hxxp://www.zhangxiu.com(秀掌彩信)

显示全部楼层 · 发表于 2009-5-18 10:06:42

关于:hxxp://www.zhangxiu.com/解密的日志(全体输出 -  29):

Level  0>http://www.zhangxiu.com/
Level  1>http://www.zhangxiu.com/pixviewer.swf  ●
Level  1>http://www.zhangxiu.com/js/common.js
Level  1>http://www.jtzj.com.cn/flash.htm
Level  2>http://sakdjka.cn/ccc/001/fa.htm?hei2
Level  3>http://s46.cnzz.com/stat.php?id=1379153&web_id=1379153
Level  3>http://sakdjka.cn/ccc/001/index.htm
Level  4>http://sakdjka.cn/ccc/001/office.htm
Level  5>http://sakdjka.cn/ccc/001/office.js
Level  6>http://faszcx.cn/001.exe  ●
Level  4>http://sakdjka.cn/ccc/001/lz.htm
Level  5>http://sakdjka.cn/ccc/001/lz.js
Level  6>http://faszcx.cn/001.exe  ●
Level  4>http://sakdjka.cn/ccc/001/02.htm
Level  5>http://sakdjka.cn/ccc/001/set.js
Level  6>http://faszcx.cn/001.exe.split
Level  4>http://sakdjka.cn/ccc/001/ip.htm
Level  5>http://sakdjka.cn/ccc/001/bf.htm
Level  6>http://sakdjka.cn/ccc/001/bf.js
Level  7>http://faszcx.cn/001.exe  ●
Level  4>http://sakdjka.cn/ccc/001/ippp.htm
Level  5>http://sakdjka.cn/ccc/001/real.html
Level  6>http://sakdjka.cn/ccc/001/re11.js
Level  7>http://sakdjka.cn/ccc/001/re11.js
Level  5>http://sakdjka.cn/ccc/001/real.htm
Level  5>http://sakdjka.cn/ccc/001/xl.htm
Level  4>http://sakdjka.cn/ccc/001/qb.htm
Level  4>http://sakdjka.cn/ccc/001/flash.htm
Level  4>http://sakdjka.cn/ccc/001/yy.htm

网页分析：cchao21(打点的均为真实木马地址)

显示全部楼层 · 发表于 2009-5-18 10:36:35

kaba kill virus！

http://faszcx.cn/001.exe
http://faszcx.cn/002.exe
http://faszcx.cn/003.exe
http://faszcx.cn/004.exe
http://faszcx.cn/005.exe

[ 本帖最后由幸福的猪猪于 2009-5-18 10:40 编辑 ]

显示全部楼层 · 发表于 2009-5-18 16:18:33

LS的几个偶打包了。。。

显示全部楼层 · 发表于 2009-5-18 17:58:03

DR.WEB
004.exe\data001;D:\Documents and Settings\Administrator\桌面\004.exe;Probably DLOADER.Trojan;;
004.exe\data006;D:\Documents and Settings\Administrator\桌面\004.exe;Trojan.DownLoad.3730;;
004.exe;D:\Documents and Settings\Administrator\桌面;Container contains infected objects;Renamed.;
004.exe;D:\Documents and Settings\Administrator\桌面;Probably DLOADER.Trojan;Invalid path to file ;
005.exe\data001;D:\Documents and Settings\Administrator\桌面\005.exe;Probably DLOADER.Trojan;;
005.exe\data006;D:\Documents and Settings\Administrator\桌面\005.exe;Trojan.DownLoad.3730;;
005.exe;D:\Documents and Settings\Administrator\桌面;Container contains infected objects;Renamed.;
005.exe;D:\Documents and Settings\Administrator\桌面;Probably DLOADER.Trojan;Invalid path to file ;
001.exe\data001;D:\Documents and Settings\Administrator\桌面\001.exe;Probably DLOADER.Trojan;;
001.exe\data006;D:\Documents and Settings\Administrator\桌面\001.exe;Trojan.DownLoad.3730;;
001.exe;D:\Documents and Settings\Administrator\桌面;Container contains infected objects;Renamed.;
001.exe;D:\Documents and Settings\Administrator\桌面;Probably DLOADER.Trojan;Invalid path to file ;
002.exe\data001;D:\Documents and Settings\Administrator\桌面\002.exe;Probably DLOADER.Trojan;;
002.exe\data006;D:\Documents and Settings\Administrator\桌面\002.exe;Trojan.DownLoad.3730;;
002.exe;D:\Documents and Settings\Administrator\桌面;Container contains infected objects;Renamed.;
002.exe;D:\Documents and Settings\Administrator\桌面;Probably DLOADER.Trojan;Invalid path to file ;
003.exe\data001;D:\Documents and Settings\Administrator\桌面\003.exe;Probably DLOADER.Trojan;;
003.exe\data006;D:\Documents and Settings\Administrator\桌面\003.exe;Trojan.DownLoad.3730;;
003.exe;D:\Documents and Settings\Administrator\桌面;Container contains infected objects;Renamed.;
003.exe;D:\Documents and Settings\Administrator\桌面;Probably DLOADER.Trojan;Invalid path to file ;

[其它] hxxp://www.zhangxiu.com(秀掌彩信)

回复 1楼 cchao21 的帖子