收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 这个被SAV隔离的迅雷是病毒吗?附打包文件。
返回列表 发新帖
查看: 2631|回复: 5
收起左侧

这个被SAV隔离的迅雷是病毒吗?附打包文件。

[复制链接]
chinajl
发表于 2009-5-9 13:23:25 | 显示全部楼层 |阅读模式
之前一直在用这个版本的thunder,sav也没有报告病毒。


文件 Thunder.exe 接收于 2009.05.05 13:31:02 (CET)
反病毒引擎版本最后更新扫描结果
a-squared4.0.0.1012009.05.05Win32.HLLW.Autoruner.2060!IK
AhnLab-V35.0.0.22009.05.05-
AntiVir7.9.0.1602009.05.05-
Antiy-AVL2.0.3.12009.05.05-
Authentium5.1.2.42009.05.04W32/Dropper.ZZR
Avast4.8.1335.02009.05.04-
AVG8.5.0.3272009.05.05-
BitDefender7.22009.05.05-
CAT-QuickHeal10.002009.05.05-
ClamAV0.94.12009.05.05-
Comodo11492009.05.03Unclassified Malware
DrWeb5.0.0.121822009.05.05-
eSafe7.0.17.02009.05.05-
eTrust-Vet31.6.64902009.05.05-
F-Prot4.4.4.562009.05.04W32/Dropper.ZZR
F-Secure8.0.14470.02009.05.05-
Fortinet3.117.0.02009.05.05-
GData192009.05.05-
IkarusT3.1.1.49.02009.05.05Win32.HLLW.Autoruner.2060
K7AntiVirus7.10.7232009.05.04Trojan-Dropper.Win32.Agent
Kaspersky7.0.0.1252009.05.05-
McAfee56052009.05.04potentially unwanted program Generic PUP
McAfee+Artemis56052009.05.04potentially unwanted program Generic PUP
McAfee-GW-Edition6.7.62009.05.05-
Microsoft1.46022009.05.05-
NOD3240532009.05.05-
Norman6.01.052009.05.04-
nProtect2009.1.8.02009.05.04-
Panda10.0.0.142009.05.04-
PCTools4.4.2.02009.05.03-
Prevx13.02009.05.05High Risk Worm
Prevx1V22009.05.05High Risk Worm
Rising21.28.12.002009.05.05-
Sophos4.41.02009.05.05Mal/PWS-Fam
Sunbelt3.2.1858.22009.05.05-
Symantec1.4.4.122009.05.05Trojan Horse
TheHacker6.3.4.1.3182009.05.04-
TrendMicro8.950.0.10922009.05.05-
VBA323.12.10.42009.05.05Win32.HLLW.Autoruner.2060
ViRobot2009.5.4.17192009.05.04-
VirusBuster4.6.5.02009.05.04-

附加信息
File size: 45056 bytes
MD5...: 04a62742f5091b3477c2c76ec71e52ac
SHA1..: d15f8272ab77c77b418a0048979918f53c4e298b
SHA256: 00f05ed9a6ac19b074cffb1f0e695d5c4c0aede8a0fb4555abe43972efcfb41b
SHA512: 8c38d5071e26823d755395bb848e7d2ca4469d3d60b73e61c27f930aaaaebe53<BR>ced30fb4da8328f9a878349a16ecd9b9601d183d2e30d088188290bcaccabd58
ssdeep: 384:/9mUuu7nkK/v0hs1kU1Hc3AYP4Ni1Qs5UdI+4yLw4yfh4yyseLjR:EuLkqch<BR>s1u39wU/UJo1yPL1<BR>
PEiD..: Armadillo v1.71
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2b60<BR>timedatestamp.....: 0x48153b56 (Mon Apr 28 02:49:58 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2031 0x3000 4.62 af775642c8ec7814d9487516d2869972<BR>.rdata 0x4000 0x12d8 0x2000 4.09 c6682bfa32cc4015e94373e80be5f7c7<BR>.data 0x6000 0x2a0 0x1000 0.69 3b6b65e87d1cfb039904611ad77e2393<BR>.rsrc 0x7000 0x3388 0x4000 3.76 9e27d4998746b22e17c345bf920e1d19<BR><BR>( 6 imports ) <BR>&gt; MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>&gt; MSVCRT.dll: _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, __getmainargs, _mbsrchr, _initterm, __setusermatherr, __p___argc, __p___argv, _mbsnbicmp, strlen, memset, memcpy, __CxxFrameHandler, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _setmbcp, _controlfp<BR>&gt; KERNEL32.dll: TerminateProcess, Sleep, OpenFileMappingA, GetCommandLineA, SetEvent, OpenEventA, ReleaseMutex, CreateMutexA, SetPriorityClass, GetCurrentProcess, OpenProcess, GetProcAddress, GetSystemTime, GetModuleHandleA, GetStartupInfoA, CloseHandle, CreateToolhelp32Snapshot, Process32First, Process32Next, GetLastError, UnmapViewOfFile, GetModuleFileNameA, MapViewOfFile<BR>&gt; USER32.dll: IsIconic, ShowWindow, GetLastActivePopup, GetForegroundWindow, GetWindowThreadProcessId, BringWindowToTop, SetForegroundWindow, SystemParametersInfoA, SetFocus, GetDesktopWindow, PostMessageA, IsWindow, IsWindowVisible, AttachThreadInput, RegisterWindowMessageA, SendMessageA<BR>&gt; SHELL32.dll: ShellExecuteA<BR>&gt; MSVCP60.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z<BR><BR>( 0 exports ) <BR>
PDFiD.: -
RDS...: NSRL Reference Data Set<BR>-
ThreatExpert info: <A href="http://www.threatexpert.com/report.aspx?md5=04a62742f5091b3477c2c76ec71e52ac" target=_blank>http://www.threatexpert.com/repo ... c76ec71e52ac&lt;/A>
CWSandbox info: <A href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=04a62742f5091b3477c2c76ec71e52ac" target=_blank>http://research.sunbelt-software ... c76ec71e52ac&lt;/A>
<A href="http://info.prevx.com/aboutprogramtext.asp?PX5=651A9B1E00D0AC3BB04300A0A4A6FF003FE40BD5" target=_blank>http://info.prevx.com/aboutprogr ... FF003FE40BD5&lt;/A>
Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=651A9B1E00D0AC3BB04300A0A4A6FF003FE40BD5" target=_blank>http://info.prevx.com/aboutprogr ... FF003FE40BD5&lt;/A>
<table border="1"><tr><td colspan="4">文件 Thunder.exe 接收于 2009.05.05 13:31:02 (CET)</td></tr><tr><td>反病毒引擎</td><td>版本</td><td>最后更新</td><td>扫描结果</td</tr><tr><td>a-squared</td><td>4.0.0.101</td><td>2009.05.05</td><td style="color: red;">Win32.HLLW.Autoruner.2060!IK</td</tr><tr><td>AhnLab-V3</td><td>5.0.0.2</td><td>2009.05.05</td><td>-</td</tr><tr><td>AntiVir</td><td>7.9.0.160</td><td>2009.05.05</td><td>-</td</tr><tr><td>Antiy-AVL</td><td>2.0.3.1</td><td>2009.05.05</td><td>-</td</tr><tr><td>Authentium</td><td>5.1.2.4</td><td>2009.05.04</td><td style="color: red;">W32/Dropper.ZZR</td</tr><tr><td>Avast</td><td>4.8.1335.0</td><td>2009.05.04</td><td>-</td</tr><tr><td>AVG</td><td>8.5.0.327</td><td>2009.05.05</td><td>-</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2009.05.05</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.05.05</td><td>-</td</tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.05.05</td><td>-</td</tr><tr><td>Comodo</td><td>1149</td><td>2009.05.03</td><td style="color: red;">Unclassified Malware</td</tr><tr><td>DrWeb</td><td>5.0.0.12182</td><td>2009.05.05</td><td>-</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.05.05</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>31.6.6490</td><td>2009.05.05</td><td>-</td</tr><tr><td>F-Prot</td><td>4.4.4.56</td><td>2009.05.04</td><td style="color: red;">W32/Dropper.ZZR</td</tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.05.05</td><td>-</td</tr><tr><td>Fortinet</td><td>3.117.0.0</td><td>2009.05.05</td><td>-</td</tr><tr><td>GData</td><td>19</td><td>2009.05.05</td><td>-</td</tr><tr><td>Ikarus</td><td>T3.1.1.49.0</td><td>2009.05.05</td><td style="color: red;">Win32.HLLW.Autoruner.2060</td</tr><tr><td>K7AntiVirus</td><td>7.10.723</td><td>2009.05.04</td><td style="color: red;">Trojan-Dropper.Win32.Agent</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.05.05</td><td>-</td</tr><tr><td>McAfee</td><td>5605</td><td>2009.05.04</td><td style="color: red;">potentially unwanted program Generic PUP</td</tr><tr><td>McAfee+Artemis</td><td>5605</td><td>2009.05.04</td><td style="color: red;">potentially unwanted program Generic PUP</td</tr><tr><td>McAfee-GW-Edition</td><td>6.7.6</td><td>2009.05.05</td><td>-</td</tr><tr><td>Microsoft</td><td>1.4602</td><td>2009.05.05</td><td>-</td</tr><tr><td>NOD32</td><td>4053</td><td>2009.05.05</td><td>-</td</tr><tr><td>Norman</td><td>6.01.05</td><td>2009.05.04</td><td>-</td</tr><tr><td>nProtect</td><td>2009.1.8.0</td><td>2009.05.04</td><td>-</td</tr><tr><td>Panda</td><td>10.0.0.14</td><td>2009.05.04</td><td>-</td</tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.05.03</td><td>-</td</tr><tr><td>Prevx1</td><td>3.0</td><td>2009.05.05</td><td style="color: red;">High Risk Worm</td</tr><tr><td>Prevx1</td><td>V2</td><td>2009.05.05</td><td style="color: red;">High Risk Worm</td</tr><tr><td>Rising</td><td>21.28.12.00</td><td>2009.05.05</td><td>-</td</tr><tr><td>Sophos</td><td>4.41.0</td><td>2009.05.05</td><td style="color: red;">Mal/PWS-Fam</td</tr><tr><td>Sunbelt</td><td>3.2.1858.2</td><td>2009.05.05</td><td>-</td</tr><tr><td>Symantec</td><td>1.4.4.12</td><td>2009.05.05</td><td style="color: red;">Trojan Horse</td</tr><tr><td>TheHacker</td><td>6.3.4.1.318</td><td>2009.05.04</td><td>-</td</tr><tr><td>TrendMicro</td><td>8.950.0.1092</td><td>2009.05.05</td><td>-</td</tr><tr><td>VBA32</td><td>3.12.10.4</td><td>2009.05.05</td><td style="color: red;">Win32.HLLW.Autoruner.2060</td</tr><tr><td>ViRobot</td><td>2009.5.4.1719</td><td>2009.05.04</td><td>-</td</tr><tr><td>VirusBuster</td><td>4.6.5.0</td><td>2009.05.04</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">附加信息</td></tr><tr><td colspan="4">File size: 45056 bytes</td></tr><tr><td colspan="4">MD5...: 04a62742f5091b3477c2c76ec71e52ac</td></tr><tr><td colspan="4">SHA1..: d15f8272ab77c77b418a0048979918f53c4e298b</td></tr><tr><td colspan="4">SHA256: 00f05ed9a6ac19b074cffb1f0e695d5c4c0aede8a0fb4555abe43972efcfb41b</td></tr><tr><td colspan="4">SHA512: 8c38d5071e26823d755395bb848e7d2ca4469d3d60b73e61c27f930aaaaebe53<BR>ced30fb4da8328f9a878349a16ecd9b9601d183d2e30d088188290bcaccabd58</td></tr><tr><td colspan="4">ssdeep: 384:/9mUuu7nkK/v0hs1kU1Hc3AYP4Ni1Qs5UdI+4yLw4yfh4yyseLjR:EuLkqch<BR>s1u39wU/UJo1yPL1<BR></td></tr><tr><td colspan="4">PEiD..: Armadillo v1.71</td></tr><tr><td colspan="4">TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)</td></tr><tr><td colspan="4">PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2b60<BR>timedatestamp.....: 0x48153b56 (Mon Apr 28 02:49:58 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2031 0x3000 4.62 af775642c8ec7814d9487516d2869972<BR>.rdata 0x4000 0x12d8 0x2000 4.09 c6682bfa32cc4015e94373e80be5f7c7<BR>.data 0x6000 0x2a0 0x1000 0.69 3b6b65e87d1cfb039904611ad77e2393<BR>.rsrc 0x7000 0x3388 0x4000 3.76 9e27d4998746b22e17c345bf920e1d19<BR><BR>( 6 imports ) <BR>&gt; MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>&gt; MSVCRT.dll: _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, __getmainargs, _mbsrchr, _initterm, __setusermatherr, __p___argc, __p___argv, _mbsnbicmp, strlen, memset, memcpy, __CxxFrameHandler, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _setmbcp, _controlfp<BR>&gt; KERNEL32.dll: TerminateProcess, Sleep, OpenFileMappingA, GetCommandLineA, SetEvent, OpenEventA, ReleaseMutex, CreateMutexA, SetPriorityClass, GetCurrentProcess, OpenProcess, GetProcAddress, GetSystemTime, GetModuleHandleA, GetStartupInfoA, CloseHandle, CreateToolhelp32Snapshot, Process32First, Process32Next, GetLastError, UnmapViewOfFile, GetModuleFileNameA, MapViewOfFile<BR>&gt; USER32.dll: IsIconic, ShowWindow, GetLastActivePopup, GetForegroundWindow, GetWindowThreadProcessId, BringWindowToTop, SetForegroundWindow, SystemParametersInfoA, SetFocus, GetDesktopWindow, PostMessageA, IsWindow, IsWindowVisible, AttachThreadInput, RegisterWindowMessageA, SendMessageA<BR>&gt; SHELL32.dll: ShellExecuteA<BR>&gt; MSVCP60.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z<BR><BR>( 0 exports ) <BR></td></tr><tr><td colspan="4">PDFiD.: -</td></tr><tr><td colspan="4">RDS...: NSRL Reference Data Set<BR>-</td></tr><tr><td colspan="4">ThreatExpert info: <A href="http://www.threatexpert.com/report.aspx?md5=04a62742f5091b3477c2c76ec71e52ac" target=_blank>http://www.threatexpert.com/repo ... c76ec71e52ac&lt;/A></td></tr><tr><td colspan="4">CWSandbox info: <A href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=04a62742f5091b3477c2c76ec71e52ac" target=_blank>http://research.sunbelt-software ... c76ec71e52ac&lt;/A></td></tr><tr><td colspan="4"><A href="http://info.prevx.com/aboutprogramtext.asp?PX5=651A9B1E00D0AC3BB04300A0A4A6FF003FE40BD5" target=_blank>http://info.prevx.com/aboutprogr ... FF003FE40BD5&lt;/A></td></tr><tr><td colspan="4">Prevx info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=651A9B1E00D0AC3BB04300A0A4A6FF003FE40BD5" target=_blank>http://info.prevx.com/aboutprogr ... FF003FE40BD5&lt;/A></td></tr></table>

[ 本帖最后由 sxbxyh 于 2009-5-9 22:38 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Hopesky
发表于 2009-5-9 14:09:33 | 显示全部楼层
请发至【样本区】
初步怀疑误报
回复

举报

chinajl
 楼主| 发表于 2009-5-9 22:10:34 | 显示全部楼层
麻烦斑竹帮忙转移,谢谢
回复

举报

einnawy
发表于 2009-5-9 23:02:32 | 显示全部楼层
费尔不报
回复

举报

SUZAKU
发表于 2009-5-9 23:06:28 | 显示全部楼层
TO AntiVir
回复

举报

kingmuro
头像被屏蔽
发表于 2009-5-9 23:06:29 | 显示全部楼层
过kv2008
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-20 03:06 , Processed in 0.160795 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表