Regin (12L 更新)

显示全部楼层 · 发表于 2014-11-25 19:31:55

本帖最后由 hx1997 于 2014-12-10 20:55 编辑

昨天（11 月 24 日）的消息了

http://www.symantec.com/content/ ... /regin-analysis.pdf

http://www.f-secure.com/weblog/archives/00002766.html

https://securelist.com/files/201 ... in_platform_eng.pdf

https://www.f-secure.com/documen ... 2_regin_stage_1.pdf

https://www.f-secure.com/documen ... 4_regin_stage_1.pdf

MD5s:
Stage 1 files, 32 bit:
06665b96e293b23acc80451abb413e50
187044596bc1328efa0ed636d8aa4a5c
1c024e599ac055312a4ab75b3950040a
2c8b9d2885543d7ade3cae98225e263b
4b6b86c7fec1c574706cecedf44abded
6662c390b2bbbd291ec7987388fc75d7
b269894f434657db2b15949641a67532
b29ca4f22ae7b7b25f79c1d4a421139d
b505d65721bb2453d5039a389113b566
26297dc3cd0b688de3b846983c5385e5
ba7bb65634ce1e30c1e5415be3d1db1d
bfbe8c3ee78750c3a520480700e440f8
d240f06e98c8d3e647cbf4d442d79475
ffb0b9b5b610191051a7bdf0806e1e47

Unusual stage 1 files apparently compiled from various public source codes merged with malicious code:
01c2f321b6bfdb9473c079b0797567ba
47d0e8f9d7a6429920329207a32ecc2e
744c07e886497f7b68f6f7fe57b7ab54
db405ad775ac887a337b02ea8b07fddc

[Red - missing]
Stage 1, 64-bit system infection:
bddf5afbea2d0eed77f2ad4e9a4f044d
c053a0a3f1edcbbfc9b51bc640e808ce
e63422e458afdfe111bd0b87c1e9772c

Stage 2, 32 bit:
18d4898d82fcb290dfed2a9f70d66833
b9e4f9d32ce59e7c4daf6b237c330e25

Stage 2, 64 bit:
d446b1ed24dad48311f287f3c65aeb80

Stage 3, 32 bit:
8486ec3112e322f9f468bdea3005d7b5 (15L)
da03648948475b2d0e3e2345d7a9bbbb

Stage 4 32 bit:
1e4076caa08e41a5befc52efd74819ea
68297fde98e9c0c29cecc0ebf38bde95
6cf5dc32e1f6959e7354e85101ec219a
885dcd517faf9fac655b8da66315462d
a1d727340158ec0af81a845abd3963c1

Stage 4 64 bit:
de3547375fbf5f4cb4b14d53f413c503

样本不全 (overquota)，过几天再看看

显示全部楼层 · 发表于 2014-11-25 19:34:54

显示全部楼层 · 发表于 2014-11-25 19:37:27

本帖最后由蓝天二号于 2014-11-25 19:40 编辑

KIS 清空
[mw_shl_code=html,true]25.11.2014 19.35.47;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e;11/25/2014 19:35:47;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.46;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b;11/25/2014 19:35:46;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.45;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9;11/25/2014 19:35:45;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.44;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823;11/25/2014 19:35:44;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.43;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926;11/25/2014 19:35:43;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.42;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7;11/25/2014 19:35:42;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.41;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db;11/25/2014 19:35:41;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.40;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f;11/25/2014 19:35:40;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.39;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379;11/25/2014 19:35:39;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.38;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355;11/25/2014 19:35:38;Rootkit.Win32.Regin.a

25.11.2014 19.35.36;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669;11/25/2014 19:35:36;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.35;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe;11/25/2014 19:35:35;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.34;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047;11/25/2014 19:35:34;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.32;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce;11/25/2014 19:35:32;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.29;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513;11/25/2014 19:35:29;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.28;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902;11/25/2014 19:35:28;Rootkit.Win32.Regin.a

25.11.2014 19.35.26;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e;11/25/2014 19:35:26;HEUR:Trojan.Win32.Regin.gen

25.11.2014 19.35.22;检测到的对象（文件）已删除;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430;2345好压;C:\Users\MrChenWei\Desktop\新建文件夹\Regin\225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430;11/25/2014 19:35:22;HEUR:Trojan.Win32.Regin.gen

25.11.2014 18.24.02;任务已启动;文件反病毒;11/25/2014 18:24:02
25.11.2014 18.10.36;任务已启动;文件反病毒;11/25/2014 18:10:36
[/mw_shl_code]

显示全部楼层 · 发表于 2014-11-25 19:41:49

显示全部楼层 · 发表于 2014-11-25 19:46:18

Baidu Antivirus云清空

显示全部楼层 · 发表于 2014-11-25 19:54:24

VSE清空

显示全部楼层 · 发表于 2014-11-25 19:57:34

红伞清空

显示全部楼层 · 发表于 2014-11-25 21:34:46

显示全部楼层 · 发表于 2014-11-25 21:36:53

Dr.web清空

显示全部楼层 · 发表于 2014-11-25 22:10:28

好压EAV火绒扫描KILL ALL

[病毒样本] Regin (12L 更新)

本帖子中包含更多资源

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块