[MD5: D40743] 看有什么动作

红心王子

Scan taken on 28 Jul 2007 03:59:44 (GMT)
A-Squared	Found nothing
AntiVir	Found HEUR/Malware
ArcaVir	Found nothing
Avast	Found nothing
AVG Antivirus	Found nothing
BitDefender	Found nothing
ClamAV	Found Trojan.Crypted-3
CPsecure	Found nothing
Dr.Web	Found nothing
F-Prot Antivirus	Found nothing
F-Secure Anti-Virus	Found nothing
Fortinet	Found nothing
Kaspersky Anti-Virus	Found nothing
NOD32	Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control	Found nothing
Panda Antivirus	Found nothing
Rising Antivirus	Found nothing
Sophos Antivirus	Found Mal/Packer
VirusBuster	Found nothing
VBA32	Found Malware.Delf.119 (paranoid heuristics) (probable variant)

nod32这次报的比较BT，直接报了未知，估计是启发出来的

promised

不错的误报

微点卫士

金山,费尔都挂了

微点:
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\GLOVE\GLOVE.EXE
协议类型:TCP
本地地址:0.0.0.0
本地端口:2481
远端地址:218.76.40.59(湖南·长沙)
远端端口:139
没什么可疑动作

jimmyleo

D:\Download\T3\glove.rar:\glove\glove.exe - Signature 'Trojan-Spy.Win32.Agent.nz' found
D:\Download\T3\glove.rar

        2 Files scanned
          (1 Archive with 1 file)
        1 Signature found
        0 Suspect code-parts found
        Used time: 0:04.066

ik也不会安分的……

woai_jolin

sandbox中

woai_jolin

glove.exe : Not detected by Sandbox (Signature: NO_VIRUS)


[ DetectionInfo ]
    * Sandbox name: NO_MALWARE
    * Signature name: NO_VIRUS

[ General information ]
    * File length:       377856 bytes.
    * MD5 hash: d4074320162a0d72123dbb6de516ac88.

[ Process/window information ]
    * Creates an event called .



(C) 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information
source only.

This file is not flagged as malicious by the Norman Sandbox Information
Center. However, we can not guarantee that the file is harmless. If
you still suspect the file to be malicious and if you urgently need to
know for sure, please submit it to your local Norman support department
for manual analysis.