关于自由天空驱动安装程序EasyDrv3.5.exe是否在系统中留有后门

显示全部楼层 · 发表于 2010-12-23 09:47:19

本帖最后由 qihuakai 于 2010-12-23 09:51 编辑

如题。。。
程序上传中。。。。
http://u.115.com/file/t68b60b5bb#
EasyDrv3.5.zip

显示全部楼层 · 发表于 2010-12-23 09:50:29

本帖最后由 ken112 于 2010-12-23 09:51 编辑

楼主挑战知名论坛，看来得卡饭逆向的高手出马了[:26:]
PS：貌似自由天空有很多高手，比如矮人工具箱的作者矮人等等~~

显示全部楼层 · 发表于 2010-12-23 09:52:28

ken112 发表于 2010-12-23 09:50
楼主挑战知名论坛，看来得卡饭逆向的高手出马了
PS：貌似自由天空有很多高手，比如矮人工具箱的作者 ...

没有挑战，那有进步啊。。。
呵呵。。。

显示全部楼层 · 发表于 2010-12-23 09:54:03

comodo已经被提交。。。

显示全部楼层 · 发表于 2010-12-23 09:59:12

virus total 只有护士报
http://www.virustotal.com/file-s ... a4c4d893-1293069367
dll可能有点问题！

显示全部楼层 · 发表于 2010-12-23 10:04:27

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: EasyDrv3.5.zip
Submission date: 2010-12-23 02:01:21 (UTC)
Current status: queued queued analysing finished

Result: 1/ 42 (2.4%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.12.23.01 2010.12.22 -
AntiVir 7.11.0.144 2010.12.22 -
Antiy-AVL 2.0.3.7 2010.12.23 -
Avast 4.8.1351.0 2010.12.22 -
Avast5 5.0.677.0 2010.12.22 -
AVG 9.0.0.851 2010.12.23 -
BitDefender 7.2 2010.12.23 -
CAT-QuickHeal 11.00 2010.12.22 -
ClamAV 0.96.4.0 2010.12.23 -
Command 5.2.11.5 2010.12.22 -
Comodo 7155 2010.12.22 -
DrWeb 5.0.2.03300 2010.12.23 -
eSafe 7.0.17.0 2010.12.22 -
eTrust-Vet 36.1.8055 2010.12.22 -
F-Prot 4.6.2.117 2010.12.22 -
F-Secure 9.0.16160.0 2010.12.23 -
Fortinet 4.2.254.0 2010.12.21 -
GData 21 2010.12.23 -
Ikarus T3.1.1.90.0 2010.12.23 -
Jiangmin 13.0.900 2010.12.22 -
K7AntiVirus 9.74.3319 2010.12.22 -
Kaspersky 7.0.0.125 2010.12.23 -
McAfee 5.400.0.1158 2010.12.23 -
McAfee-GW-Edition 2010.1C 2010.12.22 -
Microsoft 1.6402 2010.12.22 -
NOD32 5726 2010.12.22 -
Norman 6.06.12 2010.12.22 -
nProtect 2010-12-22.01 2010.12.22 -
Panda 10.0.2.7 2010.12.22 -
PCTools 7.0.3.5 2010.12.23 -
Prevx 3.0 2010.12.23 -
Rising 22.79.01.04 2010.12.22 -
Sophos 4.60.0 2010.12.23 Disabled System File Check DLL
SUPERAntiSpyware 4.40.0.1006 2010.12.23 -
Symantec 20101.3.0.103 2010.12.23 -
TheHacker 6.7.0.1.104 2010.12.21 -
TrendMicro 9.120.0.1004 2010.12.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.23 -
VBA32 3.12.14.2 2010.12.21 -
VIPRE 7766 2010.12.23 -
ViRobot 2010.12.22.4214 2010.12.22 -
VirusBuster 13.6.108.0 2010.12.22 -
Additional informationShow all
MD5 : 3725de5195c19c4a403d7a9b8727cdb8
SHA1  : 1d54ef81b1253cd1ad7f465a64db6cb9d6deda7f
SHA256: 9d81235fba1be802384087598a8a22dc7c53db96b76efbd1ad1fcaf6a4c4d893
ssdeep: 49152:+mxGfIyw2TugDGWYgnYTUisNgZ9fw+vCDtBpO:bGfIybVDGunkUJNsVC8
File size : 1796377 bytes
First seen: 2010-12-23 01:56:07
Last seen : 2010-12-23 02:01:21
TrID:
ZIP compressed archive (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (F-Prot): UPX
packers (Kaspersky): UPX, UPX
ExifTool:
file metadata
FileSize: 1754 kB
FileType: ZIP
MIMEType: application/zip
ZipBitFlag: 0
ZipCRC: 0xc8b2f69a
ZipCompressedSize: 1796251
ZipCompression: Deflated
ZipFileName: EasyDrv3.5.exe
ZipModifyDate: 2010:06:09 08:58:13
ZipRequiredVersion: 20
ZipUncompressedSize: 1876976

VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

显示全部楼层 · 发表于 2010-12-23 10:11:51

VirSCAN.org Scanned Report :
Scanned time : 2010/12/23 10:04:24 (CST)
Scanner results: 6%的杀软(2/36)报告发现病毒
File Name    : EasyDrv3.5.zip
File Size    : 1796377 byte
File Type    : Zip archive data, at least v2.0 to extract
MD5          : 3725de5195c19c4a403d7a9b8727cdb8
SHA1          : 1d54ef81b1253cd1ad7f465a64db6cb9d6deda7f
Online report  : http://virscan.org/report/d1af8b50dc3a991d67f01400aea9909b.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    5.1.0.2       20101223023912 2010-12-23  5.84 Trojan.Win32.AutoIt!A2
安博士V3    2010.12.17.05 2010.12.17       2010-12-17  1.98 -
AntiVir       8.2.4.131    7.11.0.144       2010-12-22  0.67 -
安天          2.0.18       20101221.6716246  2010-12-21  0.02 -
Arcavir       2010          201012230237    2010-12-23  0.72 -
Authentium    5.1.1          201012221600    2010-12-22  5.07 -
AVAST!       4.7.4          101222-1       2010-12-22  0.54 -
AVG          8.5.850       271.1.1/3332    2010-12-23  5.17 -
BitDefender 7.90123.6477720 7.35282          2010-12-23  6.24 -
ClamAV       0.96.3       12427          2010-12-22  1.60 -
Comodo       4.0          7155             2010-12-22  1.16 -
CP Secure    1.3.0.5       2010.12.23       2010-12-23  0.91 RiskTool.W32.SFCDisable.b
Dr.Web       5.0.2.3300    2010.12.23       2010-12-23  13.20  -
F-Prot       4.4.4.56       20101222       2010-12-22  5.23 -
F-Secure    7.02.73807    2010.12.22.09    2010-12-22  0.87 -
飞塔          4.2.254       12.703          2010-12-22  0.56 -
GData       21.1363/21.560  20101222       2010-12-22  9.72 -
ViRobot       20101222       2010.12.22       2010-12-22  0.39 -
Ikarus       T3.1.32.15.0 2010.12.22.77400  2010-12-22  5.68 -
江民杀毒    13.0.900       2010.12.22       2010-12-22  1.71 -
卡巴斯基    5.5.10       2010.12.22       2010-12-22  0.98 -
金山毒霸    2009.2.5.15    2010.12.22.18    2010-12-22  2.37 -
迈克菲       5400.1158    6205             2010-12-22  18.71  -
Microsoft    1.6402       2010.12.22       2010-12-22  9.67 -
Norman       6.06.12       6.06.00          2010-12-19  10.01  -
熊猫卫士    9.05.01       2010.12.22       2010-12-22  2.20 -
趋势科技    9.120-1004    7.718.05       2010-12-22  1.35 -
Quick Heal    11.00          2010.12.22       2010-12-22  1.51 -
瑞星          20.0          22.79.01.04    2010-12-21  3.09 -
Sophos       3.14.1       4.60             2010-12-23  12.00  -
Sunbelt       3.9.2464.2    7764             2010-12-22  1.89 -
赛门铁克    1.3.0.24       20101222.003    2010-12-22  0.26 -
nProtect    20101219.01    9386537          2010-12-19  12.46  -
The Hacker    6.7.0.1       v00104          2010-12-21  0.57 -
VBA32       3.12.14.2    20101221.1312    2010-12-21  7.75 -
VirusBuster 4.5.11.10    10.130.51/1998622 2010-12-22  4.87 -

显示全部楼层 · 发表于 2010-12-23 10:14:35

VirSCAN.org Scanned Report :
Scanned time : 2010/12/23 10:04:24 (CST)
Scanner results: 6%的杀软(2/36)报告发现病毒
File Name    : EasyDrv3.5.zip
File Size    : 1796377 byte
File Type    : Zip archive data, at least v2.0 to extract
MD5          : 3725de5195c19c4a403d7a9b8727cdb8
SHA1          : 1d54ef81b1253cd1ad7f465a64db6cb9d6deda7f
Online report  : http://virscan.org/report/d1af8b50dc3a991d67f01400aea9909b.html

Scanner       Engine Ver    Sig Ver          Sig Date Time Scan result
a-squared    5.1.0.2       20101223023912 2010-12-23  5.84 Trojan.Win32.AutoIt!A2
安博士V3    2010.12.17.05 2010.12.17       2010-12-17  1.98 -
AntiVir       8.2.4.131    7.11.0.144       2010-12-22  0.67 -
安天          2.0.18       20101221.6716246  2010-12-21  0.02 -
Arcavir       2010          201012230237    2010-12-23  0.72 -
Authentium    5.1.1          201012221600    2010-12-22  5.07 -
AVAST!       4.7.4          101222-1       2010-12-22  0.54 -
AVG          8.5.850       271.1.1/3332    2010-12-23  5.17 -
BitDefender 7.90123.6477720 7.35282          2010-12-23  6.24 -
ClamAV       0.96.3       12427          2010-12-22  1.60 -
Comodo       4.0          7155             2010-12-22  1.16 -
CP Secure    1.3.0.5       2010.12.23       2010-12-23  0.91 RiskTool.W32.SFCDisable.b
Dr.Web       5.0.2.3300    2010.12.23       2010-12-23  13.20  -
F-Prot       4.4.4.56       20101222       2010-12-22  5.23 -
F-Secure    7.02.73807    2010.12.22.09    2010-12-22  0.87 -
飞塔          4.2.254       12.703          2010-12-22  0.56 -
GData       21.1363/21.560  20101222       2010-12-22  9.72 -
ViRobot       20101222       2010.12.22       2010-12-22  0.39 -
Ikarus       T3.1.32.15.0 2010.12.22.77400  2010-12-22  5.68 -
江民杀毒    13.0.900       2010.12.22       2010-12-22  1.71 -
卡巴斯基    5.5.10       2010.12.22       2010-12-22  0.98 -
金山毒霸    2009.2.5.15    2010.12.22.18    2010-12-22  2.37 -
迈克菲       5400.1158    6205             2010-12-22  18.71  -
Microsoft    1.6402       2010.12.22       2010-12-22  9.67 -
Norman       6.06.12       6.06.00          2010-12-19  10.01  -
熊猫卫士    9.05.01       2010.12.22       2010-12-22  2.20 -
趋势科技    9.120-1004    7.718.05       2010-12-22  1.35 -
Quick Heal    11.00          2010.12.22       2010-12-22  1.51 -
瑞星          20.0          22.79.01.04    2010-12-21  3.09 -
Sophos       3.14.1       4.60             2010-12-23  12.00  -
Sunbelt       3.9.2464.2    7764             2010-12-22  1.89 -
赛门铁克    1.3.0.24       20101222.003    2010-12-22  0.26 -
nProtect    20101219.01    9386537          2010-12-19  12.46  -
The Hacker    6.7.0.1       v00104          2010-12-21  0.57 -
VBA32       3.12.14.2    20101221.1312    2010-12-21  7.75 -
VirusBuster 4.5.11.10    10.130.51/1998622 2010-12-22  4.87 -

显示全部楼层 · 发表于 2010-12-23 10:24:07

大蜘蛛clean：

D:\ZL\Downloads\EasyDrv3.5\EasyDrv3.5.exe 已打包，方式： UPX
>D:\ZL\Downloads\EasyDrv3.5\EasyDrv3.5.exe - 压缩文件 BINARYRES

>>D:\ZL\Downloads\EasyDrv3.5\EasyDrv3.5.exe/data002 已打包，方式： UPX

>>D:\ZL\Downloads\EasyDrv3.5\EasyDrv3.5.exe/data004 - 压缩文件 AUTOIT
>>>D:\ZL\Downloads\EasyDrv3.5\EasyDrv3.5.exe/data004/Users\ADMINI~1\AppData\Local\Temp\aut5E37.tmp 已打包，方式： ASCRIPT
>>>D:\ZL\Downloads\EasyDrv3.5\EasyDrv3.5.exe/data004/Data\Codec\EasyDrv3.5\IsNotebook.dll 已打包，方式： UPX

已上报求就真相

显示全部楼层 · 发表于 2010-12-23 10:31:14

clean

http://camas.comodo.com/cgi-bin/ ... 22ad0c2280b131f7cec

[其他相关] 关于自由天空驱动安装程序EasyDrv3.5.exe是否在系统中留有后门

本帖子中包含更多资源