鬼影6变种，附报告~

瞠凰韬晦

严禁使用影子系统测试，击穿概不负责！已经有案例，请自行百度。
http://anubis.iseclab.org/?actio ... ormat=html#chapter1    Anubis报告没有火眼直观。
谁有火眼的扔一个进去跑跑

Hello,

Thank you for submitting your sample for analysis by ThreatAnalyzer

Attached are the XML and PDF reports generated by ThreatAnalyzer for analysis 1664. The PDF report contains an executive-level summary, including network activity and screenshots. The XML report contains all behavioral information gathered during analysis.

ThreatAnalyzer results for GHost.exe
Analysis ID:        1664
Date Analyzed:        2014-07-14 02:05:48
Sandbox Attributes:       
MD5 Hash:        cccce0de22fc209e6a3f0be27b86a8b1
Filename:        GHost.exe
File Type:        PE32 executable for MS Windows (GUI) Intel 80386 3
Digital Behavior Traits
Injected Code        NO
More than 5 Processes        NO
Copies to Windows        NO
Windows/Run Registry Key Set        NO
Makes Network Connection        YES
Creates EXE in System        NO
Starts EXE in System        YES
Starts EXE in Documents        NO
Deletes File in System        YES
Hooks Keyboard        YES
Creates Hidden File        YES
Creates DLL in System        YES
Creates Mutex        YES
Alters Windows Firewall        NO
Checks For Debugger        YES
Could Not Load        NO
Opens Physical Memory        NO
Modifies Local DNS        NO
Starts EXE in Recycle        NO
Creates Service        NO
Modifies File in System        YES
Deletes Original Sample        YES
VirusTotal Results
Last Scanned:        2014-04-23 06:41:47
Bkav        W32.Clod354.Trojan.4abf
MicroWorld-eScan        Trojan.Generic.8151206
nProtect        Trojan/W32.Jorik.99328.B
CMC        Trojan.Win32.Jorik.Yoddos!O
CAT-QuickHeal        TrojanDropper.Jadtre.C5
McAfee        RDN/Generic Dropper!md
Malwarebytes        Trojan.Agent.cn
AegisLab        Not Detected
K7AntiVirus        Trojan ( 0045769f1 )
K7GW        Trojan ( 0045769f1 )
TheHacker        Trojan/Jorik.Yoddos.no
Agnitum        Trojan.Yoddos!1/0zxbhFcGQ
F-Prot        W32/Jadtre.E
Symantec        Trojan.Gen
Norman        Guntior.A
TotalDefense        Not Detected
TrendMicro-HouseCall        Not Detected
Avast        Win32:Malware-gen
ClamAV        WIN.Trojan.Agent-83648
Kaspersky        HEUR:Trojan.Win32.Generic
BitDefender        Trojan.Generic.8151206
NANO-Antivirus        Trojan.Win32.MulDrop3.twhnf
ViRobot        Not Detected
ByteHero        Virus.Win32.Part.h
Ad-Aware        Trojan.Generic.8151206
Sophos        Mal/Jadtre-C
Comodo        TrojWare.Win32.Wapomi.AQD
F-Secure        Trojan.Generic.8151206
DrWeb        Trojan.Guntor.3
VIPRE        Trojan.Win32.Wapomi.aoa (v)
AntiVir        TR/Zusy.Elzob.9763.2
TrendMicro        TROJ_JADTRE.AK
McAfee-GW-Edition        RDN/Generic Dropper!md
Emsisoft        Trojan.Generic.8151206 (B)
Jiangmin        Trojan/Generic.bfvce
Antiy-AVL        Trojan/Win32.Yoddos
Kingsoft        Win32.Troj.Generic.(kcloud)
Microsoft        TrojanDropper:Win32/Jadtre.C
SUPERAntiSpyware        Trojan.Agent/Gen-Wapomi
GData        Trojan.Generic.8151206
Commtouch        W32/Jadtre.DGUN-8410
AhnLab-V3        Trojan/Win32.Tdss
VBA32        Trojan.Jorik.Yoddos
Panda        Trj/Genetic.gen
ESET-NOD32        a variant of Win32/Wapomi.AU
Rising        PE:Trojan.Win32.Generic.12DEC5D9!316589529
Ikarus        Virus.Win32.Wapomi
Fortinet        W32/Jorik.NO!tr
AVG        Dropper.Generic6.CHRM
Baidu-International        Trojan.Win32.Generic.aDO
Qihoo-360        Win32/Trojan.a36
ThreatAnalyzer is your best defense against Advanced Persistent Threats (APTs) and custom-targeted attacks. It swiftly and accurately vets suspicious files and URLs in a monitored sandbox environment to determine how they execute, the system changes they make and the network traffic they generate. Armed with this information, you can identify and completely eliminate these threats from your network. To learn more, visit www.ThreatTrackSecurity.com.

Thank you,

ThreatTrack Security
Sales@ThreatTrack.com

© 2013 ThreatTrack Security, Inc. All Rights Reserved.

Flameocean

费尔修复成功

瞠凰韬晦

Flameocean 发表于 2014-7-14 14:24
费尔修复成功

。。。。。纳尼？看来质量也不高啊。树大招风一点都不错啊

Flameocean

瞠凰韬晦 发表于 2014-7-14 14:27
。。。。。纳尼？看来质量也不高啊。树大招风一点都不错啊

我也很意外，很少见费尔修复的

wenshui1013

诺顿杀。。。

2314805817

大师兄又带包入库了
http://fireeye.ijinshan.com/anal ... d71407db76b5e760c79
http://fireeye.ijinshan.com/anal ... b0a267a739cdf89a5c2

瞠凰韬晦

Flameocean 发表于 2014-7-14 14:34
我也很意外，很少见费尔修复的

今天见证了费尔修复的那一刻~

瞠凰韬晦

2314805817 发表于 2014-7-14 14:38
大师兄又带包入库了
http://fireeye.ijinshan.com/analyse.html?md5=cccce0de22fc209e6a3f0be27b86a ...

一个单机游戏包找出来的，一个是MBR工具包找出来的。
  真懒，MD5也不改一下~~

利刀1937

2314805817 发表于 2014-7-14 14:38
大师兄又带包入库了
http://fireeye.ijinshan.com/analyse.html?md5=cccce0de22fc209e6a3f0be27b86a ...

360那么 牛逼，，，这鬼影只查找360、卡巴，等等的这个几个进程？

瞠凰韬晦

利刀1937 发表于 2014-7-14 15:04
360那么 牛逼，，，这鬼影只查找360、卡巴，等等的这个几个进程？

网维大师针对网吧，网吧沦陷了，多少账号