扬子晚报网挂马
关于:hxxp://www.yangtse.com/baby/vote/css/dt100714856.html解密的日志(全体输出 - 15):
Level 0>http://www.yangtse.com/baby/vote/css/dt100714856.html
Level 1>http://www.yangtse.com/baby/vote/css/dt100714857.html
Level 1>http://www.yangtse.com/baby/vote/css/dt100714855.html
Level 1>http://www.yangtse.com/baby/vote/css/SITEMAP8.html
Level 1>http://www.yangtse.com/baby/vote/css/SITEMAP7.html
Level 1>http://www.yangtse.com/baby/vote/css/SITEMAP6.html
Level 1>http://www.yangtse.com/baby/vote/css/SITEMAP5.html
Level 1>http://www.yangtse.com/baby/vote/css/SITEMAP4.html
Level 1>http://www.yangtse.com/baby/vote/css/SITEMAP3.html
Level 1>http://www.yangtse.com/baby/vote/css/SITEMAP2.html
Level 1>http://www.yangtse.com/baby/vote/css/SITEMAP1.html
Level 1>http://a4.lvguihua.com:8081/user/inc/dt/css.png
Level 2>http://a6.lvguihua.com:8081/user/inc/dt/ie.html?哈韩
Level 3>http://a5.lvguihua.com:8081/user/inc/dt.exeLevel 1>http://player.youku.com/player.php/sid/XMTYzNjE3MDA4=/v.swf
日志由 Redoce2.1第7次修正版于 2010-8-3 11:23:38 生成。
上午没看清抱歉,exe并没有失效,但下载下来的exe文件在C32ASM下并未发现为有效PE结构,运行截图如下,也证明也证明为一损坏文件,猜测是做免杀时损坏了PE头所致