jks_风 - 2010-7-18 11:46:00
Log is generated by FreShow.
[wide]http://bbs.522shop.com/thread-44882-1-1.html
[script]http://bbs.522shop.com/forumdata/cache/common.js?eeM
[script]http://60.190.236.11:8000/stat.js?ad_sjwjw_670X80
[frame]http://36005.7766.org:6677/a/ads.html
[object]http://232oau.3322.org:6677/a/mc.mdb
[frame]http://36005.7766.org:6677/a/ads.html
[frame]http://36005.7766.org:6677/a/ads.html
[frame]http://36005.7766.org:6677/a/ads.html
[frame]http://36005.7766.org:6677/a/ads.html
[frame]http://36005.7766.org:6677/a/ads.html
[frame]http://36005.7766.org:6677/a/ads.html
[frame]http://36005.7766.org:6677/a/ads.html
[frame]http://36005.7766.org:6677/a/ads.html
[frame]http://36005.7766.org:6677/a/ads.html
[script]http://bbs.522shop.com/forumdata/cache/viewthread.js?eeM
[script]http://count34.51yes.com/click.aspx?id=340800901&logo=9
[frame]http://count34.51yes.com/sa.aspx?id=340800901'+yesdata+'
MDB不是数据库吗?:kaka8:
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
学习解密 - 2010-7-18 19:03:00
默认下载以后以exe运行
可以说后缀随便写..........
是昔流芳 - 2010-7-21 11:45:00
jks_风 - 2010-7-22 13:50:00
大致是……shellcode用URLDownloadToFileA URLDownloadToCacheFileA下载木马的多 URLDownloadToFileA是可以重新指定本地保存文件名的 即使本地扩展名不是.exe 用shellcode常用的WinExec还是可以当成exe执行的
貌似shellcode这个还要多多学习:kaka5:
© 2000 - 2024 Rising Corp. Ltd.