收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) stelspendingswow.name/?a=YWZmaWQ9MDE3ODg=【挂马】by ...
12下一页
返回列表 发新帖
查看: 1313|回复: 18
收起左侧

[已鉴定] stelspendingswow.name/?a=YWZmaWQ9MDE3ODg=【挂马】by m22

 关闭 [复制链接]
firefox3
发表于 2012-12-23 19:44:46 | 显示全部楼层 |阅读模式
本帖最后由 m220011 于 2012-12-24 15:36 编辑

htt p://stelspendingswow.name/?a=YWZmaWQ9MDE3ODg=

SPL exploit kit

样本不给

就有截图:

11.PNG

22.PNG

33.PNG

44.PNG

55.PNG

拦截记录,不是全部

2012-12-23 19:19:00         C:\Program Files\Java\jre7\bin\java.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\8F84F7C9A23806DB.exe
2012-12-23 19:20:19         C:\Documents and Settings\Administrator\Local Settings\Temp\8F84F7C9A23806DB.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe
2012-12-23 19:21:18         C:\Documents and Settings\Administrator\Local Settings\Temp\8F84F7C9A23806DB.exe         访问内存         C:\Program Files\Internet Explorer\iexplore.exe
2012-12-23 19:22:07         C:\Documents and Settings\Administrator\Local Settings\Temp\8F84F7C9A23806DB.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe
2012-12-23 19:22:11         C:\Documents and Settings\Administrator\Local Settings\Temp\8F84F7C9A23806DB.exe         访问内存         C:\Program Files\Internet Explorer\iexplore.exe
2012-12-23 19:22:41         C:\Program Files\Java\jre7\bin\java.exe         创建进程         C:\Documents and Settings\Administrator\Local Settings\Temp\222D4DBBA8C01266.exe
2012-12-23 19:23:35         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\Application Data\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
2012-12-23 19:23:47         C:\Program Files\Java\jre7\bin\java.exe         创建进程         C:\WINDOWS\system32\ntvdm.exe
2012-12-23 19:23:50         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\All Users\Application Data\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
2012-12-23 19:23:57         C:\WINDOWS\system32\ntvdm.exe         修改文件         C:\WINDOWS\Temp\scs7.tmp
2012-12-23 19:23:59         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Templates\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
2012-12-23 19:24:01         C:\WINDOWS\system32\ntvdm.exe         修改文件         C:\WINDOWS\Temp\scs8.tmp
2012-12-23 19:24:03         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问内存         C:\WINDOWS\system32\alg.exe
2012-12-23 19:24:10         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问内存         C:\WINDOWS\system32\alg.exe
2012-12-23 19:24:10         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问内存         C:\Program Files\SogouExplorer\SogouExplorer.exe
2012-12-23 19:24:13         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问内存         C:\Program Files\Internet Explorer\iexplore.exe
2012-12-23 19:24:15         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问内存         C:\Program Files\SogouExplorer\SogouExplorer.exe
2012-12-23 19:24:15         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问内存         C:\Program Files\Internet Explorer\iexplore.exe
2012-12-23 19:24:15         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问内存         C:\Program Files\Java\jre7\bin\java.exe
2012-12-23 19:24:19         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改注册表项         HKUS\S-1-5-21-789336058-1708537768-682003330-500\Software\Clients\StartMenuInternet\
2012-12-23 19:24:22         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问内存         C:\Program Files\Java\jre7\bin\java.exe
2012-12-23 19:24:24         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         DNS/RPC 客户端访问         \RPC Control\DNSResolver
2012-12-23 19:24:31         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改注册表项         HKUS\S-1-5-21-789336058-1708537768-682003330-500\Software\Clients\StartMenuInternet\
2012-12-23 19:24:34         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-12-23 19:24:43         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:24:46         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-12-23 19:24:46         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:24:46         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2012-12-23 19:24:50         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2012-12-23 19:24:52         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:24:52         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
2012-12-23 19:24:52         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:24:52         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:24:58         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:24:58         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:24:58         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:24:59         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\History
2012-12-23 19:25:03         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2012-12-23 19:25:03         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:03         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:03         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\History
2012-12-23 19:25:03         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:03         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
2012-12-23 19:25:09         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:09         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:09         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:16         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:16         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:16         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:22         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:22         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:22         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         访问COM接口         {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
2012-12-23 19:25:28         C:\Documents and Settings\Administrator\Local Settings\Application Data\amv.exe         修改文件         C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
报告结束
回复

举报

m220011
发表于 2012-12-24 10:22:02 | 显示全部楼层
本帖最后由 m220011 于 2012-12-24 15:37 编辑

【须梯子才能正常访问】
回复

举报

firefox3
 楼主| 发表于 2012-12-24 15:24:09 | 显示全部楼层
m220011 发表于 2012-12-24 10:22
失效

3F1EFF2F828407D2.zip (200.91 KB, 下载次数: 57)
回复

举报

m220011
发表于 2012-12-24 15:30:52 | 显示全部楼层
firefox3 发表于 2012-12-24 15:24
我可以说毫无PS痕迹嘛?


吐糟无力  能ping到网站  读取不到代码
回复

举报

firefox3
 楼主| 发表于 2012-12-24 15:33:59 | 显示全部楼层
本帖最后由 firefox3 于 2012-12-24 15:43 编辑
m220011 发表于 2012-12-24 15:30
吐糟无力  能ping到网站  读取不到代码


htt p://buffalofarmers……
你试试这个
标题你修改一下吧
回复

举报

m220011
发表于 2012-12-24 15:35:53 | 显示全部楼层
  1. stelspendingswow.name/q_data/sgmihyaznrptfpgj-a.nspwvvpdxbcdyyxhi.jar
复制代码
弄了个梯子总算能上去了。。。
回复

举报

firefox3
 楼主| 发表于 2012-12-24 15:42:55 | 显示全部楼层
m220011 发表于 2012-12-24 15:35
弄了个梯子总算能上去了。。。

我发的多半用梯子,你才知道?
回复

举报

m220011
发表于 2012-12-24 15:47:25 | 显示全部楼层
firefox3 发表于 2012-12-24 15:42
我发的多半用梯子,你才知道?

卡饭是天朝的论坛
要梯子的以后准备考虑修改版规无视之

你知不知道我每天看到这么多未鉴定 很累的
回复

举报

firefox3
 楼主| 发表于 2012-12-24 15:52:47 | 显示全部楼层
m220011 发表于 2012-12-24 15:47
卡饭是天朝的论坛
要梯子的以后准备考虑修改版规无视之

那我不发了
回复

举报

m220011
发表于 2012-12-24 15:56:55 | 显示全部楼层
firefox3 发表于 2012-12-24 15:52
那我不发了

  休息吧  少年  说实话 发了这么多  新鲜的真不多
chrome都拦  。。。
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-2 13:05 , Processed in 0.141676 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表