红伞和几个杀软报可疑

brightspray

附在线扫描结果

文件 ________________________.exe 接收于 2008.06.02 09:15:34 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止

结果: 8/32 (25%)

正在读取服务器信息中...
您的文件所排队列位置: 2.
预计开始时间为 43 和 62 秒之间.
扫描完成前请勿关闭窗口.
目前针对您的文件所进行的扫描进程已停止, 我们将会在稍后恢复.
如果您的等候时间超过 5 分钟, 请重新发送文件.
您的文件目前正在被 VirusTotal 扫描中,
结果将会稍后完成时生成.

格式化文本
打印结果

您的文件已过期或不存在.
目前服务已停止, 您的文件将会稍后的未知时间内进行扫描 (位置:
). 您可以继续等待回应 (自动读取) 或者在下面的表单内输入您的电子邮件地址, 并按下 "获取", 当扫描完成时, 系统会自动给您发送电子邮件通知.  

Email:

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.5.30.1	2008.06.02	-
AntiVir	7.8.0.26	2008.06.02	HEUR/Crypted
Authentium	5.1.0.4	2008.06.01	W32/Hupigon.G.gen!Eldorado
Avast	4.8.1195.0	2008.06.01	-
AVG	7.5.0.516	2008.06.01	-
BitDefender	7.2	2008.06.02	-
CAT-QuickHeal	9.50	2008.05.31	-
ClamAV	0.92.1	2008.06.02	-
DrWeb	4.44.0.09170	2008.06.02	-
eSafe	7.0.15.0	2008.06.01	-
eTrust-Vet	31.4.5837	2008.05.30	-
Ewido	4.0	2008.06.01	-
F-Prot	4.4.4.56	2008.06.01	W32/Hupigon.G.gen!Eldorado
F-Secure	6.70.13260.0	2008.06.02	Suspicious:W32/Malware!Gemini
Fortinet	3.14.0.0	2008.06.02	-
GData	2.0.7306.1023	2008.06.02	-
Ikarus	T3.1.1.26.0	2008.06.02	-
Kaspersky	7.0.0.125	2008.06.02	-
McAfee	5307	2008.05.30	-
Microsoft	1.3520	2008.06.02	-
NOD32v2	3150	2008.06.01	-
Norman	5.80.02	2008.05.30	-
Panda	9.0.0.4	2008.06.01	Suspicious file
Prevx1	V2	2008.06.02	-
Rising	20.47.00.00	2008.06.02	-
Sophos	4.29.0	2008.06.02	Sus/ComPack-C
Sunbelt	3.0.1139.1	2008.05.29	VIPRE.Suspicious
Symantec	10	2008.06.02	-
TheHacker	6.2.92.331	2008.06.02	-
VBA32	3.12.6.6	2008.06.01	-
VirusBuster	4.3.26:9	2008.06.01	-
Webwasher-Gateway	6.6.2	2008.06.02	Heuristic.Crypted

附加信息

File size: 894976 bytes

MD5...: fe9e5949fccb9589c9665f3b7ee67ff5

SHA1..: 98f984a8e230ee4d831d7e4a420275328f7060d8

SHA256: 5cc3ddc113e8c2cc2fe944d3353b72de7ac2bd64a00605fb9551f4cef46f7196

SHA512: df41ecf5efc8990261248acf7f68433d046f0276cd7c493669d3d87f7d5b6534 41729f75ebf98f5cf53fc55540b6a089f3856cda7f36d2078c308bf059458493

PEiD..: ASProtect v1.23 RC1

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401000 timedatestamp.....: 0x45f18091 (Fri Mar 09 15:43:13 2007) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 0x1000 0x3fd000 0x22400 8.00 410fc90161e6718efe5e7f5732bc8c8c 0x3fe000 0x2000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0x400000 0x68000 0x5f000 8.00 91391c9625acc2aae4f3b1ae4b17e3d2 .sungril 0x468000 0x59000 0x59000 7.85 69c3847993d262d74292688fddcd79a6 .adata 0x4c1000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e ( 4 imports ) > kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA > msvbvm60.dll: __vbaVarSub > oleaut32.dll: VariantChangeTypeEx > kernel32.dll: RaiseException ( 0 exports )

packers (Kaspersky): PE_Patch

dbpe

应该不是http://www.threatexpert.com/report.aspx?md5=fe9e5949fccb9589c9665f3b7ee67ff5


可能是打击盗版之类的吧

[ 本帖最后由 dbpe 于 2008-6-2 17:12 编辑 ]

无尽藏海

The file '################.exe' has been determined to be 'UNDER ANALYSIS'.

无尽藏海

The file '################.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file does not belong to a regular piece of software. This software can be used for an evasion of security protections in several computer programs. If we will find some malicious code inside the suspicious file anyway, we will integrate the pattern recognition in one of our next updates. In case AntiVir can detect this file we will not change or remove our detection.

qigang

应该不是病毒。