1样本，分析下，好像不是病毒

运指如飞

RT

wangjay1980

DAT，怎么测试

红心王子

米问题，没有发现恶意程序运行

wangjay1980

File tools.zip received on 07.17.2007 10:56:01 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Loading server information...
Your file is queued in position: 3.
Estimated start time is between 52 and 75 seconds.
Do not close the window untill scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Print results

Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:  
  

Antivirus Version Last Update Result
AhnLab-V3 2007.7.14.0 2007.07.17 no virus found
AntiVir 7.4.0.42 2007.07.17 HEUR/Crypted
Authentium 4.93.8 2007.07.17 no virus found
Avast 4.7.997.0 2007.07.16 no virus found
AVG 7.5.0.476 2007.07.16 no virus found
BitDefender 7.2 2007.07.17 no virus found
CAT-QuickHeal 9.00 2007.07.16 no virus found
ClamAV devel-20070416 2007.07.17 no virus found
DrWeb 4.33 2007.07.17 no virus found
eSafe 7.0.15.0 2007.07.16 suspicious Trojan/Worm
eTrust-Vet 30.8.3789 2007.07.17 no virus found
Ewido 4.0 2007.07.16 no virus found
FileAdvisor 1 2007.07.17 no virus found
Fortinet 2.91.0.0 2007.07.17 no virus found
F-Prot 4.3.2.48 2007.07.17 no virus found
Ikarus T3.1.1.8 2007.07.17 no virus found
Kaspersky 4.0.2.24 2007.07.17 no virus found
McAfee 5075 2007.07.16 no virus found
Microsoft 1.2704 2007.07.17 no virus found
NOD32v2 2401 2007.07.17 no virus found
Norman 5.80.02 2007.07.17 no virus found
Panda 9.0.0.4 2007.07.17 no virus found
Sophos 4.19.0 2007.07.16 no virus found
Sunbelt 2.2.907.0 2007.07.16 no virus found
Symantec 10 2007.07.17 no virus found
TheHacker 6.1.7.148 2007.07.16 no virus found
VBA32 3.12.2 2007.07.16 no virus found
VirusBuster 4.3.23:9 2007.07.16 no virus found
Webwasher-Gateway 6.0.1 2007.07.17 Heuristic.Crypted

tracydk

Starting the file scan:

Begin scan in 'F:\病毒样本\tools.rar'
F:\病毒样本\tools.rar
  [0] Archive type: RAR
  --> tools.dat
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was deleted!

运指如飞

原帖由 tracydk 于 2007-7-17 17:01 发表
Starting the file scan:

Begin scan in 'F:\病毒样本\tools.rar'
F:\病毒样本\tools.rar
  [0] Archive type: RAR
  --> tools.dat
      [DETECTION] Contains suspicious code HEUR/Crypted
        ...

你为什么每次都是别人上传个东西，你拿去就扫，

扫完就把报告复制上来就完了？？

就不能搞点有建设性的回帖啊？

运指如飞

原帖由 wangjay1980 于 2007-7-17 16:55 发表
DAT，怎么测试

好测试啊，直接把后缀名改成.exe就能运行了


看看什么效果

woai_jolin

tools.dat : Not detected by Sandbox (Signature: NO_VIRUS)


[ DetectionInfo ]
    * Sandbox name: NO_MALWARE
    * Signature name: NO_VIRUS

[ General information ]
    * File length:         9728 bytes.
    * MD5 hash: a1523d379638625a3678772a2d3c54c4.



(C) 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information
source only.

This file is not flagged as malicious by the Norman Sandbox Information
Center. However, we can not guarantee that the file is harmless. If
you still suspect the file to be malicious and if you urgently need to
know for sure, please submit it to your local Norman support department
for manual analysis.

woai_jolin

改成exe后
tools.exe : Not detected by Sandbox (Signature: NO_VIRUS)


[ DetectionInfo ]
    * Sandbox name: NO_MALWARE
    * Signature name: NO_VIRUS

[ General information ]
    * File length:         9728 bytes.
    * MD5 hash: a1523d379638625a3678772a2d3c54c4.



(C) 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information
source only.

This file is not flagged as malicious by the Norman Sandbox Information
Center. However, we can not guarantee that the file is harmless. If
you still suspect the file to be malicious and if you urgently need to
know for sure, please submit it to your local Norman support department
for manual analysis.
没有动作

wangjay1980

不是所有的改下后缀就可以