求大家帮忙验证下是否有毒【已确认为误报】

飘渺虚无

有这么几个原因使我对它迷惑。
该样本被加过北斗壳，不知是否是壳引起的误报
我用avk里的BD引擎扫会报，但是在线多引擎里的BD却不报，不知是引擎版本差异引起的还是因为BD已经把它入了白名单
由于我现在的条件限制无法自己验证，so请众卡饭帮忙验证下
附多引擎扫描结果
File CHS.exe received on 08.03.2008 18:44:54 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 22/36 (61.12%)

Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___
.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.

Compact
Print results

Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position:
) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.  

Email:

Antivirus	Version	Last Update	Result
AhnLab-V3	2008.7.29.1	2008.08.02	Win-Trojan/Xema.variant
AntiVir	7.8.1.15	2008.08.01	TR/FlyStudio.AI.1975
Authentium	5.1.0.4	2008.08.03	W32/Nuj.A.gen!Eldorado
Avast	4.8.1195.0	2008.08.03	Win32:Neptunia-IH
AVG	8.0.0.156	2008.08.03	-
BitDefender	7.2	2008.08.03	-
CAT-QuickHeal	9.50	2008.08.02	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.08.03	PUA.Packed.NPack-4
DrWeb	4.44.0.09170	2008.08.03	-
eSafe	7.0.17.0	2008.08.03	Suspicious File
eTrust-Vet	31.6.6002	2008.08.02	-
Ewido	4.0	2008.08.03	-
F-Prot	4.4.4.56	2008.08.03	W32/Nuj.A.gen!Eldorado
F-Secure	7.60.13501.0	2008.08.03	W32/Hupigon.gen67
Fortinet	3.14.0.0	2008.08.03	-
GData	2.0.7306.1023	2008.08.03	Win32:Neptunia-IH
Ikarus	T3.1.1.34.0	2008.08.03	Backdoor.Win32.Agent.ahj
K7AntiVirus	7.10.402	2008.08.02	Trojan.Win32.Malware.New
Kaspersky	7.0.0.125	2008.08.03	-
McAfee	5352	2008.08.01	New Malware.hr
Microsoft	1.3807	2008.08.03	Worm:Win32/Nuj.A
NOD32v2	3322	2008.08.03	-
Norman	5.80.02	2008.08.01	W32/Hupigon.gen67
Panda	9.0.0.4	2008.08.03	-
PCTools	4.4.2.0	2008.08.03	Packed/NSPack
Prevx1	V2	2008.08.03	Malicious Software
Rising	20.55.62.00	2008.08.03	-
Sophos	4.31.0	2008.08.03	Troj/Dropr-K
Sunbelt	3.1.1537.1	2008.08.01	-
Symantec	10	2008.08.03	Trojan.Dropper
TheHacker	6.2.96.392	2008.08.02	-
TrendMicro	8.700.0.1004	2008.08.01	WORM_HUPIGON.MKR
VBA32	3.12.8.2	2008.08.02	-
ViRobot	2008.8.1.1321	2008.08.01	-
VirusBuster	4.5.11.0	2008.08.02	Packed/NSPack
Webwasher-Gateway	6.6.2	2008.08.03	Trojan.FlyStudio.AI.1975

Additional information

File size: 587634 bytes

MD5...: 280e6de3ac00e133f72d3c0dd1b05161

SHA1..: 4c8472b68604ace80f527bebc5da6ea6ca63b490

SHA256: 7624d34b1dcd51a11f6706e1dbb0a40dcbfe7b282f7ccd005e0834cdaa9238d7

SHA512: 7cdc99903c972af91d040a04ba887951f29e4e335bdb26820f1709a11a34c31e 0980da5b36c36a4e6f0d70ee3c6996fa8e8d6ffb59cf8abcf5a36063b45b46c9

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x427e29 timedatestamp.....: 0x3925136b (Fri May 19 10:11:55 2000) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .nsp0 0x1000 0x1c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .nsp1 0x1d000 0x15000 0x14446 7.12 e9cbe3456c6e934dd859114f38eaa8cb .nsp2 0x32000 0xafe 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e ( 2 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > USER32.DLL: MessageBoxA ( 0 exports )

Prevx info: http://info.prevx.com/aboutprogr ... 843ECBACF000E5F6CA2

packers (Kaspersky): PE_Patch, NSPack

packers (Authentium): NSPack, PE_Patch

packers (F-Prot): NSPack, PE_Patch

[ 本帖最后由 飘渺虚无 于 2008-8-4 13:50 编辑 ]

Palkia

金山 0

303898443

454无事。

csliss

應該是誤報

tgzw1680

误报

twtpy93123

本人以身试毒,发现是个nero的双语转换软件而已~

Kitman

The file 'CHS.exe' has been determined to be 'UNDER ANALYSIS'.

飘渺虚无

原帖由 twtpy93123 于 2008-8-4 12:29 发表
本人以身试毒,发现是个nero的双语转换软件而已~

饿，这个我本来就是在nero一个精简版里挖出来的样本。
多谢各位，最终确定这是一个误报。看看那多引擎扫描图很是壮观啊。
ps：费尔很囧，今天凌晨我发样本的时候还是不报的，结果我早上过来却发现报毒了，我喜爱的费尔啊。。。。。

qigang

不知道误报修正没？

Kitman

The file 'CHS.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.