是否过【360的样本】大家来共同测试

显示全部楼层 · 发表于 2011-2-25 14:59:25

回复 48楼 kmelon 的帖子

其实还有文字过360

显示全部楼层 · 发表于 2011-2-25 16:05:27

test.exe确实有修改http关联的行为,360miss

显示全部楼层 · 发表于 2011-2-25 16:09:18

回复 46楼 Tron 的帖子

我真没看到这几个东西有啥恶意行为... 你看到了么?
test.exe decaabdda93bf6bd416547a729bf4cdf
白金版TV.exe 836149b61115b748d6a6d74773a645d6
黄金版TV.exe 2be757993332f1532138dc298e423cd8

显示全部楼层 · 发表于 2011-2-25 16:27:12

星空下的吻发表于 2011-2-25 16:05
test.exe确实有修改http关联的行为,360miss

test.exe无任何恶意行为，正常文件

显示全部楼层 · 发表于 2011-2-25 16:28:02

回复 54楼 Tron 的帖子

可是貌似真的有修改行为,或许是正常的??

显示全部楼层 · 发表于 2011-2-25 16:43:20

本帖最后由 Tron 于 2011-2-25 16:49 编辑

星空下的吻发表于 2011-2-25 16:28
回复 54楼 Tron 的帖子

可是貌似真的有修改行为,或许是正常的??

你系统环境问题，下面是干净XP SP3上此EXE所有注册表写操作，全部正常

328
16:39:07.5342802
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
SUCCESS
Type: REG_SZ, Length: 160, Data: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
366
16:39:07.5658966
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Directory
SUCCESS
Type: REG_SZ, Length: 184, Data: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
371
16:39:07.5663322
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Paths
SUCCESS
Type: REG_DWORD, Length: 4, Data: 4
376
16:39:07.5667200
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CachePath
SUCCESS
Type: REG_SZ, Length: 198, Data: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1
381
16:39:07.5670999
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CachePath
SUCCESS
Type: REG_SZ, Length: 198, Data: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2
386
16:39:07.5675118
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CachePath
SUCCESS
Type: REG_SZ, Length: 198, Data: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3
391
16:39:07.5679836
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CachePath
SUCCESS
Type: REG_SZ, Length: 198, Data: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4
396
16:39:07.5683910
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1\CacheLimit
SUCCESS
Type: REG_DWORD, Length: 4, Data: 80010
401
16:39:07.5687658
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2\CacheLimit
SUCCESS
Type: REG_DWORD, Length: 4, Data: 80010
406
16:39:07.5691383
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3\CacheLimit
SUCCESS
Type: REG_DWORD, Length: 4, Data: 80010
411
16:39:07.5697361
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4\CacheLimit
SUCCESS
Type: REG_DWORD, Length: 4, Data: 80010
547
16:39:07.6785822
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
SUCCESS
Type: REG_SZ, Length: 96, Data: C:\Documents and Settings\Administrator\Cookies
573
16:39:07.6801009
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
SUCCESS
Type: REG_SZ, Length: 126, Data: C:\Documents and Settings\Administrator\Local Settings\History
2534
16:39:09.1275427
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
SUCCESS
Type: REG_SZ, Length: 106, Data: C:\Documents and Settings\All Users\Application Data
2660
16:39:09.1456391
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
SUCCESS
Type: REG_SZ, Length: 114, Data: C:\Documents and Settings\Administrator\Application Data
2671
16:39:09.1464860
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MigrateProxy
SUCCESS
Type: REG_DWORD, Length: 4, Data: 1
2704
16:39:09.1480950
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
SUCCESS
Type: REG_DWORD, Length: 4, Data: 0

2755
16:39:09.3133415
test.exe
3836
RegSetValue
HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable
SUCCESS
Type: REG_DWORD, Length: 4, Data: 0
2774
16:39:09.3144930
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
SUCCESS
Type: REG_BINARY, Length: 56, Data: 3C 00 00 00 88 00 00 00 01 00 00 00 00 00 00 00
2819
16:39:09.3171372
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
SUCCESS
Type: REG_DWORD, Length: 4, Data: 1
2824
16:39:09.3175804
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
SUCCESS
Type: REG_DWORD, Length: 4, Data: 1
2829
16:39:09.3179980
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
SUCCESS
Type: REG_DWORD, Length: 4, Data: 1
2883
16:39:09.3233999
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
SUCCESS
Type: REG_DWORD, Length: 4, Data: 1
2888
16:39:09.3238679
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
SUCCESS
Type: REG_DWORD, Length: 4, Data: 1
2893
16:39:09.3243495
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
SUCCESS
Type: REG_DWORD, Length: 4, Data: 1
4921
16:39:10.4163985
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
SUCCESS
Type: REG_SZ, Length: 144, Data: C:\Documents and Settings\Administrator\Local Settings\Application Data
7125
16:39:11.6730265
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c620efc5-c499-11de-9108-806d6172696f}\BaseClass
SUCCESS
Type: REG_SZ, Length: 12, Data: Drive
7136
16:39:11.6743296
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9b41d08-c45a-11de-acbd-000c29ab9a2c}\BaseClass
SUCCESS
Type: REG_SZ, Length: 12, Data: Drive
7147
16:39:11.6759474
test.exe
3836
RegSetValue
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c620efc2-c499-11de-9108-806d6172696f}\BaseClass
SUCCESS
Type: REG_SZ, Length: 12, Data: Drive
20418
16:40:20.4526428
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
SUCCESS
Type: REG_SZ, Length: 18, Data: test.exe
20423
16:40:20.4533066
test.exe
3836
RegSetValue
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
SUCCESS
Type: REG_DWORD, Length: 4, Data: 1295470379

显示全部楼层 · 发表于 2011-2-25 16:43:32

test被sonar杀，白金版可以正常看电视，虚拟光驱功能正常，两个黄金版触发数据执行保护（DEP）被系统关闭

显示全部楼层 · 发表于 2011-2-25 16:53:19

wjcharles 发表于 2011-2-25 16:43
test被sonar杀，白金版可以正常看电视，虚拟光驱功能正常，两个黄金版触发数据执行保护（DEP）被系统关闭[: ...

诺顿误报得很开心

显示全部楼层 · 发表于 2011-2-25 17:11:25

Tron 发表于 2011-2-25 16:53
诺顿误报得很开心

这算小意思了，我估计诺顿对keygen之类的查杀率比病毒还高

[讨论] 是否过【360的样本】大家来共同测试

评分