大佬来帮我看个软件给20金币在线等急

水水水水谁谁谁 · 发表于 2017-7-20 16:46:33

我这边下载一个cf比赛服的然后有个改白名单cf点的我不清楚是病毒还是什么
有模拟机子的大佬帮忙看下吧
我用哈勃查毒以下的
这是我查到的链接https://habo.qq.com/file/showdetail?pk=ADAGZl1oB28IOls0#process

文件名称：	CF比赛服点卷白名单.exe
MD5：	e562603cee32da087da4c551f19e2226
文件类型：	EXE
上传时间：	2017-07-20 16:36:29
出品公司：	作者QQ：249539893
版本：	8.8.8.8---8.8.8.8
壳或编译器信息：	PACKER:UPolyX v0.5

关键行为

行为描述：	探测 Virtual PC是否存在
详情信息：	N/A
行为描述：	直接调用系统关键API
详情信息：	Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x0058E4F4 Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005988B1 Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x00599457
行为描述：	尝试打开调试器或监控软件的驱动设备对象
详情信息：	\??\SICE \??\SIWVID \??\NTICE
行为描述：	获取TickCount值
详情信息：	TickCount = 218081, SleepMilliseconds = 50. TickCount = 218096, SleepMilliseconds = 50. TickCount = 218831, SleepMilliseconds = 50. TickCount = 219518, SleepMilliseconds = 50. TickCount = 219893, SleepMilliseconds = 50. TickCount = 219909, SleepMilliseconds = 50. TickCount = 219956, SleepMilliseconds = 50. TickCount = 219971, SleepMilliseconds = 50. TickCount = 220128, SleepMilliseconds = 50. TickCount = 220159, SleepMilliseconds = 50. TickCount = 220175, SleepMilliseconds = 50. TickCount = 220362, SleepMilliseconds = 50. TickCount = 220565, SleepMilliseconds = 50. TickCount = 220768, SleepMilliseconds = 50. TickCount = 220971, SleepMilliseconds = 50.
行为描述：	打开注册表_检测虚拟机相关
详情信息：	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
行为描述：	直接获取CPU时钟
详情信息：	EAX = 0xef3787e8, EDX = 0x000000b3 EAX = 0xef378834, EDX = 0x000000b3 EAX = 0xf1bf57bd, EDX = 0x000000b3 EAX = 0xf1bf5809, EDX = 0x000000b3 EAX = 0xf4725785, EDX = 0x000000b3 EAX = 0xf47257d1, EDX = 0x000000b3 EAX = 0xf472581d, EDX = 0x000000b3 EAX = 0xf4725869, EDX = 0x000000b3 EAX = 0xf47258b5, EDX = 0x000000b3 EAX = 0xf4725901, EDX = 0x000000b3
行为描述：	查找指定内核模块
详情信息：	lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动 lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述：	查找反病毒常用工具窗口
详情信息：	NtUserFindWindowEx: [Class,Window] = [OLLYDBG,] NtUserFindWindowEx: [Class,Window] = [GBDYLLO,] NtUserFindWindowEx: [Class,Window] = [pediy06,] NtUserFindWindowEx: [Class,Window] = [FilemonClass,] NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com] NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,] NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com] NtUserFindWindowEx: [Class,Window] = [RegmonClass,] NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
行为描述：	VMWare特殊指令检测虚拟机
详情信息：	N/A

进程行为

创建本地线程
枚举进程

[url=]更多>>[/url]

注册表行为

修改注册表
打开注册表_检测虚拟机相关

[url=]更多>>[/url]

其他行为

直接调用系统关键API
探测 Virtual PC是否存在
创建互斥体
创建事件对象
打开事件
打开互斥体
查找指定窗口
尝试打开调试器或监控软件的驱动设备对象
搜索kernel32.dll基地址
获取光标位置
窗口信息
调用Sleep函数
隐藏指定窗口
获取TickCount值
直接获取CPU时钟
查找指定内核模块
查找反病毒常用工具窗口
VMWare特殊指令检测虚拟机

[url=]更多>>[/url]
这个文件的下载地址http://pan.baidu.com/s/1eSf8mps

水水水水谁谁谁 · 发表于 2017-7-20 16:49:05

别沉顶顶顶顶顶！！！来人帮忙看看呗。。

cf123456 · 发表于 2017-7-20 17:00:39

文件名称：
CF比赛服点卷白名单.exe
MD5： e562603cee32da087da4c551f19e2226
文件类型： EXE
上传时间： 2017-07-20 16:36:29
出品公司：作者QQ：249539893
版本： 8.8.8.8---8.8.8.8
壳或编译器信息： PACKER:UPolyX v0.5
关键行为
行为描述：探测 Virtual PC是否存在
详情信息：
N/A
行为描述：直接调用系统关键API
详情信息：
Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x0058E4F4
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005988B1
Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x00599457
行为描述：尝试打开调试器或监控软件的驱动设备对象
详情信息：
\??\SICE
\??\SIWVID
\??\NTICE
行为描述：获取TickCount值
详情信息：
TickCount = 218081, SleepMilliseconds = 50.
TickCount = 218096, SleepMilliseconds = 50.
TickCount = 218831, SleepMilliseconds = 50.
TickCount = 219518, SleepMilliseconds = 50.
TickCount = 219893, SleepMilliseconds = 50.
TickCount = 219909, SleepMilliseconds = 50.
TickCount = 219956, SleepMilliseconds = 50.
TickCount = 219971, SleepMilliseconds = 50.
TickCount = 220128, SleepMilliseconds = 50.
TickCount = 220159, SleepMilliseconds = 50.
TickCount = 220175, SleepMilliseconds = 50.
TickCount = 220362, SleepMilliseconds = 50.
TickCount = 220565, SleepMilliseconds = 50.
TickCount = 220768, SleepMilliseconds = 50.
TickCount = 220971, SleepMilliseconds = 50.
行为描述：打开注册表_检测虚拟机相关
详情信息：
\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
行为描述：直接获取CPU时钟
详情信息：
EAX = 0xef3787e8, EDX = 0x000000b3
EAX = 0xef378834, EDX = 0x000000b3
EAX = 0xf1bf57bd, EDX = 0x000000b3
EAX = 0xf1bf5809, EDX = 0x000000b3
EAX = 0xf4725785, EDX = 0x000000b3
EAX = 0xf47257d1, EDX = 0x000000b3
EAX = 0xf472581d, EDX = 0x000000b3
EAX = 0xf4725869, EDX = 0x000000b3
EAX = 0xf47258b5, EDX = 0x000000b3
EAX = 0xf4725901, EDX = 0x000000b3
行为描述：查找指定内核模块
详情信息：
lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述：查找反病毒常用工具窗口
详情信息：
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
行为描述： VMWare特殊指令检测虚拟机
详情信息：
N/A
进程行为
行为描述：创建本地线程
详情信息：
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2644, StartAddress = 00514083, Parameter = 0056E691
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2648, StartAddress = 00514083, Parameter = 0056EF76
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2652, StartAddress = 00514083, Parameter = 005701E5
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2656, StartAddress = 00514083, Parameter = 00570C05
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2660, StartAddress = 00514083, Parameter = 00571762
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2664, StartAddress = 00514083, Parameter = 005722D1
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2668, StartAddress = 00514083, Parameter = 00572C50
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2672, StartAddress = 00514083, Parameter = 0057387B
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2676, StartAddress = 00514083, Parameter = 00575903
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2680, StartAddress = 00514083, Parameter = 00577631
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2684, StartAddress = 00514083, Parameter = 0057865F
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2688, StartAddress = 00514083, Parameter = 0057960A
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2692, StartAddress = 00514083, Parameter = 0057A5BB
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2696, StartAddress = 00514083, Parameter = 0057B74C
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2628, ThreadID = 2700, StartAddress = 00514083, Parameter = 0057C94F
行为描述：枚举进程
详情信息：
N/A
注册表行为
行为描述：修改注册表
详情信息：
\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
行为描述：打开注册表_检测虚拟机相关
详情信息：
\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__
其他行为
行为描述：直接调用系统关键API
详情信息：
Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x0058E4F4
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x005988B1
Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x00599457
行为描述：探测 Virtual PC是否存在
详情信息：
N/A
行为描述：创建互斥体
详情信息：
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.IEK
行为描述：创建事件对象
详情信息：
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.IEK.IC
EventName = MSCTF.SendReceiveConection.Event.IEK.IC
行为描述：打开事件
详情信息：
HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述：打开互斥体
详情信息：
DBWinMutex
ShimCacheMutex
行为描述：查找指定窗口
详情信息：
NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述：尝试打开调试器或监控软件的驱动设备对象
详情信息：
\??\SICE
\??\SIWVID
\??\NTICE
行为描述：搜索kernel32.dll基地址
详情信息：
Instruction Address = 0x005148ff
行为描述：获取光标位置
详情信息：
CursorPos = (80,18468), SleepMilliseconds = 50.
行为描述：窗口信息
详情信息：
Pid = 2628, Hwnd=0x10364, Text = 群171047637下载,其他是假的, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x10362, Text = 软件收费：８.８８元, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x10360, Text = 不会点我, ClassName = Button.
Pid = 2628, Hwnd=0x1035e, Text = 作者QQ：249539893 ↓快捷购买方法↓ 扫一扫右边QQ二维码付款后再上面输入QQ 一定要是你付款的QQ 不然无法识别, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x10358, Text = 等待验证, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x10350, Text = 使用必看：打开本辅助进入CF比赛服输入激活的QQ在任意模式等10分钟退到服务器列表再进入刷新即可拥有30万CF点, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x1034e, Text = 本次更新解决之前微信不能识别的问题内部辅助群：171047637 QQ扫一扫，拥有英雄武器不是梦, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x1034c, Text = 登录, ClassName = Button.
Pid = 2628, Hwnd=0x1034a, Text = 输入QQ号, ClassName = Edit.
Pid = 2628, Hwnd=0x10348, Text = 已在线:0秒, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x10346, Text = 已发送:0次, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x10344, Text = 破解点卷白名单, ClassName = _EL_Label.
Pid = 2628, Hwnd=0x20342, Text = ＣＦ比赛服破解白名单 - 等待连接, ClassName = WTWindow.
行为描述：调用Sleep函数
详情信息：
[1]: MilliSeconds = 50.
行为描述：隐藏指定窗口
详情信息：
[Window,Class] = [,Afx:400000:8]
[Window,Class] = [,_EL_Timer]
行为描述：获取TickCount值
详情信息：
TickCount = 218081, SleepMilliseconds = 50.
TickCount = 218096, SleepMilliseconds = 50.
TickCount = 218831, SleepMilliseconds = 50.
TickCount = 219518, SleepMilliseconds = 50.
TickCount = 219893, SleepMilliseconds = 50.
TickCount = 219909, SleepMilliseconds = 50.
TickCount = 219956, SleepMilliseconds = 50.
TickCount = 219971, SleepMilliseconds = 50.
TickCount = 220128, SleepMilliseconds = 50.
TickCount = 220159, SleepMilliseconds = 50.
TickCount = 220175, SleepMilliseconds = 50.
TickCount = 220362, SleepMilliseconds = 50.
TickCount = 220565, SleepMilliseconds = 50.
TickCount = 220768, SleepMilliseconds = 50.
TickCount = 220971, SleepMilliseconds = 50.
行为描述：直接获取CPU时钟
详情信息：
EAX = 0xef3787e8, EDX = 0x000000b3
EAX = 0xef378834, EDX = 0x000000b3
EAX = 0xf1bf57bd, EDX = 0x000000b3
EAX = 0xf1bf5809, EDX = 0x000000b3
EAX = 0xf4725785, EDX = 0x000000b3
EAX = 0xf47257d1, EDX = 0x000000b3
EAX = 0xf472581d, EDX = 0x000000b3
EAX = 0xf4725869, EDX = 0x000000b3
EAX = 0xf47258b5, EDX = 0x000000b3
EAX = 0xf4725901, EDX = 0x000000b3
行为描述：查找指定内核模块
详情信息：
lstrcmpiA: ntice.sys <------> ntkrnlpa.exe Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> hal.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> KDCOM.DLL Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BOOTVID.dll Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ACPI.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> WMILIB.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> pci.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> isapnp.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> compbatt.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> BATTC.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> intelide.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> PCIIDEX.SYS Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> MountMgr.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> ftdisk.sys Des: SoftICE驱动
lstrcmpiA: ntice.sys <------> dmload.sys Des: SoftICE驱动
行为描述：查找反病毒常用工具窗口
详情信息：
NtUserFindWindowEx: [Class,Window] = [OLLYDBG,]
NtUserFindWindowEx: [Class,Window] = [GBDYLLO,]
NtUserFindWindowEx: [Class,Window] = [pediy06,]
NtUserFindWindowEx: [Class,Window] = [FilemonClass,]
NtUserFindWindowEx: [Class,Window] = [,File Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [PROCMON_WINDOW_CLASS,]
NtUserFindWindowEx: [Class,Window] = [,Process Monitor - Sysinternals: www.sysinternals.com]
NtUserFindWindowEx: [Class,Window] = [RegmonClass,]
NtUserFindWindowEx: [Class,Window] = [,Registry Monitor - Sysinternals: www.sysinternals.com]
行为描述： VMWare特殊指令检测虚拟机
详情信息：
N/A
进程树
****.exe (PID: 0x00000a44)
文件分析图谱(PortEx)

运行截图

cf123456 · 发表于 2017-7-20 17:03:24

好像还要收费的

赵大爷555 · 发表于 2017-8-9 19:54:59

无毒求金币！

312321sa · 发表于 2017-8-12 08:55:19

不懂什么东东

账号		自动登录	找回密码
密码			【点我注册】

大佬来帮我看个软件 给20金币在线等急

大佬来帮我看个软件给20金币在线等急