CVE-2012-0158

显示全部楼层 · 发表于 2012-6-13 18:15:00

本帖最后由 360Tencent 于 2012-6-16 11:19 编辑

来源于contagio，感谢 Mila ：）

http://kuai.xunlei.com/d/CNLMYBHVZKYT

infected, 一共90个文件

其中三个恶意文档利用了CVE-2010-3333

125b8babb6ee4442efc75a5688c6bb5d0c71f8a685bcdff6b4043f3a829e65eb_Oded - Working.rtf

abbd1fa4dde11b94360338de8b5a2af7b09c6149ce1633797da825d5843cea7f_Criteria.doc

ec8b9c68872257cec2552ac727348c09314658d9497085f8a19f58004476c9b8_info.doc

参考

http://blog.xecure-lab.com/2012/06/mila-cve-2012-0158.html

http://www.securelist.com/en/blo ... Exploit_Development

另

http://scan.xecure-lab.com/ 可以快速鉴定恶意文档，非常不错

显示全部楼层 · 发表于 2012-6-13 18:18:12

ESET killed 50x , missed 40x.

To ESET.

显示全部楼层 · 发表于 2012-6-13 18:20:13

本帖最后由酱紫啊~ 于 2012-6-13 20:00 编辑

nis占位，360下载报安全

kill48X，剩余42X

显示全部楼层 · 发表于 2012-6-13 18:26:20

大蜘蛛：

扫描报告：
Total 13522168 bytes in 90 files scanned (127 objects)
Total 39 files (47 objects) are clean
Total 51 files (52 objects) are infected
Total 51 files (52 objects) are neutralized
Scan time is 00:00:01.109
总结：大蜘蛛发现52个威胁，在51个样本内。所以大蜘蛛killed 51x，余下39x已上报。

显示全部楼层 · 发表于 2012-6-13 18:55:07

随便看看

显示全部楼层 · 发表于 2012-6-13 19:02:07

FS KILL 85 个余下5个
结果: 找到 85 恶意软件

Exploit.CVE-2012-0158.Gen (病毒)
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\08ddc5b4e2115328fb437921e8b6f9fa9d9bbd82d13e73a9a8c579394cfc16ac_template.pdf (3).doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\0cf8a95e68f7466dfbe81591ad56bddd1b80e3a352091ca92978e62360e5f92b_WRE-2.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\006fcfe7c825e834026809a2525219ecd8300dbe50fcdd1377ca9fef6a985842_template.pdf (2).doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\122896c8534ae22ba7b5ae44613a4d40109f3f4537fa70aa01b3388125d8a078_Flame of Truth Schedule.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\04e008c7b9e4c5c1da9c85076364f23ed8225b5b586b1a165e469478361fc8bc_rop.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\09c30d706d84a6b9f496bf8a9c461bc7c783fd79c52a56429a685ca98e80ad1e_KasperskySave (2).doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\0a1c0cd1a817cf119a11c0b837725aa59c794bbb6c3922d5a625b632032a3a36_msf (2).doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\0cc010ac06ba9376ec6f44fc6a57a0a3920a23d537e02c3a1438c054941127f6_6TH WPCT Action Plan from Environment Group.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\18a2f27648049d21bfed145a70bf94058b42ac5a44b8d79dc558e493d14772dc_Event description for June 5th 2012.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\1d5e19534a7c778d96416a45f14b5a30305d31f6509a6e7cb1f0634a8a5c8ff1_the first draft of the finance track paragraphs of the Leaders.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\213c65729ea3c8a3dd72df85b84760bd668eb5038a3d984e8794cfc3408471bd_oracle 9i readme.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\26a9b4b17c366e797bdaf287a518eb7cd39bd0f261f31595d5386945b10e5bf9_The Chiefs Revelation11.6.12.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\2c5bd05c260a902655246571c18293175e956e3ef20bc268acf011cc9162f4da_the Central Tibetan Administration Information.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\365fa035f29f40112d900007527fedf241859a05228202a5ddc3be2e17596d9d_Report- Strategic Road-Building along the India-China border.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\2404eb98f564305ae9bf83efa890e54202a771fef040be8082dd880346aacdc5_Ottawa Declaration Fails To Support Tibet's People Or Their Just Cause.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\413aa7675bfbbf8471ec899152beadedb129fdb9780b23565b60ade208f68a18_ICT press release, 29 May 2012.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\309a4d6018532b245a45ebaad5dbca2911e0adb19201fc618352880985572420_jm.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\18656e3fded4547c5c2c29ae2bb27af7bf8cdef48a1243507a337e32017b27e3_Threat_asessment_of_Pak_missile_test.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\414521118a6904b46c615d8eddbace1b11f41a81fe2c97c3240a628225966a4c_(JP)Heavy rain to prevent Raiders.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\47a92339fff733f2dad34320e9effc788d1f5e24978d08a66ae5096e44e6595e_Some adjustments for the delivering of SY Special Edition.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\4de48795ce2e11d29d04a6fccaee1d7b4d50d46a149335f8bbeca34c8411c0bc_thenemer3.htm.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\4722232c8f90d38174baf71697c2c4ecab511629b782f869069cd2b7824080f5_wongs1.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\52b3e60381f67ad88f16be94d2fcc47cf7fba54fc9b6b5e62d4808984680c736_god (2).doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\57856e1c8ceb96c12acba7255ec84690ef8ca02125debc44ecb0cb421ead5489_god.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\53cc8d14f8db451688fca340058ea711eb6613e77c104815e58277a3a0006bce_(JP)Neck to relieve office operation.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\64b3d533be1fe5b3bd5e5cd7adaf8e7c55d0a9581708ac61bb2940ff3c0b3875_PanchePetition1.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\68201a40ebd12cd1206a1b40e8757695d1b70f4774f32f1b1d265e76ae4d63c4_MH 40 TE.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\6d884992b40fc4465a5f727b85a78ce7276ee22142b716443939f5fe82495b2d_msf.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\50b3c9084689cec956fbf776aff69482fa6b3d3128d1b7172508cd359b3b7470_MCIP Online Collaboration 8 MAY 2012.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\5f804599a82620306ae0f23b5e6a474ed117b1d2de23756375cb29d11bd6cb33_FAX12-0611.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\70d78fc38e50f34019b8374298e23c8d17eeb32962f69106777c2c31152f530b_Draft Minutes of 29th Bureau meeting.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\724fc02491527aa6c7bd0680d532b12d9e5827d55f3ef29f34afc76675688dbe_Urgent-4.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\5f844795ec244cbaba4c322b9fc3e1aa92f17c002573d3f37d78d9887638e3c2_treyen.ht.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\773d4d4474c7485508dd72cc53a99bb4f92c7cabb280f5ee72333fb6a23eacd4_Conference Notice - JTF Mindanano.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\7cc7c9a30c4c1b0354943190f59bf2127e90f26f991011d964532b9b02b8e449_thanf0.dl.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\7f4973adfda8585f0a77973174f4d44716e40947e2e4cde264e9819607e9e37f_template.pdf.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\7f02e9f2c53fd849a49f0b6e4add15c4ccff7659d8a04a79ec2be8787c003235_southchina.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\823fafef6d2924336fdfd9af45437e625ce66de79f594da864b1d964180dfb10_ttrarncto.sy.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\81cd39ab61d6a3349e9159ad38fa9c1e0c4164051bc4b6b641ed87ae73334339_schedule2012.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\85b391b49705be8972ed6daed118d13093c98d2ee00b6b3c581605000341b7ed_invitation card.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\83511d4c4134193cd2db2ffac77ef2d8ee142a0219ecf1b687dfb5758318137d_Den cuoi nam 2012 se trien khai he thong E-manifest.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\8fc776fb555310edd5d1deddde805d897bc362e721df1d61dce5764ec92ae3d9_Copy of rtf.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\87cc5ddbb9e0bac834f6f605eaaf7d91b32c5caa3eec27f976141e11b4c311ec_manonled.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\95b04ff6c9c0fb67cb3f6e344033fccd99dbec89484fd32e5757b6df408d1f29_Daily Report.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\85dacc49484488d763d35a4eadcb25584f91b6fc65159e9a0009d2721f597be1_rethende9.tmp.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\95cdeb1240896949bcd7d598509c87194ab9ee3fb9c04616f45c08d572bb2cb8_Thupten.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\7eb1defca13801b8afb0674305f4292aa9f2f80f295f8c7ff135d887ad477b64_(JP)Medical examination report.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\993f6a0cbe65f6c52c30b40ef4d01db1992bd747ff37ced679b7639e473de503_wordfile.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\a0e7d3195549113d336540b331d120c5d139246979589b84fe846cbebe57cd0b_zombie.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\aadc2d721158a11e1ccfbf658fc537ca55d11457138cb857350d3147aa87000b_70.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\a1fe61e2e84a7683ab3536934d2bdf27f6eb7c516744c4491f72c1ef3d00babb_tifesers6exe.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\ae0aadee2ac0bc9d86c6e44d5483a56ce950d3ef55220ef5a1e1daace9a276e9_f-11.06.2012-b.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\9bfa3eeba7a8c7b891830c88115998739a23024952fa28448409134466ed9c52_WPCT_conceptpaper_edinburgh.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\aef19d6dbc817a2e2db92a7475bc343cde924a96227322d83b92d2a63776984a_Fax to UNESCO.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\b3cdf8b4b0790ace716adfe85832b2b48452a76da2130f622cce0d1c1a799198_3KasperskySave.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\b4ecb7fe15f366d3da578342eceb4bb042a004edea849055ba4022afabe43cef_Military Report Proposed 2012 Raises, DoD Seeks TRICARE Fee Increase, and More.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\b901e89ccbc83c15cc4285dd59a8f93e38f697b33f864aed0dfbd6b230c7ba37_2DASHAJUGUN.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\bdf274ec3c1d5c69fb9219521742ef2358406f0d9521dd4b427d91d2ae6e7a86_a (2).doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\b70ceeb6278c3ea545b57d72a364fb04a50670b751a79a5c842c116d8f893e62_1010415(JP)stop.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\b621f8bc9efcfeb1a4cc784bf97929aca565bb6adccf72a78d68324fc7b98fc0_NDCP Seminar.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\bf37fe974dcf2e4139999d49649b72a310327bfcd8b039e86bd8331486f98cab_2KasperskySave.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\c270e9e1487ba79a7aa87794458c2bfa20044aba18f3b01f62dbaaa4d4773676_GLOBAL Security Drill.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\c3e8e587fd0355d71238563a5ec6129ed12a003367f7b798a360bce190264ae5_Soros.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\ae1a091c2ddf77c37db3274f649c53acfd2a0f14780479344d808d089faa809a_HHDL's Birthday Celebration.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\cc1dd9adfa0ca2cad7cdf75abd833dfe430ab324e2313076fe5206b12e8708d2_(CN)Legislative Yuan in April 101 years.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\de6b57732b0bdc5d1b3d098476b019ffdd6e993500fb8d8c54fada47c86a9132_894b0088e0d05a9012775a0343c37578.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\c2ef015b2946bf4bab19bae677b5f1e9687cf48556c7b5e6643a4e46b28ac8cb_Chinas military capabilities.rtf 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\bf339ce77e04ef4e610aaca056a7359922fb63d70dd6340a5af90ab1068e2ef8_wordfile.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\db37bf24b68b193def64a980e5481bc896030fe322373a54479651f2140df11f_the data about these tibetans.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\dee38ce0b05f69cd0a7af0a9313230331c252cb0066f7c55101779ac3a7b3cbf_kong.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\c551dad4283e595074ff43544befa98289360d284ea23371936bc9e816dbead3_(CN)For man must.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\ee8c4d9718f6518c2defa3fe699c85e7a85693e4a2c8d6c27721fde7a16fc266_KasperskySave.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\e97ca059337a7fdc8abb5e99b42f5fdc65d73c1d1dd7b388ea762a89e60103ae_(JP)Democratic Progressive Party in 2012 the overall planning.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\f39733b1f7b466628087e282eb9ef80f071e2b09a6678b4375fa371cfd7dca39_incident.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\f66eb92b1c451031c35d8ebab021eee28dd1e0d10ac4a3ca974479f2301e33f6_(CN)Oceanic Administration this week, news aggregate.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\f6f1b014b8fc0979eab958fe28e0e7f4904f7b9a1e2ad95cf1b937707411db0c_DASHAJUGUN.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\fb3b8265b76eb348c89431e9fe09b00c0310203cf81a5c0a8c028476480c15cd_(CN)Children's education subsidy 101 new version.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\ef7a4715bde2bd1891f7abbfa6178c6f4f5408710c86d5af3d2f73d7a620df36_a1.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\fd265ea40b57e24481a63aede0c1a0dfef45935725ad3cd39cf334ca6d167708_payangdj.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\ffeb001877c0b798834b88b6c4615ab622162dff6f9139fcacc5764a8ffc3e4d_1.doc 操作：已隔离
Gen:Variant.Zusy.Elzob.2521 (病毒)
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\12d574de18f6820ba0d8d566152edb32386b86dde9f3ef7d1004c775b3b34dea_IMG_0056.doc 操作：已隔离
Exploit.RTF.Gen (病毒)
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\125b8babb6ee4442efc75a5688c6bb5d0c71f8a685bcdff6b4043f3a829e65eb_Oded - Working.rtf 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\abbd1fa4dde11b94360338de8b5a2af7b09c6149ce1633797da825d5843cea7f_Criteria.doc 操作：已隔离
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\ec8b9c68872257cec2552ac727348c09314658d9497085f8a19f58004476c9b8_info.doc 操作：已隔离
Trojan.Generic.7109407 (病毒)
C:\Users\Administrator\Desktop\病毒测试用\cve-2012-0158\300649da673828756cfda29f332d7b39f272c1dd308f0087162e9d58fbacac1f_300649da673828756cfda29f332d7b39f272c1dd308f0087162e9d58fbacac1f.rtf 操作：已隔离

显示全部楼层 · 发表于 2012-6-13 19:04:05

本帖最后由 wuyongliang 于 2012-6-13 19:05 编辑

FS余下这5个

目前FS杀的最多

显示全部楼层 · 发表于 2012-6-13 21:09:56

AVG余下48个。

显示全部楼层 · 发表于 2012-6-13 21:13:25

本帖最后由 870097067 于 2012-6-13 21:18 编辑

飞塔kill60个，余下39个。

[病毒样本] CVE-2012-0158

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源