邮件收到的

显示全部楼层 · 发表于 2008-2-7 10:14:50

邮件收到的

显示全部楼层 · 发表于 2008-2-7 10:17:01

红伞、AVK07、费尔全飘了

显示全部楼层 · 发表于 2008-2-7 10:20:04

卡巴也飘了~

显示全部楼层 · 发表于 2008-2-7 10:22:00

看上去那人不错，给你个自由门玩玩，不过版本没看

显示全部楼层 · 发表于 2008-2-7 10:22:46

全过了！没事吧？

显示全部楼层 · 发表于 2008-2-7 10:24:40

NOD 蜘蛛也飘

显示全部楼层 · 发表于 2008-2-7 10:39:12

Result: 7/32 (21.88%)
Antivirus       Version       Last Update       Result
AhnLab-V3       2008.2.6.10       2008.02.05       -
AntiVir       7.6.0.62       2008.02.06       -
Authentium       4.93.8       2008.02.06       -
Avast       4.7.1098.0       2008.02.06       -
AVG       7.5.0.516       2008.02.06       Proxy.YCZ
BitDefender       7.2       2008.02.07       -
CAT-QuickHeal       9.00       2008.02.04       (Suspicious) - DNAScan
ClamAV       0.92       2008.02.07       -
DrWeb       4.44.0.09170       2008.02.06       -
eSafe       7.0.15.0       2008.01.28       Suspicious File
eTrust-Vet       31.3.5517       2008.02.07       -
Ewido       4.0       2008.02.06       -
FileAdvisor       1       2008.02.07       -
Fortinet       3.14.0.0       2008.02.06       -
F-Prot       4.4.2.54       2008.02.06       -
F-Secure       6.70.13260.0       2008.02.07       -
Ikarus       T3.1.1.20       2008.02.07       Virus.Win32.Agent.JOI
Kaspersky       7.0.0.125       2008.02.07       -
McAfee       5224       2008.02.06       -
Microsoft       1.3204       2008.02.06       -
NOD32v2       2854       2008.02.06       -
Norman       5.80.02       2008.02.06       -
Panda       9.0.0.4       2008.02.06       -
Prevx1       V2       2008.02.07       Heuristic: Suspicious Self Modifying EXE
Rising       20.29.22.00       2008.01.30       -
Sophos       4.26.0       2008.02.07       Freegate
Sunbelt       2.2.907.0       2008.02.07       VIPRE.Suspicious
Symantec       10       2008.02.07       -
TheHacker       6.2.9.211       2008.02.06       -
VBA32       3.12.6.0       2008.02.07       -
VirusBuster       4.3.26:9       2008.02.06       -
Webwasher-Gateway       6.6.2       2008.02.07       -

显示全部楼层 · 发表于 2008-2-7 10:44:27

1.exe
MD5: C17D1E90CBDB07DEED4F37EA9B092B43
PECompact V2.X-> Bitsum Technologies

晕死~脱壳失败...这个好像是《自由之门》(freegate)嘛~

There was a new process created in the system:

[filename of the sample #1]

[file and pathname of the sample #1]

417,792 bytes

The newly created Registry Value is:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

Occxrypa = 0x00009400
ProxyHttp1.1 = 0x00000001

The following Host Names were requested from a host database:

216.35.213.247
127.42.95.69
66.197.211.181
127.163.244.189
202.248.20.156
127.99.58.237
127.184.36.180
194.116.241.21
127.110.60.57
81.177.19.4
127.37.214.149
210.132.247.56
127.82.181.234
193.110.128.50
127.115.200.36
88.85.74.8
127.140.203.7
127.90.73.61
127.70.179.72
127.83.48.78
127.77.3.170
127.188.198.117
127.85.131.159
127.150.157.85
127.67.198.225
127.32.21.216
127.72.50.193
127.168.71.230
127.21.118.64
127.105.193.53
127.80.165.66
127.124.201.245
127.70.183.4
127.126.108.82
127.1.123.162
127.129.142.166
127.42.112.137
127.193.171.170
127.250.187.34
127.57.220.187
127.71.171.24
127.111.150.137
127.67.189.80
127.139.27.24
127.132.32.141
127.1.147.23
127.41.127.103
127.74.39.20
127.247.237.203
127.126.94.203
127.46.104.40
127.33.198.211
127.152.18.118
127.22.53.108
127.29.241.136
127.143.118.234
127.151.221.124
127.197.10.12

[ 本帖最后由 zwl2828 于 2008-2-7 10:59 编辑 ]

显示全部楼层 · 发表于 2008-2-7 11:10:57

Hello.
No malicious software was found in the attached file.
-----------------
Regards, Yury Nesmachny
Virus Analyst, Kaspersky Lab.

Ph.: +7(495) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

> Attachment: 1.zip

显示全部楼层 · 发表于 2008-2-7 11:16:20

哈,误报,不过这个自由门版本不高哦

[病毒样本] 邮件收到的

本帖子中包含更多资源