收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 转一个下载者,只有ik,panda报[23C0C0]
12下一页
返回列表 发新帖
查看: 3776|回复: 16
收起左侧

[病毒样本] 转一个下载者,只有ik,panda报[23C0C0]

[复制链接]
promised
发表于 2007-12-2 12:31:26 | 显示全部楼层 |阅读模式
C:\ABC\123\Finddir.exe - 特征码 'Trojan-Spy.Win32.Delf.rx' 被发现
  1. 00404103 PUSH Finddir.004054B8 ASCII "Find"
  2. 00404108 PUSH Finddir.004054C8 ASCII "dir.exe"
  3. 0040412F PUSH Finddir.004054D8 ASCII "Fin"
  4. 00404134 PUSH Finddir.004054E4 ASCII "ddir.exe"
  5. 004041D5 MOV EDX,Finddir.0040551C ASCII "xia1.exe"
  6. 004041E8 PUSH Finddir.00405528 ASCII "Http://down.v369v.com/update/update.exe"
  7. 0040425F PUSH Finddir.0040551C ASCII "xia1.exe"
  8. 0040428A MOV EDX,Finddir.0040551C ASCII "xia1.exe"
  9. 004042B3 MOV EDX,Finddir.004055A0 ASCII "xia2.exe"
  10. 004042C6 PUSH Finddir.004055AC ASCII "http://down.v369v.com/update/sms1s.exe"
  11. 00404326 MOV EDX,Finddir.004055A0 ASCII "xia2.exe"
  12. 0040435E PUSH Finddir.004055A0 ASCII "xia2.exe"
  13. 0040438D MOV EDX,Finddir.004055F4 ASCII "xia3.exe"
  14. 004043A0 PUSH Finddir.00405600 ASCII "http://down.v369v.com/update/sms2s.exe"
  15. 00404400 MOV EDX,Finddir.004055F4 ASCII "xia3.exe"
  16. 00404438 PUSH Finddir.004055F4 ASCII "xia3.exe"
  17. 0040446D MOV EDX,Finddir.00405648 ASCII "xia4.exe"
  18. 00404483 PUSH Finddir.00405654 ASCII "http://down.v369v.com/update/sms3s.exe"
  19. 004044FE MOV EDX,Finddir.00405648 ASCII "xia4.exe"
  20. 00404545 PUSH Finddir.00405648 ASCII "xia4.exe"
  21. 00404580 MOV EDX,Finddir.0040569C ASCII "xia5.exe"
  22. 00404596 PUSH Finddir.004056A8 ASCII "http://down.v369v.com/update/sms4s.exe"
  23. 00404611 MOV EDX,Finddir.0040569C ASCII "xia5.exe"
  24. 00404658 PUSH Finddir.0040569C ASCII "xia5.exe"
  25. 00404693 MOV EDX,Finddir.004056F0 ASCII "xia6.exe"
  26. 004046A9 PUSH Finddir.004056FC ASCII "http://down.v369v.com/update/sms5s.exe"
  27. 00404724 MOV EDX,Finddir.004056F0 ASCII "xia6.exe"
  28. 0040476B PUSH Finddir.004056F0 ASCII "xia6.exe"
  29. 004047A6 MOV EDX,Finddir.00405744 ASCII "xia7.exe"
  30. 004047BC PUSH Finddir.00405750 ASCII "http://down.v369v.com/update/sms6s.exe"
  31. 00404837 MOV EDX,Finddir.00405744 ASCII "xia7.exe"
  32. 0040487E PUSH Finddir.00405744 ASCII "xia7.exe"
  33. 004048B9 MOV EDX,Finddir.00405798 ASCII "xia8.exe"
  34. 004048CF PUSH Finddir.004057A4 ASCII "http://down.v369v.com/update/sms7s.exe"
  35. 0040494A MOV EDX,Finddir.00405798 ASCII "xia8.exe"
  36. 00404991 PUSH Finddir.00405798 ASCII "xia8.exe"
  37. 004049CC MOV EDX,Finddir.004057EC ASCII "xia9.exe"
  38. 004049E2 PUSH Finddir.004057F8 ASCII "http://down.v369v.com/update/sms8s.exe"
  39. 00404A5D MOV EDX,Finddir.004057EC ASCII "xia9.exe"
  40. 00404AA4 PUSH Finddir.004057EC ASCII "xia9.exe"
  41. 00404ADF MOV EDX,Finddir.00405840 ASCII "xia10.exe"
  42. 00404AF5 PUSH Finddir.0040584C ASCII "http://down.v369v.com/update/sms9s.exe"
  43. 00404B70 MOV EDX,Finddir.00405840 ASCII "xia10.exe"
  44. 00404BB7 PUSH Finddir.00405840 ASCII "xia10.exe"
  45. 00404BF2 MOV EDX,Finddir.00405894 ASCII "xia11.exe"
  46. 00404C08 PUSH Finddir.004058A0 ASCII "http://down.v369v.com/update/sms0s.exe"
  47. 00404C83 MOV EDX,Finddir.00405894 ASCII "xia11.exe"
  48. 00404CCA PUSH Finddir.00405894 ASCII "xia11.exe"
  49. 00404D05 MOV EDX,Finddir.004058E8 ASCII "xia12.exe"
  50. 00404D1B PUSH Finddir.004058F4 ASCII "PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP"
  51. 00404D96 MOV EDX,Finddir.004058E8 ASCII "xia12.exe"
  52. 00404DDD PUSH Finddir.004058E8 ASCII "xia12.exe"
  53. 00404E18 MOV EDX,Finddir.0040593C ASCII "xia13.exe"
  54. 00404E2E PUSH Finddir.00405948 ASCII "QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ"
  55. 00404EA9 MOV EDX,Finddir.0040593C ASCII "xia13.exe"
  56. 00404EF0 PUSH Finddir.0040593C ASCII "xia13.exe"
  57. 00404F2B MOV EDX,Finddir.00405990 ASCII "xia14.exe"
  58. 00404F41 PUSH Finddir.0040599C ASCII "RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR"
  59. 00404FBC MOV EDX,Finddir.00405990 ASCII "xia14.exe"
  60. 00405003 PUSH Finddir.00405990 ASCII "xia14.exe"
  61. 0040503E MOV EDX,Finddir.004059E4 ASCII "xia15.exe"
  62. 00405054 PUSH Finddir.004059F0 ASCII "SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS"
  63. 004050CF MOV EDX,Finddir.004059E4 ASCII "xia15.exe"
  64. 00405116 PUSH Finddir.004059E4 ASCII "xia15.exe"
  65. 00405151 MOV EDX,Finddir.00405A38 ASCII "xia16.exe"
  66. 00405167 PUSH Finddir.00405A44 ASCII "TTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTT"
  67. 004051E2 MOV EDX,Finddir.00405A38 ASCII "xia16.exe"
  68. 00405229 PUSH Finddir.00405A38 ASCII "xia16.exe"
  69. 00405264 MOV EDX,Finddir.00405A8C ASCII "xia17.exe"
  70. 0040527A PUSH Finddir.00405A98 ASCII "KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK"
  71. 004052F5 MOV EDX,Finddir.00405A8C ASCII "xia17.exe"
  72. 0040533C PUSH Finddir.00405A8C ASCII "xia17.exe"
  73. 00405377 MOV EDX,Finddir.00405AE0 ASCII "xia18.exe"
  74. 0040538D PUSH Finddir.00405AEC ASCII "MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM"
  75. 00405408 MOV EDX,Finddir.00405AE0 ASCII "xia18.exe"
  76. 0040544F PUSH Finddir.00405798 ASCII "xia8.exe"
复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

dericyeoh
发表于 2007-12-2 12:39:54 | 显示全部楼层
kis7 found nothing
回复

举报

白衣方振眉
发表于 2007-12-2 12:41:39 | 显示全部楼层
江民2008与AVG都没查出来
回复

举报

无尽藏海
发表于 2007-12-2 12:43:47 | 显示全部楼层
小A、红伞过
上报
回复

举报

hao8219
发表于 2007-12-2 12:45:54 | 显示全部楼层
大蜘蛛,小红伞都miss
回复

举报

scottxzt
发表于 2007-12-2 13:28:40 | 显示全部楼层
程序:
C:\DOCUMENTS AND SETTINGS\DELL\桌面\FINDDIR.EXE
木马程序生成以下文件:
1) C:\WINDOWS\SYSTEM32\FINDDIR.EXE
是否删除木马程序及其衍生物?
回复

举报

cgd789
头像被屏蔽
发表于 2007-12-2 14:00:58 | 显示全部楼层
微点报
回复

举报

moonsilver
发表于 2007-12-2 14:56:47 | 显示全部楼层
rs pass
回复

举报

solcroft
发表于 2007-12-2 15:42:39 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

flykiss
发表于 2007-12-2 16:20:44 | 显示全部楼层
dr.web 4.44    miss~
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-14 22:49 , Processed in 0.134640 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表