几只!!!!!!!

显示全部楼层 · 发表于 2008-11-19 00:50:01

http://www.namipan.com/d/AgentM.rar/0e3d57f1ccbc82eef8e4ab1a2bc6d179ca5c89a79c870100

显示全部楼层 · 发表于 2008-11-19 01:16:54

文件 AgentM.rar 接收于 2008.11.18 18:00:01 (CET)
当前状态: 完成
结果: 8/34 (23.53%)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.11.18.2	2008.11.18	-
AntiVir	7.9.0.31	2008.11.18	HEUR/Malware
Authentium	5.1.0.4	2008.11.18	-
Avast	4.8.1281.0	2008.11.18	-
AVG	8.0.0.199	2008.11.18	-
BitDefender	7.2	2008.11.18	-
CAT-QuickHeal	10.00	2008.11.18	-
ClamAV	0.94.1	2008.11.18	-
DrWeb	4.44.0.09170	2008.11.18	BACKDOOR.Trojan
eSafe	7.0.17.0	2008.11.18	-
eTrust-Vet	31.6.6209	2008.11.14	-
Ewido	4.0	2008.11.18	-
F-Prot	4.4.4.56	2008.11.18	-
F-Secure	8.0.14332.0	2008.11.18	W32/Malware
Fortinet	3.117.0.0	2008.11.18	-
GData	19	2008.11.18	-
Ikarus	T3.1.1.45.0	2008.11.18	-
K7AntiVirus	7.10.527	2008.11.18	-
Kaspersky	7.0.0.125	2008.11.18	-
McAfee	5437	2008.11.17	-
Microsoft	1.4104	2008.11.17	-
NOD32	3622	2008.11.18	-
Norman	5.80.02	2008.11.18	W32/Malware
Panda	9.0.0.4	2008.11.17	Suspicious file
Prevx1	V2	2008.11.18	-
Rising	21.04.12.00	2008.11.18	-
SecureWeb-Gateway	6.7.6	2008.11.18	Heuristic.Malware
Sophos	4.35.0	2008.11.18	Sus/Behav-1003
Sunbelt	3.1.1801.2	2008.11.14	Backdoor.Win32.S (vf)
Symantec	10	2008.11.18	-
TheHacker	6.3.1.1.157	2008.11.18	-
TrendMicro	8.700.0.1004	2008.11.18	-
ViRobot	2008.11.18.1474	2008.11.18	-
VirusBuster	4.5.11.0	2008.11.18	-

附加信息

File size: 100252 bytes

MD5...: e95925609177398d8ba57de03da9ba9e

SHA1..: 01ec58f3bf7e24044d56118315497e59d04f9a4d

SHA256: e0fd78c6dae94f7c226ce3e4bf8a2313964677812ecd66fcb7feb5ab9d1e22ed

SHA512: 8e653f6bea6f2a1a833fc5a44155ecc62c98b5f294f77a83344d9b142ca7560b
1327fb970b67746910cef872b6ecc86ae1027e7da5db8669308ceb83b5efd7cc

PEiD..: -

TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)

PEInfo: -

Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Application uses MFC.DLL.
* File length: 20480 bytes.

[ Changes to filesystem ]
* Creates directory C:\WINDOWS\SYSTEM32\agentm.

[ Changes to registry ]
* Accesses Registry key \"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\".
* Modifies value\"UserInit\"=\"C:\WINDOWS\SYSTEM32\config\agentms.exe,\" in key\"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\".
* Creates key \"HKLM\System\CurrentControlSet\Services\AgentMNormalService\".
* Sets value \"ImagePath\"=\"C:\WINDOWS\SYSTEM32\agentm\AgentM.exe\" inkey \"HKLM\System\CurrentControlSet\Services\AgentMNormalService\".
* Sets value \"DisplayName\"=\"AgentMNormalService\" in key \"HKLM\System\CurrentControlSet\Services\AgentMNormalService\".
* Accesses Registry key \"HKLM\SYSTEM\CurrentControlSet\HardwareProfiles\Current\System\CurrentControlSet\Enum\ROOT\LEGACY_AGENTMNORMALSERVICE\0000\".
* Accesses Registry key \"HKLM\SYSTEM\CurrentControlSet\Services\AgentMNormalService\".

[ Process/window information ]
* Enumerates running processes.
* Will automatically restart after boot (I'll be back...).
* Attempts to access service \"AgentMNormalService\".
* Creates service \"AgentMNormalService (AgentMNormalService)\" as \"C:\WINDOWS\SYSTEM32\agentm\AgentM.exe\".

显示全部楼层 · 发表于 2008-11-19 20:19:23

McAfee miss

显示全部楼层 · 发表于 2008-11-19 20:21:46

小红伞——KILL

显示全部楼层 · 发表于 2008-11-19 20:25:19

kv 0

显示全部楼层 · 发表于 2008-11-19 20:52:50

to kl

[ 本帖最后由 sam.to 于 2008-11-19 20:54 编辑 ]

显示全部楼层 · 发表于 2008-11-20 13:27:40

C:\Documents and Settings\Owner\桌面\agentm.rar » RAR » AgentM.exe - Win32/Agent.OLH trojan
C:\Documents and Settings\Owner\桌面\agentm.rar » RAR » agentms.exe - Win32/Agent.OLH trojan
C:\Documents and Settings\Owner\桌面\agentm.rar » RAR » HookApiM.dll - Win32/Agent.OLH trojan
C:\Documents and Settings\Owner\桌面\agentm.rar » RAR » HookApiMon.dll - Win32/Agent.OLH trojan

显示全部楼层 · 发表于 2008-11-23 16:36:21

卡巴:
No malicious software was found in the attached file.

[病毒样本] 几只!!!!!!!

本帖子中包含更多资源