(origin:
https://bbs.kafan.cn/thread-2162641-1-1.html)
https://www.lanzous.com/i6v7gxi有三个sys文件,其中8KB的VT上看可能也是有问题的:
Signature Match - THOR APT Scanner
Detection
============================
Rule: SUSP_XORED_DOS_DefaultStub
Rule Set: Suspicious Indicators
Rule Type: VALHALLA rule feed only
Description: Detects XORED DOS Default Stub
Reference: Internal Research
Author: Florian Roth
Score: 40
Detection Snapshot
============================
Detection Timestamp: 2019-10-21 07:36
AV Detection Ratio: 0 / 57
NO AV DETECTION
#xored #dos #suspiciousindicators #susp_xored_dos_defaultstub
用户系统信息:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0