天龙八部cls33si-fu登陆器再次更新:2008-12-18
小马下载:ht tp://www.cls33.cn/tianlong.exe
费尔说:
v005\新建文件夹\tianlong.exe>>tl.exe Trojan.Cap8121818.jxub 木马 还未处理
PS:在游戏中老收到,可惜盗不了我的号。
文件: tianlong.exe
大小: 121790 字节
修改时间: 2008年12月21日, 3:08:50
MD5: 7DE5587F600F7BE006023934170AA725
SHA1: 74492AC2C59003DC8562082CE09C2E619ECE74B2
CRC32: 7DD4EBCA
w ww.cls33. c n >> 58.57.65.196
本站主数据:山东省潍坊市 电信
参考数据一:山东省潍坊市 电信
参考数据二:山东省潍坊市 电信IDC机房
沙盘日志:htt p://www.threatexpert.com/report.aspx?md5=7de5587f600f7be006023934170aa725
Norman SandBox
小 : Not detected by Sandbox (Signature: NO_VIRUS)
[ DetectionInfo ]
* Sandbox name: NO_MALWARE
* Signature name: NO_VIRUS
* Compressed: NO
* TLS hooks: NO
* Executable type: Application
* Executable file structure: OK
* Filetype: PE_I386
[ General information ]
* Applications uses MSVBVM60.DLL (Visual Basic 6).
* Form uses id Form.
* File length: 121790 bytes.
* MD5 hash: 7de5587f600f7be006023934170aa725.
[ Changes to filesystem ]
* Creates directory C:.
* Creates directory C:\WINDOWS.
* Creates file C:\WINDOWS\__tmp_rar_sfx_access_check_341127.
* Deletes file __tmp_rar_sfx_access_check_341127.
* Creates file C:\WINDOWS\)™kè.exe.
* Creates file C:\WINDOWS\tl.exe.
[ Process/window information ]
* Creates a dialogbox with caption "WinRAR ê㋇ö".
* Buttons found in dialogbox: id102[278,173]"Oè(&W)..." id1[211,223]"‰Å" id2[278,223]"Öˆ" .
* Creates a dialogbox with caption "".
* Buttons found in dialogbox: id1[211,223]"¥×" id2[278,223]"òY" .
* Pressing button with id 1 "".
* Attempts to open CLSID {00000005-0000-0000-2C00-000094590500}.
* Attemps to NULL C:\WINDOWS\)™kè.exe NULL.
* Creates process ")™kè.exe".
* Creates a COM object with CLSID {FCFB3D23-A0FA-1068-A738-08002B3371B5} : VBRuntime.
* Creates a COM object with CLSID {E93AD7C1-C347-11D1-A3E2-00A0C90AEA82} : VBRuntime6.
[ Signature Scanning ]
* C:\WINDOWS\)™kè.exe (20480 bytes) : no signature detection.
* C:\WINDOWS\tl.exe (17408 bytes) : no signature detection.
VirSCAN.org Scanned Report :
Scanned time : 2008/12/21 03:10:41 (CST)
Scanner results: 41%的杀软(16/39)报告发现病毒
File Name : tianlong.exe
File Size : 121790 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 7de5587f600f7be006023934170aa725
SHA1 : 74492ac2c59003dc8562082ce09c2e619ece74b2
Online report : ht tp://virscan.org/report/732557de4c250d8d078b1f4739def149.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.28 20081219013143 2008-12-19 4.19 Trojan-Spy.Win32.Treemz!IK
安博士V3 2008.12.21.00 2008.12.21 2008-12-21 1.00 -
AntiVir 7.9.0.45 7.1.1.14 2008-12-19 1.67 TR/PSW.Online.bin
安天 2.0.18 20081220.1879959 2008-12-20 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.52 -
Authentium 5.1.1 200812192224 2008-12-19 1.12 -
AVAST! 3.0.1 081219-0 2008-12-19 0.02 -
AVG 7.5.52.442 270.9.19/1859 2008-12-20 1.82 PSW.OnlineGames.BJJY
BitDefender 7.81008.2372714 7.22661 2008-12-21 2.23 Trojan.PWS.OnlineGames.ZWU
CA (VET) 9.0.0.143 31.6.6271 2008-12-20 5.97 Win32/Treemz!generic trojan.
ClamAV 0.94.1 8787 2008-12-20 0.07 -
Comodo 3.0 783 2008-12-20 0.82 -
CP Secure 1.1.0.715 2008.12.20 2008-12-20 6.29 -
Dr.Web 4.44.0.9170 2008.12.20 2008-12-20 3.77 Trojan.PWS.Wsgame.origin
ewido 4.0.0.2 2008.12.20 2008-12-20 5.12 -
F-Prot 4.4.4.56 20081220 2008-12-20 1.15 -
F-Secure 5.51.6100 2008.12.20.02 2008-12-20 4.15 -
飞塔 2.81-3.117 9.832 2008-12-19 0.46 -
GData 19.2006/19.151 20081220 2008-12-20 3.38 -
ViRobot 20081219 2008.12.19 2008-12-19 0.41 -
Ikarus T3.1.01.45 2008.12.20.72036 2008-12-20 3.72 Trojan-Spy.Win32.Treemz
江民杀毒 11.0.706 11.0.706.. 11.0.706-- 1.49 -
卡巴斯基 5.5.10 2008.12.20 2008-12-20 0.18 -
金山毒霸 2008.9.8.18 2008.12.20.20 2008-12-20 0.91 Win32.Troj.OnlineGames.ak.65536
迈克菲 5.3.00 5470 2008-12-20 2.84 PWS-Gamania.gen.dll
Microsoft 1.4205 2008.12.20 2008-12-20 4.78 TrojanSpy:Win32/Treemz.gen!A
mks_vir 2.01 2008.12.19 2008-12-19 2.98 -
Norman 5.93.01 5.93.00 2008-12-18 5.86 -
熊猫卫士 9.05.01 2008.12.20 2008-12-20 2.63 Suspicious file
趋势科技 8.700-1004 5.724.12 2008-12-20 0.08 -
Quick Heal 10.00 2008.12.20 2008-12-20 0.88 -
瑞星 20.0 21.08.52.00 2008-12-20 1.05 Trojan.PSW.Win32.TLOnline.cg
Sophos 2.82.1 4.37 2008-12-21 2.01 Mal/Dropper-Y
Sunbelt 4754 4754 2008-12-10 0.79 -
赛门铁克 1.3.0.24 20081220.003 2008-12-20 0.08 Infostealer.Gampass
nProtect 20081215.03 2773539 2008-12-15 3.25 Trojan/W32.Chifrax.632940
The Hacker 6.3.1.2 v00193 2008-12-19 0.47 -
VBA32 3.12.8.10 20081220.1338 2008-12-20 1.62 BScope.Dropper.Pimpa.3
VirusBuster 4.5.11.10 10.98.3/730823 2008-12-19 1.13 -
文件 tianlong.exe 接收于 2008.12.20 20:10:27 (CET)
结果: 19/37 (51.36%)
ht tp://www.virustotal.com/zh-cn/analisis/6f87064f02fb0fc87dabb2d1b11dd52d
反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.12.19.3 2008.12.20 -
AntiVir 7.9.0.45 2008.12.19 TR/PSW.Online.bin
Authentium 5.1.0.4 2008.12.20 -
Avast 4.8.1281.0 2008.12.19 -
AVG 8.0.0.199 2008.12.20 PSW.Generic6.ATSN
BitDefender 7.2 2008.12.20 Trojan.PWS.OnlineGames.ZWU
CAT-QuickHeal 10.00 2008.12.20 -
ClamAV 0.94.1 2008.12.20 -
Comodo 783 2008.12.20 -
DrWeb 4.44.0.09170 2008.12.20 Trojan.PWS.Wsgame.origin
eSafe 7.0.17.0 2008.12.18 Suspicious File
eTrust-Vet 31.6.6271 2008.12.20 -
Ewido 4.0 2008.12.20 -
F-Prot 4.4.4.56 2008.12.20 -
F-Secure 8.0.14332.0 2008.12.20 W32/Malware
Fortinet 3.117.0.0 2008.12.20 -
GData 19 2008.12.20 Trojan.PWS.OnlineGames.ZWU
Ikarus T3.1.1.45.0 2008.12.20 Trojan-Spy.Win32.Treemz
K7AntiVirus 7.10.560 2008.12.20 -
Kaspersky 7.0.0.125 2008.12.20 Trojan-GameThief.Win32.OnLineGames.tyym
McAfee 5470 2008.12.20 PWS-Gamania.gen.dll
McAfee+Artemis 5470 2008.12.20 PWS-Gamania.gen.dll
Microsoft 1.4205 2008.12.20 TrojanSpy:Win32/Treemz.gen!A
NOD32 3708 2008.12.20 a variant of Win32/PSW.OnLineGames.NSG
Norman 5.80.02 2008.12.19 -
Panda 9.0.0.4 2008.12.20 Suspicious file
PCTools 4.4.2.0 2008.12.20 -
Prevx1 V2 2008.12.20 -
Rising 21.08.52.00 2008.12.20 Trojan.PSW.Win32.TLOnline.cg
SecureWeb-Gateway 6.7.6 2008.12.19 Trojan.PSW.Online.bin
Sophos 4.37.0 2008.12.20 Mal/Dropper-Y
Sunbelt 3.2.1801.2 2008.12.11 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.19 PAK_Generic.001
VBA32 3.12.8.10 2008.12.20 BScope.Dropper.Pimpa.3
ViRobot 2008.12.20.1528 2008.12.20 -
VirusBuster 4.5.11.0 2008.12.20 -
附加信息
File size: 121790 bytes
MD5...: 7de5587f600f7be006023934170aa725
SHA1..: 74492ac2c59003dc8562082ce09c2e619ece74b2
SHA256: 202dcb81a82cc571f7338a674c4b3ec563a2a08ff4dc068fd80c2b93512f892d
SHA512: 43eab23cf9a7bccb8562b6425d9624febb2e24a01e8322189e085bfd5f039562
afdbf9fa36cdd64f17c699242ae933153e5a961f1e533e24523285dbcafccc9d
ssdeep: 3072:awxVMhOC/dTDbq91+mno3t4QZQ3rt8iJksA:aTfFDbRnOTrt5JO
PEiD..: -
TrID..: File type identification
WinRAR Self Extracting archive (96.2%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Generic Win/DOS Executable (0.3%)
DOS Executable Generic (0.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x401000
timedatestamp.....: 0x48cfc008 (Tue Sep 16 14:17:44 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14000 0x13a00 6.48 d9c3b0b82d7da6d18b0896fb360cea84
.data 0x15000 0x8000 0xa00 4.93 568dd221456d807ca821813c84d65e70
.idata 0x1d000 0x2000 0x1200 4.79 bc7806e1c1ce9ebfd00ad834c1f7a647
.rsrc 0x1f000 0x3310 0x3400 5.23 fb01eefbb15676f4cb0b1ff4d25c8f27
( 8 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetSystemTime, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
> COMCTL32.DLL: -
> COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA
> GDI32.DLL: DeleteObject
> SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
> USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
> OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize
( 0 exports )
packers (F-Prot): RAR, UPX
packers (Kaspersky): PE_Patch.UPX, UPX |
发表于 2008-12-21 03:44:09
