Trojan-Downloader.Win32.Calac 500x （09.03.24 更新）

浪滔天

09.03.24 更新  500x






放马的太勤奋了，估计又更新了好几千，广种薄收。。。



——————————————————————————————————————————








[ 本帖最后由 浪滔天 于 2009-3-24 18:25 编辑 ]

yangpoquan

诺顿2009

gomu887

a-squared Anti-Malware - 版本 4.0
上次更新: 2009-1-2 20:34:11

扫描设置:

对象: C:\Documents and Settings\Administrator\桌面\40-2.rar
扫描文件: 开
启发式扫描: 开
ADS 扫描: 开

扫描开始于:        2009-1-2 20:38:39

C:\Documents and Settings\Administrator\桌面\40-2.rar/064.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/065.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/066.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/067.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/068.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/069.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/070.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/071.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/072.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/073.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/074.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/075.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/076.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/077.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/078.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/079.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/080.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/041.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/042.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/043.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/044.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/045.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/046.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/047.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/048.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/049.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/050.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/051.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/052.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/053.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/054.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/055.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/056.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/057.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/058.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/059.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/060.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/061.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/062.exe         已检测: Trojan-Downloader.Win32.Calac!IK
C:\Documents and Settings\Administrator\桌面\40-2.rar/063.exe         已检测: Trojan-Downloader.Win32.Calac!IK

已扫描

文件:         36
跟踪记录:         0
Cookies:         0
进程:         0

已发现

文件:         40
跟踪记录:         0
Cookies:         0
进程:         0
注册表键:         0

扫描结束于:        2009-1-2 20:38:39
扫描用时:        0:00:00

hj5abc

为什么不是用一个特征码报出来的?



Start of the scan: 2009年1月2日  20:51

Starting the file scan:

Begin scan in 'G:\40-2.rar'
G:\40-2.rar
    [0] Archive type: RAR
    --> 064.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 065.exe
      [DETECTION] Is the TR/Dldr.Calac.RF Trojan
    --> 066.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 067.exe
      [DETECTION] Is the TR/Dldr.JKVV.10 Trojan
    --> 068.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 069.exe
      [DETECTION] Is the TR/Dldr.Calac.WA Trojan
    --> 070.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 071.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 072.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 073.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 074.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 075.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 076.exe
      [DETECTION] Is the TR/Dldr.JKVV.10 Trojan
    --> 077.exe
      [DETECTION] Is the TR/Dldr.Calac.WA Trojan
    --> 078.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 079.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 080.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 041.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 042.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 043.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 044.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 045.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 046.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 047.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 048.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 049.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 050.exe
      [DETECTION] Is the TR/Dldr.Calac.WA Trojan
    --> 051.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 052.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 053.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 054.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 055.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 056.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 057.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 058.exe
      [DETECTION] Is the TR/Dldr.Calac.XX Trojan
    --> 059.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 060.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 061.exe
      [DETECTION] Is the TR/Dldr.Calac.ZW Trojan
    --> 062.exe
      [DETECTION] Is the TR/Dldr.JKVV.12 Trojan
    --> 063.exe
      [DETECTION] Is the TR/Dldr.Calac.WA Trojan
    [WARNING]   The file was ignored!


End of the scan: 2009年1月2日  20:51
Used time: 00:06 Minute(s)

The scan has been done completely.

      0 Scanning directories
     42 Files were scanned
     40 viruses and/or unwanted programs were found

luxiao200888

TO KL

luxiao200888

汗～一个2009-1-2 21:06:02        已删除: HEUR:Trojan.Win32.Generic        C:\Documents and Settings\Owner\桌面\heur\074.exe

su-tt

ESS不报 被全过？貌似不太可能

allinwonderi

[Scanning : C:\Test]


C:\Test\40-2.rar<RAR>:066.exe<UPX>:066.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:068.exe<UPX>:068.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:071.exe<UPX>:071.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:072.exe<UPX>:072.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:074.exe<UPX>:074.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:080.exe<UPX>:080.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:043.exe<UPX>:043.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:045.exe<UPX>:045.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:046.exe<UPX>:046.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:047.exe<UPX>:047.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:054.exe<UPX>:054.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:056.exe<UPX>:056.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:057.exe<UPX>:057.exe <- Downloader.Calac.Gi : No action
C:\Test\40-2.rar<RAR>:058.exe<UPX>:058.exe <- Downloader.Calac.Gi : No action



Scanned objects : 81

Infected objects : 14

allinwonderi

9 samples to lab

luxiao200888

Hello,

001.exe_ - Trojan-Downloader.Win32.Calac.adj,
002.exe_ - Trojan-Downloader.Win32.Calac.adk,
003.exe_ - Trojan-Downloader.Win32.Calac.adl,
004.exe_ - Trojan-Downloader.Win32.Calac.adm,
005.exe_ - Trojan-Downloader.Win32.Calac.adn,
006.exe_ - Trojan-Downloader.Win32.Calac.ado,
007.exe_ - Trojan-Downloader.Win32.Calac.adp,
008.exe_ - Trojan-Downloader.Win32.Calac.adq,
009.exe_ - Trojan-Downloader.Win32.Calac.adr,
010.exe_ - Trojan-Downloader.Win32.Calac.ads,
011.exe_ - Trojan-Downloader.Win32.Calac.adt,
012.exe_ - Trojan-Downloader.Win32.Calac.adu,
013.exe_ - Trojan-Downloader.Win32.Calac.adv,
014.exe_ - Trojan-Downloader.Win32.Calac.adw,
015.exe_ - Trojan-Downloader.Win32.Calac.adx,
016.exe_ - Trojan-Downloader.Win32.Calac.ady,
017.exe_ - Trojan-Downloader.Win32.Calac.adz,
018.exe_ - Trojan-Downloader.Win32.Calac.aea,
019.exe_ - Trojan-Downloader.Win32.Calac.aeb,
020.exe_ - Trojan-Downloader.Win32.Calac.aec,
021.exe_ - Trojan-Downloader.Win32.Calac.aed,
022.exe_ - Trojan-Downloader.Win32.Calac.aee,
023.exe_ - Trojan-Downloader.Win32.Calac.aef,
024.exe_ - Trojan-Downloader.Win32.Calac.aeg,
025.exe_ - Trojan-Downloader.Win32.Calac.aeh,
026.exe_ - Trojan-Downloader.Win32.Calac.aei,
027.exe_ - Trojan-Downloader.Win32.Calac.aej,
028.exe_ - Trojan-Downloader.Win32.Calac.aek,
029.exe_ - Trojan-Downloader.Win32.Calac.ael,
030.exe_ - Trojan-Downloader.Win32.Calac.aem,
031.exe_ - Trojan-Downloader.Win32.Calac.aen,
032.exe_ - Trojan-Downloader.Win32.Calac.aeo,
033.exe_ - Trojan-Downloader.Win32.Calac.aep,
034.exe_ - Trojan-Downloader.Win32.Calac.aeq,
035.exe_ - Trojan-Downloader.Win32.Calac.aer,
036.exe_ - Trojan-Downloader.Win32.Calac.aes,
037.exe_ - Trojan-Downloader.Win32.Calac.aet,
038.exe_ - Trojan-Downloader.Win32.Calac.aeu,
039.exe_ - Trojan-Downloader.Win32.Calac.aev,
040.exe_ - Trojan-Downloader.Win32.Calac.aew,
041.exe_ - Trojan-Downloader.Win32.Calac.aex,
042.exe_ - Trojan-Downloader.Win32.Calac.aey,
043.exe_ - Trojan-Downloader.Win32.Calac.aez,
044.exe_ - Trojan-Downloader.Win32.Calac.afa,
045.exe_ - Trojan-Downloader.Win32.Calac.afb,
046.exe_ - Trojan-Downloader.Win32.Calac.afc,
047.exe_ - Trojan-Downloader.Win32.Calac.afd,
048.exe_ - Trojan-Downloader.Win32.Calac.afe,
049.exe_ - Trojan-Downloader.Win32.Calac.aff,
050.exe_ - Trojan-Downloader.Win32.Calac.afg,
051.exe_ - Trojan-Downloader.Win32.Calac.afh,
052.exe_ - Trojan-Downloader.Win32.Calac.afi,
053.exe_ - Trojan-Downloader.Win32.Calac.afj,
054.exe_ - Trojan-Downloader.Win32.Calac.afk,
055.exe_ - Trojan-Downloader.Win32.Calac.afl,
056.exe_ - Trojan-Downloader.Win32.Calac.afm,
057.exe_ - Trojan-Downloader.Win32.Calac.afn,
058.exe_ - Trojan-Downloader.Win32.Calac.afo,
059.exe_ - Trojan-Downloader.Win32.Calac.afp,
060.exe_ - Trojan-Downloader.Win32.Calac.afq,
061.exe_ - Trojan-Downloader.Win32.Calac.afr,
062.exe_ - Trojan-Downloader.Win32.Calac.afs,
063.exe_ - Trojan-Downloader.Win32.Calac.aft,
064.exe_ - Trojan-Downloader.Win32.Calac.afu,
065.exe_ - Trojan-Downloader.Win32.Calac.afv,
066.exe_ - Trojan-Downloader.Win32.Calac.afw,
067.exe_ - Trojan-Downloader.Win32.Calac.afx,
068.exe_ - Trojan-Downloader.Win32.Calac.afz,
069.exe_ - Trojan-Downloader.Win32.Calac.agb,
070.exe_ - Trojan-Downloader.Win32.Calac.agd,
071.exe_ - Trojan-Downloader.Win32.Calac.agf,
072.exe_ - Trojan-Downloader.Win32.Calac.agh,
073.exe_ - Trojan-Downloader.Win32.Calac.agj,
074.exe_ - Trojan-Downloader.Win32.Calac.agl,
075.exe_ - Trojan-Downloader.Win32.Calac.agn,
076.exe_ - Trojan-Downloader.Win32.Calac.agq,
077.exe_ - Trojan-Downloader.Win32.Calac.ags,
078.exe_ - Trojan-Downloader.Win32.Calac.agt,
079.exe_ - Trojan-Downloader.Win32.Calac.agv,
080.exe_ - Trojan-Downloader.Win32.Calac.agy

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.


> password:infected
>
-----------------
Regards, Andrey Ladikov
Virus Analyst, Kaspersky Lab.