このページの2つのバージョン間の差分を表示します。
| 両方とも前のリビジョン 前のリビジョン | 次のリビジョン 両方とも次のリビジョン | ||
|
malware:vmsetting [2012/11/26 09:48] kikuzou |
malware:vmsetting [2012/11/27 06:07] kikuzou |
||
|---|---|---|---|
| 行 40: | 行 40: | ||
| ===== Hacker Defender rootkit ===== | ===== Hacker Defender rootkit ===== | ||
| - | * comming soon... | + | * 指定したファイル/ |
| + | * 現在は配布されていない模様 | ||
| + | * 以下設定ファイル(hide.ini)で hxdef100.exe を実行する | ||
| + | < | ||
| + | hxdef100.exe hide.ini | ||
| + | </ | ||
| + | |||
| + | < | ||
| + | [Hidden Table] | ||
| + | hxd* | ||
| + | vmu* | ||
| + | vmt* | ||
| + | vmw* | ||
| + | tools* | ||
| + | procexp* | ||
| + | ollydbg* | ||
| + | |||
| + | [Root Processes] | ||
| + | hxd* | ||
| + | vmu* | ||
| + | vmt* | ||
| + | vmw* | ||
| + | tools* | ||
| + | procexp* | ||
| + | ollydbg* | ||
| + | |||
| + | [Hidden Services] | ||
| + | HackerDefender100 | ||
| + | vmu* | ||
| + | vmt* | ||
| + | vmw* | ||
| + | procexp* | ||
| + | |||
| + | [Hidden RegKeys] | ||
| + | VMware, Inc. | ||
| + | Sysinternals | ||
| + | |||
| + | [Hidden RegValues] | ||
| + | vmu* | ||
| + | vmt* | ||
| + | vmw* | ||
| + | |||
| + | [Startup Run] | ||
| + | |||
| + | [Free Space] | ||
| + | |||
| + | [Hidden Ports] | ||
| + | |||
| + | [Settings] | ||
| + | Password=infected | ||
| + | BackdoorShell=cmd.exe | ||
| + | FileMappingName=_.-=[Hacker Defender]=-._ | ||
| + | ServiceName=HackerDefender100 | ||
| + | ServiceDisplayName=HXD Service 100 | ||
| + | ServiceDescription=NT rootkit | ||
| + | DriverName=HackerDefenderDrv100 | ||
| + | DriverFileName=hxdefdrv.sys | ||
| + | |||
| + | [Comments] | ||
| + | </ | ||
| ===== 参考情報:ScoopyNG - The VMware Detection Tool ===== | ===== 参考情報:ScoopyNG - The VMware Detection Tool ===== | ||