文件夹病毒分析
- 发表评论
- 819 views
- A+
所属分类:技术
基本信息
- 文件名称:5f0805123f8586107daa1cfc38973e83
- MD5:5f0805123f8586107daa1cfc38973e83
- Sha-1:0078540e071161ec7f14a80a462e775d6981c804
- 文件大小:148KB
- 创建时间:2013-02-19 13:01:38
- 文件类型:EXE
火眼点评
疑似伪装文件夹病毒;设置文件属性;查找文件;拷贝自身到其他目录;创建互斥体
新毒霸点评
经新毒霸云安全中心分析,该文件存在病毒,请及时删除!
危险行为监控
- 行为描述:疑似伪装文件夹病毒 附加信息: %USERPROFILE%Local SettingsApplication DataStartupdate.exe %ProgramFiles%sample.exe sample.exe
其他行为监控
- 行为描述:创建互斥体 附加信息: "LDLLMAIN" "Shell.CMruPidlList"
- 行为描述:拷贝自身到其他目录 附加信息: %USERPROFILE%Local SettingsApplication DataStartupdate.exe
- 行为描述:查找文件 附加信息: "%USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320Rotinomsample*.*" "%USERPROFILE%Local SettingsApplication DataStartupdate.exe" "%ProgramFiles%sample"
- 行为描述:设置文件属性 附加信息: %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320 >> HIDE %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320 >> HIDE >> SYSTEM %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320 >> SYSTEM %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320Rotinom >> HIDE %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320Rotinom >> HIDE >> SYSTEM %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320Rotinom >> SYSTEM %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320dmc >> HIDE %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320dmc >> HIDE >> SYSTEM %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320dmc >> SYSTEM %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320 lsr >> HIDE %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320 lsr >> HIDE >> SYSTEM %USERPROFILE%Local SettingsApplication DataS-1-5-31-1286970278978-5713669491-166975984-320 lsr >> SYSTEM %USERPROFILE%Local SettingsApplication DataStart >> HIDE %USERPROFILE%Local SettingsApplication DataStart >> HIDE >> SYSTEM %USERPROFILE%Local SettingsApplication DataStart >> SYSTEM %ProgramFiles%sample >> HIDE %ProgramFiles%sample >> SYSTEM %ProgramFiles%sample >> HIDE >> SYSTEM
文件操作监控
操作 | 文件MD5 | 文件大小 | 文件路径 |
|---|---|---|---|
新增 | 5f0805123f8586107daa1cfc38973e83 | 151552 | %USERPROFILE%Local SettingsAppli... |
进程操作监控
- 创建进程:%ProgramFiles%sample 启动参数:无
- 新增
删除- 修改
注册表监控
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanc... [HideFileExt] = [0x00000001] [Hidden] = [0x00000002]
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell ... [Startup] = [C:Documents and SettingsAdministratorLocal SettingsApplication DataStart]
- HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUser S... [Startup] = [C:Documents and SettingsAdministratorLocal SettingsApplication DataStart]
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2014年2月6日00,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
