搜索
12
返回列表 发新帖
楼主: cz100zhengzelin
收起左侧

[病毒样本] [病毒样本]支付宝集福增强工具(双击有惊喜)

[复制链接]
Jirehlov1234
发表于 2017-10-8 10:36:57 | 显示全部楼层
bd2018 kill

Object Path Threat Name Final Status

E:\TEST\支付宝集福增强工具.exe Trojan.Agent.CDAB Deleted
和泉纱雾
发表于 2017-10-8 11:04:37 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
cz100zhengzelin
 楼主| 发表于 2017-10-8 12:36:56 来自手机 | 显示全部楼层
本帖最后由 cz100zhengzelin 于 2017-10-8 13:33 编辑

双击来一波啊!
zst470396853
发表于 2017-10-8 12:49:58 | 显示全部楼层
360

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
潘基炫
发表于 2017-10-8 13:12:44 | 显示全部楼层
蜘蛛AV miss

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
willjjyu
发表于 2017-10-8 14:06:39 | 显示全部楼层

BGM 很好听! 无限弹窗,各种动画。


关键行为
行为描述:修改用户密码
详情信息:
ImagePath = , CmdLine = net user %username% /fullname:要密码加QQ:1322856336
ImagePath = , CmdLine = net user %username% 1224639518
ImagePath = , CmdLine = net user Administrator 1224639518
ImagePath = , CmdLine = net user Administrator /fullname:要密码加QQ:1322856336
行为描述:杀掉进程
详情信息:
C:\WINDOWS\system32\taskmgr.exe
行为描述:获取窗口截图信息
详情信息:
Foreground window Info: HWND = 0x0001035c, DC = 0x0a0104f6.
Foreground window Info: HWND = 0x00000000, DC = 0x00000000.
Foreground window Info: HWND = 0x00010360, DC = 0x0a0104f6.
行为描述:杀掉QQ进程
详情信息:
C:\Program Files\Tencent\QQ\Bin\QQ.exe


进程行为
行为描述:杀掉进程
详情信息:
C:\WINDOWS\system32\taskmgr.exe
行为描述:创建本地线程
详情信息:
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2864, ThreadID = 2932, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2864, ThreadID = 2940, StartAddress = 00438530, Parameter = 020F85B0
行为描述:创建新文件进程
详情信息:
[0x00000b98]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\sj.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\sj.exe"
行为描述:枚举进程
详情信息:
N/A
行为描述:杀掉QQ进程
详情信息:
C:\Program Files\Tencent\QQ\Bin\QQ.exe


文件行为
行为描述:创建文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\%temp%\sj.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\xh.exe
C:\1.bmp
行为描述:覆盖已有文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
行为描述:创建可执行文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\%temp%\sj.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\xh.exe
行为描述:修改文件内容
详情信息:
C:\Documents and Settings\Administrator\Local Settings\%temp%\sj.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\xh.exe ---> Offset = 0
C:\1.bmp ---> Offset = 0
行为描述:查找文件
详情信息:
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\sj.exe

注册表行为
行为描述:修改注册表
详情信息:
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID

其他行为
行为描述:创建互斥体
详情信息:
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
DDrawWindowListMutex
DDrawDriverObjectListMutex
__DDrawExclMode__
__DDrawCheckExclMode__
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EDL
行为描述:创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EDL.IC
EventName = MSCTF.SendReceiveConection.Event.EDL.IC
行为描述:查找指定窗口
详情信息:
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [Progman,]
NtUserFindWindowEx: [Class,Window] = [,QQ.exe]
NtUserFindWindowEx: [Class,Window] = [,taskmgr.exe]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:隐藏指定窗口
详情信息:
[Window,Class] = [,WindowEx]
[Window,Class] = [,PictureEx]
[Window,Class] = [,ButtonEx]
[Window,Class] = [,LabelEx]
[Window,Class] = [,Afx:400000:b:10011:0:0]
[Window,Class] = [,_EL_Timer]
[Window,Class] = [Program Manager,Progman]
[Window,Class] = [,Shell_TrayWnd]
[Window,Class] = [13:54,TrayClockWClass]
[Window,Class] = [开始,Button]
[Window,Class] = [,CPPToolTip]
行为描述:打开事件
详情信息:
HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述:获取窗口截图信息
详情信息:
Foreground window Info: HWND = 0x0001035c, DC = 0x0a0104f6.
Foreground window Info: HWND = 0x00000000, DC = 0x00000000.
Foreground window Info: HWND = 0x00010360, DC = 0x0a0104f6.
行为描述:可执行文件签名信息
详情信息:
C:\Documents and Settings\Administrator\Local Settings\%temp%\sj.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\xh.exe(签名验证: 未通过)
行为描述:修改用户密码
详情信息:
ImagePath = , CmdLine = net user %username% /fullname:要密码加QQ:1322856336
ImagePath = , CmdLine = net user %username% 1224639518
ImagePath = , CmdLine = net user Administrator 1224639518
ImagePath = , CmdLine = net user Administrator /fullname:要密码加QQ:1322856336
行为描述:可执行文件MD5
详情信息:
C:\Documents and Settings\Administrator\Local Settings\%temp%\sj.exe ---> 9f84adaac31c060f2cd8af2c84132c70
C:\Documents and Settings\Administrator\Local Settings\%temp%\xh.exe ---> dc394f97592b422b0dfbce656f39a64e
行为描述:打开互斥体
详情信息:
ShimCacheMutex

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
cherub0507
发表于 2017-10-9 15:51:25 | 显示全部楼层
B站的测评视频简直笑cry……

作为病毒的尊严呢???
cz100zhengzelin
 楼主| 发表于 2017-10-9 16:31:28 | 显示全部楼层
willjjyu 发表于 2017-10-8 14:06
BGM 很好听! 无限弹窗,各种动画。

干的漂亮!
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|优惠券| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 苏ICP备07004770号 ) GMT+8, 2017-10-24 08:07 , Processed in 0.042858 second(s), 4 queries , MemCached On.

快速回复 返回顶部 返回列表