费尔说:
V:\virusdoc20081102\v004\008\readme[1]\readme.exe Adware.BHO.bpa.uski.arc 广告程序 还未处理
Norman SandBox
readme.exe : Not detected by Sandbox (Signature: NetworkWorm.FFU)
[ DetectionInfo ]
* Sandbox name: NO_MALWARE
* Signature name: NetworkWorm.FFU
* Compressed: NO
* TLS hooks: NO
* Executable type: Application
* Executable file structure: OK
* Filetype: PE_I386
[ General information ]
* File length: 656600 bytes.
* MD5 hash: 5766a9d0f591900f91616bf3b6874442.
[ Changes to filesystem ]
* Creates directory C:\WINDOWS\TEMP\.
* Creates file C:\WINDOWS\TEMP\nsg1748.tmp.
* Deletes file C:\WINDOWS\TEMP\nsg1748.tmp.
* Creates file C:\WINDOWS\TEMP\nsa0505.tmp.
* Creates directory C:\WINDOWS.
* Creates directory C:\WINDOWS\TEMP.
* Creates file C:\WINDOWS\TEMP\10085.exe.
* Creates file C:\WINDOWS\TEMP\msn055.exe.
[ Signature Scanning ]
* C:\WINDOWS\TEMP\10085.exe (224371 bytes) : no signature detection.
沙盘日志2:ht tp://www.threatexpert.com/report.aspx?md5=5766a9d0f591900f91616bf3b6874442
文件 readme.exe 接收于 2008.11.01 20:31:01 (CET)
结果: 22/36 (61.12%)
反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.11.1.0 2008.11.01 -
AntiVir 7.9.0.10 2008.10.31 DR/Shutdowner.WG.6
Authentium 5.1.0.4 2008.11.01 -
Avast 4.8.1248.0 2008.11.01 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.11.01 Generic10.ARFI
BitDefender 7.2 2008.11.01 Dropped:Trojan.Generic.493967
CAT-QuickHeal 9.50 2008.11.01 -
ClamAV 0.94.1 2008.11.01 PUA.Packed.NPack-2
DrWeb 4.44.0.09170 2008.11.01 Trojan.Click.20068
eSafe 7.0.17.0 2008.10.30 Win32.Warezov.gen
eTrust-Vet 31.6.6185 2008.11.01 -
Ewido 4.0 2008.11.01 -
F-Prot 4.4.4.56 2008.11.01 -
F-Secure 8.0.14332.0 2008.11.01 Trojan-Downloader.Win32.Small.afxi
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.11.01 Dropped:Trojan.Generic.493967
Ikarus T3.1.1.44.0 2008.11.01 Trojan.Win32.Shutdowner.wg
K7AntiVirus 7.10.514 2008.11.01 -
Kaspersky 7.0.0.125 2008.11.01 Trojan.Win32.Shutdowner.wg
McAfee 5420 2008.11.01 Generic Downloader.x
Microsoft 1.4005 2008.11.01 Trojan:Win32/Cinmeng
NOD32 3575 2008.10.31 Win32/Agent.SAO
Norman 5.80.02 2008.10.31 NetworkWorm.FFU
Panda 9.0.0.4 2008.11.01 -
PCTools 4.4.2.0 2008.11.01 -
Prevx1 V2 2008.11.01 -
Rising 21.01.52.00 2008.11.01 Trojan.Win32.Undef.ito
SecureWeb-Gateway 6.7.6 2008.11.01 Trojan.Dropper.Shutdowner.WG.6
Sophos 4.35.0 2008.11.01 Mal/DelpDldr-C
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.11.01 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 PAK_Generic.005
VBA32 3.12.8.9 2008.11.01 Trojan.Win32.Shutdowner.wg
ViRobot 2008.10.31.1446 2008.10.31 Spyware.Shutdowner.656600
VirusBuster 4.5.11.0 2008.10.31 Trojan.Shutdowner.EC
附加信息
File size: 656600 bytes
MD5...: 5766a9d0f591900f91616bf3b6874442
SHA1..: eaf93e1f47af423f6de3c86245b8561fdb1cb24c
SHA256: cf26f2be77a893073b63d0d9eb62269e7ac31d3984bcc6af650806d8b8c2bc09
SHA512: e58beeb6ed49a4043aa5c511479e301d44fc04e9e11ac47503d96d269e051ff5
2cc3f2a66bc1e585fc6aa8dc4f6a454efaee401124b41cb970079ab9878e4c48
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4032d9
timedatestamp.....: 0x4436a87e (Fri Apr 07 17:59:26 2006)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5a2e 0x5c00 6.39 e780cc584440ad9d18ce5c3634e58b2f
.rdata 0x7000 0x10f2 0x1200 5.05 8e200768cddae49a4df8d340f3025521
.data 0x9000 0x1b414 0x400 5.13 024eddef4311336b128e1c01e078dcd2
.ndata 0x25000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2d000 0x25a0 0x2600 5.43 2c4ddcec34c18bafe33761c7f82cef6b
( 8 imports )
> KERNEL32.dll: CloseHandle, SetFileTime, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, CreateFileA, GetFileSize, GetModuleFileNameA, GetTickCount, lstrcmpiA, CopyFileA, ExitProcess, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, lstrcmpA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetCurrentProcess
> USER32.dll: ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, DispatchMessageA, PeekMessageA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, TrackPopupMenu, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetMalloc, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
( 0 exports )
packers (Avast): ASProtect
packers (Kaspersky): PE_Patch
VirSCAN.org Scanned Report :
Scanned time : 2008/11/02 03:31:48 (CST)
Scanner results: 64%的杀软(25/39)报告发现病毒
File Name : readme.exe
File Size : 656600 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 5766a9d0f591900f91616bf3b6874442
SHA1 : eaf93e1f47af423f6de3c86245b8561fdb1cb24c
Online report : ht tp://virscan.org/report/556af2362552bc977963009ee582f742.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.23 2008.11.01 2008-11-01 1.72 -
安博士V3 2008.11.01.00 2008.11.01 2008-11-01 1.04 -
AntiVir 7.9.0.10 7.1.0.26 2008-10-31 1.48 DR/Shutdowner.WG.6
安天 2.0.18 20081031.1531246 2008-10-31 0.22 Trojan/Win32.Agent.vaad
Arcavir 1.0.5 200811010721 2008-11-01 2.38 Trojan.Spy.Banker.Bsh
Authentium 5.1.1 200810270445 2008-10-27 1.15 -
AVAST! 3.0.1 081031-1 2008-10-31 0.03 Win32:Trojan-gen {Other}
AVG 7.5.52.442 270.8.5/1760 2008-11-01 1.72 -
BitDefender 7.60825.2029673 7.21611 2008-11-02 7.28 Dropped:Trojan.Generic.493967
CA (VET) 9.0.0.143 31.6.6185 2008-10-31 3.83 -
ClamAV 0.94 8552 2008-11-01 0.22 PUA.Packed.NPack-2
Comodo 2.11 2.0.0.694 2008-11-01 0.48 -
CP Secure 1.1.0.715 2008.11.01 2008-11-01 6.64 Troj.W32.Agent.sao
Dr.Web 4.44.0.9170 2008.11.01 2008-11-01 4.15 Adware.Sogou.111
ewido 4.0.0.2 2008.11.01 2008-11-01 3.39 -
F-Prot 4.4.4.56 20081101 2008-11-01 1.12 -
F-Secure 5.51.6100 2008.11.01.01 2008-11-01 0.70 Trojan.Win32.Shutdowner.wg [AVP]
飞塔 2.81-3.117 9.682 2008-10-31 0.23 -
GData 19.1256/19.84 20081029 2008-10-29 2.95 Trojan.Win32.Shutdowner.wg [Engine:A]
ViRobot 20081030 2008.10.30 2008-10-30 0.41 -
Ikarus T3.1.01.44 2008.11.01.71774 2008-11-01 2.98 Trojan.Win32.Shutdowner.wg
江民杀毒 11.0.706 2008.11.01 2008-11-01 1.59 AdWare/Cinmus.Gen
卡巴斯基 5.5.10 2008.11.01 2008-11-01 0.61 Trojan.Win32.Shutdowner.wg
金山毒霸 2008.9.8.18 2008.11.1.15 2008-11-01 1.11 Win32.Troj.BhoT.li.151552
迈克菲 5.3.00 5420 2008-10-31 2.25 Generic Downloader.x
Microsoft 1.4005 2008.11.01 2008-11-01 10.78 Trojan:Win32/Cinmeng
mks_vir 2.01 2008.10.31 2008-10-31 2.68 Trojan.Downloader.Win32.Agent.xko
Norman 5.93.01 5.93.00 2008-10-31 5.50 NetworkWorm.FFU
熊猫卫士 9.05.01 2008.11.01 2008-11-01 3.31 Trj/Downloader.MDW
趋势科技 8.700-1004 5.632.32 2008-11-01 0.67 Cryp_Naix-6
Quick Heal 9.50 2008.11.01 2008-11-01 2.03 -
瑞星 20.0 21.01.52.00 2008-11-01 1.65 Trojan.Win32.Undef.ito
Sophos 2.80.0 4.35 2008-11-02 2.29 Mal/DelpDldr-C
Sunbelt 3.1.1767.2 2360 2008-10-30 0.72 -
赛门铁克 1.3.0.24 20081101.003 2008-11-01 0.07 -
nProtect 2008-10-31.01 2381400 2008-10-31 5.13 Dropped:Trojan.Generic.493967
The Hacker 6.3.1.1 v00135 2008-10-30 0.46 -
VBA32 3.12.8.9 20081031.1448 2008-10-31 10.45 Trojan.Win32.Shutdowner.wg
VirusBuster 4.5.11.10 10.90.20/671016 2008-10-31 2.40 Trojan.Shutdowner.EC |
楼主: 浙江一哥
发表于 2008-10-30 08:55:38
