收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 伪造数字签名样本,高质量5 / 43,过卡巴红伞
12345下一页
返回列表 发新帖
楼主: ytysh
 收起左侧

[病毒样本] 伪造数字签名样本,高质量5 / 43,过卡巴红伞

  [复制链接]
bbmcnj2
头像被屏蔽
发表于 2012-2-28 16:15:10 | 显示全部楼层
熊猫云kill
回复

举报

zhanghongyuan1
发表于 2012-2-28 18:05:34 | 显示全部楼层
金色微笑 发表于 2012-2-28 12:56
金山卫士提示安全啊,avast还是不报

明明报了,avast我没用不知道
回复

举报

zhanghongyuan1
发表于 2012-2-28 18:07:20 | 显示全部楼层
金色微笑 发表于 2012-2-28 12:56
金山卫士提示安全啊,avast还是不报

明明报了,avast我没用不知道
回复

举报

tingyue-wu
发表于 2012-2-28 21:24:13 | 显示全部楼层
小a表示安全 唉
回复

举报

细细的票根
发表于 2012-2-28 21:45:38 | 显示全部楼层
humanlwj52 发表于 2012-2-27 21:20

"A"+"MP"组合。
回复

举报

Nocria
发表于 2012-2-28 21:50:24 | 显示全部楼层
细细的票根 发表于 2012-2-28 21:45
"A"+"MP"组合。

呵呵,被你发现了
回复

举报

细细的票根
发表于 2012-2-28 21:52:07 | 显示全部楼层
humanlwj52 发表于 2012-2-28 21:50
呵呵,被你发现了

用起来很流畅吧?“A”可能就是主防不好?
回复

举报

hx1997
发表于 2012-2-29 00:00:15 | 显示全部楼层
Zbot

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> \\.\PIPE\lsarpc]

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe]

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> \\.\PIPE\lsarpc]

Adjust Privileges [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe  ]

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> \\.\PIPE\lsarpc]

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> C:\Documents and Settings\Administrator\Application Data\Ibedm\urxo.ybi]

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe]

Execute [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   (556) ->  (948)]
Command-line: "C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe"

Write to file [C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe -> \\.\PIPE\lsarpc]

Write process memory [C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe (948) -> \Device\HarddiskVolume1\WINDOWS\system32\VBoxTray.exe (1716)]
Code injection into process that is located in system directory. (Suspicious)

Write to file [C:\WINDOWS\system32\VBoxTray.exe -> \\.\PIPE\lsarpc]

Write to file [C:\WINDOWS\system32\VBoxTray.exe -> \\.\PIPE\lsarpc]

Adjust Privileges [C:\WINDOWS\system32\VBoxTray.exe]

Write to file [C:\WINDOWS\system32\VBoxTray.exe -> \\.\PIPE\lsarpc]

Write to file [C:\WINDOWS\system32\VBoxTray.exe -> \\.\PIPE\lsarpc]

Adjust Privileges [C:\WINDOWS\system32\VBoxTray.exe]

Write to file [C:\WINDOWS\system32\VBoxTray.exe -> \\.\PIPE\lsarpc]

Write to file [C:\WINDOWS\system32\VBoxTray.exe -> C:\Documents and Settings\Administrator\Application Data\Ibedm\urxo.ybi]

Write process memory [C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe (948) -> \Device\HarddiskVolume1\Program Files\Baidu\BaiduPinyin\1.3.1.3\baidupinyin.exe (1728)]

Write to file [C:\Program Files\Baidu\BaiduPinyin\1.3.1.3\baidupinyin.exe -> \\.\PIPE\lsarpc]

Write to file [C:\Program Files\Baidu\BaiduPinyin\1.3.1.3\baidupinyin.exe -> \\.\PIPE\lsarpc]

Write process memory [C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe (948) -> \Device\HarddiskVolume1\WINDOWS\system32\ctfmon.exe (1740)]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> \\.\PIPE\lsarpc]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write to file [C:\WINDOWS\system32\ctfmon.exe -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab]

Write process memory [C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe (948) -> \Device\HarddiskVolume1\WINDOWS\explorer.exe (1000)]
Code injection into process that is located in system directory. (Suspicious)

Write process memory [C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe (948) -> \Device\HarddiskVolume1\Documents and Settings\Administrator\桌面\jtJtkm5.exe (556)]

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> \\.\PIPE\lsarpc]

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp26dace2e.bat]

Write to file [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp26dace2e.bat]

Process C:\Documents and Settings\Administrator\Application Data\Ajge\duqe.exe has terminated.

Execute [C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   (556) ->  (1660)]
Command-line: "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp26dace2e.bat" (Suspicious)
The window of the new process is invisible. (Suspicious)

Process C:\Documents and Settings\Administrator\桌面\jtJtkm5.exe   has terminated.

Write to file [C:\WINDOWS\system32\cmd.exe -> \\.\PIPE\lsarpc]

Process C:\WINDOWS\system32\cmd.exe has terminated.
回复

举报

一万个理由
发表于 2012-2-29 12:04:16 | 显示全部楼层
上报瑞星
回复

举报

Nocria
发表于 2012-2-29 12:05:36 | 显示全部楼层
AVG 入库了:
回复

举报

下一页 »
12345下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-9-25 14:42 , Processed in 0.097816 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表