天龙八部盗号木马2008.12.27更新
下载:ht tp://www.zz84.cn/tianlong.exe
如果您的杀毒软件不认识它是木马,请上报这个样本!谢谢。
文件: tianlong.exe
大小: 127662 字节
修改时间: 2008年12月28日, 0:41:42
MD5: 95972E856CDFA293FF165EB60482033D
SHA1: D1EC20905F0754244C6DD504545B113D35875BF7
CRC32: DF63B3A6
费尔说:tianlong.rar>>tianlong.exe>>tl.exe Trojan.OnLineGames.gen.a 木马 还未处理
反病毒引擎 版本 最后更新 扫描结果
a-squared 4.0.0.73 2008.12.27 Trojan-PWS.Win32.OnLineGames!IK
AhnLab-V3 2008.12.25.0 2008.12.27 -
AntiVir 7.9.0.45 2008.12.27 TR/Dropper.Gen
Authentium 5.1.0.4 2008.12.27 W32/Heuristic-210!Eldorado
Avast 4.8.1281.0 2008.12.26 Win32:Tufik
AVG 8.0.0.199 2008.12.26 -
BitDefender 7.2 2008.12.27 -
CAT-QuickHeal 10.00 2008.12.27 -
ClamAV 0.94.1 2008.12.27 -
Comodo 826 2008.12.27 -
DrWeb 4.44.0.09170 2008.12.27 -
eSafe 7.0.17.0 2008.12.24 Suspicious File
eTrust-Vet 31.6.6276 2008.12.24 -
Ewido 4.0 2008.12.27 -
F-Prot 4.4.4.56 2008.12.24 W32/Heuristic-210!Eldorado
F-Secure 8.0.14332.0 2008.12.27 W32/Packed_Upack.A
Fortinet 3.117.0.0 2008.12.27 -
GData 19 2008.12.27 Win32:Tufik
Ikarus T3.1.1.45.0 2008.12.27 Trojan-PWS.Win32.OnLineGames
K7AntiVirus 7.10.568 2008.12.27 -
Kaspersky 7.0.0.125 2008.12.27 Trojan.Win32.Agent.bajz
McAfee 5475 2008.12.26 New Malware.aj
McAfee+Artemis 5475 2008.12.26 New Malware.n
Microsoft 1.4205 2008.12.27 -
NOD32 3718 2008.12.26 probably a variant of Win32/PSW.OnLineGames.NST
Norman 5.80.02 2008.12.26 W32/Packed_Upack.A.dropper
Panda 9.0.0.4 2008.12.27 -
PCTools 4.4.2.0 2008.12.27 Packed/Upack
Prevx1 V2 2008.12.27 -
Rising 21.09.52.00 2008.12.27 -
SecureWeb-Gateway 6.7.6 2008.12.27 Trojan.Dropper.Gen
Sophos 4.37.0 2008.12.27 Sus/ComPack-C
Sunbelt 3.2.1809.2 2008.12.22 Trojan.Win32.Packed.gen (v)
Symantec 10 2008.12.27 -
TheHacker 6.3.1.4.200 2008.12.26 -
TrendMicro 8.700.0.1004 2008.12.26 PAK_Generic.006
VBA32 3.12.8.10 2008.12.27 -
ViRobot 2008.12.26.1536 2008.12.26 -
VirusBuster 4.5.11.0 2008.12.26 Packed/Upack
附加信息
File size: 127662 bytes
MD5...: 95972e856cdfa293ff165eb60482033d
SHA1..: d1ec20905f0754244c6dd504545b113d35875bf7
SHA256: fd91219be6f03277339c09a6e7b5fc156ef8f14c000d75bdd23b3890354d1241
SHA512: d211c6818396a535caf0535dc3ba4a03003ea6ad55c69c31f2ba8e363dbaa6b7
7d9aedc66db0e903cf7874fe26730b493aae2a7932e483e996be6b77b596cc1b
ssdeep: 3072:awxVMhOC/dTDbq91+mno3t4QZQ3rt8iJky/Ztx59:aTfFDbRnOTrt5Jhh9
PEiD..: -
TrID..: File type identification
WinRAR Self Extracting archive (96.2%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Generic Win/DOS Executable (0.3%)
DOS Executable Generic (0.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x401000
timedatestamp.....: 0x48cfc008 (Tue Sep 16 14:17:44 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14000 0x13a00 6.48 d9c3b0b82d7da6d18b0896fb360cea84
.data 0x15000 0x8000 0xa00 4.93 568dd221456d807ca821813c84d65e70
.idata 0x1d000 0x2000 0x1200 4.79 bc7806e1c1ce9ebfd00ad834c1f7a647
.rsrc 0x1f000 0x3310 0x3400 5.23 fb01eefbb15676f4cb0b1ff4d25c8f27
( 8 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetSystemTime, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
> COMCTL32.DLL: -
> COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA
> GDI32.DLL: DeleteObject
> SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
> USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
> OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize
( 0 exports )
Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* File length: 127662 bytes.
[ Changes to filesystem ]
* Creates directory C:.
* Creates directory C:\WINDOWS.
* Creates file C:\WINDOWS\__tmp_rar_sfx_access_check_511.
* Deletes file __tmp_rar_sfx_access_check_511.
* Creates file C:\WINDOWS\)_k_.exe.
* Creates file C:\WINDOWS\tl.exe.
[ Process/window information ]
* Creates a dialogbox with caption \"WinRAR _____\".
* Buttons found in dialogbox: id102[278,173]\"O_(&W)...\" id1[211,223]\"__\" id2[278,223]\"__\" .
* Creates a dialogbox with caption \"\".
* Buttons found in dialogbox: id1[211,223]\"__\" id2[278,223]\"__\" .
* Pressing button with id 1 \"\".
* Attempts to open CLSID {00000005-0000-0000-2C00-000094590500}.
* Attemps to NULL C:\WINDOWS\)_k_.exe NULL.
* Creates process \")_k_.exe\".
[ Signature Scanning ]
* C:\WINDOWS\)_k_.exe (20480 bytes) : no signature detection.
* C:\WINDOWS\tl.exe (21871 bytes) : W32/Packed_Upack.A.
packers (Kaspersky): PE_Patch, UPack
packers (Avast): Upack
packers (F-Prot): RAR, UPack
packers (Authentium): RAR, UPack
ht tp://www.virustotal.com/zh-cn/analisis/abd90e7fb6be86312c93b3349ece0a6e
VirSCAN.org Scanned Report :
Scanned time : 2008/12/28 00:43:26 (CST)
Scanner results: 31%的杀软(12/39)报告发现病毒
File Name : tianlong.exe
File Size : 127662 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 95972e856cdfa293ff165eb60482033d
SHA1 : d1ec20905f0754244c6dd504545b113d35875bf7
Online report : ht tp://virscan.org/report/37ed0990236b1fb631618ec9560c91cb.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.29 20081227183232 2008-12-27 3.13 Trojan-PWS.Win32.OnLineGames!IK
安博士V3 2008.12.28.00 2008.12.28 2008-12-28 1.40 -
AntiVir 7.9.0.45 7.1.1.40 2008-12-27 1.71 TR/Dropper.Gen
安天 2.0.18 20081227.1929915 2008-12-27 0.12 -
Arcavir 1.0.5 200812131407 2008-12-13 1.47 Heur.Win32.I
Authentium 5.1.1 200812270114 2008-12-27 1.97 W32/Heuristic-210!Eldorado (Heuristic)
AVAST! 3.0.1 081226-0 2008-12-26 0.79 Win32:Tufik
AVG 7.5.52.442 270.10.0/1865 2008-12-26 1.84 -
BitDefender 7.81008.2389957 7.22806 2008-12-27 2.27 -
CA (VET) 9.0.0.143 31.6.6276 2008-12-24 5.23 -
ClamAV 0.94.2 8802 2008-12-27 0.08 -
Comodo 3.0 826 2008-12-27 0.83 -
CP Secure 1.1.0.715 2008.12.27 2008-12-27 6.44 -
Dr.Web 4.44.0.9170 2008.12.27 2008-12-27 3.85 -
ewido 4.0.0.2 2008.12.27 2008-12-27 3.28 -
F-Prot 4.4.4.56 20081226 2008-12-26 1.92 Possible W32/Heuristic-210!Eldorado (damaged, not disinfectable)
F-Secure 5.51.6100 2008.12.26.05 2008-12-26 4.25 -
飞塔 2.81-3.117 9.857 2008-12-26 0.46 Suspicious
GData 19.2114/19.158 20081227 2008-12-27 2.89 Win32:Tufik [Engine:B]
ViRobot 20081226 2008.12.26 2008-12-26 0.41 -
Ikarus T3.1.01.45 2008.12.27.72069 2008-12-27 3.75 Trojan-PWS.Win32.OnLineGames
江民杀毒 11.0.706 2008.12.21 2008-12-21 1.40 -
卡巴斯基 5.5.10 2008.12.27 2008-12-27 0.18 -
金山毒霸 2008.9.8.18 2008.12.27.20 2008-12-27 0.60 -
迈克菲 5.3.00 5475 2008-12-26 3.54 New Malware.aj
Microsoft 1.4205 2008.12.27 2008-12-27 4.36 -
mks_vir 2.01 2008.12.27 2008-12-27 2.94 Heur.Win32
Norman 5.93.01 5.93.00 2008-12-26 5.87 -
熊猫卫士 9.05.01 2008.12.27 2008-12-27 2.65 -
趋势科技 8.700-1004 5.734.25 2008-12-27 0.45 -
Quick Heal 10.00 2008.12.27 2008-12-27 0.94 -
瑞星 20.0 21.09.52.00 2008-12-27 1.23 -
Sophos 2.82.1 4.37 2008-12-27 2.07 -
Sunbelt 4755 4755 2008-12-22 0.85 -
赛门铁克 1.3.0.24 20081226.002 2008-12-26 0.11 -
nProtect 20081226.02 2818943 2008-12-26 3.26 Trojan/W32.Chifrax.632940
The Hacker 6.3.1.2 v00200 2008-12-26 0.47 -
VBA32 3.12.8.10 20081226.1049 2008-12-26 1.96 -
VirusBuster 4.5.11.10 10.100.6/732075 2008-12-26 1.05 - |