dead.exe

显示全部楼层 · 发表于 2009-12-31 15:56:19

微点主防报未知木马

显示全部楼层 · 发表于 2009-12-31 16:04:51

本帖最后由 fatezero 于 2009-12-31 17:55 编辑

卡巴启发
HEUR:Trojan.Win32.Generic E:\download\dead.rar/dead.exe

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝
Hello,

dead.exe - Net-Worm.Win32.Koobface.cus

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

显示全部楼层 · 发表于 2009-12-31 16:08:57

显示全部楼层 · 发表于 2009-12-31 16:11:51

显示全部楼层 · 发表于 2009-12-31 16:19:38

to avira

显示全部楼层 · 发表于 2009-12-31 16:21:12

25536345  dead.rar 137.94 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename Size (Byte) Result
25536346  dead.exe  145 KB  UNDER ANALYSIS

显示全部楼层 · 发表于 2009-12-31 16:25:49

显示全部楼层 · 发表于 2009-12-31 16:29:25

回复 1# Sherry.ai

to eset

显示全部楼层 · 发表于 2009-12-31 16:57:28

[ Changes to filesystem ]
* Creates file C:\fb_reg20091231.log
* Creates file C:\Program Files\captcha.dll
* Creates file C:\windows\010112010146111103.xxe
* Creates file C:\windows\0101120101465348.xxe
* Creates file C:\windows\conf21113.dat
* Creates file C:\windows\ld16.exe
* Creates file C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt
* Creates file C:\Documents and Settings\Administrator\Cookies\administrator@google[2].txt
* Modifies file C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT
* Creates file C:\Documents and Settings\Administrator\Local Settings\Temp\zpskon_1262282006.exe
* Creates file C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF29F.tmp
* Creates file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\101LNW0T\captcha[1].htm
* Creates file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3SEXZYYE\go[1].exe
* Creates file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3SEXZYYE\v2captcha[1].exe
* Creates file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\P2N8UQPI\go19694028[1].jpg
* Creates file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R8ZYDS4F\gr.05[1].exe
* Creates file C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R8ZYDS4F\mail_google_com[1].txt

[ Changes to registry ]
* Creates value "sysldtray=C:\windows\ld16.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
* Creates value "Captcha7=rundll "C:\Program Files\captcha.dll",captcha" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run
* Deletes Registry key HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\Navigating
* Creates value "tp=1000" in key HKEY_CURRENT_USER\software\Microsoft\Internet Explorer\Main

[ Network services ]
* Looks for an Internet connection.
* Backdoor functionality on port 0.
* Connects to "64.233.189.147" on port 80.
* Connects to "67.205.74.211" on port 80.
* Connects to "195.225.236.90" on port 80.
* Connects to "127.0.0.1" on port 1901.
* Connects to "212.12.112.25" on port 80.
* Connects to "69.72.172.10" on port 80.
* Connects to "61.235.117.83" on port 80.
* Connects to "127.0.0.1" on port 1908.
* Connects to "127.0.0.1" on port 1909.
* Connects to "64.233.189.18" on port 80.
* Connects to "85.13.206.114" on port 80.
* Connects to "64.233.189.147" on port 443.
* Connects to "64.233.189.18" on port 443.
* Connects to "74.125.153.97" on port 443.
* Connects to "72.14.203.99" on port 80.
* Connects to "64.233.189.96" on port 443.

[ Process/window information ]
* Creates a mutex xx464dg433xx16.
* Creates a mutex 389dkj39dkl3405.
* Creates a mutex Global\CAPTCHA-B9129D4A-3C03-4ea5-8600-081A3FCF26FA.
* Creates a mutex {1B655094-FE2A-433c-A877-FF9793445069}.

[病毒样本] dead.exe

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源