3fd01436077a65e87fcea67e5398a5f16698202bcfc45c48bb89177c80c0c
So, it is 2x password protected, and just above 3mb, apparently to hide it from scans.
For testing: Unpack once. Now you need to scan with an AV that allows to enter the password. By the way, same password. Don't unpack second one, or if in unexperienced, don't unpack at all.