楼主: kp2006
收起左侧

转贴剑盟 杀软最新脱壳测试(25个壳)

[复制链接]
promised
发表于 2007-6-2 09:55:21 | 显示全部楼层
原帖由 aoyang 于 2007-6-2 00:08 发表
因为EQ2最讨厌报壳的杀软了,而且经常BS之,现在NOD报了壳,而原文件没报,不知道有什么感想 好奇

a variant of Win32/TrojanDropper.Delf.AAH trojan报壳不敢苟同,可能是特征码提的不太好,所以启发出这种东西
probably a variant of Win32/Genetik trojan让EQ2去验证吧
VBA32那个MALWARESCOPE我已经初步验证不是报壳

[ 本帖最后由 promised 于 2007-6-2 10:00 编辑 ]
yksoar
发表于 2007-6-2 10:07:13 | 显示全部楼层
卡巴漏一个````

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
harrystopet
发表于 2007-6-2 11:02:48 | 显示全部楼层
我的瑞星脱掉21个,还可以!
Nblock
发表于 2007-6-2 12:40:42 | 显示全部楼层
原帖由 wkwx 于 2007-6-2 05:59 发表
微点全杀:



呵呵
redalert0239
发表于 2007-6-2 12:47:38 | 显示全部楼层
费尔只抓原文件 这...
scottxzt
发表于 2007-6-2 12:59:37 | 显示全部楼层

红伞启发全关的测试结果(16个,6个报壳)

Starting the file scan:

Begin scan in 'D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\原文件'
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\原文件\
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\原文件\wyQQ2007.exe
      [DETECTION] Is the Trojan horse TR/PSW.Stealer.66122
      [WARNING]   The file was ignored!


Begin scan in 'D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件'
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007aspack 212r.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007ExeStealth v2.76.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007FSG2.0.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007MoleBox Pro v2.6.3.2462.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Molebox). Please verify the origin of the file
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007npack.exe
      [DETECTION] Is the Trojan horse TR/Proxy.Delf.CA
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007Obsidium1334.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Obsidium). Please verify the origin of the file
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007PECompact2.7.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007pespin 1.304.exe
      [DETECTION] Contains signature of the worm WORM/Mytob.LU
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007petite 2.3.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007polyene0.01.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Polyene). Please verify the origin of the file
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007rlpack1.18.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007UPX3.00.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007yoda's Protector1.03.3.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/YodaProt). Please verify the origin of the file
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007北斗3.7.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/NSPack). Please verify the origin of the file
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007北斗4.1.exe
      [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/NSPack). Please verify the origin of the file
      [WARNING]   The file was ignored!
D:\Documents and Settings\dell\桌面\新建文件夹\wyQQ2007\加壳后的文件\wyQQ2007免疫007-2.6.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
      [WARNING]   The file was ignored!
bobgod2000
发表于 2007-6-2 21:52:30 | 显示全部楼层
在这里公布下各杀软的成绩:
微点:26个  小红伞:25个  卡巴:24个  大蜘蛛:21个  NOD32:20个  AVK:16个    KV:11个  金山:8个
hcyjc
头像被屏蔽
发表于 2007-6-2 22:49:15 | 显示全部楼层
原帖由 jxxfcwb于 2007-6-1 23:01 发表 怎么红伞一个都米有报涅?


压缩包是带密码的, 直接扫描包能查出来就怪了~~

[ 本帖最后由 hcyjc 于 2007-6-2 22:50 编辑 ]
worker321
头像被屏蔽
发表于 2007-6-2 23:48:25 | 显示全部楼层
咖啡报18个

2007-6-2        23:48:51        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007aspack 212r.exe\wyQQ2007aspack 212r.exe\0000b4f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:53        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007depack.exe\GenUnp\0000c0f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:53        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007ExeShield1.4cryptor.exe\wyQQ2007ExeShield1.4cryptor.exe\0000b4f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:53        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007ExeStealth v2.76.exe\00005cf0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:53        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007FSG2.0.exe        Generic PWS(特洛伊)
2007-6-2        23:48:53        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007mew 11se12.exe\wyQQ2007mew 11se12.exe\0000b2f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:55        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007MoleBox Pro v2.6.3.2462.exe\000036f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:58        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007petite 2.3.exe\wyQQ2007petite 2.3.exe\0000b4f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:58        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007polyene0.01.exe\GenUnp\0000c0ee.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:58        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007rlpack1.18.exe        New Win32(病毒)
2007-6-2        23:48:59        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007UPX3.00.exe\GenUnp\0000c0f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:59        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007VBOWatch v2.0.exe\wyQQ2007VBOWatch v2.0.exe\0000b4f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:59        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007vmprotect v1.4.exe\00005cf0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:59        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007免疫007-2.0.exe\wyQQ2007免疫007-2.0.exe\0000b4f0.EXE        PWS-QQPass(特洛伊)
2007-6-2        23:48:59        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007免疫007-2.6.exe        New Malware.bl (ED)(特洛伊)
2007-6-2        23:48:59        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007北斗3.7.exe        New Malware.aq(特洛伊)
2007-6-2        23:49:00        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\加壳后的文件\wyQQ2007北斗4.1.exe        New Malware.u(特洛伊)
2007-6-2        23:49:00        未采取操作         C:\Documents and Settings\Administrator\桌面\wyQQ2007[1]\wyQQ2007\原文件\wyQQ2007.exe\00005cf0.EXE        PWS-QQPass(特洛伊)
buycard
发表于 2007-6-3 14:40:01 | 显示全部楼层
卡巴强的一塌糊涂…………


其他软件统统在报壳
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-1-12 18:50 , Processed in 0.080358 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表