今天碰到的

显示全部楼层 · 发表于 2008-7-18 13:39:48

一不小心把样本删了

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.7.17.0	2008.07.18	-
AntiVir	7.8.0.68	2008.07.17	TR/Dropper.Gen
Authentium	5.1.0.4	2008.07.18	W32/Hupigon.G.gen!Eldorado
Avast	4.8.1195.0	2008.07.17	-
AVG	8.0.0.130	2008.07.17	Pakes.L
BitDefender	7.2	2008.07.18	-
CAT-QuickHeal	9.50	2008.07.17	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.07.18	-
DrWeb	4.44.0.09170	2008.07.17	BackDoor.Pigeon.5402
eSafe	7.0.17.0	2008.07.17	-
eTrust-Vet	31.6.5964	2008.07.18	-
Ewido	4.0	2008.07.17	-
F-Prot	4.4.4.56	2008.07.18	W32/Hupigon.G.gen!Eldorado
F-Secure	7.60.13501.0	2008.07.18	-
Fortinet	3.14.0.0	2008.07.18	W32/Hupigon.GE!tr.bdr
GData	2.0.7306.1023	2008.07.18	-
Ikarus	T3.1.1.34.0	2008.07.18	Virus.Win32.Virtualizer
Kaspersky	7.0.0.125	2008.07.18	-
McAfee	5341	2008.07.18	-
Microsoft	1.3704	2008.07.18	-
NOD32v2	3277	2008.07.18	-
Norman	5.80.02	2008.07.17	-
Panda	9.0.0.4	2008.07.17	-
Prevx1	V2	2008.07.18	-
Rising	20.53.32.00	2008.07.17	-
Sophos	4.31.0	2008.07.18	Mal/Emogen-E
Sunbelt	3.1.1536.1	2008.07.17	VIPRE.Suspicious
Symantec	10	2008.07.18	-
TheHacker	6.2.96.381	2008.07.16	-
TrendMicro	8.700.0.1004	2008.07.18	Cryp_Pai-6
VBA32	3.12.8.0	2008.07.17	-
VirusBuster	4.5.11.0	2008.07.17	-
Webwasher-Gateway	6.6.2	2008.07.18	Trojan.Dropper.Gen

附加信息

File size: 704000 bytes

MD5...: e20eb52e7db90463fa9f44f609f36555

SHA1..: 6d426ff750d34642adc573978255927dff599351

SHA256: c38eea1df40c23526941c9531ba849eb2593fde0a00a5c2d02076e582a33bfde

SHA512: bba7afef0f1c61a54d16ff071b97fb0df2c066507cfe6cac4ca8c651c77e82d4
2958bbd306fcca20514d73009cfc76ca7164e2bbc8bf0df6b5ce7b44749893ef

PEiD..: ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov

PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1060000
timedatestamp.....: 0x41107bc1 (Wed Aug 04 06:01:37 2004)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x5f000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0x60000 0x5f000 0x5ce00 8.00 5f77508d9fd3696191ff27b4b1fe453b
.rsrc 0xbf000 0x1000 0x200 4.93 074e954d27aa56df0a471388e2b7747a
.data 0xc0000 0x4f000 0x4ea00 7.92 90c90e76254588f906efd4941b362545
.adata 0x10f000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 3 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

( 0 exports )

packers (Kaspersky): PE_Patch

显示全部楼层 · 发表于 2008-7-18 13:40:47

Samples

[病毒样本] 今天碰到的