转自吾爱破解的病毒样本

c/mm

原贴如下：


网盘下载：蓝奏  解压密码：virus

静影沉璧

BD扫描miss，实机运行，没有锁机……

静影沉璧

SEP 自动防护杀

天道酬善

EIS V11

1. 日志
   
2. 正在扫描日志
   
3. 检测引擎的版本: 18168 (20181005)
   
4. 日期: 2018-10-06  时间: 13:34:24
   
5. 已扫描的磁盘、文件夹和文件: G:\样本测试\铁头娃1.1.4.7 (1)\铁头娃1.1.4.7 (1).exe
   
6. 已扫描的对象数: 1
   
7. 发现的威胁数: 0
   
8. 完成时间: 13:34:24  总扫描时间: 0 秒 (00:00:00)
   

复制代码

3801187

心醉咖啡

火绒扫描miss

BE_HC

反虚拟机
反沙箱
Emsisoft Anti-Malware Scan MISS
---
以下由PortEX-Master自动生成

1. StringFileInfo
   
2. ---------------
   
3. language ID: 0x0804
   
4. code page: 0x04B0
   
5. FileVersion: 1.4.0.0
   
6. FileDescription: 铁头娃1.1.4.7
   
7. ProductName: 铁头娃1.1.4.7
   
8. ProductVersion: 1.4.0.0
   
9. CompanyName: 铁头娃1.1.4.7
   
10. LegalCopyright: 铁头娃1.1.4.7
    
11. Comments: 本程序使用易语言编写(http://www.dywt.com.cn)
    
12. 
    
13. Anomalies
    
14. *********
    
15. 
    
16. * Deprecated Characteristic in COFF File Header: IMAGE_FILE_LINE_NUMS_STRIPPED
    
17. * Deprecated Characteristic in COFF File Header: IMAGE_FILE_LOCAL_SYMS_STRIPPED
    
18. * Optional Header: Default File Alignment is 0x200, but actual value is 0x1000
    
19. * Optional Header: size of code is too small (0x83000), it should be 0xb6a000
    
20. * Optional Header: size of initialized data is too small (0x921000), it should be 0xb7d000
    
21. * Section Header 1 with name .text: SIZE_OF_RAW_DATA is 0
    
22. * Section Header 2 with name .rdata: SIZE_OF_RAW_DATA is 0
    
23. * Section Header 3 with name .data: SIZE_OF_RAW_DATA is 0
    
24. * Section Header 4 with name .vmp0: SIZE_OF_RAW_DATA is 0
    
25. * Section name .vmp0 is typical for VMProtect packer
    
26. * Section name .vmp1 is typical for VMProtect packer
    
27. * Section 1 with name .text (range: 0--0) has same physical location as section 2 with name .rdata
    
28. * Section 1 with name .text (range: 0--0) has same physical location as section 3 with name .data
    
29. * Section 1 with name .text (range: 0--0) has same physical location as section 4 with name .vmp0
    
30. * Section 2 with name .rdata (range: 0--0) has same physical location as section 3 with name .data
    
31. * Section 2 with name .rdata (range: 0--0) has same physical location as section 4 with name .vmp0
    
32. * Section 3 with name .data (range: 0--0) has same physical location as section 4 with name .vmp0
    
33. * Section Header 6 with name .reloc should (but doesn't) contain the characteristics: Discardable
    
34. * Import function typical for code injection: LoadLibraryA maps module into the address space of the calling process

复制代码

sky101808

小红伞国外版  直接双击  忘记扫描了

yjwfdc

进pe，运行 电脑速度卫士，点磁盘信息，可以看到mbr密码了。

重启，输入mbr密码，windows登陆加了密码我没破，所以不知道

重启进pe破解 windows密码，同时找到刚才运行的位置，删除原文件，再把c:\解锁工具.exe  c:\我就是软件.exe 删除。

重启进系统，可以了，应该没毒了，不过还是扫一下毒吧。

以后开着 电脑速度卫士，开启 mbr保护，基本就不会再中mbr毒了。


电脑速度卫士下载
https://bbs.kafan.cn/thread-1514499-1-1.html

为你心碎

WD