25日马儿群[ON KAFAN]

显示全部楼层 · 发表于 2009-4-25 12:57:24

原帖由 gzy_hao 于 2009-4-25 12:23 发表
BD：种类好多，大部分是盗号木马，剩下22个
A-Squared：剩下5个
Symantec：剩下15个

我想朋友已经上报了吧，那我就不上报了。

显示全部楼层 · 发表于 2009-4-25 13:01:29

Rs干掉

显示全部楼层 · 发表于 2009-4-25 13:02:03

miss 的TO avira

We received the following archive files:
File ID    Filename Size (Byte) Result
25331625    miss.rar 819.3 KB OK

A listing of files contained inside archives alongside their results can be found below:File ID    Filename Size (Byte) Result
25331614    SysDir.exe    18.22 KB    UNDER ANALYSIS
25255097    YiqilaiLyrics1.exe    778.34 KB    CLEAN
25331613    Wsock32.dll    52 KB    UNDER ANALYSIS
25331612    xccs.dll    14.04 KB    UNDER ANALYSIS
25331615    AsyncMac.sys    3.13 KB    UNDER ANALYSIS
4554291    1A.exe    33.27 KB    KNOWN CLEAN
4220877    syswsock32.dll    28 KB    KNOWN CLEAN

Please find a detailed report concerning each individual sample below: Filename Result
SysDir.exe    UNDER ANALYSIS

The file 'SysDir.exe' has been determined to be 'UNDER ANALYSIS'.
Filename Result
YiqilaiLyrics1.exe    CLEAN

The file 'YiqilaiLyrics1.exe' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.
Filename Result
Wsock32.dll    UNDER ANALYSIS

The file 'Wsock32.dll' has been determined to be 'UNDER ANALYSIS'.
Filename Result
xccs.dll    UNDER ANALYSIS

The file 'xccs.dll' has been determined to be 'UNDER ANALYSIS'.
Filename Result
AsyncMac.sys    UNDER ANALYSIS

The file 'AsyncMac.sys' has been determined to be 'UNDER ANALYSIS'.
Filename Result
1A.exe    KNOWN CLEAN

The file '1A.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Conveica DownloadStudio 4.0.3.0'.
Filename Result
syswsock32.dll    KNOWN CLEAN

The file 'syswsock32.dll' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Microsoft Windows XP (SP3)'.

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

显示全部楼层 · 发表于 2009-4-25 13:37:10

看来这木马群还是很可观的

显示全部楼层 · 发表于 2009-4-25 13:37:18

2009-4-25 13:10:19 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\01[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:19 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\12days.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:19 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\1a[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:19 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\3285093_xeex.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:19 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\a2[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:19 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\a8[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:19 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\L1.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\L1[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\L3[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\L4[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\L5[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\L6.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\L6[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M15[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M23[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M24[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M25[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M33[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M35[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M37[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M39[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M4[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\M5[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\mspaint.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\ok[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S1.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S1[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S10.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S10[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S11[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S12[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S13[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S14[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S15[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S16[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S17[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S2[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S20[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S21[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S8.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\S8[1].exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\scvhost.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\sysbar.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\YiqilaiLyrics_2001.exe
规则: [文件]c:\*; *.exe

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\08223B03.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\122B901E.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\12days.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\56BC86C7.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:20 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\704C3595.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\76B9BA7A.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\A1A6BC2E.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\BMsg6pdMD4ht.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\CCCA2FB9.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\CDuAUVkGy9.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll
2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\dhDhwS7fFW.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\dopdy.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\E4814792.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\ed78ab9.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\efc0c52cc1.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\elementzx.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\erdznUfbK0ZF.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\GrTZqH5SnRhAt.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\JBn2ypqY23vWX.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\killdll.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\Nj4gYd3rUbJ57.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll
2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\peV7mS4gcukR.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\PkVyCX5kHnftC7BXjt.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\syswsock32.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\ufQCU5.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\v6yj3gxacYQU.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\VnTU2WAqUcZA6.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\wF87W8XjgDW5Es6tuA.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\Wsock32.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\xccs.dll
规则: [文件组]可执行文件组 -> [文件]c:\*; *.dll

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\aec.SYS
规则: [文件组]可执行文件组 -> [文件]c:\*; *.sys

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\AsyncMac.sys
规则: [文件组]可执行文件组 -> [文件]c:\*; *.sys

2009-4-25 13:10:21 创建文件阻止
进程: c:\program files\winrar\winrar.exe
目标: C:\Documents and Settings\Administrator\桌面\DefaultBox[1]\pcidump.sys
规则: [文件组]可执行文件组 -> [文件]c:\*; *.sys

显示全部楼层 · 发表于 2009-4-25 13:43:49

同时NOD32隔离10个

显示全部楼层 · 发表于 2009-4-26 00:23:10

弄下来分析分析啊！

显示全部楼层 · 发表于 2009-4-26 00:59:48

好多被干掉了！！
反正！！

[病毒样本] 25日马儿群[ON KAFAN]

本帖子中包含更多资源