【高危】 利用shellcode漏洞的病毒

醉一生爱妍

。。今天一大早就从精英群EQ的口中知道了这个消息

然后我们全部DZ成员都在下这个病毒

因为这个网站上全是H 被大陆屏蔽

此样本为最新截获的样本 Gimmiv Worm

BitDefender Dropped:Win32.Worm.Gimmiv.A

最后总结。。下这个病毒 真难。。。

MS08-067 Gimmiv Worm
Submitted by dannyquist on Sat, 2008-10-25 01:59.

Here is the Gimmiv worm that was created for the latest Microsoft patch. Kudos to Microsoft for patching the flaw out of band and not sitting on it.

d65df633dc2700d521ae4dff8c393bff

Please comment if you upload other samples and I will update this post.
? dannyquist's blog | add new comment
n1-n9
Submitted by Dobby on Sat, 2008-10-25 05:50.
dc3fdfde66fffb6cfbec946a237787d8 n1.exe_
f173007fbd8e2190af3be7837acd70a4 n2.exe_
3ee354cc8b63b8849b28e6f376f2b263 n3.exe_
6c3e53864541bb13fa7853f7b580b807 n4.exe_
24cd978da62cff8370b83c26e134ff4c n5.exe_
86d75ae361637a8f9114bb3a40f710d3 n6.exe_
ee70f981514803e1fb4e6b65f492a56d n7.exe_
8d66f28d028a4838d09ce4b91d35b7cb n8.exe_
477aac8d472a7bea8b906718a2f50c67 n9.exe_

解压密码：infected

[ 本帖最后由 spicalhook 于 2008-10-28 17:27 编辑 ]

lingbo110120

沙发~我速度上报

will

Multi Command-Line Scanner Report
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\24cd978da62cff8370b83c26e134ff4c.exe   
MD5 Hash: 24CD978DA62CFF8370B83C26E134FF4C   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\3ee354cc8b63b8849b28e6f376f2b263.exe   
MD5 Hash: 3EE354CC8B63B8849B28E6F376F2B263   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\477aac8d472a7bea8b906718a2f50c67.exe   
MD5 Hash: 477AAC8D472A7BEA8B906718A2F50C67   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\6c3e53864541bb13fa7853f7b580b807.exe   
MD5 Hash: 6C3E53864541BB13FA7853F7B580B807   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\86d75ae361637a8f9114bb3a40f710d3.exe   
MD5 Hash: 86D75AE361637A8F9114BB3A40F710D3   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\8d66f28d028a4838d09ce4b91d35b7cb.exe   
MD5 Hash: 8D66F28D028A4838D09CE4B91D35B7CB   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\d65df633dc2700d521ae4dff8c393bff.exe   
MD5 Hash: D65DF633DC2700D521AE4DFF8C393BFF   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- SHeur.CQJN     
Antivir ----- TR/Crypt.XPACK.Gen    
BitDefender ----- Dropped:Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.origin    
NOD32 ----- Win32/Spy.Gimmiv.B trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\dc3fdfde66fffb6cfbec946a237787d8.exe   
MD5 Hash: DC3FDFDE66FFFB6CFBEC946A237787D8   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\ee70f981514803e1fb4e6b65f492a56d.exe   
MD5 Hash: EE70F981514803E1FB4E6B65F492A56D   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   
D:\Desk\Samples\Collect\MCLS\f173007fbd8e2190af3be7837acd70a4.exe   
MD5 Hash: F173007FBD8E2190AF3BE7837ACD70A4   
Type: Win32 Executable MS Visual C++ / Extension: .EXE   

A-squared ----- Worm.Win32.Gimmiv.A!IK    
Avast ----- Win32:Agent-ACJW [Trj]    
Avg ----- BackDoor.Generic10.TEZ     
Antivir ----- TR/Dldr.Agent.alce    
BitDefender ----- Win32.Worm.Gimmiv.A    
ClamWin ----- Nothing   
Dr.Web ----- Win32.HLLW.Jimmy.1    
NOD32 ----- Win32/Spy.Gimmiv.A trojan    
Ikarus ----- Worm.Win32.Gimmiv.A    
Jiangmin ----- Nothing   
Kaspersky ----- Trojan-Spy.Win32.Gimmiv.a    
Kingsoft ----- Win32.Troj.Unknown.z.397312    
Vba32 ----- Nothing   

*** 10/13 antivirus engines found virus in this file ***   
-------------------------------------------------------------------------   

Task done @ 2008/10/26 日 13:10:29.40   

[ 本帖最后由 will 于 2008-10-26 13:11 编辑 ]

The EQs

国外av厂商基本都杀了。。。。。。国内也都杀了。。。。没玩头。。。

syfwxmh

kaspersky kill all

醉一生爱妍

还是要感谢你 哈哈

syfwxmh

Avira kill all

lingbo110120

原来能杀

xxyy7171

我看 是人家屏蔽大陆吧

小邪邪

清空