收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 【开放测试】卡饭病毒样本包 20241231 第221期
123下一页
返回列表 发新帖
楼主: zhuzhu009
 收起左侧

[病毒样本] 【开放测试】卡饭病毒样本包 20241231 第221期

  [复制链接]
丘比特123
发表于 2024-12-31 14:20:11 | 显示全部楼层
本帖最后由 丘比特123 于 2024-12-31 14:26 编辑

sep miss11
HMPA miss4

回复

举报

裂空我爱杰
头像被屏蔽
发表于 2024-12-31 14:20:26 | 显示全部楼层
以上成绩已记录
回复

举报

1094947421
发表于 2024-12-31 14:30:47 | 显示全部楼层
本帖最后由 1094947421 于 2024-12-31 14:33 编辑

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

zerotone
头像被屏蔽
发表于 2024-12-31 14:39:40 | 显示全部楼层
提示: 该帖被管理员或版主屏蔽
回复

举报

Fadouse
发表于 2024-12-31 15:07:33 | 显示全部楼层
本帖最后由 Fadouse 于 2024-12-31 17:03 编辑

DI + KES + S1解压ALL
回复

举报

King、暮光
发表于 2024-12-31 15:32:37 | 显示全部楼层
本帖最后由 King、暮光 于 2024-12-31 15:43 编辑

卡巴右键miss 3x


联想补2个



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

桔梗想见雪
发表于 2024-12-31 15:43:25 | 显示全部楼层
本帖最后由 桔梗想见雪 于 2024-12-31 15:52 编辑

多发了
回复

举报

桔梗想见雪
发表于 2024-12-31 15:50:05 | 显示全部楼层
解压eset杀30个(太多了不放eset截图了),右键扫描1个,剩余3个双击,一个自退,一个无法运行,一个被hmpa阻止
  1. Mitigation   HeapHeapProtect
  2. Timestamp    2024-12-31T07:46:16

  4. Platform     10.0.26120/x64 v983 af_44%
  5. PID          9164
  6. WoW          x86
  7. Feature      01FD2E70000000A2
  8. Application  D:\app\souxian\bingdushahe\drive\infected20241231-预祝大家新年快乐\ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c.exe
  9. Created      2024-12-31T07:44:21
  10. Description  7-Zip 独立命令行 9.22

  12. Callee Type  ProtectVirtualMemory
  13.              0x026E1000 (258048 bytes)

  15. Shellcode (HHP) (0x0003F000 bytes : start at 026E1000)
  16. Target address info: (anonymous)
  17. Owner of CALLER: (anonymous; allocated by 0045355D, ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c.exe)

  19. OwnerModule
  20. Name         ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c.exe
  21. Path         D:\app\souxian\bingdushahe\drive\infected20241231-预祝大家新年快乐\ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c.exe
  22. Thumbprint   fb535b0417f926e9cd5ad2b99d8452095754715ae6e47cc9e45b7ad63167b81a
  23. SHA-256      ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c
  24. SHA-1        203fd74f67e7013de56b3dc56e44d816437cc960
  25. MD5          b92ee6aff573d5f6aec1cfd748fe3ccb

  27. Current process is not signed
  28. OwnerModule is not signed

  30. 00E4EA4B  ff5348                   CALL         DWORD [EBX+0x48]
  31. 00E4EA4E  8b442424                 MOV          EAX, [ESP+0x24]
  32. 00E4EA52  40                       INC          EAX
  33. 00E4EA53  83c728                   ADD          EDI, 0x28
  34. 00E4EA56  89442424                 MOV          [ESP+0x24], EAX
  35. 00E4EA5A  3b442414                 CMP          EAX, [ESP+0x14]
  36. 00E4EA5E  0f8260ffffff             JB           0xe4e9c4
  37. 00E4EA64  8d442430                 LEA          EAX, [ESP+0x30]
  38. 00E4EA68  33ff                     XOR          EDI, EDI
  39. 00E4EA6A  50                       PUSH         EAX
  40. 00E4EA6B  6a02                     PUSH         0x2
  41. 00E4EA6D  58                       POP          EAX
  42. 00E4EA6E  50                       PUSH         EAX
  43. 00E4EA6F  ffb42488000000           PUSH         DWORD [ESP+0x88]
  44. 00E4EA76  897c243c                 MOV          [ESP+0x3c], EDI
  45. 00E4EA7A  ff74241c                 PUSH         DWORD [ESP+0x1c]

  47. ----- SNIP HERE -----
  48. AANNAgDg5ABL6uQAAODkAAAgAADrNo1ETQIkUFZX6NT6TQL/g8QMhcB0D41ETQIkUFZX6KBNAwCDxAyNRE0CJFBX6H/1TQL/6wdWV+jpA00CAE0CWYO/MAJNAgADdQLr/otsJBCLhyAJTQIAg/gCdAWD+AN1N4uHYA1NAgCFwHQt/7dYDU0CAGoAUOjAFk0CAItcJCCDxAxoAMBNAgBqAP+3YA1NAgD/04OnYA1NAwDrBItcJBT/N4u3MAJNAgBqAFfojRZNAgCDxAxoAMBNAgBqAFf/04P+AnUEagD/1TPA6cH8TQL/gex8Ak0CAFOLnCSEAk0CADPAVVaLtCSQAk0CADPtIWwkGFeNfCRITQSrM8CDPgJmiUQkGA+FlwFNAgCLhCSYAk0CAItIFI14HFdRiwH/UECFwA+IdAFNAgCLB41UJBxSUIsI/1FIhcAPiOkCTQIAjUQkLFBqAf90TQIk/5OoTQMAjUQkKFBqAf90TQIk/5OsTQMAi0QkKCtEJCyDwAEPhONNAwBqAVVqDP+TnE0DAIHGDARNAgCL6IA+AHR7jYQkiE0DAFBWU+j2Dk0CAIPEDI1EJBRQjYQkjE0DAFD/k5RNAwD/dCQUi/C4CCBNAgBqAGoIZolEJET/k5xNAwCDZCQQAIN8JBQAiUQkQHZmM8D/NIb/k7BNAwBQjUQkFFD/dCRI/5OgTQMAi0QkEECJRCQQO0QkFHLY6zpqAWoAuAggTQIAaghmiUQkRP+TnE0DAINkJBAAiUQkQI1EJBhQ/5OwTQMAUI1EJBRQ/3QkSP+ToE0DAINkJBAAjUQkOFCNRCQUUFX/k6BNAwCDZCRQAI1UJGhSM8CNdCRMQGaJRCRMiwdVg+wQi/yLCFBNBKX/kZRNAwCF7Q+EoAFNAgD/dCRA/5OkTQMAVf+TpE0DAOmKAU0CACEv6YMBTQIAjYQkiE0DAFCNhgwCTQIAUFPo1Q1NAgCDxAyNhCSITQMAUP+TsE0DAIvoiWwkIIXtD4RSAU0CAI2EJIhNAwBQjYYMA00CAFBT6KENTQIAg8QMjYQkiE0DAFD/k7BNAwCJRE0CJIXAD4QWAU0CAIuMJJgCTQIAi1EUjXkYV1VSiwqJfCRA/1FEhcAPiOpNAwCBxgwETQIAM+2APgAPhJpNAwCNhCSITQMAUFZT6EMNTQIAg8QMjUQkFFCNhCSMTQMAUP+TlE0DAP90JBSJRCQ0VWoM/5OcTQMAi+iF7XReg2QkEACDfCQUAHZSi3wkMDPA/zSH/5OwTQMAagiJRCRkWGaJRCRYjUQkWFCNRCQUUFX/k6BNAwCL8IX2eQlV/5OkTQMAM+2LRCQQQIlEJBA7RCQUcryLfCQ0hfZ4O4sHjVQkeFJVg+wQjXQkYIsIi/xqAKVoGAFNAgBNA6WLdCREVlD/keRNAwCF7XQHVf+TpE0DAItsJCDrCItsJCCLdE0CJFb/k7RNAwBV/5O0TQMAM8BAX15dW4HEfAJNAgDDgexAA00CAIuEJEgDTQIAU4ucJEgDTQIABSgFTQIAVVYz9olEJDCLaDwD6Il0JBRWiXQkEIl0JCiJbCQs/1M4i9Bmi0UEi0o8ZjtEEQQPhRUITQIAi0VQiUQkSIl0JEyLhaRNAwCJRCQghcB1B4tFNIlEJAxXagMzyY27JQZNAgBaQYA/AFZ1J2hNAwAIakCNRCRYUFZoHwAPAI1EJFxQ/5MgAU0CAIXAD4W8B00CAOt6VlJWUWhNAwCAV/9TYIv4g00C/w+EogdNAgCF/w+EmgdNAgCNRCQ8D1fAUFdmDxNEJET/U2SFwA+EgAdNAgCLRVA7RCQ8D4dzB00CAFdoTQMAAWoCWFBNAlZoHwAPAI1EJFxQ/5MgAU0CAFeL8P+TkE0DAIX2D4VGB00CAI27JQZNAgBqBFhQVmoCWFCNRCQ0UE0DVo1EJCxQ/1NwUP90JGj/kyQBTQIAi3QkNItMJBCLdjwD8Yl0JByFwHQLPQNNAgBAD4X8Bk0CAIXJD4T0Bk0CAIA/AHRKjUQkMFBqBF9X/3QkMFH/U0hXaAAwTQIA/3VUagD/Uzz/dVSL+P90JBSJfCRQV+hGEU0CAP90JDRqAP90TQIk6FsRTQIAi0wkKIPEGOsIi0QkPIlEJEj/dVT/dCQ4UegZEU0CAItEJBwzyYNkJCAAg8QMiUY0D7dGFIPAGAPGiUQkPGY7TgZzRItcJBSNeBCL7v83i0cEi3f8A0QkOAN0JBRQVujVEE0CAA+2Bo1/KIPEDIlH0A+3RQZDO9hy1IucJFQDTQIAi2wkLIt0JByLVCQQi/orfTSDfE0CJAAPhMJNAwCF/w+Euk0DAIuGoE0DAI0MEANETQIkiUQkOAPCiUwkIDvID4ObTQMAi0EEhcAPhJBNAwCNcQjrbQ+3NotEJCCLzoHh/w9NAgADCItEJBw7SFBzQ2bB7gxmg/4KdAhqA1hmO/B1BQE8EesdM8BAZjvwdQeLx8HoEOsLagJYZjvwdQwPt8cBBBGLVCQQ6wlmhfYPhR8FTQIAi3QkFGoCWQPxi0wkIItBBAPBiXQkFDvwdYmLRCQ4i84Dwol0JCA78A+CZU0D/4tEJByLTQKATQMAhcAPhMRNAwCNNBCDfgwAiXQkGA+Es00DAItGDAPCUFPoPglNAgCLVCQYi34QiUQkQAP6iwYDwol8JChNAlmJRCQUiwiFyXRxi2wkOIu0JFgDTQIAeQxRagBVU+ikCU0CAOsyjXoCA/mDfgQAdBlXU+iT8k0C/00CWYXAdAyLgwgBTQIAi3wkIOsRagBXVVPodAlNAgCLfCQwg8QQiQeLRCQUi1QkEGoEWQPBA/mJRCQUiXwkIIsIhcl1not0JBiDxhSJdCQYg34MAA+FUU0D/4tsJCyLRCQci4DgTQMAhcAPhIxNAwCNcAQD8ol0JBiLBoXAdH0DwlBT6G0ITQIAi1QkGIlEJEBNAlmFwHRVi34Mi04IA/oDyolMJBSLB4XAdEGLbCQ4agReeQQzyesFjUoCA8gz0oXAD0nCUFFVU+jHCE0CAItMTQIkA/6DxBCJAQPOiweLVCQQiUwkFIXAdcqLdCQYg8YgiXQkGIsGhcB1h4tsJCyLRCQcjXwkVGo+WYv1i0Ao86WLfCRYA8LB7xBqBGv3KGgAME0CAIlEJDSJfCQcVmoA/1M8Vv90JECJRCQgUOglDk0CADPAg8QMQDmDdAVNAgB1QoC7JQZNAwB1If91VGoA/3QkGOgkDk0CAP91VGoA/3QkSOgWDk0CAIPEGOsYi0QkSIXAdBD/dVRQ/3QkGOjYDU0CAIPEDIC7JQZNAwB1WP90JBD/U3BQ/5MoAU0CAIXAD4UtA00CAItEJBAzyTlMTQIkaIBNAwBRagIPRcEhTCQ0iUQkHFhQjUQkNFBNA1GNRCQsUP9TcFD/dCRo/5MkAU0CAIXAD4XrAk0CAI1EJDBQagj/dCQw/3QkHP9TSDPAiURNAiSF/w+Eq00DAIt8JBiLdCQ8g8cMi1cYi+qLysHtHsHqHcHpH4PiAYXRdXeF1XQEaiDrL4vCg/ABiUQkPCPBhcV0DoC7JQZNAwBqCF5qBOsdM8BAM8iLxYPwASPBhcJ0BWoQXusMI0wkPIXNagJYD0Xwi1QkEIsPA9GLRCQUSDlETQIkcweLRygrwesDi0cEg2QkMACNTCQwUVZQUv9TSItETQIkQIPHKIlETQIkO0QkFA+CYE0D/41EJDAz/1BqAlhQ/7QkiE0DAIl8JDz/dCQc/1NIi0QkHItMJBCLsMBNAwCF9nQqi3QODIX2dCKLBoXAdBxqBFtXagFR/9CLTCQQA/OLBoXAde6LnCRUA00CAIusJFgDTQIAagNYOUUAD4XmTQMAM8BAV1CLhCSETQMAUQPB/9CAvQwDTQMAD4QdAU0CAIuMJMxNAwCLVCQQhckPhA4BTQIAi3QRGIX2D4QCAU0CAItEESCNfv+LbBEcA8KLTBEkA+oDyolMJDyNPLiLjCRYA00CAIsHgcEMA00CAAPCUVDoBQxNAgCLVCQYTQJZhcB0D2oEWCv4g+4BddTpyU0DAItEJDwPt0Rw/ot0hQAD8g+EtE0DAIusJFgDTQIAjb0MBE0CAIA/AHQxg70MBU0DAHQSjYQkTAFNAgBQV1Po4QRNAgCDxAyDvQwFTQMAjYQkTAFNAgAPRMdQ/9brWf/W61WNhQwETQIAgDgAdCCNjCRMAU0CAFFQU+iqBE0CAI2EJFgBTQIAUFPodAJNAgCDxBQ5fQR0GE0DV/90JDhNAlf/U1yFwHQVav9Q/1NY6w1koRhNAwD/cDD/VCQwi1QkEGoDWDmDMAJNAgB1CWpNAv9TTItUJBCF0nRCD7dEJFq+AMBNAgBrwChWUP90JCD/U0CLRCRIhcB0DFb/tCSsTQMAUP9TQP90JBD/U3BQ/5MoAU0CAP90JET/k5BNAwCLhCRYA00CAP+wJAVNAgBqAP90JDzosApNAgCDxAxfXl1bgcRAA00CAMOB7PQCTQIAU4ucJPwCTQIAVVZqBIuDWA1NAgAz9mgAME0CAI0ERQJNAwBQVv9TPIvohe0PTQKEAU0CAIuEJAgDTQIAi4gkBU0CAAUoBU0CAAPJUVVq/1BNAlb/U1CNRCRYiUQkFI1EJBRQU+il300C/41EJEyJRE0CJI1ETQIkUFPoSN5NAv+NhCSUTQMAiUQkOI1EJDhQU+jb6U0C/4PEGE0CVv+T7E0DAIXAD4X1TQMAjUQkDFCNg9AITQIAUGoDVo2DsAhNAgBQ/5PwTQMAhcAPhdFNAwCLTCQMjUQkEFCNgwAJTQIAUIsRUf8ShcAPhaBNAwCLRCQQUIsI/1EMhcAPhYRNAwCLTCQMjVQkFIlMJDRSUYsB/1AMhcB1bVeNhCQAAU0CAFCNgxEGTQIAUFPoyQJNAgCDxAyNhCQAAU0CAFD/k7BNAwCLTCQQi/hqAldRixH/UiBXi/D/k7RNAwBfhfZ1J4tEJBAz9k0DVosITQVWVVD/URSFwHUQi0QkDGoCUIsI/1EU6wIz9otEJBBQiwj/UQiLRCQMUIsI/1Eci0QkDFCLCP9RCIuDWA1NAgCNBEUCTQMAUFZV6PYITQIAg8QMaADATQIAVlX/U0BeXVuBxPQCTQIAw4HslE0DAGShGE0DAFOLnCScTQMAVYtAMFaJRCQMjYNIA00CAFdQ/1M4i+gzwItVPAPVD7d6FA+3cgYD+o1PGIX2dBKLk0ADTQIAORF0NUCDwSg7xnL0i3QkEIt8JBD/U3gzyYvohfZ0QIvXjUIEiVQkGIvQOSh0HUE7znLui2wkGOsua8AoA8eLeCSLcCAD/cHuAuvJ/7QkrE0DAItsJBxV/5MQAU0CAOsIi2wkEIlsJBj/U3QzyYvQhfZ0LTlXBHQKQYPHBDvOcvPrHmoBVY1ETQIkUP+TAAFNAgBqCI1EJCBQV+jXB00CAIPEDItEJBCLQAyLeAyDfxgAD4QfAU0CAI2DcANNAgCL0IlUJBSKAjPtg2QkEABFM8mEwA+E7U0DAI1cTQIki/Ir2ovVPDt0KYH5gE0DAHMhPHd1BDPt6w6L6jxwdQjHRCQQAU0DAIgEHkFGigaEwHXRi5wkqE0DAIXJD4SnTQMAi0QkFEDGRAwkAAPBiUQkFI1ETQIkagBQ/3cYU+hqAU0CAItUTQIki/CDxBCF9g+EdU0D/4XtdDODfCQQAHQQ/9aLVCQUi/CF9g+EWk0E/zZT6JrqTQL/i1QkHE0CWYXAD4RETQP/i0QkIOs0g3wkEAB0EP/Wi1QkFIvwhfYPhCdNBP82U+hn6k0C/4tUJBxNAlmFwA+EEU0D/4tEJBiLQASLVCQUiQbp//5NAv+LP42DcANNAgCDfxgAD4Xn/k0C/19eM8BdQFuBxJRNAwDDi0QkBGgAAU0CAP90JBBqTQL/dCQUagBqAP9NAlDD6E0EAFiD6AXDVYvsi1UMg+xAM8lTVoPL/1c4CnQWjXXAK/KD+UBzDIoCQYgEFkKAOgB174B8DbwuxkQNwAB0DcdEDcAuZE0CbMZEDcQAZKEYTQMAi0Awi0AMi3gMi3cYhfZ0MYtGPItMMHgzwIXJdBqLRDEMA8ZQjUXAUOhXBk0CAIvYM8BNAlmF23QZiz+F23XMhcB1Co1FwFCLRQj/UDBfXlvJw4vG6/eB7JBNAwBTVVZXi7wkqE0DADP2hf8PhDMBTQIAi088iUwkGItEOXiFwA+EIAFNAgCNHDiLQyCLUxwDx4lEJBAD14tDJAPHiVQkHDm0JKxNAwAPhOVNAwCLaxiF7Q+E7k0DAI0EaIPA/olEJBSLRCQQjQSog8D8iUQkEIsA/7QkrE0DAAPHUOiABU0CAE0CWYXAdRCLRCQUi0wkHA+3AIs0gQP3i0QkEINsJBQCg+gEiUQkEIPtAXQEhfZ0wItMJBg783J2i0Q5fAPDO/BzbDPJOA50HY1cJCCL1iveg/k8cxCKAogEEzwudAdBQoA6AHXrx0QMIWRNAmwAM9JBA844EXQXjXQkYCvxg/o/cwyKAUKIBA5BgDkAde+NRCRgxkQUYABQjURNAiRQV/+0JLBNAwDo1OJNAv+DxBCL8IvG6xaLhCSwTQMAK0MQizSCA/fpbk0D/zPAX15dW4HEkE0DAMNVi+xkoRhNAwAzyVaLQDCLQAyLcAzrIIXJdSP/dRj/dRT/dRD/dQxQ/3UI6NXgTQL/izaDxBiLyItGGIXAddmLwV5dw4PsFFOLXE0CJDPAVVYz7YlEJAxXi3wkLDP2iXQkLItMJCiKDAiEyXQeg/hAdBmITCwURUCJfCQsiUQkEIl0JCyD/RB1b+tUahBYK8WNdCQUUAP1agBW6PwDTQIAg8QMxgaAg/0MciFTjUQkGFdQ6FZNAwBqEDP4M9qNRE0CJGoAUOjTA00CAIPEGItEJBCLdCQsweADRolEJCCJdCQsU41EJBhXUOghTQMAM/iDxAyLRCQQM9oz7YX2D4RiTQP/i8eL019eXVuDxBTDg+wQi0QkGItUJBxTVVaLdCQgM9tXjXwkEE0EpYtMJBSLdCQci2wkGIt8JBCJTCQoi87ByAiLdCQoA8LBzggzxwP3wcIDM/PBxwMz0IlsJCgz/ovpQ4P7G3LWX15dW4PEEMOLVCQQg+wUU4tcJCBVi2wkKIXSD4TsTQMAM8CNSw9AiUwkLCvDVolEJAxXjUQkFDvBdwSNRCQji/ONfCQUM8lNBKWLdCQoiwSOMUSMFEGD+QRy84t0JCCLRCQci3wkGItMJBTHRCQwEE0DAAPPA8bBxwUz+cHGCDPwTQLBEAPHA87BxwfBxg0z+DPxwcAQg2wkMAF114tcJCiJTCQUM8mJdCQgiXwkGIlEJByLBIsxRIwUQYP5BHLzahBeO9aLyg9HzoXJdBWNfCQUi/Ur/YvZigQ3MAZGg+sBdfWLXCQQK9ED6YtMJDSATQIBdQhJjQQLhcB/84tcJCyNSw+F0g+FKE0D/19eXVuDxBTDg+wUi0wkGINkJBAAU1WLbE0CJIoBVleIRQCDz/+NRQEz9olEJBgz241BAYlcJBCJRCQUjUQkFFDoZwFNAgBZhcAPhDIBTQIAjUQkFFDoVAFNAgCFwI1EJBhZUHR96EUBTQIAWYXAdDdqBDP2W41EJBRQ6DEBTQIAWY00cIPrAXXti1QkGIX2dAqLwivGigCIAusDxgIAi1wkEELp700DAItEJBSLVCQYD7Y4QIvPiUQkFIPhAYPBAtHvdBSL8iv3igaIAkJGg+kBdfXppE0DADPbQ4lcJBDpnE0DAOj/TQMAi9BZhfZ1K4P6AnUmjUQkFFDo6U0DAItUJByL8FmF9nR2i8orz4oBiAJCQYPuAXX162GLTCQUjUQkFIP2ASvWweIID7Y5gccA/k0C/wP6QVCJTCQY6KdNAwBZi8iB/wB9TQIAcgFBi1QkGI1BAYH/AAVNAgAPQsGB/4BNAwCNcAIPQ/CF9nQTi8orz4oBiAJCQYPuAXX1iVQkGDP2RusYi0wkFItUJBiKAYgCQkGJTCQUM/aJVCQYhdsPhJv+TQL/X14r1V2LwluDxBTDVot0JAiLTgyNVgiNQf+JRgyFyXUTiw4PtgGJAo1BAYkGx0YMB00DAIsCXo0MAMHoB4kKg+ABw1Yz9kb/dCQI6LxNBP90JAyNNHDosE0D/00CWYXAdeWLxl7Di1QkDItEJARWi/CF0nQTV4t8JBAr+IoMN4gORoPqAXX1X17DikQkCItMJAxXi3wkCPOqi0QkCF/Di0QkBItMJAhTihCE0nQOihmE23QIOtN1BEBB6+wPvgAPvgkrwVvDi1QkBItMJAhTigKEwHQTihmE23QNgMsgDCA6w3UEQkHr5w++Ag++CSvBW8NNAABNAABNAABNAABNAABNAABNAABNAABNZwA=
  49. ----- END SNIP -----

  51. Stack Trace
  52. #  Address  Module                   Location
  53. -- -------- ------------------------ ----------------------------------------
  54. 1  75A7052A KernelBase.dll           VirtualProtect +0x2a

  56. 2  00E4EA4E (anonymous; ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c.exe)
  57.             8b442424                 MOV          EAX, [ESP+0x24]
  58.             40                       INC          EAX
  59.             83c728                   ADD          EDI, 0x28
  60.             89442424                 MOV          [ESP+0x24], EAX
  61.             3b442414                 CMP          EAX, [ESP+0x14]
  62.             0f8260ffffff             JB           0xe4e9c4
  63.             8d442430                 LEA          EAX, [ESP+0x30]
  64.             33ff                     XOR          EDI, EDI
  65.             50                       PUSH         EAX
  66.             6a02                     PUSH         0x2
  67.             58                       POP          EAX
  68.             50                       PUSH         EAX
  69.             ffb42488000000           PUSH         DWORD [ESP+0x88]
  70.             897c243c                 MOV          [ESP+0x3c], EDI
  71.             ff74241c                 PUSH         DWORD [ESP+0x1c]
  72.             ff5348                   CALL         DWORD [EBX+0x48]


  75. Loaded Modules (22)
  76. -----------------------------------------------------------------------------
  77. 00400000-004E9000 ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c.exe (Igor Pavlov),
  78.                   version: 9.22 beta
  79. 773C0000-7757A000 ntdll.dll (Microsoft Corporation),
  80.                   version: 10.0.26100.2702 (WinBuild.160101.0800)
  81. 744A0000-745E4000 hmpalert.dll (Sophos B.V.),
  82.                   version: 3.8.26.983
  83. 76F80000-77070000 KERNEL32.dll (Microsoft Corporation),
  84.                   version: 10.0.26100.2702 (WinBuild.160101.0800)
  85. 75920000-75BBB000 KERNELBASE.dll (Microsoft Corporation),
  86.                   version: 10.0.26100.2702 (WinBuild.160101.0800)
  87. 6F0A0000-6F180000 SbieDll.dll (Sandboxie-Plus.com),
  88.                   version: 5.70.3
  89. 76670000-76676000 psapi.dll (Microsoft Corporation),
  90.                   version: 10.0.26100.1 (WinBuild.160101.0800)
  91. 6F4B0000-6F55C000 apphelp.dll (Microsoft Corporation),
  92.                   version: 10.0.26100.2702 (WinBuild.160101.0800)
  93. 768C0000-7695E000 OLEAUT32.dll (Microsoft Corporation),
  94.                   version: 10.0.26100.1930 (WinBuild.160101.0800)
  95. 756E0000-75765000 msvcp_win.dll (Microsoft Corporation),
  96.                   version: 10.0.26100.1930 (WinBuild.160101.0800)
  97. 750C0000-751D0000 ucrtbase.dll (Microsoft Corporation),
  98.                   version: 10.0.26100.1591 (WinBuild.160101.0800)
  99. 75450000-756CE000 combase.dll (Microsoft Corporation),
  100.                   version: 10.0.26100.2702 (WinBuild.160101.0800)
  101. 772F0000-773A9000 RPCRT4.dll (Microsoft Corporation),
  102.                   version: 10.0.26100.268 (WinBuild.160101.0800)
  103. 766F0000-768B6000 USER32.dll (Microsoft Corporation),
  104.                   version: 10.0.26100.2702 (WinBuild.160101.0800)
  105. 77240000-7725A000 win32u.dll (Microsoft Corporation),
  106.                   version: 10.0.26100.1930 (WinBuild.160101.0800)
  107. 75770000-75792000 GDI32.dll (Microsoft Corporation),
  108.                   version: 10.0.26100.2122 (WinBuild.160101.0800)
  109. 763E0000-764CB000 gdi32full.dll (Microsoft Corporation),
  110.                   version: 10.0.26100.2702 (WinBuild.160101.0800)
  111. 77080000-770A5000 IMM32.DLL (Microsoft Corporation),
  112.                   version: 10.0.26100.1 (WinBuild.160101.0800)
  113. 75280000-753D1000 ole32.dll (Microsoft Corporation),
  114.                   version: 10.0.26100.2494 (WinBuild.160101.0800)
  115. 70470000-7068B000 wininet.dll (Microsoft Corporation),
  116.                   version: 11.00.26100.2702 (WinBuild.160101.0800)
  117. 6ECD0000-6ED25000 mscoree.dll (Microsoft Corporation),
  118.                   version: 10.0.26100.1 (WinBuild.160101.0800)
  119. 76970000-76F5A000 shell32.dll (Microsoft Corporation),
  120.                   version: 10.0.26100.2702 (WinBuild.160101.0800)

  122. Code Injection
  123. 00000000001A0000-00000000001A2000    8KB D:\Program Files\Sandboxie-Plus\SbieSvc.exe [2388]
  124. 00000000001B0000-00000000001B1000    4KB
  125. 00007FF94D252000-00007FF94D253000    4KB
  126. 1  D:\Program Files\Sandboxie-Plus\SbieSvc.exe [2388]
  127. 2  C:\Windows\System32\services.exe [1228]
  128. 3  C:\Windows\System32\wininit.exe [1120]
  129.    wininit.exe

  131. Process Trace
  132. 1  D:\app\souxian\bingdushahe\drive\infected20241231-预祝大家新年快乐\ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c.exe [9164]
  133. 2  D:\Program Files\Sandboxie-Plus\SandMan.exe [6104]
  134.    "D:\Program Files\Sandboxie-Plus\SandMan.exe" -autorun
  135. 3  D:\Program Files\Sandboxie-Plus\SbieSvc.exe [2388]
  136. 4  C:\Windows\System32\services.exe [1228]
  137. 5  C:\Windows\System32\wininit.exe [1120]
  138.    wininit.exe

  140. Services
  141. 2388  SbieSvc

  143. Dropped Files
  144. 1  C:\Users\Administrator\AppData\Local\Sandboxie-Plus\Sandboxie-Plus.ini.lock
  145.      Dropped by \Device\HarddiskVolume6\Program Files\Sandboxie-Plus\SandMan.exe [6104]
  146. 2  C:\Users\Administrator\AppData\Local\Sandboxie-Plus\Sandboxie-Plus.ini.kUHVXE
  147.      Dropped by \Device\HarddiskVolume6\Program Files\Sandboxie-Plus\SandMan.exe [6104]
  148. 3  C:\Users\Administrator\AppData\Local\Sandboxie-Plus\Sandboxie-Plus.ini.HSDczH
  149.      Dropped by \Device\HarddiskVolume6\Program Files\Sandboxie-Plus\SandMan.exe [6104]
  150. 4  C:\Users\Administrator\AppData\Local\Sandboxie-Plus\Sandboxie-Plus.ini.XPlQYy
  151.      Dropped by \Device\HarddiskVolume6\Program Files\Sandboxie-Plus\SandMan.exe [6104]

  153. Thumbprints
  154. fb535b0417f926e9cd5ad2b99d8452095754715ae6e47cc9e45b7ad63167b81a (hhp-ownermodule)
  155. 6828c5d4b675f145b12093e4aef862cdd5c8b1e104d6278ea0563b13e63d2cfd (hhp-fhsh-ownmod)
  156. 8deedbd9415a84f93db878898e364f242ccb887597952226f8c865d8b5f4976d (hhp-pfn)
  157. a6f3a9001d4406ce23265490494eaa6d677d43d371b5f3b36acb9e4d43b709bf (code)
复制代码


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

ANY.LNK
发表于 2024-12-31 16:09:37 | 显示全部楼层
本帖最后由 ANY.LNK 于 2024-12-31 16:38 编辑

转虚拟机测试一波微软
微软清空,未双击




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

shulun743
发表于 2024-12-31 16:11:07 | 显示全部楼层
本帖最后由 shulun743 于 2024-12-31 16:17 编辑





本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-2-6 04:28 , Processed in 0.084497 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表