病毒样本 5x （NO BEST)

08红伞威点

多引擎病毒扫描网:http://virscan.org/report/5852418843f8d19cdb5175c16c057321.html
[CXMain.exe]
扫描结果 :   18%的杀软(7/38)报告发现病毒

Authentium 5.1.1 200901132103 2009-01-13 W32/Heuristic-210!Eldorado (Heuristic)

F-Prot 4.4.4.56 20090113 2009-01-13 Possible W32/Heuristic-210!Eldorado (not disinfectable)

GData 19.2417/19.184 20090114 2009-01-14 Backdoor.Win32.Hupigon.forz [Engine:A]

mks_vir 2.01 2009.01.14 2009-01-14 Win32.4

Sunbelt 4756 4756 2009-01-08 VIPRE.Suspicious

卡巴斯基 5.5.10 2009.01.14 2009-01-14 Backdoor.Win32.Hupigon.forz

江民杀毒 11.0.706 2009.01.13 2009-01-13 Backdoor/Huigezi.2007.aotz

-------------------------------------------------------------------------------------------------------------
红伞回复‘干净’。

File ID  Filename Size (Byte) Result
25231823  文件x1.rar 542.66 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename Size (Byte) Result
25231666  CXMain.exe  592 KB  CLEAN
--------------------------------------------------------------------
期待谁能来运行测试下它有何有害行为。。。

08红伞威点

原帖由 08红伞威点 于 2009-1-14 16:54 发表
多引擎病毒扫描网:http://virscan.org/report/5852418843f8d19cdb5175c16c057321.html
[CXMain.exe]
扫描结果 :   18%的杀软(7/38)报告发现病毒

Authentium 5.1.1 200901132103 2009-01-13 W32/Heuristic-210! ...

在线沙盘检测：http://camas.comodo.com/cgi-bin/submit?file=19d7ee0b32ef5c4065390f6331f856a676f3e496cd83ad03e6964943725e44ad

• File Info

Name	Value
Size	606208
MD5	d25be8a8740d384c5e6e6b78be315426
SHA1	51e81bf31e4b1fa60e787a1f6ddc3ae609be148b
SHA256	19d7ee0b32ef5c4065390f6331f856a676f3e496cd83ad03e6964943725e44ad
Process	Active

• Keys Created• Keys Changed• Keys Deleted• Values Created• Values Changed

Name	Type	Size	Value
CU\Software\Microsoft\Internet Explorer\Desktop\Components\0\Position	REG_BINARY/REG_BINARY	44/44	?/?

• Values Deleted• Directories Created

Name	Last Write Time	Creation Time	Last Access Time	Attr
C:\TEST\AlarmRecord	2009.01.12 15:12:47.609	2009.01.12 15:12:47.609	2009.01.12 15:12:47.609	0x10
C:\TEST\Images	2009.01.12 15:12:47.656	2009.01.12 15:12:47.656	2009.01.12 15:12:47.656	0x10
C:\TEST\Index	2009.01.12 15:12:47.656	2009.01.12 15:12:47.656	2009.01.12 15:12:47.656	0x10
C:\TEST\Ini	2009.01.12 15:12:47.953	2009.01.12 15:12:47.656	2009.01.12 15:12:47.953	0x10
C:\TEST\MAP	2009.01.12 15:12:47.703	2009.01.12 15:12:47.703	2009.01.12 15:12:47.703	0x10
C:\TEST\Operate	2009.01.12 15:12:47.484	2009.01.12 15:12:47.484	2009.01.12 15:12:47.484	0x10
C:\TEST\Operate\mail	2009.01.12 15:12:47.515	2009.01.12 15:12:47.515	2009.01.12 15:12:47.515	0x10
C:\TEST\Operate\Talk	2009.01.12 15:12:47.515	2009.01.12 15:12:47.515	2009.01.12 15:12:47.515	0x10

• Directories Changed• Directories Deleted• Files Created

Name	Size	Last Write Time	Creation Time	Last Access Time	Attr
C:\TEST\Ini\celxta.dat	128	2009.01.12 15:12:47.953	2009.01.12 15:12:47.796	2009.01.12 15:12:47.796	0x20

• Files Changed• Files Deleted• Directories Hidden• Files Hidden• Drivers Loaded• Drivers Unloaded• Processes Created• Processes Terminated• Threads Created

PId	Process Name	TId	Start	Start Mem	Win32 Start	Win32 Start Mem
0x2ac	lsass.exe	0x67c	0x7c810856	MEM_IMAGE	0x77e76bf0	MEM_IMAGE
0x348	svchost.exe	0xf8	0x7c810856	MEM_IMAGE	0x7c910760	MEM_IMAGE
0x3f4	svchost.exe	0x298	0x7c810856	MEM_IMAGE	0x77e76bf0	MEM_IMAGE
0x618	explorer.exe	0x374	0x7c810856	MEM_IMAGE	0x7c910760	MEM_IMAGE

• Modules Loaded• Windows Api Calls• DNS Queries• HTTP Queries• Verdict

Auto Analysis Verdict

Not Rated as Suspicious

• Mutexes Created or Opened

PId	Image Name	Address	Mutex Name
0x684	C:\TEST\sample.exe	0xacd3c0	CXMIAN

08红伞威点

双击运行。。。 哈哈～～

结果如下图：