1_20110109

显示全部楼层 · 发表于 2011-1-9 10:27:09

1月8日多引擎扫描+上报，1月9日回复

File name:
1.dll
Submission date:
2011-01-08 13:40:09 (UTC)
Current status:
finished
Result:
9 /42 (21.4%)

VT Community

[size=0.8em]not reviewed
[size=0.8em] Safety score: -

Antivirus	Version	Last Update	Result
AhnLab-V3	2011.01.08.00	2011.01.07	-
AntiVir	7.11.1.57	2011.01.07	-
Antiy-AVL	2.0.3.7	2011.01.08	-
Avast	4.8.1351.0	2011.01.08	-
Avast5	5.0.677.0	2011.01.08	-
AVG	9.0.0.851	2011.01.08	-
BitDefender	7.2	2011.01.08	Gen:Trojan.Heur.LP.IL8@aWWY1Lmj
CAT-QuickHeal	11.00	2011.01.08	-
ClamAV	0.96.4.0	2011.01.08	Trojan.Agent-124036
Command	5.2.11.5	2011.01.08	W32/SuspPack.BP.gen!Eldorado
Comodo	7331	2011.01.07	Virus.Win32.Virut.CE
DrWeb	5.0.2.03300	2011.01.08	-
Emsisoft	5.1.0.1	2011.01.08	-
eSafe	7.0.17.0	2011.01.06	-
eTrust-Vet	36.1.8087	2011.01.07	-
F-Prot	4.6.2.117	2011.01.07	W32/SuspPack.BP.gen!Eldorado
F-Secure	9.0.16160.0	2011.01.08	Gen:Trojan.Heur.LP.IL8@aWWY1Lmj
Fortinet	4.2.254.0	2011.01.08	-
GData	21	2011.01.08	Gen:Trojan.Heur.LP.IL8@aWWY1Lmj
Ikarus	T3.1.1.90.0	2011.01.08	-
Jiangmin	13.0.900	2011.01.08	-
K7AntiVirus	9.75.3472	2011.01.07	Riskware
Kaspersky	7.0.0.125	2011.01.08	-
McAfee	5.400.0.1158	2011.01.08	-
McAfee-GW-Edition	2010.1C	2011.01.08	-
Microsoft	1.6402	2011.01.08	VirTool:Win32/Obfuscator.XZ
NOD32	5769	2011.01.08	-
Norman	6.06.12	2011.01.07	-
nProtect	2011-01-08.01	2011.01.08	-
Panda	10.0.2.7	2011.01.08	-
PCTools	7.0.3.5	2011.01.08	-
Prevx	3.0	2011.01.08	-
Rising	22.81.05.00	2011.01.08	-
Sophos	4.61.0	2011.01.08	-
SUPERAntiSpyware	4.40.0.1006	2011.01.08	-
Symantec	20101.3.0.103	2011.01.08	-
TheHacker	6.7.0.1.112	2011.01.08	-
TrendMicro	9.120.0.1004	2011.01.08	-
TrendMicro-HouseCall	9.120.0.1004	2011.01.08	-
VIPRE	7992	2011.01.08	-
ViRobot	2011.1.8.4244	2011.01.08	-
VirusBuster	13.6.134.0	2011.01.07	-

Additional information
Show all

MD5 : d2fe5e497035d61a91d2d7df4711dbf9

SHA1 : 97b293b63f23cccee8b62b6c5420b6f9df0777bc

SHA256: 7f53470f41f8c32ccc407c18d39125d6658c698f95f8181a29d59a4eb7cfcd79

[size=0.9em]0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
1.exe
Submission date:
2011-01-08 13:44:46 (UTC)
Current status:
finished
Result:
8 /41 (19.5%)

VT Community

[size=0.8em]not reviewed
[size=0.8em] Safety score: -

Compact
Print results

Antivirus	Version	Last Update	Result
AhnLab-V3	2011.01.08.00	2011.01.07	-
AntiVir	7.11.1.57	2011.01.07	-
Antiy-AVL	2.0.3.7	2011.01.08	-
Avast	4.8.1351.0	2011.01.08	-
Avast5	5.0.677.0	2011.01.08	-
AVG	9.0.0.851	2011.01.08	-
BitDefender	7.2	2011.01.08	-
CAT-QuickHeal	11.00	2011.01.08	-
ClamAV	0.96.4.0	2011.01.08	Trojan.Agent-124036
Command	5.2.11.5	2011.01.08	W32/SuspPack.BP.gen!Eldorado
Comodo	7331	2011.01.07	-
DrWeb	5.0.2.03300	2011.01.08	-
eSafe	7.0.17.0	2011.01.06	-
eTrust-Vet	36.1.8087	2011.01.07	-
F-Prot	4.6.2.117	2011.01.07	W32/SuspPack.BP.gen!Eldorado
F-Secure	9.0.16160.0	2011.01.08	-
Fortinet	4.2.254.0	2011.01.08	-
GData	21	2011.01.08	-
Ikarus	T3.1.1.90.0	2011.01.08	Rkit
Jiangmin	13.0.900	2011.01.08	-
K7AntiVirus	9.75.3472	2011.01.07	Riskware
McAfee	5.400.0.1158	2011.01.08	-
McAfee-GW-Edition	2010.1C	2011.01.08	-
Microsoft	1.6402	2011.01.08	VirTool:Win32/Obfuscator.XZ
NOD32	5769	2011.01.08	-
Norman	6.06.12	2011.01.07	-
nProtect	2011-01-08.01	2011.01.08	-
Panda	10.0.2.7	2011.01.08	-
PCTools	7.0.3.5	2011.01.08	-
Prevx	3.0	2011.01.08	-
Rising	22.81.05.00	2011.01.08	-
Sophos	4.61.0	2011.01.08	-
SUPERAntiSpyware	4.40.0.1006	2011.01.08	-
Symantec	20101.3.0.103	2011.01.08	-
TheHacker	6.7.0.1.112	2011.01.08	-
TrendMicro	9.120.0.1004	2011.01.08	TROJ_GEN.R44C3L4
TrendMicro-HouseCall	9.120.0.1004	2011.01.08	TROJ_GEN.R44C3L4
VBA32	3.12.14.2	2011.01.06	-
VIPRE	7992	2011.01.08	-
ViRobot	2011.1.8.4244	2011.01.08	-
VirusBuster	13.6.134.0	2011.01.07	-

Additional information
Show all

MD5 : c9d524fafc71b5d1c7559d4911b28251

SHA1 : 00fdd97fd21f0538221d847057d8904f6b25512d

SHA256: 150691cc795637dfa5d58821168054d5b00f559814b8f8a8c1f69c74dd988ff7

显示全部楼层 · 发表于 2011-1-9 10:40:12

在Windows文件夹里创建文件
to eset

http://camas.comodo.com/cgi-bin/ ... 8a8c1f69c74dd988ff7

http://samples.eset.com.cn/index ... 5d1c7559d4911b28251

显示全部楼层 · 发表于 2011-1-9 10:46:51

本帖最后由 fatezero 于 2011-1-9 15:37 编辑

KIS
HEUR:Trojan.Win32.Generic E:\download\2\1.exe
HEUR:Trojan.Win32.Generic E:\download\2\1.dll

Hello,

1.dll, 1.exe_

No malicious code were found in these files.

Please quote all when answering.
The answer is relevant to the latest bases from update sources.

Regards, Kuskov Vladimir
Virus Analyst

显示全部楼层 · 发表于 2011-1-9 11:48:00

AVG无视，上报

显示全部楼层 · 发表于 2011-1-9 12:04:07

BitDefender剩余一上报

显示全部楼层 · 发表于 2011-1-9 12:48:45

本帖最后由 zuo 于 2011-1-9 12:49 编辑

2011-1-9 12:46:30 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\2[1]\1.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
值: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cache

2011-1-9 12:46:31 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\2[1]\1.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
值: C:\Documents and Settings\Administrator\Cookies
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; Cookies

2011-1-9 12:46:31 修改注册表值阻止
进程: c:\documents and settings\administrator\桌面\2[1]\1.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
值: C:\Documents and Settings\Administrator\Local Settings\History
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders; History

2011-1-9 12:46:32 从其他进程复制句柄阻止
进程: c:\windows\system32\svchost.exe
目标: c:\documents and settings\administrator\桌面\2[1]\1.exe
句柄: (Key) \REGISTRY\USER\S-1-5-21-57989841-842925246-854245398-500\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
规则: [应用程序]c:\windows\system32\svchost.exe

2011-1-9 12:46:32 访问网络阻止
进程: c:\documents and settings\administrator\桌面\2[1]\1.exe
目标: TCP [本机 : 1312] ->  [202.102.110.204 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2011-1-9 12:46:32 访问网络阻止
进程: c:\documents and settings\administrator\桌面\2[1]\1.exe
目标: TCP [本机 : 1313] ->  [180.214.162.106 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2011-1-9 12:46:33 创建文件阻止
进程: c:\documents and settings\administrator\桌面\2[1]\1.exe
目标: C:\WINDOWS\system32\winsock32.dll
规则: [文件组]文件安全读写规则(询问创建) -> [文件]c:\windows\system32; *.*

2011-1-9 12:46:33 访问网络阻止
进程: c:\documents and settings\administrator\桌面\2[1]\1.exe
目标: TCP [本机 : 1315] ->  [173.252.198.108 : 80 (http)]
规则: [网络]任意协议 [本机 : 任意端口] <-> [任意地址 : 任意端口]

2011-1-9 12:46:39 修改注册表值阻止
进程: c:\program files\internet explorer\iexplore.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Locked
值: 0x00000001(1)
规则: [注册表组]IE浏览器设置保护(询问) -> [注册表]*\SOFTWARE\Microsoft\Internet explorer\Toolbar

显示全部楼层 · 发表于 2011-1-9 22:37:29

已上報趨勢嚕~

显示全部楼层 · 发表于 2011-1-9 22:37:44

大蜘蛛MISS，已上报

显示全部楼层 · 发表于 2011-1-10 09:41:35

submit to avertlabs

显示全部楼层 · 发表于 2011-1-10 09:57:48

回复 6楼 zuo 的帖子

这个是用什么软件测的？

[病毒样本] 1_20110109

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块