精睿论坛样本测试（08.01）

显示全部楼层 · 发表于 2012-8-1 11:56:50

样本地址：电信下载联通下载

（多线程，无限速，推荐使用IDM全速下载）

样本密码：芳林新叶催陈叶，流水前波让后波。
样本数量：50

显示全部楼层 · 发表于 2012-8-1 11:58:01

本帖最后由 hx1997 于 2012-8-1 12:39 编辑

ESET killed 43×, missed 7×.

To ESET.

P.S. BillLab-23.vc52 is corrupted due to hash change, and won't pass the installer integrity check. After fixing it, ESET can now detect it as below:
C:\Users\Gateway\Desktop\vc520801\BillLab-23.vc52 » SMARTINSTALLMAKER » sim.cab » CAB » 1 - Win32/Bicololo.A trojan

Scan Log
Version of virus signature database: 7344 (20120731)
Date: 2012/8/1 Time: 11:59:34
Scanned disks, folders and files: C:\Users\Gateway\Desktop\vc520801
C:\Users\Gateway\Desktop\vc520801\BillLab-0.vc52 - a variant of Win32/PSW.OnLineGames.QBT trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-1.vc52 - Win32/AutoRun.IRCBot.FC worm - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-10.vc52 - a variant of Win32/VB.NQR trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-11.vc52 » UPX v13_m8 » AUTOIT » script.bin - a variant of Win32/Injector.Autoit.O trojan
C:\Users\Gateway\Desktop\vc520801\BillLab-11.vc52 » AUTOIT » script.bin - a variant of Win32/Injector.Autoit.O trojan
C:\Users\Gateway\Desktop\vc520801\BillLab-12.vc52 - a variant of Win32/Kryptik.AJEL trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-13.vc52 - a variant of Win32/InstallCore.Q potentially unwanted application - action selection postponed until scan completion
C:\Users\Gateway\Desktop\vc520801\BillLab-15.vc52 - Win32/TrojanDownloader.Zurgop.AV trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-16.vc52 - Win32/TrojanDownloader.VB.PHL trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-17.vc52 - probably a variant of Win32/Fusing.AC trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-18.vc52 - Win32/Agent.OQR trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-19.vc52 - Win32/Spy.Zbot.AAN trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-2.vc52 - a variant of Win32/ServStart.AD trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-20.vc52 - a variant of Win32/VB.QKE trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-21.vc52 - a variant of Win32/TrojanClicker.Delf.NMJ trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-22.vc52 - a variant of MSIL/Kryptik.AZ trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-23.vc52 » SMARTINSTALLMAKER - error - unknown compression method
C:\Users\Gateway\Desktop\vc520801\BillLab-24.vc52 - Win32/Spy.Zbot.AAN trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-25.vc52 - a variant of Win32/InstallCore.Q potentially unwanted application - action selection postponed until scan completion
C:\Users\Gateway\Desktop\vc520801\BillLab-27.vc52 - a variant of Win32/Kryptik.SFU trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-28.vc52 - a variant of Win32/Kryptik.AJEF trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-29.vc52 - Win32/Spy.Zbot.AAN trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-31.vc52 - Win32/Spy.Zbot.AAN trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-32.vc52 - Win32/Bifrose.NTA trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-33.vc52 - a variant of Win32/TrojanDropper.Agent.PLN trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-34.vc52 - a variant of Win32/Soft32Downloader.B potentially unwanted application - action selection postponed until scan completion
C:\Users\Gateway\Desktop\vc520801\BillLab-35.vc52 - a variant of Win32/Kryptik.AJEF trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-36.vc52 - a variant of Win32/InstallCore.AF potentially unwanted application - action selection postponed until scan completion
C:\Users\Gateway\Desktop\vc520801\BillLab-37.vc52 - a variant of Win32/Injector.TQI trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-39.vc52 - a variant of Win32/Spy.Banker.UDU trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-4.vc52 » 7ZSD » setup.exe - Win32/Adware.MultiPlug.A application
C:\Users\Gateway\Desktop\vc520801\BillLab-40.vc52 - a variant of Win32/Injector.UJU trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-41.vc52 » NSIS » Script.nsi - Win32/PSW.Agent.NTJ trojan
C:\Users\Gateway\Desktop\vc520801\BillLab-42.vc52 - a variant of Win32/VB.OBO worm - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-44.vc52 - Win32/Bancodor.NAC trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-45.vc52 - a variant of Win32/VB.NQR trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-46.vc52 - Win32/Spy.Zbot.AAN trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-47.vc52 - Win32/Spy.Bancos.OOM trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-49.vc52 » UPX v13_m8 - a variant of Win32/Injector.UJS trojan - was a part of the deleted object
C:\Users\Gateway\Desktop\vc520801\BillLab-5.vc52 - Win32/PSW.OnLineGames.PZI trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-6.vc52 - a variant of Win32/ProxyChanger.CR trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-7.vc52 - a variant of Win32/InstallCore.Q potentially unwanted application - action selection postponed until scan completion
C:\Users\Gateway\Desktop\vc520801\BillLab-8.vc52 - probably a variant of MSIL/Kryptik.BV trojan - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-9.vc52 - a variant of Win32/Adware.Kraddare.AA application - cleaned by deleting - quarantined [1]
C:\Users\Gateway\Desktop\vc520801\BillLab-13.vc52 - a variant of Win32/InstallCore.Q potentially unwanted application - deleted - quarantined
C:\Users\Gateway\Desktop\vc520801\BillLab-25.vc52 - a variant of Win32/InstallCore.Q potentially unwanted application - deleted - quarantined
C:\Users\Gateway\Desktop\vc520801\BillLab-34.vc52 - a variant of Win32/Soft32Downloader.B potentially unwanted application - deleted - quarantined
C:\Users\Gateway\Desktop\vc520801\BillLab-36.vc52 - a variant of Win32/InstallCore.AF potentially unwanted application - deleted - quarantined
C:\Users\Gateway\Desktop\vc520801\BillLab-7.vc52 - a variant of Win32/InstallCore.Q potentially unwanted application - deleted - quarantined
Number of scanned objects: 105
Number of threats found: 43
Number of cleaned objects: 43
Time of completion: 12:00:12 Total scanning time: 38 sec (00:00:38)

Notes:
[1] Object has been deleted as it only contained the virus body.

Malcide Scanner
Version - 1.0.717

Heuristics - Extreme

Scanning now...
Date - 2012/8/1 Time - 12:29:56
Targets:
C:\Users\Gateway\Desktop\vc520801

C:\Users\Gateway\Desktop\vc520801\BillLab-0.vc52 - HEUR:Win32.Virus.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-1.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-10.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-11.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-12.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-14.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-15.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-16.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-17.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-18.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-19.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-2.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-20.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-21.vc52 - AdvHEUR:Win32.Application.Gen.3
C:\Users\Gateway\Desktop\vc520801\BillLab-22.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-23.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-24.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-26.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-28.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-29.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-3.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-31.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-32.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-33.vc52 - HEUR:Win32.Virus.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-34.vc52 > UPX - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-35.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-37.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-39.vc52 - HEUR:Win32.Virus.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-4.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-40.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-41.vc52 - HEUR:Win32.Trojan-Dropper.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-42.vc52 - HEUR:Win32.Virus.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-44.vc52 - HEUR:Win32.Packed.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-45.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-46.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-47.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-48.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-49.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-5.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-6.vc52 - HEUR:Win32.Malware.Gen
C:\Users\Gateway\Desktop\vc520801\BillLab-9.vc52 - HEUR:Win32.Malware.Gen

50 objects scanned
0 errors occurred
41 threats found in 41 files

Finish time - 12:30:10
Duration - 14 seconds (00:00:14)

显示全部楼层 · 发表于 2012-8-1 11:58:33

本帖最后由阿鲁卡德于 2012-8-1 12:08 编辑

管家不开金山红伞引擎30kill
开金山红伞引擎36kill，今天成绩不给力呀······

显示全部楼层 · 发表于 2012-8-1 11:59:18

本帖最后由 crystalsong08 于 2012-8-1 12:11 编辑

A2

显示全部楼层 · 发表于 2012-8-1 12:01:46

eset

显示全部楼层 · 发表于 2012-8-1 12:02:08

本帖最后由 Dust-;羅錠于 2012-8-1 12:16 编辑

Dr.Web killed 38x：

扫描报告：
Total 22932497 bytes in 50 files scanned (102 objects)
Total 36 files (42 objects) are infected
Total 2 files are suspicious
Total 12 files (51 objects) are clean，To Dr.Web

显示全部楼层 · 发表于 2012-8-1 12:02:18

你个坏人你要毒死我啊

显示全部楼层 · 发表于 2012-8-1 12:13:34

本帖最后由 Kevin_Memo 于 2012-8-1 12:23 编辑

Trustport：
右键扫描检测到 41X：

显示全部楼层 · 发表于 2012-8-1 12:16:33

本帖最后由 tomochan 于 2012-8-1 12:18 编辑

江民2013 killed 28X

显示全部楼层 · 发表于 2012-8-1 12:21:27

你看到提醒，就猜到是你

[病毒样本] 精睿论坛样本测试（08.01）

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源