收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 [TEST系列之二]小测vba32
返回列表 发新帖
查看: 2436|回复: 7
收起左侧

[TEST系列之二]小测vba32

[复制链接]
The EQs
发表于 2007-3-12 02:27:17 | 显示全部楼层 |阅读模式
AntiVir7.3.1.4103.11.2007 [td]no virus found
Authentium4.93.803.09.2007 [td]no virus found
Avast4.7.936.003.09.2007 [td]no virus found
AVG7.5.0.44703.11.2007 [td]no virus found
BitDefender7.203.11.2007 [td]no virus found
CAT-QuickHeal9.0003.10.2007 [td]no virus found
ClamAVdevel-2006042603.11.2007 [td]no virus found
DrWeb4.3303.11.2007 [td]no virus found
eSafe7.0.14.003.11.2007 [td]no virus found
eTrust-Vet30.6.346903.10.2007 [td]no virus found
Ewido4.003.11.2007 [td]no virus found
FileAdvisor103.11.2007 [td]no virus found
Fortinet2.85.0.003.11.2007 [td]no virus found
F-Prot4.3.1.4503.09.2007 [td]no virus found
F-Secure6.70.13030.003.11.2007 [td]no virus found
IkarusT3.1.1.303.11.2007 [td]no virus found
Kaspersky4.0.2.2403.11.2007 [td]no virus found
McAfee498103.09.2007 [td]no virus found
Microsoft1.230603.11.2007 [td]no virus found
NOD32v2210703.11.2007 [td]no virus found
Norman5.80.0203.10.2007 [td]no virus found
Panda9.0.0.403.10.2007 [td]no virus found
Prevx1V203.11.2007 [td]no virus found
Sophos4.15.003.10.2007 [td]no virus found
Sunbelt2.2.907.003.10.2007 [td]no virus found
Symantec1003.11.2007 [td]no virus found
TheHacker6.1.6.07303.09.2007 [td]no virus found
UNA1.8303.11.2007 [td]no virus found
VBA323.11.203.10.2007 [td]no virus found
VirusBuster4.3.19:903.10.2007 [td]no virus found
Aditional Information
File size: 219401 bytes
MD5: 92391f813317478e03b743776ee71ee7
SHA1: dd7708e6280672cddbdfb2193fc71c4f7b09ab41
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



> Go to: Home Contactar En Español www.virustotal.com :: ©Hispasec Sistemas 2004-07:: e-mail info



[ 本帖最后由 EQ2 于 2007-3-12 03:01 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

The EQs
 楼主| 发表于 2007-3-12 02:33:38 | 显示全部楼层

接下来是被加了一层北斗

AntiVir7.3.1.4103.11.2007 [td]no virus found
Authentium4.93.803.09.2007Possibly a new variant of W32/PWStealer.gen1
Avast4.7.936.003.11.2007 [td]no virus found
AVG7.5.0.44703.11.2007 [td]no virus found
BitDefender7.203.11.2007 [td]no virus found
CAT-QuickHeal9.0003.10.2007(Suspicious) - DNAScan
ClamAVdevel-2006042603.11.2007 [td]no virus found
DrWeb4.3303.11.2007 [td]no virus found
eSafe7.0.14.003.11.2007suspicious Trojan/Worm
eTrust-Vet30.6.346903.10.2007 [td]no virus found
Ewido4.003.11.2007 [td]no virus found
FileAdvisor103.11.2007 [td]no virus found
Fortinet2.85.0.003.11.2007suspicious
F-Prot4.3.1.4503.09.2007W32/PWStealer.gen1
F-Secure6.70.13030.003.11.2007 [td]no virus found
IkarusT3.1.1.303.11.2007Backdoor.Win32.Hupigon.BV
Kaspersky4.0.2.2403.11.2007 [td]no virus found
McAfee498103.09.2007New Malware.u
Microsoft1.230603.11.2007 [td]no virus found
NOD32v2210703.11.2007 [td]no virus found
Norman5.80.0203.10.2007 [td]no virus found
Panda9.0.0.403.10.2007 [td]no virus found
Prevx1V203.11.2007 [td]no virus found
Sophos4.15.003.10.2007 [td]no virus found
Sunbelt2.2.907.003.10.2007 [td]no virus found
Symantec1003.11.2007 [td]no virus found
TheHacker6.1.6.07303.09.2007 [td]no virus found
UNA1.8303.11.2007 [td]no virus found
VBA323.11.203.10.2007 [td]no virus found
VirusBuster4.3.19:903.10.2007Packed/NSPack

Aditional Information
File size: 206756 bytes
MD5: a8de2b38732adaf67635c1493a7738b9
SHA1: 9cf74d9563d87aeba9520114f4f489ce2e63b07b
packers: NSPACK


[ 本帖最后由 EQ2 于 2007-3-12 02:43 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

The EQs
 楼主| 发表于 2007-3-12 02:51:13 | 显示全部楼层

下面继续加一次北斗+ASPACK

现在antivir也加入到报壳的行列中
AntiVir7.3.1.4103.11.2007TR/Crypt.NSPM.Gen
Authentium4.93.803.09.2007Possibly a new variant of W32/Threat-HLLAN-based!Maximus
Avast4.7.936.003.11.2007 [td]no virus found
AVG7.5.0.44703.11.2007 [td]no virus found
BitDefender7.203.11.2007 [td]no virus found
CAT-QuickHeal9.0003.10.2007 [td]no virus found
ClamAVdevel-2006042603.11.2007 [td]no virus found
DrWeb4.3303.11.2007 [td]no virus found
eSafe7.0.14.003.11.2007suspicious Trojan/Worm
eTrust-Vet30.6.346903.10.2007 [td]no virus found
Ewido4.003.11.2007 [td]no virus found
FileAdvisor103.11.2007 [td]no virus found
Fortinet2.85.0.003.11.2007suspicious
F-Prot4.3.1.4503.09.2007W32/Threat-HLLAN-based!Maximus
F-Secure6.70.13030.003.11.2007 [td]no virus found
IkarusT3.1.1.303.11.2007 [td]no virus found
Kaspersky4.0.2.2403.11.2007 [td]no virus found
McAfee498103.09.2007 [td]no virus found
Microsoft1.230603.11.2007 [td]no virus found
NOD32v2210703.11.2007 [td]no virus found
Norman5.80.0203.10.2007 [td]no virus found
Panda9.0.0.403.10.2007 [td]no virus found
Prevx1V203.11.2007 [td]no virus found
Sophos4.15.003.10.2007 [td]no virus found
Sunbelt2.2.907.003.10.2007 [td]no virus found
Symantec1003.11.2007 [td]no virus found
TheHacker6.1.6.07303.09.2007 [td]no virus found
UNA1.8303.11.2007 [td]no virus found
VBA323.11.203.10.2007 [td]no virus found
VirusBuster4.3.19:903.10.2007 [td]no virus found

Aditional Information
File size: 231210 bytes
MD5: 8f8f606feaf8633660ceed705ea49ec6
SHA1: 96b51b919ca97db1d8d4f823ea739d8794513e9f

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

The EQs
 楼主| 发表于 2007-3-12 02:52:11 | 显示全部楼层

最后加一次很多杀软都不认的仙剑

先来一个估计吧。。。vba32会认为是鸽子的。。。貌似测试过N次都认鸽子,不管是正常还是病毒。。。。

到了上一步,因为文件无法运行。。so无法加仙剑,我用最初的正常文件加了一次仙剑,然后再往上加别的壳

AntiVir7.3.1.4103.11.2007 [td]no virus found
Authentium4.93.803.09.2007 [td]no virus found
Avast4.7.936.003.11.2007 [td]no virus found
AVG7.5.0.44703.11.2007 [td]no virus found
BitDefender7.203.11.2007 [td]no virus found
CAT-QuickHeal9.0003.10.2007(Suspicious) - DNAScan
ClamAVdevel-2006042603.11.2007 [td]no virus found
DrWeb4.3303.11.2007 [td]no virus found
eSafe7.0.14.003.11.2007 [td]no virus found
eTrust-Vet30.6.346903.10.2007 [td]no virus found
Ewido4.003.11.2007 [td]no virus found
FileAdvisor103.11.2007 [td]no virus found
Fortinet2.85.0.003.11.2007suspicious
F-Prot4.3.1.4503.09.2007 [td]no virus found
F-Secure6.70.13030.003.11.2007 [td]no virus found
IkarusT3.1.1.303.11.2007 [td]no virus found
Kaspersky4.0.2.2403.11.2007 [td]no virus found
McAfee498103.09.2007 [td]no virus found
Microsoft1.230603.11.2007 [td]no virus found
NOD32v2210703.11.2007 [td]no virus found
Norman5.80.0203.10.2007 [td]no virus found
Panda9.0.0.403.10.2007 [td]no virus found
Prevx1V203.11.2007 [td]no virus found
Sophos4.15.003.10.2007 [td]no virus found
Sunbelt2.2.907.003.10.2007VIPRE.Suspicious
Symantec1003.11.2007 [td]no virus found
TheHacker6.1.6.07303.09.2007 [td]no virus found
UNA1.8303.11.2007 [td]no virus found
VBA323.11.203.10.2007suspected of Backdoor.Hupigon.51 (paranoid heuristics)
VirusBuster4.3.19:903.11.2007 [td]no virus found

Aditional Information
File size: 495339 bytes
MD5: e20ee014470e74eb9f971662f2c520d6
SHA1: f76cd67ce2c7b91ff95219e738d7e5863f416126
packers: YODA
packers: ExeStealth
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

果然和预料中的完全一样,看来vba32是不认仙剑的壳,见到仙剑的壳就杀。。。实在够狠

[ 本帖最后由 EQ2 于 2007-3-12 03:03 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

jlennon
头像被屏蔽
发表于 2007-3-12 02:59:12 | 显示全部楼层
+8+8
回复

举报

The EQs
 楼主| 发表于 2007-3-12 03:06:15 | 显示全部楼层

在原始文件+仙剑壳的基础上,继续加了铁甲+北斗

AntiVir7.3.1.4103.11.2007HEUR/Crypted
Authentium4.93.803.09.2007 [td]no virus found
Avast4.7.936.003.11.2007 [td]no virus found
AVG7.5.0.44703.11.2007 [td]no virus found
BitDefender7.203.11.2007 [td]no virus found
CAT-QuickHeal9.0003.10.2007(Suspicious) - DNAScan
ClamAVdevel-2006042603.11.2007 [td]no virus found
DrWeb4.3303.11.2007 [td]no virus found
eSafe7.0.14.003.11.2007suspicious Trojan/Worm
eTrust-Vet30.6.346903.10.2007 [td]no virus found
Ewido4.003.11.2007 [td]no virus found
FileAdvisor103.11.2007 [td]no virus found
Fortinet2.85.0.003.11.2007suspicious
F-Prot4.3.1.4503.09.2007 [td]no virus found
F-Secure6.70.13030.003.11.2007 [td]no virus found
IkarusT3.1.1.303.11.2007Backdoor.Win32.Hupigon.BV
Kaspersky4.0.2.2403.11.2007 [td]no virus found
McAfee498103.09.2007 [td]no virus found
Microsoft1.230603.11.2007 [td]no virus found
NOD32v2210703.11.2007 [td]no virus found
Norman5.80.0203.10.2007 [td]no virus found
Panda9.0.0.403.10.2007Suspicious file
Prevx1V203.11.2007 [td]no virus found
Sophos4.15.003.10.2007 [td]no virus found
Sunbelt2.2.907.003.10.2007VIPRE.Suspicious
Symantec1003.11.2007 [td]no virus found
TheHacker6.1.6.07303.09.2007 [td]no virus found
UNA1.8303.11.2007 [td]no virus found
VBA323.11.203.10.2007 [td]no virus found
VirusBuster4.3.19:903.11.2007 [td]no virus found
Aditional Information
File size: 388623 bytes
MD5: 88e49ee099c92d55c0fd2caa091266a0
SHA1: dfb72ee4e8487976640bed31beabd51c3b5ed576
packers: Dot_sxdata
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


[ 本帖最后由 EQ2 于 2007-3-12 03:13 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

The EQs
 楼主| 发表于 2007-3-12 03:39:22 | 显示全部楼层

最后用ASPACK压缩了一下

AntiVir7.3.1.4103.11.2007HEUR/Crypted
Authentium4.93.803.09.2007Possibly a new variant of W32/Threat-HLLAN-based!Maximus
Avast4.7.936.003.11.2007 [td]no virus found
AVG7.5.0.44703.11.2007 [td]no virus found
BitDefender7.203.11.2007 [td]no virus found
CAT-QuickHeal9.0003.10.2007 [td]no virus found
ClamAVdevel-2006042603.11.2007 [td]no virus found
DrWeb4.3303.11.2007 [td]no virus found
eSafe7.0.14.003.11.2007suspicious Trojan/Worm
eTrust-Vet30.6.346903.10.2007 [td]no virus found
Ewido4.003.11.2007 [td]no virus found
FileAdvisor103.11.2007 [td]no virus found
Fortinet2.85.0.003.11.2007suspicious
F-Prot4.3.1.4503.09.2007W32/Threat-HLLAN-based!Maximus
F-Secure6.70.13030.003.11.2007 [td]no virus found
IkarusT3.1.1.303.11.2007Backdoor.Win32.Hupigon.BV
Kaspersky4.0.2.2403.11.2007 [td]no virus found
McAfee498103.09.2007 [td]no virus found
Microsoft1.230603.11.2007 [td]no virus found
NOD32v2210703.11.2007 [td]no virus found
Norman5.80.0203.10.2007 [td]no virus found
Panda9.0.0.403.10.2007Suspicious file
Prevx1V203.11.2007 [td]no virus found
Sophos4.15.003.10.2007 [td]no virus found
Sunbelt2.2.907.003.10.2007 [td]no virus found
Symantec1003.11.2007 [td]no virus found
TheHacker6.1.6.07303.09.2007 [td]no virus found
UNA1.8303.11.2007 [td]no virus found
VBA323.11.203.10.2007 [td]no virus found
VirusBuster4.3.19:903.11.2007 [td]no virus found
Aditional Information
File size: 379888 bytes
MD5: 2cbe02d36f3f86d1cbdea270a0abb00b
SHA1: 4b3ce4ede3f691416126a047e79ef7f2ea0fc8af
packers: ASPACK

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

hsjj2005
发表于 2007-3-12 11:06:09 | 显示全部楼层
卡巴目前时间未报
费尔右键扫描未报
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-4-30 11:49 , Processed in 0.126107 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表