vba32报鸽子

显示全部楼层 · 发表于 2007-12-31 11:31:53

第二只鸽子了

显示全部楼层 · 发表于 2007-12-31 11:33:35

红伞没报。

文件 1358.zip 接收于 2007.12.31 04:33:42 (CET)
当前状态: 完成
结果: 9/32 (28.13%)
格式化文本
打印结果反病毒引擎版本最后更新扫描结果
AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.30 -
Authentium 4.93.8 2007.12.30 -
Avast 4.7.1098.0 2007.12.30 Win32:Baidubar-B
AVG 7.5.0.516 2007.12.30 -
BitDefender 7.2 2007.12.31 -
CAT-QuickHeal 9.00 2007.12.29 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.31 -
DrWeb 4.44.0.09170 2007.12.30 -
eSafe 7.0.15.0 2007.12.30 Suspicious File
eTrust-Vet 31.3.5412 2007.12.29 -
Ewido 4.0 2007.12.30 -
FileAdvisor 1 2007.12.31 -
Fortinet 3.14.0.0 2007.12.31 -
F-Prot 4.4.2.54 2007.12.31 -
F-Secure 6.70.13030.0 2007.12.31 -
Ikarus T3.1.1.15 2007.12.31 Trojan-Spy.Win32.Banker.cfo
Kaspersky 7.0.0.125 2007.12.31 not-a-virus:AdWare.Win32.Ejik.x
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.31 -
NOD32v2 2757 2007.12.30 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.30 -
Prevx1 V2 2007.12.31 Heuristic: Suspicious Self Modifying EXE
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.31 -
Sunbelt 2.2.907.0 2007.12.30 VIPRE.Suspicious
Symantec 10 2007.12.31 -
TheHacker 6.2.9.175 2007.12.29 -
VBA32 3.12.2.5 2007.12.29 suspected of Backdoor.XiaoBird.197 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.12.30 -
Webwasher-Gateway 6.6.2 2007.12.30 Win32.Malware.gen#PECompact (suspicious)

[ 本帖最后由 cy6266812 于 2007-12-31 11:39 编辑 ]

显示全部楼层 · 发表于 2007-12-31 11:34:01

FP挂。。。。。。
-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.4.2
Virus signature file from: 2007-12-31, 5:54

Scan name: 12.31
Path to scan: C:\样本 yangpizhi\12.31\|

Thorough scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2007-12-31, 11:33:57
---------------------------------------------------------------------

[Clean] Boot sector on drive F:
[Clean] Boot sector on drive E:
[Clean] Boot sector on drive D:
[Clean] Boot sector on drive C:
[Clean] Master Boot Record on disk 0
[Clean] C:\样本 yangpizhi\12.31\1358.zip->1358.exe->(PecBundle)->(PECompact)
[Clean] C:\样本 yangpizhi\12.31\1358.zip

---------------------------------------------------------------------
Scan ended: 2007-12-31, 11:34:00
Duration: 0:00:03

Scan result:

Scanned files:    6
Infected objects:    0
Disinfected objects:    0
Quarantined files:    0
---------------------------------------------------------------------

显示全部楼层 · 发表于 2007-12-31 11:38:17

反病毒引擎版本最后更新扫描结果
AhnLab-V3 2007.12.29.11 2007.12.29 -
AntiVir 7.6.0.46 2007.12.30 -
Authentium 4.93.8 2007.12.30 -
Avast 4.7.1098.0 2007.12.30 Win32:Baidubar-B
AVG 7.5.0.516 2007.12.30 -
BitDefender 7.2 2007.12.31 -
CAT-QuickHeal 9.00 2007.12.29 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.12.31 -
DrWeb 4.44.0.09170 2007.12.30 -
eSafe 7.0.15.0 2007.12.30 Suspicious File
eTrust-Vet 31.3.5412 2007.12.29 -
Ewido 4.0 2007.12.30 -
FileAdvisor 1 2007.12.31 -
Fortinet 3.14.0.0 2007.12.30 -
F-Prot 4.4.2.54 2007.12.31 -
F-Secure 6.70.13030.0 2007.12.31 -
Ikarus T3.1.1.15 2007.12.31 Trojan-Spy.Win32.Banker.cfo
Kaspersky 7.0.0.125 2007.12.31 not-a-virus:AdWare.Win32.Ejik.x
McAfee 5195 2007.12.28 -
Microsoft 1.3109 2007.12.31 -
NOD32v2 2757 2007.12.30 -
Norman 5.80.02 2007.12.28 -
Panda 9.0.0.4 2007.12.30 -
Prevx1 V2 2007.12.31 Heuristic: Suspicious Self Modifying EXE
Rising 20.24.52.00 2007.12.29 -
Sophos 4.24.0 2007.12.31 -
Sunbelt 2.2.907.0 2007.12.30 VIPRE.Suspicious
Symantec 10 2007.12.31 -
TheHacker 6.2.9.175 2007.12.29 -
VBA32 3.12.2.5 2007.12.29 suspected of Backdoor.XiaoBird.197 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.12.30 -
Webwasher-Gateway 6.6.2 2007.12.30 Win32.Malware.gen#PECompact (suspicious)

显示全部楼层 · 发表于 2007-12-31 11:48:47

norman没报吗

1358.exe : INFECTED with W32/Malware (Signature: NO_VIRUS)

[ DetectionInfo ]
* Sandbox name: W32/Malware
* Signature name: NO_VIRUS
* Compressed: YES
* TLS hooks: YES
* Executable type: Application
* Executable file structure: OK

[ General information ]
* Decompressing PEC2.
* Accesses executable file from resource section.
* Drops files in %WINSYS% folder.
* File length: 486916 bytes.
* MD5 hash: cc650020380c339dc7284f782c8f3480.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM32\resiifers.ini.
* Creates file C:\WINDOWS\SYSTEM32\arnllyrkgmizb.dll.

[ Changes to system settings ]
* Modifies profile key "ID"="1358" in section [settings] of file C:\WINDOWS\SYSTEM32\resiifers.ini.
* Modifies profile key "setupday"="5,3574?444>49576E-4044" in section [settings] of file C:\WINDOWS\SYSTEM32\resiifers.ini.
* Modifies profile key "rnd"="323" in section [settings] of file C:\WINDOWS\SYSTEM32\resiifers.ini.
* Modifies profile key ""="" in section [] of file C:\WINDOWS\SYSTEM32\resiifers.ini.

[ Process/window information ]
* Creates an event called .

[ Signature Scanning ]
* C:\WINDOWS\SYSTEM32\resiifers.ini (32 bytes) : no signature detection.
* C:\WINDOWS\SYSTEM32\arnllyrkgmizb.dll (58448 bytes) : no signature detection.

(C) 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information source only.

************************************
Sent from an unmonitored email address.
Please DO NOT reply.
************************************

显示全部楼层 · 发表于 2007-12-31 12:04:55

rs pass

显示全部楼层 · 发表于 2007-12-31 12:08:12

这只鸽子比价肥大，Rising20.24.60吃不下去！

显示全部楼层 · 发表于 2007-12-31 12:09:01

江民KKKK

显示全部楼层 · 发表于 2007-12-31 12:12:32

过rs中级防御，待鉴定

显示全部楼层 · 发表于 2007-12-31 13:41:37

f-secure 的沙盘估计会报的 ..

[病毒样本] vba32报鸽子

本帖子中包含更多资源

浏览过的版块