大量伪快播(Qvod.exe,click.exe,duogua.exe),天天更新 (637 楼有新)

jayavira

回复 540楼 sam.to  的帖子

to eset

http://samples.eset.com.cn/index ... a8839761b68fda4ea97
   

hj5abc

#540
FS清空
Trojan-Downloader:W32/Netins.A

jason_jiang

540
18x启发，to xandora(panda)

sam.to

00a5f369933c920b548428b9f3b48cc4  Qvodplayer.exe1
0f0cb793d5e2d8e4d24af6009ebca0c6  Qvodplayer.e9xe
17326f1284e5b76fc5df6f9b9455dbaa  Qvodplayer.e&xe
1847ff90b7dffa5f3a1e75b002d8a4b1  Qvodplayer.e1xe
2e52c42d0db2395baae8f7dd5bbe6431  Qvodplayer.exe4
4d5ce6ba0246acd4e720e614ee2ad08a  Qvodplayer.e$xe
5c3bce7019ed5b1e30ee7263cc853366  Qvodplayer.ex8e
61a00ad68fa8d0ff4b9ec452e6c8437d  Qvodplayer.exe0
63b8757e66d3652d8abd317e65cc8e0f  Qvodplayer.e0xe
669d9cb13bca906b516ff97bac3f8af6  click.exe3
9851c49a701230ec38af590a455dce07  duogua.e5xe
b6e80a6c1c59e22d1fc86193c3d4cf82  click.ex#e
bc0dc9394c300e56ab5b4b08afe39f45  Qvodplayer.e3xe
c02e45316cf8b2f9a242d0d818bc21c5  Qvodplayer.ex!e
c4812e0f0c73afcfe9702339b4b7ec25  Qvodplayer.e%xe
d64d0b489e3eafcf14cb2dc46a08d12b  Qvodplayer.e^xe
ed01d980ccc4f4cfd8d7c0a61f9eb5ea  click.e9xe
fba2831e1cf0d33bca0b13dcbc3ea11a  Qvodplayer.exe2

to kl,ll,comodo





Hello,

click.e9xe, click.ex#e, click.exe_ - Trojan-Downloader.Win32.Agent.eged,
duogua.e5xe - Trojan-Downloader.Win32.Agent.egee,
Qvodplayer.e$xe, Qvodplayer.e%xe, Qvodplayer.e&xe, Qvodplayer.e0xe, Qvodplayer.e1xe, Qvodplayer.e3xe, Qvodplayer.e9xe, Qvodplayer.ex!e, Qvodplayer.ex8e, Qvodplayer.exe1, Qvodplayer.exe2, Qvodplayer.exe4, Qvodplayer.exe_, Qvodplayer.e^xe - Trojan-Downloader.Win32.Agent.egeb

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

--
Best regards, Alexander Antukh
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

ssama

669964-540
669964-544
avast! 清空

jayavira

回复 544楼 sam.to  的帖子

to eset

http://samples.nod32.com.sg/inde ... e0aa560d43cf03f67e1
   

hj5abc

#544
FS
Trojan-Downloader:W32/Netins.A 清空

jason_jiang

544
14x启发，to xandora(panda)

sam.to

188b2322b464ede2533756108f09bf5b  duogua.ex3e
c7e960a707d4672d6084a89c14bbcc6a  Qvodplayer.e8xe
7e58da04a2e90830f7fbb025a7cc96b2  Qvodplayer.ex$e
34bbb842e164c4f7bb52b6aa43da3999  Qvodplayer.exe1
aeabeabab89940ed2402d9a1a8d58a6b  Qvodplayer.exe3
f89165349fb621a1a71d33fa00ee11d8  Qvodplayer.exe^

to kl,ll,comodo,mcafee,avira



Please find a detailed report concerning each individual sample below:

Filename

Result

Qvodplayer.e8xe

MALWARE

The file 'Qvodplayer.e8xe' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.Adload.ahg.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.10.10.68.

Filename

Result

Qvodplayer.ex$e

MALWARE

The file 'Qvodplayer.ex$e' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.Adload.ahg.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.10.10.68.

Filename

Result

duogua.ex3e

MALWARE

The file 'duogua.ex3e' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.Agent.QK.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.10.10.77.

Filename

Result

Qvodplayer.exe^

MALWARE

The file 'Qvodplayer.exe^' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.Adload.ahg.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.10.10.68.

Filename

Result

Qvodplayer.exe1

MALWARE

The file 'Qvodplayer.exe1' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.Adload.ahg.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.10.10.68.

Filename

Result

Qvodplayer.exe3

MALWARE

The file 'Qvodplayer.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.Adload.ahg.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.10.10.68.

蝉鸣时

549

ESET NOD32 detected 1×, missed 5×.
duogua.ex3e - Win32/TrojanDownloader.Adload.NGU 特洛伊木马
To ESET.