[衍生物系列之2] 样本+15个衍生物快来试试你的杀软吧

显示全部楼层 · 发表于 2007-4-26 16:38:59

拿了个样本..用沙盘和EQ结合..把所有衍生物提出来贡献给大家
运行样本后有15个衍生物(1个EXE, 6个CAB, 2个SYS, 6个DLL).........
样本木马本身会连接网络.还会调用系统进程rundll32.exe来联网..没防火墙的最好别试..万一号没了就不好了

目前对样本的查杀情况:

Antivirus	Version	Update	Result
AhnLab-V3	2007.4.26.0	04.26.2007 [td]no virus found
AntiVir	7.4.0.15	04.26.2007	TR/Dldr.Barbs.A.7
Authentium	4.93.8	04.26.2007	W32/Dropper.EBA
Avast	4.7.981.0	04.25.2007	Win32:Singu-N
AVG	7.5.0.464	04.25.2007	Dropper.Agent.DIU
BitDefender	7.2	04.26.2007	Trojan.Downloader.Barbs.A
CAT-QuickHeal	9.00	04.25.2007	(Suspicious) - DNAScan
ClamAV	devel-20070416	04.26.2007 [td]no virus found
DrWeb	4.33	04.26.2007	Trojan.MulDrop.6129
eSafe	7.0.15.0	04.25.2007	Suspicious Trojan/Worm
eTrust-Vet	30.7.3597	04.26.2007 [td]no virus found
Ewido	4.0	04.25.2007 [td]no virus found
FileAdvisor	1	04.26.2007 [td]no virus found
Fortinet	2.85.0.0	04.26.2007	W32/Agent.BEW!tr
F-Prot	4.3.2.48	04.25.2007	W32/Dropper.EBA
F-Secure	6.70.13030.0	04.26.2007	Trojan-Dropper.Win32.Agent.bew
Ikarus	T3.1.1.5	04.26.2007	Trojan-Spy.Win32.Banker.to
Kaspersky	4.0.2.24	04.26.2007	Trojan-Dropper.Win32.Agent.bew
McAfee	5017	04.25.2007	Generic Downloader.d
Microsoft	1.2405	04.26.2007 [td]no virus found
NOD32v2	2219	04.25.2007 [td]no virus found
Norman	5.80.02	04.25.2007 [td]no virus found
Panda	9.0.0.4	04.25.2007	Suspicious file
Prevx1	V2	04.26.2007 [td]no virus found
Sophos	4.16.0	04.23.2007 [td]no virus found
Sunbelt	2.2.907.0	04.19.2007	VIPRE.Suspicious
Symantec	10	04.26.2007 [td]no virus found
TheHacker	6.1.6.095	04.15.2007	Trojan/Dropper.Agent.bew
VBA32	3.11.4	04.26.2007	Trojan.Popwin
VirusBuster	4.3.7:9	04.25.2007	Trojan.DR.Agent.TJR
Webwasher-Gateway	6.0.1	04.26.2007	Trojan.Dldr.Barbs.A.7

目前对15个衍生物的查杀情况:

红伞杀14个..还差一个..成绩不错哦..

AVK2006(前几天的毒库)杀13个,,其中BD的成绩不太理想,只发现4个

显示全部楼层 · 发表于 2007-4-26 16:40:24

NOD32v2 2219 04.25.2007 [td]no virus found

显示全部楼层 · 发表于 2007-4-26 16:41:54

另我失望的是NOD32还是没杀样本..其他主流的杀软都杀了[:27:]

我想知道卡巴7对15个衍生物的查杀情况

显示全部楼层 · 发表于 2007-4-26 16:42:56

Scan performed at: 2007-4-26 16:43:01
Scanning Log
NOD32 version 2219 (20070425) NT
Command line: C:\Documents and Settings\EQ2\桌面\衍生物
Operating memory - is OK

Date: 26.4.2007 Time: 16:43:06
Anti-Stealth technology is enabled.
Scanned disks, folders and files: C:\Documents and Settings\EQ2\桌面\衍生物\
C:\Documents and Settings\EQ2\桌面\衍生物\bvapty94.sys - probably unknown NewHeur_PE virus [7]
C:\Documents and Settings\EQ2\桌面\衍生物\tmpE.CAB ?CAB ?autolive.sys - probably unknown NewHeur_PE virus [7]
Number of scanned files: 16
Number of threats found: 2
Number of files cleaned: 2
Time of completion: 16:43:08 Total scanning time: 2 sec (00:00:02)

Notes:
[7] File is probably infected with an unknown virus.

显示全部楼层 · 发表于 2007-4-26 16:44:34

看来NOD32对衍生物也不行

显示全部楼层 · 发表于 2007-4-26 16:46:08

上报去了。。。。。

显示全部楼层 · 发表于 2007-4-26 16:46:27

谁去运行下看看。。。反正自己不会运行了。。

显示全部楼层 · 发表于 2007-4-26 16:46:40

Begin scan in 'C:\Documents and Settings\zxb\桌面\木马样本.rar'
C:\Documents and Settings\zxb\桌面\木马样本.rar
  [0] Archive type: RAR
  --> up1.exe
   [DETECTION] Is the Trojan horse TR/Dldr.Barbs.A.7
   [INFO]    The file was deleted!
Begin scan in 'C:\Documents and Settings\zxb\桌面\衍生物.rar'
C:\Documents and Settings\zxb\桌面\衍生物.rar
  [0] Archive type: RAR
  --> bvapty94.sys
   [DETECTION] Is the Trojan horse TR/Everda
--> tmp8.CAB
   [1] Archive type: CAB (Microsoft)
   --> b.sys
      [DETECTION] Is the Trojan horse TR/Everda.16000.1
  --> dtrctf46.sys
   [DETECTION] Is the Trojan horse TR/Everda.16000.1
--> tmpE.CAB
   [1] Archive type: CAB (Microsoft)
   --> autolive.sys
      [DETECTION] Is the Trojan horse TR/Everda
   [INFO]    The file was deleted!

显示全部楼层 · 发表于 2007-4-26 16:46:44

卡7 11个

显示全部楼层 · 发表于 2007-4-26 16:48:36

已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.w 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\20322.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.k 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\bvapty94.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.w 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\dtrctf46.dll//UPX
已删除: 木马程序 Trojan.Win32.Agent.abe 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\dtrctf46.sys
已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.c 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\MyFavor.dll//NSPack
已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.w 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\tmp6.cab/winB.dll//UPX
已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.w 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\tmp7.CAB/staB.dll//UPX
已删除: 木马程序 Trojan.Win32.Agent.abe 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\tmp8.CAB/b.sys
已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.c 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\tmpA.CAB/scintruder.dll//NSPack
已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.k 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\tmpC.cab/autolive.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.NewWeb.w 文件: C:\Documents and Settings\7sumetai\桌面\VirusUp\衍生物\winctf46.dll//UPX

卡巴7的启发式对于dll是无效的

[衍生物系列之2] 样本+15个衍生物快来试试你的杀软吧

本帖子中包含更多资源

两个启发式。。。。。

回复 #4 EQ2 的帖子

浏览过的版块

[衍生物系列之2] 样本+15个衍生物 快来试试你的杀软吧

本帖子中包含更多资源

两个启发式。。。。。

回复 #4 EQ2 的帖子

浏览过的版块

[衍生物系列之2] 样本+15个衍生物快来试试你的杀软吧