Obfuscated X15(新基因!!卡巴大部分基因失效!!)

显示全部楼层 · 发表于 2008-10-16 17:19:11

e35a11e085ef5278e70ae14c3e4aaeef  9kgen_up.int1
1ce9b63682ecac14db7bc9ea14f5fbd9  9kgen_up.int2
2e2b07162fe470cdbeb77bad0474c453  kr3.int1
19e5197e0f11b001857d2f35ad0b85e5  kr3.int2
b98fa0baea6d714f0cc276e9642060cc  kr3.int3
0bd9e4a9d8a87972fa17258a16366f5b  np_pkz.int1
a3179a844935496505b6a929b7d29c51  np_pkz.int2
039caa51944b556e8df154802b2f5ba4  sn_pkz.int1
2dcc589cde06aa1b5058749e5eef0095  sn_pkz.int2
92e13b845e6598d4dbad6f00310e3a2e  tp_map16.int1
d3fee4af6fe1fa6cd269588b3b34cd15  tp_map16.int2
dbbc8dc497ffe39b19b967cfd3325269  uninstall.exe1
52210d11c151c808f5bb5a30642809ca  upAYB.int1
aecff357fd2f6e8a102fa5ad673594c8  upAYB.int2
bc675e5c9beed50555664b61b8a58f42  upAYB.int3
TO KL

Hello.
New malicious software was found in the attached file.
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Tatarinov Ivan
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

[ 本帖最后由 kato9096 于 2008-10-26 16:24 编辑 ]

显示全部楼层 · 发表于 2008-10-16 17:25:26

IK3个

d:\virus\Obfuscated\Obfuscated\9kgen_up.int1
d:\virus\Obfuscated\Obfuscated\9kgen_up.int2
d:\virus\Obfuscated\Obfuscated\kr3.int1
d:\virus\Obfuscated\Obfuscated\kr3.int2
d:\virus\Obfuscated\Obfuscated\kr3.int3
d:\virus\Obfuscated\Obfuscated\np_pkz.int1
d:\virus\Obfuscated\Obfuscated\np_pkz.int2
d:\virus\Obfuscated\Obfuscated\sn_pkz.int1
d:\virus\Obfuscated\Obfuscated\sn_pkz.int2
d:\virus\Obfuscated\Obfuscated\tp_map16.int1
d:\virus\Obfuscated\Obfuscated\tp_map16.int2
d:\virus\Obfuscated\Obfuscated\uninstall.exe1
d:\virus\Obfuscated\Obfuscated\upAYB.int1 - Signature 'Virus.Trojan.Win32.Obfuscated' found
d:\virus\Obfuscated\Obfuscated\upAYB.int2 - Signature 'Virus.Trojan.Win32.Obfuscated' found
d:\virus\Obfuscated\Obfuscated\upAYB.int3 - Signature 'Virus.Win32.SdBot' found

15 Files scanned
(0 Archives with 0 files)
3 Signatures found
0 Suspect code-parts found
Used time: 0:00.657

显示全部楼层 · 发表于 2008-10-16 17:25:44

这包真大,相信要慢慢download

显示全部楼层 · 发表于 2008-10-16 17:30:52

Multi Command-Line Scanner Report
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\9kgen_up.int1
MD5 Hash: E35A11E085EF5278E70AE14C3E4AAEEF
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 1/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\9kgen_up.int2
MD5 Hash: 1CE9B63682ECAC14DB7BC9EA14F5FBD9
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\kr3.int1
MD5 Hash: 2E2B07162FE470CDBEB77BAD0474C453
Type: Win64 Executable Generic / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 0/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\kr3.int2
MD5 Hash: 19E5197E0F11B001857D2F35AD0B85E5
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 0/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\kr3.int3
MD5 Hash: B98FA0BAEA6D714F0CC276E9642060CC
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 0/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\np_pkz.int1
MD5 Hash: 0BD9E4A9D8A87972FA17258A16366F5B
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\np_pkz.int2
MD5 Hash: A3179A844935496505B6A929B7D29C51
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\sn_pkz.int1
MD5 Hash: 039CAA51944B556E8DF154802B2F5BA4
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 1/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\sn_pkz.int2
MD5 Hash: 2DCC589CDE06AA1B5058749E5EEF0095
Type: Win64 Executable Generic / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\tp_map16.int1
MD5 Hash: 92E13B845E6598D4DBAD6F00310E3A2E
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 0/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\tp_map16.int2
MD5 Hash: D3FEE4AF6FE1FA6CD269588B3B34CD15
Type: Win64 Executable Generic / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- Nothing

*** 1/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\uninstall.exe1
MD5 Hash: DBBC8DC497FFE39B19B967CFD3325269
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- Nothing

*** 1/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int1
MD5 Hash: 52210D11C151C808F5BB5A30642809CA
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Virus.Trojan.Win32.Obfuscated!IK
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Trojan.Win32.Obfuscated
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 3/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int2
MD5 Hash: AECFF357FD2F6E8A102FA5AD673594C8
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Virus.Trojan.Win32.Obfuscated!IK
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Trojan.Win32.Obfuscated
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 3/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int3
MD5 Hash: BC675E5C9BEED50555664B61B8A58F42
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Virus.Win32.SdBot!IK
Avast ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Win32.SdBot
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 3/12 antivirus engines found virus in this file ***
-------------------------------------------------------------------------

Task done @ 2008/10/16 四 17:30:16.64

显示全部楼层 · 发表于 2008-10-16 17:52:04

to avira

显示全部楼层 · 发表于 2008-10-16 18:02:30

nis2009 ess都被过的干干净净

显示全部楼层 · 发表于 2008-10-16 18:09:29

一大堆插IE进程的。。。。

显示全部楼层 · 发表于 2008-10-16 18:51:08

上报几个~

显示全部楼层 · 发表于 2008-10-16 20:29:00

这就是战争。。。

显示全部楼层 · 发表于 2008-10-16 20:42:03

``avg就认识一个
TO AVG

[ 本帖最后由 c5132902 于 2008-10-16 21:12 编辑 ]

[病毒样本] Obfuscated X15(新基因!!卡巴大部分基因失效!!)

本帖子中包含更多资源

立功了，IK、vba32、毒霸立功了！

浏览过的版块