HEUR.Trojan.Win32.Generic木马分析- 『病毒分析区』 | heur病毒
0x00 ϵõ˸HEURľһʼΪDzɵɵҲ֪ɱ£ֱ˳ķȥˣдƪӣ¼˼·ŷPoner˵ûжΪǼעᣬϸ£©ˣ֮Himily˵ľװḶ́ľʵû䡱ᰮһļͥڴ˸лᰮлPonerУHimilyеָлmortalboold̳ѵİ0x10ļƣHEUR.TrojanļС21kbľƣHEUR.Trojan.Win32.GenericMD5949ea65730aef6b36222dc4c8104b295Sha-1:a4b88d6f840c0189b1aa4d24b69e4e4104c2a356CRC32149F71370x20Ϊ0x21UPXȲǣUPXѹǣΪܼѿ[1]ֱOD0x22ڵݶջƽԭֱڵ㡣0x23·ȡҵڵһһߣֻȡ˳ĵǰ·һѭѸ·һַһַĴssĴ0x30£↑ʼ˹ؼcallȥ֮ڵú0x31ȡַǿʼȡ˹رעĵַ±repstosԶջνһγʼ0x32·洢õע··浽ַ0x0012FC500x33עҪעƣڰӳһַѹַǰǺҪ0x34Խcallȥ֮һεĻȡĵֱַ0x35·ȽȡC:WINDOWS·һжϣѸ·͵ǰ·Ƚϣ·ִͬΣͬΣǿʼͷexeļ¡0x36ϵͳŵ6һĺúϵͳgetTickcoun...
0x00ϵõ˸HEURľһʼΪDzɵɵҲ֪ɱ£ֱ˳ķȥˣдƪӣ¼˼·ŷPoner˵ûжΪǼעᣬϸ£©ˣ֮Himily˵ľװḶ́ľʵû䡱ᰮһļͥڴ˸лᰮлPonerУHimilyеָл mortalboold̳ѵİ
0x10ļƣHEUR.Trojan
ļС21kb
ľƣHEUR.Trojan.Win32.Generic
MD5949ea65730aef6b36222dc4c8104b295
Sha-1:a4b88d6f840c0189b1aa4d24b69e4e4104c2a356
CRC32149F7137
0x20 Ϊ 0x21 UPXȲǣUPXѹǣΪܼѿ[1]ֱOD
0x22 ڵݶջƽԭֱڵ㡣
0x23 ·ȡҵڵһһߣ ֻȡ˳ĵǰ·һѭѸ·һַһַĴssĴ
0x30£↑ʼ˹ؼcallȥ֮ڵú
0x31 ȡַǿʼȡ˹رעĵַ±rep stosԶջνһγʼ
0x32 ·洢õע··浽ַ0x0012FC50
0x33 עҪעƣڰӳһַѹַǰǺҪ
0x34 Խcallȥ֮һεĻȡĵַ
ֱ
0x35 ·ȽȡC:WINDOWS·һжϣѸ·͵ǰ·Ƚϣ·ִͬΣͬΣǿʼͷexeļ¡
0x36 ϵͳŵ6һĺúϵͳgetTickcountĿľΪ˻ȡһַ6ַΪͷŵļ
0x37 ļڻȡ·ͷŵĿִļ
ִг£
0x38 עϱͷļϺſʼעͼʮǴעǿԿעһЩֵimagepathstartstart=2ġ
ע
0x39 ݿɺסݿ⣬ӦǷֹʣ÷ּһϢûʲôãһfailureactionǣDZ֮ж
ע
ɺ,description...