代码战争:伪装和狙杀,从“壳”到“病毒混淆器 – 8090安全门户
Tags
| attack-pattern: | Visual Basic - T1059.005 |
Common Information
| Type | Value |
|---|---|
| UUID | f300041b-c9bb-44eb-a297-6ea26a3bf7c0 |
| Fingerprint | 7042337e715a076a |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 30, 2016, midnight |
| Added to db | Jan. 19, 2023, 12:08 a.m. |
| Last updated | Dec. 2, 2024, 9:48 a.m. |
| Headline | 代码战争:伪装和狙杀,从“壳”到“病毒混淆器 |
| Title | 代码战争:伪装和狙杀,从“壳”到“病毒混淆器 – 8090安全门户 |
| Detected Hints/Tags/Attributes | 17/1/45 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://www.8090-sec.com/archives/3159 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 1 | recon2010-understaningswizzorobfuscation.pdf |
|
| Details | File | 1 | 其代码中调用了winscard.dll |
|
| Details | File | 1 | 混淆器会调用services.dll |
|
| Details | File | 2 | services.dll |
|
| Details | sha1 | 1 | 19547db17e9f04572079d07eda5005af34f79d2e |
|
| Details | sha1 | 1 | 39575163c922fa90339ce84cee6b6abd758dbc68 |
|
| Details | sha1 | 1 | 3b392eb11bdb3b1c39f30c5dca4a91ec079c342f |
|
| Details | sha1 | 1 | 82c67dd7a41ea8f50af64305ea15d9acf4bd137a |
|
| Details | sha1 | 1 | 0ffc994e247d2b108910e8bb6de3ef57439c51af |
|
| Details | sha1 | 1 | 262aad2b16408175d70d5ff9c672615f1648f770 |
|
| Details | sha1 | 1 | a8e20a4edbfc083fdeee18aa6da56d932ea35eb4 |
|
| Details | sha1 | 1 | e42c142eef15fee35361724111d7486ac5fc6ae4 |
|
| Details | sha1 | 1 | 2c28062f683a463885286db789418f28bc233a14 |
|
| Details | sha1 | 1 | acc1128f30e7cf60203bbcf76a6e03248000829a |
|
| Details | sha1 | 1 | 48f690c5a08534ad4ea49a77daad83ee07171c28 |
|
| Details | sha1 | 1 | 4daab0e43fc83397a3c0a5a1526ca6d3a9f5897d |
|
| Details | sha1 | 1 | c1944388870f76dd8ac51eaae6788d274690f779 |
|
| Details | sha1 | 1 | 0134c5a3516b2534e1a7f35053aa0da85ecc3e0b |
|
| Details | sha1 | 1 | 074da6a3bd7efa59982de255c9a95b7224ed0cc9 |
|
| Details | sha1 | 1 | 4efe62a8e41ec02acd8394cdd33f190761dc0c00 |
|
| Details | sha1 | 1 | 2ddbd1e054f2e8f71fbd3e4fe2d609add803f1f7 |
|
| Details | sha1 | 1 | 3abc54a287b2f36bfd7e0b3dc587a082a5090d7c |
|
| Details | sha1 | 1 | 3b5db8ce4095126ef183df32689b7eb1e08740aa |
|
| Details | sha1 | 1 | 01faae2e965b01978e82e12f2e6fef24b0778e50 |
|
| Details | sha1 | 1 | 08f709774d793846036be4cef883de2a450f0674 |
|
| Details | sha1 | 1 | 0980f6ccd5963855bf8885c9394f007c51c87633 |
|
| Details | sha1 | 1 | 35b1d6c19eaea0669cf5af92046648d857ce7fc3 |
|
| Details | sha1 | 1 | 93ff6f91575d4a08d20588186ea9ea7904159961 |
|
| Details | sha1 | 1 | f1e0dadba836a1e31d3142253796792e93709aa6 |
|
| Details | sha1 | 1 | 88dd9102b8a15981f03c255adb42c611341f5ea1 |
|
| Details | sha1 | 1 | a96edf881b75b2d25c0f55c2e6b1a63058811b59 |
|
| Details | sha1 | 1 | b459cecc8241ae50e54666ae996ab0505d6484d8 |
|
| Details | sha1 | 1 | 06a93a31566b2e781af61f22032c241c165acfd3 |
|
| Details | sha1 | 1 | 071a66ebe01eed93e8d48aa253b8e76c79b31ad5 |
|
| Details | sha1 | 1 | 076b81f51023a13fde5f1c39d58dda543a04cb17 |
|
| Details | sha1 | 1 | 1699ec1032ebda017ac96a6fbe58d224c2dd5aa9 |
|
| Details | sha1 | 1 | 7d980d2eb12f56f11bd9a3c0e1337e89be4c416e |
|
| Details | sha1 | 1 | 954ae75ac05e2f167aaaefe3272c8a0eae574681 |
|
| Details | sha1 | 1 | 0f8ba86000cd4a730e14f4bf1bd869fccedde7f8 |
|
| Details | sha1 | 1 | 110e5255459c756e7e4b8f59ef1b4e36cfa12bc8 |
|
| Details | sha1 | 1 | 29af93063140ab59398466a9f00398661a94555f |
|
| Details | sha1 | 1 | 072e3ae98305a34668bc68b08c5f97e8589ab04d |
|
| Details | sha1 | 1 | 0a759bbe9b31099e99570842b98b992454b9acd3 |
|
| Details | sha1 | 1 | 12aa1a435465e0904a126189b4b5d7bf5ca2cf84 |
|
| Details | Url | 1 | https://recon.cx/2010/slides/recon2010-understaningswizzorobfuscation.pdf |