一个过卡巴等多数杀软的病毒

显示全部楼层 · 发表于 2008-2-16 13:09:45

终于看见多引擎上norman sandbox found

显示全部楼层 · 发表于 2008-2-16 13:10:23

2008/2/16 13:07:50 Real-time file system protection file G:\v\mf.exe probably unknown NewHeur_PE virus cleaned by deleting - quarantined Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.

显示全部楼层 · 发表于 2008-2-16 13:15:45

Hello,

Thanks for taking the time to submit your samples to the Norman
Sandbox Information Center.  Customer delight is our top priority at
Norman.  With that in mind we have developed Sandbox Solutions for
organizations that are committed to speedy analysis and debugging.

Norman Sandbox Solutions give your organization the opportunity to
analyze files immediately in your own environment.

To find out how to bring the power of Norman Sandbox into your test
environments follow the links below.

Norman Sandbox Solutions
http://www.norman.com/Product/Sandbox-products/

Norman Sandbox Analyzer
http://www.norman.com/Product/Sandbox-products/Analyzer/

Norman Sandbox Analyzer Pro
http://www.norman.com/Product/Sandbox-products/Analyzer-pro/

Norman SandBox Reporter
http://www.norman.com/Product/Sandbox-products/Reporter/

mf.exe : INFECTED with W32/Downloader (Signature: NO_VIRUS)

[ DetectionInfo ]
* Sandbox name: W32/Downloader
* Signature name: NO_VIRUS
* Compressed: NO
* TLS hooks: YES
* Executable type: Application
* Executable file structure: OK

[ General information ]
* Creating several executable files on hard-drive.
* File length:       35298 bytes.
* MD5 hash: 2f38e50f5d8a2f5cf12e8b08df58b809.

[ Changes to filesystem ]
* Creates file C:\down.txt.
* Creates file C:\new.exe.
* Deletes file C:\new.exe.

[ Network services ]
* Downloads file from http://www.hjiuy.com/j.txt as C:\down.txt.
* Connects to "www.hjiuy.com" on port 80.
* Opens URL: www.hjiuy.com/j.txt.
* Downloads file from MZP as C:\new.exe.
* Connects to "MZP" on port 80.
* Opens URL: MZP/.
* Downloads file from $7 as C:\new.exe.
* Connects to "$7" on port 80.
* Opens URL: $7/.
* Downloads file from  as C:\new.exe.
* Connects to "" on port 80.
* Opens URL: /.
* Downloads file from ñ* Á «±UÉ£(#4s?s3í¶ as C:\new.exe.
* Connects to "ñ* Á «±UÉ£(#4s?s3í¶" on port 80.
* Opens URL: ñ* Á «±UÉ£(#4s?s3í¶/.
* Downloads file from ÅÑ+|"<½ ¯T.¢-R,'Iù£?"B~.¾. qîF~ÌÁ¢Òåj>ùa$Ì U½«Ë<áçyÊ;+âE9ÆoÜö>ÀÇØ T:åBÈh as C:\new.exe.
* Connects to "ÅÑ+|"<½ ¯T.¢-R,'Iù£?"B~.¾. qîF~ÌÁ¢Òåj>ùa$Ì U½«Ë<áçyÊ;+âE9ÆoÜö>ÀÇØ T:åBÈh" on port 80.
* Opens URL: ÅÑ+|"<½ ¯T.¢-R,'Iù£?"B~.¾. qîF~ÌÁ¢Òåj>ùa$Ì U½«Ë<áçyÊ;+âE9ÆoÜö>ÀÇØ T:åBÈh/.

[ Security issues ]
* Starting downloaded file - potential security problem.

[ Process/window information ]
* Creates process "C:\new.exe".

[ Signature Scanning ]
* C:\down.txt (4096 bytes) : no signature detection.
* C:\new.exe (8192 bytes) : no signature detection.

(C) 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information source only.

************************************
Sent from an unmonitored email address.
Please DO NOT reply.
************************************

显示全部楼层 · 发表于 2008-2-16 13:20:19

卡巴报了，咖啡miss

显示全部楼层 · 发表于 2008-2-16 13:21:27

原帖由 woai_jolin 于 2008-2-16 13:09 发表
终于看见多引擎上norman sandbox found

支持哦，我只用过FS

显示全部楼层 · 发表于 2008-2-16 13:27:01

啥都没做

显示全部楼层 · 发表于 2008-2-16 13:32:48

哪个网站估计要用代理才可以上
所以运行后这个病毒无法下载其他的病毒

显示全部楼层 · 发表于 2008-2-16 14:22:41

AVG 8.0 有报阿~~

"Scan started:";"2008年2月16日星期六, 下午 02:18:17"
"Total object scanned:";"2"
"Time needed:";"less than one second"
"Errors encountered:";"0"

"Infections"
"File";"Infection";"Result"
"F:\mf.rar:\mf.exe";"Trojan horse Generic9.BBRD";"Moved to Virus Vault"
"F:\mf.rar";"Trojan horse Generic9.BBRD";"Moved to Virus Vault"

显示全部楼层 · 发表于 2008-2-16 20:56:21

ArcaMicroScan 的确没报！

显示全部楼层 · 发表于 2008-2-16 22:13:39

deleted: Trojan program Trojan-Downloader.Win32.Delf.esm File: C:\Virus\mf.rar/mf.exe//NeoLite

[病毒样本] 一个过卡巴等多数杀软的病毒

回复 17楼啊弥陀佛的帖子

[病毒样本] 一个过卡巴等多数杀软的病毒

回复 17楼 啊弥陀佛 的帖子

回复 17楼啊弥陀佛的帖子