-
-
[求助]还是病毒特征码,看不懂什么意思。请教
-
发表于: 2009-3-24 15:31
-
将各类病毒库中的特征码贴出一部分,大家看看什么意思啊
比如说:
d1ef8a0e477570ad39f4667129400b05:1598056:Submission 21770
中冒号隔开的最后一个应该是木马的名字吧,那么前面的两段呢?
下面这个呢?
14200:917cb8a3d1d9eb24af6c5bcf3bf7e401:Trojan.Downloader-1420
请知道的挨着说下吧,谢谢了
d1ef8a0e477570ad39f4667129400b05:1598056:Submission 21770
332e5c92be38ce0f195019258c8376dc:1640013:Submission 22475
71d934fdf522c4227485716b0413c7be:55296:Submission 23647
...
...
2401851daa0343df8ff683f730fec39:92281:Dialer-85
50338494a7482c4d00f9145eee4c75ec:73361:Dialer-86
dd402666999c31e1d75c309f07a4a28b:16144:Dialer-87
bf4e31f20cba91df41ea179305a6f931:110080:Joke.Avoid
1506d8c906e827acde664831a85585d3:54272:Trojan.Agent.AH-dll
6c2262556d951b8485e75091a0eca536:393728:Trojan.Banito.Plugin-1
09b1352b7c458b0b8d0cc6b9fd24788d:17408:Trojan.Banito.Plugin-2
..
..
14200:917cb8a3d1d9eb24af6c5bcf3bf7e401:Trojan.Downloader-1420
7168:a105e2cc8148158cd048360eb847c7d0:Trojan.Downloader-1421
7168:ca128383c79a56d930eb4a7ff5026e31:Trojan.Downloader-1424
355204:4af89f8d219f94462cf2f8cb8eb4c6d7:Trojan.Bancos-2053
..
..
647168:51eb4e43f24cf511e6715cc8667babcd:Trojan.Bancos-2069
83968:961ed981485cea5ab3936496966ba0d6:Worm.Gaobot-318
86016:4bed8673ab3d695c52c233306ed3f733:Worm.Gaobot-319
86016:26757990a7d11b0878b303c1e48e8724:Worm.Gaobot-320
88064:eccc2a8055560c2313d887b2c6c46e03:Worm.Gaobot-329
88064:78d1c1c095068a6c95733143034567cd:Worm.Gaobot-330
88064:8693d0e312cbc8b895455b9cd3cca500:Worm.Gaobot-331
Exploit.HTML.ObjectType
*:3c6f626a65637420747970653d222f2f2f2f2f2f2f2f2f2f2f2f
HTML.Phishing.Bank-1*:3c6d6170206e616d653d22{-36}223e3c6172656120636f6f7264733d22302c20302c20{4-12}222073686170653d22726563742220687265663d22{-160}3c2f6d61703e3c696d67207372633d226369643a
Exploit.HTML.MHTRedir.1n*:6d732d6974733a6d68746d6c3a66696c653a2f2f633a5c*21687474703a2f2f
Exploit.HTML.DragDrop*:6265686176696f723a75726c282364656661756c7423616e63686f72636c69636b293b*666f6c6465723d227368656c6c3a
HTML.Phishing.Bank-4*:7468697320656d61696c20697320666f72206e6f74696669636174696f6e206f6e6c792e20746f20636f6e746163742075732c20706c65617365206c6f6720696e746f20796f7572206163636f756e7420616e642073656e6420612062616e6b206d61696c2e203c2f7072653e
W32.MyLife.E:1:*:7a6172793230*40656d61696c2e636f6d
..
..
Worm.Padowor.A-zippwd:1:*:72767:69779:5f6f7a3f:*:1:1
Trojan.Dumador-31-zippwd-1:1:*:21008:20598:ba9f27fb:8:1:1
Worm.Kimazo.A-zippwd:1:*:75776:43733:7b3fcf13:*:1:1
Worm.Banwarum.B-zippwd:1:*:50176:43762:808ad272:*:1:1
...
0:0:000001b3:MPEG video stream:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:000001ba:MPEG sys stream:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:1f8b:GZip:CL_TYPE_ANY:CL_TYPE_GZ
0:0:23407e5e:SCRENC:CL_TYPE_ANY:CL_TYPE_SCRENC
0:0:252150532d41646f62652d:PostScript:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:425a68:BZip:CL_TYPE_ANY:CL_TYPE_BZ
0:0:446174653a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:44656c6976657265642d546f3a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:44656c69766572792d646174653a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:456e76656c6f70652d746f3a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:466f723a20:Eserv mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:46726f6d20:MBox:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:46726f6d3a20:Exim mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:474946:GIF:CL_TYPE_ANY:CL_TYPE_GRAPHICS
M:poste.it:posteitaliane.it
M:news.apple.co.jp:images.apple.com
M:l.usbank-email.com:usbank.com
M:email.etradefinancial.com:etrade.com
X:.+\.hvb\.de([/?].*)?:.+\.hypovereinsbank\.de:17-
M:email.chase.com:www.chasefrauddetector.com
M:info.searscard.com:sears.com
X:.+\.ebay\.com([/?].*)?:gotoebay\.co\.uk([/?].*)?:17-
X:.+\.usbank-email\.com([/?].*)?:.+\.usbank\.com([/?].*)?:17-
X:.+\.ebay\.(ca|com)([/?].*)?:ebay\.caorebay\.com([/?].*)?:17-
M:www.postfinance.info:www.postfinance.ch
X:.+\.ebaymotors\.com([/?].*)?:.+\.ebay\.com([/?].*)?:17-
X:.+adfarm\.mediaplex\.com([/?].*)?:.+\.ebay\.com([/?].*)?:17-
X:.+\.etradefinancial\.com([/?].*)?:(.+\.)?etrade\.com([/?].*)?:17-
M:www.deliverymail.com:media.monster.com
X:.+:.+images\.amazon\.com([/?].*)?:17-
比如说:
d1ef8a0e477570ad39f4667129400b05:1598056:Submission 21770
中冒号隔开的最后一个应该是木马的名字吧,那么前面的两段呢?
下面这个呢?
14200:917cb8a3d1d9eb24af6c5bcf3bf7e401:Trojan.Downloader-1420
请知道的挨着说下吧,谢谢了
d1ef8a0e477570ad39f4667129400b05:1598056:Submission 21770
332e5c92be38ce0f195019258c8376dc:1640013:Submission 22475
71d934fdf522c4227485716b0413c7be:55296:Submission 23647
...
...
2401851daa0343df8ff683f730fec39:92281:Dialer-85
50338494a7482c4d00f9145eee4c75ec:73361:Dialer-86
dd402666999c31e1d75c309f07a4a28b:16144:Dialer-87
bf4e31f20cba91df41ea179305a6f931:110080:Joke.Avoid
1506d8c906e827acde664831a85585d3:54272:Trojan.Agent.AH-dll
6c2262556d951b8485e75091a0eca536:393728:Trojan.Banito.Plugin-1
09b1352b7c458b0b8d0cc6b9fd24788d:17408:Trojan.Banito.Plugin-2
..
..
14200:917cb8a3d1d9eb24af6c5bcf3bf7e401:Trojan.Downloader-1420
7168:a105e2cc8148158cd048360eb847c7d0:Trojan.Downloader-1421
7168:ca128383c79a56d930eb4a7ff5026e31:Trojan.Downloader-1424
355204:4af89f8d219f94462cf2f8cb8eb4c6d7:Trojan.Bancos-2053
..
..
647168:51eb4e43f24cf511e6715cc8667babcd:Trojan.Bancos-2069
83968:961ed981485cea5ab3936496966ba0d6:Worm.Gaobot-318
86016:4bed8673ab3d695c52c233306ed3f733:Worm.Gaobot-319
86016:26757990a7d11b0878b303c1e48e8724:Worm.Gaobot-320
88064:eccc2a8055560c2313d887b2c6c46e03:Worm.Gaobot-329
88064:78d1c1c095068a6c95733143034567cd:Worm.Gaobot-330
88064:8693d0e312cbc8b895455b9cd3cca500:Worm.Gaobot-331
Exploit.HTML.ObjectType
*:3c6f626a65637420747970653d222f2f2f2f2f2f2f2f2f2f2f2fHTML.Phishing.Bank-1
*:3c6d6170206e616d653d22{-36}223e3c6172656120636f6f7264733d22302c20302c20{4-12}222073686170653d22726563742220687265663d22{-160}3c2f6d61703e3c696d67207372633d226369643aExploit.HTML.MHTRedir.1n
*:6d732d6974733a6d68746d6c3a66696c653a2f2f633a5c*21687474703a2f2fExploit.HTML.DragDrop
*:6265686176696f723a75726c282364656661756c7423616e63686f72636c69636b293b*666f6c6465723d227368656c6c3aHTML.Phishing.Bank-4
*:7468697320656d61696c20697320666f72206e6f74696669636174696f6e206f6e6c792e20746f20636f6e746163742075732c20706c65617365206c6f6720696e746f20796f7572206163636f756e7420616e642073656e6420612062616e6b206d61696c2e203c2f7072653eW32.MyLife.E:1:*:7a6172793230*40656d61696c2e636f6d
..
..
Worm.Padowor.A-zippwd:1:*:72767:69779:5f6f7a3f:*:1:1
Trojan.Dumador-31-zippwd-1:1:*:21008:20598:ba9f27fb:8:1:1
Worm.Kimazo.A-zippwd:1:*:75776:43733:7b3fcf13:*:1:1
Worm.Banwarum.B-zippwd:1:*:50176:43762:808ad272:*:1:1
...
0:0:000001b3:MPEG video stream:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:000001ba:MPEG sys stream:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:1f8b:GZip:CL_TYPE_ANY:CL_TYPE_GZ
0:0:23407e5e:SCRENC:CL_TYPE_ANY:CL_TYPE_SCRENC
0:0:252150532d41646f62652d:PostScript:CL_TYPE_ANY:CL_TYPE_IGNORED
0:0:425a68:BZip:CL_TYPE_ANY:CL_TYPE_BZ
0:0:446174653a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:44656c6976657265642d546f3a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:44656c69766572792d646174653a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:456e76656c6f70652d746f3a20:Mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:466f723a20:Eserv mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:46726f6d20:MBox:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:46726f6d3a20:Exim mail:CL_TYPE_ANY:CL_TYPE_MAIL
0:0:474946:GIF:CL_TYPE_ANY:CL_TYPE_GRAPHICS
M:poste.it:posteitaliane.it
M:news.apple.co.jp:images.apple.com
M:l.usbank-email.com:usbank.com
M:email.etradefinancial.com:etrade.com
X:.+\.hvb\.de([/?].*)?:.+\.hypovereinsbank\.de:17-
M:email.chase.com:www.chasefrauddetector.com
M:info.searscard.com:sears.com
X:.+\.ebay\.com([/?].*)?:gotoebay\.co\.uk([/?].*)?:17-
X:.+\.usbank-email\.com([/?].*)?:.+\.usbank\.com([/?].*)?:17-
X:.+\.ebay\.(ca|com)([/?].*)?:ebay\.caorebay\.com([/?].*)?:17-
M:www.postfinance.info:www.postfinance.ch
X:.+\.ebaymotors\.com([/?].*)?:.+\.ebay\.com([/?].*)?:17-
X:.+adfarm\.mediaplex\.com([/?].*)?:.+\.ebay\.com([/?].*)?:17-
X:.+\.etradefinancial\.com([/?].*)?:(.+\.)?etrade\.com([/?].*)?:17-
M:www.deliverymail.com:media.monster.com
X:.+:.+images\.amazon\.com([/?].*)?:17-
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
