楼主: 迷惘的执著
收起左侧

[病毒样本] 锁机,鬼凤队伤延迟.exe

[复制链接]
Geralt
发表于 2018-7-20 20:16:27 | 显示全部楼层
本帖最后由 Geralt 于 2018-7-20 20:24 编辑

MSE kill。
class:Trojan:Win32/Fuerboos.E!cl
丶鍇児、
发表于 2018-7-20 22:15:16 | 显示全部楼层
eset,kill
Win32_MBRlock.AT
嶝鄇
发表于 2018-7-20 23:02:12 | 显示全部楼层
360 国际版下载不杀,右键杀,但不是qvm启发...报毒名不同

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
病毒探索者
发表于 2018-7-20 23:21:01 | 显示全部楼层
嶝鄇 发表于 2018-7-20 23:02
360 国际版下载不杀,右键杀,但不是qvm启发...报毒名不同

界面炫酷啊
piouu
发表于 2018-7-21 08:38:05 | 显示全部楼层
  1. 08:37:26[1]:(允许)程序启动:File_Analysis 行为记录成功开启   规则版本:1.9.0.0

  2. 08:37:26[2]:(安全环境)复制文件:D:\File_Analysis+2.7[密码:520]\File_safe\鬼凤队伤延迟.exe     复制至:C:\windows\system32\svchose.exe

  3. 08:37:26[3]:(阻止)写注册表值:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Writing to the Registry Example     数据:C:\windows\system32\svchose.exe

  4. 08:37:26[4]:(允许)获取文件属性:C:\windows\system32\cmd.exe

  5. 08:37:26[5]:(阻止)创建进程:C:\windows\system32\cmd.exe     命令行:C:\windows\system32\cmd.exe /c net user administrator 123

  6. 08:37:26[6]:(允许)读取文件:\\.\\physicaldrive0

  7. 08:37:26[7]:(阻止)修改内核对象:\\.\\physicaldrive0(物理磁盘)

  8. 08:37:26[8]:(阻止)写入MBR Hex: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 85 17 E2 01 00 00 00 00 01 00 EE FE FF FF 01 00 00 00 AF 32 CF 1D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA

  9. 08:37:26[9]:(阻止)修改内核对象:\\.\\physicaldrive0(物理磁盘)

  10. 08:37:26[10]:(阻止)写入MBR Hex: 8C C8 8E D8 8E D0 8E C0 BC 00 01 BD BF 7C B9 2C 00 B8 01 13 BB 0C 00 B2 00 CD 10 B8 00 B8 05 A0 00 8E D8 31 C9 31 DB 31 C0 CD 16 3C 08 74 13 3C 0D 74 1B B4 02 88 07 88 67 01 81 C3 02 00 41 E9 E5 FF 81 EB 02 00 49 31 C0 89 07 E9 D9 FF 8C C8 8E C0 31 DB BE EC 7C 2E 8A 0E EB 7C B5 00 3E 8A 07 26 8A 24 38 E0 75 31 81 C3 02 00 46 E2 EF 31 C0 B8 00 7E 8E C0 31 DB B4 02 B2 80 B0 01 B6 00 B5 00 B1 03 CD 13 31 DB B2 80 B4 03 B0 01 B6 00 B5 00 B1 01 CD 13 E9 1D 00 BB 00 B8 81 C3 2C 00 B0 58 88 07 2E 8B 0E EB 7C 31 C0 89 07 81 C3 02 00 E2 F8 E9 4A FF B8 FF FF 50 B8 00 00 50 CB 51 51 31 36 32 36 32 39 33 35 34 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 00 32 35 39 30 35 00 00 00 00 00 00 05 32 36 31 31 37 41 41 41 41 41 41 41 41 41 41 41 41 41 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0F 55 AA

  11. 模糊分析MBR逻辑锁密码范围:16262935442590526117AAAAAAAAAAAAA     Hex:31 36 32 36 32 39 33 35 34 34 32 35 39 30 35 05 32 36 31 31 37 41 41 41 41 41 41 41 41 41 41 41 41 41

  12. 08:37:26[11]:(允许)获取文件属性:C:\windows\system32\cmd.exe

  13. 08:37:26[12]:(阻止)创建进程:C:\windows\system32\cmd.exe     命令行:C:\windows\system32\cmd.exe /c shutdown -r

  14. 08:37:26[13]:(允许)程序退出:File_Analysis 行为记录到此为止
复制代码
嶝鄇
发表于 2018-7-21 09:10:20 | 显示全部楼层

哈哈,还有动态的这种== 就是这QVM感觉国际版的是一代的还是,没国内的强
fzshot
发表于 2018-7-21 11:41:56 | 显示全部楼层
Avira HEUR/AGEN.1010936
陈正元
发表于 2018-7-21 15:48:57 | 显示全部楼层
NS kill

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
往事不曾回忆
发表于 2018-7-21 19:14:54 | 显示全部楼层
微点主动防御扫描MISS  未双击
sweetnokia
发表于 2018-7-21 23:41:43 | 显示全部楼层
一会,我也试试看。。。
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 20:53 , Processed in 0.097308 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表