[Carbon Black] 从技术面剖析Petya勒索病毒，感染细节大公开！

达友代理的次世代端点防护品牌 Carbon Black，针对 Petya (痞踏辣) 勒索软体发表更新的威胁情资，详细解析其感染细节。

技术分析

File Size : 362,360

MD5: 71b6a493388e7d0b40c83ce903bc6b04

SHA1: 34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d

SHA256: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

Fuzzy:6144:y/Bt80VmNTBo/x95ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOs2:y/X4NTS/x9jNG+w+9OqFoK323qdQYKUG

Magic: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit

Import Hash: 52dd60b5f3c9e2f17c2e303e8c8d4eab

Compiled Time: Sun Jun 18 07:14:36 2017 UTC

PE Sections (5): Name       Size       MD5

                 .text      48,640     c5bd3bb710ae377938b17980692b785b

                 .rdata     34,304     46418e52b546c1f696eb8a524f18c56e

                 .data      20,992     5216f0c62d1fd41b1d558e129e18d0fe

                 .rsrc      247,808    f07e68575f50a62382d99e182baa05d5

                 .reloc     3,584      c5d1d4cdade7dcfbe14ec10dcf66cfb1

               + 0x57000    6,008      da2b0b17905e8afae0eaca35e831be9e (Authenticode Signature)

更详尽资料请点选以下连结：Carbon Black Petya深度剖析