木马群样本(一包) Zapchast 1x 见3楼

显示全部楼层 · 发表于 2009-2-16 07:34:16

hxxp://p1.188bt.com/bug/yy/1.exe
。。。
hxxp://p1.188bt.com/bug/yy/27.exe
（ps。hxxp://p1.188bt.com/bug/yy/10.exe 这个地址好像失效了）

hxxp://p1.188bt.com/bug/cc/cc1.exe
。。。
hxxp://p1.188bt.com/bug/cc/cc5.exe

hxxp://p1.188bt.com/bug/dd/106.exe

顺便把那些毒全部打包上传！

[ 本帖最后由 FLogo 于 2009-2-16 09:06 编辑 ]

显示全部楼层 · 发表于 2009-2-16 08:31:12

大蜘蛛miss16

，AVG灭全家

"Scan ""Shell extension scan"" was finished."
"Infections";"29";"29";"0"
"Spyware";"3";"3";"0"
"Information";"2"
"Folders selected for scanning:";"C:\Users\Administrator\Desktop\test\TDDOWNLOAD;"
"Scan started:";"2009年2月16日, 8:29:25"
"Scan finished:";"2009年2月16日, 8:29:28 (3 second(s))"
"Total object scanned:";"39"
"User who launched the scan:";"Administrator"

"Infections"
"File";"Infection";"Result"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\cc3.exe";"Trojan horse BackDoor.Generic_r.DK";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\cc1.exe";"Trojan horse PSW.Delf.CXL";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\9.exe";"Trojan horse Agent.AYMO";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\8.exe";"Trojan horse Agent.AXVI";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\7.exe";"Trojan horse PSW.OnlineGames.BPRJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\6.exe";"Trojan horse PSW.OnlineGames.BOLA";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\5.exe";"Trojan horse PSW.OnlineGames.BPRJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\4.exe";"Trojan horse PSW.OnlineGames.BPLM";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\3.exe";"Trojan horse PSW.OnlineGames.BPTR";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\27.exe";"Trojan horse PSW.OnlineGames.BPRJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\26.exe";"Trojan horse PSW.OnlineGames.BPRJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\25.exe";"Trojan horse PSW.OnlineGames.BPRJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\24.exe";"Trojan horse PSW.OnlineGames.BPPQ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\23.exe";"Trojan horse Agent.AYCW";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\22.exe";"Trojan horse Agent.AYKS";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\21.exe";"Trojan horse PSW.OnlineGames.BPPT";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\20.exe";"Trojan horse PSW.OnlineGames.BPJF";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\2.exe";"Trojan horse Agent.AYKR";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\19.exe";"Trojan horse PSW.OnlineGames.BORP";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\18.exe";"Trojan horse PSW.OnlineGames.BPPQ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\17.exe";"Trojan horse PSW.OnlineGames.BJIB";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\16.exe";"Trojan horse PSW.OnlineGames.BPPQ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\15.exe";"Trojan horse PSW.OnlineGames.BPLJ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\14.exe";"Trojan horse Pakes.BGU";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\13.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\12.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\11.exe";"Trojan horse PSW.OnlineGames.BPPQ";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\106.exe";"Trojan horse Downloader.Generic8.VBG.dropper";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\1.exe";"Trojan horse PSW.OnlineGames.BPPQ";"Moved to Virus Vault"

"Spyware"
"File";"Infection";"Result"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\cc5.exe:\$JJ\50.exe:\$IK";"Adware Generic3.AJEO";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\cc5.exe:\$JJ\50.exe";"Adware Generic3.AJEO";"Moved to Virus Vault"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\cc5.exe";"Adware Generic3.AJEO";"Moved to Virus Vault"

"Information"
"File";"Infection";"Result"
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\cc4.exe";"Runtime packed fsg";""
"C:\Users\Administrator\Desktop\test\TDDOWNLOAD\TDDOWNLOAD\cc2.exe";"Runtime packed upack";""

显示全部楼层 · 发表于 2009-2-16 09:07:25

病毒源地址：hxxp://xz1.177bt.com/QvodSetup3.exe （附上病毒样本）

kaba给我的回信是：
Hello,

QvodSetup3.exe_ - Trojan.Win32.Zapchast.rx

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

在线查毒引擎，小红伞好像 miss ！

文件 QvodSetup3.rar 接收于 2009.02.16 02:06:30 (CET)
当前状态: 正在读取 ... 队列中等待中扫描中完成未发现停止

结果: 8/37 (21.63%)

Email:

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.0.0.93	2009.02.16	-
AhnLab-V3	5.0.0.2	2009.02.15	-
AntiVir	7.9.0.79	2009.02.15	-
Authentium	5.1.0.4	2009.02.15	-
Avast	4.8.1335.0	2009.02.15	Win32:Trojan-gen {Other}
AVG	8.0.0.237	2009.02.15	SHeur2.OYI
BitDefender	7.2	2009.02.16	Dropped:Generic.Malware.P!Tk.63511974
CAT-QuickHeal	10.00	2009.02.13	-
ClamAV	0.94.1	2009.02.16	-
Comodo	978	2009.02.15	-
DrWeb	4.44.0.09170	2009.02.16	-
eSafe	7.0.17.0	2009.02.15	-
eTrust-Vet	31.6.6358	2009.02.14	-
F-Prot	4.4.4.56	2009.02.15	-
Fortinet	3.117.0.0	2009.02.15	-
GData	19	2009.02.16	Dropped:Generic.Malware.P!Tk.63511974
Ikarus	T3.1.1.45.0	2009.02.16	-
K7AntiVirus	7.10.630	2009.02.14	-
Kaspersky	7.0.0.125	2009.02.15	-
McAfee	5527	2009.02.15	-
McAfee+Artemis	5527	2009.02.15	-
Microsoft	1.4306	2009.02.15	-
NOD32	3853	2009.02.14	Win32/TrojanDownloader.Agent.OUG
Norman	6.00.02	2009.02.13	W32/Zapchast.CMR
nProtect	2009.1.8.0	2009.02.15	Dropped:Generic.Malware.P!Tk.63511974
Panda	10.0.0.10	2009.02.15	Suspicious file
PCTools	4.4.2.0	2009.02.15	-
Prevx1	V2	2009.02.16	-
Rising	21.16.62.00	2009.02.15	-
SecureWeb-Gateway	6.7.6	2009.02.15	-
Sophos	4.38.0	2009.02.15	-
Symantec	10	2009.02.16	-
TheHacker	6.3.2.1.258	2009.02.16	-
TrendMicro	8.700.0.1004	2009.02.15	-
VBA32	3.12.8.12	2009.02.15	-
ViRobot	2009.2.14.1607	2009.02.15	-
VirusBuster	4.5.11.0	2009.02.15	-

附加信息

File size: 2667853 bytes

MD5...: 3040fbe50bf4972854726ac93f981f7a

SHA1..: be64201e520a3ba62824b23b8658a5c9ddd749d0

SHA256: 468eee4ecafa61aabc256ac64fc7ea31e22f2a78414c69ac768b76bb503576e4

SHA512: 21204d7b23e783860286030526b491662603ee7df659fd8c1454e9fc5a2c3ecc
b24b22b5b1e6a0339871c2be9b14b98e95ebb6097252d8b8ff4a3342d0122f94

ssdeep: 49152:bGEpfOr1dNlLQFqM9yvWsYbbXsCIarhLTfnG0hECT0d4TepeZLXR:CsfOr
1nlkFnyvQXsZarFLGSTw4TecZDR

PEiD..: -

TrID..: File type identification
RAR Archive (83.3%)
REALbasic Project (16.6%)

PEInfo: -

packers (Kaspersky): PE_Patch

packers (F-Prot): Aspack

[ 本帖最后由 FLogo 于 2009-2-16 09:13 编辑 ]

显示全部楼层 · 发表于 2009-2-16 09:47:30

22 MISS to VB

显示全部楼层 · 发表于 2009-2-16 15:36:33

卡巴全砍

显示全部楼层 · 发表于 2009-2-16 16:35:28

NOD32
正在扫描日志
病毒库版本: 3855 (20090216)
日期: 2009-2-16 时间: 16:32:21
已扫描的磁盘、文件夹和文件: C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar;C:\Documents and Settings\l\桌面\TDDOWNLOAD.part2.rar
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\1.exe - Win32/PSW.OnLineGames.NTM 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\106.exe - 可能是 Win32/Genetik 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\11.exe - Win32/PSW.OnLineGames.NTM 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\12.exe - Win32/PSW.OnLineGames.NUO 特洛伊木马
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\13.exe - Win32/PSW.WOW.DZI 特洛伊木马
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\14.exe - 可能是 Win32/PSW.WOW.DZI 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\15.exe - Win32/PSW.OnLineGames.NTM 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\16.exe - Win32/PSW.OnLineGames.NTM 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\17.exe - 可能是 Win32/PSW.OnLineGames.NRF 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\18.exe - Win32/PSW.OnLineGames.NTM 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\19.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\2.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\20.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\21.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\22.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\23.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\24.exe - Win32/PSW.OnLineGames.NTM 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\25.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\26.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\27.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\4.exe - Win32/PSW.OnLineGames.OHV 特洛伊木马
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\5.exe - Win32/PSW.OnLineGames.OEP 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\6.exe - Win32/PSW.OnLineGames.OE 特洛伊木马的变种
C:\Documents and Settings\l\桌面\TDDOWNLOAD.part1.rar > RAR > TDDOWNLOAD\7.exe - 找不到下一个压缩文件的卷标
已扫描的对象数: 24
发现的威胁数: 23
已清除对象数:0
完成时间: 16:32:23 总扫描时间: 2 秒 (00:00:02)

显示全部楼层 · 发表于 2009-2-16 18:35:40

to rs

显示全部楼层 · 发表于 2009-2-16 18:53:35

1L
miss 13

显示全部楼层 · 发表于 2009-2-16 18:57:40

Begin scan in 'D:\TDDOWNLOAD\Virus\TDDOWNLOAD.part2.rar'
D:\TDDOWNLOAD\Virus\TDDOWNLOAD.part2.rar
D:\TDDOWNLOAD\Virus\TDDOWNLOAD.part2.rar
[0] Archive type: RAR
--> TDDOWNLOAD\cc1.exe
   [DETECTION] Is the TR/Drop.Agent.agsv Trojan
   --> TDDOWNLOAD\cc2.exe
      [DETECTION] Is the TR/ATRAPS.Gen Trojan
   --> TDDOWNLOAD\cc4.exe
      [DETECTION] Contains HEUR/Malware suspicious code
   --> TDDOWNLOAD\cc5.exe
      [1] Archive type: NSIS
      --> 52D77ECE7B32424dB93B9A6EFBDDB0DF/[TempDir]/50.exe
      [DETECTION] Is the TR/Drop.Agent.xfv Trojan
[NOTE]    A backup was created as '49dd46ca.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!
Begin scan in 'D:\TDDOWNLOAD\Virus\TDDOWNLOAD.part1.rar'
D:\TDDOWNLOAD\Virus\TDDOWNLOAD.part1.rar
D:\TDDOWNLOAD\Virus\TDDOWNLOAD.part1.rar
[0] Archive type: RAR
--> TDDOWNLOAD\106.exe
   [DETECTION] Is the TR/Crypt.FKM.Gen Trojan
--> TDDOWNLOAD\12.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> TDDOWNLOAD\13.exe
   [DETECTION] Is the TR/Dropper.Gen Trojan
--> TDDOWNLOAD\17.exe
   [DETECTION] Is the TR/Thief.Magania.B Trojan
   --> TDDOWNLOAD\19.exe
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.Agent.lyj.1 Trojan
   --> TDDOWNLOAD\23.exe
      --> Object
      [2] Archive type: RSRC
      --> Object
         [DETECTION] Is the TR/PSW.Agent.lyi.1 Trojan
--> TDDOWNLOAD\3.exe
   [DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE]    A backup was created as '487b3b0b.qua'  ( QUARANTINE )
[NOTE]    The file was deleted!

End of the scan: 2009年2月16日  18:57
Used time: 00:05 Minute(s)

The scan has been done completely.

   0 Scanning directories
   38 Files were scanned
   29 viruses and/or unwanted programs were found
   2 Files were classified as suspicious:
   2 files were deleted
   0 files were repaired
   2 files were moved to quarantine
   0 files were renamed
   0 Files cannot be scanned
   7 Files not concerned
   3 Archives were scanned
   0 Warnings
   2 Notes

[病毒样本] 木马群样本(一包) Zapchast 1x 见3楼

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块