PCSL 可疑恶意网站每日分析 20081008

显示全部楼层 · 发表于 2008-10-8 01:52:51

http://msn.account.hotmail.ru/Cancelar.exe
http://albumbloglinda.hotmail.ru/album.exe
http://download.a-a-v-2008.com:8080/AAVSetup.exe
http://zfzuguo.cn/hb/24.exe
http://zfzuguo.cn/hb/7.exe
http://zfzuguo.cn/goole10.exe

复制代码

显示全部楼层 · 发表于 2008-10-8 06:12:37

打包上传....

6ge.rar
virus

显示全部楼层 · 发表于 2008-10-8 11:48:38

金山全灭

显示全部楼层 · 发表于 2008-10-8 11:52:38

irus check with G DATA AntiVirus
Version 18.7.8155.555
Virus signature dated 10/8/2008
Start time: 10/8/2008 11:51
Engine(s): Engine A (AVK 19.928), Engine B (BD 19.688)
Heuristics: On
Archive: On
System areas: Off

Check the following directories and files:
S:\6ge\

Object: 24.exe
Path: S:\6ge
Status: Virus detected
Virus: Trojan.Win32.Agent.aekx (Engine A), Trojan.Generic.739112 (Engine B)
Object: AAVSetup.exe
Path: S:\6ge
Status: Virus detected
Virus: Dropped:Trojan.Fakeav.BC (Engine B)
Object: album.exe
Path: S:\6ge
Status: Virus detected
Virus: Trojan-Downloader.Win32.Agent.abxu (Engine A), BehavesLike:Trojan.Downloader (Engine B)
Object: Cancelar.exe
Path: S:\6ge
Status: Virus detected
Virus: Trojan-Downloader.Win32.Banload.qvg (Engine A)
Object: goole10.exe
Path: S:\6ge
Status: Virus detected
Virus: Trojan-Downloader.Win32.Agent.vhb (Engine A), Trojan.Sorri.O (Engine B)
Object: 7.exe
Path: S:\6ge
Status: Virus detected
Virus: Worm.Win32.AutoRun.qjg (Engine A)

Analysis performed in full: 10/8/2008 11:51
6 files checked
6 infected files detected
0 suspicious files found

显示全部楼层 · 发表于 2008-10-8 13:50:21

你掉了个“吗”字~

Multi Command-Line Scanner Report
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\24.exe
MD5 Hash: 9020F09E895F865F7AF28301EA36D1B8
Type: UPX compressed Win32 Executable / Extension: .EXE

A-squared ----- Trojan-Spy.Win32.Treemz.A!IK
Antivir ----- TR/Hijacker.Gen
BitDefender ----- Trojan.Generic.739112
ClamWin ----- Nothing
Dr.Web ----- Trojan.PWS.Wsgame.7493
Ikarus ----- Trojan-Spy.Win32.Treemz.A
Jiangmin ----- TrojanSpy.OnLineGames.gfj
Kaspersky ----- Trojan.Win32.Agent.aekx
Kingsoft ----- Win32.TrojDownloader.OnlineGames.ak.57344
Vba32 ----- Trojan.Win32.Agent.aekx

*** 9/10 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\7.exe
MD5 Hash: 7E787EF687C5EA21BE816417D4D27EB7
Type: Win32 Executable Generic / Extension: .EXE

A-squared ----- Packed.Win32.Klone.af!IK
Antivir ----- TR/Dropper.Gen
BitDefender ----- Nothing
ClamWin ----- PUA.Packed.NPack-2
Dr.Web ----- Nothing
Ikarus ----- Packed.Win32.Klone.af
Jiangmin ----- Nothing
Kaspersky ----- Worm.Win32.AutoRun.qjg
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 5/10 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\AAVSetup.exe
MD5 Hash: 92F74701B8E1CA05D637482489999D43
Type: WinRAR Self Extracting archive / Extension: .EXE

A-squared ----- Generic.Win32.Malware.Antivirus2008!IK
Antivir ----- DR/FakeAV.BC.4
BitDefender ----- Dropped:Trojan.Fakeav.BC
ClamWin ----- Nothing
Dr.Web ----- Nothing
Ikarus ----- Generic.Win32.Malware.Antivirus2008
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 4/10 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\album.exe
MD5 Hash: 6E7624C91F377014974B3EFF25391865
Type: Win32 Executable Generic / Extension: .EXE

A-squared ----- BehavesLikeTrojan.Downloader!IK
Antivir ----- TR/Crypt.NSPM.Gen
BitDefender ----- BehavesLike:Trojan.Downloader
ClamWin ----- Trojan.Downloader-54941
Dr.Web ----- Trojan.DownLoader.25791
Ikarus ----- BehavesLikeTrojan.Downloader
Jiangmin ----- Nothing
Kaspersky ----- Trojan-Downloader.Win32.Agent.abxu
Kingsoft ----- Win32.Hack.xPacker.a.31980
Vba32 ----- Trojan-Downloader.Win32.Agent.abxu

*** 9/10 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\Cancelar.exe
MD5 Hash: 0BFD3A94D0CCF44F1E81859CC5042DF3
Type: Win32 Executable Generic / Extension: .EXE

A-squared ----- Trojan.Crypt.NSPM!IK
Antivir ----- TR/Crypt.NSPM.Gen
BitDefender ----- Nothing
ClamWin ----- Trojan.Downloader-52477
Dr.Web ----- Trojan.DownLoader.46510
Ikarus ----- Trojan.Crypt.NSPM
Jiangmin ----- TrojanDownloader.Banload.uff
Kaspersky ----- Trojan-Downloader.Win32.Banload.qvg
Kingsoft ----- Win32.Hack.xPacker.a.31980
Vba32 ----- Trojan-Downloader.Win32.Banload.qvg

*** 9/10 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\goole10.exe
MD5 Hash: 48A78FCF2B3ED76CDE11081AE497846D
Type: DOS Executable Generic / Extension: .EXE

A-squared ----- Trojan-Downloader.Win32.Agent.vhb!IK
Antivir ----- TR/Dldr.Agent.vhb
BitDefender ----- Trojan.Sorri.O
ClamWin ----- Trojan.Downloader-47131
Dr.Web ----- Trojan.DownLoad.991
Ikarus ----- Trojan-Downloader.Win32.Agent.vhb
Jiangmin ----- TrojanDownloader.Agent.akmq
Kaspersky ----- Trojan-Downloader.Win32.Agent.vhb
Kingsoft ----- Win32.Troj.Down.e.65536
Vba32 ----- Trojan-Downloader.Win32.Agent.vhb

*** 10/10 antivirus engines found virus in this file ***
-------------------------------------------------------------------------

Task done @ 2008/10/08 三 13:54:57.85

[ 本帖最后由 will 于 2008-10-8 14:00 编辑 ]

显示全部楼层 · 发表于 2008-10-8 13:58:50

走眼走眼

显示全部楼层 · 发表于 2008-10-8 19:43:28

2008-10-8 19:42:07 检测到威胁: Trojan.Win32.Agent.aekx D:\My Documents\桌面\6ge.rar/6ge\24.exe
2008-10-8 19:42:07 未处理: Trojan.Win32.Agent.aekx D:\My Documents\桌面\6ge.rar/6ge\24.exe 延期
2008-10-8 19:42:11 检测到威胁: Trojan-Downloader.Win32.Agent.abxu D:\My Documents\桌面\6ge.rar/6ge\album.exe
2008-10-8 19:42:11 未处理: Trojan-Downloader.Win32.Agent.abxu D:\My Documents\桌面\6ge.rar/6ge\album.exe 延期
2008-10-8 19:42:11 检测到威胁: Trojan-Downloader.Win32.Banload.qvg D:\My Documents\桌面\6ge.rar/6ge\Cancelar.exe/XComp
2008-10-8 19:42:11 未处理: Trojan-Downloader.Win32.Banload.qvg D:\My Documents\桌面\6ge.rar/6ge\Cancelar.exe/XComp 延期
2008-10-8 19:42:12 检测到威胁: Trojan-Downloader.Win32.Agent.vhb D:\My Documents\桌面\6ge.rar/6ge\goole10.exe/PE_Patch/UPack
2008-10-8 19:42:12 未处理: Trojan-Downloader.Win32.Agent.vhb D:\My Documents\桌面\6ge.rar/6ge\goole10.exe/PE_Patch/UPack 延期
2008-10-8 19:42:13 检测到威胁: Worm.Win32.AutoRun.qjg D:\My Documents\桌面\6ge.rar/6ge\7.exe
2008-10-8 19:42:13 未处理: Worm.Win32.AutoRun.qjg D:\My Documents\桌面\6ge.rar/6ge\7.exe 延期
2008-10-8 19:43:58 检测到威胁: Trojan-Downloader.Win32.Agent.abxu D:\My Documents\桌面\6ge.rar/6ge\album.exe
2008-10-8 19:43:59 检测到威胁: Trojan-Downloader.Win32.Banload.qvg D:\My Documents\桌面\6ge.rar/6ge\Cancelar.exe/XComp
2008-10-8 19:43:59 检测到威胁: Trojan-Downloader.Win32.Agent.vhb D:\My Documents\桌面\6ge.rar/6ge\goole10.exe/PE_Patch/UPack
2008-10-8 19:43:59 检测到威胁: Worm.Win32.AutoRun.qjg D:\My Documents\桌面\6ge.rar/6ge\7.exe

[ 本帖最后由 kingmuro 于 2008-10-8 19:45 编辑 ]

[已鉴定] PCSL 可疑恶意网站每日分析 20081008

回复 3楼维生素B2

回复 5楼 will 的帖子

kis2009

浏览过的版块

[已鉴定] PCSL 可疑恶意网站每日分析 20081008

回复 3楼 维生素B2

回复 5楼 will 的帖子

kis2009

浏览过的版块

回复 3楼维生素B2