dress.exe3

显示全部楼层 · 发表于 2009-2-4 11:30:11

to kl

53a64c9a1bdb1901af8721f520d3126a dress.exe3

5/2/2009 0:14:30 已偵測: Trojan-Dropper.Win32.Agent.agit C:\Documents and Settings\kato9096\桌面\dress.zip/dress.exe3/PE_Patch.UPX/UPX

[ 本帖最后由 sam.to 于 2009-2-5 00:14 编辑 ]

显示全部楼层 · 发表于 2009-2-4 11:38:34

来个VT扫描吧

文件 dress.exe3 接收于 2009.02.04 04:36:27 (CET)

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.0.0.93	2009.02.04	-
AhnLab-V3	5.0.0.2	2009.02.03	-
AntiVir	7.9.0.71	2009.02.03	TR/Downloader.Gen
Authentium	5.1.0.4	2009.02.03	-
Avast	4.8.1281.0	2009.02.03	-
AVG	8.0.0.229	2009.02.03	-
BitDefender	7.2	2009.02.04	Trojan.Downloader.JLBO
CAT-QuickHeal	10.00	2009.02.03	-
ClamAV	0.94.1	2009.02.04	-
Comodo	961	2009.02.03	-
DrWeb	4.44.0.09170	2009.02.04	-
eSafe	7.0.17.0	2009.02.01	Suspicious File
eTrust-Vet	31.6.6340	2009.02.04	-
F-Prot	4.4.4.56	2009.02.03	-
F-Secure	8.0.14470.0	2009.02.04	-
Fortinet	3.117.0.0	2009.02.04	-
GData	19	2009.02.04	Trojan.Downloader.JLBO
Ikarus	T3.1.1.45.0	2009.02.04	-
K7AntiVirus	7.10.617	2009.02.03	-
Kaspersky	7.0.0.125	2009.02.04	-
McAfee	5515	2009.02.03	-
McAfee+Artemis	5515	2009.02.03	-
Microsoft	1.4306	2009.02.04	TrojanDownloader:Win32/Renos.DU
NOD32	3823	2009.02.03	a variant of Win32/Adware.IeDefender.NIC
Norman	6.00.02	2009.02.03	-
nProtect	2009.1.8.0	2009.02.03	Trojan.Downloader.JLBO
Panda	9.5.1.2	2009.02.03	-
PCTools	4.4.2.0	2009.02.03	-
Prevx1	V2	2009.02.04	-
Rising	21.15.10.00	2009.02.03	-
SecureWeb-Gateway	6.7.6	2009.02.04	Trojan.Downloader.Gen
Sophos	4.38.0	2009.02.04	-
Sunbelt	3.2.1835.2	2009.01.16	-
Symantec	10	2009.02.04	Trojan.Dropper
TheHacker	6.3.1.5.246	2009.02.03	-
TrendMicro	8.700.0.1004	2009.02.03	PAK_Generic.001
VBA32	3.12.8.12	2009.02.03	-
ViRobot	2009.2.4.1588	2009.02.04	-
VirusBuster	4.5.11.0	2009.02.03	-

附加信息
File size: 88069 bytes
MD5...: 53a64c9a1bdb1901af8721f520d3126a
SHA1..: 273a7ec9a88df8dab3d38a2b2a5d572943a37a4e
SHA256: e257aad2bb27d4bbfed673c6df766833539cf363c9dd3581fca76b44fc80dc65
SHA512: 45f30a70ab0178e88cd09f2054763f466dd727308ce342d5cba435f0788372d0<BR>39f130067279e5a6b5c7a7cda685674aeba74eaa210312a0d33cfc1a315cdf8e<BR>
ssdeep: 1536:8gb7OR/MM+pnsII/DfH+Yck/Hi1EQMb0nWiEQc65bXFEV99ApdTt8hDi:8g<BR>b6igD01ERLiEQzb49aTuQ<BR>
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification<BR>UPX compressed Win32 Executable (39.5%)<BR>Win32 EXE Yoda's Crypter (34.3%)<BR>Win32 Executable Generic (11.0%)<BR>Win32 Dynamic Link Library (generic) (9.8%)<BR>Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x379b0<BR>timedatestamp.....: 0x49886ccd (Tue Feb 03 16:11:57 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x23000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x24000 0x14000 0x13c00 7.92 fc125758d228ce2f3f6a74ec34d6bea0<BR>.rsrc 0x38000 0x2000 0x1800 2.22 c7ddb14cc93f2b5f57638cf2bfa4c0b8<BR><BR>( 3 imports ) <BR>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<BR>> ADVAPI32.dll: RegCloseKey<BR>> SHELL32.dll: ShellExecuteA<BR><BR>( 0 exports ) <BR>
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX

显示全部楼层 · 发表于 2009-2-4 11:39:55

我的小A咋啦.不工作啦?

显示全部楼层 · 发表于 2009-2-4 11:42:31

原帖由 天月新 于 2009-2-4 11:39 发表
我的小A咋啦.不工作啦?

再下一次

显示全部楼层 · 发表于 2009-2-4 11:43:12

有密码当然扫不出来啦，解压再扫

显示全部楼层 · 发表于 2009-2-4 11:43:27

2009/2/4 11:43:17 Document protection file http://bbs.kafan.cn/attachment.p ... 16&t=1233718979 a variant of Win32/Adware.IeDefender.NIC application deleted (after the next restart) - quarantined Jason-PC\Jason

显示全部楼层 · 发表于 2009-2-4 12:41:38

C:\Documents and Settings\Administrator\桌面\dress.zip>>dress.exe3 Packed.UPX.a 带壳程序还未处理

显示全部楼层 · 发表于 2009-2-4 12:56:45

我的殺軟里沒一個報的

TO ARCA

显示全部楼层 · 发表于 2009-2-4 14:15:37

VB MISS,上报

显示全部楼层 · 发表于 2009-2-4 15:24:53

H:\Documents and Settings\Administrator\桌面\dress.zip > ZIP > dress.exe3 - Win32/Adware.IeDefender.NIC 应用程序的变种 - 是已删除对象的一部分
nod32

[病毒样本] dress.exe3

本帖子中包含更多资源

浏览过的版块