Test Sample（1）

qigang

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.6.27.1	2008.06.29	-
AntiVir	7.8.0.59	2008.06.28	TR/Dropper.Gen
Authentium	5.1.0.4	2008.06.29	-
Avast	4.8.1195.0	2008.06.28	-
AVG	7.5.0.516	2008.06.29	Downloader.Swizzor.A
BitDefender	7.2	2008.06.29	-
CAT-QuickHeal	9.50	2008.06.28	-
ClamAV	0.93.1	2008.06.28	-
DrWeb	4.44.0.09170	2008.06.29	-
eSafe	7.0.17.0	2008.06.26	Suspicious File
eTrust-Vet	31.6.5911	2008.06.27	-
Ewido	4.0	2008.06.27	-
F-Prot	4.4.4.56	2008.06.29	-
F-Secure	7.60.13501.0	2008.06.26	-
Fortinet	3.14.0.0	2008.06.29	-
GData	2.0.7306.1023	2008.06.29	-
Ikarus	T3.1.1.26.0	2008.06.29	Trojan-Dropper.Farfli.C
Kaspersky	7.0.0.125	2008.06.29	-
McAfee	5327	2008.06.27	-
Microsoft	1.3704	2008.06.29	-
NOD32v2	3225	2008.06.29	-
Norman	5.80.02	2008.06.27	-
Panda	9.0.0.4	2008.06.29	-
Prevx1	V2	2008.06.29	Malicious Software
Rising	20.50.62.00	2008.06.29	-
Sophos	4.30.0	2008.06.29	-
Sunbelt	3.0.1176.1	2008.06.26	-
Symantec	10	2008.06.29	-
TheHacker	6.2.96.364	2008.06.28	-
TrendMicro	8.700.0.1004	2008.06.27	-
VBA32	3.12.6.8	2008.06.29	-
VirusBuster	4.5.11.0	2008.06.23	-
Webwasher-Gateway	6.6.2	2008.06.29	Trojan.Dropper.Gen

附加信息

File size: 184320 bytes

MD5...: ecdf5c628dea372bae1f34742915599d

SHA1..: 614346701d332b20a7c58d657a63e4e66827d2db

SHA256: c35795f2e12bb5a649bf7bbcb912d2fcf3932dc76dc4ffbf343a7fda8b863fcb

SHA512: 8a2ec574435521870339e9abf34322878c053eb8bd48ab88600fad3a1ca15d00 65f3442cd167fbb5e7287cb4299ed240c0bea71d48ac379b852eedda54683e26

PEiD..: Armadillo v1.71

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40cae4 timedatestamp.....: 0x48645212 (Fri Jun 27 02:36:02 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xbc70 0xc000 6.80 2d5e42d4bcc9004170e28bb0c4778d65 .rdata 0xd000 0x4b0c 0x5000 7.32 50c3527437298f5e1f7bc1dc04943d17 .data 0x12000 0x1ab50 0x1b000 7.98 acd70dd277dbb7511b1fc450f3a9be46 ( 9 imports ) > USER32.dll: wsprintfA > SHELL32.dll: SHGetSpecialFolderPathA > ole32.dll: CoInitialize, CoCreateGuid, CoCreateInstance > RPCRT4.dll: UuidToStringA > ADVAPI32.dll: RegCloseKey, StartServiceA, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, CreateServiceA, OpenSCManagerA, DeleteService, CryptReleaseContext, CryptGenRandom, CryptAcquireContextA, CloseServiceHandle, OpenServiceA > SHLWAPI.dll: StrStrIA, SHGetValueA, SHEnumKeyExA, SHSetValueA, SHEnumValueA > MSVCRT.dll: strlen, ispunct, isspace, strerror, tolower, isalnum, printf, wctomb, __mb_cur_max, malloc, isupper, islower, fwrite, free, fclose, fopen, time, sprintf, atoi, strncpy, wcscpy, mbstowcs, srand, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, isxdigit, memcmp, isalpha, rand, isgraph, strcpy, strcat, memcpy, memset, __2@YAPAXI@Z > IMAGEHLP.dll: ImageNtHeader > KERNEL32.dll: FindFirstFileA, lstrlenA, ExitProcess, GetVersionExA, GetLocalTime, SleepEx, GetModuleHandleA, GetFileAttributesA, GetPrivateProfileStringA, FindNextFileA, WideCharToMultiByte, GetLastError, GetSystemDirectoryA, GetFileAttributesExA, CreateFileA, SetFileTime, CloseHandle, GetStartupInfoA ( 0 exports )

Prevx info: http://info.prevx.com/aboutprogr ... 2B616500C001B5445E7

ssy275

sophosMISS

Kitman

Hello. This file is already detected. Please update your bases.

Sincerely yours,
Andrey Bezborodov,
Virus Analyst.
_____________________
Kaspersky Lab Ltd
Moscow, Russia

电影结束了

F:\logo.rar>>logo.jpg         Trojan.Cap86300.pgxt    木马

....误报?

Palkia

病毒        2000-06-30  09:14:00        C:\Documents and Settings\Administrator\桌面\logo.rar\logo.jpg        Win32.Troj.HmirT.xe.188416        清除成功

markrhy

红伞杀！！！

水晶

毒霸 病毒        2008-07-01  15:48:14        C:\Documents and Settings\Administrator\桌面\logo.rar\logo.jpg        Win32.Troj.HmirT.xe.188416        隔离成功