fake anti-virus program

显示全部楼层 · 发表于 2008-11-28 07:07:52

http://websecurityonlineguide.com/ws/index.php

显示全部楼层 · 发表于 2008-11-28 07:17:09

文件 install.exe 接收于 2008.11.28 00:09:33 (CET)
当前状态: 正在读取 ... 队列中等待中扫描中完成未发现停止

结果: 3/37 (8.11%)
正在读取服务器信息中...
您的文件所排队列位置: 1.
预计开始时间为 38 和 55 秒之间.
扫描完成前请勿关闭窗口.
目前针对您的文件所进行的扫描进程已停止, 我们将会在稍后恢复.
如果您的等候时间超过 5 分钟, 请重新发送文件.
您的文件目前正在被 VirusTotal 扫描中,
结果将会稍后完成时生成.
格式化文本打印结果  您的文件已过期或不存在.
目前服务已停止, 您的文件将会稍后的未知时间内进行扫描 (位置: ).

您可以继续等待回应 (自动读取) 或者在下面的表单内输入您的电子邮件地址, 并按下 "获取", 当扫描完成时, 系统会自动给您发送电子邮件通知.
Email:


反病毒引擎版本最后更新扫描结果
AhnLab-V3 2008.11.27.4 2008.11.27 -
AntiVir 7.9.0.35 2008.11.27 -
Authentium 5.1.0.4 2008.11.27 -
Avast 4.8.1281.0 2008.11.27 -
AVG 8.0.0.199 2008.11.27 -
BitDefender 7.2 2008.11.27 -
CAT-QuickHeal 10.00 2008.11.27 -
ClamAV 0.94.1 2008.11.27 -
DrWeb 4.44.0.09170 2008.11.27 -
eSafe 7.0.17.0 2008.11.27 Suspicious File
eTrust-Vet 31.6.6233 2008.11.27 -
Ewido 4.0 2008.11.27 -
F-Prot 4.4.4.56 2008.11.27 -
F-Secure 8.0.14332.0 2008.11.27 -
Fortinet 3.117.0.0 2008.11.27 -
GData 19 2008.11.27 -
Ikarus T3.1.1.45.0 2008.11.27 -
K7AntiVirus 7.10.536 2008.11.27 -
Kaspersky 7.0.0.125 2008.11.27 -
McAfee 5447 2008.11.27 -
McAfee+Artemis 5447 2008.11.27 -
Microsoft 1.4104 2008.11.27 -
NOD32 3647 2008.11.27 -
Norman 5.80.02 2008.11.27 -
Panda 9.0.0.4 2008.11.27 Suspicious file
PCTools 4.4.2.0 2008.11.27 -
Prevx1 V2 2008.11.28 -
Rising 21.05.32.00 2008.11.27 -
SecureWeb-Gateway 6.7.6 2008.11.27 -
Sophos 4.35.0 2008.11.27 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.27 -
TheHacker 6.3.1.1.165 2008.11.27 -
TrendMicro 8.700.0.1004 2008.11.27 PAK_Generic.001
VBA32 3.12.8.9 2008.11.27 -
ViRobot 2008.11.27.1489 2008.11.27 -
VirusBuster 4.5.11.0 2008.11.27 -
附加信息
File size: 52781 bytes
MD5...: 64039654b3094a1adb9d40962885e5d3
SHA1..: 82250fdec954d94f80ab3a71a011ec436d9d887d
SHA256: 08e75910a94c499bde5dd0f1ba3f329a1d5119e7882d8ee5a21e6668195df693
SHA512: 12edc36ceae22ac7cca6608cf13ef9cec96658a55959eec2bc3bfc9dc7b83b1c
ec1cb666276ac5ca710d822f35cb5d459588c8b1bb6fc73da30ed747be423d77

ssdeep: 1536:7m3OUWBB/3bOEJNW2fdCo04nouy8bEY5qnX9:K3OUoBRLWm0o0woutbLInX
9

PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.4%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Win16/32 Executable Delphi generic (2.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x423eb0
timedatestamp.....: 0x492edf45 (Thu Nov 27 17:56:21 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x19000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x1a000 0xb000 0xac00 7.96 10f1fb47c35ddb28936a323290d6888b
.rsrc 0x25000 0x2000 0x1e00 5.03 bc10feb070d79a8932208af20c2868a1

( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> advapi32.dll: RegCloseKey
> comctl32.dll: ImageList_Draw
> gdi32.dll: SaveDC
> oleaut32.dll: SysFreeString
> user32.dll: GetDC
> wininet.dll: InternetOpenW

( 0 exports )

packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA

显示全部楼层 · 发表于 2008-11-28 07:55:21

b96673beb52bf59eff6745bf87eafdfa install.e3xe

to kl

显示全部楼层 · 发表于 2008-11-28 09:09:03

FS 被过。。

显示全部楼层 · 发表于 2008-11-28 14:08:31

诺顿阻止

显示全部楼层 · 发表于 2008-11-28 14:27:13

原帖由 kkgh 于 2008-11-28 14:08 发表
诺顿阻止

对,网页防护毫不留情地挡了,linkscanner也是

显示全部楼层 · 发表于 2008-11-28 15:39:27

Hello,

install.e3xe - Trojan-Downloader.Win32.Delf.pwy

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

显示全部楼层 · 发表于 2008-11-28 15:56:24

http://www.threatexpert.com/repo ... 59eff6745bf87eafdfa

显示全部楼层 · 发表于 2008-11-28 15:57:53

下載物:

ws.zip (1.2 MB, 下载次数: 69)

显示全部楼层 · 发表于 2008-11-28 16:02:38

全部TO NOD

[已鉴定] fake anti-virus program

回复 9楼 sam.to 的帖子