收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 来吧,看Comodo拦截记录你就知道什么叫动作片了!!一窝 ...
12345下一页
返回列表 发新帖
查看: 8156|回复: 45
收起左侧

[可疑文件] 来吧,看Comodo拦截记录你就知道什么叫动作片了!!一窝十个!!!先放拦截记录(更)

[复制链接]
firefox3
发表于 2012-12-27 19:41:34 | 显示全部楼层 |阅读模式
本帖最后由 firefox3 于 2012-12-27 20:26 编辑

来张全家福



不提供论坛下载,测试请PM网盘


https://www.virustotal.com/file/ ... nalysis/1356609286/
SHA256: bf3370d672b04c64c989c6b164b44bb7a08cfbecd331939d138b93843e4f2e1e
SHA1: ed988e623a673241dc6618da8253af74cf479631
MD5: b446254278f5c357bbfce02673590456
File size: 225.7 KB ( 231153 bytes )  
File name: 9A052F91580.zip
File type: ZIP
Detection ratio: 1 / 45
Analysis date: 2012-12-27 11:54:46 UTC ( 1 分钟 ago )  

https://www.virustotal.com/file/ ... nalysis/1356609294/
SHA256: 6fc510b2a8b8e4bee8cf5f719323f2772a108bad1703f5383d685e9e2da55918
SHA1: c71563d64aae03e4ed0e4332a0433dd9f4edd56b
MD5: 93b1e470bc2356d31cc3dc966a59eb82
File size: 564.5 KB ( 578093 bytes )  
File name: 0190ed15.zip
File type: ZIP
Detection ratio: 2 / 46
Analysis date: 2012-12-27 11:54:54 UTC ( 1 分钟 ago )  

https://www.virustotal.com/file/ ... nalysis/1356609289/
SHA256: 6a7c9189c003e0d46b9a38166e0d4d0b644702da791270dad651e05bae73851c
SHA1: 8b199e32535e996c0e0d82accdfa9b3d0a52f94e
MD5: 49c824c2dcd96d20e60f946c7892926c
File size: 48.8 KB ( 49920 bytes )  
File name: 01917a90.zip
File type: ZIP
Detection ratio: 0 / 45
Analysis date: 2012-12-27 11:54:49 UTC ( 1 分钟 ago )

https://www.virustotal.com/file/ ... nalysis/1356609299/
SHA256: e06f07a9102517408f9f466958a3cf478ce6d3c10d783fbfe4152dc9afc032bc
SHA1: 09c5107d80e33a59fdce74bf63b1cbe053639cbf
MD5: 2f49d7f1742ba583a497621e55e43c8c
File size: 49.1 KB ( 50305 bytes )  
File name: 25648890.zip
File type: ZIP
Detection ratio: 1 / 42
Analysis date: 2012-12-27 11:54:59 UTC ( 1 分钟 ago )

https://www.virustotal.com/file/ ... nalysis/1356609310/
SHA256: 0b12d1bc280eac138c7672c42ea0d53195b1eda9eac61e0c69353abb0a58f283
SHA1: 12b675f4e128f21ff177c9255b15af70c6692d72
MD5: 840b7d97a169b452893667babdbec5fc
File size: 52.6 KB ( 53816 bytes )  
File name: 25690562.zip
File type: ZIP
Detection ratio: 8 / 42
Analysis date: 2012-12-27 11:55:10 UTC ( 1 分钟 ago )

https://www.virustotal.com/file/ ... nalysis/1356610000/
SHA256: f7191dc7fc789a6f2f5cc3b03e7099cda37c18ae458499f8644ff1aa62cd3864
SHA1: f517e624933b26693e0a1f04f7c48f3ca8644c8b
MD5: f0a3aee68aaf22caf3a5a00872517926
File size: 228 字节 ( 228 bytes )  
File name: 25863640.zip
File type: ZIP
Detection ratio: 0 / 46
Analysis date: 2012-12-27 12:06:40 UTC ( 0 分钟 ago )  

https://www.virustotal.com/file/ ... nalysis/1356610008/
SHA256: c42790de1b35ac67d66a18500403dba5779b7b65570f0b23b8f2e62a2f9657f7
SHA1: e45478f5d95add2a54544980912335fbfc885741
MD5: 0facf99a07d17363abd64a53340cdb8d
File size: 49.1 KB ( 50301 bytes )  
File name: msaurw.zip
File type: ZIP
Detection ratio: 1 / 46
Analysis date: 2012-12-27 12:06:48 UTC ( 1 分钟 ago )  

https://www.virustotal.com/file/ ... nalysis/1356610018/
SHA256: 0329d6b212ae4363bfe0f2246e5d3e8bd9551a047126c2f3bea10cfdabe515bb
SHA1: 9538ee52816449f68a46a1f07fecfb9d31acbca9
MD5: 08cc2ae1f914d8a929034e6da50f3b5d
File size: 48.8 KB ( 49927 bytes )  
File name: wgsdgsdgdsgsd.zip
File type: ZIP
Detection ratio: 1 / 46
Analysis date: 2012-12-27 12:06:58 UTC ( 1 分钟 ago )  

https://www.virustotal.com/file/ ... nalysis/1356610027/
SHA256: 70e8690175add6800ac4566f31bc88c5d469f2229f2b8bcc5b20ccdf51b299e1
SHA1: 502a20edb3bbf2a070da9ebc6f4aba040c4244e2
MD5: c5807621debf0a34558b41bda989c960
File size: 1.4 KB ( 1439 bytes )  
File name: YYYE0.zip
File type: ZIP
Detection ratio: 1 / 44
Analysis date: 2012-12-27 12:07:07 UTC ( 1 分钟 ago )  

https://www.virustotal.com/file/ ... nalysis/1356610028/
SHA256: db9bc2d16769e00319669262d260a5d9bf14ae61e520f3ca34a3561ba34698a9
SHA1: 5240281febddf213dc0e155151289ace7a491b78
MD5: 273d3c4c068c3cae98172f36503ff87e
File size: 1.4 KB ( 1439 bytes )  
File name: YYYE3.zip
File type: ZIP
Detection ratio: 1 / 46
Analysis date: 2012-12-27 12:07:08 UTC ( 0 分钟 ago )  

  
再看Comodo拦截记录:(全程允许)

2012-12-27 19:22:48         C:\Program Files\Internet Explorer\iexplore.exe         创建进程         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe

2012-12-27 19:23:06         C:\Program Files\Internet Explorer\iexplore.exe         创建进程         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe

2012-12-27 19:23:23         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         创建进程         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe

2012-12-27 19:23:31         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         访问COM接口         LocalSecurityAuthority.Tcb

2012-12-27 19:23:37         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         访问COM接口         LocalSecurityAuthority.Backup

2012-12-27 19:23:40         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         访问COM接口         LocalSecurityAuthority.Restore

2012-12-27 19:23:51         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files

2012-12-27 19:23:56         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\History

2012-12-27 19:23:59         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\History\History.IE5

2012-12-27 19:24:02         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         DNS/RPC 客户端访问         \RPC Control\DNSResolver

2012-12-27 19:24:56         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe

2012-12-27 19:25:51         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe

2012-12-27 19:26:00         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\25690562.exe

2012-12-27 19:26:26         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe

2012-12-27 19:26:30         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         创建进程         C:\WINDOWS\system32\ipconfig.exe

2012-12-27 19:26:42         C:\Documents and Settings\Administrator\Local Settings\Temp\25690562.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\25690562.exe

2012-12-27 19:26:45         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         创建进程         C:\WINDOWS\system32\wuauclt.exe

2012-12-27 19:28:09         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe

2012-12-27 19:28:14         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         访问内存         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe

2012-12-27 19:28:39         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe

2012-12-27 19:29:04         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\25863640.bat

2012-12-27 19:29:54         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe

2012-12-27 19:29:58         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Program Files\SogouExplorer\SogouExplorer.exe

2012-12-27 19:30:01         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         创建进程         C:\WINDOWS\system32\cmd.exe

2012-12-27 19:30:03         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\WINDOWS\system32\alg.exe

2012-12-27 19:30:07         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe         访问内存         C:\Documents and Settings\Administrator\Local Settings\Temp\25863640.bat

2012-12-27 19:30:10         C:\Documents and Settings\Administrator\Local Settings\Temp\25863640.bat         修改文件         C:\Documents and Settings\Administrator\wgsdgsdgdsgsd.exe

2012-12-27 19:30:12         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Program Files\Internet Explorer\iexplore.exe

2012-12-27 19:30:17         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Program Files\SogouInput\6.3.0.8227\SogouCloud.exe

2012-12-27 19:30:21         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe

2012-12-27 19:30:25         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         修改文件         C:\config.bin

2012-12-27 19:30:35         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\WINDOWS\system32\wuauclt.exe

2012-12-27 19:30:37         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         修改文件         C:\config.bin\9A052F91580.exe

2012-12-27 19:30:43         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         修改文件         C:\config.bin

2012-12-27 19:31:14         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         创建进程         C:\config.bin\9A052F91580.exe

2012-12-27 19:31:17         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         修改文件         C:\config.bin\9A052F91580.exe

2012-12-27 19:31:46         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\config.bin\9A052F91580.exe

2012-12-27 19:31:58         C:\config.bin\9A052F91580.exe         创建进程         C:\config.bin\9A052F91580.exe

2012-12-27 19:32:01         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         修改文件         C:\config.bin

2012-12-27 19:32:05         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         创建进程         C:\config.bin\9A052F91580.exe

2012-12-27 19:32:37         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Program Files\SogouExplorer\SogouExplorer.exe

2012-12-27 19:32:46         C:\config.bin\9A052F91580.exe         创建进程         C:\config.bin\9A052F91580.exe

2012-12-27 19:32:49         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\WINDOWS\system32\alg.exe

2012-12-27 19:32:51         C:\config.bin\9A052F91580.exe         访问内存         C:\config.bin\9A052F91580.exe

2012-12-27 19:32:55         C:\config.bin\9A052F91580.exe         修改文件         C:\config.bin\F5D73B72C4CFA29

2012-12-27 19:33:00         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Program Files\Internet Explorer\iexplore.exe

2012-12-27 19:33:03         C:\config.bin\9A052F91580.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\YYYE0.exe

2012-12-27 19:33:52         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Program Files\SogouInput\6.3.0.8227\SogouCloud.exe

2012-12-27 19:34:25         C:\Documents and Settings\Administrator\Local Settings\Temp\25839625.exe         访问内存         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe

2012-12-27 19:34:29         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         修改文件         C:\config.bin

2012-12-27 19:34:33         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         修改文件         C:\config.bin\9A052F91580.exe

2012-12-27 19:34:38         C:\Documents and Settings\Administrator\Local Settings\Temp\25648890.exe         创建进程         C:\config.bin\9A052F91580.exe

2012-12-27 19:35:05         C:\config.bin\9A052F91580.exe         创建进程         C:\config.bin\9A052F91580.exe

报告结束

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

ytysh
发表于 2012-12-27 19:55:52 | 显示全部楼层
求样本
回复

举报

skilly
发表于 2012-12-27 20:27:02 | 显示全部楼层
   好久没来关照楼主的样本了,可以来一发么?
回复

举报

firefox3
 楼主| 发表于 2012-12-27 20:45:04 | 显示全部楼层
skilly 发表于 2012-12-27 20:27
好久没来关照楼主的样本了,可以来一发么?

你测试什么
回复

举报

firefox3
 楼主| 发表于 2012-12-27 20:45:20 | 显示全部楼层
ytysh 发表于 2012-12-27 19:55
求样本

你测试什么
回复

举报

katatlove
发表于 2012-12-27 21:37:30 | 显示全部楼层
本帖最后由 katatlove 于 2012-12-27 22:31 编辑

东西太多,先贴BD的吧
双击漏掉的文件,  25863640.bat,  YYYE0.exe , YYYE3.exe
重起后拿360全盘扫描无异常
xuetr 启动项和进程看不懂,东西太多... 先贴2个图,悲剧,有一个图贴不下了

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

firefox3
 楼主| 发表于 2012-12-27 21:43:17 | 显示全部楼层
katatlove 发表于 2012-12-27 21:37
东西太多,先贴BD的吧
双击漏掉的文件,  25863640.bat,  YYYE0.exe , YYYE3.exe
重起后拿360全盘扫描无异 ...

BD过关了   继续 BG
回复

举报

175137038
发表于 2012-12-27 21:51:54 | 显示全部楼层
temp里的是释放的还是后台下载的?
回复

举报

firefox3
 楼主| 发表于 2012-12-27 21:53:24 | 显示全部楼层
175137038 发表于 2012-12-27 21:51
temp里的是释放的还是后台下载的?

你没看记录吗
回复

举报

firefox3
 楼主| 发表于 2012-12-27 21:55:45 | 显示全部楼层
175137038 发表于 2012-12-27 21:51
temp里的是释放的还是后台下载的?

给你两个过ESET的?让你痛苦一下?
回复

举报

下一页 »
12345下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-2 16:44 , Processed in 0.128883 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表