收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 过江民,瑞星
12下一页
返回列表 发新帖
查看: 3942|回复: 12
收起左侧

[病毒样本] 过江民,瑞星

[复制链接]
小杨过
发表于 2009-6-18 01:07:39 | 显示全部楼层 |阅读模式
a-squared4.5.0.182009.06.17-
AhnLab-V35.0.0.22009.06.17Win32/Iksmas.worm.419328.BK
AntiVir7.9.0.1872009.06.17TR/Crypt.XPACK.Gen
Antiy-AVL2.0.3.12009.06.17Worm/Win32.Iksmas.gen
Authentium5.1.2.42009.06.17W32/Waledac.D.gen!Eldorado
Avast4.8.1335.02009.06.16Win32:WalDrop
AVG8.5.0.3392009.06.17Win32/Cryptor
BitDefender7.22009.06.17Trojan.Waledac.Gen.1
CAT-QuickHeal10.002009.06.17Win32.Email-Worm.Iksmas.all.3
ClamAV0.94.12009.06.17Worm.Waledac-1753
Comodo13522009.06.17Worm.Win32.Email-Worm.Iksmas.bcf
DrWeb5.0.0.121822009.06.17Trojan.Spambot.4331
eSafe7.0.17.02009.06.17Win32.TRDropper
eTrust-Vet31.6.65642009.06.17-
F-Prot4.4.4.562009.06.16W32/Waledac.D.gen!Eldorado
F-Secure8.0.14470.02009.06.17Packed:W32/Waledac.gen!I
Fortinet3.117.0.02009.06.17PossibleThreat
GData192009.06.17Trojan.Waledac.Gen.1
IkarusT3.1.1.59.02009.06.17Trojan.Win32.Waledac
Jiangmin11.0.7062009.06.17-
K7AntiVirus7.10.7662009.06.17Email-Worm.Win32.Iksmas.bcf
Kaspersky7.0.0.1252009.06.17Email-Worm.Win32.Iksmas.bcf
McAfee56492009.06.17Spam-Mailbot.m
McAfee+Artemis56482009.06.16Spam-Mailbot.m
McAfee-GW-Edition6.7.62009.06.17Trojan.Crypt.XPACK.Gen
Microsoft1.47012009.06.17Trojan:Win32/Waledac.gen!A
NOD3241632009.06.17a variant of Win32/Kryptik.MQ
Norman6.01.092009.06.17-
nProtect2009.1.8.02009.06.17-
Panda10.0.0.142009.06.16Trj/Downloader.MDW
PCTools4.4.2.02009.06.17-
Prevx3.02009.06.17High Risk Worm
Rising21.34.24.002009.06.17-
Sophos4.42.02009.06.17Mal/WaledPak-A
Sunbelt3.2.1858.22009.06.17Trojan-Win32/Waledac.gen!A
Symantec1.4.4.122009.06.17Packed.Generic.230
TheHacker6.3.4.3.3472009.06.17-
TrendMicro8.950.0.10942009.06.17WORM_WALEDAC.KW
VBA323.12.10.72009.06.17Email-Worm.Win32.Iksmas.bcf
ViRobot2009.6.17.17922009.06.17I-Worm.Win32.Iksmas.419328.H
VirusBuster4.6.5.02009.06.17Trojan.Waledac.Gen!Pac.9


[ 本帖最后由 小杨过 于 2009-6-18 01:23 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

taihuxian
发表于 2009-6-18 06:59:41 | 显示全部楼层
[size=1.5em]BitDefender 2009
此网页已被 BitDefender 反病毒实时防护拦截!
被拦截的网页包含(可能)已被病毒感染的对象。您的系统 未被 感染。
回复

举报

huangqian202
发表于 2009-6-18 07:29:40 | 显示全部楼层
费尔报病毒!
回复

举报

眼镜王蛇
头像被屏蔽
发表于 2009-6-18 09:02:13 | 显示全部楼层
我看到过江民就进来了 你快上报啊 在江民的保护下 我电脑中还有两个未知病毒 哎 心惊肉跳 都考虑换系统了
回复

举报

眼镜王蛇
头像被屏蔽
发表于 2009-6-18 09:03:02 | 显示全部楼层
不过你很喜欢熬夜啊 经常看你都是半夜上论坛 呵呵
回复

举报

jochelliu
发表于 2009-6-18 15:35:54 | 显示全部楼层
貌似木马下载器

• Values Created
Name Type Size Value
CU\Software\Microsoft\Windows\CurrentVersion\MyID REG_BINARY 16 ?
CU\Software\Microsoft\Windows\CurrentVersion\RList REG_BINARY 4320 ?
LM\Software\Microsoft\Windows\CurrentVersion\Run\PromoReg REG_SZ 38 "C:\TEST\sample.exe"

• Values Changed
Name Type Size Value
CU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings REG_BINARY/REG_BINARY 52/56 ?/?

• Files Changed
Name Size Last Write Time Creation Time Last Access Time Attr
C:\Documents and Settings\User\NTUSER.DAT 524288/786432 2009.01.12 15:09:56.515/2009.01.12 15:12:44.734 2008.08.01 05:31:04.546/2008.08.01 05:31:04.546 2009.01.12 15:09:56.515/2009.01.12 15:09:56.515 0x22/0x22

• Threads Created
PId Process Name TId Start Start Mem Win32 Start Win32 Start Mem
0x2ac lsass.exe 0x610 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE
0x348 svchost.exe 0xf8 0x7c810856 MEM_IMAGE 0x7c910760 MEM_IMAGE
0x3f4 svchost.exe 0x4f4 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE

• HTTP Queries
HTTP Query Text
212.77.131.210 POST /xoiihssmcna.htm HTTP/1.1
10.10.0.182 POST / HTTP/1.1
24.131.222.64 POST /qyoifghf.htm HTTP/1.1
125.129.151.36 POST /ypbavs.png HTTP/1.1
125.129.151.36 POST /bze.png HTTP/1.1
166.82.149.171 POST /inghxjjd.png HTTP/1.1
60.198.132.191 POST /exdq.png HTTP/1.1
115.88.228.230 POST /nrkuupbultsc.htm HTTP/1.1
60.198.132.191 POST /fdulovwyajth.htm HTTP/1.1
166.82.149.171 POST /aztunlhepfo.png HTTP/1.1
66.8.174.87 POST /hxvhzz.png HTTP/1.1
82.77.178.45 POST /sqchwtefqic.htm HTTP/1.1
83.82.120.201 POST /iolui.png HTTP/1.1
85.87.36.48 POST /crmoaebrm.htm HTTP/1.1
211.224.103.102 POST /xuh.htm HTTP/1.1
115.88.228.230 POST /mvwgrcfxxnuu.htm HTTP/1.1
HTTP Query Text
212.77.131.210 POST /xoiihssmcna.htm HTTP/1.1
10.10.0.182 POST / HTTP/1.1
24.131.222.64 POST /qyoifghf.htm HTTP/1.1
125.129.151.36 POST /ypbavs.png HTTP/1.1
125.129.151.36 POST /bze.png HTTP/1.1
166.82.149.171 POST /inghxjjd.png HTTP/1.1
60.198.132.191 POST /exdq.png HTTP/1.1
115.88.228.230 POST /nrkuupbultsc.htm HTTP/1.1
60.198.132.191 POST /fdulovwyajth.htm HTTP/1.1
166.82.149.171 POST /aztunlhepfo.png HTTP/1.1
66.8.174.87 POST /hxvhzz.png HTTP/1.1
82.77.178.45 POST /sqchwtefqic.htm HTTP/1.1
83.82.120.201 POST /iolui.png HTTP/1.1
85.87.36.48 POST /crmoaebrm.htm HTTP/1.1
211.224.103.102 POST /xuh.htm HTTP/1.1
115.88.228.230 POST /mvwgrcfxxnuu.htm HTTP/1.1
66.8.174.87 POST /zvxhlbmob.htm HTTP/1.1
10.10.0.182 POST /bosfapykai.png HTTP/1.1
211.51.116.130 POST /gvrkfbg.png HTTP/1.1
201.3.88.56 POST /kzqfqljwmua.png HTTP/1.1
87.254.169.42 POST /oghekqphnx.png HTTP/1.1
18.82.7.15 POST /lhfrohjinxe.png HTTP/1.1
211.51.116.130 POST /ztmxhgjr.png HTTP/1.1
115.88.228.230 POST /olzdrjblf.htm HTTP/1.1
60.198.132.191 POST /ipmts.png HTTP/1.1
18.82.7.15 POST /vdqn.htm HTTP/1.1
85.87.36.48 POST /fhdemltgbs.png HTTP/1.1
18.82.7.15 POST /kag.htm HTTP/1.1
118.217.171.70 POST /fvi.htm HTTP/1.1
66.8.174.87 POST /vcilisnuj.htm HTTP/1.1
211.181.153.137 POST /bbehwbfthzhq.png HTTP/1.1

• Verdict
Auto Analysis Verdict
Rated as Suspicious

• Description
Suspicious Actions Detected
Creates autorun records

• Mutexes Created or Opened
PId Image Name Address Mutex Name
0x684 C:\TEST\sample.exe 0x76ee3a34 RasPbFile
0x684 C:\TEST\sample.exe 0x771ba3ae _!MSFTHISTORY!_
0x684 C:\TEST\sample.exe 0x771bc21c WininetConnectionMutex
0x684 C:\TEST\sample.exe 0x771bc23d WininetProxyRegistryMutex
0x684 C:\TEST\sample.exe 0x771bc2dd WininetStartupMutex
0x684 C:\TEST\sample.exe 0x771d9710 c:!documents and settings!user!cookies!
0x684 C:\TEST\sample.exe 0x771d9710 c:!documents and settings!user!local settings!history!history.ie5!
0x684 C:\TEST\sample.exe 0x771d9710 c:!documents and settings!user!local settings!temporary internet files!content.ie5!
回复

举报

小杨过
 楼主| 发表于 2009-6-18 16:24:56 | 显示全部楼层

回复 5楼 眼镜王蛇 的帖子

偶没有上报。。。
等别人上报吧
回复

举报

狂舞的猪
发表于 2009-6-18 18:38:55 | 显示全部楼层
江民已经可以查杀
回复

举报

Palkia
发表于 2009-6-18 18:41:02 | 显示全部楼层
病毒        2009-06-18  18:42:05        F:\DL\run.zip\run.exe=        Worm.IksmasT.di.420864 (蠕虫病毒)        跳过,未处理
回复

举报

一个轮回
发表于 2009-6-18 18:45:04 | 显示全部楼层
看看是什么东西过江民,瑞星。 瑞星检测到威胁Email-Worm.Win32.Iksmas.bcf

[ 本帖最后由 一个轮回 于 2009-6-18 18:46 编辑 ]
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-9-18 04:26 , Processed in 0.360500 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表