红伞扫描免杀22个，3包

绅博周幸

RT，第一包2个样本，第二包4个样本，第三包16个样本，目前红伞就只用未知壳结构探测了第二包内35号样本。

所有22个样本均没有入库。

第一包

[ 本帖最后由 绅博周幸 于 2007-12-13 16:00 编辑 ]

绅博周幸

第二包

[ 本帖最后由 绅博周幸 于 2007-12-13 15:59 编辑 ]

绅博周幸

第三包

[ 本帖最后由 绅博周幸 于 2007-12-13 16:03 编辑 ]

mofunzone

无语
第一包的文件
We received the following archive files:
File ID         Filename         Size (Byte)        Result
3599009         2.rar        790.86 KB        OK


A listing of files contained inside archives alongside their results can be found below:File ID         Filename         Size (Byte)        Result
2206829         11-64.exe         610.5 KB         KNOWN CLEAN
3281744         11-56.exe         559 KB         CLEAN



Please find a detailed report concerning each individual sample below: Filename        Result
11-64.exe         KNOWN CLEAN


The file '11-64.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Microsoft Windows Server 2003 Internet Explorer 7 (KB939653)'.
Filename        Result
11-56.exe         CLEAN


The file '11-56.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

mofunzone

第二包的文件
We received the following archive files:
File ID         Filename         Size (Byte)        Result
3599012         4.rar        894.89 KB        OK


A listing of files contained inside archives alongside their results can be found below:File ID         Filename         Size (Byte)        Result
2234022         11-219.exe         383 KB         CLEAN
2239480         11-98.exe         111.52 KB         CLEAN
1334561         11-117.exe         213 KB         CLEAN
2240987         11-135.exe         212.5 KB         MALWARE



Please find a detailed report concerning each individual sample below: Filename        Result
11-219.exe         CLEAN


The file '11-219.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename        Result
11-98.exe         CLEAN


The file '11-98.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename        Result
11-117.exe         CLEAN


The file '11-117.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename        Result
11-135.exe         MALWARE


The file '11-135.exe' has been determined to be 'MALWARE'. Our analysts named the threat BDS/Hupigon.Gen. The term "BDS/" denotes a Backdoor-Server program. Backdoor-Server programs are used to spy out, modify or delete data.This malware is detected by a special detection routine from the engine module.

mofunzone

最后一包的，原来这就是免杀
Thank you for your submission. Below you can see the current status of the uploaded files.



We received the following archive files:
File ID         Filename         Size (Byte)        Result
3599014         16.rar        600.45 KB        OK


A listing of files contained inside archives alongside their results can be found below:File ID         Filename         Size (Byte)        Result
126386         11-130.exe         28 KB         KNOWN CLEAN
2241831         11-178.exe         1.39 KB         DAMAGED FILE (UNKNOWN)
1097152         11-214.exe         44 KB         FALSE POSITIVE
2249687         11-260.exe         4 KB         DAMAGED FILE (UNKNOWN)
2240567         11-266.exe         133.8 KB         CLEAN
2249686         11-314.exe         2.57 KB         DAMAGED FILE (UNKNOWN)
1329327         11-349.exe         4 KB         CLEAN
2234403         11-361.exe         14 KB         CLEAN
2241573         11-386.exe         4 KB         DAMAGED FILE (MALWARE)
2246116         11-420.dll         312 KB         FALSE POSITIVE
595971         11-427.dll         48 KB         CLEAN
1006662         11-454.dll         26.32 KB         CLEAN
1050985         11-40.exe         28.5 KB         KNOWN CLEAN
202682         11-74.exe         52 KB         KNOWN CLEAN
2250132         11-80.exe         29.34 KB         DAMAGED FILE (UNKNOWN)
595970         11-104.exe         4.83 KB         CLEAN



Please find a detailed report concerning each individual sample below: Filename        Result
11-130.exe         KNOWN CLEAN


The file '11-130.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Microsoft (KB908531)'.
Filename        Result
11-178.exe         DAMAGED FILE (UNKNOWN)


The file '11-178.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Filename        Result
11-214.exe         FALSE POSITIVE


The file '11-214.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 6.39.0.121.
Filename        Result
11-260.exe         DAMAGED FILE (UNKNOWN)


The file '11-260.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Filename        Result
11-266.exe         CLEAN


The file '11-266.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename        Result
11-314.exe         DAMAGED FILE (UNKNOWN)


The file '11-314.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Filename        Result
11-349.exe         CLEAN


The file '11-349.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename        Result
11-361.exe         CLEAN


The file '11-361.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename        Result
11-386.exe         DAMAGED FILE (MALWARE)


The file '11-386.exe' has been determined to be 'DAMAGED FILE (MALWARE)'. In particular this means that this file is damaged and not working properly. Nevertheless we were able to determine that it contains malicious code fragments.
Filename        Result
11-420.dll         FALSE POSITIVE


The file '11-420.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.0.0.247.
Filename        Result
11-427.dll         CLEAN


The file '11-427.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename        Result
11-454.dll         CLEAN


The file '11-454.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Filename        Result
11-40.exe         KNOWN CLEAN


The file '11-40.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Windows XP (SP0)'.
Filename        Result
11-74.exe         KNOWN CLEAN


The file '11-74.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Nullsoft Winamp 5.05'.
Filename        Result
11-80.exe         DAMAGED FILE (UNKNOWN)


The file '11-80.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Filename        Result
11-104.exe         CLEAN


The file '11-104.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

will

    这不就是AVP里面11月的包里面的吗

hao8219

mcafee也可以查出来

风野胤

R:\4.rar » RAR » 11-135.exe - probably unknown NewHeur_PE virus

qigang

RX20.22.31未杀！