转贴剑盟 杀软最新脱壳测试（25个壳）

kp2006

原创gmen_pliskin

用收集的加壳软件对病毒加壳，一共25个，都是最新版本的。并保证加壳后的病毒可以运行。本来还有一些猛壳，可惜加壳以后不能正确运行病毒，所以没加上。解压密码：virus
包括：aspack 212r,ASProtect SKE 2.3 Beta6.26,depack,ExeStealth v2.76,ExeShield1.4,FSG2.0,mew 11se12,MoleBox Pro v2.6.3.2462,NPACK 1.1,Obsidium1304,PECompact2.7,pespin 1.304,petite 2.3,polyene0.01,rlpackv1.18,tElock 0.99,upx3.0,VBOWatch v2.0,vmprotect v1.4,yoda's Protector1.03.3,北斗3.7,北斗4.1,免疫007－2.0,免疫007－2.6,上兴V1.1

[ 本帖最后由 kp2006 于 2007-6-1 22:26 编辑 ]

The EQs

在剑盟玩过了。。。不玩了。。

wangjay1980

detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\Ô­Îļþ\wyQQ2007.exe
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007aspack 212r.exe//ASPack
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007depack.exe//Depack
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007ExeShield1.4cryptor.exe//Yoda
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007ExeStealth v2.76.exe//ExeStealth
detected: Trojan program Trojan-PSW.Win32.QQPass.wt        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007FSG2.0.exe
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007mew 11se12.exe//PE_Patch//MewBundle//MEW
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007MoleBox Pro v2.6.3.2462.exe//Molebox
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007npack.exe//NPack
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007PECompact2.7.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007pespin 1.304.exe//PESpin
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007petite 2.3.exe//Petite
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007polyene0.01.exe//Polyene
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007rlpack1.18.exe//RLPack
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007tElock 0.99.exe//PE_Patch//TeLock
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007UPX3.00.exe//PE_Patch.UPX//UPX
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007VBOWatch v2.0.exe//Yoda
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007vmprotect v1.4.exe
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007yoda's Protector1.03.3.exe//YodaProt
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007±±¶·3.7.exe//NSPack
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007±±¶·4.1.exe//NSPack
detected: Trojan program Trojan-PSW.Win32.QQPass.rj        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007ÃâÒß007-2.0.exe//JDPack
detected: virus Packed.Win32.NSAnti.b        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007ÃâÒß007-2.6.exe
detected: Trojan program Trojan-Dropper.Win32.Delf.aah        File: C:\Documents and Settings\Owner\×ÀÃæ\wyQQ2007\¼Ó¿ÇºóµÄÎļþ\wyQQ2007ÉÏÐËV1.1.exe

The EQs

貌似有几个无法运行的。。。

wangjay1980

卡7的脱壳能力不错

蓝色牛仔裤

漏了3个。。


[Scan path] C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007aspack 212r.exe infected with Trojan.MulDrop.origin
C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007ASProtect SKE 2.3 Beta6.26.exe - Ok
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007depack.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007ExeShield1.4cryptor.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007ExeStealth v2.76.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007FSG2.0.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007mew 11se12.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007MoleBox Pro v2.6.3.2462.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007npack.exe infected with Trojan.MulDrop.origin
>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007Obsidium1334.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007PECompact2.7.exe infected with Trojan.MulDrop.origin
>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007pespin 1.304.exe - Ok
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007petite 2.3.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007polyene0.01.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007rlpack1.18.exe infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007tElock 0.99.exe infected with Trojan.MulDrop.origin
C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007UPX3.00.exe - Ok
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007VBOWatch v2.0.exe infected with Trojan.MulDrop.origin
>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007vmprotect v1.4.exe probably infected with DLOADER.Trojan
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007yoda's Protector1.03.3.exe infected with Trojan.MulDrop.origin
C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\WY5004~1.EXE infected with Trojan.MulDrop.5037
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\WY52F8~1.EXE infected with Trojan.MulDrop.origin
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\WY5A09~1.EXE\data001 probably infected with DLOADER.Trojan
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\WY5A09~1.EXE\data002 infected with Trojan.Vanti
C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\WY5A09~1.EXE - archive contains infected objects
>>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\WYB187~1.EXE infected with Trojan.MulDrop.origin
C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\WYBB67~1.EXE infected with BackDoor.Pigeon.1604

[Scan path] C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\原文件
>C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\原文件\wyQQ2007.exe infected with Trojan.MulDrop.origin

坐在墙头

亲爱的NOD32对原文件不报，倒报了21个加壳后的，不过全是启发报的，可以原谅

jxxfcwb

怎么红伞一个都米有报涅？

tiedan2

AntiVir:
Begin scan in 'C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]'
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007aspack 212r.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [INFO]      A backup was created as '46b136e2.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007ASProtect SKE 2.3 Beta6.26.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '46b136e3.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007depack.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '4719d810.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007ExeShield1.4cryptor.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '46b136e5.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007ExeStealth v2.76.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [INFO]      A backup was created as '46b136e4.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007FSG2.0.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
      [INFO]      A backup was created as '4719d811.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007mew 11se12.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '46b136e6.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007MoleBox Pro v2.6.3.2462.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '4719d813.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007npack.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
      [INFO]      A backup was created as '4719d812.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007Obsidium1334.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '46b136e7.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007PECompact2.7.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [INFO]      A backup was created as '4719d81c.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007pespin 1.304.exe
      [DETECTION] Contains signature of the worm WORM/Mytob.LU
      [INFO]      A backup was created as '46b136e0.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007petite 2.3.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [INFO]      A backup was created as '4719d815.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007polyene0.01.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '4719d817.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007rlpack1.18.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      A backup was created as '46b136e9.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007tElock 0.99.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '4719d81e.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007UPX3.00.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [INFO]      A backup was created as '46b136eb.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007VBOWatch v2.0.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '46b136e8.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007vmprotect v1.4.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '4719d81d.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007yoda's Protector1.03.3.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '46b136ea.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007免疫007-2.0.exe
      [DETECTION] Contains suspicious code HEUR/Malware
      [INFO]      The file was moved to '4719d81f.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007免疫007-2.6.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
      [INFO]      A backup was created as '4719d818.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007北斗3.7.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '46b136ed.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\加壳后的文件\wyQQ2007北斗4.1.exe
      [DETECTION] Contains suspicious code HEUR/Crypted
      [INFO]      The file was moved to '4719d81a.qua'!
C:\Documents and Settings\tiedan\桌面\wyQQ2007[1][1]\wyQQ2007\原文件\wyQQ2007.exe
      [DETECTION] Is the Trojan horse TR/PSW.Stealer.66122
      [INFO]      A backup was created as '46b136d4.qua'  ( QUARANTINE )
      [INFO]      The file was deleted!

欠妳緈諨

AVAST原文件杀了，加壳后的杀了 20个！最后余这几个！