md5 检测工具是病毒?

显示全部楼层 · 发表于 2009-8-14 16:40:05

一直用这个小小的md5的对比工具
nod 4.0 报有病毒

请教大家这个到底是不是病毒啊

传到网站上检测结果:

反病毒引擎版本最后更新扫描结果
a-squared 4.5.0.24 2009.08.14 Backdoor.Win32.Hupigon!IK
AhnLab-V3 5.0.0.2 2009.08.13 -
AntiVir 7.9.1.1 2009.08.14 -
Antiy-AVL 2.0.3.7 2009.08.14 -
Authentium 5.1.2.4 2009.08.13 -
Avast 4.8.1335.0 2009.08.14 -
AVG 8.5.0.406 2009.08.13 -
BitDefender 7.2 2009.08.14 -
CAT-QuickHeal 10.00 2009.08.13 Trojan.Agent.IRC
ClamAV 0.94.1 2009.08.13 -
Comodo 1974 2009.08.14 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.08.14 -
eSafe 7.0.17.0 2009.08.13 Win32.Backdoor.Grayb
eTrust-Vet 31.6.6677 2009.08.14 -
F-Prot 4.4.4.56 2009.08.13 -
F-Secure 8.0.14470.0 2009.08.14 -
Fortinet 3.120.0.0 2009.08.14 -
GData 19 2009.08.14 -
Ikarus T3.1.1.64.0 2009.08.14 Backdoor.Win32.Hupigon
Jiangmin 11.0.800 2009.08.14 -
K7AntiVirus 7.10.817 2009.08.12 Backdoor.Win32.Hupigon
Kaspersky 7.0.0.125 2009.08.14 -
McAfee 5708 2009.08.13 BackDoor-AWQ.b
McAfee+Artemis 5708 2009.08.13 BackDoor-AWQ.b
McAfee-GW-Edition 6.8.5 2009.08.14 -
Microsoft 1.4903 2009.08.14 -
NOD32 4333 2009.08.13 probably a variant of Win32/Delf
Norman 6.01.09 2009.08.13 W32/Hupigon.BOKZ
nProtect 2009.1.8.0 2009.08.14 Trojan/W32.Agent.49152.JF
Panda 10.0.0.14 2009.08.13 Bck/Hupigon.AZG
PCTools 4.4.2.0 2009.08.12 -
Prevx 3.0 2009.08.14 High Risk Worm
Rising 21.42.41.00 2009.08.14 -
Sophos 4.44.0 2009.08.14 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.08.13 -
Symantec 1.4.4.12 2009.08.14 Backdoor.Graybird
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.14 -
VBA32 3.12.10.9 2009.08.13 -
ViRobot 2009.8.14.1885 2009.08.14 -
VirusBuster 4.6.5.0 2009.08.13 -
附加信息
File size: 49152 bytes
MD5...: bdb2dc49032711c0c3d346fb05d9ce63
SHA1..: eef8b6895cb38ef00a8cac4139d392f7f0712803
SHA256: 50055f74212d50c03a385032b2e1c3a7cb83e682d03e0fb9cba943f65247f4f9
ssdeep: 384:NZ7ekEHvxT/GfiLmtn/CGFO8djaeS020kCBk8y1Z5VU7UDhmcLYBtQ3sQ:NZ
7enHl/Ga4v+s5b36dUEhmcLZ8Q

PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21fc
timedatestamp.....: 0x3cb60501 (Thu Apr 11 21:49:53 2002)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x58a8 0x6000 6.42 8b59af56117477fd7c7ac00e1a0801c5
.rdata 0x7000 0xa92 0x1000 3.95 8791a5628f6b820c3a8234c9ad3b0ad8
.data 0x8000 0x3f5c 0x3000 0.54 fb2412bc50c3cecf4fd056a6513048a9
.rsrc 0xc000 0xe30 0x1000 3.10 a277671e8d217e2f6db88971bd67f49f

( 4 imports )
> KERNEL32.dll: lstrcmpA, Sleep, lstrlenA, lstrcpynA, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, SetEndOfFile, LoadLibraryA, GetProcAddress, GetOEMCP, GetACP, GetCPInfo, CreateFileA, SetFilePointer, FlushFileBuffers, SetStdHandle, HeapReAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapFree, GetLastError, CloseHandle, ReadFile, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, RtlUnwind, WriteFile, HeapAlloc, VirtualAlloc, GetStringTypeW
> USER32.dll: SetFocus, DialogBoxParamA, SendMessageA, MessageBoxA, LoadIconA, SetDlgItemTextA, GetDlgItem, EndDialog, GetDlgItemTextA, wsprintfA
> comdlg32.dll: GetOpenFileNameA
> SHELL32.dll: DragQueryFileA, DragFinish

( 0 exports )

PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A8BB120500EE0A90C08E00D800C619007F5E77A5' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A8BB120500EE0A90C08E00D800C619007F5E77A5</a>

VirSCAN.org Scanned Report :
Scanned time : 2009/08/14 16:31:18 (CST)
Scanner results: 27%的杀软(10/37)报告发现病毒
File Name    : md5.exe
File Size    : 49152 byte
File Type    : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5          : bdb2dc49032711c0c3d346fb05d9ce63
SHA1          : eef8b6895cb38ef00a8cac4139d392f7f0712803
Online report  : http://virscan.org/report/07e82619f2bd261a0c60e829a0a0a3ae.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    4.5.0.3       20090813160201 2009-08-13  0.35 Backdoor.Win32.Hupigon!IK
安博士V3    2009.08.13.04 2009.08.13       2009-08-13  0.78 -
AntiVir       8.2.1.1       7.1.5.110       2009-08-13  0.51 -
安天          2.0.18       20090814.2703881  2009-08-14  0.12 -
Arcavir       2009          200908131337    2009-08-13  0.05 -
Authentium    5.1.1          200908131840    2009-08-13  1.33 -
AVAST!       4.7.4          090813-0       2009-08-13  0.01 -
AVG          8.5.288       270.13.55/2301 2009-08-14  0.35 -
BitDefender 7.81008.3855089 7.27151          2009-08-14  3.34 -
CA (VET)    9.0.0.143    31.6.6676       2009-08-13  12.76  -
ClamAV       0.95.2       9694             2009-08-14  0.02 -
Comodo       3.10          1974             2009-08-14  0.80 UnclassifiedMalware
CP Secure    1.1.0.715    2009.08.14       2009-08-14  12.36  BackDoor.W32.GrayBird.px
Dr.Web       4.44.0.9170    2009.08.14       2009-08-14  5.48 -
F-Prot       4.4.4.56       20090813       2009-08-13  1.21 -
F-Secure    7.02.73807    2009.08.14.04    2009-08-14  0.18 -
飞塔          2.81-3.120    10.713          2009-08-13  0.28 -
GData       19.7116/19.438  20090814       2009-08-14  5.11 -
ViRobot       20090813       2009.08.13       2009-08-13  0.47 -
Ikarus       T3.1.01.64    2009.08.14.73236  2009-08-14  3.81 Backdoor.Win32.Hupigon
江民杀毒    11.0.800       2009.08.14       2009-08-14  4.60 -
卡巴斯基    5.5.10       2009.08.14       2009-08-14  0.10 -
金山毒霸    2009.2.5.15    2009.8.14.14    2009-08-14  0.50 -
迈克菲       5.3.00       5708             2009-08-13  3.62 BackDoor-AWQ.b
Microsoft    1.4903       2009.08.14       2009-08-14  7.49 -
Norman       6.01.09       6.01.00          2009-08-13  4.01 W32/Hupigon.BOKZ
熊猫卫士    9.05.01       2009.08.13       2009-08-13  4.41 Bck/Hupigon.AZG
趋势科技    8.700-1004    6.364.01       2009-08-13  0.04 -
Quick Heal    10.00          2009.08.13       2009-08-13  3.42 -
瑞星          20.0          21.42.41.00    2009-08-14  3.13 -
Sophos       2.89.1       4.44             2009-08-14  3.01 Mal/Generic-A
Sunbelt       5330          5330             2009-08-13  2.16 -
赛门铁克    1.3.0.24       20090813.022    2009-08-13  0.05 Backdoor.Graybird
nProtect    20090814.01    5009831          2009-08-14  7.16 Trojan/W32.Agent.49152.JF
The Hacker    6.3.4.3       v00383          2009-08-12  0.71 -
VBA32       3.12.10.9    20090813.1326    2009-08-13  2.00 -
VirusBuster 4.5.11.10    10.112.4/1818927  2009-08-13  2.33 -

显示全部楼层 · 发表于 2009-8-14 17:11:15

貌似没啥危险行为，不确定

显示全部楼层 · 发表于 2009-8-14 17:14:36

RIS报病毒....

显示全部楼层 · 发表于 2009-8-14 17:17:33

不会吧

显示全部楼层 · 发表于 2009-8-14 17:18:55

Fortinet 0

显示全部楼层 · 发表于 2009-8-14 17:20:19

只是貌似，我不确定，楼主慎用

显示全部楼层 · 发表于 2009-8-14 17:32:36

要真是病毒, 木马 , 后门之类的那我不是挂了

都已经用过无数回了...

今天才装了个 nod 4.0 才扫出来

显示全部楼层 · 发表于 2009-8-14 17:37:43

?Filename Result
md5.exe FALSE POSITIVE

The file 'md5.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.1.1.184.

显示全部楼层 · 发表于 2009-8-14 17:39:13

那就干掉它，换其他的MD5校验工具，很多的，论坛里就有人发过

显示全部楼层 · 发表于 2009-8-14 17:40:53

这个是假报吗.

版主用的是哪款杀软啊

[病毒样本] md5 检测工具是病毒?

本帖子中包含更多资源

本帖子中包含更多资源

回复 2楼 ll47548205 的帖子

回复 4楼 maxmara2 的帖子

回复 6楼 ll47548205 的帖子

回复 7楼 maxmara2 的帖子

回复 8楼 linjw 的帖子

[病毒样本] md5 检测工具 是病毒?

本帖子中包含更多资源

本帖子中包含更多资源

回复 2楼 ll47548205 的帖子

回复 4楼 maxmara2 的帖子

回复 6楼 ll47548205 的帖子

回复 7楼 maxmara2 的帖子

回复 8楼 linjw 的帖子

[病毒样本] md5 检测工具是病毒?