vencedor

336x280(권장), 300x250(권장), 250x250, 200x200 크기의 광고 코드만 넣을 수 있습니다.

http://handlers.sans.org/jclausing/userdb.txt
http://reverse-engineering-scripts.googlecode.com/files/UserDB.TXT
http://research.pandasecurity.com/blogs/images/userdb.txt

https://raw.githubusercontent.com/guelfoweb/peframe/5beta/peframe/signatures/userdb.txt #

pypeid > https://github.com/libcrack/python-peid

pefile > https://github.com/erocarrera/pefile

- 내장된 peutils는 3.x버전이다. 2.x버전을 사용하기위해서는 peutils만 아래 파일로 import

- python 2.7 > https://github.com/hiddenillusion/AnalyzePE/blob/master/peutils.py

저작자표시

'Analysis > Malware' 카테고리의 다른 글

IE9 호환성보기 목록 (0)	2016.08.03
Packed.Dropper.PE (0)	2016.07.27
[로컬 백도어] Image file execution option (0)	2016.06.21
GenPack:Trojan.Generic (0)	2016.06.21
CryptXXX Decryptor (0)	2016.06.21

336x280(권장), 300x250(권장), 250x250, 200x200 크기의 광고 코드만 넣을 수 있습니다.

IP Address (IPv4)

^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$

IP Address (IPv6)

^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$

IP Address (both)

^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)|(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$

E-MAIL

^[\\w!#$%&’*+/=?\`{|}~^-]+(?:\\.[!#$%&’*+/=?\`{|}~^-])+)*@(?:[A-Z0-9-]+\\.)+[A-z]{2,6}$

Postal address

[a-zA-Z\d\s\-\,\#\.\+]+

Zip Code

  
^\d{5,6}(?:[-\s]\d{4})?$

Credit Card Number

^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11})$

(USA) Social Security Number

^\d{3}-\d{2}-\d{4}$

North American Phone Number

^(?:(?:\+?1\s*(?:[.-]\s*)?)?(?:\(\s*([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9])\s*\)|([2-9]1[02-9]|[2-9][02-8]1|[2-9][02-8][02-9]))\s*(?:[.-]\s*)?)?([2-9]1[02-9]|[2-9][02-9]1|[2-9][02-9]{2})\s*(?:[.-]\s*)?([0-9]{4})(?:\s*(?:#|x\.?|ext\.?|extension)\s*(\d+))?$

E-MAIL

^[\\w!#$%&’*+/=?\`{|}~^-]+(?:\\.[!#$%&’*+/=?\`{|}~^-])+)*@(?:[A-Z0-9-]+\\.)+[A-z]{2,6}$

저작자표시

'Common knowledge' 카테고리의 다른 글

썬더버드 백업 (0)	2016.08.23
Avira Cli Scan (0)	2016.07.28
C++ warning C4018 해결 (0)	2016.07.26
C++ warning C4996: 'mbstowcs' 해결 (0)	2016.07.26
C++ 클래스 변수 사용 (0)	2016.07.26

336x280(권장), 300x250(권장), 250x250, 200x200 크기의 광고 코드만 넣을 수 있습니다.

packed.zip

악성코드 정보.1
- 종류 : Packed.Backdoor.PE(1)
- md5 : 259c82d6db2883dd135c87b0feb44069

   ☞ 악성코드의 C&C 접속
     - IP: 190.185.124.125, Port:443
     - IP: 202.137.244.198, Port:443
     - IP: 220.132.191.110, Port:443

악성코드 정보.2
- 종류 : Packed.Dropper.PE
- md5 : 036bae8dd72bd70761960a90ea631ff1

☞ 악성코드 드랍경로
- %USERPROFILE%\AppData\Local\\Microsoft\Office\15.0\msoia.exe /update

- 종류 : Packed.Backdoor.PE(2)
- md5 : 133a436ddb128520d5061e020f09cb16

☞ 드랍된 악성코드 복제경로

- %USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\IECompatData\ielowutil.exe /autostart

- 종류 : Packed.Backdoor.PE(2)
- md5 : 133a436ddb128520d5061e020f09cb16

   ☞ 드랍된 악성코드의 C&C 접속
     - IP: 190.185.124.125, Port:443
     - IP: 202.137.244.198, Port:443
     - IP: 220.132.191.110, Port:443

저작자표시

'Analysis > Malware' 카테고리의 다른 글

IE9 호환성보기 목록 (0)	2016.08.03
PEiD Signatures (0)	2016.07.28
[로컬 백도어] Image file execution option (0)	2016.06.21
GenPack:Trojan.Generic (0)	2016.06.21
CryptXXX Decryptor (0)	2016.06.21

vencedor

PEiD Signatures

'Analysis > Malware' 카테고리의 다른 글

IP주소 정규식 패턴

'Common knowledge' 카테고리의 다른 글

Packed.Dropper.PE

'Analysis > Malware' 카테고리의 다른 글

+ Recent posts

티스토리툴바