收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 《过360双击》B09.exe
1234下一页
返回列表 发新帖
查看: 7046|回复: 36
收起左侧

[可疑文件] 《过360双击》B09.exe

  [复制链接]
貝殼
发表于 2012-5-12 11:23:15 | 显示全部楼层 |阅读模式


云查杀提示安全,双击提示需要系统权限,貌似透过添加服务达成自启动

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

大蒜
发表于 2012-5-12 11:25:37 | 显示全部楼层
B09.exe
____________________________
____________________________
开发人员 不可用
版本 不可用
安装时间 2012/5/12 ( 上午 11:24:24 )
上次使用时间 不可用
启动项目 否
____________________________
____________________________
未知
此程序的崩溃历史记录未知。
____________________________
少量用户信任的文件
诺顿社区中有不到 50 名用户使用了此文件。
____________________________
极新的文件
该文件已在不到 1 周前发行。
____________________________

有一些迹象表明此文件不可信。
____________________________
源文件:
b09.exe
____________________________
文件指纹 - SHA:
49a987424884c143669d1e89275406df2c1ce4e62b6cffdd2c7bdd5a1b0fbeab
____________________________
文件指纹 - MD5:
9fee7265f7fbe7ed7cc9759fa363e4f0
____________________________
回复

举报

zhanghongyuan1
发表于 2012-5-12 11:26:26 | 显示全部楼层
小a安全
回复

举报

sanhu35
发表于 2012-5-12 11:29:23 | 显示全部楼层
貌似有人发过
回复

举报

eriol_sky
发表于 2012-5-12 11:30:16 | 显示全部楼层

网站被阻止!
G Data 杀毒软件 2012已阻止访问此网站。
该站点包含被感染的代码:Gen:Variant.Barys.2530 (引擎A)。
回复

举报

留侯
发表于 2012-5-12 11:35:17 | 显示全部楼层
大蜘蛛:
B09.exe infected with Trojan.Siggen.65127
回复

举报

绅博周幸
发表于 2012-5-12 11:35:41 | 显示全部楼层
Malware detected
回复

举报

英九
发表于 2012-5-12 11:37:01 | 显示全部楼层
趋势
回复

举报

00315
发表于 2012-5-12 11:38:53 | 显示全部楼层
基本信息
  • 文件名称:Sample.zip
  • 文件哈希:15feb7940dd4204ba3c2fc23b4beecb3
  • 文件大小:206131字节
  • 创建时间:2012-05-12 11:33:15
  • 文件类型:ZIP
  • PEID信息:Not a valid PE file




[color=rgb(253, 85, 85) !important][color=rgb(253, 85, 85) !important]危险行为监控
  • 行为描述:运行后删除自身,警惕恶意软件!
    附加信息:





其他行为监控
  • 行为描述:创建互斥体
    附加信息:
    "Global\.net clr networking"
    "Global\netfxeventlog.1.0"


  • 行为描述:查找文件
    附加信息:
    "%system%\ping.*"
    "%system%\ping.COM"
    "%system%\ping.EXE"
    "%SampleStore%\ping"
    "%SampleStore%\ping.*"
    "%SampleStore%\sample.v"


  • 行为描述:启动指定服务
    附加信息:
    %system%\lib32waon.exe





文件操作监控
操作
文件MD5
文件大小
文件路径

释放后删除
9fee7265f7fbe7ed7cc9759fa363e4f0
201728
%SampleStore%\sample.v

新增
b0eaf1394bb1d21cc1d14c488e583630
458908
%SampleStore%\B09.idb

新增
ae78b0ca8bf831188948f8618cb5257a
136192
%system%\lib32waon.exe


进程操作监控
  • 创建进程:%system%\ping.exe
    启动参数:ping -n 2 127.0.0.1
  • 创建进程:CMD.EXE
    启动参数:/d /c ping -n 2 127.0.0.1>nul&del /f /q %SampleStore%\sample.v



注册表监控
  • 新增
  • 删除
  • 修改
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lib32waon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lib32waon\DEBUG[Trace Level] = []
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application[Sources] = [Service1]
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Service1[EventMessageFile] = [%windir%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll]
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaieSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakcSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakdSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakeSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakgSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakiSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaklSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaknSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaksSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaktSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakuSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WakzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalcSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaldSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaleSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalgSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaliSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaljSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WallSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalnSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaloSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaltSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaluSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WalzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WambSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamcSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamdSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WameSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamiSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamlSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WammSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamnSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WampSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamtSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamuSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WamzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WancSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WandSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaneSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WangSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaniSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WankSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanlSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WannSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WansSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WantSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanuSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaoaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaobSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaocSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaodSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaoeSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaofSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaogSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaohSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaoiSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaojSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaokSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaolSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaomSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaonSvc[Type] = [0x00000010]
    [DisplayName] = [Windows Object Nacting]
    [ImagePath] = [%system%\lib32waon.exe]
    [FailureActions] = [\x00\x00\x00\x00\x00...]
    [ErrorControl] = [0x00000000]
    [Start] = [0x00000002]
    [Description] = [Optical sensors monitor the atmosphere to detect the atmosphere of light ...
    [ObjectName] = [LocalSystem]
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaonSvc\Enum[Count] = [0x00000001]
    [0] = [Root\LEGACY_WAONSVC\0000]
    [NextInstance] = [0x00000001]
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WaonSvc\Security[Security] = [\x01\x00\x14\x80\x90...]
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsyncSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsyndSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsyneSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsyngSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsyniSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynlSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynnSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsyntSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynuSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsynzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsyncSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsyndSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsyneSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsyngSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsyniSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynlSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynnSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XsynpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application[Sources] = [Service1]
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Service1[EventMessageFile] = [%windir%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll]
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaieSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakcSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakdSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakeSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakgSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakiSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaklSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaknSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaksSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaktSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakuSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WakzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalcSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaldSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaleSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalgSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaliSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaljSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WallSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalnSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaloSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaltSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaluSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WalzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WambSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamcSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamdSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WameSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamiSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamlSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WammSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamnSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WampSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamtSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamuSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WamzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WancSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WandSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaneSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WangSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaniSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WankSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanlSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WannSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WansSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WantSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanuSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WanzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaoaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaobSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaocSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaodSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaoeSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaofSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaogSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaohSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaoiSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaojSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaokSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaolSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaomSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaonSvc[FailureActions] = [\x00\x00\x00\x00\x00...]
    [Start] = [0x00000002]
    [ErrorControl] = [0x00000000]
    [Type] = [0x00000010]
    [DisplayName] = [Windows Object Nacting]
    [ImagePath] = [%system%\lib32waon.exe]
    [ObjectName] = [LocalSystem]
    [Description] = [Optical sensors monitor the atmosphere to detect the atmosphere of light ...
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaonSvc\Enum[0] = [Root\LEGACY_WAONSVC\0000]
    [NextInstance] = [0x00000001]
    [Count] = [0x00000001]
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WaonSvc\Security[Security] = [\x01\x00\x14\x80\x90...]
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsyncSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsyndSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsyneSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsyngSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsyniSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynlSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynnSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynpSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynqSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynrSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynsSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsyntSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynuSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynvSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynwSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynxSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynySvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsynzSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynaSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynbSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsyncSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsyndSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsyneSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynfSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsyngSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynhSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsyniSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynjSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynkSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynlSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynmSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynnSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynoSvc
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\XsynpSvc



网络监控
  • 网络操作【获取主机信息】www.google.com



回复

举报

a256886572008
发表于 2012-5-12 11:43:39 | 显示全部楼层
動作頗大的

2012-05-12 11:42:06   C:\Documents and Settings\Roger\桌面\virus\Sample\B09.exe   Sandboxed As   Partially Limited   

2012-05-12 11:42:09   C:\WINDOWS\system32\CMD.EXE   Sandboxed As   Partially Limited   

2012-05-12 11:42:10   C:\WINDOWS\system32\conime.exe   Sandboxed As   Partially Limited   

2012-05-12 11:42:10   C:\WINDOWS\system32\ping.exe   Sandboxed As   Partially Limited   

2012-05-12 11:42:20   C:\Documents and Settings\Roger\桌面\virus\Sample\B09.exe   Modify Key   HKLM\SYSTEM\ControlSet001\Services\6to4   

2012-05-12 11:42:20   C:\Documents and Settings\Roger\桌面\virus\Sample\B09.exe   Modify File   C:\WINDOWS\system32\lib32waon.exe   

2012-05-12 11:42:20   C:\Documents and Settings\Roger\桌面\virus\Sample\B09.exe   Modify Key   HKLM\SYSTEM\ControlSet???\Services\WaonSvc   

2012-05-12 11:42:20   C:\WINDOWS\system32\cmd.exe   Modify File   C:\Documents and Settings\Roger\桌面\virus\Sample\B09.exe   
回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-9-25 05:25 , Processed in 0.134175 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表