收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 3x
12下一页
返回列表 发新帖
查看: 5871|回复: 14
收起左侧

[病毒样本] 3x

[复制链接]
Palkia
发表于 2010-1-18 00:07:46 | 显示全部楼层 |阅读模式
晚安

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

ray1106
发表于 2010-1-18 00:13:54 | 显示全部楼层
C:\Sandbox\3r\2.exe         detected: Trojan-Downloader.Delphi!IK
回复

举报

ray1106
发表于 2010-1-18 00:18:34 | 显示全部楼层
1.exe 以服务自启动

1          1 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket\NukeOnDelete [4] = 01000000
2          2 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket\UseGlobalSettings [4] = 01000000
3          3 \Sandbox_Ray_DefaultBox\machine\software\microsoft\windows nt\currentversion\winlogon\Shell [1] = x
4          4 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\Type [4] = 10000000
5          5 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\Start [4] = 02000000
6          6 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\ErrorControl [4] = 01000000
7          7 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\DisplayName [1] = guor
8          8 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\ImagePath [1] = C:\Windows\system32\guor.exe
9          9 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\SBIE_ProcessId [4] = FFFFFFA0160000
10          10 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\SBIE_CurrentState [4] = 04000000
11          11 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\SBIE_ControlsAccepted [4] = 07000000
12          12 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\SBIE_WaitHint [4] = FFFFFFD0070000
13          13 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\guor\Description [1] = guor
14          14 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Services\SbieSvc\SandboxedServices [7] = guor
15          15 \Sandbox_Ray_DefaultBox\user\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect [4] = 01000000
16          16 \Sandbox_Ray_DefaultBox\user\current\software\classes\SymbolicLinkValue [6] = 5C00520045004700490053005400520059005C0055005300450052005C00530061006E00640062006F0078005F005200610079005F00440065006600610075006C00740042006F0078005C0075007300650072005C00630075007200720065006E0074005F0063006C0061007300730065007300
17          17 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{706c4c0e-f14b-11de-9e4f-001eeccbe07e}\NukeOnDelete [4] = 01000000
18          18 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{8a8d89fc-f07c-11de-b774-001eeccbe07e}\NukeOnDelete [4] = 01000000
19          19 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b069760c-e179-11de-9070-806d6172696f}\NukeOnDelete [4] = 01000000
20          20 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b069760d-e179-11de-9070-806d6172696f}\NukeOnDelete [4] = 01000000
21          21 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b069760e-e179-11de-9070-806d6172696f}\NukeOnDelete [4] = 01000000
22          22 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b069760f-e179-11de-9070-806d6172696f}\NukeOnDelete [4] = 01000000
23          23 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b27816ae-f42f-11de-832a-001eeccbe07e}\NukeOnDelete [4] = 01000000
24          24 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b67bcfa2-f0bf-11de-9060-001eeccbe07e}\NukeOnDelete [4] = 01000000
25          25 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess\BrowseNewProcess [1] = yes
26          26 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect [4] = 01000000
27          27 \Sandbox_Ray_DefaultBox\user\current\software\SandboxieAutoExec [3] = 31
回复

举报

ray1106
发表于 2010-1-18 00:28:41 | 显示全部楼层
2.exe

1          1 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{A626B69E-9046-405E-ABEB-E18B75251A85} [1] = Internet Explorer
2          2 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{A626B69E-9046-405E-ABEB-E18B75251A85}\DefaultIcon [1] = C:\Program Files\Internet Explorer\iexplore.exe
3          3 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{A626B69E-9046-405E-ABEB-E18B75251A85}\InProcServer32 [1] = shdocvw.dll
4          4 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{A626B69E-9046-405E-ABEB-E18B75251A85}\InProcServer32\ThreadingModel [1] = Apartment
5          5 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{A626B69E-9046-405E-ABEB-E18B75251A85}\Shell\Open\Command [1] = C:\Program Files\Internet Explorer\iexplore.exe http://www.ttkds.com/
6          6 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{DA017299-F7BB-4C8C-A1A4-7EBC8196428A} [1] = 豰漑Q
7          7 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{DA017299-F7BB-4C8C-A1A4-7EBC8196428A}\DefaultIcon [1] = C:\Program Files\WindowsGameCenter\taobao.ico
8          8 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{DA017299-F7BB-4C8C-A1A4-7EBC8196428A}\InProcServer32 [1] = shdocvw.dll
9          9 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{DA017299-F7BB-4C8C-A1A4-7EBC8196428A}\InProcServer32\ThreadingModel [1] = Apartment
10          10 \Sandbox_Ray_DefaultBox\machine\software\classes\clsid\{DA017299-F7BB-4C8C-A1A4-7EBC8196428A}\Shell\Open\Command [1] = C:\Program Files\Internet Explorer\iexplore.exe http://www.xihao.net/033/taobao.html
11          11 \Sandbox_Ray_DefaultBox\machine\software\microsoft\ole\EnableDCOM [1] = N
12          12 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\2_RASAPI32\FileTracingMask [4] = 0000FFFFFFFFFFFFFFFF
13          13 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\2_RASAPI32\ConsoleTracingMask [4] = 0000FFFFFFFFFFFFFFFF
14          14 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\2_RASAPI32\MaxFileSize [4] = 00001000
15          15 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\2_RASAPI32\FileDirectory [2] = 2500770069006E0064006900720025005C00740072006100630069006E0067000000
16          16 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\2_RASMANCS\FileTracingMask [4] = 0000FFFFFFFFFFFFFFFF
17          17 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\2_RASMANCS\ConsoleTracingMask [4] = 0000FFFFFFFFFFFFFFFF
18          18 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\2_RASMANCS\MaxFileSize [4] = 00001000
19          19 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\2_RASMANCS\FileDirectory [2] = 2500770069006E0064006900720025005C00740072006100630069006E0067000000
20          20 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\MiniGame_RASAPI32\FileTracingMask [4] = 0000FFFFFFFFFFFFFFFF
21          21 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\MiniGame_RASAPI32\ConsoleTracingMask [4] = 0000FFFFFFFFFFFFFFFF
22          22 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\MiniGame_RASAPI32\MaxFileSize [4] = 00001000
23          23 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\MiniGame_RASAPI32\FileDirectory [2] = 2500770069006E0064006900720025005C00740072006100630069006E0067000000
24          24 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\MiniGame_RASMANCS\FileTracingMask [4] = 0000FFFFFFFFFFFFFFFF
25          25 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\MiniGame_RASMANCS\ConsoleTracingMask [4] = 0000FFFFFFFFFFFFFFFF
26          26 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\MiniGame_RASMANCS\MaxFileSize [4] = 00001000
27          27 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Tracing\MiniGame_RASMANCS\FileDirectory [2] = 2500770069006E0064006900720025005C00740072006100630069006E0067000000
28          28 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket\NukeOnDelete [4] = 01000000
29          29 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket\UseGlobalSettings [4] = 01000000
30          30 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{A626B69E-9046-405E-ABEB-E18B75251A85}" [1] = Internet Exp1oer
31          31 \Sandbox_Ray_DefaultBox\machine\software\microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{DA017299-F7BB-4C8C-A1A4-7EBC8196428A}" [1] = Internet Exp1oer
32          32 \Sandbox_Ray_DefaultBox\machine\software\microsoft\windows nt\currentversion\winlogon\Shell [1] = x
33          33 \Sandbox_Ray_DefaultBox\machine\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations [7] = \??\C:\Windows\system32\runonce.vbs\??\C:\Users\Ray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runonce.vbs
34          34 \Sandbox_Ray_DefaultBox\user\current\software\classes\SymbolicLinkValue [6] = 5C00520045004700490053005400520059005C0055005300450052005C00530061006E00640062006F0078005F005200610079005F00440065006600610075006C00740042006F0078005C0075007300650072005C00630075007200720065006E0074005F0063006C0061007300730065007300
35          35 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{706c4c0e-f14b-11de-9e4f-001eeccbe07e}\NukeOnDelete [4] = 01000000
36          36 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{8a8d89fc-f07c-11de-b774-001eeccbe07e}\NukeOnDelete [4] = 01000000
37          37 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b069760c-e179-11de-9070-806d6172696f}\NukeOnDelete [4] = 01000000
38          38 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b069760d-e179-11de-9070-806d6172696f}\NukeOnDelete [4] = 01000000
39          39 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b069760e-e179-11de-9070-806d6172696f}\NukeOnDelete [4] = 01000000
40          40 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b069760f-e179-11de-9070-806d6172696f}\NukeOnDelete [4] = 01000000
41          41 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b27816ae-f42f-11de-832a-001eeccbe07e}\NukeOnDelete [4] = 01000000
42          42 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b67bcfa2-f0bf-11de-9060-001eeccbe07e}\NukeOnDelete [4] = 01000000
43          43 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess\BrowseNewProcess [1] = yes
44          44 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{871C5380-42A0-1069-A2EA-08002B30309D} [4] = 01000000
45          45 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{871C5380-42A0-1069-A2EA-08002B30309D} [4] = 01000000
46          46 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings [3] = 46000000FFFFFFA3060000090000000000000000000000000000000400000000000000FFFFFF90FFFFFFEEFFFFFFCDFFFFFFD3FFFFFF8AFFFFFF97FFFFFFCA01000000000000000000000000040000001700000000000000FFFFFFFEFFFFFF80000000000000FFFFFFF4FFFFFF8236FFFFFFE9FFFFFFF02CFFFFFF881B0B00000000000000170000000000000020010000FFFFFFCF2E30FFFFFF9620FFFFFF9F3BFFFFFFE53F57FFFFFFFEFFFFFF9900000000000000001C000000000000000000000000000000000000000000000000000000000000001700000000000000FFFFFFFEFFFFFF80000000000000FFFFFFF4FFFFFF8236FFFFFFE9FFFFFFF02CFFFFFF881B0B000000000000001700000000000000FFFFFFFEFFFFFF8000000000000020FFFFFF9F3BFFFFFFE53F57FFFFFFFEFFFFFF990D000000000000001700000000000000FFFFFFFEFFFFFF8000000000000020FFFFFF9F3BFFFFFFE53F57FFFFFFFEFFFFFF990D000000000000001C00000000000000000000000000000000000000000000000000000000000000170000000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFC0FFFFFFA80166000000000000000002000000FFFFFFC0FFFFFFA801660000000000000000000000000000000000000000000000001C00001CFFFFFFE778000040FFFFFFFD390028FFFFFFC439001A00001AFFFFFFE578000040FFFFFFFD390028FFFFFFC43900000000000000000010367B7501000000000000000000000000000000000000000000000000000000181002FFFFFFC00000000000000000000000000000000001000000170000000000000020010000FFFFFFCF2E30FFFFFF9620FFFFFF9F3BFFFFFFE53F57FFFFFFFEFFFFFF990000000000000000000000000000000000000000000000000000000000000000000000000000000008000008FFFFFF9B2D000078FFFFFF993400FFFFFFD0743300000000000000000006000006FFFFFFB554000020FFFFFF821E00FFFFFFC0FFFFFF811E00000000000000000000000000000000000000000000000000
47          47 \Sandbox_Ray_DefaultBox\user\current\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect [4] = 01000000
48          48 \Sandbox_Ray_DefaultBox\user\current\software\SandboxieAutoExec [3] = 31
回复

举报

fengzxcvb
发表于 2010-1-18 00:30:35 | 显示全部楼层
一大堆的,什么东东,
被瑞星杀了呵呵.
回复

举报

ray1106
发表于 2010-1-18 00:33:35 | 显示全部楼层
先给你来一堆垃圾 劫持ie主页 再来个脚本 每次开机在你桌面放一堆网页 还会到山东联通一个ip下载木马
衍生物





这种东西最恶心

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

dreams521
发表于 2010-1-18 00:51:12 | 显示全部楼层
开始扫描 'C:\Documents and Settings\Administrator\桌面\3r.7z'
C:\Documents and Settings\Administrator\桌面\3r.7z
  [0] 压缩文档类型: 7-Zip
    --> 1.exe
      [检测]        Is the TR/Downloader.Gen Trojan
    --> 2.exe
      [检测]        Is the TR/Dldr.Delphi.Gen Trojan
回复

举报

jason_jiang
发表于 2010-1-18 06:20:13 | 显示全部楼层
to MS
回复

举报

中邪
发表于 2010-1-18 10:43:04 | 显示全部楼层
AVG AntiVirus 9.0
"C:\Documents and Settings\Administrator\桌面\3r.7z:\1.exe";"特洛伊木马 Downloader.Generic9.AIAX";"已移至病毒库"
"C:\Documents and Settings\Administrator\桌面\3r.7z";"特洛伊木马 Downloader.Generic9.AIAX";"已移至病毒库"
回复

举报

millkiss
发表于 2010-1-18 10:45:40 | 显示全部楼层
360杀毒一个都没检测到
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2026-4-20 08:00 , Processed in 0.075146 second(s), 2 queries , Redis On.

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表