[病毒样本] 1

显示全部楼层 · 发表于 2009-8-1 18:43:35

过卡巴

	2009-07-31 Trojan.Gamethief.Magania.Bful		2009-08-01 Gen:Trojan.Heur.bmY@Kqi65jc
	2009-08-01 Trojan-PWS.Win32.LdPinch!IK		2009-07-31 Trojan-PWS.Win32.LdPinch
	2009-07-31 Win32:Agent-ACMH		2009-08-01 Found nothing
	2009-07-31 PSW.OnlineGames.2.AJ		2009-07-31 Win32/Kryptik.AAU
	2009-07-31 TR/Crypt.ULPM.Gen		2009-07-31 Found nothing
	2009-08-01 Gen:Trojan.Heur.bmY@Kqi65jc		2009-07-31 Found nothing
	2009-08-01 Trojan.Crypt-215		2009-07-31 Found nothing
	2009-08-01 Found nothing		2009-08-01 Mal/EncPk-F
	2009-08-01 Trojan.Packed.191		2009-07-31 Malware-Cryptor.Win32.General.4
	2009-07-31 Found nothing		2009-07-31 Trojan.DR.OnlineGames.Gen.118
	2009-07-31 Found nothing

文件名称 :	1.exe
文件大小 :	24592 byte
文件类型 :	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 :	9577bbde2c4a5f65fbc43cc685f0f340
SHA1 :	801100d1ea2e0ff211cd8d2c61082c1548b1d372

扫描结果

扫描结果 :	49%的杀软(18/37)报告发现病毒
时间 :	2009/08/01 18:39:37 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.5.0.3	20090731163245	2009-07-31	Trojan-PWS.Win32.LdPinch!IK	0.329
AntiVir	8.2.0.238	7.1.5.57	2009-07-31	TR/Crypt.ULPM.Gen	0.460
Arcavir	2009	200907311811	2009-07-31	Trojan.Gamethief.Magania.Bful	0.068
Authentium	5.1.1	200907311707	2009-07-31	-	1.159
AVAST!	4.7.4	090731-0	2009-07-31	Win32:Agent-ACMH [Drp]	0.012
AVG	8.5.288	270.13.38/2274	2009-07-31	PSW.OnlineGames.2.AJ	0.313
BitDefender	7.81008.3870398	7.26931	2009-08-01	Gen:Trojan.Heur.bmY@Kqi65jc	3.386
CA (VET)	9.0.0.143	31.6.6649	2009-08-01	-	8.012
ClamAV	0.95.2	9640	2009-08-01	Trojan.Crypt-215	0.017
Comodo	3.10	1834	2009-08-01	-	0.745
CP Secure	1.1.0.715	2009.08.01	2009-08-01	-	11.513
Dr.Web	4.44.0.9170	2009.08.01	2009-08-01	-	4.959
F-Prot	4.4.4.56	20090731	2009-07-31	-	1.195
F-Secure	7.02.73807	2009.07.29.10	2009-07-29	-	0.083
GData	19.6802/19.421	20090801	2009-08-01	Win32:Agent-ACMH [Drp] [Engine:B]	4.699
Ikarus	T3.1.01.64	2009.07.31.73137	2009-07-31	Trojan-PWS.Win32.LdPinch	4.169
Microsoft	1.4903	2009.08.01	2009-08-01	-	5.472
Norman	6.01.09	6.01.00	2009-07-31	-	4.007
nProtect	20090731.01	4987030	2009-07-31	-	6.632
Quick Heal	10.00	2009.07.30	2009-07-30	-	1.103
Sophos	2.89.1	4.44	2009-08-01	Mal/EncPk-F	3.024
Sunbelt	5301	5301	2009-07-30	Trojan.Win32.Magania.gen (v)	1.389
The Hacker	6.3.4.3	v00375	2009-07-31	-	0.800
VBA32	3.12.10.9	20090731.1443	2009-07-31	Malware-Cryptor.Win32.General.4 (suspicious)	1.842
ViRobot	20090730	2009.07.30	2009-07-30	-	0.426
VirusBuster	4.5.11.10	10.110.1/1825217	2009-07-31	Trojan.DR.OnlineGames.Gen.118	2.834
卡巴斯基	5.5.10	2009.08.01	2009-08-01	-	0.070
安博士V3	2009.08.01.00	2009.08.01	2009-08-01	Win32/NSAnti.suspicious	1.096
安天	2.0.18	20090801.2664522	2009-08-01	-	0.120
江民杀毒	11.0.800	2009.08.01	2009-08-01	-	3.451
熊猫卫士	9.05.01	2009.07.31	2009-07-31	-	5.058
瑞星	20.0	21.40.44.00	2009-07-31	Trojan.Spy.Win32.Agent.fcn	0.247
赛门铁克	1.3.0.24	20090731.004	2009-07-31	Infostealer.Gampass	0.069
趋势科技	8.700-1004	6.336.19	2009-07-31	Possible_Movly-1	0.033
迈克菲	5.3.00	5694	2009-07-31	Generic Dropper.eb	2.999
金山毒霸	2009.2.5.15	2009.7.31.18	2009-07-31	-	0.673
飞塔	2.81-3.120	10.667	2009-08-01	-	0.237

显示全部楼层 · 发表于 2009-8-1 18:54:30

卡巴斯基 SuspiciousPacker.Multi.Generic

文件名称 :	1.zip
文件大小 :	463687 byte
文件类型 :	Zip archive data, at least v2.0 to extract
MD5 :	f6219b65874df218fd7ee441ad048434
SHA1 :	813cdf8c56dbe88082907e534b55209944c59c19

扫描结果

扫描结果 :	16%的杀软(6/37)报告发现病毒
时间 :	2009/08/01 18:47:26 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.5.0.3	20090731163245	2009-07-31	-	0.641
AntiVir	8.2.0.238	7.1.5.57	2009-07-31	-	0.720
Arcavir	2009	200907311811	2009-07-31	W32.Junkcomp	0.192
Authentium	5.1.1	200907311707	2009-07-31	-	5.537
AVAST!	4.7.4	090731-0	2009-07-31	Win32:JunkPoly [Cryp]	0.026
AVG	8.5.288	270.13.38/2274	2009-07-31	-	1.166
BitDefender	7.81008.3870398	7.26931	2009-08-01	-	3.526
CA (VET)	9.0.0.143	31.6.6649	2009-08-01	-	5.668
ClamAV	0.95.2	9640	2009-08-01	-	0.432
Comodo	3.10	1834	2009-08-01	-	3.902
CP Secure	1.1.0.715	2009.08.01	2009-08-01	-	11.929
Dr.Web	4.44.0.9170	2009.08.01	2009-08-01	-	5.362
F-Prot	4.4.4.56	20090731	2009-07-31	-	5.532
F-Secure	7.02.73807	2009.07.29.10	2009-07-29	-	1.492
GData	19.6802/19.421	20090801	2009-08-01	Win32:JunkPoly [Cryp] [Engine:B]	4.460
Ikarus	T3.1.01.64	2009.07.31.73137	2009-07-31	-	4.719
Microsoft	1.4903	2009.08.01	2009-08-01	-	5.578
Norman	6.01.09	6.01.00	2009-07-31	-	4.007
nProtect	20090731.01	4987030	2009-07-31	-	7.972
Quick Heal	10.00	2009.07.30	2009-07-30	-	1.220
Sophos	2.89.1	4.44	2009-08-01	Mal/HckPk-D	2.819
Sunbelt	5301	5301	2009-07-30	-	1.930
The Hacker	6.3.4.3	v00375	2009-07-31	-	0.826
VBA32	3.12.10.9	20090731.1443	2009-07-31	-	2.129
ViRobot	20090730	2009.07.30	2009-07-30	-	0.428
VirusBuster	4.5.11.10	10.110.1/1825217	2009-07-31	-	3.322
卡巴斯基	5.5.10	2009.08.01	2009-08-01	-	0.621
安博士V3	2009.08.01.00	2009.08.01	2009-08-01	-	1.067
安天	2.0.18	20090801.2664522	2009-08-01	-	0.119
江民杀毒	11.0.800	2009.08.01	2009-08-01	Trojan/PSW.QQPianzi.b.Config	3.444
熊猫卫士	9.05.01	2009.07.31	2009-07-31	Malicious Packer	1.972
瑞星	20.0	21.40.44.00	2009-07-31	-	1.360
赛门铁克	1.3.0.24	20090731.004	2009-07-31	-	0.074
趋势科技	8.700-1004	6.336.19	2009-07-31	-	0.088
迈克菲	5.3.00	5694	2009-07-31	-	3.955
金山毒霸	2009.2.5.15	2009.7.31.18	2009-07-31	-	0.630
飞塔	2.81-3.120	10.667	2009-08-01	-	0.514

	2009-07-31 W32.Junkcomp		2009-08-01 Found nothing
	2009-08-01 Found nothing		2009-07-31 Found nothing
	2009-07-31 Win32:JunkPoly		2009-08-01 Found nothing
	2009-07-31 Found nothing		2009-07-31 Found nothing
	2009-07-31 Found nothing		2009-07-31 Found nothing
	2009-08-01 Found nothing		2009-07-31 Malicious
	2009-08-01 Found nothing		2009-07-31 Found nothing
	2009-08-01 Found nothing		2009-08-01 Mal/HckPk-D
	2009-08-01 Found nothing		2009-07-31 Found nothing
	2009-07-31 Found nothing		2009-07-31 Found nothing
	2009-07-31 Found nothing

显示全部楼层 · 发表于 2009-8-1 18:54:56

收工

显示全部楼层 · 发表于 2009-8-1 20:05:15

29-32 to kl,ll

thanks for share

显示全部楼层 · 发表于 2009-8-1 20:25:46

Hello,

1.exe1, jsy.dat, Jsy.exe_

No malicious code were found in these files.

1.exe_ - Trojan.Win32.Agent2.kzn,
456.exe_ - Trojan-GameThief.Win32.OnLineGames.vjcn

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

#25-#28

(我会跟进首3个文件)

[ 本帖最后由 sam.to 于 2009-8-1 20:33 编辑 ]

显示全部楼层 · 发表于 2009-8-1 20:59:51

Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
Thank you for your help.

(29-32)

显示全部楼层 · 发表于 2009-8-1 21:28:21

文件名称 :	1.exe
文件大小 :	15360 byte
文件类型 :	PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 :	ca60547e436d7220820e37177dfde5d2
SHA1 :	b9f7852ae2ac7c6d653cce57b545e091acd15c7f

扫描结果

扫描结果 :	19%的杀软(7/37)报告发现病毒
时间 :	2009/08/01 21:22:43 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.5.0.3	20090731163245	2009-07-31	-	0.322
AntiVir	8.2.0.238	7.1.5.57	2009-07-31	TR/Dropper.Gen	0.070
Arcavir	2009	200908010851	2009-08-01	-	0.060
Authentium	5.1.1	200907311707	2009-07-31	-	1.186
AVAST!	4.7.4	090731-0	2009-07-31	-	0.009
AVG	8.5.288	270.13.38/2274	2009-07-31	-	0.336
BitDefender	7.81008.3870436	7.26933	2009-08-01	-	3.395
CA (VET)	9.0.0.143	31.6.6649	2009-08-01	-	7.177
ClamAV	0.95.2	9640	2009-08-01	-	0.026
Comodo	3.10	1835	2009-08-01	-	0.752
CP Secure	1.1.0.715	2009.08.01	2009-08-01	-	11.570
Dr.Web	4.44.0.9170	2009.08.01	2009-08-01	-	5.083
F-Prot	4.4.4.56	20090731	2009-07-31	-	1.161
F-Secure	7.02.73807	2009.07.29.10	2009-07-29	-	7.637
GData	19.6804/19.421	20090801	2009-08-01	-	4.520
Ikarus	T3.1.01.64	2009.07.31.73137	2009-07-31	-	4.150
Microsoft	1.4903	2009.08.01	2009-08-01	Trojan:Win32/Killav.DK	7.722
Norman	6.01.09	6.01.00	2009-07-31	-	4.005
nProtect	20090731.01	4987030	2009-07-31	-	6.717
Quick Heal	10.00	2009.07.30	2009-07-30	-	1.104
Sophos	2.89.1	4.44	2009-08-01	Mal/Generic-A	2.835
Sunbelt	5301	5301	2009-07-30	-	1.158
The Hacker	6.3.4.3	v00375	2009-07-31	-	0.667
VBA32	3.12.10.9	20090731.1443	2009-07-31	Win32.Trojan.Downloader (http://...) (suspicious)	1.814
ViRobot	20090730	2009.07.30	2009-07-30	-	0.411
VirusBuster	4.5.11.10	10.110.1/1825217	2009-07-31	-	2.202
卡巴斯基	5.5.10	2009.08.01	2009-08-01	-	0.055
安博士V3	2009.08.01.00	2009.08.01	2009-08-01	-	0.772
安天	2.0.18	20090801.2664522	2009-08-01	-	0.119
江民杀毒	11.0.800	2009.08.01	2009-08-01	-	4.343
熊猫卫士	9.05.01	2009.08.01	2009-08-01	-	1.626
瑞星	20.0	21.40.44.00	2009-07-31	RootKit.Win32.Agent.GEN [Suspicious]	1.085
赛门铁克	1.3.0.24	20090731.004	2009-07-31	Trojan.Dropper	0.045
趋势科技	8.700-1004	6.336.21	2009-08-01	-	0.158
迈克菲	5.3.00	5694	2009-07-31	Generic Malware.al!enc	3.081
金山毒霸	2009.2.5.15	2009.7.31.18	2009-07-31	-	0.543
飞塔	2.81-3.120	10.667	2009-08-01	-	0.216

显示全部楼层 · 发表于 2009-8-1 21:34:32

37# To KL

显示全部楼层 · 发表于 2009-8-1 21:58:14

2009-08-01 21:57:13 创建文件    操作:阻止
进程路径:E:\virus\1.exe
文件路径:C:\WINDOWS\system32\sysyhzt9.dll
触发规则:所有程序规则->FD:01…系统文件读写规则->%SystemDrive%\*.dll

2009-08-01 21:57:42 创建文件    操作:阻止
进程路径:E:\virus\1.exe
文件路径:C:\WINDOWS\system32\pyhztS.dll
触发规则:所有程序规则->FD:01…系统文件读写规则->%SystemDrive%\*.dll

2009-08-01 21:57:42 运行应用程序    操作:阻止
进程路径:E:\virus\1.exe
文件路径:C:\WINDOWS\system32\verclsid.exe
命令行:/C {871C5380-42A0-1069-A2EA-08002B30309D} /I {000214E6-0000-0000-C000-000000000046} /X 0x401
触发规则:所有程序规则->AD:02…绝对禁运区->%windir%\system32\*

2009-08-01 21:57:42 修改注册表内容    操作:阻止
进程路径:E:\virus\1.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
注册表名称:Cookies
触发规则:所有程序规则->RD:03…IE浏览器设置保护（黑名单）->*\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

======

2009-08-01 21:59:39 创建文件    操作:阻止
进程路径:E:\virus\1.exe
文件路径:C:\WINDOWS\system32\sysyhzt9.dll
触发规则:所有程序规则->FD-重要文件->*.dll

2009-08-01 22:00:20 创建文件    操作:阻止
进程路径:E:\virus\1.exe
文件路径:C:\WINDOWS\system32\pyhztS.dll
触发规则:所有程序规则->FD-重要文件->*.dll

2009-08-01 22:00:21 运行应用程序    操作:阻止
进程路径:E:\virus\1.exe
文件路径:C:\WINDOWS\explorer.exe
触发规则:应用程序规则->AD-全局->*->%windir%\*

[ 本帖最后由左手于 2009-8-1 22:01 编辑 ]

显示全部楼层 · 发表于 2009-8-1 22:49:03

#37 to ll

[病毒样本] 1

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源