[病毒样本] 1

显示全部楼层 · 发表于 2009-3-1 20:20:25

kill rising

显示全部楼层 · 发表于 2009-3-1 20:22:17

kv miss
谁to kv一下。。。

显示全部楼层 · 发表于 2009-3-1 20:22:52

DR.WEB報
1 - infected with BackDoor.Pigeon.5102

VT
http://www.virustotal.com/analisis/044a98e9aac2df7a8ed62bd9dbc52c46
Avast.GData報,主流報的好少

[ 本帖最后由黑衣~魂于 2009-3-1 20:27 编辑 ]

显示全部楼层 · 发表于 2009-3-1 20:23:58

to VB

显示全部楼层 · 发表于 2009-3-1 20:24:29

Filename Result
1 UNDER ANALYSIS

The file '1' has been determined to be 'UNDER ANALYSIS'.

显示全部楼层 · 发表于 2009-3-1 20:27:05

Ultra String Reference
Address Disassembly                            Text String
00401644 push 00401714                         (initial cpu selection)
00402C3C mov    dword ptr [ebp-DC], 00402128    &h
00402D48 mov    dword ptr [ebp-DC], 00402128    &h
00402E54 mov    dword ptr [ebp-DC], 00402128    &h
00402F60 mov    dword ptr [ebp-DC], 00402128    &h
0040355A push 0040216C                         \
00403575 push 0040216C                         \
004035C7 push 0040216C                         \
004037AB mov    edx, 00401B14                   serestoreprivilege
00403C9D push 00402184                         a
00403CD3 push 0040218C                         b
00403D09 push 00402194                         c
00403D3F push 0040219C                         d
00403D71 push 00401FF0                         e
00403DA3 push 00401E14                         f
004041CA mov    dword ptr [ebp-124], 004021E4    c:\
00404278 mov    dword ptr [ebp-134], 004021F0    test
00404308 mov    edx, 0040220C                   t.exe
00404312 mov    edx, 00402200                   bin
0040435E mov    edx, 0040220C                   t.exe
004044B0 mov    dword ptr [ebp-124], 0040220C    t.exe
004044EA mov    edx, 0040221C                   software\microsoft\windows\currentversion\policies\explorer
00404525 push 00402298                         delme.bat
0040453C push 004022B0                         @echo off
0040454A push 004022D0                         :re
00404558 push 004022DC                         del /a /f c:\test.exe
00404566 push 0040230C                         if exist c:\test.exe goto re
00404574 push 0040234C                         del %0
00404595 mov    dword ptr [ebp-124], 00402298    delme.bat
004045D9 mov    edx, 00402360                   rskiller.hiv
004045E3 mov    edx, 00402200                   bin
00404640 mov    edx, 00402360                   rskiller.hiv
0040464A mov    edx, 00402380                   software\rising
00404688 mov    dword ptr [ebp-124], 00402360    rskiller.hiv
00404701 mov    edx, 0040221C                   software\microsoft\windows\currentversion\policies\explorer
00404767 mov    edx, 004023A4                   run.hiv
00404771 mov    edx, 00402200                   bin
004047D3 mov    edx, 004023A4                   run.hiv
004047DD mov    edx, 0040221C                   software\microsoft\windows\currentversion\policies\explorer
0040481B mov    dword ptr [ebp-124], 004023A4    run.hiv
004049AD push 0040216C                         \
004049F4 mov    dword ptr [ebp-124], 0040216C    \
00404AB9 push 004023C8                         c:\test.exe
00404AC6 mov    dword ptr [ebp-134], 004023B8    .exe
00404BC5 push 004023E4                         seshutdownprivilege

显示全部楼层 · 发表于 2009-3-1 20:27:52

to lab

显示全部楼层 · 发表于 2009-3-1 21:16:27

To KL

显示全部楼层 · 发表于 2009-3-1 21:25:39

Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.
Backdoor.Win32.Hupigon.gflq

Regards, Tatarinov Ivan
Virus Analyst

10/1, 1st Volokolamsky Proezd, Moscow, 123060, Russia
Tel./Fax: + 7 (495) 797 8700
http://www.kaspersky.com http://www.viruslist.com

[病毒样本] 1

本帖子中包含更多资源