收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 16
12下一页
返回列表 发新帖
查看: 4356|回复: 10
收起左侧

[可疑文件] 16

[复制链接]
lizw9382
发表于 2014-7-9 00:22:44 | 显示全部楼层 |阅读模式
本帖最后由 lizw9382 于 2014-7-9 00:33 编辑

http://rghost.net/56791623
  第一次传。。。也不知道是不是病毒文件。。
回复

举报

Mr.Tong
发表于 2014-7-9 01:12:03 | 显示全部楼层
你坑我呢?压缩了无数层
回复

举报

fzshot
发表于 2014-7-9 01:19:42 | 显示全部楼层
本帖最后由 fzshot 于 2014-7-12 05:48 编辑

Dr.Web 9x kill 7x miss
Object(s) to scan:
- C:\Users\PRODUCTION I.G\Desktop\16x


>C:\Users\PRODUCTION I.G\Desktop\16x\iNetmanReg2x.exe - packed by UPX
C:\Users\PRODUCTION I.G\Desktop\16x\bot.exe - infected with Trojan.PWS.Panda.4795
C:\Users\PRODUCTION I.G\Desktop\16x\bot.exe - infected
C:\Users\PRODUCTION I.G\Desktop\16x\d.exe - infected with Trojan.DownLoader11.20629
C:\Users\PRODUCTION I.G\Desktop\16x\d.exe - infected
C:\Users\PRODUCTION I.G\Desktop\16x\b.exe - infected with Win32.HLLW.Phorpiex.54
C:\Users\PRODUCTION I.G\Desktop\16x\b.exe - infected
C:\Users\PRODUCTION I.G\Desktop\16x\setup (3).exe - is adware program Adware.Downware.3941
C:\Users\PRODUCTION I.G\Desktop\16x\setup (3).exe - infected
C:\Users\PRODUCTION I.G\Desktop\16x\expedition.exe - infected with Trojan.PWS.Wsgame.38938
C:\Users\PRODUCTION I.G\Desktop\16x\expedition.exe - infected
C:\Users\PRODUCTION I.G\Desktop\16x\iNetmanReg2x.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\16x\Garden-Rescue.exe - is adware program Adware.Downware.946
>C:\Users\PRODUCTION I.G\Desktop\16x\k.exe - packed by FLY-CODE
>C:\Users\PRODUCTION I.G\Desktop\16x\Brothersoft_downloader_For_4Free_Video_Converter.exe is INNO SETUP container
C:\Users\PRODUCTION I.G\Desktop\16x\Garden-Rescue.exe - infected
C:\Users\PRODUCTION I.G\Desktop\16x\Brothersoft_downloader_For_4Free_Video_Converter.exe - container
C:\Users\PRODUCTION I.G\Desktop\16x\DataFileHost.exe - Ok
C:\Users\PRODUCTION I.G\Desktop\16x\spidentifierimpl.exe - is adware program Adware.Conduit.20
C:\Users\PRODUCTION I.G\Desktop\16x\spidentifierimpl.exe - infected
C:\Users\PRODUCTION I.G\Desktop\16x\work.exe - infected with Win32.HLLW.Phorpiex.54
C:\Users\PRODUCTION I.G\Desktop\16x\work.exe - infected
>C:\Users\PRODUCTION I.G\Desktop\16x\shouqu_106_24.exe - packed by BINARYRES
C:\Users\PRODUCTION I.G\Desktop\16x\k.exe - Ok
>C:\Users\PRODUCTION I.G\Desktop\16x\Youbo_K170291.exe - packed by FLY-CODE
>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe is NSIS container
>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\uninst.exe is NSIS container
>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe is NSIS container
>>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\uninst.exe\_殌\HardInfo.dll - packed by FLY-CODE
>>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\uninst.exe\_殌\md5dll.dll - packed by UPX
>>C:\Users\PRODUCTION I.G\Desktop\16x\Youbo_K170291.exe - packed by FLY-CODE
>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\YUTool.exe is BINARYRES container
C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\Uninst.exe - infected with Trojan.PWS.Gina.82
>>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\uninst.exe\_殌\nsJSON.dll - packed by UPX
>>>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\uninst.exe\_殌\nsJSON.dll - packed by FLY-CODE
>>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\uninst.exe\_殌\nsProcess.dll - packed by FLY-CODE
>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\Icons.dll - packed by UPX
>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\go.htm is JS-HTML container
C:\Users\PRODUCTION I.G\Desktop\16x\Youbo_K170291.exe - Ok
>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\YuyuBrowser.exe is BINARYRES container
>>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\YuyuBrowser.exe\data001 is JS-HTML container
>>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\YuyuBrowser.exe\data002 is JS-HTML container
>>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\YuyuBrowser.exe\data003 is JS-HTML container
>>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\YuyuBrowser.exe\data004 is JS-HTML container
>>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\YuyuBrowser.exe\data005 is JS-HTML container
>>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\YuyuBrowser.exe\data006 is JS-HTML container
>>C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe\IconToolTip.exe is ZLIB container
C:\Users\PRODUCTION I.G\Desktop\16x\z2DG_78_1017.exe - infected container
>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\_殌\HardInfo.dll - packed by FLY-CODE
>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\_殌\md5dll.dll - packed by UPX
>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\_殌\nsJSON.dll - packed by UPX
>>>C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe\_殌\nsJSON.dll - packed by FLY-CODE
C:\Users\PRODUCTION I.G\Desktop\16x\setup212.exe - container
>>C:\Users\PRODUCTION I.G\Desktop\16x\shouqu_106_24.exe is NSIS container
C:\Users\PRODUCTION I.G\Desktop\16x\shouqu_106_24.exe - container


Rest to Dr.Web

Original file name: Brothersoft_downloader_For_4Free_Video_Converter.exe         Threat: Adware.InstallCore.400
Original file name: DataFileHost.exe         Threat: Adware.Downware.5722
Original file name: iNetmanReg2x.exe         This file presents no threat to your system.
Original file name: setup212.exe         This file presents no threat to your system.
Original file name: shouqu_106_24.exe         This file presents no threat to your system.
Original file name: k.exe         Threat: Trojan.Fakealert.47057
Original file name: Youbo_K170291.exe         Threat: Trojan.DownLoader11.20660

评分

参与人数 1人气 +1 收起 理由
Dust-;羅錠 + 1 版区有你更精彩: )

查看全部评分

回复

举报

cn86li
发表于 2014-7-9 04:13:57 | 显示全部楼层
360TS

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

fuzhk
发表于 2014-7-9 08:32:47 | 显示全部楼层
Mr.Tong 发表于 2014-7-9 01:12
你坑我呢?压缩了无数层

就一层啊?
回复

举报

fuzhk
发表于 2014-7-9 08:34:48 | 显示全部楼层
小a剩下7个,太杂就不上报了。
回复

举报

XywCloud
发表于 2014-7-9 11:14:09 | 显示全部楼层
跳过测试。
很多样本已经采集过了
回复

举报

潘中医
发表于 2014-7-11 18:32:32 | 显示全部楼层
杀了几个

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Flying_Bird
发表于 2014-7-13 22:04:46 | 显示全部楼层
EAV killed 10x, 6x missed. Others to eset.

D:\Download\16x.7z > 7ZIP > b.exe - Win32/Injector.BELE 特洛伊木马 的变种
D:\Download\16x.7z > 7ZIP > bot.exe - Win32/Spy.Zbot.YW 特洛伊木马
D:\Download\16x.7z > 7ZIP > Brothersoft_downloader_For_4Free_Video_Converter.exe - Win32/InstallCore.PL 潜在的不受欢迎应用程序 的变种
D:\Download\16x.7z > 7ZIP > d.exe - Win32/TrojanDownloader.Onkods.AH 特洛伊木马 的变种
D:\Download\16x.7z > 7ZIP > DataFileHost.exe - Win32/AdWare.MultiPlug.AG 应用程序 的变种
D:\Download\16x.7z > 7ZIP > expedition.exe - Win32/TrojanDownloader.Agent.RRR 特洛伊木马 的变种
D:\Download\16x.7z > 7ZIP > k.exe - Win32/AdWare.FakeAV.P 应用程序
D:\Download\16x.7z > 7ZIP > setup (3).exe > NSIS > Script.nsi - Win32/AdGazelle.A 潜在的不受欢迎应用程序
D:\Download\16x.7z > 7ZIP > setup (3).exe > NSIS > __a6a2bd0b3324445da8bb5e972419f8a7_lib.dll - Win32/AdGazelle.A 潜在的不受欢迎应用程序 的变种
D:\Download\16x.7z > 7ZIP > setup (3).exe > NSIS > __a6a2bd0b3324445da8bb5e972419f8a7_vlib.dll - Win32/AdGazelle.A 潜在的不受欢迎应用程序 的变种
D:\Download\16x.7z > 7ZIP > spidentifierimpl.exe - Win32/Conduit.SearchProtect.Q 潜在的不受欢迎应用程序
D:\Download\16x.7z > 7ZIP > work.exe - Win32/AutoRun.IRCBot.JG 蠕虫
回复

举报

落漠
发表于 2014-7-13 22:52:53 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-9-18 06:01 , Processed in 0.131455 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表