收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 batch x27
12
返回列表 发新帖
楼主: jimmyleo
 收起左侧

[病毒样本] batch x27

[复制链接]
无尽藏海
发表于 2008-5-3 12:02:24 | 显示全部楼层

AVG

Scan "Shell extension scan" was finished.
Infections found:;"21"
Infected objects removed or healed;"0"
Not removed or healed.;"21"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"0"
Information count:;"0"
Scan started:;"2007年4月1日, 12:00:49"
Total object scanned:;"28"
Time needed:;"13 second(s) "
Errors encountered:;"0"

Infections
File;"Infection";"Result"
E:\VIRUS\batch\1.exe;"Trojan horse PSW.OnlineGames.BH";"Infected"
E:\VIRUS\batch\10.exe;"Trojan horse PSW.OnlineGames.BI";"Infected"
E:\VIRUS\batch\11.exe;"Trojan horse PSW.Generic6.HOF";"Infected"
E:\VIRUS\batch\13.exe;"Trojan horse PSW.OnlineGames.ANDZ";"Infected"
E:\VIRUS\batch\14.exe;"Trojan horse PSW.OnlineGames.ALQR";"Infected"
E:\VIRUS\batch\15.exe;"Trojan horse PSW.OnlineGames.AMYW";"Infected"
E:\VIRUS\batch\18.exe;"Trojan horse Agent.UGK";"Infected"
E:\VIRUS\batch\19.exe;"Trojan horse PSW.Generic6.HPN";"Infected"
E:\VIRUS\batch\2.exe;"Trojan horse PSW.OnlineGames.ANCN";"Infected"
E:\VIRUS\batch\20.exe;"Trojan horse PSW.OnlineGames.AMRC";"Infected"
E:\VIRUS\batch\24.exe;"Trojan horse PSW.Generic6.AEL";"Infected"
E:\VIRUS\batch\25.exe;"Trojan horse PSW.OnlineGames.AMTE";"Infected"
E:\VIRUS\batch\26.exe;"Virus identified Worm/Generic.GJO";"Infected"
E:\VIRUS\batch\27.exe;"Trojan horse Downloader.Generic7.AWO";"Infected"
E:\VIRUS\batch\28.exe;"Trojan horse PSW.OnlineGames.ANET";"Infected"
E:\VIRUS\batch\4.exe;"Trojan horse PSW.OnlineGames.AJNJ";"Infected"
E:\VIRUS\batch\6.exe;"Trojan horse PSW.Generic6.FUN";"Infected"
E:\VIRUS\batch\5.exe;"Trojan horse PSW.OnlineGames.AMSF";"Infected"
E:\VIRUS\batch\8.exe;"Trojan horse PSW.OnlineGames.ALNU";"Infected"
E:\VIRUS\batch\xxz.exe;"Trojan horse Generic10.AGW";"Infected"
E:\VIRUS\batch\7.exe;"Trojan horse PSW.Legendmir.KBI";"Infected"
回复

举报

wangjay1980
发表于 2008-5-3 12:51:25 | 显示全部楼层
Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Maslennikov Denis
Virus Analyst, Kaspersky Lab.

Ph.: +7(495) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com


> Attachment: 005.rar
> Attachment: batch.rar
> Attachment: fixupdate.rar
[:1:]
回复

举报

qwer9909
发表于 2008-5-3 13:40:21 | 显示全部楼层

蜘蛛25个

batch.rar\19.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Gamania.origin;;
batch.rar\28.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Wsgame.origin;;
batch.rar\27.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.DownLoader.59037;;
batch.rar\24.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Gamania.9752;;
batch.rar\23.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;可能 DLOADER.Trojan;;
batch.rar\12.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;可能 DLOADER.Trojan;;
batch.rar\xxz.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Win32.HLLW.Autoruner.1679;;
batch.rar\9.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;可能 DLOADER.Trojan;;
batch.rar\7.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Legmir.origin;;
batch.rar\6.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Gamania.9730;;
batch.rar\5.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Wsgame.origin;;
batch.rar\4.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Wsgame.4251;;
batch.rar\3.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Gamania.origin;;
batch.rar\2.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Wsgame.origin;;
batch.rar\18.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Gamania.origin;;
batch.rar\16.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;可能 MULDROP.Trojan;;
batch.rar\15.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;可能 DLOADER.Trojan;;
batch.rar\14.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Wsgame.4798;;
batch.rar\13.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;可能 DLOADER.Trojan;;
batch.rar\11.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Gamania.9540;;
batch.rar\10.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;可能 DLOADER.Trojan;;
1.exe\data002;C:\Documents and Settings\Administrator\桌面\batch.rar\1.exe;Trojan.PWS.Wsgame.4674;;
1.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;发现压缩文件中有被感染的对象;;
batch.rar\25.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Gamania.9793;;
batch.rar\21.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.PWS.Wsgame.origin;;
batch.rar\20.exe;C:\Documents and Settings\Administrator\桌面\batch.rar;Trojan.MulDrop.15044;;
batch.rar;C:\Documents and Settings\Administrator\桌面;发现压缩文件中有被感染的对象;;
回复

举报

时间简史
发表于 2008-5-3 13:43:58 | 显示全部楼层
哈哈,费尔全杀~~~
回复

举报

IllusionWing
发表于 2008-5-3 13:47:42 | 显示全部楼层
all kill

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

qigang
发表于 2008-5-3 17:40:12 | 显示全部楼层

78/17

瑞星病毒查杀结果报告

清除病毒种类列表:

病毒: Trojan.DL.Win32.Mnless.zbh
病毒: Backdoor.Win32.DownLoader.h
病毒: Backdoor.Win32.Undef.t   
病毒: Backdoor.Win32.Scan.a   
病毒: Backdoor.Win32.Undef.t   
病毒: Trojan.Win32.VB.zst      
病毒: Trojan.DL.Win32.Undef.em
病毒: Trojan.PSW.Win32.GameOL.neh
病毒: Trojan.PSW.Win32.GameOL.ngd
病毒: Packer.Win32.Upack.a     
病毒: Suspicious.Trojan.Win32.DelSelf.a
病毒: Trojan.PSW.Win32.GameOL.nbr
病毒: Trojan.PSW.Win32.GameOL.ngu
病毒: RootKit.Win32.HideFile.g
病毒: Trojan.PSW.Win32.RocOnline.ks
病毒: Trojan.PSW.Win32.GameOL.nhx
病毒: Trojan.PSW.Win32.GameOL.nhb

MAC 地址:00:11:5B:F3:6D:69

用户来源:互联网

软件版本:20.42.50
回复

举报

kkgh
发表于 2008-5-3 19:33:21 | 显示全部楼层
瑞星病毒查杀结果报告

清除病毒种类列表:
病毒: Trojan.DL.Win32.Mnless.zbh
病毒: Backdoor.Win32.DownLoader.h
病毒: Backdoor.Win32.Undef.t   
病毒: Backdoor.Win32.Scan.a   
病毒: Backdoor.Win32.Undef.t   
病毒: Trojan.Win32.VB.zst      
病毒: Trojan.DL.Win32.Undef.em
病毒: Trojan.PSW.Win32.GameOL.neh
病毒: Trojan.PSW.Win32.GameOL.ngd
病毒: Packer.Win32.Upack.a     
病毒: Suspicious.Trojan.Win32.DelSelf.a
病毒: Trojan.PSW.Win32.GameOL.nbr
病毒: Trojan.PSW.Win32.GameOL.ngu
病毒: RootKit.Win32.HideFile.g
病毒: Trojan.PSW.Win32.RocOnline.ks
病毒: Trojan.PSW.Win32.GameOL.nhx
病毒: Trojan.PSW.Win32.GameOL.nhb

用户来源:互联网

软件版本:20.42.50

17个

日期: 3.5.2008  时间:19:40:23
已开启反隐藏功能.
已扫描的磁盘,文件夹及文件:C:\Documents and Settings\zh\桌面\19.exe; C:\Documents and Settings\zh\桌面\2.exe; C:\Documents and Settings\zh\桌面\20.exe; C:\Documents and Settings\zh\桌面\21.exe; C:\Documents and Settings\zh\桌面\23.exe; C:\Documents and Settings\zh\桌面\24.exe; C:\Documents and Settings\zh\桌面\25.exe; C:\Documents and Settings\zh\桌面\26.exe; C:\Documents and Settings\zh\桌面\27.exe; C:\Documents and Settings\zh\桌面\28.exe; C:\Documents and Settings\zh\桌面\3.exe; C:\Documents and Settings\zh\桌面\4.exe; C:\Documents and Settings\zh\桌面\5.exe; C:\Documents and Settings\zh\桌面\6.exe; C:\Documents and Settings\zh\桌面\7.exe; C:\Documents and Settings\zh\桌面\8.exe; C:\Documents and Settings\zh\桌面\9.exe; C:\Documents and Settings\zh\桌面\xxz.exe; C:\Documents and Settings\zh\桌面\1.exe; C:\Documents and Settings\zh\桌面\10.exe; C:\Documents and Settings\zh\桌面\11.exe; C:\Documents and Settings\zh\桌面\12.exe; C:\Documents and Settings\zh\桌面\13.exe; C:\Documents and Settings\zh\桌面\14.exe; C:\Documents and Settings\zh\桌面\15.exe; C:\Documents and Settings\zh\桌面\16.exe; C:\Documents and Settings\zh\桌面\18.exe
C:\Documents and Settings\zh\桌面\19.exe - Win32/PSW.OnLineGames.NML 木马的变种
C:\Documents and Settings\zh\桌面\2.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马 的一个变种
C:\Documents and Settings\zh\桌面\20.exe - Win32/PSW.OnLineGames.XZN 木马 - 已隔离 - 已删除
C:\Documents and Settings\zh\桌面\21.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马 的一个变种
C:\Documents and Settings\zh\桌面\23.exe - Win32/PSW.OnLineGames.XZN 木马的变种
C:\Documents and Settings\zh\桌面\24.exe - Win32/VB.NMH 木马 - 已隔离 - 已删除
C:\Documents and Settings\zh\桌面\25.exe - Win32/PSW.OnLineGames.NML 木马的变种
C:\Documents and Settings\zh\桌面\26.exe - Win32/VB.NMD 木马 - 已隔离 - 已删除
C:\Documents and Settings\zh\桌面\27.exe - Win32/TrojanDownloader.Agent.NWE 木马的变种
C:\Documents and Settings\zh\桌面\28.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马 的一个变种
C:\Documents and Settings\zh\桌面\3.exe - Win32/PSW.OnLineGames.NML 木马的变种
C:\Documents and Settings\zh\桌面\4.exe - Win32/PSW.OnLineGames.MUG 木马 - 已隔离 - 已删除
C:\Documents and Settings\zh\桌面\5.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马 的一个变种
C:\Documents and Settings\zh\桌面\6.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马 的一个变种
C:\Documents and Settings\zh\桌面\7.exe - 可能是 Win32/PSW.WOW.WU 木马 的一个变种
C:\Documents and Settings\zh\桌面\9.exe - Win32/PSW.OnLineGames.XZN 木马的变种
C:\Documents and Settings\zh\桌面\xxz.exe - Win32/AutoRun.JH 蠕虫 - 已隔离 - 已删除
C:\Documents and Settings\zh\桌面\1.exe - 可能是 Win32/PSW.OnLineGames.NMQ 木马 的一个变种
C:\Documents and Settings\zh\桌面\10.exe - Win32/PSW.OnLineGames.MUG 木马的变种
C:\Documents and Settings\zh\桌面\11.exe - Win32/PSW.QQPass.NCZ 木马的变种
C:\Documents and Settings\zh\桌面\12.exe - Win32/PSW.OnLineGames.XZN 木马的变种
C:\Documents and Settings\zh\桌面\13.exe - Win32/PSW.OnLineGames.XZN 木马的变种
C:\Documents and Settings\zh\桌面\14.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马 的一个变种
C:\Documents and Settings\zh\桌面\15.exe - Win32/PSW.OnLineGames.XZN 木马的变种
C:\Documents and Settings\zh\桌面\16.exe - 可能是 Win32/PSW.OnLineGames.NFL 木马 的一个变种
C:\Documents and Settings\zh\桌面\18.exe - Win32/PSW.OnLineGames.NML 木马的变种
已扫描的文件数目:27
已发现的病毒数目:26
已清除病毒的文件数目:26
回复

举报

雨宫优子
发表于 2008-5-3 20:43:39 | 显示全部楼层
ESET漏:8.exe
代码很乱....
  1. 00004020   00404020      0   %s /c del %s
  2. 00004068   00404068      0   WSCWriteProviderOrder
  3. 00004080   00404080      0   sporder.dll
  4. 000040CC   004040CC      0   C:\Program Files\
  5. 000040E4   004040E4      0   GDI32.DLL
  6. 0000EFB4   0040EFB4      0   MFC42.DLL
  7. 0000F006   0040F006      0   MSVCRT.dll
  8. 0000F068   0040F068      0   malloc
  9. 0000F082   0040F082      0   LeaveCriticalSection
  10. 0000F09A   0040F09A      0   EnterCriticalSection
  11. 0000F0B2   0040F0B2      0   InitializeCriticalSection
  12. 0000F0CE   0040F0CE      0   DeleteCriticalSection
  13. 0000F0E6   0040F0E6      0   GetTickCount
  14. 0000F0F6   0040F0F6      0   MoveFileA
  15. 0000F102   0040F102      0   FreeLibrary
  16. 0000F110   0040F110      0   DeleteFileA
  17. 0000F11E   0040F11E      0   GetProcAddress
  18. 0000F130   0040F130      0   LoadLibraryA
  19. 0000F140   0040F140      0   GetLastError
  20. 0000F150   0040F150      0   Sleep
  21. 0000F158   0040F158      0   GetCurrentProcessId
  22. 0000F16E   0040F16E      0   GetCurrentDirectoryA
  23. 0000F186   0040F186      0   IsBadReadPtr
  24. 0000F196   0040F196      0   WriteProcessMemory
  25. 0000F1AC   0040F1AC      0   CreateMutexA
  26. 0000F1BC   0040F1BC      0   CloseHandle
  27. 0000F1CA   0040F1CA      0   ReleaseMutex
  28. 0000F1DA   0040F1DA      0   GlobalAlloc
  29. 0000F1E8   0040F1E8      0   GlobalFree
  30. 0000F1F6   0040F1F6      0   GetCurrentThreadId
  31. 0000F20C   0040F20C      0   ExpandEnvironmentStringsA
  32. 0000F228   0040F228      0   OutputDebugStringA
  33. 0000F23E   0040F23E      0   GetModuleFileNameA
  34. 0000F254   0040F254      0   MoveFileExA
  35. 0000F262   0040F262      0   SetFileAttributesA
  36. 0000F278   0040F278      0   GetVolumeInformationA
  37. 0000F290   0040F290      0   GetModuleHandleA
  38. 0000F2A4   0040F2A4      0   SetLastError
  39. 0000F2B4   0040F2B4      0   CreateFileA
  40. 0000F2C2   0040F2C2      0   WriteFile
  41. 0000F2CE   0040F2CE      0   GetTempFileNameA
  42. 0000F2E2   0040F2E2      0   GetTempPathA
  43. 0000F2F2   0040F2F2      0   GetSystemDirectoryA
  44. 0000F308   0040F308      0   SetFileTime
  45. 0000F316   0040F316      0   GetFileAttributesA
  46. 0000F32C   0040F32C      0   GetFileAttributesExA
  47. 0000F344   0040F344      0   OpenMutexA
  48. 0000F350   0040F350      0   KERNEL32.dll
  49. 0000F35E   0040F35E      0   USER32.dll
  50. 0000F36A   0040F36A      0   ADVAPI32.dll
  51. 0000F37A   0040F37A      0   WSADuplicateSocketA
  52. 0000F390   0040F390      0   WSASocketA
  53. 0000F39E   0040F39E      0   WSCEnumProtocols
  54. 0000F3B2   0040F3B2      0   WSCGetProviderPath
  55. 0000F3C6   0040F3C6      0   WS2_32.dll
  56. 0000F3D4   0040F3D4      0   MapFileAndCheckSumA
  57. 0000F3E8   0040F3E8      0   IMAGEHLP.dll
  58. 0000F3F8   0040F3F8      0   _access
  59. 0000F432   0040F432      0   dll.dll
  60. 0000F43A   0040F43A      0   WSPStartup
  61. 0000F4D4   0040F4D4      0   GetAdaptersInfo
  62. 0000F4E4   0040F4E4      0   iphlpapi.dll
  63. 000103C0   004103C0      0   wspstartupfunc Error!
  64. 000103D8   004103D8      0   GetProcessAddress Error!
  65. 000103F4   004103F4      0   WSPStartup
  66. 00010400   00410400      0   LoadLibrary Error!
  67. 00010414   00410414      0   WSCGetProviderPath Error!
  68. 00010430   00410430      0   ExpandEnvironmentStrings Error!
  69. 00010450   00410450      0   ChainLen<=1
  70. 00010464   00410464      0   GDI32.DLL
  71. 00013160   00413160      0   PackedCatalogItem
  72. 00013178   00413178      0   WSCWriteProviderOrder
  73. 00013190   00413190      0   WS2_32.DLL
  74. 0001319C   0041319C      0   WSCWriteNameSpaceOrder
  75. 00013C54   00413C54      0   OpenMutexA
  76. 00013C60   00413C60      0   CreateMutexA
  77. 00013C6E   00413C6E      0   lstrcmpA
  78. 00013C78   00413C78      0   lstrcpyA
  79. 00013C82   00413C82      0   lstrlenA
  80. 00013C8C   00413C8C      0   WaitForSingleObject
  81. 00013CA2   00413CA2      0   lstrcatA
  82. 00013CAC   00413CAC      0   ReleaseMutex
  83. 00013CBA   00413CBA      0   CloseHandle
  84. 00013CC8   00413CC8      0   GetProcAddress
  85. 00013CD8   00413CD8      0   FreeLibrary
  86. 00013CE6   00413CE6      0   LoadLibraryA
  87. 00013CF4   00413CF4      0   RegOpenKeyExA
  88. 00013D04   00413D04      0   RegQueryValueExA
  89. 00013D16   00413D16      0   RegCloseKey
  90. 00013D24   00413D24      0   RegEnumKeyExA
  91. 00013D34   00413D34      0   RegSetValueExA
  92. 00013DAC   00413DAC      0   SPORDER.dll
  93. 00013DB8   00413DB8      0   WSCWriteNameSpaceOrder
  94. 00013DCF   00413DCF      0   WSCWriteProviderOrder
  95. 00013EA0   00413EA0      0   SYSTEM\CurrentControlSet\Services\WinSock2\Parameters
  96. 00013ED8   00413ED8      0   Protocol_Catalog9
  97. 00013EF0   00413EF0      0   NameSpace_Catalog5
  98. 00013F08   00413F08      0   Current_Protocol_Catalog
  99. 00013F28   00413F28      0   Current_NameSpace_Catalog
  100. 00013F48   00413F48      0   Catalog_Entries
  101. 00013F58   00413F58      0   DisplayString
  102. 00013F68   00413F68      0   Enabled
  103. 00013F70   00413F70      0   LibraryPath
  104. 00013F80   00413F80      0   ProviderId
  105. 00013F90   00413F90      0   StoresServiceClassInfo
  106. 00013FA8   00413FA8      0   SupportedNameSpace
  107. 00013FC0   00413FC0      0   Version
  108. 00013FC8   00413FC8      0   sporder.dll
  109. 00013FD8   00413FD8      0   sporder.dll
  110. 00015009   00415009      0   GetTickCount
  111. 00015017   00415017      0   FindResourceA
  112. 00015026   00415026      0   CreateFileA
  113. 00015033   00415033      0   LoadResource
  114. 00015041   00415041      0   SizeofResource
  115. 00015051   00415051      0   WriteFile
  116. 0001505C   0041505C      0   CloseHandle
  117. 00015069   00415069      0   GetModuleFileNameA
  118. 0001507D   0041507D      0   GetEnvironmentVariableA
  119. 00015096   00415096      0   GetShortPathNameA
  120. 000150A9   004150A9      0   CreateProcessA
  121. 000150B9   004150B9      0   GetLastError
  122. 000150C7   004150C7      0   GetCurrentProcess
  123. 000150DA   004150DA      0   SetPriorityClass
  124. 000150EC   004150EC      0   SetFileAttributesA
  125. 00015100   00415100      0   ResumeThread
  126. 0001510E   0041510E      0   DeleteFileA
  127. 0001511B   0041511B      0   LoadLibraryA
  128. 00015129   00415129      0   Sleep
  129. 00015130   00415130      0   GlobalAlloc
  130. 0001513D   0041513D      0   GetTempFileNameA
  131. 0001514F   0041514F      0   GetTempPathA
  132. 0001515D   0041515D      0   GetSystemDirectoryA
  133. 00015172   00415172      0   SetFileTime
  134. 0001517F   0041517F      0   GetFileAttributesA
  135. 00015193   00415193      0   GetFileAttributesExA
  136. 000151A9   004151A9      0   GetModuleHandleA
  137. 000151BB   004151BB      0   GetStartupInfoA
  138. 000151CC   004151CC      0   GlobalFree
  139. 000151D8   004151D8      0   MultiByteToWideChar
  140. 000151ED   004151ED      0   FreeLibrary
  141. 000151FA   004151FA      0   GetProcAddress
  142. 0001538A   0041538A      0   WSCInstallProvider
  143. 0001539E   0041539E      0   WSCEnumProtocols
  144. 00016924   00417124      0   KERNEL32.DLL
  145. 00016931   00417131      0   MFC42.DLL
  146. 0001693B   0041713B      0   MSVCRT.dll
  147. 00016946   00417146      0   WS2_32.dll
  148. 00016952   00417152      0   LoadLibraryA
  149. 00016960   00417160      0   GetProcAddress
  150. 00016970   00417170      0   VirtualProtect
  151. 00016980   00417180      0   ExitProcess
  152. 00016994   00417194      0   WSCEnumProtocols
  153. 00016A64   00418064      0   WS2_32.dll
  154. 00016A71   00418071      0   WSCEnumProtocols
  155. 00016A84   00418084      0   WSCInstallProvider
  156. 00016A97   00418097      0   MFC42.DLL
  157. 00016AA1   004180A1      0   MSVCRT.dll
  158. 00016BD7   004181D7      0   KERNEL32.DLL
  159. 00016BE6   004181E6      0   GetProcAddress
  160. 00016BF7   004181F7      0   FreeLibrary
  161. 00016C05   00418205      0   MultiByteToWideChar
  162. 00016C1B   0041821B      0   GlobalFree
  163. 00016C28   00418228      0   GetStartupInfoA
  164. 00016C3A   0041823A      0   GetModuleHandleA
  165. 00016C4D   0041824D      0   GetFileAttributesExA
  166. 00016C64   00418264      0   GetFileAttributesA
  167. 00016C79   00418279      0   SetFileTime
  168. 00016C87   00418287      0   GetSystemDirectoryA
  169. 00016C9D   0041829D      0   GetTempPathA
  170. 00016CAC   004182AC      0   GetTempFileNameA
  171. 00016CBF   004182BF      0   GlobalAlloc
  172. 00016CCD   004182CD      0   Sleep
  173. 00016CD5   004182D5      0   LoadLibraryA
  174. 00016CE4   004182E4      0   DeleteFileA
  175. 00016CF2   004182F2      0   ResumeThread
  176. 00016D01   00418301      0   SetFileAttributesA
  177. 00016D16   00418316      0   SetPriorityClass
  178. 00016D29   00418329      0   GetCurrentProcess
  179. 00016D3D   0041833D      0   GetLastError
  180. 00016D4C   0041834C      0   CreateProcessA
  181. 00016D5D   0041835D      0   GetShortPathNameA
  182. 00016D71   00418371      0   GetEnvironmentVariableA
  183. 00016D8B   0041838B      0   GetModuleFileNameA
  184. 00016DA0   004183A0      0   CloseHandle
  185. 00016DAE   004183AE      0   WriteFile
  186. 00016DBA   004183BA      0   SizeofResource
  187. 00016DCB   004183CB      0   LoadResource
  188. 00016DDA   004183DA      0   CreateFileA
  189. 00016DE8   004183E8      0   FindResourceA
  190. 00016DF8   004183F8      0   GetTickCount
复制代码

或许行为分析更好:http://research.sunbelt-software.com/ViewMalware.aspx?id=4289982
回复

举报

愿望 该用户已被删除
发表于 2008-5-3 21:28:14 | 显示全部楼层
哈哈   我的下小克菲。。阿     16个不错了~~
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-18 07:48 , Processed in 0.098392 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表