过主流2 (天天更新) (此帖完,1024楼有新帖子地址)

显示全部楼层 · 发表于 2010-11-21 11:41:43

462 GD清空，似乎都是一个类型的

显示全部楼层 · 发表于 2010-11-21 11:44:41

462L
360kill all 全是QVM11报[:26:]

显示全部楼层 · 发表于 2010-11-21 11:52:08

462L
to eset
http://samples.nod32.com.sg/inde ... 7f602d47ce4a6dc39b9

显示全部楼层 · 发表于 2010-11-21 12:07:00

Reons童鞋

显示全部楼层 · 发表于 2010-11-21 13:11:54

sam.to 发表于 2010-11-21 11:25
1ab7cbd8a1d3dc19e688beb57873ce0d 1STEIN.CodedColor.PhotoStudio.Pro.6.0.0.0.Crack.40063.exe_
e282b7 ...

金山瑞星一律无视

显示全部楼层 · 发表于 2010-11-21 18:12:00

本帖最后由歌歌的人于 2010-11-21 18:17 编辑

462MSE表示安全

显示全部楼层 · 发表于 2010-11-21 18:16:23

好像都是同一个类型
2010-11-21 18:14:32 c:\windows\explorer.exe 创建新进程 d:\program\hasher-v1.6\hasher.exe 允许 [应用程序]* 命令行: "D:\Program\hasher-v1.6\hasher.exe"
2010-11-21 18:14:44 c:\windows\explorer.exe 创建新进程 c:\765735-462\2010-nov-21-1117\1stein.codedcolor.photostudio.pro.6.0.0.0.crack.40063.exe 允许 [应用程序]* 命令行: "C:\765735-462\2010-Nov-21-1117\1STEIN.CodedColor.PhotoStudio.Pro.6.0.0.0.Crack.40063.exe"
2010-11-21 18:14:47 c:\765735-462\2010-nov-21-1117\1stein.codedcolor.photostudio.pro.6.0.0.0.crack.40063.exe 底层键盘操作阻止 [应用程序]*
2010-11-21 18:14:58 c:\windows\explorer.exe 创建新进程 c:\765735-462\2010-nov-21-1117\renault.dialogys...dacia.3.90.keygen.40063.exe 允许 [应用程序]* 命令行: "C:\765735-462\2010-Nov-21-1117\Renault.Dialogys...Dacia.3.90.Keygen.40063.exe"
2010-11-21 18:15:00 c:\765735-462\2010-nov-21-1117\renault.dialogys...dacia.3.90.keygen.40063.exe 底层键盘操作阻止 [应用程序]*

显示全部楼层 · 发表于 2010-11-21 20:10:12

本帖最后由 sam.to 于 2010-11-24 17:48 编辑

24640651c713c8ad46bc67468e57af01  AAcronis.Disk.Director.Suite.11.Build.216.Crack.40063.exe3
0eae9cd6028831f817e494c3fcb7a96e  AAcronis.Disk.Director.Suite.11.Build.216.Keygen.40063.exe3
0d3598ecee35ed9b6053f8104c811cfb  Adrosoft.AD.Sound.Recorder.5.0.1.Crack.40063.exe3
3ba38ed7a481ae4324bf1b3738b92764  Adrosoft.AD.Sound.Recorder.5.0.1.Keygen.40063.exe3
00c62328320cd226d2b3dabbf3e65cb3  Apex.MOV.Converter.7.4.Crack.40063.exe3
4436aca6cf26fd615263e95db206195a  Apex.MOV.Converter.7.4.Keygen.40063.exe3
5e6d66dba5c3f9f1bca4557c086cc25a  Audio.Editor.Gold.8.11.1.137.Crack.40063.exe3
92137e3ecda4011b66febbfab4874d34  Audio.Editor.Gold.8.11.1.137.Keygen.40063.exe3
d90e5bf6778b0e47e01e161b793b2fed  Auslogics.Disk.Defrag.3.1.8.150.Crack.40063.exe3
7e82c74ccf4d870726733ae0b97343d7  Auslogics.Disk.Defrag.3.1.8.150.Keygen.40063.exe3
cb6db16a31858d00b5e97faed0165da8  CD.Duplicate.Master.1.0.0.1187.Crack.40063.exe3
8732c79ca962fd447dbe3370ba5d64ad  CD.Duplicate.Master.1.0.0.1187.Keygen.40063.exe3
df512a6401e73de447ec1d1a39c6a680  Midirunner.123Tag.3.0.1.Crack.40063.exe3
0aa665c1c6959f7317844bf59b010f6b  Midirunner.123Tag.3.0.1.Keygen.40063.exe3
f23a904451edbf7f88c2474df45f3262  Software.Update.Monitor.SUMo.2.3.8.64.Crack.40063.exe3
fc3e070d4ae9f1b931ee2eb0aea17eef  Software.Update.Monitor.SUMo.2.3.8.64.Keygen.40063.exe3
7a682c7e6d313cdfac549ce2ab20bc72  SQLyog.Ultimate.8.5.4.0.Crack.40063.exe3
dd77535d328df4254742803a77059bf7  SQLyog.Ultimate.8.5.4.0.Keygen.40063.exe3
120ae823f23b5b0f30eb3cd4f1b35cba  VSO.Image.Resizer.4.0.0.46.Crack.40063.exe3
de1b9ce1ac69e84902ec2887547f9caf  VSO.Image.Resizer.4.0.0.46.Keygen.40063.exe3
c8ea19deaca7578a039e2becf1f46e17  VSO.Software.ConvertXtoDVD.4.4.0.12.327.Crack.40063.exe3
2ee8de57fdf282a921c01361ffe6f6f6  VSO.Software.ConvertXtoDVD.4.4.0.12.327.Keygen.40063.exe3
fdb62307fc842b8ee6f94d34a57c7437  Xilisoft.DVD.Creator.3.0.33.010.Crack.40063.exe3
5021a537e620d23e6a457438fc67c064  Xilisoft.DVD.Creator.3.0.33.010.Keygen.40063.exe3

to kl,ll,mcafee,avira

File ID	Filename	Size (Byte)	Result
25959209	765735-470.rar	86.84 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25959210	AAcronis.Disk.Di...63.exe3	136 KB	UNDER ANALYSIS
25959211	AAcronis.Disk.Di...63.exe3	136 KB	UNDER ANALYSIS
25959212	Adrosoft.AD.Soun...63.exe3	136 KB	UNDER ANALYSIS
25959213	Adrosoft.AD.Soun...63.exe3	136 KB	UNDER ANALYSIS
25959214	Apex.MOV.Convert...63.exe3	136 KB	UNDER ANALYSIS
25959215	Apex.MOV.Convert...63.exe3	136 KB	UNDER ANALYSIS
25959216	Audio.Editor.Gol...63.exe3	136 KB	UNDER ANALYSIS
25959217	Audio.Editor.Gol...63.exe3	136 KB	UNDER ANALYSIS
25959218	Auslogics.Disk.D...63.exe3	136 KB	UNDER ANALYSIS
25959219	Auslogics.Disk.D...63.exe3	136 KB	UNDER ANALYSIS
25959220	CD.Duplicate.Mas...63.exe3	136 KB	UNDER ANALYSIS
25959221	CD.Duplicate.Mas...63.exe3	136 KB	UNDER ANALYSIS
25959222	Midirunner.123Ta...63.exe3	136 KB	UNDER ANALYSIS
25959223	Midirunner.123Ta...63.exe3	136 KB	UNDER ANALYSIS
25959224	Software.Update....63.exe3	136 KB	UNDER ANALYSIS
25959225	Software.Update....63.exe3	136 KB	UNDER ANALYSIS
25959226	SQLyog.Ultimate....63.exe3	136 KB	UNDER ANALYSIS
25959227	SQLyog.Ultimate....63.exe3	136 KB	UNDER ANALYSIS
25959228	VSO.Image.Resize...63.exe3	136 KB	UNDER ANALYSIS
25959229	VSO.Image.Resize...63.exe3	136 KB	UNDER ANALYSIS
25959230	VSO.Software.Con...63.exe3	136 KB	UNDER ANALYSIS
25959231	VSO.Software.Con...63.exe3	136 KB	UNDER ANALYSIS
25959232	Xilisoft.DVD.Cre...63.exe3	136 KB	UNDER ANALYSIS
25959233	Xilisoft.DVD.Cre...63.exe3	136 KB	UNDER ANALYSIS

Trojan-Downloader.Win32.CodecPack.rum

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

The answer is relevant to the latest bases from update sources.

Please quote all when answering.
-----------------
Regards, Baranov Artiom
Virus Analyst, Kaspersky Lab.

Please find a detailed report concerning each individual sample below:

Filename

Result

AAcronis.Disk.Di...63.exe3

MALWARE

The file 'AAcronis.Disk.Director.Suite.11.Build.216.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Renos.G.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

AAcronis.Disk.Di...63.exe3

MALWARE

The file 'AAcronis.Disk.Director.Suite.11.Build.216.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.1.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Adrosoft.AD.Soun...63.exe3

MALWARE

The file 'Adrosoft.AD.Sound.Recorder.5.0.1.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.2.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Adrosoft.AD.Soun...63.exe3

MALWARE

The file 'Adrosoft.AD.Sound.Recorder.5.0.1.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.3.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Apex.MOV.Convert...63.exe3

MALWARE

The file 'Apex.MOV.Converter.7.4.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.4.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Apex.MOV.Convert...63.exe3

MALWARE

The file 'Apex.MOV.Converter.7.4.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.5.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Audio.Editor.Gol...63.exe3

MALWARE

The file 'Audio.Editor.Gold.8.11.1.137.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.6.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Audio.Editor.Gol...63.exe3

MALWARE

The file 'Audio.Editor.Gold.8.11.1.137.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.7.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Auslogics.Disk.D...63.exe3

MALWARE

The file 'Auslogics.Disk.Defrag.3.1.8.150.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.8.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Auslogics.Disk.D...63.exe3

MALWARE

The file 'Auslogics.Disk.Defrag.3.1.8.150.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.9.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

CD.Duplicate.Mas...63.exe3

MALWARE

The file 'CD.Duplicate.Master.1.0.0.1187.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.10.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

CD.Duplicate.Mas...63.exe3

MALWARE

The file 'CD.Duplicate.Master.1.0.0.1187.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.11.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Midirunner.123Ta...63.exe3

MALWARE

The file 'Midirunner.123Tag.3.0.1.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.12.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Midirunner.123Ta...63.exe3

MALWARE

The file 'Midirunner.123Tag.3.0.1.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.13.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Software.Update....63.exe3

MALWARE

The file 'Software.Update.Monitor.SUMo.2.3.8.64.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.14.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Software.Update....63.exe3

MALWARE

The file 'Software.Update.Monitor.SUMo.2.3.8.64.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.15.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

SQLyog.Ultimate....63.exe3

MALWARE

The file 'SQLyog.Ultimate.8.5.4.0.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.16.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

SQLyog.Ultimate....63.exe3

MALWARE

The file 'SQLyog.Ultimate.8.5.4.0.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.17.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

VSO.Image.Resize...63.exe3

MALWARE

The file 'VSO.Image.Resizer.4.0.0.46.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.18.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

VSO.Image.Resize...63.exe3

MALWARE

The file 'VSO.Image.Resizer.4.0.0.46.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.19.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

VSO.Software.Con...63.exe3

MALWARE

The file 'VSO.Software.ConvertXtoDVD.4.4.0.12.327.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.20.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

VSO.Software.Con...63.exe3

MALWARE

The file 'VSO.Software.ConvertXtoDVD.4.4.0.12.327.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.21.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Xilisoft.DVD.Cre...63.exe3

MALWARE

The file 'Xilisoft.DVD.Creator.3.0.33.010.Crack.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.22.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

Filename

Result

Xilisoft.DVD.Cre...63.exe3

MALWARE

The file 'Xilisoft.DVD.Creator.3.0.33.010.Keygen.40063.exe3' has been determined to be 'MALWARE'.
Our analysts named the threat TR/Dldr.CodecPack.rum.23.The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2010-11-21 23:35:36

MSE、FS、EAV全miss

金山卫士全灭，这个是不是太bug了……多引擎的悲剧？~

显示全部楼层 · 发表于 2010-11-22 05:16:13

[病毒样本] 过主流2 (天天更新) (此帖完,1024楼有新帖子地址)

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源