收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 早上来个热热身
返回列表 发新帖
查看: 1799|回复: 5
收起左侧

[病毒样本] 早上来个热热身

[复制链接]
jijiasd
发表于 2009-1-24 08:15:01 | 显示全部楼层 |阅读模式
1X

TO nod32 http://samples.eset.com.cn/index.php?a=query&lang=0&md5=cd7b697669a524f606e657254b08868e

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

saga3721
发表于 2009-1-24 08:17:02 | 显示全部楼层
'TR/Crypt.XPACK.Gen' [trojan]
回复

举报

syfwxmh
发表于 2009-1-24 09:30:50 | 显示全部楼层
kaspersky kill
回复

举报

evilrabbit
发表于 2009-1-24 09:54:24 | 显示全部楼层
生成物C\WINDOWS\help\EB6C4499B05F.dll
*\current\Local Settings\Temp\Rar$EX00.547
*\Local Settings\Temp\Rar$EX00.547\uykg.exe

-------------------------
*\machine\software\Classes\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}  [1] = SSUUDL
*\machine\software\Classes\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32  [1] = C:\WINDOWS\help\EB6C4499B05F.dll
*\machine\software\Classes\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel [1] = Apartment
*\machine\software\microsoft\ole\EnableDCOM [1] = N
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket\NukeOnDelete [4] = 01000000
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket\UseGlobalSettings [4] = 01000000
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Documents [1] = C:\Documents and Settings\All Users\Documents
*\machine\software\microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop [1] = C:\Documents and Settings\All Users\Lhb?
*\machine\software\microsoft\windows nt\currentversion\winlogon\Shell [1] = x
*\user\current\software\classes\SymbolicLinkValue [6] = 5C00520045004700490053005400520059005C0055005300450052005C00530061006E00640062006F0078005F00410064006D0069006E006900730074007200610074006F0072005F00440065006600610075006C00740042006F0078005C0075007300650072005C00630075007200720065006E0074005F0063006C0061007300730065007300
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess\BrowseNewProcess [1] = yes
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f23f4ca-767d-11dd-a315-806d6172696f}\BaseClass [1] = Drive
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal [1] = C:\Documents and Settings\Administrator\My Documents
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop [1] = C:\Documents and Settings\Administrator\Lhb?
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData [1] = C:\Documents and Settings\Administrator\Application Data
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache [1] = C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
*\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies [1] = C:\Documents and Settings\Administrator\Cookies
*\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass [4] = 01000000
*\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName [4] = 01000000
*\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet [4] = 01000000
*\user\current\software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.547\uykg.exe [1] = uykg
*\user\current\software\SandboxieAutoExec  [3] = 31
*\user\current\software\WinRAR\ArcHistory\0 [1] = C:\Documents and Settings\Administrator\Lhb梊uykg.zip
*\user\current\software\WinRAR\FileList\ArcColumnWidths\name [4] = 78000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\size [4] = 50000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\psize [4] = 50000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\type [4] = 78000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\mtime [4] = 64000000
*\user\current\software\WinRAR\FileList\ArcColumnWidths\crc [4] = 46000000
*\user\current\software\WinRAR\FileList\FileColumnWidths\name [4] = 78000000
*\user\current\software\WinRAR\FileList\FileColumnWidths\size [4] = 50000000
*\user\current\software\WinRAR\FileList\FileColumnWidths\type [4] = 78000000
*\user\current\software\WinRAR\FileList\FileColumnWidths\mtime [4] = 64000000
*\user\current\software\WinRAR\General\LastFolder [1] = C:\Documents and Settings\Administrator\Lhb?
*\user\current\software\WinRAR\General\Toolbar\Layout\Band0 [3] = 38000000730100000402000000000000FFFFFFF4FFFFFFF4FFFFFFF400000000000000000000000000FFFFFFDA000500000000003A000000FFFFFFB40200000000000001000000
*\user\current\software\WinRAR\General\Toolbar\Layout\Band1 [3] = 38000000730100000500000000000000FFFFFFF4FFFFFFF4FFFFFFF400000000000000000000000000FFFFFFD20006000000000017000000280000000000000002000000
*\user\current\software\WinRAR\General\Toolbar\Layout\Band2 [3] = 38000000730100000400000000000000FFFFFFF4FFFFFFF4FFFFFFF400000000000000000000000000FFFFFFDC0009000000000017000000640000000000000003000000
*\user\current\software\WinRAR\General\Toolbar\Layout\Band3 [3] = 3800000073010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
*\user\current\software\WinRAR\Interface\MainWin\Placement [3] = 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF600000006C00000072030000FFFFFFFF010000

[ 本帖最后由 wolfwalk888 于 2009-1-24 09:55 编辑 ]
回复

举报

Palkia
发表于 2009-1-24 10:13:07 | 显示全部楼层
rs 0
回复

举报

Sherry.ai
发表于 2009-1-24 10:18:33 | 显示全部楼层
To KL

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-9-19 10:30 , Processed in 0.118990 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表