楼主: PanzerVIIIMaus
收起左侧

[病毒样本] 有问题的KMS(曾中招)放出来VT的结果还行(47/63,现在48/64)

  [复制链接]
,就一个.
发表于 2017-8-10 20:46:09 | 显示全部楼层
双击BB杀

AVA 25.13770
GD 25.10188

*** Process ***

Process: 4472
File name: KMS_1341_1.exe
Path: d:\360极速浏览器下载\kms_1341_1\kms_1341_1.exe

Publisher: Unknown publisher
Creation date: 2017年8月10日 星期四 下午 8:44:56
Modification date: 2016年8月19日 星期五 上午 7:55:34

Started by: Explorer.EXE
Publisher: Microsoft Windows


*** Actions ***

The virus scanner has detected that the file is malicious.
A packer was run on the program file, possibly to conceal malicious content.
The program has created or manipulated an executable file.
An executable file was stored in a suspicious location.


*** Quarantine ***

The following files were moved into quarantine:
C:\Users\Administrator\AppData\Roaming\bootsect1502369099.exe
D:\360极速浏览器下载\KMS_1341_1\KMS_1341_1.exe

The following registry entries were deleted:


YHJyCi0nJycnJgYvJygnKCYGp0InKHSCYmJwKycoJygmBsdygnKCYmKQKycL23JycnJiYsAvJycnJyYGhyonJycnJgaHKycnJycmBocuJycnJyYGpysXpzVmLCcXpzVmLCcmBucoJ4dwj3KicJ9ycnJyYmKArnJygL5ycmJicnIAAA
Rules version: 5.0.148
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 64bit OS
dll version: 70613

"D:\360极速浏览器下载\KMS_1341_1\KMS_1341_1.exe"
MD5: 69C30AE5E72FF75CBD7B31413400FE31
C:\windows\Explorer.EXE
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PanzerVIIIMaus
 楼主| 发表于 2017-8-10 21:31:30 | 显示全部楼层
本帖最后由 PanzerVIIIMaus 于 2017-8-10 21:32 编辑

关键我想知道这个explorer到底会被怎么改动,当时ESET每隔几秒钟就会拦截explorer访问的链接(位于ESET黑名单的链接),然后我干脆在防火墙拉黑了相关IP,没过两天拦截日志就已经近十万计
结束explorer进程,再启动,症状消失,重启电脑之后症状继续,感觉应该是开机的时候做的手段。
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|优惠券| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.3( 苏ICP备07004770号 ) GMT+8, 2017-10-18 13:39 , Processed in 0.061234 second(s), 4 queries , MemCache On.

快速回复 返回顶部 返回列表