查看: 1118|回复: 2
收起左侧

[求助] Hitmanpro.Alert 杀百度云

[复制链接]
68221281
发表于 2017-4-17 10:24:32 | 显示全部楼层 |阅读模式
[CSS] 纯文本查看 / 双击代码区域 Ctrl+A快速复制
Mitigation   ROP

Platform     6.1.7601/x64 v588 06_3a
PID          6856
Application  D:\BaiduNetdisk\BaiduNetdisk.exe
Description  BaiduNetdisk 5.5.4

Callee Type  AllocateVirtualMemory

Branch Trace                      Opcode  To                              
-------------------------------- -------- --------------------------------
0x01720C9E BaiduNetdisk.exe        ~ RET* 0x012A4010 BaiduNetdisk.exe     
            55                       PUSH         EBP
            8bec                     MOV          EBP, ESP
            6aff                     PUSH         -0x1
            6890cc5401               PUSH         DWORD 0x154cc90
            64a100000000             MOV          EAX, [FS:0x0]
            50                       PUSH         EAX
            83ec40                   SUB          ESP, 0x40
            a100406801               MOV          EAX, [0x1684000]
            33c5                     XOR          EAX, EBP
            8945ec                   MOV          [EBP-0x14], EAX
            53                       PUSH         EBX
            56                       PUSH         ESI
            57                       PUSH         EDI
            50                       PUSH         EAX
            8d45f4                   LEA          EAX, [EBP-0xc]
            64a300000000             MOV          [FS:0x0], EAX
                                 (1D8504C6FDC04426)


0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x01720C68 BaiduNetdisk.exe     
            8be5                     MOV          ESP, EBP
            5b                       POP          EBX
            5f                       POP          EDI
            5d                       POP          EBP
            81ee874a614b             SUB          ESI, 0x4b614a87
            35bf065d09               XOR          EAX, 0x95d06bf
            660fb6d6                 MOVZX        DX, DH
            5a                       POP          EDX
            87f1                     XCHG         ECX, ESI
            0fbdf5                   BSR          ESI, EBP
            9d                       POPF        
            f7d6                     NOT          ESI
            6698                     CBW         
            668bf3                   MOV          SI, BX
            5e                       POP          ESI
            f7d0                     NOT          EAX
                                 (7DD105EEA4C58346)


0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x0170FED1 BaiduNetdisk.exe     
            8db6ffffffff             LEA          ESI, [ESI-0x1]
            0fb606                   MOVZX        EAX, BYTE [ESI]
            84e9                     TEST         CL, CH
            32c3                     XOR          AL, BL
            fec8                     DEC          AL
            f5                       CMC         
            d0c8                     ROR          AL, 0x1
            84f2                     TEST         DL, DH
            2c2a                     SUB          AL, 0x2a
            d0c8                     ROR          AL, 0x1
            32d8                     XOR          BL, AL
            6685d5                   TEST         BP, DX
            3be7                     CMP          ESP, EDI
            8b0404                   MOV          EAX, [ESP+EAX]
            85e3                     TEST         EBX, ESP
            e9ee5fffff               JMP          0x1705ee8
                                 (75BC095CA31A78FF)


0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x018305CD BaiduNetdisk.exe     
            8db6ffffffff             LEA          ESI, [ESI-0x1]
            f6d4                     NOT          AH
            0fb606                   MOVZX        EAX, BYTE [ESI]
            f9                       STC         
            32c3                     XOR          AL, BL
            e98592f2ff               JMP          0x1759865


0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x016F9D3F BaiduNetdisk.exe     
            8db6ffffffff             LEA          ESI, [ESI-0x1]
            661df337                 SBB          AX, 0x37f3
            85cf                     TEST         EDI, ECX
            0fb606                   MOVZX        EAX, BYTE [ESI]
            e92c6c1400               JMP          0x184097f


0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x016E36E1 BaiduNetdisk.exe     
            81ee01000000             SUB          ESI, 0x1
            660fbbe0                 BTC          AX, SP
            0fb606                   MOVZX        EAX, BYTE [ESI]
            32c3                     XOR          AL, BL
            e93f9a1000               JMP          0x17ed134


0x017D9B15 BaiduNetdisk.exe        ~ RET  0x017CF6A0 BaiduNetdisk.exe     

0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x017EA191 BaiduNetdisk.exe     
            8db6ffffffff             LEA          ESI, [ESI-0x1]
            660fbbd0                 BTC          AX, DX
            0fb606                   MOVZX        EAX, BYTE [ESI]
            66a98c24                 TEST         AX, 0x248c
            3bf1                     CMP          ESI, ECX
            32c3                     XOR          AL, BL
            e9cbc7f1ff               JMP          0x1706976


0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x016E6B70 BaiduNetdisk.exe     
            81ee01000000             SUB          ESI, 0x1
            0f91c4                   SETNO        AH
            0fb606                   MOVZX        EAX, BYTE [ESI]
            6685c1                   TEST         CX, AX
            32c3                     XOR          AL, BL
            e91d470000               JMP          0x16eb2a3


0x01794B88 BaiduNetdisk.exe        ~ RET* 0x017E9A1B BaiduNetdisk.exe     
            8db6ffffffff             LEA          ESI, [ESI-0x1]
            c0c4c2                   ROL          AH, 0xc2
            0fb606                   MOVZX        EAX, BYTE [ESI]
            85ee                     TEST         ESI, EBP
            32c3                     XOR          AL, BL
            e9a4d5f2ff               JMP          0x1716fd4


0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x018204C3 BaiduNetdisk.exe     
            8b442500                 MOV          EAX, [EBP+0x0]
            8b4c2504                 MOV          ECX, [EBP+0x4]
            03c1                     ADD          EAX, ECX
            89442504                 MOV          [EBP+0x4], EAX
            9c                       PUSHF       
            660fa4e09c               SHLD         AX, SP, 0x9c
            c1e05a                   SHL          EAX, 0x5a
            8f442500                 POP          DWORD [EBP+0x0]
            81ee04000000             SUB          ESI, 0x4
            351b5a6656               XOR          EAX, 0x56665a1b
            04a4                     ADD          AL, 0xa4
            66d3d0                   RCL          AX, CL
            8b06                     MOV          EAX, [ESI]
            33c3                     XOR          EAX, EBX
            48                       DEC          EAX
            35830c2a23               XOR          EAX, 0x232a0c83
                                 (AE1CABE3950308D9)


0x017D9B15 BaiduNetdisk.exe        ~ RET* 0x0172E126 BaiduNetdisk.exe     
            81ee01000000             SUB          ESI, 0x1
            98                       CWDE        
            0fb606                   MOVZX        EAX, BYTE [ESI]
            81ff98404c0a             CMP          EDI, 0xa4c4098
            32c3                     XOR          AL, BL
            e9dd3fffff               JMP          0x172211a


0x01773022 BaiduNetdisk.exe        ~ RET* 0x0174A2DA BaiduNetdisk.exe     
            8db6ffffffff             LEA          ESI, [ESI-0x1]
            66d3c8                   ROR          AX, CL
            0fb606                   MOVZX        EAX, BYTE [ESI]
            0fc9                     BSWAP        ECX
            66d3e1                   SHL          CX, CL
            660fabc9                 BTS          CX, CX
            32c3                     XOR          AL, BL
            fecd                     DEC          CH
            fec8                     DEC          AL
            0fbfc9                   MOVSX        ECX, CX
            d0c8                     ROR          AL, 0x1
            2c2a                     SUB          AL, 0x2a
            c0d9fe                   RCR          CL, 0xfe
            d0c8                     ROR          AL, 0x1
            c0cd22                   ROR          CH, 0x22
            c0d556                   RCL          CH, 0x56
                                 (F899C6E4A444F537)


Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  7677F0CC KernelBase.dll           VirtualAllocEx +0x44
2  7677F13D KernelBase.dll           VirtualAlloc +0x18

3  012A4052 BaiduNetdisk.exe        
            8bd8                     MOV          EBX, EAX
            85db                     TEST         EBX, EBX
            0f8487020000             JZ           0x12a42e3
            c745d800000000           MOV          DWORD [EBP-0x28], 0x0
            6884bd5a01               PUSH         DWORD 0x15abd84
            c745fc00000000           MOV          DWORD [EBP-0x4], 0x0
            ff15d8265801             CALL         DWORD [0x15826d8]
            8bf0                     MOV          ESI, EAX
            8975c0                   MOV          [EBP-0x40], ESI
            85f6                     TEST         ESI, ESI
            750a                     JNZ          0x12a4088
            680e000780               PUSH         DWORD 0x8007000e
            e8689aeeff               CALL         0x118daf0
            8d45d8                   LEA          EAX, [EBP-0x28]
            c645fc01                 MOV          BYTE [EBP-0x4], 0x1

4  0177239F BaiduNetdisk.exe        
5  012180C5 BaiduNetdisk.exe        
6  014AF243 BaiduNetdisk.exe        
7  753C336A kernel32.dll             BaseThreadInitThunk +0x12
8  77899902 ntdll.dll                RtlInitializeExceptionChain +0x63
9  778998D5 ntdll.dll                RtlInitializeExceptionChain +0x36

Process Trace
1  D:\BaiduNetdisk\BaiduNetdisk.exe [6856]
2  C:\Windows\explorer.exe [3636]
3  C:\Windows\System32\userinit.exe [3432]
4  C:\Windows\System32\winlogon.exe [896]
winlogon.exe

Thumbprint
690094853dbd6c44e05e1b276e760709d5dc5b518508e6909e6a18f4d3ac03ea

ylmfhhh
发表于 2017-4-17 10:33:03 | 显示全部楼层
Emsisoft也杀百度云
68221281
 楼主| 发表于 2017-4-17 10:45:08 | 显示全部楼层
ylmfhhh 发表于 2017-4-17 10:33
Emsisoft也杀百度云

我这里的ekk是扫描器只杀百度云的某几个注册表,报THhelper,但是主程序是不杀的。
但这里hitmanpro报的是反漏洞,并且以前是不报的。不知道是不是升级的原因。还是有点担心,毕竟这个是要联网的,百度家的东西之前就被报过有漏洞,容易被用来执行远程代码。
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|优惠券| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.3( 苏ICP备07004770号 ) GMT+8, 2017-5-25 01:41 , Processed in 0.097926 second(s), 5 queries , MemCache On.

快速回复 返回顶部 返回列表