本帖最后由 ericdj 于 2015-12-30 17:02 编辑
4273205.exe
bav 右键miss
(PS:最新版红伞引擎怎么不见了 )
拉进度娘沙箱
HitmanPro Alert 拦截(话说这货弹窗,居然还没法截图 )
日志
[mw_shl_code=css,true]Stack Trace
# Address Module Location
-- -------- ------------------------ ----------------------------------------
1 002353F3 (anonymous)
85c0 TEST EAX, EAX
0f84f4000000 JZ 0x2354ef
8945fc MOV [EBP-0x4], EAX
fc CLD
8b7508 MOV ESI, [EBP+0x8]
8b7dfc MOV EDI, [EBP-0x4]
8b4d0c MOV ECX, [EBP+0xc]
c1e902 SHR ECX, 0x2
f3a5 REP MOVSD
8b55fc MOV EDX, [EBP-0x4]
03523c ADD EDX, [EDX+0x3c]
899568ffffff MOV [EBP-0x98], EDX
66f742160020 TEST WORD [EDX+0x16], 0x2000
740e JZ 0x23542f
8b8570ffffff MOV EAX, [EBP-0x90]
89856cffffff MOV [EBP-0x94], EAX
2 00401307 4273205.exe
Process Trace
1 C:\BavSandboxRoot\Default\Device\HarddiskVolume1\Users\Administrator\Desktop\virus\4273205.exe [5936]
"C:\Users\Administrator\Desktop\virus\4273205.exe"
2 C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxCtrl.exe [4480]
"C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxCtrl.exe" -start Default "C:\Users\Administrator\Desktop\virus\4273205.exe"
3 C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\bavadvtools\7B49036D-8FC2-4AA8-89A5-0B8B0519E8EE\tool\BavSandbox.exe [344]
"C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\bavadvtools\7B49036D-8FC2-4AA8-89A5-0B8B0519E8EE\tool\BavSandbox.exe" /AddProgram="C:\Users\Administrator\Desktop\virus\4273205.exe"
4 C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe [4200]
[/mw_shl_code]
@墨家小子
补充第一个双击
1274905.exe
bav 右键miss
右键如百度沙箱,HitmanProAlert拦截
[mw_shl_code=css,true]Mitigation CallerCheck
Platform 6.1.7601/x86 06_25
PID 8180
Application C:\BavSandboxRoot\Default\Device\HarddiskVolume1\Users\Administrator\Desktop\virus\1274905.exe
Description Resource viewer 79.72.28
Callee Type AllocateVirtualMemory
Stack Trace
# Address Module Location
-- -------- ------------------------ ----------------------------------------
1 001F2923 (anonymous)
85c0 TEST EAX, EAX
0f84f4000000 JZ 0x1f2a1f
8945fc MOV [EBP-0x4], EAX
fc CLD
8b7508 MOV ESI, [EBP+0x8]
8b7dfc MOV EDI, [EBP-0x4]
8b4d0c MOV ECX, [EBP+0xc]
c1e902 SHR ECX, 0x2
f3a5 REP MOVSD
8b55fc MOV EDX, [EBP-0x4]
03523c ADD EDX, [EDX+0x3c]
899568ffffff MOV [EBP-0x98], EDX
66f742160020 TEST WORD [EDX+0x16], 0x2000
740e JZ 0x1f295f
8b8570ffffff MOV EAX, [EBP-0x90]
89856cffffff MOV [EBP-0x94], EAX
2 00401311 1274905.exe
Process Trace
1 C:\BavSandboxRoot\Default\Device\HarddiskVolume1\Users\Administrator\Desktop\virus\1274905.exe [8180]
"C:\Users\Administrator\Desktop\virus\1274905.exe"
2 C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxCtrl.exe [7972]
"C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BdSandboxCtrl.exe" -start Default "C:\Users\Administrator\Desktop\virus\1274905.exe"
3 C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\bavadvtools\7B49036D-8FC2-4AA8-89A5-0B8B0519E8EE\tool\BavSandbox.exe [7952]
"C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\bavadvtools\7B49036D-8FC2-4AA8-89A5-0B8B0519E8EE\tool\BavSandbox.exe" /AddProgram="C:\Users\Administrator\Desktop\virus\1274905.exe"
4 C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavSvc.exe [4200]
[/mw_shl_code]
看样子,第二个HitmanProAlert也能拦截了,所以跳过 |
发表于 2015-12-30 13:39:53
楼主
