收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 一个【MD5:23d5e】
12
返回列表 发新帖
楼主: wangjay1980
 收起左侧

[病毒样本] 一个【MD5:23d5e】

[复制链接]
tracydk
发表于 2007-7-14 18:00:23 | 显示全部楼层
红伞挂了 上报
回复

举报

tracydk
发表于 2007-7-14 18:07:15 | 显示全部楼层
AhnLab-V32007.7.14.02007.07.14no virus found
AntiVir7.4.0.392007.07.13no virus found
Authentium4.93.82007.07.13no virus found
Avast4.7.997.02007.07.13Win32:Delf-DNR
AVG7.5.0.4762007.07.13no virus found
BitDefender7.22007.07.14Trojan.Muldrop.ARH
CAT-QuickHeal9.002007.07.14no virus found
ClamAVdevel-200704162007.07.14no virus found
DrWeb4.332007.07.14Trojan.MulDrop.6952
eSafe7.0.15.02007.07.10suspicious Trojan/Worm
eTrust-Vet30.8.37842007.07.14no virus found
Ewido4.02007.07.14Dropper.DN
FileAdvisor12007.07.14no virus found
Fortinet2.91.0.02007.07.14no virus found
F-Prot4.3.2.482007.07.13no virus found
IkarusT3.1.1.82007.07.14no virus found
Kaspersky4.0.2.242007.07.14no virus found
McAfee50742007.07.13no virus found
Microsoft1.27042007.07.14Trojan:Win32/Agent.gen!J
NOD32v223982007.07.14no virus found
Norman5.80.022007.07.13W32/Hupigon.gen67
Panda9.0.0.42007.07.13no virus found
Sophos4.19.02007.07.06Mal/DelpDldr-B
Sunbelt2.2.907.02007.07.14no virus found
Symantec102007.07.14no virus found
TheHacker6.1.6.1462007.07.13no virus found
VBA323.12.0.22007.07.13Trojan.MulDrop.6952
VirusBuster4.3.23:92007.07.13
Webwasher-Gateway6.0.12007.07.14Trojan.Crypt.NSPI.Gen
回复

举报

风雪
发表于 2007-7-14 18:48:08 | 显示全部楼层
1184410155,2007-7-14 18:49:15,Trojan.BAT.KillAV.ec.likf.for,木马,mygood,D:\3\新建文件夹\新建文件夹\123.zip>>123.exe>>emb-0.cab>>avp.exe,Manual scan
1184410155,2007-7-14 18:49:15,Heuri.Possible/Packed,启发式扫描,mygood,D:\3\新建文件夹\新建文件夹\123.zip>>123.exe>>emb-0.cab>>ie.exe,Manual scan
费尔
回复

举报

yashoo
头像被屏蔽
发表于 2007-7-14 19:02:52 | 显示全部楼层
Analysis ID: 3873711

File Name            Findings                       Detection                    Type         Extra
--------------------|------------------------------|----------------------------|------------|-----
123.exe             |heuristic detection           |backdoor-awq                |Trojan      |no

heuristic detection [123.exe]
回复

举报

woai_jolin
发表于 2007-7-14 19:33:34 | 显示全部楼层
sandbox报
===================================================================================================
NVCOD On Demand Scanner 5.80.02

NSE revision 5.91.02
nvcbin.def revision 5.90.00 of 2007/07/13 18:54:26 (807131 variants)
nvcmacro.def revision 5.90.00 of 2007/06/29 06:32:19 (20341 variants)
Total number of variants: 827472
Command line: "@C:\Users\Jason\AppData\Local\Temp\~OD6123.tmp"
===================================================================================================

       Time  Filename                                                     Virus name
---------------------------------------------------------------------------------------------------
- Scanning files matching: D:\virus\123.zip
     22888 ms D:\virus\123.zip : 123.exe                                   Virus W32/Hupigon.gen67 ( [ General information ]
    * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
    * Creating several executable files on hard-drive.
    * File length:        82432 bytes.

[ Changes to filesystem ]
    * Deletes directory C:\WINDOWS\TEMP\IXP0.TMP.
    * Creates directory C:\WINDOWS\TEMP\IXP0.TMP.
    * Creates file C:\WINDOWS\TEMP\IXP0.TMP\TMP4351$.TMP.
    * Creates file C:\WINDOWS\TEMP\IXP0.TMP\avp.exe.
    * Creates file C:\WINDOWS\TEMP\IXP0.TMP\ie.exe.
    * Deletes file C:\WINDOWS\TEMP\IXP0.TMP\ie.exe.
    * Deletes file C:\WINDOWS\TEMP\IXP0.TMP\avp.exe.
    * Deletes file C:\WINDOWS\TEMP\IXP0.TMP\TMP4351$.TMP.
    * Deletes directory C:\WINDOWS\TEMP\IXP0.TMP\.
    * Creates file C:\WINDOWS\winllogon.exe.
    * Creates file C:\WINDOWS\Deleteme.bat.

[ Changes to registry ]
    * Creates key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce".
    * Sets value "wextract_cleanup0"="rundll32.exe C:\WINDOWS\SYSTEM32\advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\TEMP\IXP0.TMP\"" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce".
    * Deletes value "wextract_cleanup0" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce".
    * Creates key "HKLM\System\CurrentControlSet\Services\IE_WinServerName".
    * Sets value "ImagePath"="C:\WINDOWS\winllogon.exe" in key "HKLM\System\CurrentControlSet\Services\IE_WinServerName".
    * Sets value "DisplayName"="Windows CreaterIE" in key "HKLM\System\CurrentControlSet\Services\IE_WinServerName".

[ Process/window information ]
    * Attempts to access service "IE_WinServerName".
    * Creates service "IE_WinServerName (Windows CreaterIE)" as "C:\WINDOWS\winllogon.exe".

)
        0 ms D:\virus\123.zip                                            
        0 ms D:\virus\123.zip:Zone.Identifier                           
- File D:\virus\123.zip quarantined.

===================================================================================================

The scanning started: 2007/07/14 19:26:23
               ended: 2007/07/14 19:26:46
Logged on as        : Jason
on hostname         : JASON-PC

Scanning results:
   Total number of files found..............................:       3
   Number of files scanned..................................:       3
   Number of files/directories skipped due to exclude list..:       0
   Number of files that could not be opened.................:       0
   Number of archive files unpacked.........................:       1
   Number of archive files not unpacked.....................:       0
   Number of infections.....................................:       1

Copyright (c) 1993-2005 Norman ASA.
回复

举报

hj5abc
发表于 2007-7-14 20:23:53 | 显示全部楼层

回复 #10 EQ2 的帖子

解包问题.

Scan performed at: 2007-7-14 20:21:28
Scanning Log
NOD32 version 2399 (20070714) NT
Command line: F:\123\123
Operating memory - is OK

Date: 14.7.2007  Time: 20:21:31
Anti-Stealth technology is enabled.
Scanned disks, folders and files: F:\123\123\
F:\123\123\avp.exe - BAT/Agent.Y trojan - quarantined - unable to clean - deleted
F:\123\123\ie.exe - a variant of Win32/TrojanDownloader.Delf.AXB trojan
Number of scanned files: 2
Number of threats found: 2
回复

举报

风野胤
发表于 2007-7-14 20:46:28 | 显示全部楼层
原帖由 hj5abc 于 2007-7-14 20:23 发表
解包问题.

Scan performed at: 2007-7-14 20:21:28
Scanning Log
NOD32 version 2399 (20070714) NT
Command line: F:\123\123
Operating memory - is OK

Date: 14.7.2007  Time: 20:21:31
Anti-Ste ...

的确 没有上报的必要
释放出来的东西完全查杀
回复

举报

红心王子
发表于 2007-7-14 20:58:35 | 显示全部楼层
C:\Documents and Settings\Administrator\桌面\123.
zip>>123.exe>>avp.exe        Trojan.BAT.Agent.v

C:\Documents and Settings\Administrator\桌面\123.
zip>>123.exe>>ie.exe>>nspack         Trojan.DL.Win32.Getou.b
怎么查出来2个??
回复

举报

风野胤
发表于 2007-7-14 21:03:54 | 显示全部楼层
原帖由 红心王子 于 2007-7-14 20:58 发表
C:\Documents and Settings\Administrator\桌面\123.
zip>>123.exe>>avp.exe        Trojan.BAT.Agent.v

C:\Documents and Settings\Administrator\桌面\123.
zip>>123.exe>>ie.exe>>nspack         Troja ...

其实是一个压缩包
但很多杀软解不了 比如nod 红伞貌似也不能解
运行就知道可以杀了
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-11 07:01 , Processed in 0.106851 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表