http://jiba360.3322.org/a/a1a.htm?1

显示全部楼层 · 发表于 2009-6-4 05:53:44

http://jiba360.3322.org/a/a1a.htm?1

来分析一下吧

网马地址禁止url连接

[ 本帖最后由 250662772 于 2009-6-5 16:50 编辑 ]

显示全部楼层 · 发表于 2009-6-4 08:14:13

Log is generated by FreShow.
[wide]http://jiba360.3322.org/a/a1a.htm?1
[frame]http://jiba360.3322.org/a/index.htm
      [frame]http://jiba360.3322.org/a/flash.htm
         [frame]http://jiba360.3322.org/a/iss.html
            [object]http://jiba360.3322.org/a/i115.swf
         [frame]http://jiba360.3322.org/a/fss.html
         [script]http://jiba360.3322.org/a/14.js
               [object]http://woaini23456.com/wm/14.exe
      [frame]http://jiba360.3322.org/a/a44.htm
         [script]http://jiba360.3322.org/a/14.js
            [object]http://woaini23456.com/wm/14.exe
      [frame]http://jiba360.3322.org/a/office.htm
         [script]http://jiba360.3322.org/a/of.js
            [object]http://woaini23456.com/wm/14.exe
      [frame]http://jiba360.3322.org/a/02.htm
         [script]http://jiba360.3322.org/a/set.js
            [object]http://woaini23456.com/wm/02.exe
      [frame]http://jiba360.3322.org/a/pef.pdf
         [object]http://woaini23456.com/wm/pd.exe
[script]http://jiba360.3322.org/a/\"http:\/\/js.tongji.cn.yahoo.com\/1081870\/ystat.js\"
[script]http://s56.cnzz.com/stat.php?id=1408266&web_id=1408266

[ 本帖最后由 shadowmin 于 2009-6-4 08:15 编辑 ]

显示全部楼层 · 发表于 2009-6-5 01:21:46

Miss 3,To KL

[ 本帖最后由尤金卡巴斯基于 2009-6-5 01:26 编辑 ]

显示全部楼层 · 发表于 2009-6-5 12:26:07

好像有变化，003>http://woaini23456.com/wm/pd.exe，解出这个有点难，好在还是出来了

关于:hxxp://article.pchome.net/content-770512-2.html解密的日志(全体输出 -  33):

Level  1>http://jiba360.3322.org/a/index.htm
Level  2>http://jiba360.3322.org/a/pef.pdf
Level  3>http://woaini23456.com/wm/pd.exe  ●
Level  3>http://ns.adobe.com/xap/1.0/mm
Level  3>http://purl.org/dc/elements/1.1
Level  3>http://ns.adobe.com/xap/1.0
Level  3>http://ns.adobe.com/xap/1.0/mm
Level  3>http://purl.org/dc/elements/1.1
Level  3>http://ns.adobe.com/xap/1.0
Level  2>http://jiba360.3322.org/a/02.htm
Level  3>http://jiba360.3322.org/a/set.js
Level  4>http://woaini23456.com/wm/02.exe  ●
Level  2>http://jiba360.3322.org/a/office.htm
Level  3>http://jiba360.3322.org/a/of.js
Level  4>http://woaini23456.com/wm/of.exe  ●
Level  2>http://jiba360.3322.org/a/a44.htm
Level  3>http://jiba360.3322.org/a/14.js
Level  4>http://woaini23456.com/wm/14.exe  ●
Level  2>http://jiba360.3322.org/a/flash.htm
Level  3>http://jiba360.3322.org/a/fss.html
Level  4>http://jiba360.3322.org/a/f115.swf  ●
Level  4>http://jiba360.3322.org/a/f64.swf  ●
Level  4>http://jiba360.3322.org/a/f47.swf  ●
Level  4>http://jiba360.3322.org/a/f45.swf  ●
Level  4>http://jiba360.3322.org/a/f28.swf  ●
Level  4>http://jiba360.3322.org/a/f16.swf  ●
Level  3>http://jiba360.3322.org/a/iss.html
Level  4>http://jiba360.3322.org/a/i115.swf  ●
Level  4>http://jiba360.3322.org/a/i64.swf  ●
Level  4>http://jiba360.3322.org/a/i47.swf  ●
Level  4>http://jiba360.3322.org/a/i45.swf  ●
Level  4>http://jiba360.3322.org/a/i28.swf  ●
Level  4>http://jiba360.3322.org/a/i16.swf  ●

日志由 Redoce1.9第65次修正版于 2009-6-5 12:27:29 生成。

显示全部楼层 · 发表于 2009-6-5 13:05:24

http://woaini23456.com/wm/pd.exe
不过这里面可以解出两个EXE
还有一个是
http://www.jpjspro.com/flinko.exe

[ 本帖最后由 shadowmin 于 2009-6-5 16:00 编辑 ]

显示全部楼层 · 发表于 2009-6-5 13:40:48

不会啊，解马俺是是个小菜啊

[ 本帖最后由 sxbxyh 于 2009-6-5 13:48 编辑 ]

显示全部楼层 · 发表于 2009-6-5 15:44:15

都是unescape解密的
http://jiba360.3322.org/a/i16.swf
                              http://jiba360.3322.org/a/i28.swf
      http://jiba360.3322.org/a/i45.swf
      http://jiba360.3322.org/a/i47.swf
      http://jiba360.3322.org/a/i64.swf
      http://jiba360.3322.org/a/i115.swf
http://jiba360.3322.org/a/f16.swf
                              http://jiba360.3322.org/a/f28.swf
      http://jiba360.3322.org/a/f45.swf
      http://jiba360.3322.org/a/f47.swf
      http://jiba360.3322.org/a/f64.swf
      http://jiba360.3322.org/a/f115.swf
http://woaini23456.com/wm/14.exe
http://woaini23456.com/wm/of.exe

http://jiba360.3322.org/a/pef.pdf
禁用url连接

[ 本帖最后由 250662772 于 2009-6-5 16:49 编辑 ]

显示全部楼层 · 发表于 2009-6-5 15:54:52

我就找这么多咯

显示全部楼层 · 发表于 2009-6-5 23:15:59

Hello,

02.exe_,
14.exe_,
pd.exe_ - Trojan-Dropper.Win32.Agent.atgt

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

[其它] http://jiba360.3322.org/a/a1a.htm?1

评分

回复 5楼 shadowmin 的帖子