收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 诱惑我点击,可是我还是禁不住诱惑
123下一页
返回列表 发新帖
查看: 6390|回复: 25
收起左侧

[可疑文件] 诱惑我点击,可是我还是禁不住诱惑

[复制链接]
liangxy
头像被屏蔽
发表于 2015-8-23 09:58:30 | 显示全部楼层 |阅读模式
本帖最后由 liangxy 于 2015-8-23 09:59 编辑

如题,诱惑我点击,可是我还是禁不住诱惑!但是机智的我没有安装
请大家鉴定下是否病毒,不是的话我就安装看如何

http://pan.baidu.com/s/1jG2DTwa 密码:h7i5
回复

举报

aboringman
发表于 2015-8-23 10:03:08 | 显示全部楼层
TrendMicro kill it
[mw_shl_code=css,true]Threat:        HEU_AEGIS_HttpDownloadChecker
Source:        Threat
Affected Files:        c:\documents and…2.6.3.1_beta.exe
Response:        Removed
Detected By:        Real Time Scan[/mw_shl_code]
回复

举报

tanshi1990
发表于 2015-8-23 10:07:03 | 显示全部楼层
aboringman 发表于 2015-8-23 10:03
TrendMicro kill it
[mw_shl_code=css,true]Threat:        HEU_AEGIS_HttpDownloadChecker
Source:        Threa ...

我的趋势怎么不杀
回复

举报

神迹般存在
发表于 2015-8-23 10:08:04 | 显示全部楼层
KIS 2015 missed.
KSN:

Have sent to Kaspersky Lab.

分析:
[mw_shl_code=css,true]基本信息
文件名称:       
nbvod_setup_2.6.3.1_beta.exe
MD5:        9859edeae6a69724296201cef37c33fc
文件类型:        Cab
上传时间:        2015-08-23 10:04:59
出品公司:        N/A
版本:        2.6.3.1---2.6.3.1
壳或编译器信息:        N/A
关键行为
行为描述:        隐藏指定窗口
详情信息:       
[Window,Class] = [全选,Button]
[Window,Class] = [全不选,Button]
[Window,Class] = [恢复默认,Button]
[Window,Class] = [,Button]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [<,CMIButton]
[Window,Class] = [>,CMIButton]
[Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
[Window,Class] = [,_EL_ShapeBox]
[Window,Class] = [,CPageControl]
[Window,Class] = [,Afx:400000:b:10011:110005b:0]
[Window,Class] = [,Afx:400000:b:10011:0:0]
[Window,Class] = [,_EL_Timer]
行为描述:        屏蔽窗口关闭消息
详情信息:       
hWnd = 0x00050236, Text = 奶播影视盒子 V2.6 beta 安装向导, ClassName = #32770.
行为描述:        在桌面创建快捷方式
详情信息:       
C:\Documents and Settings\All Users\桌面\奶播盒子.lnk
行为描述:        写权限映射文件
详情信息:       
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MBI..NEIIG
MSCTF.MarshalInterface.FileMap.MBI.B.NEIIG
MSCTF.MarshalInterface.FileMap.MBI.C.NEIIG
MSCTF.MarshalInterface.FileMap.MBI.D.NEIIG
MSCTF.MarshalInterface.FileMap.MBI.E.NFIIG
MSCTF.MarshalInterface.FileMap.MBI.F.NFIIG
MSCTF.MarshalInterface.FileMap.MBI.G.NFIIG
AtlDebugAllocator_FileMappingNameStatic3_818
Local\UrlZonesSM_Administrator
Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_245760
MSCTF.Shared.SFM.MBI
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
994FDA94-16E1-42c2-9588-7AC381F77249
行为描述:        设置特殊文件夹属性
详情信息:       
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
行为描述:        按名称获取主机地址
详情信息:       
wpad
box.naibo.co
iploc.daddymami.net
cloudcfg.daddymami.net
iploc.726.com
acctrack.daddymami.net
stun.kuaibo.com
text-ad.kuaibo.com
cache.daddymami.net
vtrack.daddymami.net
mtracker.yunfan.com
进程行为
行为描述:        隐藏窗口创建进程
详情信息:       
ImagePath = c:\program files\naibo\player\qvodplayer.exe, CmdLine = "c:\program files\naibo\player\qvodplayer.exe" -insert
行为描述:        创建新文件进程
详情信息:       
ImagePath = C:\Program Files\Naibo\Nb_Player.exe, CmdLine = "C:\Program Files\Naibo\Nb_Player.exe"
ImagePath = C:\Program Files\Naibo\Player\QvodTerminal.exe, CmdLine = "C:\Program Files\Naibo\Player\QvodTerminal.exe"
ImagePath = C:\Program Files\Naibo\Player\QvodPlayer.exe, CmdLine = "C:\Program Files\Naibo\Player\QvodPlayer.exe" -insert
行为描述:        枚举进程
详情信息:       
N/A
文件行为
行为描述:        在系统敏感位置(如开始菜单等)释放链接或快捷方式
详情信息:       
C:\Documents and Settings\All Users\「开始」菜单\程序\奶播盒子\打开奶播.lnk
行为描述:        创建可执行文件
详情信息:       
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\FindProcDLL.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\Inetc.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\BrandingURL.dll
C:\Program Files\Naibo\Player\Codecs\CoreAAC.ax
C:\Program Files\Naibo\Player\Codecs\CoreAVC.ax
C:\Program Files\Naibo\Player\Codecs\MP4Splitter.ax
C:\Program Files\Naibo\Player\Codecs\MatroskaSplitter.ax
C:\Program Files\Naibo\Player\Codecs\QvodSound.ax
C:\Program Files\Naibo\Player\Codecs\QvodSource.dll
C:\Program Files\Naibo\Player\Codecs\RealMediaSplitter.ax
C:\Program Files\Naibo\Player\Codecs\real\atrc.dll
C:\Program Files\Naibo\Player\Codecs\real\cook.dll
C:\Program Files\Naibo\Player\Codecs\real\drv2.dll
C:\Program Files\Naibo\Player\Codecs\real\drvc.dll
行为描述:        查找文件
详情信息:       
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\welcom_header.bmp
FileName = C:\Program Files\Naibo
FileName = C:\Program Files
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\directory_header.bmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\instfiles_header.bmp
FileName = C:\Documents and Settings\All Users\Application Data
FileName = C:\Documents and Settings\All Users\Application Data\QvodPlayer\Data.txt
FileName = C:\Documents and Settings\All Users\Application Data\QvodPlayer\QvodBarrage.ini
行为描述:        在桌面创建快捷方式
详情信息:       
C:\Documents and Settings\All Users\桌面\奶播盒子.lnk
行为描述:        写权限映射文件
详情信息:       
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
MSCTF.MarshalInterface.FileMap.MBI..NEIIG
MSCTF.MarshalInterface.FileMap.MBI.B.NEIIG
MSCTF.MarshalInterface.FileMap.MBI.C.NEIIG
MSCTF.MarshalInterface.FileMap.MBI.D.NEIIG
MSCTF.MarshalInterface.FileMap.MBI.E.NFIIG
MSCTF.MarshalInterface.FileMap.MBI.F.NFIIG
MSCTF.MarshalInterface.FileMap.MBI.G.NFIIG
AtlDebugAllocator_FileMappingNameStatic3_818
Local\UrlZonesSM_Administrator
Local\C:_Documents and Settings_Administrator_IETldCache_index.dat_245760
MSCTF.Shared.SFM.MBI
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
994FDA94-16E1-42c2-9588-7AC381F77249
行为描述:        设置特殊文件夹属性
详情信息:       
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
行为描述:        修改文件内容
详情信息:       
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\soft.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\welcom_header.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\directory_header.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\instfiles_header.bmp---> Offset = 49152
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\newfeather.bmp---> Offset = 49152
C:\Program Files\Naibo\Player\Skins\about_logo.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\logo_2.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\shortcur_logo.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\Common\2t3d_button_left.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\Common\2t3d_button_mid.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\Common\2t3d_button_right.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\Common\2t3d_goback.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\Common\2t3d_top.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\Common\2t3d_top4.png---> Offset = 0
C:\Program Files\Naibo\Player\Skins\Common\2t3d_topdef.png---> Offset = 0
网络行为
行为描述:        发送一个已连接的套接字数据
详情信息:       
SOCKET = 0x0000048c, TotalSize = 24, Offset = 0, ReadSize = 24.
SOCKET = 0x00000438, TotalSize = 24, Offset = 0, ReadSize = 24.
SOCKET = 0x00000434, TotalSize = 24, Offset = 0, ReadSize = 24.
SOCKET = 0x0000027c, TotalSize = 24, Offset = 0, ReadSize = 24.
SOCKET = 0x00000148, TotalSize = 222, Offset = 0, ReadSize = 222.
SOCKET = 0x00000148, TotalSize = 216, Offset = 0, ReadSize = 216.
SOCKET = 0x00000188, TotalSize = 154, Offset = 0, ReadSize = 154.
SOCKET = 0x00000488, TotalSize = 24, Offset = 0, ReadSize = 24.
SOCKET = 0x000004e8, TotalSize = 24, Offset = 0, ReadSize = 24.
行为描述:        建立到一个指定的套接字连接
详情信息:       
127.0.0.1:8081
219.133.40.1:80
60.55.34.166:80
60.12.207.166:80
183.60.41.29:80
112.90.54.221:80
行为描述:        按名称获取主机地址
详情信息:       
wpad
box.naibo.co
iploc.daddymami.net
cloudcfg.daddymami.net
iploc.726.com
acctrack.daddymami.net
stun.kuaibo.com
text-ad.kuaibo.com
cache.daddymami.net
vtrack.daddymami.net
mtracker.yunfan.com
注册表行为
行为描述:        修改注册表
详情信息:       
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\temp\DEBUG\Trace Level
\REGISTRY\MACHINE\SOFTWARE\NaiboPlayer\InstallDir
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Program Files\Naibo\Nb_Player.exe
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{2462C5DB-27C6-4CE8-81EF-3204D612A421}\
\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\QvodInsert.DLL\AppID
\REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl.1\
\REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl.1\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl\
\REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl\CLSID\
\REGISTRY\MACHINE\SOFTWARE\Classes\QvodInsert.QvodCtrl\CurVer\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\VersionIndependentProgID\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\InprocServer32\
行为描述:        删除注册表键
详情信息:       
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW
行为描述:        删除注册表键值_IE连接设置
详情信息:       
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述:        删除注册表键值
详情信息:       
\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\temp\DEBUG\Trace Level
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\QvodPlayer.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\QvodPlayer.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION\QvodPlayer.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION\QvodPlayer.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\QvodPlayer.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG\QvodPlayer.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\QvodPlayer.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\QvodPlayer.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation\QvodPlayer.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation\QvodPlayer.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\QvodPlayer.exe
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\QvodPlayer.exe
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING\QvodWeb.exe
其他行为
行为描述:        创建互斥体
详情信息:       
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
奶播影视盒子 V2.6 beta
MSCTF.Shared.MUTEX.AEH
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\c:!documents and settings!administrator!ietldcache!
MSCTF.Shared.MUTEX.MBI
行为描述:        隐藏指定窗口
详情信息:       
[Window,Class] = [全选,Button]
[Window,Class] = [全不选,Button]
[Window,Class] = [恢复默认,Button]
[Window,Class] = [,Button]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [<,CMIButton]
[Window,Class] = [>,CMIButton]
[Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
[Window,Class] = [,_EL_ShapeBox]
[Window,Class] = [,CPageControl]
[Window,Class] = [,Afx:400000:b:10011:110005b:0]
[Window,Class] = [,Afx:400000:b:10011:0:0]
[Window,Class] = [,_EL_Timer]
行为描述:        查找指定窗口
详情信息:       
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [QVODPLAYERWND,快播]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Qvod Terminal,]
NtUserFindWindowEx: [Class,Window] = [QVODPLAYERWND,]
行为描述:        窗口信息
详情信息:       
Pid = 2072, Hwnd=0x4020e, Text = unpacking data: 92%, ClassName = Static.
Pid = 2072, Hwnd=0x70196, Text = Please wait while Setup is loading..., ClassName = Static.
Pid = 2072, Hwnd=0x30236, Text = unpacking data: 92%, ClassName = #32770.
Pid = 2072, Hwnd=0x401ca, Text = 下一步(&N) >, ClassName = Button.
Pid = 2072, Hwnd=0x40228, Text = 取消(&C), ClassName = Button.
Pid = 2072, Hwnd=0x401be, Text = 注:未经授权禁止安装使用, ClassName = Static.
Pid = 2072, Hwnd=0x6020e, Text = 全选, ClassName = Button.
Pid = 2072, Hwnd=0x601ce, Text = 全不选, ClassName = Button.
Pid = 2072, Hwnd=0x90196, Text = 恢复默认, ClassName = Button.
Pid = 2072, Hwnd=0x301fc, Text = 华人装机必备软件,在您的支持下,我们一定能日趋完善,为您提供更棒的服务 新版本特性: 1.所有用户免广告、看所有频道,更多精彩等你来, ClassName = Static.
Pid = 2072, Hwnd=0x301c4, Text = 奶播影视盒子 是全球领先的激情播放平台。 说明:采用新的更新技术,保证使用再不会失效! 本向导将引导你完成奶播影视盒子客户端的安装。, ClassName = Static.
Pid = 2072, Hwnd=0x50236, Text = 奶播影视盒子 V2.6 beta 安装向导, ClassName = #32770.
Pid = 2072, Hwnd=0x401e6, Text = < 上一步(&B), ClassName = Button.
Pid = 2072, Hwnd=0x401ca, Text = 安装(&I), ClassName = Button.
Pid = 2072, Hwnd=0x401c4, Text = C:\Program Files\Naibo, ClassName = Edit.
行为描述:        获取系统权限
详情信息:       
SE_LOAD_DRIVER_PRIVILEGE
SE_MANAGE_VOLUME_PRIVILEGE
行为描述:        获取TickCount值
详情信息:       
TickCount = 432487, SleepMilliseconds = 50.
TickCount = 432550, SleepMilliseconds = 50.
TickCount = 432565, SleepMilliseconds = 50.
TickCount = 432581, SleepMilliseconds = 50.
TickCount = 432831, SleepMilliseconds = 50.
TickCount = 432846, SleepMilliseconds = 50.
TickCount = 432862, SleepMilliseconds = 50.
TickCount = 432893, SleepMilliseconds = 50.
TickCount = 432909, SleepMilliseconds = 50.
TickCount = 432925, SleepMilliseconds = 50.
TickCount = 432987, SleepMilliseconds = 50.
TickCount = 435987, SleepMilliseconds = 50.
TickCount = 436018, SleepMilliseconds = 50.
TickCount = 436034, SleepMilliseconds = 50.
TickCount = 436065, SleepMilliseconds = 50.
行为描述:        屏蔽窗口关闭消息
详情信息:       
hWnd = 0x00050236, Text = 奶播影视盒子 V2.6 beta 安装向导, ClassName = #32770.
行为描述:        打开HTTP连接
详情信息:       
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
行为描述:        内联HOOK
详情信息:       
C:\WINDOWS\system32\ntdll.dll--->LdrFindResource_U Offset = 0x0
C:\WINDOWS\system32\ntdll.dll--->LdrAccessResource Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->LoadStringA Offset = 0x0
C:\WINDOWS\system32\USER32.dll--->LoadStringW Offset = 0x0
行为描述:        打开图片文件
详情信息:       
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\welcom_header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\directory_header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\instfiles_header.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\newfeather.bmp
\Program Files\Naibo\Player\Skins\Common\media_film.bmp
\Program Files\Naibo\Player\Skins\Common\media_music.bmp
\Program Files\Naibo\Player\Skins\Common\progress_left.bmp
\Program Files\Naibo\Player\Skins\Common\progress_right.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsx5.tmp\finish_header.bmp[/mw_shl_code]
运行截图

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

pal家族
发表于 2015-8-23 10:14:21 | 显示全部楼层
aboringman 发表于 2015-8-23 10:03
TrendMicro kill it
[mw_shl_code=css,true]Threat:        HEU_AEGIS_HttpDownloadChecker
Source:        Threa ...


错误回复,抱歉,编辑掉
回复

举报

辽宁大连~~小海
发表于 2015-8-23 10:20:52 | 显示全部楼层
现在都不用动态防御了

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

aboringman
发表于 2015-8-23 10:22:16 | 显示全部楼层
tanshi1990 发表于 2015-8-23 10:07
我的趋势怎么不杀

双击你就知道了
回复

举报

XywCloud
发表于 2015-8-23 10:22:23 | 显示全部楼层
SUD to BAV
回复

举报

liangxy
头像被屏蔽
 楼主| 发表于 2015-8-23 10:23:23 | 显示全部楼层
神迹般存在 发表于 2015-8-23 10:08
KIS 2015 missed.
KSN:

谢谢,看样子还是QVOD啊
回复

举报

tanshi1990
发表于 2015-8-23 10:48:10 | 显示全部楼层
aboringman 发表于 2015-8-23 10:22
双击你就知道了

不敢
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-22 01:41 , Processed in 0.129320 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表