10月28日的Obfuscated X17

显示全部楼层 · 发表于 2008-10-29 16:13:30

238150f8892f7d36286239104dbbcad0  upAYB.int1
36ce69da0c78d51972c9b6b64749a16c  np_pkz.int2
41a3eb3eec6eaf5d706bc307382f0fae  uninstall.exe3
4729604fe86b82bab08396827418bfb7  tp_map16.int1
52c44da221d980e4b66cf37b788f4073  upAYB.int3
7006ee329237ae1c70f5aca38e5a3793  9kgen_up.int1
7366d0959894fe979e59389e2182b74c  sn_pkz.int1
951520f74926dccc8e96d9af69b0626c  uninstall.exe1
99b9bc29bdcac7f39cc61a9d1917765b  upAYB.int2
b11be7571143c64376477531889d3592  -sn_pkz.int2
c6c1398e53ffe70a5c4c55d2db5cf35e  --9kgen_up.int
d61d0abd67faa11961cbd9c3e3c2cf17  -tp_map16.int2
e1582ac1b60cb6fd985013222e1ce250  uninstall.exe2
e4b7fd3744d468e46548806150574bba  uninstall.exe4
e7c6be656c77940759716e0b8077a873  sn_pkz.int3
f255f3afce669c9e3ccc12055634ef56  np_pkz.int1
f73ad64a65e2171f85c289c9d49e94b2  kr3.int1

-9kgen_up.int - Trojan.Win32.Obfuscated.vwq,
-sn_pkz.int2 - Trojan.Win32.Obfuscated.vxf,
-tp_map16.int2 - Trojan.Win32.Obfuscated.vwr,
9kgen_up.int1 - Trojan.Win32.Obfuscated.vwz,
kr3.int1 - Trojan.Win32.Obfuscated.vxa,
np_pkz.int1 - Trojan.Win32.Obfuscated.vxb,
np_pkz.int2 - Trojan.Win32.Obfuscated.vxc,
sn_pkz.int1 - Trojan.Win32.Obfuscated.vxd,
sn_pkz.int3 - Trojan.Win32.Obfuscated.vxe,
tp_map16.int1 - Trojan.Win32.Obfuscated.vxg,
uninstall.exe1 - Trojan.Win32.Obfuscated.vws,
uninstall.exe2 - Trojan.Win32.Obfuscated.vwt,
uninstall.exe3 - Trojan.Win32.Obfuscated.vwu,
uninstall.exe4 - Trojan.Win32.Obfuscated.vwv,
upAYB.int1 - Trojan.Win32.Obfuscated.vww,
upAYB.int2 - Trojan.Win32.Obfuscated.vwx,
upAYB.int3 - Trojan.Win32.Obfuscated.vwy

[ 本帖最后由 kato9096 于 2008-11-15 23:51 编辑 ]

显示全部楼层 · 发表于 2008-10-29 16:17:06

显示全部楼层 · 发表于 2008-10-29 16:24:49

Multi Command-Line Scanner Report
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\--9kgen_up.int
MD5 Hash: C6C1398E53FFE70A5C4C55D2DB5CF35E
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\9kgen_up.int1
MD5 Hash: 7006EE329237AE1C70F5ACA38E5A3793
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\kr3.int1
MD5 Hash: F73AD64A65E2171F85C289C9D49E94B2
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Trojan.Obfuscated!IK
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Trojan.Obfuscated
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\np_pkz.int1
MD5 Hash: F255F3AFCE669C9E3CCC12055634EF56
Type: Win64 Executable Generic / Extension: .EXE

A-squared ----- Virus.Win32.Swizzor!IK
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Win32.Swizzor
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\np_pkz.int2
MD5 Hash: 36CE69DA0C78D51972C9B6B64749A16C
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\sn_pkz.int1
MD5 Hash: 7366D0959894FE979E59389E2182B74C
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\-sn_pkz.int2
MD5 Hash: B11BE7571143C64376477531889D3592
Type: Win64 Executable Generic / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\sn_pkz.int3
MD5 Hash: E7C6BE656C77940759716E0B8077A873
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Virus.Trojan.Win32.Obfuscated!IK
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Trojan.Win32.Obfuscated
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\tp_map16.int1
MD5 Hash: 4729604FE86B82BAB08396827418BFB7
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.D

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\-tp_map16.int2
MD5 Hash: D61D0ABD67FAA11961CBD9C3E3C2CF17
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.D

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\uninstall.exe1
MD5 Hash: 951520F74926DCCC8E96D9AF69B0626C
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 0/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\uninstall.exe2
MD5 Hash: E1582AC1B60CB6FD985013222E1CE250
Type: Win64 Executable Generic / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- Nothing

*** 1/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\uninstall.exe3
MD5 Hash: 41A3EB3EEC6EAF5D706BC307382F0FAE
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- Nothing

*** 0/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\uninstall.exe4
MD5 Hash: E4B7FD3744D468E46548806150574BBA
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- Nothing

*** 1/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int1
MD5 Hash: 238150F8892F7D36286239104DBBCAD0
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- TR/Dldr.Swizzor.Gen
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int2
MD5 Hash: 99B9BC29BDCAC7F39CC61A9D1917765B
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Virus.Win32.Swizzor!IK
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- Nothing
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Virus.Win32.Swizzor
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Win32.Troj.SwizzorsT.ty
Vba32 ----- OScope.Trojan.BagsWay.C

*** 4/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\upAYB.int3
MD5 Hash: 52C44DA221D980E4B66CF37B788F4073
Type: Win32 Executable MS Visual C++ / Extension: .EXE

A-squared ----- Nothing
Avast ----- Nothing
Avg ----- Nothing
Antivir ----- TR/Dldr.Swizzor.Gen
BitDefender ----- Nothing
ClamWin ----- Nothing
Dr.Web ----- Nothing
NOD32 ----- Nothing
Ikarus ----- Nothing
Jiangmin ----- Nothing
Kaspersky ----- Nothing
Kingsoft ----- Nothing
Vba32 ----- OScope.Trojan.BagsWay.C

*** 2/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------

Task done @ 2008/10/29 三 16:22:59.25

显示全部楼层 · 发表于 2008-10-29 16:28:35

交给“有组织犯罪调查科”

显示全部楼层 · 发表于 2008-10-29 16:30:57

这个重要的任務交给你

显示全部楼层 · 发表于 2008-10-29 17:13:21

这个 swizzor 实在取得好呀

信息 2008-10-29  17:09:32 您此次查毒共查出12个病毒以及危险代码
信息 2008-10-29  17:09:32 您此次查毒共查了内存模块0个，磁盘引导扇区0个，文件18个
信息 2008-10-29  17:09:32 金山毒霸主程序查毒过程结束，查毒方式：命令行查毒
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 2\upAYB.int2 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 2\tp_map16.int1 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 2\np_pkz.int2 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 2\np_pkz.int1 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 2\-tp_map16.int2 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 1\uninstall.exe4 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 1\uninstall.exe2 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 1\sn_pkz.int3 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 1\sn_pkz.int1 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 1\9kgen_up.int1 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 1\-sn_pkz.int2 Win32.Troj.SwizzorsT.ty 跳过，未处理
病毒 2008-10-29  17:09:32 D:\Desktop\Obfuscated (28 Oct)\Obfuscated (28 Oct) Part 1\--9kgen_up.int Win32.Troj.SwizzorsT.ty 跳过，未处理

Kingsoft Trusted Authentication Summary

The Summary Was Created by Kingsoft Trusted Authentication Viewer

==========================================

FileName :          --9kgen_up.int
FileMD5Checksum : c6c1398e53ffe70a5c4c55d2db5cf35e
FileSecurityLevel :  Unknown

FileName :          -sn_pkz.int2
FileMD5Checksum : b11be7571143c64376477531889d3592
FileSecurityLevel :  Unknown

FileName :          9kgen_up.int1
FileMD5Checksum : 7006ee329237ae1c70f5aca38e5a3793
FileSecurityLevel :  Unknown

FileName :          sn_pkz.int1
FileMD5Checksum : 7366d0959894fe979e59389e2182b74c
FileSecurityLevel :  Unknown

FileName :          sn_pkz.int3
FileMD5Checksum : e7c6be656c77940759716e0b8077a873
FileSecurityLevel :  Unknown

FileName :          uninstall.exe1
FileMD5Checksum : 951520f74926dccc8e96d9af69b0626c
FileSecurityLevel :  Unknown

FileName :          uninstall.exe2
FileMD5Checksum : e1582ac1b60cb6fd985013222e1ce250
FileSecurityLevel :  Unknown

FileName :          uninstall.exe3
FileMD5Checksum : 41a3eb3eec6eaf5d706bc307382f0fae
FileSecurityLevel :  Unknown

==========================================

Summary Done

Kingsoft Trusted Authentication Summary

The Summary Was Created by Kingsoft Trusted Authentication Viewer

==========================================

FileName :          -tp_map16.int2
FileMD5Checksum : d61d0abd67faa11961cbd9c3e3c2cf17
FileSecurityLevel :  Unknown

FileName :          kr3.int1
FileMD5Checksum : f73ad64a65e2171f85c289c9d49e94b2
FileSecurityLevel :  Unknown

FileName :          np_pkz.int1
FileMD5Checksum : f255f3afce669c9e3ccc12055634ef56
FileSecurityLevel :  Unknown

FileName :          np_pkz.int2
FileMD5Checksum : 36ce69da0c78d51972c9b6b64749a16c
FileSecurityLevel :  Unknown

FileName :          tp_map16.int1
FileMD5Checksum : 4729604fe86b82bab08396827418bfb7
FileSecurityLevel :  Unknown

FileName :          upAYB.int1
FileMD5Checksum : 238150f8892f7d36286239104dbbcad0
FileSecurityLevel :  Unknown

FileName :          upAYB.int2
FileMD5Checksum : 99b9bc29bdcac7f39cc61a9d1917765b
FileSecurityLevel :  Unknown

==========================================

Summary Done

[病毒样本] 10月28日的Obfuscated X17

本帖子中包含更多资源

貌似这个组织最近小JJ又痒了。

回复 4楼 wangjay1980 的帖子

浏览过的版块