质量很高的SWF

显示全部楼层 · 发表于 2008-7-11 17:03:06

all kill

显示全部楼层 · 发表于 2008-7-11 17:38:43

已把一楼和十楼的样本上报到卡巴.

显示全部楼层 · 发表于 2008-7-11 18:08:15

大有赶超NOD32的势头

只要降低误报就好了

显示全部楼层 · 发表于 2008-7-11 18:22:30

nod 没反应1~

显示全部楼层 · 发表于 2008-7-11 19:03:48

00006074 00406074    0 SeDebugPrivilege
00006088 00406088    0 Common Startup
00006098 00406098    0 SoftWare\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
000060DC 004060DC    0 human.exe
000060E8 004060E8    0 \human.exe
000060F4 004060F4    0 \\.\%s\%s
00006104 00406104    0 NtClose
0000610C 0040610C    0 NtQueryDirectoryObject
00006124 00406124    0 NtOpenDirectoryObject
0000613C 0040613C    0 RtlInitUnicodeString
0000615C 0040615C    0 \winhlp32.exe
0000616C 0040616C    0 \mmc.exe
00006178 00406178    0 \user32.dll
00006184 00406184    0 DOWNLOAD
00006194 00406194    0 \ntdll.dll
000061A8 004061A8    0 Root#RCVYL#0000#
000061CC 004061CC    0 ProtectedC.sys
000061DC 004061DC    0 HookLeave
000061E8 004061E8    0 HookEnter
00006200 00406200    0 %s\%08X.dll
0000620C 0040620C    0 _THINK_SOFT_EVENT_
00006220 00406220    0 HintZ0
00006228 00406228    0 hintFD.sys
00006238 00406238    0 THINK
00006240 00406240    0 \Drivers\Beep.sys
00006254 00406254    0 \\.\NBA_SOFT
00006264 00406264    0 MZKERNEL32.DLL
00006274 00406274    0 WinExec
0000627C 0040627C    0 %windir%\system32\userinit.exe
0000629C 0040629C    0 %windir%\system32\mmc.exe
000062B8 004062B8    0 %windir%\system32\user32.dll
000062E8 004062E8    0 http://www.intaroo.net/
000063F4 004063F4    0 dk.txt
000063FC 004063FC    0 %s\%%d
00006404 00406404    0 %s\%d
0000640C 0040640C    0 WININET.dll
00006418 00406418    0 DeleteUrlCacheEntry
0000642C 0040642C    0 urlmon.dll
00006438 00406438    0 URLDownloadToFileA
0000647C 0040647C    0 %windir%\hh.exe
0000648C 0040648C    0 %windir%\system32\calc.exe
000064A8 004064A8    0 %windir%\system32\netstat.exe
000064C8 004064C8    0 %windir%\system32\edit.com
000064E4 004064E4    0 %windir%\system32\command.com
00006504 00406504    0 %windir%\system32\ftp.exe
00006520 00406520    0 %windir%\winhlp32.exe
00006538 00406538    0 %windir%\winhelp.exe
00006550 00406550    0 %windir%\twunk_32.exe
00006568 00406568    0 %windir%\twunk_16.exe
00006580 00406580    0 %s\data.exe
0000658C 0040658C    0 %s\pack_%d.exe
0000659C 0040659C    0 %s\kill.exe
000065A8 004065A8    0 %windir%\system32\winhlp32.exe
000065C8 004065C8    0 SetSecurityDescriptorControl
000065E8 004065E8    0 advapi32.dll
000065F8 004065F8    0 AddAccessAllowedAceEx
00006610 00406610    0 Users
00006618 00406618    0 Administrators
00006628 00406628    0 %UserName%
00006668 00406668    0 WinExec
00006670 00406670    0 kernel32.dll
00006680 00406680    0 c:\windows\main.exe

000061BC 004061BC    0 \Device
0000874C 0040874C    0 ATAPI.SYS
00008760 00408760    0 ATAPI.SYS
00008A72 00408A72    0 \SystemRoot\System32\Drivers\atapi.sys
00008BAB 00408BAB    0 \SystemRoot\System32\Drivers\nvata.sys
00008CE5 00408CE5    0 \SystemRoot\System32\Drivers\ntfs.sys
00008F5B 00408F5B    0 \Driver\atapi
00008F76 00408F76    0 \Driver\nvata
000093EB 004093EB    0 \Device\Harddisk0\DR0
00009416 00409416    0 \Driver\atapi
00009432 00409432    0 \Driver\nvata
0000964D 0040964D    0 \FileSystem\Ntfs
00009AD3 00409AD3    0 \Device\HarddiskVolume1
00009CE3 00409CE3    0 \SystemRoot\system32\user32.dll
00009D75 00409D75    0 \SystemRoot\System32\mmc.exe
00009E71 00409E71    0 \SystemRoot\system32\userinit.exe
00009FCA 00409FCA    0 \SystemRoot\system32\winhlp32.exe
0000A149 0040A149    0 \DosDevices\NBA_SOFT
0000A1BA 0040A1BA    0 \Device\GuardField
0000A1E2 0040A1E2    0 ATAPI.SYS
0000A1F6 0040A1F6    0 ATAPI.SYS
0000A20A 0040A20A    0 ATAPI.SYS
0000A21E 0040A21E    0 ATAPI.SYS
0000A41D 0040A41D    0 \Device\NBA_SOFT
0000A440 0040A440    0 \DosDevices\NBA_SOFT
0000A684 0040A684    0 \SystemRoot\hh.exe
0000A6AC 0040A6AC    0 \SystemRoot\system32\calc.exe
0000A6E8 0040A6E8    0 \SystemRoot\system32\netstat.exe
0000A72C 0040A72C    0 \SystemRoot\system32\edit.com
0000A768 0040A768    0 \SystemRoot\system32\command.com
0000A7AC 0040A7AC    0 \SystemRoot\system32\ftp.exe
0000A7E8 0040A7E8    0 \SystemRoot\winhlp32.exe
0000A81C 0040A81C    0 \SystemRoot\winhelp.exe
0000A84C 0040A84C    0 \SystemRoot\twunk_32.exe
0000A880 0040A880    0 \SystemRoot\twunk_16.exe
0000A8B8 0040A8B8    0 \Device\HarddiskVolume1\XXXXXXXX\pack_9.exe
0000A910 0040A910    0 \Device\HarddiskVolume1\XXXXXXXX\pack_8.exe
0000A968 0040A968    0 \Device\HarddiskVolume1\XXXXXXXX\pack_7.exe
0000A9C0 0040A9C0    0 \Device\HarddiskVolume1\XXXXXXXX\pack_6.exe
0000AA18 0040AA18    0 \Device\HarddiskVolume1\XXXXXXXX\pack_5.exe
0000AA70 0040AA70    0 \Device\HarddiskVolume1\XXXXXXXX\pack_4.exe
0000AAC8 0040AAC8    0 \Device\HarddiskVolume1\XXXXXXXX\pack_3.exe
0000AB20 0040AB20    0 \Device\HarddiskVolume1\XXXXXXXX\pack_2.exe
0000AB78 0040AB78    0 \Device\HarddiskVolume1\XXXXXXXX\pack_1.exe
0000ABD0 0040ABD0    0 \Device\HarddiskVolume1\XXXXXXXX\pack_0.exe
0000AC28 0040AC28    0 \Device\HarddiskVolume1\XXXXXXXX\kill.exe
0000AC80 0040AC80    0 \Device\HarddiskVolume1\XXXXXXXX\data.exe

娘的把我逼疯了。。。。。。。。。。。。。。。

显示全部楼层 · 发表于 2008-7-12 08:39:02

技术学得不错...

[病毒样本] 质量很高的SWF

本帖子中包含更多资源

回复 11楼 gankeyu 的帖子

32

回复 15楼 garyyan456 的帖子