[病毒样本] 7x

显示全部楼层 · 发表于 2008-11-19 22:24:54

卡8 高启发 4个

2008-11-19 22:23:18 已被隔离病毒 HEUR:Trojan.Win32.Generic 高局部确认 F:\病毒样本\7\EB6C4499B05FF332542345234532FHR5T
2008-11-19 22:23:18 已被隔离病毒 HEUR:Trojan.Win32.Generic 高局部确认 F:\病毒样本\7\986545140779C6EAE2C9D1B874716F53
2008-11-19 22:23:18 已被隔离病毒 HEUR:Trojan.Win32.Generic 高局部确认 F:\病毒样本\7\04C8AAB7D97034526D5338FE1D0890A8
2008-11-19 22:23:18 已被删除木马程序 Trojan.Win32.Pakes.lnl 高确定 F:\病毒样本\7\DFJ54634T6GERYWSHGSDFGDFH4FGJH5

显示全部楼层 · 发表于 2008-11-19 22:28:50

剔除后 TO KL

[ 本帖最后由 wangjay1980 于 2008-11-19 22:33 编辑 ]

显示全部楼层 · 发表于 2008-11-20 13:26:19

C:\Documents and Settings\Owner\桌面\7.rar » RAR » 2556847538692C0BE9EA45C66E66B03F » NSIS » jah32831.exe - a variant of Win32/Kryptik.BT trojan
C:\Documents and Settings\Owner\桌面\7.rar » RAR » 343TERYERTGFSDGRT6Y54YWER5YWEY - Win32/Hexzone.S trojan

显示全部楼层 · 发表于 2008-11-20 21:20:27

McAfee miss

显示全部楼层 · 发表于 2008-11-20 21:28:03

MISS

显示全部楼层 · 发表于 2008-11-20 21:29:21

[Scanning : C:\TMP]

C:\TMP\7.rar<RAR>:04C8AAB7D97034526D5338FE1D0890A8 <- Heur.W32 : No action
C:\TMP\7.rar<RAR>:2556847538692C0BE9EA45C66E66B03F<NSIS>:jah32831.exe <- Heur.W32 : No action
C:\TMP\7.rar<RAR>:986545140779C6EAE2C9D1B874716F53<DLLRES>:CABINET0.cab<CAB>:19.exe <- Heur.W32 : No action
C:\TMP\7.rar<RAR>:EB6C4499B05FF332542345234532FHR5T <- Heur.W32 : No action

Scanned objects : 16

Infected objects : 4

显示全部楼层 · 发表于 2008-11-20 21:31:20

剔除非PE文件一例

Multi Command-Line Scanner Report
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\04C8AAB7D97034526D5338FE1D0890A8.exe
Type: Win32 Executable Generic / Extension: .EXE
MD5 Hash: 04C8AAB7D97034526D5338FE1D0890A8

A-squared ----- Backdoor.Win32.HacDef.073.B!IK
Avast -----Nothing
Avg ----- Win32/NSAnti
AntiVir ----- TR/Crypt.XPACK.Gen
BitDefender ----- Trojan.Crypt.Delf.AF
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
Ikarus ----- Backdoor.Win32.HacDef.073.B
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 ----- MalwareScope.Trojan-PSW.Game.13

*** 6/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\2556847538692C0BE9EA45C66E66B03F.exe
Type: Win32 Executable MS Visual C++ / Extension: .EXE
MD5 Hash: 2556847538692C0BE9EA45C66E66B03F

A-squared ----- Trojan-Dropper.Win32.Alureon!IK
Avast -----Nothing
Avg ----- SHeur2.CHS
AntiVir ----- Worm/Autorun.HUV.11
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset ----- a variant of Win32/Kryptik.BT trojan
Ikarus ----- Trojan-Dropper.Win32.Alureon
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 5/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\343TERYERTGFSDGRT6Y54YWER5YWEY.dll
Type: DirectShow filter / Extension: .AX
MD5 Hash: BCC4635AA430BABFCCFBD14A922F4912

A-squared ----- Trojan-Ransom.Win32.Hexzone!IK
Avast -----Nothing
Avg ----- Generic12.OVW
AntiVir ----- TR/Agent.328704.A
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset ----- Win32/Hexzone.S trojan
Ikarus ----- Trojan-Ransom.Win32.Hexzone
Jiangmin -----Nothing
Kaspersky ----- Trojan-Ransom.Win32.Hexzone.gfl
Kingsoft -----Nothing
Vba32 -----Nothing

*** 6/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\34634JTH3JHJRTHWGTERJYWERT6246FD.dll
Type: Win64 Executable Generic / Extension: .EXE
MD5 Hash: B1FA2D051292F31B6CFE46DF33EDB669

A-squared -----Nothing
Avast -----Nothing
Avg -----Nothing
AntiVir -----Nothing
BitDefender -----Nothing
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
Ikarus -----Nothing
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 -----Nothing

*** 0/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\986545140779C6EAE2C9D1B874716F53.exe
Type: Win64 Executable Generic / Extension: .EXE
MD5 Hash: 986545140779C6EAE2C9D1B874716F53

A-squared ----- Backdoor.Win32.HacDef.073.B!IK
Avast -----Nothing
Avg ----- Win32/NSAnti
AntiVir ----- TR/Crypt.Delf.AF.87
BitDefender ----- Trojan.Crypt.Delf.AF
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
Ikarus ----- Backdoor.Win32.HacDef.073.B
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 ----- MalwareScope.Trojan-PSW.Game.13

*** 6/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------
D:\Desk\Samples\Collect\MCLS\EB6C4499B05FF332542345234532FHR5T.exe
Type: Win32 Executable Generic / Extension: .EXE
MD5 Hash: 04C8AAB7D97034526D5338FE1D0890A8

A-squared ----- Backdoor.Win32.HacDef.073.B!IK
Avast -----Nothing
Avg ----- Win32/NSAnti
AntiVir ----- TR/Crypt.XPACK.Gen
BitDefender ----- Trojan.Crypt.Delf.AF
ClaimWin -----Nothing
Dr.Web -----Nothing
Eset -----Nothing
Ikarus ----- Backdoor.Win32.HacDef.073.B
Jiangmin -----Nothing
Kaspersky -----Nothing
Kingsoft -----Nothing
Vba32 ----- MalwareScope.Trojan-PSW.Game.13

*** 6/13 antivirus engines found virus in this file ***
-------------------------------------------------------------------------

Task done @ 2008/11/20 四 21:30:22.82
Note: The results might be different from that of the GUI version.

显示全部楼层 · 发表于 2008-11-20 21:34:10

紅傘漏兩個
已上報

显示全部楼层 · 发表于 2008-11-20 21:36:03

金山毒霸可信认证技术查询结果如下

04C8AAB7D97034526D5338FE1D0890A8    -----------    未知
2556847538692C0BE9EA45C66E66B03F    -----------    未知
343TERYERTGFSDGRT6Y54YWER5YWEY    -----------    未知
34634JTH3JHJRTHWGTERJYWERT6246FD    -----------    安全
986545140779C6EAE2C9D1B874716F53    -----------    未知
DFJ54634T6GERYWSHGSDFGDFH4FGJH5    -----------    未知
EB6C4499B05FF332542345234532FHR5T    -----------    未知

[病毒样本] 7x

本帖子中包含更多资源

F-Prot 4.4.4, NVC 5.99

ArcaVir2008