Obfuscated X16(新基因!!)100%过卡巴

显示全部楼层 · 发表于 2008-10-26 16:28:42

2611ba6185ddfe8867eef50f133ffa4b  9kgen_up.int2
436f2a2953391c41499303e23bf988d4  upAYB.int1
482015bd70108b7948141dde09c66f84  tp_map16.int2
4d41094d44b9908eedcdb94d26d820d5  np_pkz.int2
4d7d6806b6443138b9f599e92acb5e8a  kr3.int1
6fb452570efc36a1f13e0752dbe60d5d  9kgen_up.int1
88a8f90078d138f62e8eb800e447bf5f  kr3.int2
91cd58bb143c72501b6a4eca6ebf558b  tp_map16.int1
a7a0ceb40f10817f7f09a38c292ca1d6  9kgen_up.int3
aef1cce691559968788eeef7c26ad367  uninstall.exe2
afef1fc744a8b22df65f1877d5659251  np_pkz.int1
bd330a28dc45ea0520fa9a489823ce9d  uninstall.exe1
d8bc27f705fdc57a6f85d346cfb70fc2  upAYB.int2
e41a8eba90cea3b13a815439e6767f2c  sn_pkz.int2
edfd5e9ac2a7806d2a3e6eeb9e700088  sn_pkz.int1
ff95a22bc387c941e876bb9f072ed7d5  upAYB.int3
TO KL

Hello.
New malicious software was found in the attached file ().
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

-----------------
Regards, Kirill Erakhtin
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

[ 本帖最后由 kato9096 于 2008-10-26 21:30 编辑 ]

显示全部楼层 · 发表于 2008-10-26 16:33:50

http://www.virustotal.com/analis ... ee2586f4d9d8e03820d
Result: 5/36 (13.89%)

http://www.virustotal.com/analis ... ecd8cc9ad94d9e725e9
Result: 4/36 (11.11%)

http://www.virustotal.com/analis ... 0f34d64ad5bfb424688
Result: 4/36 (11.12%)

http://www.virustotal.com/analis ... 8eb2efb0819c55b7487
Result: 3/36 (8.34%)

部分的样本

[ 本帖最后由 kato9096 于 2008-10-26 16:38 编辑 ]

显示全部楼层 · 发表于 2008-10-26 16:42:07

1个有效

Starting the file scan:

Begin scan in 'C:\Users\morgan\Desktop\Obfuscated(26 Oct)'
C:\Users\morgan\Desktop\Obfuscated(26 Oct)\Obfuscated(26 Oct)\
  9kgen_up.int1
  9kgen_up.int2
  9kgen_up.int3
  kr3.int1
  kr3.int2
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE]    The file was deleted!
  np_pkz.int1
  np_pkz.int2
  sn_pkz.int1
  sn_pkz.int2
  tp_map16.int1
  tp_map16.int2
  uninstall.exe1
  uninstall.exe2
  upAYB.int1
  upAYB.int2
  upAYB.int3

End of the scan: 2008年10月26日  01:41
Used time: 00:05 Minute(s)

The scan has been done completely.

   2 Scanning directories
   16 Files were scanned
   1 viruses and/or unwanted programs were found
   0 Files were classified as suspicious:
   1 files were deleted
   0 files were repaired
   0 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   15 Files not concerned
   0 Archives were scanned
   0 Warnings
   1 Notes

显示全部楼层 · 发表于 2008-10-26 17:15:49

UGuard 完成了在 C:\Documents and Settings\Administrator\桌面\Obfuscated(26 Oct) 上的扫描。
================
'Heur.Swizzor.Gen' 在 '9kgen_up.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 '9kgen_up.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 '9kgen_up.int3' 中被检测到。
'Heur.Swizzor.Gen' 在 'kr3.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'kr3.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'np_pkz.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'np_pkz.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'sn_pkz.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'tp_map16.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'tp_map16.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe1' 中被检测到。
'Heur.Swizzor.Gen' 在 'uninstall.exe2' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int1' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int2' 中被检测到。
'Heur.Swizzor.Gen' 在 'upAYB.int3' 中被检测到。
================
扫描文件数： 16
本次扫描发现了 16 个已知威胁，请及时处理。
实际文件数： 16
扫描时间： 0-00-00 00:00:12:0875
威胁比率： 100%

显示全部楼层 · 发表于 2008-10-26 21:30:34

Hello.
New malicious software was found in the attached file ().
It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.

-----------------
Regards, Kirill Erakhtin
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

显示全部楼层 · 发表于 2008-10-26 21:34:56

你是用7.0嗎?
我的庫是20:17:00,但卡巴回信是17:45

你的庫是什么版本?

显示全部楼层 · 发表于 2008-10-26 22:16:52

显示全部楼层 · 发表于 2008-10-26 23:17:18

红伞 1个

显示全部楼层 · 发表于 2008-10-26 23:26:44

清空

显示全部楼层 · 发表于 2008-10-27 07:24:41

Multi Command-Line Scanner Report
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\9kgen_up.int1
MD5 Hash: 6FB452570EFC36A1F13E0752DBE60D5D
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Trojan-Downloader.Swizzor!IK
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFK
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Trojan-Downloader.Swizzor
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vjy
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 6/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\9kgen_up.int2
MD5 Hash: 2611BA6185DDFE8867EEF50F133FFA4B
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFF
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vke
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\9kgen_up.int3
MD5 Hash: A7A0CEB40F10817F7F09A38C292CA1D6
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFN
Antivir ----- Nothing
BitDefender ----- Trojan.Swizzor.1
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkk
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 5/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\kr3.int1
MD5 Hash: 4D7D6806B6443138B9F599E92ACB5E8A
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFJ
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vjz
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- Nothing

*** 3/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\kr3.int2
MD5 Hash: 88A8F90078D138F62E8EB800E447BF5F
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Virus.Trojan.Win32.Obfuscated!IK
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFL
Antivir ----- TR/Dldr.Swizzor.Gen
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Trojan.Win32.Obfuscated
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkf
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- Nothing

*** 6/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\np_pkz.int1
MD5 Hash: AFEF1FC744A8B22DF65F1877D5659251
Type: Win64 Executable Generic / Extension: .EXE

A-squared ----- Virus.Win32.Swizzor!IK
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFP
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Win32.Swizzor
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vka
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 6/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\np_pkz.int2
MD5 Hash: 4D41094D44B9908EEDCDB94D26D820D5
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFI
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkg
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 3/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\sn_pkz.int1
MD5 Hash: EDFD5E9AC2A7806D2A3E6EEB9E700088
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFT
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkb
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\sn_pkz.int2
MD5 Hash: E41A8EBA90CEA3B13A815439E6767F2C
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFS
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkh
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\tp_map16.int1
MD5 Hash: 91CD58BB143C72501B6A4ECA6EBF558B
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFM
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkc
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.D

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\tp_map16.int2
MD5 Hash: 482015BD70108B7948141DDE09C66F84
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFH
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vki
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.D

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\uninstall.exe1
MD5 Hash: BD330A28DC45EA0520FA9A489823CE9D
Type: Win64 Executable Generic / Extension: .EXE

A-squared ----- Virus.Trojan.Win32.Obfuscated!IK
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFQ
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Trojan.Win32.Obfuscated
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vjw
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\uninstall.exe2
MD5 Hash: AEF1CCE691559968788EEEF7C26AD367
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFO
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vjx
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int1
MD5 Hash: 436F2A2953391C41499303E23BF988D4
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Virus.Trojan.Win32.Obfuscated!IK
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFG
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Trojan.Win32.Obfuscated
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkd
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 6/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int2
MD5 Hash: D8BC27F705FDC57A6F85D346CFB70FC2
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFR
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkj
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 3/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int3
MD5 Hash: FF95A22BC387C941E876BB9F072ED7D5
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Virus.Win32.Swizzor!IK
Avast ----- Nothing
Avg ----- Downloader.Swizzor.IFU
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Win32.Swizzor
Jiangmin ----- Nothing
Kaspersky ----- Trojan.Win32.Obfuscated.vkl
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 5/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------

Task done @ 2008/10/27 һ  7:24:09.08

[病毒样本] Obfuscated X16(新基因!!)100%过卡巴

本帖子中包含更多资源

Uguard对Swizzor的GEN继续有效！

回复 6楼 328397663 的帖子

NOD32 0个

本帖子中包含更多资源

浏览过的版块