[病毒样本] 1

显示全部楼层 · 发表于 2008-4-21 23:10:28

[Found backdoor] <W32/Hupigon.G.gen!Eldorado (not disinfectable, generic)> C:\test\no.rar->no.exe

显示全部楼层 · 发表于 2008-4-21 23:25:24

21:04:2008 23:23:05 SEARCHTASK "USER_DEFINED" started...
scan item: E:\VIRUS\no2.rar
File scanned: E:\VIRUS\no2.rar - SIGNATURE FOUND "Packed.Win32.Klone.af"
21:04:2008 23:23:05 SEARCHTASK "USER_DEFINED" FINISHED...
----------------------------------------------------
Directories scanned: 0
Files scanned: 1
Virus found: 1
----------------------------------------------------

显示全部楼层 · 发表于 2008-4-21 23:26:41

Dump of file D:\我的文档\no.exe
Created by EXE Explorer 1.0.0.0 - Copyright ? 2006 Michal Mutl

DOS HEADER
  Magic number: 0x5A4D
  Bytes on last page of file: 0x0050
  Pages in file: 0x0002
  Relocations: 0x0000
  Size of header in paragraphs: 0x0004
  Minimum extra paragraphs needed: 0x000F
  Maximum extra paragraphs needed: 0xFFFF
  Initial (relative) SS value: 0x0000
  Initial SP value: 0x00B8
  Checksum:  0x0000
  Initial IP value: 0x0000
  Initial (relative) CS value: 0x0000
  File address of relocation table: 0x0040
  Overlay number: 0x001A
  Reserved[0]: 0x0000
  Reserved[1]: 0x0000
  Reserved[2]: 0x0000
  Reserved[3]: 0x0000
  OEM identifier: 0x0000
  OEM information: 0x0000
  Reserved[0]: 0x0000
  Reserved[1]: 0x0000
  Reserved[2]: 0x0000
  Reserved[3]: 0x0000
  Reserved[4]: 0x0000
  Reserved[5]: 0x0000
  Reserved[6]: 0x0000
  Reserved[7]: 0x0000
  Reserved[8]: 0x0000
  Reserved[9]: 0x0000
  File address of new exe header: 0x00000100

FILE HEADER
  Signature:                   0x00004550 (Portable Executable)
  Machine:                      32-bit Intel
  Number of sections:          5
  Timestamp:                   1992-6-19 下午 10:22:17
  Pointer to symbol table:    0x00000000
  Number of symbols:          0
  Size of optional header:    224
  Characteristics:             0x818F

OPTIONAL HEADER
  Magic:                      0x010B (PE32)
  Linker version:             2.25
  Size of code:                0
  Size of initialized data:    40960
  Size of uninitialized:       286720
  Address of entry point:       0x00047000
  Base of code:                0x00001000
  Base of data:                0x00047000
  Image base:                   0x00400000
  Section alignment:          4096
  File alignment:             512
  Operating system version:    4.0
  Image version:                0.0
  Subsystem version:          4.0
  Win32 version value:          0
  Size of image:                667648 B
  Size of headers:             1024
  Checksum:                   88383
  Subsystem:                   Windows GUI
  DLL characteristics:          0x0000
  Size of stack reserve:       1048576
  Size of stack commit:       16384
  Size of heap reserve:       1048576
  Size of heap commit:          4096
  Loader flags:                0x00000000
  Number of RVA:                16

CHECKSUMS
  CRC32:    E823196D
  MD4:    C1DBB8F861AF31ED111C734C9E96C4E1
  MD5:    90385C9ACDDB8EC3EC5AB07C0C9EE8A4
  SHA1:    8C3D72D64EB17C55541AC4275DD8C0B27A531EA6

SECTIONS

Virtual address:    0x00001000
Virtual size:       286720
Raw data offset:    0x00000400
Raw data size:    0
Characteristics:    0xE0000040
Relocations:       0
Line numbers:       0

Virtual address:    0x00047000
Virtual size:       40960
Raw data offset:    0x00000400
Raw data size:    40960
Characteristics:    0xE0000040
Relocations:       0
Line numbers:       0

Virtual address:    0x00051000
Virtual size:       8192
Raw data offset:    0x0000A400
Raw data size:    0
Characteristics:    0xE0000040
Relocations:       0
Line numbers:       0
  .data
Virtual address:    0x00053000
Virtual size:       323584
Raw data offset:    0x0000A400
Raw data size:    320000
Characteristics:    0xE0000040
Relocations:       0
Line numbers:       0
  .adata
Virtual address:    0x000A2000
Virtual size:       4096
Raw data offset:    0x00058600
Raw data size:    0
Characteristics:    0xE0000040
Relocations:       0
Line numbers:       0

DIRECTORIES
  Imports
Section: .data
RVA:    0x00053C48
Size:    164
  Resources
Section:
RVA:    0x0000F000
Size:    42496
  Base Relocations
Section: .data
RVA:    0x00053BD4
Size:    8
  Thread Local Storage
Section: .data
RVA:    0x00053BDC
Size:    24
  reserved [15]
Section:
RVA:    0x00000000
Size:    1048576

IMPORTS
  kernel32.dll
GetProcAddress
   Ordinal: 0x0000
   Address: 0x0174B015
GetModuleHandleA
   Ordinal: 0x0000
   Address: 0x0174B026
LoadLibraryA
   Ordinal: 0x0000
   Address: 0x0174B039
  oleaut32.dll
VariantChangeTypeEx
   Ordinal: 0x0000
   Address: 0x0174B0C2

THREAD LOCAL STORAGE
  Start address of raw data:             0x0040C000
  End address of raw data:                0x0040C008
  Address of index:                      0x0040908C
  Address of callbacks:                   0x00000000
  Size of zero fill:                      0
  Characteristics:                      0x00000000

开发语言：Delphi  (exe) 加壳：ASProtect v1.2x (New Strain)

[ 本帖最后由 molicn 于 2008-4-21 23:30 编辑 ]

显示全部楼层 · 发表于 2008-4-22 07:58:16

信息 2008-04-22  07:58:03 您此次查毒清除了1个病毒
信息 2008-04-22  07:58:03 您此次查毒共查出1个病毒以及危险代码
信息 2008-04-22  07:58:03 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件3个
信息 2008-04-22  07:58:03 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-04-22  07:58:03 D:\Desktop\no.rar\no.exe Win32.PSWTroj.QQRob.667648 清除成功

显示全部楼层 · 发表于 2008-4-22 08:01:40

antivir pass
to vlab

显示全部楼层 · 发表于 2008-4-22 09:43:44

显示全部楼层 · 发表于 2008-4-22 10:13:52

[Found backdoor] <W32/Hupigon.G.gen!Eldorado (not disinfectable, generic)> C:\Documents and Settings\Admin\Desktop\no.rar->no.exe

显示全部楼层 · 发表于 2008-4-22 21:15:25

rising20.41.12未杀！

显示全部楼层 · 发表于 2008-4-22 21:24:11

McAfee MISS

[病毒样本] 1

本帖子中包含更多资源

IK

本帖子中包含更多资源

3/0

浏览过的版块