哈勃
[mw_shl_code=css,true]
基本信息
文件名称:
cmd.exe
MD5: 5db3445c178687b8b65dfac5b9d03d3d
文件类型: EXE
上传时间: 2016-01-28 19:05:37
出品公司: Aether
版本: 1.0.0.0---1.0.0.0
壳或编译器信息: COMPILER:Elan
报毒名称: Win32.ELangPE.Gen
关键行为
行为描述: 获取TickCount值
详情信息:
TickCount = 486400, SleepMilliseconds = 10.
TickCount = 486416, SleepMilliseconds = 10.
TickCount = 486431, SleepMilliseconds = 10.
TickCount = 486447, SleepMilliseconds = 10.
TickCount = 486463, SleepMilliseconds = 10.
TickCount = 486478, SleepMilliseconds = 10.
TickCount = 486494, SleepMilliseconds = 10.
TickCount = 486510, SleepMilliseconds = 10.
TickCount = 486525, SleepMilliseconds = 10.
TickCount = 486541, SleepMilliseconds = 10.
TickCount = 486556, SleepMilliseconds = 10.
TickCount = 486572, SleepMilliseconds = 10.
TickCount = 486588, SleepMilliseconds = 10.
TickCount = 486603, SleepMilliseconds = 10.
TickCount = 486619, SleepMilliseconds = 10.
行为描述: 设置消息钩子
详情信息:
C:\WINDOWS\system32\dinput.dll
行为描述: 设置启动项
详情信息:
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\aether.lnk
进程行为
行为描述: 创建本地线程
详情信息:
N/A
行为描述: 进程退出
详情信息:
N/A
行为描述: 枚举进程
详情信息:
N/A
文件行为
行为描述: 修改文件内容
详情信息:
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\aether.lnk---> Offset = 0
行为描述: 查找文件
详情信息:
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1453979920.876120.exe
FileName = C:\DOCUME~1
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1453979920.897112.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Documents and Settings\Administrator\「开始」菜单
行为描述: 设置启动项
详情信息:
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\aether.lnk
其他行为
行为描述: 创建互斥体
详情信息:
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
DirectSound DllMain mutex (0x00000540)
行为描述: 创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = __REALITYLAB_INIT_EVENT__
EventName = Global\userenv: User Profile setup event
行为描述: 查找指定窗口
详情信息:
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [Progman,]
行为描述: 获取系统权限
详情信息:
SE_LOAD_DRIVER_PRIVILEGE
行为描述: 获取TickCount值
详情信息:
TickCount = 486400, SleepMilliseconds = 10.
TickCount = 486416, SleepMilliseconds = 10.
TickCount = 486431, SleepMilliseconds = 10.
TickCount = 486447, SleepMilliseconds = 10.
TickCount = 486463, SleepMilliseconds = 10.
TickCount = 486478, SleepMilliseconds = 10.
TickCount = 486494, SleepMilliseconds = 10.
TickCount = 486510, SleepMilliseconds = 10.
TickCount = 486525, SleepMilliseconds = 10.
TickCount = 486541, SleepMilliseconds = 10.
TickCount = 486556, SleepMilliseconds = 10.
TickCount = 486572, SleepMilliseconds = 10.
TickCount = 486588, SleepMilliseconds = 10.
TickCount = 486603, SleepMilliseconds = 10.
TickCount = 486619, SleepMilliseconds = 10.
行为描述: 窗口信息
详情信息:
Pid = 1344, Hwnd=0x302ba, Text = Your computer is locked,Please contact Aether,QQ:729849321, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 1344, Hwnd=0x302bc, Text = 123456, ClassName = Edit.
行为描述: 隐藏指定窗口
详情信息:
[Window,Class] = [,_EL_Timer]
[Window,Class] = [,Afx:400000:b:10011:0:0]
[Window,Class] = [,Shell_TrayWnd]
[Window,Class] = [Program Manager,Progman]
[Window,Class] = [18:19,TrayClockWClass]
[Window,Class] = [开始,Button]
[/mw_shl_code] |
发表于 2016-1-28 18:51:15
楼主