之前一直在用这个版本的thunder,sav也没有报告病毒。
文件 Thunder.exe 接收于 2009.05.05 13:31:02 (CET)
反病毒引擎 | 版本 | 最后更新 | 扫描结果 | a-squared | 4.0.0.101 | 2009.05.05 | Win32.HLLW.Autoruner.2060!IK | AhnLab-V3 | 5.0.0.2 | 2009.05.05 | - | AntiVir | 7.9.0.160 | 2009.05.05 | - | Antiy-AVL | 2.0.3.1 | 2009.05.05 | - | Authentium | 5.1.2.4 | 2009.05.04 | W32/Dropper.ZZR | Avast | 4.8.1335.0 | 2009.05.04 | - | AVG | 8.5.0.327 | 2009.05.05 | - | BitDefender | 7.2 | 2009.05.05 | - | CAT-QuickHeal | 10.00 | 2009.05.05 | - | ClamAV | 0.94.1 | 2009.05.05 | - | Comodo | 1149 | 2009.05.03 | Unclassified Malware | DrWeb | 5.0.0.12182 | 2009.05.05 | - | eSafe | 7.0.17.0 | 2009.05.05 | - | eTrust-Vet | 31.6.6490 | 2009.05.05 | - | F-Prot | 4.4.4.56 | 2009.05.04 | W32/Dropper.ZZR | F-Secure | 8.0.14470.0 | 2009.05.05 | - | Fortinet | 3.117.0.0 | 2009.05.05 | - | GData | 19 | 2009.05.05 | - | Ikarus | T3.1.1.49.0 | 2009.05.05 | Win32.HLLW.Autoruner.2060 | K7AntiVirus | 7.10.723 | 2009.05.04 | Trojan-Dropper.Win32.Agent | Kaspersky | 7.0.0.125 | 2009.05.05 | - | McAfee | 5605 | 2009.05.04 | potentially unwanted program Generic PUP | McAfee+Artemis | 5605 | 2009.05.04 | potentially unwanted program Generic PUP | McAfee-GW-Edition | 6.7.6 | 2009.05.05 | - | Microsoft | 1.4602 | 2009.05.05 | - | NOD32 | 4053 | 2009.05.05 | - | Norman | 6.01.05 | 2009.05.04 | - | nProtect | 2009.1.8.0 | 2009.05.04 | - | Panda | 10.0.0.14 | 2009.05.04 | - | PCTools | 4.4.2.0 | 2009.05.03 | - | Prevx1 | 3.0 | 2009.05.05 | High Risk Worm | Prevx1 | V2 | 2009.05.05 | High Risk Worm | Rising | 21.28.12.00 | 2009.05.05 | - | Sophos | 4.41.0 | 2009.05.05 | Mal/PWS-Fam | Sunbelt | 3.2.1858.2 | 2009.05.05 | - | Symantec | 1.4.4.12 | 2009.05.05 | Trojan Horse | TheHacker | 6.3.4.1.318 | 2009.05.04 | - | TrendMicro | 8.950.0.1092 | 2009.05.05 | - | VBA32 | 3.12.10.4 | 2009.05.05 | Win32.HLLW.Autoruner.2060 | ViRobot | 2009.5.4.1719 | 2009.05.04 | - | VirusBuster | 4.6.5.0 | 2009.05.04 | - |
| 附加信息 | File size: 45056 bytes | MD5...: 04a62742f5091b3477c2c76ec71e52ac | SHA1..: d15f8272ab77c77b418a0048979918f53c4e298b | SHA256: 00f05ed9a6ac19b074cffb1f0e695d5c4c0aede8a0fb4555abe43972efcfb41b | SHA512: 8c38d5071e26823d755395bb848e7d2ca4469d3d60b73e61c27f930aaaaebe53<BR>ced30fb4da8328f9a878349a16ecd9b9601d183d2e30d088188290bcaccabd58 | ssdeep: 384:/9mUuu7nkK/v0hs1kU1Hc3AYP4Ni1Qs5UdI+4yLw4yfh4yyseLjR:EuLkqch<BR>s1u39wU/UJo1yPL1<BR> | PEiD..: Armadillo v1.71 | TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) | PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2b60<BR>timedatestamp.....: 0x48153b56 (Mon Apr 28 02:49:58 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2031 0x3000 4.62 af775642c8ec7814d9487516d2869972<BR>.rdata 0x4000 0x12d8 0x2000 4.09 c6682bfa32cc4015e94373e80be5f7c7<BR>.data 0x6000 0x2a0 0x1000 0.69 3b6b65e87d1cfb039904611ad77e2393<BR>.rsrc 0x7000 0x3388 0x4000 3.76 9e27d4998746b22e17c345bf920e1d19<BR><BR>( 6 imports ) <BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, __getmainargs, _mbsrchr, _initterm, __setusermatherr, __p___argc, __p___argv, _mbsnbicmp, strlen, memset, memcpy, __CxxFrameHandler, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _setmbcp, _controlfp<BR>> KERNEL32.dll: TerminateProcess, Sleep, OpenFileMappingA, GetCommandLineA, SetEvent, OpenEventA, ReleaseMutex, CreateMutexA, SetPriorityClass, GetCurrentProcess, OpenProcess, GetProcAddress, GetSystemTime, GetModuleHandleA, GetStartupInfoA, CloseHandle, CreateToolhelp32Snapshot, Process32First, Process32Next, GetLastError, UnmapViewOfFile, GetModuleFileNameA, MapViewOfFile<BR>> USER32.dll: IsIconic, ShowWindow, GetLastActivePopup, GetForegroundWindow, GetWindowThreadProcessId, BringWindowToTop, SetForegroundWindow, SystemParametersInfoA, SetFocus, GetDesktopWindow, PostMessageA, IsWindow, IsWindowVisible, AttachThreadInput, RegisterWindowMessageA, SendMessageA<BR>> SHELL32.dll: ShellExecuteA<BR>> MSVCP60.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z<BR><BR>( 0 exports ) <BR> | PDFiD.: - | RDS...: NSRL Reference Data Set<BR>- | ThreatExpert info: <A href="http://www.threatexpert.com/report.aspx?md5=04a62742f5091b3477c2c76ec71e52ac" target=_blank>http://www.threatexpert.com/repo ... c76ec71e52ac</A> | CWSandbox info: <A href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=04a62742f5091b3477c2c76ec71e52ac" target=_blank>http://research.sunbelt-software ... c76ec71e52ac</A> | <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=651A9B1E00D0AC3BB04300A0A4A6FF003FE40BD5" target=_blank>http://info.prevx.com/aboutprogr ... FF003FE40BD5</A> | Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=651A9B1E00D0AC3BB04300A0A4A6FF003FE40BD5" target=_blank>http://info.prevx.com/aboutprogr ... FF003FE40BD5</A> | <table border="1"><tr><td colspan="4">文件 Thunder.exe 接收于 2009.05.05 13:31:02 (CET)</td></tr><tr><td>反病毒引擎</td><td>版本</td><td>最后更新</td><td>扫描结果</td</tr><tr><td>a-squared</td><td>4.0.0.101</td><td>2009.05.05</td><td style="color: red;">Win32.HLLW.Autoruner.2060!IK</td</tr><tr><td>AhnLab-V3</td><td>5.0.0.2</td><td>2009.05.05</td><td>-</td</tr><tr><td>AntiVir</td><td>7.9.0.160</td><td>2009.05.05</td><td>-</td</tr><tr><td>Antiy-AVL</td><td>2.0.3.1</td><td>2009.05.05</td><td>-</td</tr><tr><td>Authentium</td><td>5.1.2.4</td><td>2009.05.04</td><td style="color: red;">W32/Dropper.ZZR</td</tr><tr><td>Avast</td><td>4.8.1335.0</td><td>2009.05.04</td><td>-</td</tr><tr><td>AVG</td><td>8.5.0.327</td><td>2009.05.05</td><td>-</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2009.05.05</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.05.05</td><td>-</td</tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.05.05</td><td>-</td</tr><tr><td>Comodo</td><td>1149</td><td>2009.05.03</td><td style="color: red;">Unclassified Malware</td</tr><tr><td>DrWeb</td><td>5.0.0.12182</td><td>2009.05.05</td><td>-</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.05.05</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>31.6.6490</td><td>2009.05.05</td><td>-</td</tr><tr><td>F-Prot</td><td>4.4.4.56</td><td>2009.05.04</td><td style="color: red;">W32/Dropper.ZZR</td</tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.05.05</td><td>-</td</tr><tr><td>Fortinet</td><td>3.117.0.0</td><td>2009.05.05</td><td>-</td</tr><tr><td>GData</td><td>19</td><td>2009.05.05</td><td>-</td</tr><tr><td>Ikarus</td><td>T3.1.1.49.0</td><td>2009.05.05</td><td style="color: red;">Win32.HLLW.Autoruner.2060</td</tr><tr><td>K7AntiVirus</td><td>7.10.723</td><td>2009.05.04</td><td style="color: red;">Trojan-Dropper.Win32.Agent</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.05.05</td><td>-</td</tr><tr><td>McAfee</td><td>5605</td><td>2009.05.04</td><td style="color: red;">potentially unwanted program Generic PUP</td</tr><tr><td>McAfee+Artemis</td><td>5605</td><td>2009.05.04</td><td style="color: red;">potentially unwanted program Generic PUP</td</tr><tr><td>McAfee-GW-Edition</td><td>6.7.6</td><td>2009.05.05</td><td>-</td</tr><tr><td>Microsoft</td><td>1.4602</td><td>2009.05.05</td><td>-</td</tr><tr><td>NOD32</td><td>4053</td><td>2009.05.05</td><td>-</td</tr><tr><td>Norman</td><td>6.01.05</td><td>2009.05.04</td><td>-</td</tr><tr><td>nProtect</td><td>2009.1.8.0</td><td>2009.05.04</td><td>-</td</tr><tr><td>Panda</td><td>10.0.0.14</td><td>2009.05.04</td><td>-</td</tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.05.03</td><td>-</td</tr><tr><td>Prevx1</td><td>3.0</td><td>2009.05.05</td><td style="color: red;">High Risk Worm</td</tr><tr><td>Prevx1</td><td>V2</td><td>2009.05.05</td><td style="color: red;">High Risk Worm</td</tr><tr><td>Rising</td><td>21.28.12.00</td><td>2009.05.05</td><td>-</td</tr><tr><td>Sophos</td><td>4.41.0</td><td>2009.05.05</td><td style="color: red;">Mal/PWS-Fam</td</tr><tr><td>Sunbelt</td><td>3.2.1858.2</td><td>2009.05.05</td><td>-</td</tr><tr><td>Symantec</td><td>1.4.4.12</td><td>2009.05.05</td><td style="color: red;">Trojan Horse</td</tr><tr><td>TheHacker</td><td>6.3.4.1.318</td><td>2009.05.04</td><td>-</td</tr><tr><td>TrendMicro</td><td>8.950.0.1092</td><td>2009.05.05</td><td>-</td</tr><tr><td>VBA32</td><td>3.12.10.4</td><td>2009.05.05</td><td style="color: red;">Win32.HLLW.Autoruner.2060</td</tr><tr><td>ViRobot</td><td>2009.5.4.1719</td><td>2009.05.04</td><td>-</td</tr><tr><td>VirusBuster</td><td>4.6.5.0</td><td>2009.05.04</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">附加信息</td></tr><tr><td colspan="4">File size: 45056 bytes</td></tr><tr><td colspan="4">MD5...: 04a62742f5091b3477c2c76ec71e52ac</td></tr><tr><td colspan="4">SHA1..: d15f8272ab77c77b418a0048979918f53c4e298b</td></tr><tr><td colspan="4">SHA256: 00f05ed9a6ac19b074cffb1f0e695d5c4c0aede8a0fb4555abe43972efcfb41b</td></tr><tr><td colspan="4">SHA512: 8c38d5071e26823d755395bb848e7d2ca4469d3d60b73e61c27f930aaaaebe53<BR>ced30fb4da8328f9a878349a16ecd9b9601d183d2e30d088188290bcaccabd58</td></tr><tr><td colspan="4">ssdeep: 384:/9mUuu7nkK/v0hs1kU1Hc3AYP4Ni1Qs5UdI+4yLw4yfh4yyseLjR:EuLkqch<BR>s1u39wU/UJo1yPL1<BR></td></tr><tr><td colspan="4">PEiD..: Armadillo v1.71</td></tr><tr><td colspan="4">TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)</td></tr><tr><td colspan="4">PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2b60<BR>timedatestamp.....: 0x48153b56 (Mon Apr 28 02:49:58 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2031 0x3000 4.62 af775642c8ec7814d9487516d2869972<BR>.rdata 0x4000 0x12d8 0x2000 4.09 c6682bfa32cc4015e94373e80be5f7c7<BR>.data 0x6000 0x2a0 0x1000 0.69 3b6b65e87d1cfb039904611ad77e2393<BR>.rsrc 0x7000 0x3388 0x4000 3.76 9e27d4998746b22e17c345bf920e1d19<BR><BR>( 6 imports ) <BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, __getmainargs, _mbsrchr, _initterm, __setusermatherr, __p___argc, __p___argv, _mbsnbicmp, strlen, memset, memcpy, __CxxFrameHandler, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _setmbcp, _controlfp<BR>> KERNEL32.dll: TerminateProcess, Sleep, OpenFileMappingA, GetCommandLineA, SetEvent, OpenEventA, ReleaseMutex, CreateMutexA, SetPriorityClass, GetCurrentProcess, OpenProcess, GetProcAddress, GetSystemTime, GetModuleHandleA, GetStartupInfoA, CloseHandle, CreateToolhelp32Snapshot, Process32First, Process32Next, GetLastError, UnmapViewOfFile, GetModuleFileNameA, MapViewOfFile<BR>> USER32.dll: IsIconic, ShowWindow, GetLastActivePopup, GetForegroundWindow, GetWindowThreadProcessId, BringWindowToTop, SetForegroundWindow, SystemParametersInfoA, SetFocus, GetDesktopWindow, PostMessageA, IsWindow, IsWindowVisible, AttachThreadInput, RegisterWindowMessageA, SendMessageA<BR>> SHELL32.dll: ShellExecuteA<BR>> MSVCP60.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z<BR><BR>( 0 exports ) <BR></td></tr><tr><td colspan="4">PDFiD.: -</td></tr><tr><td colspan="4">RDS...: NSRL Reference Data Set<BR>-</td></tr><tr><td colspan="4">ThreatExpert info: <A href="http://www.threatexpert.com/report.aspx?md5=04a62742f5091b3477c2c76ec71e52ac" target=_blank>http://www.threatexpert.com/repo ... c76ec71e52ac</A></td></tr><tr><td colspan="4">CWSandbox info: <A href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=04a62742f5091b3477c2c76ec71e52ac" target=_blank>http://research.sunbelt-software ... c76ec71e52ac</A></td></tr><tr><td colspan="4"><A href="http://info.prevx.com/aboutprogramtext.asp?PX5=651A9B1E00D0AC3BB04300A0A4A6FF003FE40BD5" target=_blank>http://info.prevx.com/aboutprogr ... FF003FE40BD5</A></td></tr><tr><td colspan="4">Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=651A9B1E00D0AC3BB04300A0A4A6FF003FE40BD5" target=_blank>http://info.prevx.com/aboutprogr ... FF003FE40BD5</A></td></tr></table>
[ 本帖最后由 sxbxyh 于 2009-5-9 22:38 编辑 ] |