这个网站跟http://chinalabs.com/ 应该是一个人挂的,请斑竹回答下,谢谢!
Log is generated by FreShow.
[wide]http://www.desktx.com/
[script]http://www.desktx.com/templates/pc/indexflash.js
[script]http://drmcmm.baidu.com/js/m.js
[script]http://pagead2.googlesyndication.com/pagead/show_sdo.js
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[script]http://a.alimama.cn/inf.js
[script]http://www.desktx.com/d/js/acmsd/thea30.js
[frame]http://qwqw4.3322.org:8800/ak47/21.html
[frame]http://qwqw4.3322.org:8800/ak47/../b46/21/index.html
[frame]http://qwqw4.3322.org:8800/ak47/../b46/21/qc.html
[script]http://qwqw4.3322.org:8800/ak47/../b46/21/rl.jpg
[script]http://qwqw4.3322.org:8800/ak47/../b46/21/y1.jpg
[script]http://qwqw4.3322.org:8800/ak47/../b46/21/tl.jpg
[script]http://qwqw4.3322.org:8800/ak47/\"http://js.tongji.linezing.com/1561662/tongji.js\"
[script]http://qwqw4.3322.org:8800/ak47/\"http://js.tongji.linezing.com/1530019/tongji.js\"
[script]http://js.users.51.la/3652813.js
[script]http://s61.cnzz.com/stat.php?id=1819431&web_id=1819431
就是这个 [object]http://pk2b.9966.org:8800/aaaa/t3/t21.exe没找出来;
我想应该在shellcode里面,但是,经过我的分析然后把shellcode找出来了,但是两次ESC解密好象不成,找不到木马的下载地址,