12
返回列表 发新帖
楼主: IllusionWing
收起左侧

[病毒样本] WisdomEyes?

[复制链接]
,就一个.
发表于 2017-7-12 20:26:45 | 显示全部楼层
AVA 25.13331
GD 25.9983

*** Process ***

Process: 3160
File name: win32.exe
Path: c:\users\administrator\appdata\local\temp\win32.exe

Publisher: Unknown publisher
Creation date: 2017年7月12日 20:25:56
Modification date: 2017年7月12日 20:25:56

Started by: win32.exe
Publisher: Unknown publisher


*** Actions ***

The program is trying to create a startup item to launch a program automatically at system startup.
An unknown process was accessed.
The program has read data from its own program file.
A suspicious location is referenced in startup.


*** Quarantine ***

The following files were moved into quarantine:
C:\Users\Administrator\AppData\Local\Temp\Hoofbeat.cab
C:\Users\Administrator\AppData\Local\Temp\distraints.dll
C:\Users\Administrator\AppData\Local\Temp\nsbF5D8.tmp\System.dll
C:\Users\Administrator\AppData\Local\Temp\win32.exe

The following registry entries were deleted:

\registry\machine\software\wow6432node\microsoft\windows\currentversion\run || 69367272d32c3d2bd325558e8f1c924d
\registry\user\s-1-5-21-3791087008-2748381550-4144482455-500\software\microsoft\windows\currentversion\run || 69367272d32c3d2bd325558e8f1c924d

YGLhvZIPLCdnYmJycgYuJygnJycHp0InKCYmdIJwKycoJiYnCMhygmJicoKALidnYmJycga5YuG9gg/ZcnIG2nJyYmJycsAqJycmJicHj3JyJycpJw6fcnJiYnJycKdycgaHLCdnYmJycganKx2MNWYrKB2MNWYrJx2MNWYrB+coJ3iA+3KCcnJycoC+crJyknKCAAA
Rules version: 5.0.148
OS: Windows 10.0 Service Pack 0.0 Build: 14393 - Workstation 64bit OS
dll version: 70613

"C:\Users\Administrator\AppData\Local\Temp\win32.exe"
MD5: 5C496D92379CD0B85FFAFC80D2B3F94A
"C:\Users\Administrator\AppData\Local\Temp\win32.exe"
MD5: 5C496D92379CD0B85FFAFC80D2B3F94A
LSPD
发表于 2017-7-15 20:15:21 | 显示全部楼层
,就一个. 发表于 2017-7-12 18:45
诺顿能拦截的 狗狗也可以的

可疑文件: backup wallet.exe

狗狗?
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|优惠券| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.3( 苏ICP备07004770号 ) GMT+8, 2017-9-24 11:16 , Processed in 0.079757 second(s), 6 queries , MemCache On.

快速回复 返回顶部 返回列表