马一只

显示全部楼层 · 发表于 2009-1-7 17:49:10

马一只

费尔说：explore.rar>>explore.exe Backdoor.Agent.wwe.hand 后门还未处理

下载：
ht tp://v.www-263.com/sys/B02/explore.exe

VirSCAN.org Scanned Report :
Scanned time : 2009/01/07 17:16:04 (CST)
Scanner results: 61%的杀软(23/38)报告发现病毒
File Name    : explore.exe
File Size    : 31337 byte
File Type    : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5          : dc0b3e56992863eb9bf7258f01364360
SHA1          : b5cb5e72131cdbf0c22c2ef9fd66fa63d94ea724
Online report  : ht tp://virscan.org/report/d4f2c4bdb3fb5ad20d1586365ca4539b.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.0.0.29       20090106203145 2009-01-06  2.83 Virus.Win32.Warezov!IK
安博士V3    2009.01.07.02 2009.01.07       2009-01-07  1.15 -
AntiVir       7.9.0.45       7.1.1.75       2009-01-07  1.77 TR/Dropper.Gen
安天          2.0.18       20090105.1950502  2009-01-05  0.02 -
Authentium    5.1.1          200901061836    2009-01-06  2.40 W32/Heuristic-210!Eldorado (Heuristic)
AVAST!       3.0.1          090106-1       2009-01-06  0.02 -
AVG          7.5.52.442    270.10.3/1879    2009-01-06  2.39 -
BitDefender 7.81008.2412797 7.23021          2009-01-07  2.21 Generic.Malware.P!BTk.7386A0D3
CA (VET)    9.0.0.143    31.6.6294       2009-01-06  3.82 -
ClamAV       0.94.2       8841             2009-01-07  0.01 PUA.Packed.NPack-2
Comodo       3.0          884             2009-01-06  1.93 -
CP Secure    1.1.0.715    2009.01.07       2009-01-07  6.35 -
Dr.Web       4.44.0.9170    2009.01.07       2009-01-07  3.89 Trojan.Starter.911
ewido       4.0.0.2       2008.12.31       2008-12-31  3.74 -
F-Prot       4.4.4.56       20090106       2009-01-06  2.29 Possible W32/Heuristic-210!Eldorado (not disinfectable)
F-Secure    5.51.6100    2009.01.07.03    2009-01-07  0.07 Backdoor.Win32.Agent.wwe [AVP]
飞塔          2.81-3.117    9.898          2009-01-06  0.35 W32/Agent.WWE!tr.bdr
GData       19.2305/19.175  20090107       2009-01-07  3.82 Backdoor.Win32.Agent.wwe [Engine:A]
ViRobot       20090106       2009.01.06       2009-01-06  0.48 Backdoor.Win32.Agent.31341
Ikarus       T3.1.01.45    2009.01.06.72109  2009-01-06  3.55 Virus.Win32.Warezov
江民杀毒    11.0.706       2009.01.07       2009-01-07  2.69 TrojanDropper.Agent.aiw
卡巴斯基    5.5.10       2009.01.07       2009-01-07  0.07 Backdoor.Win32.Agent.wwe
金山毒霸    2008.9.8.18    2009.1.7.14    2009-01-07  0.59 Win32.Troj.Agent.av.159744
迈克菲       5.3.00       5487             2009-01-06  2.85 New Malware.aq
Microsoft    1.4205       2009.01.06       2009-01-06  6.91 -
mks_vir       2.01          2009.01.06       2009-01-06  2.66 -
Norman       5.93.01       5.93.00          2009-01-05  6.22 W32/Packed_Nspack.A
熊猫卫士    9.05.01       2009.01.06       2009-01-06  5.26 -
趋势科技    8.700-1004    5.752.02       2009-01-06  0.03 -
Quick Heal    10.00          2009.01.06       2009-01-06  2.13 -
瑞星          20.0          21.11.20.00    2009-01-07  1.82 Trojan.Win32.Mnless.ebu
Sophos       2.82.1       4.37             2009-01-07  2.24 Mal/Behav-156
Sunbelt       4755          4755             2008-12-22  1.12 -
赛门铁克    1.3.0.24       20090106.004    2009-01-06  0.36 Trojan.KillAV
nProtect    20090107.01    2850296          2009-01-07  6.08 Generic.Malware.P!BTk.7386A0D3
The Hacker    6.3.1.2       v00210          2009-01-06  0.48 W32/Behav-Heuristic-063
VBA32       3.12.8.10    20090106.1018    2009-01-06  1.64 Backdoor.Win32.Agent.wwe
VirusBuster 4.5.11.10    10.100.17/761739  2009-01-06  1.06 -

反病毒引擎版本最后更新扫描结果
a-squared 4.0.0.73 2009.01.07 Virus.Win32.Warezov!IK
AhnLab-V3 2009.1.6.3 2009.01.07 -
AntiVir 7.9.0.45 2009.01.07 TR/Dropper.Gen
Authentium 5.1.0.4 2009.01.06 W32/Heuristic-210!Eldorado
Avast 4.8.1281.0 2009.01.07 Win32:Rootkit-gen
AVG 8.0.0.199 2009.01.06 -
BitDefender 7.2 2009.01.07 Generic.Malware.P!BTk.7386A0D3
CAT-QuickHeal 10.00 2009.01.06 -
ClamAV 0.94.1 2009.01.07 PUA.Packed.NPack-2
Comodo 884 2009.01.06 -
DrWeb 4.44.0.09170 2009.01.07 Trojan.Starter.911
eTrust-Vet 31.6.6294 2009.01.06 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.06 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.01.07 W32/Packed_Nspack.A
Fortinet 3.117.0.0 2009.01.07 W32/Agent.WWE!tr.bdr
GData 19 2009.01.07 Generic.Malware.P!BTk.7386A0D3
Ikarus T3.1.1.45.0 2009.01.06 Virus.Win32.Warezov
K7AntiVirus 7.10.578 2009.01.06 -
Kaspersky 7.0.0.125 2009.01.07 Backdoor.Win32.Agent.wwe
McAfee 5487 2009.01.07 New Malware.aq
McAfee+Artemis 5487 2009.01.06 New Malware.aq
Microsoft 1.4205 2009.01.07 -
NOD32 3745 2009.01.07 a variant of Win32/AutoRun.Agent.EU
Norman 5.80.02 2009.01.06 W32/Packed_Nspack.A
Panda 9.0.0.4 2009.01.06 Suspicious file
PCTools 4.4.2.0 2009.01.06 Packed/NSPack
Prevx1 V2 2009.01.07 Malicious Software
Rising 21.11.22.00 2009.01.07 Trojan.Win32.Mnless.ebu
SecureWeb-Gateway 6.7.6 2009.01.07 Trojan.Dropper.Gen
Sophos 4.37.0 2009.01.07 Mal/Packer
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.07 Trojan.KillAV
TheHacker 6.3.1.4.210 2009.01.07 W32/Behav-Heuristic-063
TrendMicro 8.700.0.1004 2009.01.07 PAK_Generic.005
VBA32 3.12.8.10 2009.01.06 Backdoor.Win32.Agent.wwe
ViRobot 2009.1.7.1547 2009.01.07 Backdoor.Win32.Agent.31341
VirusBuster 4.5.11.0 2009.01.06 Packed/NSPack
附加信息
File size: 31337 bytes
MD5...: dc0b3e56992863eb9bf7258f01364360
SHA1..: b5cb5e72131cdbf0c22c2ef9fd66fa63d94ea724
SHA256: 53622e9c11febe7eb97c85354d20a6bb3d4201a78ccf09f9c4ad157a9d431e91
SHA512: ee82521d22a9b43180cd4e4223e4b2af7cd912e2bfe11d1db9f98e017eb3ddd7
9f955a7906f4d45db7eab1126c46eaeb0edf70bfccf96015b05400f2f34ca14f

ssdeep: 768:O2dFxm6MGGNosu9nbiKZm72I2Mss1ApTO3nHHmH058pY/2vMoS:O2d3bMt/i
bvQ7R2Mss1rnHHmHy/20oS

PEiD..: NsPacK V3.7 -> LiuXingPing
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

packers (Kaspersky): NSPack
packers (F-Prot): embedded, NSPack, PE_Patch
packers (Authentium): NSPack, PE_Patch
packers (Avast): NsPack

ht tp://www.virustotal.com/zh-cn/analisis/4ac27975a75e440ea4965fdb0111d1e8

ht（沙盘日志）tp://www.threatexpert.com/report.aspx?md5=dc0b3e56992863eb9bf7258f01364360

显示全部楼层 · 发表于 2009-1-7 17:53:21

卡巴斯基kill

显示全部楼层 · 发表于 2009-1-7 18:08:36

2009-1-7 18:09:26 http://bbs.kafan.cn/attachment.p ... explore.exe//NSPack Maxthon Browser 拒绝: Backdoor.Win32.Agent.wwe 启发式分析计算的威胁级别值较高

显示全部楼层 · 发表于 2009-1-7 18:22:04

非常牛X的病毒。。。。。沙盘里运行后沙盘都删除不了，接着，狂下载盗号木马，电脑重启后沙盘倒沙干净。。。。。

2009-1-7 18:13:19 http://a.78gov.cn/bug/YY/YY9.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.Magania.gen 启发式分析计算的威胁级别值较高
2009-1-7 18:13:18 http://a.78gov.cn/bug/YY/YY9.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.Magania.gen 启发式分析计算的威胁级别值较高
2009-1-7 18:13:16 http://a.78gov.cn/bug/YY/YY9.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.Magania.gen 启发式分析计算的威胁级别值较高
2009-1-7 18:13:11 http://a.78gov.cn/bug/YY/YY88.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Worm.Win32.Downloader.yq 启发式分析计算的威胁级别值较高
2009-1-7 18:13:10 http://a.78gov.cn/bug/YY/YY88.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Worm.Win32.Downloader.yq 启发式分析计算的威胁级别值较高
2009-1-7 18:13:06 http://a.78gov.cn/bug/YY/YY88.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Worm.Win32.Downloader.yq 启发式分析计算的威胁级别值较高
2009-1-7 18:13:00 http://a.78gov.cn/bug/YY/YY77.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Worm.Win32.Downloader.yq 启发式分析计算的威胁级别值较高
2009-1-7 18:12:59 http://a.78gov.cn/bug/YY/YY77.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Worm.Win32.Downloader.yq 启发式分析计算的威胁级别值较高
2009-1-7 18:12:58 http://a.78gov.cn/bug/YY/YY77.EXE//PE_Patch//UPack Run a DLL as an App 拒绝: Worm.Win32.Downloader.yq 启发式分析计算的威胁级别值较高
2009-1-7 18:12:52 http://a.78gov.cn/bug/YY/YY6.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
2009-1-7 18:12:51 http://a.78gov.cn/bug/YY/YY6.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
2009-1-7 18:12:49 http://a.78gov.cn/bug/YY/YY6.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
2009-1-7 18:12:43 http://a.78gov.cn/bug/YY/YY5.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
2009-1-7 18:12:42 http://a.78gov.cn/bug/YY/YY5.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
2009-1-7 18:12:40 http://a.78gov.cn/bug/YY/YY5.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
2009-1-7 18:12:35 http://a.78gov.cn/bug/YY/YY4.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
2009-1-7 18:12:33 http://a.78gov.cn/bug/YY/YY4.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
2009-1-7 18:12:31 http://a.78gov.cn/bug/YY/YY4.exe//PE_Patch//UPack Run a DLL as an App 拒绝: Trojan-GameThief.Win32.OnLineGames.ubga 启发式分析计算的威胁级别值较高
不断有木马，蠕虫下载。。。。频率相当之高~货色之多

[ 本帖最后由 schumi小粉于 2009-1-7 18:26 编辑 ]

显示全部楼层 · 发表于 2009-1-7 20:45:21

outpost 全吃掉了!!!

显示全部楼层 · 发表于 2009-1-7 20:47:51

C:\Documents and Settings\Administrator\桌面\explore.rar > RAR > explore.exe - Win32/AutoRun.Agent.EU 蠕虫的变种

显示全部楼层 · 发表于 2009-1-7 21:21:55

Virus: TR/Dropper.Gen
Date discovered: 19/06/2007
Type: Trojan
Subtype: Dropper
In the wild: Yes
Reported Infections: Low
Distribution Potential: Low
Damage Potential: Low
Static file: No
Engine version: 7.04.00.34

[病毒样本] 马一只

本帖子中包含更多资源

本帖子中包含更多资源