收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 一个毒窟(222.49.122.224:360)
12下一页
返回列表 发新帖
查看: 5403|回复: 14
收起左侧

[病毒样本] 一个毒窟(222.49.122.224:360)

[复制链接]
heishen2010
发表于 2015-5-8 22:17:54 | 显示全部楼层 |阅读模式

链接地址:
hxxp://222.49.122.224:360/


打包下载:
http://pan.baidu.com/s/1bn8lxAB 密码: nxbg
回复

举报

230f4
发表于 2015-5-8 22:18:19 来自手机 | 显示全部楼层
本帖最后由 230f4 于 2015-5-8 22:43 编辑

ess占楼

起码杀了16个吧
回复

举报

ericdj
发表于 2015-5-8 22:57:10 | 显示全部楼层
本帖最后由 ericdj 于 2015-5-8 23:08 编辑

蛋挞解压时就各种报


    51 files checked
    26 infected files detected


还有四个是密码保护的

The following files are password-protected:
        ----------------------------------------------------------------
        C:\Users\eric\Desktop\virus\222.49.122.224;360\360arp.zip
        C:\Users\eric\Desktop\virus\222.49.122.224;360\fr12.zip
        C:\Users\eric\Desktop\virus\222.49.122.224;360\HM.exe
        C:\Users\eric\Desktop\virus\222.49.122.224;360\HM.zip
        ----------------------------------------------------------------


[mw_shl_code=html,true]Virus check with G DATA INTERNET SECURITY
Version 25.1.0.3 (2015/4/7)
Virus signature dated 2015/5/8

Engine(s): Engine A (AVA 25.1458), Engine B (GD 25.5065)
Heuristics: On
Archives: On
System areas: Off
Check rootkits: Off



Analysis performed in full: 2012/1/31 23:04:42
    51 files checked
    26 infected files detected
    0 suspicious files found


Archive: 445.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Trojan.Generic.14447850, Exploit.Gimmiv.A (Engine A)
        ----------------------------------------------------------------
        Object: 445/nc.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\445.zip
                Status: Virus detected
                Virus: Trojan.Generic.14447850
        Object: 445/XO.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\445.zip
                Status: Virus detected
                Virus: Exploit.Gimmiv.A
        ----------------------------------------------------------------

Archive: bp.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Variant.Zegost.2 (Engine A)
        ----------------------------------------------------------------
        Object: bp.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\bp.zip
                Status: Virus detected
                Virus: Gen:Variant.Zegost.2
        ----------------------------------------------------------------

Archive: 360arp.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Trojan.GenericKD.2153496 (Engine A)
        ----------------------------------------------------------------
        Object: ARP抓鸡智障汉化版/ARP网马生成器.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\360arp.zip
                Status: Virus detected
                Virus: Trojan.GenericKD.2153496
        ----------------------------------------------------------------

Archive: DUBrute.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Application.Brute.B, Gen:Variant.Kazy.191811 (Engine A)
        ----------------------------------------------------------------
        Object: DUBrute多密码爆破/DUBrute.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\DUBrute.zip
                Status: Junkware (PUP) found
                Virus: Application.Brute.B
        Object: DUBrute多密码爆破/s.dll
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\DUBrute.zip
                Status: Virus detected
                Virus: Gen:Variant.Kazy.191811
        ----------------------------------------------------------------

Archive: Cain4.9.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Virtool.Cain.A (Engine A)
        ----------------------------------------------------------------
        Object: Cain4.9/Cain4.9/Abel.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\Cain4.9.zip
                Status: Virus detected
                Virus: Virtool.Cain.A
        ----------------------------------------------------------------

Archive: GetPass.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Trojan.Generic.13653206 (Engine A)
        ----------------------------------------------------------------
        Object: GetPassword.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\GetPass.zip
                Status: Virus detected
                Virus: Trojan.Generic.13653206
        ----------------------------------------------------------------

Archive: gp.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Variant.Zegost.2 (Engine A)
        ----------------------------------------------------------------
        Object: gp.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\gp.zip
                Status: Virus detected
                Virus: Gen:Variant.Zegost.2
        ----------------------------------------------------------------

Object: gy.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Variant.Zegost.2 (Engine A)

Archive: iisshell.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Trojan.Delphi.T (Engine A)
        ----------------------------------------------------------------
        Object: iiswrite.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\iisshell.zip
                Status: Virus detected
                Virus: Trojan.Delphi.T
        ----------------------------------------------------------------

Archive: kuaibo.html
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Exploit.CVE-2014-6332.Gen (2x) (Engine A)
        ----------------------------------------------------------------
        Object: (VBSCRIPT   2)
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\kuaibo.html
                Status: Virus detected
                Virus: Exploit.CVE-2014-6332.Gen
        Object: (VBSCRIPT-COMPILATION)
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\kuaibo.html
                Status: Virus detected
                Virus: Exploit.CVE-2014-6332.Gen
        ----------------------------------------------------------------

Archive: jgw.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Variant.Zegost.2 (Engine A)
        ----------------------------------------------------------------
        Object: jgw.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\jgw.zip
                Status: Virus detected
                Virus: Gen:Variant.Zegost.2
        ----------------------------------------------------------------

Archive: lw.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Variant.Zegost.2 (Engine A)
        ----------------------------------------------------------------
        Object: lw.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\lw.zip
                Status: Virus detected
                Virus: Gen:Variant.Zegost.2
        ----------------------------------------------------------------

Object: MZD.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Trojan.GenericKD.2362101 (Engine A)

Archive: NT_scan.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Junkware (PUP) found
        Virus: Application.Tool.5276 (Engine A)
        ----------------------------------------------------------------
        Object: NT_scan.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\NT_scan.zip
                Status: Junkware (PUP) found
                Virus: Application.Tool.5276
        ----------------------------------------------------------------

Archive: pubwin.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Junkware (PUP) found
        Virus: Win64.Riskware.BitCoinMiner.E (Engine B)
        ----------------------------------------------------------------
        Object: svchost.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\pubwin.zip
                Status: Junkware (PUP) found
                Virus: Win64.Riskware.BitCoinMiner.E
        ----------------------------------------------------------------

Object: ReadPWD.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Junkware (PUP) found
        Virus: Application.Generic.1250899 (Engine A)

Object: ReadPWD.txt
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Junkware (PUP) found
        Virus: Application.Generic.1250899 (Engine A)

Object: sql.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Variant.Zegost.2 (Engine A)

Archive: sql.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Variant.Zegost.2 (Engine A)
        ----------------------------------------------------------------
        Object: sql.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\sql.zip
                Status: Virus detected
                Virus: Gen:Variant.Zegost.2
        ----------------------------------------------------------------

Archive: NET.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Trojan.Heur.ez0auWR1pEji (Engine A)
        ----------------------------------------------------------------
        Object: (RAR Sfx o)=>MSASCui.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\NET.exe
                Status: Virus detected
                Virus: Gen:Trojan.Heur.ez0auWR1pEji
        ----------------------------------------------------------------

Archive: system.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Trojan.Heur.RP.vHW@aaF0CDji, Gen:Trojan.Heur.ez0auWR1pEji (Engine A)
        ----------------------------------------------------------------
        Object: (RAR Sfx o)=>svchost.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\system.exe
                Status: Virus detected
                Virus: Gen:Trojan.Heur.RP.vHW@aaF0CDji
        Object: (RAR Sfx o)=>MSASCui.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\system.exe
                Status: Virus detected
                Virus: Gen:Trojan.Heur.ez0auWR1pEji
        ----------------------------------------------------------------

Object: Win32.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Gen:Variant.Graftor.162014 (Engine A)

Object: Win64.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Trojan.Generic.13184802 (Engine A)

Archive: 侠客.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Junkware (PUP) found
        Virus: Application.Passview.BK (Engine A)
        ----------------------------------------------------------------
        Object: ViewPass.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\侠客.zip
                Status: Junkware (PUP) found
                Virus: Application.Passview.BK
        ----------------------------------------------------------------

Object: 查找.exe
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Trojan.Generic.7362869 (Engine A)

Archive: 闪电扫描.zip
        Path: C:\Users\eric\Desktop\virus\222.49.122.224;360
        Status: Virus detected
        Virus: Win32.Parite.B (Engine A)
        ----------------------------------------------------------------
        Object: 闪电扫描.exe
                In archive: C:\Users\eric\Desktop\virus\222.49.122.224;360\闪电扫描.zip
                Status: Virus detected
                Virus: Win32.Parite.B
        ----------------------------------------------------------------

The following files are password-protected:
        ----------------------------------------------------------------
        C:\Users\eric\Desktop\virus\222.49.122.224;360\360arp.zip
        C:\Users\eric\Desktop\virus\222.49.122.224;360\fr12.zip
        C:\Users\eric\Desktop\virus\222.49.122.224;360\HM.exe
        C:\Users\eric\Desktop\virus\222.49.122.224;360\HM.zip
        ----------------------------------------------------------------
[/mw_shl_code]

回复

举报

这样痴痴爱着你
发表于 2015-5-8 22:58:48 来自手机 | 显示全部楼层
本帖最后由 这样痴痴爱着你 于 2015-5-9 12:49 编辑

火绒修复7X,干掉13X,上报~
回复

举报

skyboybone
发表于 2015-5-8 23:00:40 | 显示全部楼层
本帖最后由 skyboybone 于 2015-5-8 23:15 编辑

金山云

开伞

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

欧阳宣
头像被屏蔽
发表于 2015-5-8 23:03:38 | 显示全部楼层
挺麻烦的,不知道加起来检测了多少个
[mw_shl_code=html,true]5/8/2015        10:45:49 PM        "E:\Virus\222.49.122.224;360\Utilmat.exe"        "Artemis!1F519484A9AD"        "3"

5/8/2015        10:45:51 PM        "E:\Virus\222.49.122.224;360\gp.zip"        "BackDoor-CEP.gen.cn"        "2"

5/8/2015        10:45:53 PM        "E:\Virus\222.49.122.224;360\HM.exe"        "Artemis!6256460EDD1E"        "2"

5/8/2015        10:45:55 PM        "E:\Virus\222.49.122.224;360\iisshell.zip"        "Generic Delphi"        "2"

5/8/2015        10:45:55 PM        "E:\Virus\222.49.122.224;360\jgw.zip"        "BackDoor-CEP.gen.cn"        "2"

5/8/2015        10:45:56 PM        "E:\Virus\222.49.122.224;360\lw.zip"        "BackDoor-CEP.gen.cn"        "2"

5/8/2015        10:45:58 PM        "E:\Virus\222.49.122.224;360\NT_scan.zip"        "HTool-nts6"        "3"

5/8/2015        10:45:58 PM        "E:\Virus\222.49.122.224;360\pubwin.zip"        "CoinMiner"        "3"

5/8/2015        10:45:58 PM        "E:\Virus\222.49.122.224;360\MZD.exe"        "Artemis!C0B5B96B0BF4"        "3"

5/8/2015        10:45:58 PM        "E:\Virus\222.49.122.224;360\MZD.exe"        "CoinMiner"        "3"

5/8/2015        10:45:58 PM        "E:\Virus\222.49.122.224;360\NET.exe"        "Artemis!C0B5B96B0BF4"        "3"

5/8/2015        10:46:00 PM        "E:\Virus\222.49.122.224;360\system.exe"        "Artemis!C0B5B96B0BF4"        "3"

5/8/2015        10:46:00 PM        "E:\Virus\222.49.122.224;360\DUBrute.zip"        "Artemis!9BC70AB91410"        "3"

5/8/2015        10:46:01 PM        "E:\Virus\222.49.122.224;360\sql.zip"        "BackDoor-CEP.gen.cn"        "2"

5/8/2015        10:46:01 PM        "E:\Virus\222.49.122.224;360\Cain4.9.zip"        "Artemis!F2017531EC00"        "3"

5/8/2015        10:46:03 PM        "E:\Virus\222.49.122.224;360\Cain4.9.zip"        "PWCrack-Cain"        "3"

5/8/2015        10:46:04 PM        "E:\Virus\222.49.122.224;360\445.zip"        "RDN/Gaobot.worm!f"        "1"

5/8/2015        10:46:05 PM        "E:\Virus\222.49.122.224;360\bp.zip"        "BackDoor-CEP.gen.cn"        "2"

5/8/2015        10:46:05 PM        "E:\Virus\222.49.122.224;360\DUBrute.zip"        "Artemis!956958B30819"        "2"

5/8/2015        10:46:06 PM        "E:\Virus\222.49.122.224;360\侠客.zip"        "Artemis!6D6AA047AB4D"        "3"

5/8/2015        10:46:06 PM        "E:\Virus\222.49.122.224;360\445.zip"        "Artemis!1ACA4310315D"        "3"

5/8/2015        10:46:06 PM        "E:\Virus\222.49.122.224;360\360arp.zip"        "New Malware.dz"        "2"

5/8/2015        10:46:06 PM        "E:\Virus\222.49.122.224;360\360arp.zip"        "New Malware.dz"        "2"

5/8/2015        10:46:09 PM        "E:\Virus\222.49.122.224;360\DUBrute.zip"        "Artemis!D6A68D4B4543"        "2"

5/8/2015        10:46:09 PM        "E:\Virus\222.49.122.224;360\闪电扫描.zip"        "W32/Pate.b"        "1"

5/8/2015        10:46:09 PM        "E:\Virus\222.49.122.224;360\445.zip"        "Exploit-MS08-067"        "2"

5/8/2015        10:46:10 PM        "E:\Virus\222.49.122.224;360\DUBrute.zip"        "Artemis!693C164DC810"        "3"

5/8/2015        10:46:10 PM        "E:\Virus\222.49.122.224;360\侠客.zip"        "Artemis!E99B199A3D60"        "2"

5/8/2015        11:00:19 PM        "E:\Virus\222.49.122.224;360\ViewPass.exe"        "Artemis!6D6AA047AB4D"        "3"

5/8/2015        11:00:22 PM        "E:\Virus\222.49.122.224;360\LookCode.exe"        "Artemis!D4DE4AEAAC1C"        "2"

5/8/2015        11:00:22 PM        "E:\Virus\222.49.122.224;360\Windows Loader\Windows Loader.exe"        "Artemis!78967A121A7C"        "2"

5/8/2015        11:00:23 PM        "E:\Virus\222.49.122.224;360\445.zip"        "Artemis!1ACA4310315D"        "3"

5/8/2015        10:43:31 PM        "E:\Virus\222.49.122.224;360\kuaibo.html"        "Exploit-CVE2014-6332"        "2"

5/8/2015        10:43:33 PM        "E:\Virus\222.49.122.224;360\IISPutScanner.exe"        "Generic HTool.i"        "2"

5/8/2015        10:43:33 PM        "E:\Virus\222.49.122.224;360\gy.exe"        "BackDoor-CEP.gen.cn"        "2"

5/8/2015        10:43:35 PM        "E:\Virus\222.49.122.224;360\ReadPWD.exe"        "HackTool-UINFO"        "3"

5/8/2015        10:43:36 PM        "E:\Virus\222.49.122.224;360\ReadPWD.txt"        "HackTool-UINFO"        "3"

5/8/2015        10:43:37 PM        "E:\Virus\222.49.122.224;360\ReadPWD86.txt"        "HackTool-UINFO"        "3"

5/8/2015        10:43:38 PM        "E:\Virus\222.49.122.224;360\sql.exe"        "BackDoor-CEP.gen.cn"        "2"

5/8/2015        10:43:45 PM        "E:\Virus\222.49.122.224;360\Utilmat.exe"        "Artemis!1F519484A9AD"        "3"

5/8/2015        10:43:47 PM        "E:\Virus\222.49.122.224;360\Win32.exe"        "Exploit-FML!76A033863C37"        "2"

5/8/2015        10:43:49 PM        "E:\Virus\222.49.122.224;360\Win64.exe"        "Artemis!D905E66B629B"        "2"

5/8/2015        10:43:50 PM        "E:\Virus\222.49.122.224;360\查找.exe"        "Artemis!C5891FA18314"        "2"

5/8/2015        10:44:01 PM        "E:\Virus\222.49.122.224;360\ReadPWD.exe"        "HackTool-UINFO"        "3"

5/8/2015        10:44:18 PM        "E:\Virus\222.49.122.224;360\Utilmat.exe"        "Artemis!1F519484A9AD"        "3"

5/8/2015        10:45:21 PM        "E:\Virus\222.49.122.224;360\Utilmat.exe"        "Artemis!1F519484A9AD"        "3"

5/8/2015        10:45:53 PM        "E:\Virus\222.49.122.224;360\Utilmat.exe"        "Artemis!1F519484A9AD"        "3"

5/8/2015        10:59:01 PM        "E:\Virus\222.49.122.224;360\445\s.exe"        "Artemis!1ACA4310315D"        "3"

5/8/2015        10:59:06 PM        "E:\Virus\222.49.122.224;360\DUBrute多密码爆破\DUBrute.exe"        "Artemis!9BC70AB91410"        "3"

5/8/2015        10:59:21 PM        "E:\Virus\222.49.122.224;360\DUBrute多密码爆破\监听器.exe"        "Artemis!693C164DC810"        "3"

5/8/2015        10:59:22 PM        "E:\Virus\222.49.122.224;360\ViewPass.exe"        "Artemis!6D6AA047AB4D"        "3"[/mw_shl_code]
回复

举报

学雷锋做人
头像被屏蔽
发表于 2015-5-8 23:05:37 | 显示全部楼层
本帖最后由 学雷锋做人 于 2015-5-8 23:19 编辑

360安全卫士(关伞):21个

FD:26个

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

windows7爱好者
发表于 2015-5-8 23:07:11 | 显示全部楼层
DR.WEB占楼
回复

举报

XywCloud
发表于 2015-5-8 23:49:16 | 显示全部楼层
跳过测试。
回复

举报

心痛的伤不起
发表于 2015-5-8 23:52:54 | 显示全部楼层
fs直接拦截网站
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-25 09:19 , Processed in 0.128859 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表