test.exe

显示全部楼层 · 发表于 2010-8-8 17:47:19

http://www.virustotal.com/analis ... c2d199cd-1281257545

压缩包MD5：3D8D9554874CDFAD76A3DD859BEC2F8C

to mp

显示全部楼层 · 发表于 2010-8-8 17:49:34

to eset

http://samples.nod32.com.hk/inde ... ae4b4fab1cb10b48285

显示全部楼层 · 发表于 2010-8-8 17:50:00

to xandora(panda)

显示全部楼层 · 发表于 2010-8-8 17:51:43

网盾报过红伞

显示全部楼层 · 发表于 2010-8-8 17:53:46

显示全部楼层 · 发表于 2010-8-8 17:59:52

submit to mcafee

显示全部楼层 · 发表于 2010-8-8 18:03:32

C:\Documents and Settings\Administrator\桌面\test.rar=>test.exe Malware.QVM19.Gen 已删除

显示全部楼层 · 发表于 2010-8-8 20:18:29

To KL

显示全部楼层 · 发表于 2010-8-8 20:34:13

2010-8-8 20:30:36 创建新进程允许
进程: c:\windows\explorer.exe
目标: c:\documents and settings\xe-cj\my documents\test.exe
命令行: "C:\Documents and Settings\XE-CJ\My Documents\test.exe"
规则: [应用程序]c:\windows\explorer.exe

2010-8-8 20:30:41 创建注册表项阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Frist
规则: [注册表组]IE浏览器设置 -> [注册表]HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\*

2010-8-8 20:30:44 修改注册表值阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msm4file\shell\open\command
值: "C:\WINDOWS\Downloaded Program Files\csdnsd.exe" "%1"
规则: [注册表组]系统设置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\command

2010-8-8 20:30:47 修改注册表值阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\msm4file\shellex\ContextMenuHandlers
值:
规则: [注册表组]自动运行程序所在位置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\*

2010-8-8 20:30:49 创建文件夹允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Program Files\Internet Explorer\MUI
规则: [文件]*

2010-8-8 20:30:50 创建文件允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Program Files\Internet Explorer\MUI\iexplore.exe
规则: [文件组]所有执行文件 -> [文件]*; *.exe

2010-8-8 20:30:52 创建文件夹允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Program Files\Thunder
规则: [文件]*

2010-8-8 20:30:53 创建文件夹允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Program Files\Thunder\ComDlls
规则: [文件]*

2010-8-8 20:30:54 创建文件夹允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Program Files\Thunder\ComDlls\1143
规则: [文件]*

2010-8-8 20:30:56 创建文件允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\WINDOWS\Downloaded Program Files\csdnsd.exe
规则: [文件组]系统执行文件 -> [文件]c:\windows\*; *.exe

2010-8-8 20:30:58 创建文件允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\a.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 20:31:01 修改文件允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\a.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 20:31:04 创建文件阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\桌面\在线小游戏.url
规则: [文件组]临时目录 -> [文件]*; *.url

2010-8-8 20:31:06 修改文件允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\a.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 20:31:09 修改文件允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\a.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 20:31:12 创建文件阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\桌面\淘宝网.url
规则: [文件组]临时目录 -> [文件]*; *.url

2010-8-8 20:31:15 创建文件允许
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\b.txt
规则: [文件组]全局FD -> [文件]?:\; *.txt

2010-8-8 20:31:18 创建文件阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\桌面\Internet Explorer.msm4
规则: [文件]*

2010-8-8 20:31:21 创建文件阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.msm4
规则: [文件]*

2010-8-8 20:31:24 设置文件隐藏属性阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
规则: [文件组]临时目录 -> [文件]*; *.lnk

2010-8-8 20:31:26 创建文件阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\「开始」菜单\Internet Explorer.msm4
规则: [文件]*

2010-8-8 20:31:29 创建文件阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\「开始」菜单\程序\Internet Explorer.msm4
规则: [文件]*

2010-8-8 20:31:32 设置文件隐藏属性阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\「开始」菜单\程序\Internet Explorer.lnk
规则: [文件组]临时目录 -> [文件]*; *.lnk

2010-8-8 20:31:35 修改注册表值阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\isi7file\shell\open\command
值: "C:\WINDOWS\Downloaded Program Files\csdnsd.exe" "%1"
规则: [注册表组]系统设置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\command

2010-8-8 20:31:37 修改注册表值阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\isi7file\shellex\ContextMenuHandlers
值:
规则: [注册表组]自动运行程序所在位置 -> [注册表]HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\*

2010-8-8 20:31:40 设置文件隐藏属性阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\「开始」菜单\程序\Mozilla Firefox\Mozilla Firefox.lnk
规则: [文件组]临时目录 -> [文件]*; *.lnk

2010-8-8 20:31:42 创建文件阻止
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\「开始」菜单\程序\Mozilla Firefox\Mozilla Firefox.isi7
规则: [文件]*

2010-8-8 20:31:45 设置文件隐藏属性阻止并结束进程
进程: c:\documents and settings\xe-cj\my documents\test.exe
目标: C:\Documents and Settings\XE-CJ\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
规则: [文件组]临时目录 -> [文件]*; *.lnk

显示全部楼层 · 发表于 2010-8-8 21:13:42

to fs.

[可疑文件] test.exe

评分

浏览过的版块