帮忙分析下是否病毒？

显示全部楼层 · 发表于 2009-8-12 11:39:50

下载地址：http://g.zhubajie.com/urllink.php?id=56829967gf6jskjt88ey1qm

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	4.5.0.3	20090812000143	2009-08-12	Virus.Win32.Agent!IK	0.529
AntiVir	8.2.1.0	7.1.5.100	2009-08-11	DR/Agent.qcf	0.524
Arcavir	2009	200908111403	2009-08-11	-	0.278
Authentium	5.1.1	200908120041	2009-08-12	W32/Trojan2.HEAU (Exact)	1.867
AVAST!	4.7.4	090811-0	2009-08-11	BV:Malware-gen	0.136
AVG	8.5.288	270.13.51/2297	2009-08-12	BackDoor.Hupigon4.AUAW	0.473
BitDefender	7.81008.3835771	7.27121	2009-08-12	-	3.560
CA (VET)	9.0.0.143	31.6.6670	2009-08-11	-	7.439
ClamAV	0.95.2	9677	2009-08-11	Trojan.Hupigon-21517	0.090
Comodo	3.10	1949	2009-08-12	-	2.106
CP Secure	1.1.0.715	2009.08.11	2009-08-11	BackDoor.W32.Huigezi.E	13.302
Dr.Web	4.44.0.9170	2009.08.11	2009-08-11	-	5.542
F-Prot	4.4.4.56	20090811	2009-08-11	W32/Trojan2.HEAU (exact)	1.224
F-Secure	7.02.73807	2009.08.11.17	2009-08-11	Trojan.Win32.Chifrax.a [AVP]	0.121
GData	19.7043/19.436	20090812	2009-08-12	Trojan.Win32.Chifrax.a [Engine:A]	8.915
Ikarus	T3.1.01.64	2009.08.12.73223	2009-08-12	Virus.Win32.Agent	3.804
Microsoft	1.4903	2009.08.12	2009-08-12	PWS:Win32/Prast!rts	9.724
Norman	6.01.09	6.01.00	2009-08-11	-	4.007
nProtect	20090812.01	4994586	2009-08-12	-	6.216
Quick Heal	10.00	2009.08.11	2009-08-11	-	1.604
Sophos	2.89.1	4.44	2009-08-12	Mal/Dropper-AE	5.497
Sunbelt	5325	5325	2009-08-11	-	1.728
The Hacker	6.3.4.3	v00381	2009-08-11	Trojan/Chifrax.a	0.678
VBA32	3.12.10.9	20090811.1432	2009-08-11	Backdoor.Win32.Hupigon.eqti	2.445
ViRobot	20090811	2009.08.11	2009-08-11	-	0.492
VirusBuster	4.5.11.10	10.112.2/1844876	2009-08-11	-	2.854
卡巴斯基	5.5.10	2009.08.12	2009-08-12	Trojan.Win32.Chifrax.a	0.054
安博士V3	2009.08.11.07	2009.08.11	2009-08-11	-	0.804
安天	2.0.18	20090810.2695746	2009-08-10	-	0.194
江民杀毒	11.0.800	2009.08.11	2009-08-11	-	12.730
熊猫卫士	9.05.01	2009.08.11	2009-08-11	-	2.960
瑞星	20.0	21.42.14.00	2009-08-11	-	1.054
赛门铁克	1.3.0.24	20090811.004	2009-08-11	-	0.058
趋势科技	8.700-1004	6.356.09	2009-08-11	-	0.046
迈克菲	5.3.00	5706	2009-08-11	-	3.153
金山毒霸	2009.2.5.15	2009.8.11.20	2009-08-11	Win32.Troj.TrsRarSfxT.a.1038181	0.951
飞塔	2.81-3.120	10.707	2009-08-11	-	1.404

Antivirus	Version	Last Update	Result
a-squared	4.5.0.24	2009.08.11	Virus.Win32.Agent!IK
AhnLab-V3	5.0.0.2	2009.08.11	-
AntiVir	7.9.0.248	2009.08.11	DR/Agent.qcf
Antiy-AVL	2.0.3.7	2009.08.11	-
Authentium	5.1.2.4	2009.08.11	W32/Trojan2.HEAU
Avast	4.8.1335.0	2009.08.10	VBS:Malware-gen
AVG	8.5.0.406	2009.08.11	BackDoor.Hupigon4.AUAW
BitDefender	7.2	2009.08.11	-
CAT-QuickHeal	10.00	2009.08.11	-
ClamAV	0.94.1	2009.08.11	Trojan.Hupigon-21517
Comodo	1943	2009.08.11	-
DrWeb	5.0.0.12182	2009.08.11	-
eSafe	7.0.17.0	2009.08.10	-
eTrust-Vet	31.6.6672	2009.08.11	-
F-Prot	4.4.4.56	2009.08.10	W32/Trojan2.HEAU
F-Secure	8.0.14470.0	2009.08.11	Trojan.Win32.Chifrax.a
Fortinet	3.120.0.0	2009.08.11	-
GData	19	2009.08.11	VBS:Malware-gen
Ikarus	T3.1.1.64.0	2009.08.11	Virus.Win32.Agent
Jiangmin	11.0.800	2009.08.11	Heur:TrojanDropper.WinRar
K7AntiVirus	7.10.816	2009.08.11	-
Kaspersky	7.0.0.125	2009.08.11	Trojan.Win32.Chifrax.a
McAfee	5705	2009.08.10	-
McAfee+Artemis	5705	2009.08.10	-
McAfee-GW-Edition	6.8.5	2009.08.11	Heuristic.BehavesLike.Win32.Dropper.J
Microsoft	1.4903	2009.08.11	PWS:Win32/Prast!rts
NOD32	4326	2009.08.11	BAT/TrojanDownloader.Agent.NAE
Norman	6.01.09	2009.08.11	-
nProtect	2009.1.8.0	2009.08.11	-
Panda	10.0.0.14	2009.08.10	-
PCTools	4.4.2.0	2009.08.11	-
Prevx	3.0	2009.08.11	-
Rising	21.42.14.00	2009.08.11	-
Sophos	4.44.0	2009.08.11	Mal/Dropper-AE
Sunbelt	3.2.1858.2	2009.08.11	-
Symantec	1.4.4.12	2009.08.11	-
TheHacker	6.3.4.3.380	2009.08.11	Trojan/Chifrax.a
TrendMicro	8.950.0.1094	2009.08.11	-
VBA32	3.12.10.9	2009.08.10	Backdoor.Win32.Hupigon.eqti
ViRobot	2009.8.11.1879	2009.08.11	-
VirusBuster	4.6.5.0	2009.08.10	-

Additional information

File size: 576566 bytes

MD5 : 347124124c4ab46dac2dbde9999456dc

SHA1 : 9a23794ea5fc2ff38b85579135916f2059ffa10d

SHA256: a3854e3f8479d52a30f5316f8e8c3b541b49c96c8df62270f4c0c2b38c2a3273

PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x1000
      timedatestamp.....: 0x48CFC008 (Tue Sep 16 16:17:44 2008)
      machinetype.......: 0x14C (Intel I386)

      ( 4 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x14000 0x13A00 6.48 cb357e69289cb7cf26dfea61eaea1985
.data 0x15000 0x8000 0xA00 4.93 568dd221456d807ca821813c84d65e70
.idata 0x1D000 0x2000 0x1200 4.79 bc7806e1c1ce9ebfd00ad834c1f7a647
.rsrc 0x1F000 0x28DC 0x2A00 5.47 497e5fdc01e78cc51ec9270471b960d0

      ( 8 imports )

>advapi32.dll: AdjustTokenPrivileges, LookupPrivilegeValueA,OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA,RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
> comctl32.dll: -
> comdlg32.dll: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA
> gdi32.dll: DeleteObject
>kernel32.dll: CloseHandle, CompareStringA, CreateDirectoryA,CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW,DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA,FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose,FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW,FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA,GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA,GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA,GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleFileNameW,GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap,GetStdHandle, GetSystemTime, GetTempPathA, GetTickCount,GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree,HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime,MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile,SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA,SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime,SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject,WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
> ole32.dll: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize
>shell32.dll: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA,SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation,ShellExecuteExA, SHGetPathFromIDListA
> user32.dll: CharToOemA,CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA,DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA,EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect,GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor,GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect,GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA,LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA,OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA,SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu,SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow,TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA

      ( 0 exports )

TrID : File type identification
WinRAR Self Extracting archive (96.2%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Generic Win/DOS Executable (0.3%)
DOS Executable Generic (0.3%)

ssdeep: 12288:YlOLilaWWgrHqkCpkQrQ72P6ZPSmpVAe/40dhgG5ir5lGsyg:YUseEKfVM722PSSFASY58syg

PEiD : -

RDS : NSRL Reference Data Set

[ 本帖最后由 xxvvxxvv 于 2009-8-12 11:45 编辑 ]

显示全部楼层 · 发表于 2009-8-12 11:46:23

这还用说吗，毒啊

显示全部楼层 · 发表于 2009-8-12 11:58:34

网盘速度好慢，下次最好换个

显示全部楼层 · 发表于 2009-8-12 12:07:25

TO RISING

显示全部楼层 · 发表于 2009-8-12 17:09:24

[ 本帖最后由左手于 2009-8-12 17:11 编辑 ]

显示全部楼层 · 发表于 2009-8-12 17:34:43

NIS09扫描nothing……

显示全部楼层 · 发表于 2009-8-12 18:26:42

费尔报木马

[病毒样本] 帮忙分析下是否病毒？

本帖子中包含更多资源

评分

回复 3楼悠柚的帖子

本帖子中包含更多资源

浏览过的版块

[病毒样本] 帮忙分析下是否病毒？

本帖子中包含更多资源

评分

回复 3楼 悠柚 的帖子

本帖子中包含更多资源

浏览过的版块

回复 3楼悠柚的帖子