查看: 3429|回复: 19
收起左侧

[病毒样本] 转剑盟的一个

[复制链接]
The EQs
发表于 2007-4-28 14:41:08 | 显示全部楼层 |阅读模式
过了好多。。。。。。BD的启发查出来了。。。

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
伯夷叔齐
发表于 2007-4-28 14:45:28 | 显示全部楼层
红伞报15个木马!!!


Begin scan in 'D:\Temp.rar'
D:\Temp.rar
  [0] Archive type: RAR
  --> fyso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> jtso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> mhso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qjso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qjso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qqso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> qqso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wgso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wgso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wlso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> wmso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> woso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> woso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> ztso0.dll
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
  --> ztso.exe
      [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
      [WARNING]   The file was ignored!

End of the scan: 2007年4月28日  14:44
Used time: 00:15 min
The scan has been done completely.
      0 Scanning directories
     18 Files were scanned
     15 viruses and/or unwanted programs were found
      0 classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
      3 Files not concerned
      1 Archives were scanned
      1 Warnings
      0 Notes
      0 Hidden objects were found
mofunzone
发表于 2007-4-28 14:46:32 | 显示全部楼层
bd直接把东西解开了,antivir也不错,从结构查出。。
刚刚卸了kav7,准备装bd了。。
File:         Temp.rar
Status:         POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5         a3a8d2b5287fa161a4bce9a42ef7750e
Packers detected:         PE_PATCH, TELOCK

Scanner results
Scan taken on 28 Apr 2007 06:44:01 (GMT)
A-Squared         Found nothing
AntiVir         Found TR/Crypt.ULPM.Gen
ArcaVir         Found nothing
Avast         Found nothing
AVG Antivirus         Found nothing
BitDefender         Found DeepScan:Generic.PWS.Games.2E01505F, BehavesLike:Win32.ExplorerHijack, DeepScan:Generic.PWS.Games.57C69E09, Trojan.Peed.Gen, Dropped:Trojan.Peed.Gen, DeepScan:Generic.PWS.Games.4583A672, DeepScan:Generic.PWS.Games.304B19AE, DeepScan:Generic.PWS.Games.66818958, DeepScan:Generic.PWS.Games.320F57BC, DeepScan:Generic.PWS.Games.DA0C5963, DeepScan:Generic.PWS.Games.8D94AB59 (probable variant)
ClamAV         Found nothing
Dr.Web         Found nothing
F-Prot Antivirus         Found Possibly a new variant of W32/MalwareHiderPatched-based!Maximus
F-Secure Anti-Virus         Found nothing
Fortinet         Found nothing
Kaspersky Anti-Virus         Found nothing
NOD32         Found nothing
Norman Virus Control         Found nothing
Panda Antivirus         Found nothing
Rising Antivirus         Found nothing
VirusBuster         Found nothing
VBA32         Found nothing
The EQs
 楼主| 发表于 2007-4-28 14:47:03 | 显示全部楼层
又是报X的。。。。加了 PE_PATCH, TELOCK
伯夷叔齐
发表于 2007-4-28 14:48:59 | 显示全部楼层
这是红伞上传后的自动处理,报告的已知病毒为8个,准备分析的有8个,也就是说红伞所报的15个里面,有7个是启发


We received the following archive files:


File ID Filename Size (Byte)Result
529754 Temp.rar189.1 KBOK
A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte)Result
275427 fyso.exe 13.5 KB MALWARE
275458 jtso.exe 12 KB MALWARE
275429 mhso.exe 14 KB MALWARE
529755 qjso0.dll 13.5 KB UNDER ANALYSIS
529756 qjso.exe 13 KB UNDER ANALYSIS
529757 qqso0.dll 7.5 KB UNDER ANALYSIS
275456 qqso.exe 13 KB MALWARE
529758 wgso0.dll 13.5 KB UNDER ANALYSIS
529759 wgso.exe 14 KB UNDER ANALYSIS
529760 winprx.exe 50.01 KB UNDER ANALYSIS
529761 wlso.exe 13 KB UNDER ANALYSIS
275461 wmso.exe 13 KB MALWARE
529762 woso0.dll 9 KB UNDER ANALYSIS
275457 woso.exe 13.5 KB MALWARE
275431 ztso0.dll 9.5 KB MALWARE
275464 ztso.exe 13.5 KB MALWARE

Please find a detailed report concerning each individual sample below:
mofunzone
发表于 2007-4-28 14:51:05 | 显示全部楼层
原帖由 EQ2 于 2007-4-27 22:47 发表
又是报X的。。。。加了 PE_PATCH, TELOCK

不懂得文件结构的人就不要乱叫了,我可以把雨伞的名字从nsanti改成nspm,只要改动一下结构,不过对于你来说,就继续认为是“报壳”吧,反正太深奥的你还不明白。
KAV-Longhorn
发表于 2007-4-28 14:59:55 | 显示全部楼层
原帖由 mofunzone 于 2007-4-28 14:46 发表
bd直接把东西解开了,antivir也不错,从结构查出。。
刚刚卸了kav7,准备装bd了。。
File:         Temp.rar
Status:         POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this fil ...


呵呵,其实BD也没有传说中厉害,不必过于迷信。(我本人试过,感觉一般)
fanrubin
头像被屏蔽
发表于 2007-4-28 15:04:54 | 显示全部楼层
nod32过,郁闷
scottxzt
发表于 2007-4-28 15:15:17 | 显示全部楼层

回复 #5 伯夷叔齐 的帖子

不谈启发,还剩8个,其它的杀软都没杀,晕.
伯夷叔齐
发表于 2007-4-28 15:29:10 | 显示全部楼层
原帖由 scottxzt 于 2007-4-28 15:15 发表
不谈启发,还剩8个,其它的杀软都没杀,晕.

为什么不谈启发呢?!!!我认为用户的宗旨就是黑猫白猫,抓住耗子就是好猫.
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-28 23:52 , Processed in 0.151625 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表