咖啡的启发有报壳嫌疑

显示全部楼层 · 发表于 2007-4-20 23:41:18

[ file data ]
* name: 1.rar
* size: 279537
* md5.: 3c8ff1b3403f53678d38df025d1c2b0d
* sha1: 11987f3ba88d4fa5c31e79efa43215e59784fb56

[ scan result ]
AhnLab-V3 2007.4.21.0/20070420 found nothing
AntiVir 7.3.1.53/20070420 found [TR/Crypt.NSAnti.Gen]
Authentium 4.93.8/20070420 found [Possibly a new variant of W32/PWStealer1!Generic]
Avast 4.7.981.0/20070420 found [Win32:MianCrypt-gen]
AVG 7.5.0.464/20070419 found nothing
BitDefender 7.2/20070420 found nothing
CAT-QuickHeal 9.00/20070419 found [(Suspicious) - DNAScan]
ClamAV devel-20070416/20070420 found nothing
DrWeb 4.33/20070420 found nothing
eSafe 7.0.15.0/20070419 found [suspicious Trojan/Worm]
eTrust-Vet 30.7.3581/20070420 found nothing
Ewido 4.0/20070420 found nothing
F-Prot 4.3.2.48/20070418 found [W32/PWStealer1!Generic]
F-Secure 6.70.13030.0/20070420 found [W32/Hupigon.gen8]
FileAdvisor 1/20070420 found nothing
Fortinet 2.85.0.0/20070420 found [suspicious]
Ikarus T3.1.1.5/20070420 found [Backdoor.Win32.Hupigon.RS]
Kaspersky 4.0.2.24/20070420 found nothing
McAfee 5013/20070419 found [New Malware.w]
Microsoft 1.2405/20070420 found [VirTool:Win32/Obfuscator.A]
NOD32v2 2207/20070420 found nothing
Norman 5.80.02/20070420 found nothing
Panda 9.0.0.4/20070419 found [Suspicious file]
Prevx1 V2/20070420 found nothing
Sophos 4.16.0/20070420 found [Mal/Packer]
Sunbelt 2.2.907.0/20070419 found nothing
Symantec 10/20070420 found [Bloodhound.NsAnti]
TheHacker 6.1.6.095/20070415 found nothing
VBA32 3.11.4/20070420 found nothing
VirusBuster 4.3.7:9/20070419 found [Packed/NSPM]
Webwasher-Gateway 6.0.1/20070420 found [Trojan.Crypt.NSAnti.Gen]

[ notes ]
packers: NSANTI, NSANTI, UPX

显示全部楼层 · 发表于 2007-4-20 23:43:18

费尔的启发也报了啊

显示全部楼层 · 发表于 2007-4-20 23:43:59

凡是报的统统都是报壳。。。。自己运行看看是什么东西。。。

显示全部楼层 · 发表于 2007-4-20 23:46:03

name: update.rar
* size: 121586
* md5.: c1785de20db60c2b930324a993359523
* sha1: 75716414d0301c76de46f3e975d234b770fe2cae

[ scan result ]
AhnLab-V3    2007.4.21.0/20070420 found nothing
AntiVir 7.3.1.53/20070420    found nothing

Authentium    4.93.8/20070420 found nothing

Avast 4.7.981.0/20070420    found nothing

AVG    7.5.0.464/20070419    found nothing
BitDefender    7.2/20070420 found nothing
CAT-QuickHeal 9.00/20070419 found nothing

ClamAV  devel-20070416/20070420 found nothing

DrWeb 4.33/20070420 found nothing

eSafe 7.0.15.0/20070419    found [suspicious Trojan/Worm]

eTrust-Vet    30.7.3581/20070420    found nothing

Ewido 4.0/20070420 found nothing

F-Prot  4.3.2.48/20070418    found nothing
F-Secure       6.70.13030.0/20070420 found nothing

FileAdvisor    1/20070420    found nothing

Fortinet       2.85.0.0/20070420    found [suspicious]
Ikarus  T3.1.1.5/20070420    found nothing
Kaspersky    4.0.2.24/20070420    found nothing
McAfee  5013/20070419 found nothing
Microsoft    1.2405/20070420 found nothing
NOD32v2 2207/20070420 found nothing

Norman  5.80.02/20070420       found nothing
Panda 9.0.0.4/20070419       found nothing

Prevx1  V2/20070420    found nothing
Sophos  4.16.0/20070420 found nothing
Sunbelt 2.2.907.0/20070419    found nothing
Symantec       10/20070420    found nothing
TheHacker    6.1.6.095/20070415    found nothing

VBA32 3.11.4/20070420 found nothing

VirusBuster    4.3.7:9/20070419       found nothing

Webwasher-Gateway    6.0.1/20070420  found nothing

[ notes ]
packers: UPX
packers: UPX
packers: UPX

显示全部楼层 · 发表于 2007-4-20 23:49:21

显示全部楼层 · 发表于 2007-4-20 23:49:58

我测试了没报。见图1
1楼的肯定是把这个选择上了，这个没必要勾上。
勾上这个，只要是加壳的东西，就会报“带壳程序”或者报“启发”
当然不勾上“探测未知壳”有时候也会报真正的启发

显示全部楼层 · 发表于 2007-4-20 23:50:04

对咖啡也比较失望。。。。。

显示全部楼层 · 发表于 2007-4-20 23:51:35

表面是启发式,实际上在报壳,似乎真有这问题
记得曾在霏凡样本区激烈讨论过
咖啡的现状是强监控+强防护+破库+烂引擎+对区域流行病毒呆头呆脑的反应速度
使用咖啡两年多，现在失望之感越来越强烈。

[ 本帖最后由 ouran 于 2007-4-20 23:58 编辑 ]

显示全部楼层 · 发表于 2007-4-20 23:52:49

crsky。。。。。。啥时候开放去注册下看看。。。现在用启发式报壳的杀软还真多。。。。真的无语了。。。启发式就被当作是报壳的工具了。。。

显示全部楼层 · 发表于 2007-4-20 23:54:27

整天都是壳壳壳

[病毒样本] 咖啡的启发有报壳嫌疑

本帖子中包含更多资源

这是原文件

本帖子中包含更多资源

本帖子中包含更多资源

回复 #8 ouran 的帖子