Detection ratio: 3 / 55 B38E.tmp.exe 挑战加密挂马

yuzhi3366853

sanhu35 发表于 2015-12-2 13:32
不能直接看到详情，几个按钮太大了

话说详情也没什么看的，动作什么的就一句话概括，完全看不出来

每顿需吃三大碗

驭龙 发表于 2015-12-2 12:37
ESS MISS

ESET9入库已经开始杀了。解压杀！

驭龙

每顿需吃三大碗 发表于 2015-12-2 14:20
ESET9入库已经开始杀了。解压杀！

ESET的入库确实是很快，不过如果第一时间内测试楼主发的样本，大部分都是MISS，但半天或者一天以后，大多数都是杀的

lixihong10

双击，然后就没了？
win7 64

狐狸糊涂

ccboxes 发表于 2015-12-2 13:36
BD扫描杀，双击无反应，系统无异常，我的文档内文档正常。对照LZ贴出的行为，未发现可疑文件、启动项 ...

BD双击ATC拦载并删除样本

墨家小子

lixihong10 发表于 2015-12-2 14:36
双击，然后就没了？
win7 64

坐等你的好消息

lixihong10

墨家小子 发表于 2015-12-2 15:20
坐等你的好消息

我估计我电脑跑不起来。因为我的系统盘是D盘
自带免疫？
双击程序直接退出了。

墨家小子

lixihong10 发表于 2015-12-2 15:25
我估计我电脑跑不起来。因为我的系统盘是D盘
自带免疫？
双击程序直接退出了。

拉倒吧 可能是被我神墙各种污染连不回服务器导致的，你试试挂着VPN看看

lixihong10

墨家小子 发表于 2015-12-2 15:27
拉倒吧 可能是被我神墙各种污染连不回服务器导致的，你试试挂着VPN看看

[mw_shl_code=xml,true]This XML file does not appear to have any style information associated with it. The document tree is shown below.
<vscope ver="2.0">
<process pid="6472" path="R:\B38E.tmp.exe" cmdline="" createtime="2015-12-02T07:27:39.931Z" termtime="2015-12-02T07:27:41.376Z" sha1="F3BFBB802823289FC4D1D977A6876C84F9E2F911" hashCrc32="1441715724" trusted="false" detected="false" restrictionLevel="NoRestriction" parentpath="R:\COMODO跑过程.exe">
<activities>
<activity timestamp="2015-12-02T07:27:40.101Z" id="800482" type="FindFile" path="R:\" pattern="*"/>
<activity timestamp="2015-12-02T07:27:40.165Z" id="800483" type="KernelObject" name="\Sessions\1\BaseNamedObjects\mchMixCache$1948" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.165Z" id="800486" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b6ff64" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.166Z" id="800493" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b706e4" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.167Z" id="800500" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b70864" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.167Z" id="800507" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b707d4" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.168Z" id="800514" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b6fff4" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.168Z" id="800521" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b70074" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.169Z" id="800528" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b71ca4" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.169Z" id="800535" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b71d7c" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.170Z" id="800542" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b6fca0" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.170Z" id="800549" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b70684" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.171Z" id="800556" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b70de4" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.171Z" id="800563" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b71bd4" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.172Z" id="800570" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b6ff94" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.173Z" id="800577" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b6fdb8" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.173Z" id="800580" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b6fdb8" isCreate="true" objectType="Section"/>
<activity timestamp="2015-12-02T07:27:40.173Z" id="800585" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b700a4" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.173Z" id="800588" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b700a4" isCreate="true" objectType="Section"/>
<activity timestamp="2015-12-02T07:27:40.174Z" id="800593" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b6 fd54" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.174Z" id="800596" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b6fd54" isCreate="true" objectType="Section"/>
<activity timestamp="2015-12-02T07:27:40.174Z" id="800601" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b6feb0" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.175Z" id="800604" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b6feb0" isCreate="true" objectType="Section"/>
<activity timestamp="2015-12-02T07:27:40.175Z" id="800609" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b7087c" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.175Z" id="800612" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b7087c" isCreate="true" objectType="Section"/>
<activity timestamp="2015-12-02T07:27:40.176Z" id="800617" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b70ec8" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.176Z" id="800620" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b70ec8" isCreate="true" objectType="Section"/>
<activity timestamp="2015-12-02T07:27:40.176Z" id="800625" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b6fb18" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.177Z" id="800628" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b6fb18" isCreate="true" objectType="Section"/>
<activity timestamp="2015-12-02T07:27:40.177Z" id="800633" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b70894" isCreate="true" objectType="Mutex"/>
<acti vity="" timestamp="2015-12-02T07:27:40.177Z" id="800636" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b70894" isCreate="true" objectType="Section"/>
<activity timestamp="2015-12-02T07:27:40.178Z" id="800641" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00001948, API $77b703a8" isCreate="true" objectType="Mutex"/>
<activity timestamp="2015-12-02T07:27:40.178Z" id="800644" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00001948, API $77b703a8" isCreate="true" objectType="Section"/>
</activities>
<children/>
</process>
</vscope>[/mw_shl_code]

一闪而过而已。
另外就算被墙了，也会有访问socks记录的

墨家小子

lixihong10 发表于 2015-12-2 15:33
[mw_shl_code=xml,true]This XML file does not appear to have any style information associated with  ...

你们的系统都是这么强呢