来个小马玩玩

yuhaoyin

无壳免杀木马 灰鸽子源码编译的 国产的估计就微点能杀 就6款杀软杀出来

fzz8848

Begin scan in 'E:\Download\Virus\小马.rar'
E:\Download\Virus\小马.rar
    [0] Archive type: RAR
    --> ￐ﾡￂ￭.exe
      [DETECTION] Is the TR/ATRAPS.Gen Trojan
    [NOTE]      The file was deleted!

电影结束了

Win32:Hupigon-AMD [Trj]

yuhaoyin

小红伞要避其锋芒 无人能敌啊 有方法过但没人肯公布出来滴 红伞微点

kingmuro

2008-10-13 20:17:43        检测到威胁: Trojan-Downloader.Win32.Delf.pds        D:\My Documents\桌面\小马.rar/小马.exe/#               
2008-10-13 20:17:43        未处理: Trojan-Downloader.Win32.Delf.pds        D:\My Documents\桌面\小马.rar/小马.exe/#        延期       
2008-10-13 20:17:43        检测到威胁: Trojan-Downloader.Win32.Delf.pds        D:\My Documents\桌面\小马.rar/小马.exe/#               
2008-10-13 20:17:44        检测到威胁: Trojan-Downloader.Win32.Delf.pds        D:\My Documents\桌面\小马.rar/小马.exe/#               
2008-10-13 20:17:44        检测到威胁: Trojan-Downloader.Win32.Delf.pds        D:\My Documents\桌面\小马.rar/小马.exe/#

Palkia

金山 0

allinwonderi

MISS

BING126

McAfee  miss

laibao

File System Modifications
The following files were created in the system:
# Filename(s) File Size File MD5 Alias / Other Info
1 %System%\DelMe.bat  108 bytes 0x67FC3FCA5DB3AAFA5EF64E2D034F584E (not available)
2 %System%\jksing.dll  221,256 bytes 0xC85454A110E77367B85B0525A3E100B2 Mal/Behav-024 [Sophos]
3 [file and pathname of the sample #1]  268,366 bytes 0xD66F08D3107BA07272C283A6A93E4073 (not available)
Note:
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
  Memory Modifications
There was a new process created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 512,000 bytes

The following module was loaded into the address space of other process(es):
Module Name Module Filename Address Space Details
jksing.dll %System%\jksing.dll Process name: svchost.exe
Process filename: %System%\svchost.exe
Address space: 0xA90000 - 0xACB000
There was a new service created in the system:
Service Name Display Name Status Service Filename
jksing jksing "Running" %System%\svchost.exe -k krnlsrvc

  Registry Modifications
The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JKSING
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JKSING\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JKSING\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jksing
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jksing\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jksing\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jksing\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JKSING
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JKSING\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JKSING\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jksing
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jksing\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jksing\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jksing\Enum
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
beizhu = "Jksing Remote Control System"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
krnlsrvc = 6A 6B 73 69 6E 67 00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JKSING\0000\Control]
*NewlyCreated* = 0x00000000
ActiveService = "jksing"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JKSING\0000]
Service = "jksing"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "jksing"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_JKSING]
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jksing\Enum]
0 = "Root\LEGACY_JKSING\0000"
Count = 0x00000001
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jksing\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jksing\Parameters]
ServiceDLL = 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6A 6B 73 69 6E 67 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jksing]
Type = 0x00000110
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "%System%\svchost.exe -k krnlsrvc"
DisplayName = "jksing"
ObjectName = "LocalSystem"
Description = "jksing"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JKSING\0000\Control]
*NewlyCreated* = 0x00000000
ActiveService = "jksing"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JKSING\0000]
Service = "jksing"
Legacy = 0x00000001
ConfigFlags = 0x00000000
Class = "LegacyDriver"
ClassGUID = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
DeviceDesc = "jksing"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_JKSING]
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jksing\Enum]
0 = "Root\LEGACY_JKSING\0000"
Count = 0x00000001
NextInstance = 0x00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jksing\Security]
Security = 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jksing\Parameters]
ServiceDLL = 25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6A 6B 73 69 6E 67 2E 64 6C 6C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jksing]
Type = 0x00000110
Start = 0x00000002
ErrorControl = 0x00000000
ImagePath = "%System%\svchost.exe -k krnlsrvc"
DisplayName = "jksing"
ObjectName = "LocalSystem"
Description = "jksing"
The following Registry Values were modified:
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
(Default) = 0x0000000D
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]
(Default) = 0x0000000D
Outbound traffic
There was an outbound traffic produced on port 8000:
00000000 | 3030 300D 0A00 0000 EA3C 4752 3E52 656D | 000......<GR>Rem
00000010 | 6F74 6520 436F 6D70 7574 6572 733C 2F47 | ote Computers</G
00000020 | 523E 3C49 4D3E 3235 3C2F 494D 3E3C 4E41 | R><IM>25</IM><NA
00000030 | 3E43 4F4D 5055 5445 524E 414D 453C 2F4E | >COMPUTERNAME</N
00000040 | 413E 3C43 533E 456E 676C 6973 6820 2855 | A><CS>English (U
00000050 | 6E69 7465 6420 5374 6174 6573 293C 2F43 | nited States)</C
00000060 | 533E 3C4F 533E 5769 6E64 6F77 7320 5850 | S><OS>Windows XP
00000070 | 2053 6572 7669 6365 2050 6163 6B20 323C |  Service Pack 2<
00000080 | 2F4F 533E 3C43 5055 3E20 2020 2020 2020 | /OS><CPU>
00000090 | 2020 2020 2020 2049 6E74 656C 2852 2920 |        Intel(R)
000000A0 | 5065 6E74 6975 6D28 5229 2034 2043 5055 | Pentium(R) 4 CPU
000000B0 | 2033 2E32 3047 487A 3C2F 4350 553E 3C4D |  3.20GHz</CPU><M
000000C0 | 454D 3E32 3535 4D42 3C2F 4D45 4D3E 3C42 | EM>255MB</MEM><B
000000D0 | 5A3E 4A6B 7369 6E67 2052 656D 6F74 6520 | Z>Jksing Remote
000000E0 | 436F 6E74 726F 6C20 5379 7374 656D 3C2F | Control System</
000000F0 | 425A 3E                                 | BZ>

sxingbai

tf无视