自制挖矿病毒[持续更新]

显示全部楼层 · 发表于 2017-12-29 22:16:02

MicroWorld-eScan: Generic.Application.CoinMiner.1.102D6AB4
Cylance: Unsafe
ESET-NOD32: a variant of Win32/Packed.BlackMoon.A potentially unwanted
Kaspersky: HEUR:Trojan.Win32.Generic
BitDefender: Generic.Application.CoinMiner.1.102D6AB4
Avast: Win32:Dh-A [Heur]
Rising: Trojan.Win32/64.XMR-Miner!1.ADCC (CLASSIC)
Ad-Aware: Generic.Application.CoinMiner.1.102D6AB4
Emsisoft: Generic.Application.CoinMiner.1.102D6AB4 (B)
F-Secure: Generic.Application.CoinMiner.1.102D6AB4
Avira: TR/Crypt.FKM.Gen
Fortinet: W32/Agent.OJQ!tr.spy
Endgame: malicious (moderate confidence)
AegisLab: Troj.W32.Gen.lpF3
ZoneAlarm: HEUR:Trojan.Win32.Generic
MAX: malware (ai score=86)
Tencent: Win32.Trojan.Falsesign.Woyz
Ikarus: PUA.CoinMiner
GData: Win32.Trojan.Agent.WP
AVG: Win32:Dh-A [Heur]
Cybereason: malicious.1b8fb7
CrowdStrike: malicious_confidence_90% (D)

显示全部楼层 · 发表于 2017-12-29 23:35:17

本帖最后由 Dust-;羅錠于 2017-12-30 01:32 编辑

TheYuCheng 发表于 2017-12-29 18:33
高仿svchost系统进程(挖矿病毒)：https://pan.baidu.com/s/1i4C5c0H
只针对程序员的勒索病毒：https://pan ...

Symantec Files Submitted

Filename	MD5	Determination	Signature Protection Name
svchost.exe	0xD70122D1A1ADC84F19741E863890C6C8	NewThreat	Trojan Horse
msiexec.exe	0xB9B8194DF19173BB6198B58FED873F0D	NewThreat	Ransom.Enciphered

svchost.exe 赛门铁克分析报告

主要威胁文件:
%CurrentFolder%\AutoRunApp.vbs
%Windir%\XiaoBa\xmrig-32.exe
%Windir%\XiaoBa\config.json

主要威胁注册表值:
HKEY_LOCAL_MACHINE\SECURITY\Policy\Accounts\[SID]\Privilgs\@ = hex(0):01 = "00"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit" =
"%System%\userinit.exe,%CurrentFolder[ORIGINAL FILE NAME].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"XiaoBa" = "%CurrentFolder[ORIGINAL FILE
NAME].exe"

搜索过的地址:
mine.ppxxmr.com

[病毒样本] 自制挖矿病毒[持续更新]