查看: 5309|回复: 10
收起左侧

[病毒样本] N多病毒等你拿

[复制链接]
绅博周幸
 楼主| 发表于 2007-1-14 17:29:34 | 显示全部楼层
卡巴不报的麻烦大家了
绅博周幸
 楼主| 发表于 2007-1-14 17:40:50 | 显示全部楼层
最后那个卡巴没报啊
绅博周幸
 楼主| 发表于 2007-1-14 17:43:40 | 显示全部楼层
AntiVir  Found HEUR/Crypted  
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found MemScan:Trojan.Downloader.Cryptic.D  
ClamAV  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found W32/Downloader.gen10  
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Kaspersky Anti-Virus  Found nothing
NOD32  Found a variant of Win32/TrojanDownloader.VB.APY  
Norman Virus Control  Found W32/DLoader.BEIC  
VirusBuster  Found Trojan.DL.Cryptic.Gen  
VBA32  Found Trojan-Downloader.Win32.Cryptic.cn


最后那个DOWN.EXE,像是针对卡巴了
ALEXBLAIR
发表于 2007-1-14 18:06:59 | 显示全部楼层
down
2
4
上报完成
等待结果
ALEXBLAIR
发表于 2007-1-14 18:52:22 | 显示全部楼层
2.exe分析结果
类型:木马
是否添加服务:是
服务名:fish(貌似是钓鱼???)
主要核心文件:%windir%\system32\SVCH0ST.EXE(中间那个是数字0)
是否钩子行为:有

分析日志


  1. Parent process:
  2.    Path: C:\WINDOWS\explorer.exe
  3.    PID: 1604
  4.    Information: Windows Explorer (Microsoft Corporation)
  5. Child process:
  6.    Path: Z:\up\3.exe
  7.    Command line:"Z:\up\3.exe"

  8. Process:
  9.    Path: C:\WINDOWS\system32\services.exe
  10.    PID: 404
  11.    Information: Services and Controller app (Microsoft Corporation)
  12. Registry Group:
  13. Object:
  14.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  15. Parent process:
  16.    Path: C:\WINDOWS\system32\svchost.exe
  17.    PID: 776
  18.    Information: Generic Host Process for Win32 Services (Microsoft Corporation)
  19. Child process:
  20.    Path: C:\WINDOWS\system32\wbem\wmiadap.exe
  21.    Information: WMI (Microsoft Corporation)
  22.    Command line:wmiadap.exe /F /T
  23. Process:
  24.    Path: C:\WINDOWS\system32\services.exe
  25.    PID: 404
  26.    Information: Services and Controller app (Microsoft Corporation)
  27. Registry Group:
  28. Object:
  29.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  30.    Registry value: Type
  31.       Type: REG_DWORD
  32.       Value: 00000110

  33. Process:
  34.    Path: C:\WINDOWS\system32\services.exe
  35.    PID: 404
  36.    Information: Services and Controller app (Microsoft Corporation)
  37. Registry Group:
  38. Object:
  39.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  40.    Registry value: Start
  41.       Type: REG_DWORD
  42.       Value: 00000002
  43. Process:
  44.    Path: C:\WINDOWS\system32\services.exe
  45.    PID: 404
  46.    Information: Services and Controller app (Microsoft Corporation)
  47. Registry Group:
  48. Object:
  49.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  50.    Registry value: ErrorControl
  51.       Type: REG_DWORD
  52.       Value: 00000000
  53. Process:
  54.    Path: C:\WINDOWS\system32\services.exe
  55.    PID: 404
  56.    Information: Services and Controller app (Microsoft Corporation)
  57. Registry Group:
  58. Object:
  59.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  60.    Registry value: ImagePath
  61.       Type: REG_EXPAND_SZ
  62.       Value: C:\WINDOWS\system32\SVCH0ST.EXE
  63. Process:
  64.    Path: C:\WINDOWS\system32\services.exe
  65.    PID: 404
  66.    Information: Services and Controller app (Microsoft Corporation)
  67. Registry Group:
  68. Object:
  69.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  70.    Registry value: DisplayName
  71.       Type: REG_SZ
  72.       Value: Fish
  73. Process:
  74.    Path: C:\WINDOWS\system32\services.exe
  75.    PID: 404
  76.    Information: Services and Controller app (Microsoft Corporation)
  77. Registry Group:
  78. Object:
  79.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish\Security
  80. Process:
  81.    Path: C:\WINDOWS\system32\services.exe
  82.    PID: 404
  83.    Information: Services and Controller app (Microsoft Corporation)
  84. Registry Group:
  85. Object:
  86.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish\Security
  87.    Registry value: Security
  88.       Type: REG_BINARY
  89.       Value: 01001480900000009C00000014000000...
  90. Process:
  91.    Path: C:\WINDOWS\system32\services.exe
  92.    PID: 404
  93.    Information: Services and Controller app (Microsoft Corporation)
  94. Registry Group:
  95. Object:
  96.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  97.    Registry value: ObjectName
  98.       Type: REG_SZ
  99.       Value: LocalSystem
  100. Process:
  101.    Path: C:\WINDOWS\system32\services.exe
  102.    PID: 404
  103.    Information: Services and Controller app (Microsoft Corporation)
  104. Registry Group:
  105. Object:
  106.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  107.    Registry value: ObjectName
  108.       Type: REG_SZ
  109.       Value: LocalSystem
  110. Process:
  111.    Path: C:\WINDOWS\system32\services.exe
  112.    PID: 404
  113.    Information: Services and Controller app (Microsoft Corporation)
  114. Registry Group:
  115. Object:
  116.    Registry key: HKLM\SYSTEM\CurrentControlSet\Services\Fish
  117.    Registry value: Description
  118.       Type: REG_SZ
  119.       Value: Fish
  120. Parent process:
  121.    Path: C:\WINDOWS\system32\services.exe
  122.    PID: 404
  123.    Information: Services and Controller app (Microsoft Corporation)
  124. Child process:
  125.    Path: C:\WINDOWS\system32\SVCH0ST.EXE
  126.    Command line:C:\WINDOWS\system32\SVCH0ST.EXE
  127. Process:
  128.    Path: C:\WINDOWS\system32\SVCH0ST.EXE
  129.    PID: 1840
  130. Library:
  131.    Path: C:\WINDOWS\system32\Hook.dll
  132. The hook type: WH_GETMESSAGE (monitors messages posted to a message queue).

复制代码

评分

参与人数 1经验 +5 收起 理由
jzhhh + 5 版区有你更精彩: )

查看全部评分

moonsilver
发表于 2007-1-14 20:16:42 | 显示全部楼层
1是VB写的,估计是VB木马
2是瑞星报Trojan.PSW.WlOnline.bv,我没有这个样本,无法分析
3分析结果是灰鸽子
4和2是同一种病毒
down分析是代理木马,UPX加壳

评分

参与人数 1经验 +5 收起 理由
navigateqd + 5 版区有你更精彩: )

查看全部评分

moonsilver
发表于 2007-1-14 20:18:12 | 显示全部楼层
看了楼上的分析,多谢
野马
发表于 2007-1-14 21:44:57 | 显示全部楼层
统统“惨遭” 东方微点 杀害!
正魔刃
发表于 2007-1-14 23:44:07 | 显示全部楼层
我的NOD32全部都报了
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-19 14:57 , Processed in 0.131351 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表