一样本 , 红伞,小A,卡巴,AVK,BD,DRWEB,NOD32,熊猫,瑞星,全过

efreebird

kuqing_ren

等待高手分析

llgiggs

這個是一個在線漫畫下載器

• Submission details:
  • Submission received: 12 November 2008, 12:58:17
  • Processing time: 7 min 29 sec
  • Submitted sample:
    • File MD5: 0xECE96F77AED0BC1AD2B3B74CFABE3426
    • Filesize: 324,544 bytes
    • Packer info: packed with: PE_Patch [Kaspersky Lab]

• Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Packed with a packer that is known to be used by malware (e.g. to complicate threat analysis or detection).

Technical Details:

• The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

• The following file was created in the system:

#	Filename(s)	File Size	File MD5	Alias
1	[file and pathname of the sample #1]	324,544 bytes	0xECE96F77AED0BC1AD2B3B74CFABE3426	packed with PE_Patch [Kaspersky Lab]

• The following directory was created:
  • %System%\data

• Note:
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Memory Modifications

• There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	1,466,368 bytes

Other details

• Analysis of the file resources indicate the following possible country of origin:

China

• The following Host Name was requested from a host database:
  • www.tortinita.org

• The following HTTP URL was started reading:
  • http://www.tortinita.org/update/md_630.html

[ 本帖最后由 llgiggs 于 2008-11-12 10:09 编辑 ]

megakotaro

回報紅傘

啊弥陀佛

什么东东？

wwzh2003

不是病毒或木马，微点没反应啊

phm

小白分析了下,没有什么恶意行为.

fzz8848

Filename                        Result
MangaDowner.exe        CLEAN

好毒，等待高手的分析。