收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 1x
12下一页
返回列表 发新帖
查看: 950|回复: 15
收起左侧

[病毒样本] 1x

[复制链接]
wwwab
发表于 2024-3-16 11:39:33 | 显示全部楼层 |阅读模式

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

神秘鬼
发表于 2024-3-16 11:43:13 | 显示全部楼层
fsp   miss    双击hmpa拦截
Platform     10.0.19045/x64 v979 06_4e%
PID          7656
Feature      00FD2E70000001A2
Application  D:\未命名文件夹\统计局专用版6014.exe
Created      2024-03-16T03:41:08
Description  统计局专用版6014.exe

Callee Type  ProtectVirtualMemory
             0x0000000180001000 (238592 bytes)

Shellcode (HHP) (0x0003A400 bytes : start at 0000000180001000)
Target address info: (anonymous)
Owner of CALLER: (anonymous; allocated by 00007FF76198165B, 统计局专用版6014.exe)

OwnerModule
Name         统计局专用版6014.exe
Path         D:\未命名文件夹\统计局专用版6014.exe
Thumbprint   dc1863b04d2198f13f1053e622cf43555e3989b29761343dbb10169edcb4ea82
SHA-256      cc1113542420ebcbfb1e19d740af9f6a1c45cdd8893fa608cb0b22716dc32f47
SHA-1        06f4669ebced1f66d09fca3bee842984885456a8
MD5          c3c93865011ca7cb655ec2cf1003a0e3

Current process is not signed
OwnerModule is not signed

000001D8CE96093B  ff5500                   CALL         QWORD [RBP+0x0]
000001D8CE96093E  0fb74706                 MOVZX        EAX, WORD [RDI+0x6]
000001D8CE960942  4503f4                   ADD          R14D, R12D
000001D8CE960945  4883c628                 ADD          RSI, 0x28
000001D8CE960949  443bf0                   CMP          R14D, EAX
000001D8CE96094C  0f82f8feffff             JB           0x1d8ce96084a
000001D8CE960952  4533c0                   XOR          R8D, R8D
000001D8CE960955  33d2                     XOR          EDX, EDX
000001D8CE960957  4883c9ff                 OR           RCX, -0x1
000001D8CE96095B  ff5508                   CALL         QWORD [RBP+0x8]
000001D8CE96095E  4439bfd4000000           CMP          [RDI+0xd4], R15D
000001D8CE960965  7424                     JZ           0x1d8ce96098b
000001D8CE960967  8b87d0000000             MOV          EAX, [RDI+0xd0]
000001D8CE96096D  488b741818               MOV          RSI, [RAX+RBX+0x18]
000001D8CE960972  eb0f                     JMP          0x1d8ce960983
000001D8CE960974  4533c0                   XOR          R8D, R8D

----- SNIP HERE -----
AAInAQAAls7YAQAAOwmWztgBAAAAAJbO2AEAAACABQAnCAC5JRdPP6cnAgHu/+7/AicDACABm8zYAScCABgAe87YAScEAJvM2AEnBACWztgBJwIA/wEnBgBwAJbO2AEnAwDwtc7YAScCAKYBJwIAAScLAOCPm87YAScCAOCPm87YAScKAMpyF2s4pwEQ6CcEAFlJichIgcEjCycCALox+k5rSYHAI3cFAEG5CCcDAFZIieZIg+TwSIPsMMdEJCAFJwMA6AUnAwBIifRew0iLxEiJWAhEiUggTIlAGIlQEFVWV0FUQVVBVkFXSI1sJJBIgexwAScCAEUz/8dF2GsAZQBIi/FMiX34uROcv71MiX3ITIl9CEWNT2VMiX0QRIhNvESITaJMiX0ATIl98EyJfRhEiX0kRIl8JCzHRdxyAG4Ax0XgZQBsAMdF5DMAMgDHReguAGQAx0XsbABsAMdEJEBTbCcCZcZEJERwx0QkWExvYWTHRCRcTGlicsdEJGBhcnlBx0QkSFZpcnTHRCRMdWFsQcdEJFAnAmxvY8dEJGhWaXJ0x0QkbHVhbFDHRCRwcm90ZWbHRCR0Y3THRahGbHVzx0WsaEluc8dFsHRydWPHRbR0aW9ux0W4Q2FjaMdEJHhHZXROx0QkfGF0aXbHRYBlU3lzx0WEdGVtSWbHRYhuZsZFim/HRZBSdGxBx0WUJwJkRnXHRZhuY3Rpx0Wcb25UYWbHRaBibOh/CCcCALm1QdleSIvY6HIIJwIATIvoSIlF0EiNRdjHRSAYABgATI1MJDhIiUUoTI1FIDPSM8n/00iLTCQ4SI1EJEhFM8BIiUQkMEyNTcjHRCQoDAAMAEiNVCQoQf/VSItMJDhIjUQkaEUzwEiJRCQwTI1NAMdEJCgOAA4ASI1UJChB/9VIjUWox0QkKBUAFQBIi0wkOEyNTQhFM8BIiUQkMEiNVCQoQf/VSItMJDhIjUQkeEUzwEiJRCQwTI1NEMdEJCgTABMASI1UJChB/9VIi0wkOEiNRCRARTPASIlEJDBMjU3wx0QkKAUABQBIjVQkKEH/1UiLTCQ4SI1FkEUzwEiJRCQwTI1NGMdEJCgTABMASI1UJChB/9VIi0wkOEiNRCRYRTPASIlEJDBMjU34x0QkKAwADABIjVQkKEH/1Uw5fcgPhB0HJwIATDl9AA+EEwcnAgBMOX3wD4QJBycCAEw5fQgPhP8GJwIASItVEEiF0g+E8gYnAgBIY348SAP+gT9QRScCAA+F3wYnAgC4ZIYnAgBmOUcED4XQBicCAEWNTwFEhE84D4XCBicCAA+3TxRBi99Ig8EkZkQ7fwZzJUQPt0cGSAPPRDl5BItHOA9FQQQDAUiNSSg7ww9Gw4vYTSvBdeNIjU04/9KLVTxEi8JEjXL/99pEA3dQSY1I/4vCTCPwi8NIA8hJjUD/SPfQSCPITDvxD4VUBicCAEiLTzBBvAAwJwIARYvEQbkEJwMASYvW/1XISIvYSIXAdRJEjUgERYvESYvWM8n/VchIi9hEi6XQJwMAQbsBJwMARYTjdB2LRjyJQzyLVjzrC4vKQQPTigQxiAQZO1dUcvDrGUGL10Q5f1R2EIvKQQPTigQxiAQZO1dUcvBIY3s8RYvXSAP7SIl9MEQPt0cUSYPAKGZEO38GczpMA8dFi89FOTh2H0GLUARBi0j8QYvBRQPLSAPISAPQigQyiAQZRTsIcuEPt0cGRQPTSYPAKEQ70HLJTIvzQbgCJwMATCt3MA+E1icDAEQ5v7QnAwAPhMknAwBEi4+wJwMATAPLRScCOQ+EticDAE2NUQjpkScDAEUPtxpBD7fLQQ+3w2bB6Qxmg/kKdSlFiwFBgeP/DycCAEuNBBhIixQYS40EGEG7AScDAEkD1kiJFBhFjUMB609BuwEnAwBmg/kDdQ4l/w8nAgBIjQwDQYvG6y5mQTvLdRUl/w8nAgBIjQwDSYvGSMHoEA+3wOsTZkE7yHUUJf8PJwIASI0MA0EPt8ZBixFIAQQKTQPQQYtBBEkDwUw70A+FXycD/02LykU5Og+FSicD/0Q5v5QnAwAPhIIBJwIAi4+QJwMARYvvTI0EGUmNQAzrB0UD60iNQBREOTh19EGLxIPgBIlFwIvBD4SJJwMARTvrD4aAJwMAQcHsEEWNXf9Fi9dFhdsnAnRNi8hBvv9/JwIAQQ8QATPSQYvNQSvKafb9QwMAQYvG9/Ez0oHGw54mAI1IAYvGwegQQSPG9/FBA8JB/8JIjQyAQYtUiBBBDxAMiEEPEQSIQYtBEEGJRIgQQQ8RCUGJURBNjUkURTvTcqGLh5AnAwDrBESLZcCL8EgD84tGDIXAD4SxJwMAi33Ai8hIA8v/VfhIiUQkOEyL0ESLNkSLfhBMA/NMA/tJiw5Ihcl0X0iFyXkIRQ+3BjPS6zJIjVMCM8BIA9E4AnQOSIvKSP/BSP/AgDkAdfVIiVQkMEUzwEiNVCQoZolEJChmiUQkKk2Lz0mLyv9V0EmDxghJg8cISYsOSIXJdAdMi1QkOOuhRTP/hf90EEGD/QF2CkFpzOgDJwIA/1Xwi0YgSIPGFIXAD4VWJwP/SIt9MEyLbdBEOb/0JwMAD4SpJwMARIu/8CcDAEmDxwRMA/tFM+RBiweFwA+EiicDAIvISAPL/1X4SIlEJDhIi8hBi3cIRYt3DEgD80wD80w5JnReSYsWSIXSeQhED7fCM9LrNEyNQwJJi8RMA8JFOCB0DkmL0Ej/wkj/wEQ4InX1TIlEJDBIjVQkKEUzwGaJRCQoZolEJCpMi85B/9VIg8YISYPGCEw5JnQHSItMJDjrokmDxyDpaycD/0Uz/w+3dxRFi/dIg8YoQbwBJwMAZkQ7fwYPgwsBJwIASAP3RDk+D4TrJwMAi0YUi8iB4ScDACB1Fw+64B5yEYXAeA1Fi8REiWQkIOmkJwMAhcl1PA+64B5yCoXAeQZEjUEI62iFyXUoD7rgHnMKhcB4BkSNQQLrVIXJdRQPuuAecwqFwHkGRI1BBOtAhcl0Xw+64B5yDIXAeAhBuBAnAwDrKoXJdEkPuuAecgyFwHkIQbiAJwMA6xSFyXQzD7rgHnMRhcB4DUG4ICcDAESJRCQg6yGFyXQYD7rgHnMSRItEJCCFwLlAJwMARA9IwevdRItEJCD3RhQnAwAEdApBD7roCUSJRCQgi078TI1MJCCLFkgDy/9VAA+3RwZFA/RIg8YoRDvwD4L4/icC/0UzwDPSSIPJJwL/VQhEOb/UJwMAdCSLh9AnAwBIi3QnAhjrD0UzwEGL1EiLy//QSI12CEiLBkiFwHXpTItNGE2FyXQvi4ekJwMAhcB0JYvITIvDSLirJweqSPfhi4+gJwMASMHqA0gDy0Er1EH/0YtHKE2LxEgDw0GL1EiLy//Qi7W4JwMAhfYPhJcnAwBEOb+MJwMAD4SKJwMAi4+IJwMASAPLRItZGEWF23R4RDl5FHRyRItJIEGL/4tRJEwDy0gD00WF23RdRYsBRYvXTAPDdFLrDQ++wEQD0EHByg1NA8RBigCEwHXsQTvydQVIhdJ1EkED/EmDwQRIg8ICQTv7cyLrw4tBHA+3CkgDw4uVyCcDAESLBIhIi43AJwMATAPDQf/QSIvD6wIzwEiLnCSwAScCAEiBxHABJwIAQV9BXkFdQVxfXl3DzEiLxEiJWAhIiWgQSIlwGEiJeCBBVkiD7BBlSIsEJWAnAwCL6UUz9kiLUBhMi0oQTYtBME2FwA+EsycDAEEPEEFYSWNAPEGL1k2LCfMPfwQkRoucAIgnAwBFhdt00kiLBCRIwegQZkQ78HMiSItMJAhED7fQD74BwcoNgDlhfAODwuAD0Ej/wUmD6gF150+NFBhFi95Bi3ogSQP4RTlyGHaOizdBi95JA/BIjX8ED74OSP/GwcsNA9mEyXXxjQQTO8V0DkH/w0U7Whhy1eleJwP/QYtCJEONDBtJA8APtxQBQYtKHEkDyIsEkUkDwOsCM8BIi1wkIEiLbCQoSIt0JDBIi3wkOEiDxBBBXsNNWpAAAycDAAQnAwAnAv8nAgC4JwcAQCcjABABJwIADh+6DgC0Cc0huAFMzSFUaGlzIHByb2dyYW0gY2EnAm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuJwINCiQnBwCzp3lj98YXMPfGFzD3xhcwvL4UMfzGFzC8vhIxQ8YXMKWzEzH4xhcwpbMUMf3GFzClsxIxuMYXMLy+EzHixhcwvL4RMfbGFzC8vhYx5sYXMPfGFjBqxhcwPrMeMfXGFzA+sxcx9sYXMD6zFTH2xhcwUmljaPfGFzAnGABQRScCAGSGBgD0C/VlJwgA8AAiIAsCDh0ApAMnAgDgAScFADBWAScCABAnBQCAAScEABAnAwACJwIABicHAAYnCADQBScCAAQnBgACAGABJwIAECcGABAnCAAQJwYAECcKABAnAwBAGAUASCcDAIgYBQCgJwwAcAUAUDQnCwDABQCkCicDALYEADgnGwBAtgQAOAEnCwDAAwA4BCcaAC50ZXh0JwMADqMDJwIAECcDAKQDJwIABCcOACAnAgBgLnJkYXRhJwIAxGYBJwIAwAMnAgBoAScCAKgDJw0AQCcCAEAuZGF0YScDACgzJwMAMAUnAgAYJwMAEAUnDQBAJwIAwC5wZGF0YScCAFA0JwMAcAUnAgA2JwMAKAUnDQBAJwIAQF9SREFUQScCAPQnBACwBScCAAInAwBeBScNAEAnAgBALnJlbG9jJwIApAonAwDABScCAAwnAwBgBScNAEAnAgBCJ/gASIPsKEiNDXU2BQDoPA0BAEiNDamgAwBIg8Qo6bhJAQBIg+woQbkBJwMASI0VHzgFAEUzwEiNDaU3BQDoWBMBAEiNDYWgAwBIg8Qo6YhJAQBAU0iD7CC5AQ==
----- END SNIP -----

Stack Trace
#  Address          Module                   Location
-- ---------------- ------------------------ ----------------------------------------
1  00007FFEFB15C976 KernelBase.dll           VirtualProtect +0x36

2  000001D8CE96093E (anonymous; 统计局专用版6014.exe)
                    0fb74706                 MOVZX        EAX, WORD [RDI+0x6]
                    4503f4                   ADD          R14D, R12D
                    4883c628                 ADD          RSI, 0x28
                    443bf0                   CMP          R14D, EAX
                    0f82f8feffff             JB           0x1d8ce96084a
                    4533c0                   XOR          R8D, R8D
                    33d2                     XOR          EDX, EDX
                    4883c9ff                 OR           RCX, -0x1
                    ff5508                   CALL         QWORD [RBP+0x8]
                    4439bfd4000000           CMP          [RDI+0xd4], R15D
                    7424                     JZ           0x1d8ce96098b
                    8b87d0000000             MOV          EAX, [RDI+0xd0]
                    488b741818               MOV          RSI, [RAX+RBX+0x18]
                    eb0f                     JMP          0x1d8ce960983

3  000000000003A400 (unknown)               

Loaded Modules (62)
-----------------------------------------------------------------------------
00007FF761980000-00007FF761A24000 统计局专用版6014.exe (),
                                  version:
00007FFEFD690000-00007FFEFD888000 ntdll.dll (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEE36D0000-00007FFEE3818000 hmpalert.dll (Sophos B.V.),
                                  version: 3.8.26.979
00007FFEFD0A0000-00007FFEFD15D000 KERNEL32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFB0F0000-00007FFEFB3E6000 KERNELBASE.dll (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEF8670000-00007FFEF8700000 apphelp.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFCFF0000-00007FFEFD0A0000 ADVAPI32.dll (Microsoft Corporation),
                                  version: 10.0.19041.4170 (WinBuild.160101.0800)
00007FFEFC060000-00007FFEFC0FE000 msvcrt.dll (Microsoft Corporation),
                                  version: 7.0.19041.3636 (WinBuild.160101.0800)
00007FFEFC550000-00007FFEFC5F0000 sechost.dll (Microsoft Corporation),
                                  version: 10.0.19041.4170 (WinBuild.160101.0800)
00007FFEFC420000-00007FFEFC545000 RPCRT4.dll (Microsoft Corporation),
                                  version: 10.0.19041.4123 (WinBuild.160101.0800)
00007FFEFB5E0000-00007FFEFB607000 bcrypt.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEE0340000-00007FFEE03C3000 fshook64.dll (WithSecure Corporation),
                                  version: 6.4.39.70
00007FFEE9450000-00007FFEE9926000 wininet.dll (Microsoft Corporation),
                                  version: 11.00.19041.3636 (WinBuild.160101.0800)
00007FFEEC2C0000-00007FFEEC57C000 iertutil.dll (Microsoft Corporation),
                                  version: 11.00.19041.4123 (WinBuild.160101.0800)
00007FFEFD1C0000-00007FFEFD513000 combase.dll (Microsoft Corporation),
                                  version: 10.0.19041.4123 (WinBuild.160101.0800)
00007FFEFAE60000-00007FFEFAF60000 ucrtbase.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFD5A0000-00007FFEFD64D000 shcore.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFABF0000-00007FFEFAC22000 SspiCli.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFC280000-00007FFEFC41E000 user32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEFB070000-00007FFEFB092000 win32u.dll (Microsoft Corporation),
                                  version: 10.0.19041.4123 (WinBuild.160101.0800)
00007FFEFCEE0000-00007FFEFCF0B000 GDI32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEFAD40000-00007FFEFAE57000 gdi32full.dll (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEFAF60000-00007FFEFAFFD000 msvcp_win.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFC870000-00007FFEFC8A2000 IMM32.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEF8DF0000-00007FFEF958E000 windows.storage.dll (Microsoft Corporation),
                                  version: 10.0.19041.4123 (WinBuild.160101.0800)
00007FFEFA6A0000-00007FFEFA6CE000 Wldp.dll (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEFCF20000-00007FFEFCFED000 OLEAUT32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFC610000-00007FFEFC665000 shlwapi.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFAC70000-00007FFEFAC95000 profapi.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFC670000-00007FFEFC6DB000 WS2_32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEF5AE0000-00007FFEF5AF7000 ondemandconnroutehelper.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEEF900000-00007FFEEFA0A000 winhttp.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEF8BF0000-00007FFEF8C02000 kernel.appcore.dll (Microsoft Corporation),
                                  version: 10.0.19041.3758 (WinBuild.160101.0800)
00007FFEFA400000-00007FFEFA46A000 mswsock.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFA0F0000-00007FFEFA12B000 IPHLPAPI.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFCF10000-00007FFEFCF18000 NSI.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEF4190000-00007FFEF419B000 WINNSI.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEEC580000-00007FFEEC76C000 urlmon.dll (Microsoft Corporation),
                                  version: 11.00.19041.3996 (WinBuild.160101.0800)
00007FFEEC290000-00007FFEEC2B8000 srvcli.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFA200000-00007FFEFA20C000 netutils.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFA130000-00007FFEFA1FB000 DNSAPI.dll (Microsoft Corporation),
                                  version: 10.0.19041.4046 (WinBuild.160101.0800)
00007FFEED1A0000-00007FFEED1AA000 rasadhlp.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEED820000-00007FFEED8A0000 fwpuclnt.dll (Microsoft Corporation),
                                  version: 10.0.19041.4123 (WinBuild.160101.0800)
00007FFEF9C40000-00007FFEF9CD8000 schannel.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEE5220000-00007FFEE5235000 mskeyprotect.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFA6D0000-00007FFEFA70B000 NTASN1.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFB3F0000-00007FFEFB54D000 CRYPT32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFA830000-00007FFEFA842000 MSASN1.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFAA60000-00007FFEFAA6A000 DPAPI.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFB000000-00007FFEFB067000 WINTRUST.dll (Microsoft Corporation),
                                  version: 10.0.19041.3996 (WinBuild.160101.0800)
00007FFEFA600000-00007FFEFA618000 CRYPTSP.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEF9D30000-00007FFEF9D64000 rsaenh.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFA5F0000-00007FFEFA5FC000 CRYPTBASE.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFB550000-00007FFEFB5D2000 bcryptPrimitives.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEE2CF0000-00007FFEE2D21000 cryptnet.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEF2680000-00007FFEF2697000 dhcpcsvc6.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEF28A0000-00007FFEF28BD000 dhcpcsvc.DLL (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEEA180000-00007FFEEA218000 webio.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFA710000-00007FFEFA738000 ncrypt.dll (Microsoft Corporation),
                                  version: 10.0.19041.3930 (WinBuild.160101.0800)
00007FFEE4F00000-00007FFEE4F26000 ncryptsslp.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)
00007FFEFB8F0000-00007FFEFC05B000 SHELL32.dll (Microsoft Corporation),
                                  version: 10.0.19041.4170 (WinBuild.160101.0800)
00007FFEFB6C0000-00007FFEFB7EB000 ole32.dll (Microsoft Corporation),
                                  version: 10.0.19041.3636 (WinBuild.160101.0800)

Process Trace
1  D:\未命名文件夹\统计局专用版6014.exe [7656]
2  C:\Windows\explorer.exe [8824]

Dropped Files
1  C:\Users\ak\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_786387CC77858B88BA3234B304062475
     Dropped by \Device\HarddiskVolume4\未命名文件夹\统计å±
回复

举报

Tonycola
发表于 2024-3-16 11:43:41 来自手机 | 显示全部楼层
avast premium

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

莒县小哥
发表于 2024-3-16 11:43:46 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

wjy19800315
发表于 2024-3-16 11:44:15 | 显示全部楼层
目前卡巴miss。信誉未知

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

hhhq316
头像被屏蔽
发表于 2024-3-16 11:45:52 | 显示全部楼层
蜘蛛 扫描miss
回复

举报

Hibike
发表于 2024-3-16 11:53:06 | 显示全部楼层
本帖最后由 Hibike 于 2024-3-16 11:56 编辑

Kaspersky killed.

  1. 应用程序: 统计局专用版6014.exe
  2. 组件: 系统监控
  3. 结果说明: 已删除
  4. 类型: 木马
  5. 名称: PDM:Trojan.Win32.Generic
  6. 威胁级别: 高
  7. 对象类型: 进程
  8. 对象路径: F:\Quarantine
  9. 对象名称: 统计局专用版6014.exe
  10. MD5: C3C93865011CA7CB655EC2CF1003A0E3
复制代码
  1. 事件: 已阻止
  2. 组件: 系统监控
  3. 结果说明: 已阻止
  4. 类型: 木马
  5. 名称: MEM:Trojan.Win32.SEPEH.gen
  6. 威胁级别: 高
  7. 对象类型: 文件
  8. 对象名称: System Memory
复制代码
  1. 事件: 已阻止
  2. 组件: 系统监控
  3. 结果说明: 已阻止
  4. 类型: 木马
  5. 名称: MEM:Trojan.Win64.Agent.gen
  6. 威胁级别: 高
  7. 对象类型: 文件
  8. 对象名称: System Memory
复制代码

回复

举报

GDHJDSYDH
发表于 2024-3-16 12:00:11 | 显示全部楼层
EIS扫描miss,沙箱内运行击杀衍生物

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

UNknownOoo
发表于 2024-3-16 12:03:38 | 显示全部楼层
火绒
扫描:MISS
运行:内存防护
  1. 病毒名称:Backdoor/Lotok.bc
  2. 病毒ID:735E81479640CC3F
  3. 虚拟地址:0x0000000080000000
  4. 映像大小:372KB
  5. 是否完整映像:否
  6. 数据流哈希:560541fb
  7. 操作结果:已处理
  8. 进程ID:2068
  9. 操作进程:C:\Users\Serendipity\Desktop\统计局专用版6014.exe
  10. 操作进程命令行:"C:\Users\Serendipity\Desktop\统计局专用版6014.exe"
复制代码
回复

举报

喀反
发表于 2024-3-16 12:45:51 | 显示全部楼层
WD运行杀衍生物dll和本体:Trojan:Script/Wacatac.B!ml
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-27 23:32 , Processed in 0.125344 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表