收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 刚抓的呢,很嫩的样本 卡巴 红伞 NOD 全挂 (更新了)
123下一页
返回列表 发新帖
查看: 4196|回复: 21
收起左侧

[病毒样本] 刚抓的呢,很嫩的样本 卡巴 红伞 NOD 全挂 (更新了)

[复制链接]
molicn
发表于 2008-9-4 23:14:35 | 显示全部楼层 |阅读模式
我的红伞就是这样死掉的。。。。
文件 wmcodec_update.exe 接收于 2008.09.04 17:10:54 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止 结果: 9/35 (25.72%)

反病毒引擎版本最后更新扫描结果
AhnLab-V32008.9.4.22008.09.04-
AntiVir7.8.1.282008.09.04-
Authentium5.1.0.42008.09.03-
Avast4.8.1195.02008.09.04-
AVG8.0.0.1612008.09.04-
BitDefender7.22008.09.04Trojan.Zlob.CQW
CAT-QuickHeal9.502008.09.02Backdoor.Small.fax
ClamAV0.93.12008.09.04Trojan.FakeAlert-566
DrWeb4.44.0.091702008.09.04-
eSafe7.0.17.02008.09.03-
eTrust-Vet31.6.60692008.09.04-
Ewido4.02008.09.03-
F-Prot4.4.4.562008.09.03-
F-Secure8.0.14332.02008.09.04-
Fortinet3.14.0.02008.09.03-
GData192008.09.04-
IkarusT3.1.1.34.02008.09.04Virus.Trojan.Win32.BHO.egw
K7AntiVirus7.10.4412008.09.04Trojan-Downloader.Win32.Agent.hec
Kaspersky7.0.0.1252008.09.04-
McAfee53762008.09.03-
Microsoft1.39032008.09.04Trojan:Win32/Zlob.AR
NOD32v234152008.09.04-
Norman5.80.022008.09.04Malware.DJFR
Panda9.0.0.42008.09.03-
PCTools4.4.2.02008.09.04-
Prevx1V22008.09.04-
Rising20.60.31.002008.09.04-
Sophos4.33.02008.09.04Mal/FakeAV-D
Sunbelt3.1.1582.12008.09.02-
Symantec102008.09.04-
TheHacker6.3.0.8.0722008.09.04Backdoor/Small.foh
TrendMicro8.700.0.10042008.09.04-
ViRobot2008.9.4.13632008.09.04-
VirusBuster4.5.11.02008.09.04-
Webwasher-Gateway6.6.22008.09.04-
附加信息
File size: 122390 bytes
MD5...: d196cad67ddc4d572ca56c5efda33893
SHA1..: f208fa9c2268cec5a9379e606e67d7ce3431b28c
SHA256: e350401f32201f08b73a44ec6e259bbec559903c8cb0a9be42e2fcf7265ab744
SHA512: 00a88409e4555c153cfd46e40ca19b046e1b66a84e57a9a5d0faebe6a2842157
ca0d837c69e113bde210003a8bdb739fbbd34b929769dc528391ff25e495b098
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4030ed
timedatestamp.....: 0x473efc39 (Sat Nov 17 14:35:37 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b22 0x5c00 6.47 fb692891d6592365eb18f6b3bbfa5d2e
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25cb8 0x400 5.12 c5c4701871042863b95b9217c002c503
.ndata 0x2f000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x39000 0x6c8 0x800 2.92 f6366612209bf47196d50e045e245de9

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )


第2次更新 样本
文件 wmcodec_update_1_.exe 接收于 2008.09.04 17:43:32 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止
结果: 9/36 (25%)

反病毒引擎版本最后更新扫描结果
AhnLab-V32008.9.4.22008.09.04-
AntiVir7.8.1.282008.09.04-
Authentium5.1.0.42008.09.03-
Avast4.8.1195.02008.09.04-
AVG8.0.0.1612008.09.04-
BitDefender7.22008.09.04Trojan.Zlob.CQW
CAT-QuickHeal9.502008.09.02Backdoor.Small.fax
ClamAV0.93.12008.09.04Trojan.FakeAlert-566
DrWeb4.44.0.091702008.09.04-
eSafe7.0.17.02008.09.03-
eTrust-Vet31.6.60692008.09.04-
Ewido4.02008.09.04-
F-Prot4.4.4.562008.09.03-
F-Secure8.0.14332.02008.09.04-
Fortinet3.14.0.02008.09.03-
GData192008.09.04-
IkarusT3.1.1.34.02008.09.04Virus.Trojan.Win32.BHO.egw
K7AntiVirus7.10.4412008.09.04Trojan-Downloader.Win32.Agent.hec
Kaspersky7.0.0.1252008.09.04-
McAfee53762008.09.03-
Microsoft1.39032008.09.04Trojan:Win32/Zlob.AR
NOD32v234152008.09.04-
Norman5.80.022008.09.04Malware.DJFR
Panda9.0.0.42008.09.03-
PCTools4.4.2.02008.09.04-
Prevx1V22008.09.04-
Rising20.60.31.002008.09.04-
Sophos4.33.02008.09.04Mal/FakeAV-D
Sunbelt3.1.1582.12008.09.02-
Symantec102008.09.04-
TheHacker6.3.0.8.0722008.09.04Backdoor/Small.foh
TrendMicro8.700.0.10042008.09.04-
VBA323.12.8.52008.09.04-
ViRobot2008.9.4.13632008.09.04-
VirusBuster4.5.11.02008.09.04-
Webwasher-Gateway6.6.22008.09.04-
附加信息
File size: 122390 bytes
MD5...: 80663a2f5df83d84208ce7c5eab713fb
SHA1..: eca4e8bd329400f8532a5734d253d0e27d4e5310
SHA256: 77eb6572f8db251c1fcf77c85a6e5199f6cc2443513feedb3e2de60db745cd79
SHA512: 92c5825fad1ad89bec8ae1c72d1bc3840f181fc4db34286366f5504d4e1264a9
f1a06d18f88f02e0d7756414d58e88959add285a332a3b1da83a6d6f842e691a
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4030ed
timedatestamp.....: 0x473efc39 (Sat Nov 17 14:35:37 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b22 0x5c00 6.47 fb692891d6592365eb18f6b3bbfa5d2e
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25cb8 0x400 5.12 c5c4701871042863b95b9217c002c503
.ndata 0x2f000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x39000 0x6c8 0x800 2.92 f6366612209bf47196d50e045e245de9

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )


[ 本帖最后由 molicn 于 2008-9-4 23:45 编辑 ]
回复

举报

wangjay1980
发表于 2008-9-4 23:20:04 | 显示全部楼层
搞定
回复

举报

The EQs
发表于 2008-9-4 23:21:28 | 显示全部楼层
zlob几小时更新一次,而且不同变种很多
回复

举报

虫眼
发表于 2008-9-4 23:30:11 | 显示全部楼层
在system32里面创建dll,直接拍死。
回复

举报

sam.to
发表于 2008-9-4 23:34:36 | 显示全部楼层

回复 2楼 wangjay1980 的帖子

上报吧,卡巴又不回我的上报
回复

举报

cxc0532
发表于 2008-9-4 23:37:45 | 显示全部楼层
我的红伞 防住了啊
回复

举报

972929
发表于 2008-9-4 23:38:10 | 显示全部楼层
不错,测试了一番是厉害!
回复

举报

wangjay1980
发表于 2008-9-4 23:53:27 | 显示全部楼层
运行了还是一样被卡擦
回复

举报

ts2884664
头像被屏蔽
发表于 2008-9-5 01:01:22 | 显示全部楼层
不行啊    KIS2009没查出来  已经上报了
回复

举报

763957840
发表于 2008-9-5 12:11:06 | 显示全部楼层
哈哈,有点想 解压
回复

举报

下一页 »
123下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-18 06:50 , Processed in 0.128763 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表