chenjava

2008年11月30日 #

Search Sample

FirstTime>'2008-11-18' and SigID=0 and FileType!='Text' and FileType!='DLL-PE' and Comment!='Clean' and (Submitter='Symantec' or Submitter='Grisoft' or Submitter='inca' or Submitter='Arbor' or Submitter='SecureComputing' or Submitter='AhnLab')
 
FirstTime>'2008-11-11 2' and FirstTime<'2008-11-11 10:30' and FileType='EXE-PE' and SigID>'10000000' and FileSize>'20000' and FileSize<'500000' and Submitter!='chensl' and Kaspersky!='Trojan.Win32.Obfuscated.gen'
 
FirstTime>'2008-11-09' and SigID>'10000000' and FileType='EXE-PE' and FileSize>'30000' and FileSize<'100000' and Archive='' and (Pack='' or Pack like '%UPX' or Pack like '%UPack')

FirstTime>'2008-11-21' and SigID>10000000 and Kaspersky='' and Trendmicro='' and McAfee='' and Antivir='' and Symantec='' and Sophos='' and NOD32='' and Panda='' and Grisoft='' and BitDefender=''

posted @ 2008-11-30 20:34 马洲浪子 阅读(175) | 评论 (0)编辑 收藏

2008年8月29日 #

Virus分析问题

1.如果VirtualSize比SizeOfRawData小,这种情况下,数据被载入到内存的情况是怎么样的?SizeOfRawData比VirtualSize大的部分会不会被载入到内存?
 
A:试验VirtualSize比SizeOfRawData小不超过1000h时,SizeOfRawData会全部载入内存,还需要再试验超过1000h的情况
 
2.svchost跟startservice api之间有什么区别?
3.210756
205933 erwinb取了upack 0.37
215151 yuhn是如何取的
217541 Worm/Zhelatin.DDB2@mm
 yuhn取的

posted @ 2008-08-29 09:40 马洲浪子 阅读(201) | 评论 (0)编辑 收藏

仅列出标题