qd.exe及db1.exe (此帖已完,1394楼有新帖子的地址)

显示全部楼层 · 发表于 2010-9-7 12:34:30

320 to xandora(panda)

显示全部楼层 · 发表于 2010-9-7 13:10:12

320 submit to trendlabs

显示全部楼层 · 发表于 2010-9-7 14:04:47

回复 320楼 sam.to 的帖子
ess 清空

显示全部楼层 · 发表于 2010-9-7 17:24:56

本帖最后由 sam.to 于 2010.9.7 20:25 编辑

13ad8c7a7318b3f28f409feb34408f69 db1.ex2e
340060634c6f583678fb2d0cc6c333ef qd.ex2e

to kl,ll,mcafee,comodo,avira

File ID	Filename	Size (Byte)	Result
25876745	750089-324.rar	358.15 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25876746	db1.ex2e	368 KB	UNDER ANALYSIS
25876747	qd.ex2e	412 KB	UNDER ANALYSIS

db1.ex2e - Trojan-Dropper.Win32.Agent.cytp
qd.ex2e - Trojan-Dropper.Win32.Agent.cytq

Please find a detailed report concerning each individual sample below:

Filename

Result

db1.ex2e

MALWARE

The file 'db1.ex2e' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/WSearch.A.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

qd.ex2e

MALWARE

The file 'qd.ex2e' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/WSearch.AA.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2010-9-7 18:18:10

submit to trendlabs

显示全部楼层 · 发表于 2010-9-7 18:27:23

324
金山毒霸云清空

显示全部楼层 · 发表于 2010-9-8 07:00:14

回复 324楼 sam.to 的帖子
ess 清空

显示全部楼层 · 发表于 2010-9-8 12:27:37

本帖最后由 sam.to 于 2010.9.8 18:26 编辑

096c4cdf9c039b8f915d681d3a4724a1 qd.e1xe
1ebeb45591f36c5508c6c3c0fd5c8310 db1.ex1e

to kl,ll,mcafee,comodo,avira

File ID	Filename	Size (Byte)	Result
25877752	750089-328.rar	356.92 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25877753	qd.e1xe	408 KB	UNDER ANALYSIS
25877754	db1.ex1e	368 KB	UNDER ANALYSIS

db1.ex1e - Trojan-Dropper.Win32.Agent.cyxb,
qd.e1xe - Trojan-Dropper.Win32.Agent.cyxc

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

The answer is relevant to the latest bases from update sources.

Please quote all when answering.
-----------------
Regards, Baranov Artiom
Virus Analyst, Kaspersky Lab.

Please find a detailed report concerning each individual sample below:

Filename

Result

qd.e1xe

MALWARE

The file 'qd.e1xe' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/Wsearch.A.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.

Filename

Result

db1.ex1e

MALWARE

The file 'db1.ex1e' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/Wsearch.A.The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or byusing of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.

显示全部楼层 · 发表于 2010-9-8 12:50:25

显示全部楼层 · 发表于 2010-9-8 14:12:34

回复 328楼 sam.to 的帖子
ess 清空

[病毒样本] qd.exe及db1.exe (此帖已完,1394楼有新帖子的地址)