锁机+vpm

显示全部楼层 · 发表于 2017-7-14 12:14:48

本帖最后由引领四基生活于 2017-7-14 12:17 编辑

https://sendit.cloud/xpvb8hri8cxk

显示全部楼层 · 发表于 2017-7-14 12:23:30

火绒Kill

File_Analysis拦截并显示具体行为

载入OD，跑了一下，此处0012FCE8 00480951 ASCII "qazansheng"，密码：qazansheng

显示全部楼层 · 发表于 2017-7-14 12:17:40

显示全部楼层 · 发表于 2017-7-14 12:44:01

F-Secure Miss

Immunet Miss

显示全部楼层 · 发表于 2017-7-14 12:47:11

卡巴！！！

显示全部楼层 · 发表于 2017-7-14 13:08:26

SONAR杀☆子熙自瞄透视☆.vmp.exe，另一个过诺顿，电脑被强制重启！

显示全部楼层 · 发表于 2017-7-14 13:50:31

显示全部楼层 · 发表于 2017-7-14 14:18:07

小蜘蛛MISS
EEK miss

显示全部楼层 · 发表于 2017-7-14 14:31:00

Immunet 已经云响应 Kill 2x

显示全部楼层 · 发表于 2017-7-14 15:49:53

BB 双击双杀

AVA 25.13357
GD 25.9995

*** Process ***

Process: 1096
File name: ☆子熙自瞄透视☆.vmp.exe
Path: d:\360极速浏览器下载\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp.exe

Publisher: Unknown publisher
Creation date: 2017年7月14日 15:47:39
Modification date: 2017年6月16日 14:04:52

Started by: Explorer.EXE
Publisher: Microsoft Windows

*** Actions ***

The program has saved files in the system folder.
The program has created or manipulated an executable file.
The cloud server recognized this file and identified it as malicious.
The program has created or manipulated an executable file in the system folder.

*** Quarantine ***

The following files were moved into quarantine:
C:\Windows\SysWOW64\ESPI.dll
C:\Windows\SysWOW64\ESPI11.dll
D:\360极速浏览器下载\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp.exe

The following registry entries were deleted:

YHKCBi0nKCcoJgaHcoJygmJicCp0gkInKCYGt3KCcoJiYnAsJygnKCYGuXJyCexygnKCYmLALycoJygmBt5ikYLwKCcqJyomBu9ycnJyYmJwuHKCcoJiYnC6cqE1ZiwnF1pjxnJiYnCLcoJygmJicJtygnKCYmJwq3KicI5ycgn3KCcJ6ConCOgrJygmJicIAA
Rules version: 5.0.148
OS: Windows 10.0 Service Pack 0.0 Build: 14393 - Workstation 64bit OS
dll version: 70613

"D:\360极速浏览器下载\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp.exe"
MD5: 9D9C0D596CB1305D0D5FFE3F72FC23AC
C:\Windows\explorer.exe /factory,ceff45ee-c862-41de-aee2-a022c81eda92 -Embedding
MD5: 679D17F8CDB938C7100D7A647953677E

AVA 25.13357
GD 25.9995

*** Process ***

Process: 2404
File name: 子熙无视工具.vmp.exe
Path: d:\360极速浏览器下载\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp\子熙无视工具.vmp.exe

Publisher: Unknown publisher
Creation date: 2017年7月14日 15:47:55
Modification date: 2017年6月16日 14:07:00

Started by: Explorer.EXE
Publisher: Microsoft Windows

*** Actions ***

The program file is misleadingly named to deceive the user (e.g. 'Image.jpg.exe')
A packer was run on the program file, possibly to conceal malicious content.
The program attempted to make changes to the drives' master boot record.
The cloud server recognized this file and identified it as malicious.

*** Quarantine ***

The following files were moved into quarantine:
D:\360极速浏览器下载\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp\子熙无视工具.vmp.exe

The following registry entries were deleted:

YHLicCgnJycnJganQicndHJiYnArJycnJyYGx3JycnJiYpArJwveYpFy8CgnKicqJgbfcnJycmJi8C4nJycnJganKxfoNWYsJxfoNWYsJyYG5ygnDvcoJwl4KScIAA
Rules version: 5.0.148
OS: Windows 10.0 Service Pack 0.0 Build: 14393 - Workstation 64bit OS
dll version: 70613

"D:\360极速浏览器下载\☆子熙自瞄透视☆.vmp\☆子熙自瞄透视☆.vmp\子熙无视工具.vmp.exe"
MD5: 22594E78CC6806B1A1ABB7504FF1B9D0
C:\Windows\explorer.exe /factory,ceff45ee-c862-41de-aee2-a022c81eda92 -Embedding
MD5: 679D17F8CDB938C7100D7A647953677E

[病毒样本] 锁机+vpm

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源