挂里面抓的，大家看看是不是毒

显示全部楼层 · 发表于 2010-10-7 15:52:58

RT。。。

显示全部楼层 · 发表于 2010-10-7 15:56:35

金山卫士杀
ESS 启发
C:\Users\微亿毫\Desktop\ying.rar > RAR > ying.exe - 可能是 Win32/PSW.OnLineGames.QJV 特洛伊木马的变种

显示全部楼层 · 发表于 2010-10-7 16:02:37

RT。。。
chenyilong58 发表于 2010.10.7 15:52

怎么抓啊？

显示全部楼层 · 发表于 2010-10-7 16:04:45

回复 3楼 Simon_v5 的帖子

外挂注入了这个病毒，被NIS2011发现了，于是我恢复，在找到它，压缩，最后倒沙，OK

显示全部楼层 · 发表于 2010-10-7 16:09:28

显示全部楼层 · 发表于 2010-10-7 16:11:43

下外挂360没杀出来，这个倒是查出来了。。。

显示全部楼层 · 发表于 2010-10-7 16:12:06

回复

外挂注入了这个病毒，被NIS2011发现了，于是我恢复，在找到它，压缩，最后倒沙，OK
chenyilong58 发表于 2010.10.7 16:04

其他的抓样本也是这个样子么？

显示全部楼层 · 发表于 2010-10-7 16:27:26

回复 7楼 Simon_v5 的帖子

不知道别人怎么抓....我就这样抓，不过一般在虚拟机里面抓.....

显示全部楼层 · 发表于 2010-10-7 17:24:47

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

[size=0.9em]0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
ying.rar
Submission date:
2010-10-07 09:21:17 (UTC)
Current status:
queued queued analysing finished

Result:
13/ 42 (31.0%)

VT Community

[size=0.8em]not reviewed
[size=0.8em] Safety score: -

Compact
Print results

Antivirus	Version	Last Update	Result
AhnLab-V3	2010.10.07.02	2010.10.07	Trojan/Win32.MalPack
AntiVir	7.10.12.143	2010.10.07	TR/Crypt.FKM.Gen
Antiy-AVL	2.0.3.7	2010.10.07	-
Authentium	5.2.0.5	2010.10.07	W32/Heuristic-210!Eldorado
Avast	4.8.1351.0	2010.10.07	-
Avast5	5.0.594.0	2010.10.07	-
AVG	9.0.0.851	2010.10.06	Suspicion: unknown virus
BitDefender	7.2	2010.10.07	-
CAT-QuickHeal	11.00	2010.10.05	(Suspicious) - DNAScan
ClamAV	0.96.2.0-git	2010.10.07	PUA.Packed.FSG
Comodo	6309	2010.10.07	Heur.Pck.FSG
DrWeb	5.0.2.03300	2010.10.07	-
Emsisoft	5.0.0.50	2010.10.07	-
eSafe	7.0.17.0	2010.10.06	-
eTrust-Vet	36.1.7896	2010.10.07	-
F-Prot	4.6.2.117	2010.10.06	W32/Heuristic-210!Eldorado
F-Secure	9.0.15370.0	2010.10.07	-
Fortinet	4.2.249.0	2010.10.07	-
GData	21	2010.10.07	-
Ikarus	T3.1.1.90.0	2010.10.07	-
Jiangmin	13.0.900	2010.10.06	-
K7AntiVirus	9.63.2689	2010.10.06	Riskware
Kaspersky	7.0.0.125	2010.10.07	-
McAfee	5.400.0.1158	2010.10.07	-
McAfee-GW-Edition	2010.1C	2010.10.07	-
Microsoft	1.6201	2010.10.07	-
NOD32	5511	2010.10.07	probably a variant of Win32/PSW.OnLineGames.QJV
Norman	6.06.07	2010.10.06	Suspicious_F.gen
nProtect	2010-10-07.01	2010.10.07	-
Panda	10.0.2.7	2010.10.06	-
PCTools	7.0.3.5	2010.10.07	-
Prevx	3.0	2010.10.07	-
Rising	22.67.02.07	2010.09.30	-
Sophos	4.58.0	2010.10.07	Mal/Packer
Sunbelt	7004	2010.10.07	-
SUPERAntiSpyware	4.40.0.1006	2010.10.07	-
Symantec	20101.2.0.161	2010.10.07	-
TheHacker	6.7.0.1.051	2010.10.07	-
TrendMicro-HouseCall	9.120.0.1004	2010.10.07	-
VBA32	3.12.14.1	2010.10.06	-
ViRobot	2010.10.4.4074	2010.10.07	-
VirusBuster	12.67.6.0	2010.10.06	Packed/FSG

Additional information
Show all

MD5 : 98e1f97d6aae2ab6c268bfce2e36caad

SHA1 : 4167c59e9788fc03e43a1fb4495f4f5a5e776a56

SHA256: c8021205dfdeed28686037d92ba1495e692fdd308730f2808cc0e84589c0b116

ssdeep: 768:HTRwaFQzU6qPqduyGSMq3qz0Gy2DDjgnG2aEfUS6Hi:HbQznqPqdjGSMl4EDMnG2aeZki

File size : 24645 bytes

First seen: 2010-10-07 07:51:24

Last seen : 2010-10-07 09:21:17

TrID:
RAR Archive (83.3%)
REALbasic Project (16.6%)

sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (Authentium): FSG

packers (F-Prot): FSG

packers (Kaspersky): FSG

Symantec reputation:Suspicious.Insight

http://www.virustotal.com/file-scan/report.html?id=c8021205dfdeed28686037d92ba1495e692fdd308730f2808cc0e84589c0b116-1286443277

显示全部楼层 · 发表于 2010-10-7 17:28:26

很好玩，很戏剧性

[病毒样本] 挂里面抓的，大家看看是不是毒

浏览过的版块