首页
社区
课程
招聘
[求助]还是病毒特征码,看不懂什么意思。请教
发表于: 2009-3-24 15:31 7983

[求助]还是病毒特征码,看不懂什么意思。请教

2009-3-24 15:31
7983
将各类病毒库中的特征码贴出一部分,大家看看什么意思啊

比如说:
d1ef8a0e477570ad39f4667129400b05:1598056:Submission 21770
中冒号隔开的最后一个应该是木马的名字吧,那么前面的两段呢?
下面这个呢?
14200:917cb8a3d1d9eb24af6c5bcf3bf7e401:Trojan.Downloader-1420

请知道的挨着说下吧,谢谢了

d1ef8a0e477570ad39f4667129400b05:1598056:Submission 21770

332e5c92be38ce0f195019258c8376dc:1640013:Submission 22475

71d934fdf522c4227485716b0413c7be:55296:Submission 23647

...
...
2401851daa0343df8ff683f730fec39:92281:Dialer-85

50338494a7482c4d00f9145eee4c75ec:73361:Dialer-86

dd402666999c31e1d75c309f07a4a28b:16144:Dialer-87

bf4e31f20cba91df41ea179305a6f931:110080:Joke.Avoid

1506d8c906e827acde664831a85585d3:54272:Trojan.Agent.AH-dll

6c2262556d951b8485e75091a0eca536:393728:Trojan.Banito.Plugin-1

09b1352b7c458b0b8d0cc6b9fd24788d:17408:Trojan.Banito.Plugin-2
..
..
14200:917cb8a3d1d9eb24af6c5bcf3bf7e401:Trojan.Downloader-1420

7168:a105e2cc8148158cd048360eb847c7d0:Trojan.Downloader-1421

7168:ca128383c79a56d930eb4a7ff5026e31:Trojan.Downloader-1424

355204:4af89f8d219f94462cf2f8cb8eb4c6d7:Trojan.Bancos-2053

..
..
647168:51eb4e43f24cf511e6715cc8667babcd:Trojan.Bancos-2069

83968:961ed981485cea5ab3936496966ba0d6:Worm.Gaobot-318

86016:4bed8673ab3d695c52c233306ed3f733:Worm.Gaobot-319

86016:26757990a7d11b0878b303c1e48e8724:Worm.Gaobot-320

88064:eccc2a8055560c2313d887b2c6c46e03:Worm.Gaobot-329

88064:78d1c1c095068a6c95733143034567cd:Worm.Gaobot-330

88064:8693d0e312cbc8b895455b9cd3cca500:Worm.Gaobot-331

Exploit.HTML.ObjectType*:3c6f626a65637420747970653d222f2f2f2f2f2f2f2f2f2f2f2f

HTML.Phishing.Bank-1*:3c6d6170206e616d653d22{-36}223e3c6172656120636f6f7264733d22302c20302c20{4-12}222073686170653d22726563742220687265663d22{-160}3c2f6d61703e3c696d67207372633d226369643a

Exploit.HTML.MHTRedir.1n*:6d732d6974733a6d68746d6c3a66696c653a2f2f633a5c*21687474703a2f2f

Exploit.HTML.DragDrop*:6265686176696f723a75726c282364656661756c7423616e63686f72636c69636b293b*666f6c6465723d227368656c6c3a

HTML.Phishing.Bank-4*:7468697320656d61696c20697320666f72206e6f74696669636174696f6e206f6e6c792e20746f20636f6e746163742075732c20706c65617365206c6f6720696e746f20796f7572206163636f756e7420616e642073656e6420612062616e6b206d61696c2e203c2f7072653e

W32.MyLife.E:1:*:7a6172793230*40656d61696c2e636f6d

..
..
Worm.Padowor.A-zippwd:1:*:72767:69779:5f6f7a3f:*:1:1

Trojan.Dumador-31-zippwd-1:1:*:21008:20598:ba9f27fb:8:1:1

Worm.Kimazo.A-zippwd:1:*:75776:43733:7b3fcf13:*:1:1

Worm.Banwarum.B-zippwd:1:*:50176:43762:808ad272:*:1:1

...
0:0:000001b3:MPEG video stream:CL_TYPE_ANY:CL_TYPE_IGNORED

0:0:000001ba:MPEG sys stream:CL_TYPE_ANY:CL_TYPE_IGNORED

0:0:1f8b:GZip:CL_TYPE_ANY:CL_TYPE_GZ

0:0:23407e5e:SCRENC:CL_TYPE_ANY:CL_TYPE_SCRENC

0:0:252150532d41646f62652d:PostScript:CL_TYPE_ANY:CL_TYPE_IGNORED

0:0:425a68:BZip:CL_TYPE_ANY:CL_TYPE_BZ

0:0:446174653a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL

0:0:44656c6976657265642d546f3a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:44656c69766572792d646174653a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:456e76656c6f70652d746f3a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:466f723a20:Eserv mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:46726f6d20:MBox:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:46726f6d3a20:Exim mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:474946:GIF:CL_TYPE_ANY:CL_TYPE_GRAPHICS

M:poste.it:posteitaliane.it

M:news.apple.co.jp:images.apple.com

M:l.usbank-email.com:usbank.com

M:email.etradefinancial.com:etrade.com

X:.+\.hvb\.de([/?].*)?:.+\.hypovereinsbank\.de:17-

M:email.chase.com:www.chasefrauddetector.com

M:info.searscard.com:sears.com

X:.+\.ebay\.com([/?].*)?:gotoebay\.co\.uk([/?].*)?:17-

X:.+\.usbank-email\.com([/?].*)?:.+\.usbank\.com([/?].*)?:17-

X:.+\.ebay\.(ca|com)([/?].*)?:ebay\.caorebay\.com([/?].*)?:17-

M:www.postfinance.info:www.postfinance.ch

X:.+\.ebaymotors\.com([/?].*)?:.+\.ebay\.com([/?].*)?:17-

X:.+adfarm\.mediaplex\.com([/?].*)?:.+\.ebay\.com([/?].*)?:17-

X:.+\.etradefinancial\.com([/?].*)?:(.+\.)?etrade\.com([/?].*)?:17-

M:www.deliverymail.com:media.monster.com

X:.+:.+images\.amazon\.com([/?].*)?:17-

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (4)
雪    币: 109
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
像是Clamav的东西啊!
2009-3-24 16:40
0
雪    币: 100
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
是Clamav的。
2009-3-26 11:01
0
雪    币: 109
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
d1ef8a0e477570ad39f4667129400b05:1598056:Submission 21770
d1ef8a0e477570ad39f4667129400b05是特征码,就是病毒里面的2进制码。1598056可能是文件长度,也可能是特征号,就是计数特征的数字。Submission 21770就是病毒名。。。猜的哈!
2009-3-26 14:51
0
雪    币: 109
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
Worm.Padowor.A-zippwd:1:*:72767:69779:5f6f7a3f:*:1:1
Worm.Padowor.A-zippwd应该是病毒名。1代表的文件类型,或者字符串偏移。72767:69779:5f6f7a3f:*:1:1应该是病毒特征,里面有通配符。。。。。。
2009-3-26 14:55
0
游客
登录 | 注册 方可回帖
返回
//