endurer 原创
2006-09-06 第2版
2006-09-02 第1版
网站 hxxp://www.94l***m.com/ 首页会根据cookie的值打开网页:
/------------
hxxp://www.dudu**w.com/web/dudu*****13.htm
------------/
或
/------------
hxxp://www.dud**uw.com/web/dudu*****12.htm
------------/
dudu*****13.htm 和 dudu*****12.htm 中有加密的VBScript脚本代码,该脚本代码利用 Microsoft.XMLHTTP 和 Scripting.FileSystemObject 下载文件会下载 hxxp://qidong.virussky.com/qidong.exe,保存为 IE临时文件夹中的 an85.com,并利用Shell.Application 对象 的 ShellExecute 方法 来运行。
| File: | qidong.exe |
| Status: | INFECTED/MALWARE |
| MD5 | f932ee7f241695d5ee6527a231795468 |
| Packers detected: |
UPX
|
| Scanner results | |
| AntiVir | Found Heuristic/Malware (probable variant) |
| ArcaVir | Found nothing |
| Avast | Found nothing |
| AVG Antivirus | Found nothing |
| BitDefender | Found Generic.Malware.BE!g.66E35076 |
| ClamAV | Found nothing |
| Dr.Web | Found Trojan.Update |
| F-Prot Antivirus | Found nothing |
| Fortinet | Found nothing |
| Kaspersky Anti-Virus | Found Trojan-Downloader.Win32.Agent.aqr |
| NOD32 | Found probably unknown NewHeur_PE (probable variant) |
| Norman Virus Control | Found nothing |
| UNA | Found nothing |
| VirusBuster | Found nothing |
| VBA32 | Found nothing |
| Antivirus | Version | Update | Result |
| AntiVir | 7.1.1.11 | 09.06.2006 | TR/Dldr.Agent.aqr.15 |
| Authentium | 4.93.8 | 09.06.2006 | no virus found |
| Avast | 4.7.844.0 | 09.06.2006 | no virus found |
| AVG | 386 | 09.06.2006 | Downloader.Agent.FGL |
| BitDefender | 7.2 | 09.06.2006 | Generic.Malware.BE!g.66E35076 |
| CAT-QuickHeal | 8.00 | 09.05.2006 | no virus found |
| ClamAV | devel-20060426 | 09.06.2006 | no virus found |
| DrWeb | 4.33 | 09.06.2006 | Trojan.Update |
| eTrust-InoculateIT | 23.72.117 | 09.05.2006 | no virus found |
| eTrust-Vet | 30.3.3064 | 09.06.2006 | no virus found |
| Ewido | 4.0 | 09.05.2006 | Downloader.Agent.aqr |
| Fortinet | 2.77.0.0 | 09.06.2006 | no virus found |
| F-Prot | 3.16f | 09.06.2006 | no virus found |
| F-Prot4 | 4.2.1.29 | 09.06.2006 | no virus found |
| Ikarus | 0.2.65.0 | 09.06.2006 | no virus found |
| Kaspersky | 4.0.2.24 | 09.06.2006 | Trojan-Downloader.Win32.Agent.aqr |
| McAfee | 4845 | 09.05.2006 | Downloader-AWE |
| Microsoft | 1.1560 | 09.06.2006 | no virus found |
| NOD32v2 | 1.1741 | 09.06.2006 | probably unknown NewHeur_PE virus |
| Norman | 5.90.23 | 09.06.2006 | no virus found |
| Panda | 9.0.0.4 | 09.05.2006 | Trj/Delf.ABZ |
| Sophos | 4.09.0 | 09.06.2006 | no virus found |
| Symantec | 8.0 | 09.06.2006 | no virus found |
| TheHacker | 5.9.8.205 | 09.06.2006 | Posible_Worm322 |
| UNA | 1.83 | 09.06.2006 | no virus found |
| VBA32 | 3.11.1 | 09.05.2006 | Trojan-Downloader.Win32.Agent.aqr |
| VirusBuster | 4.3.7:9 | 09.06.2006 | no virus found |
| Aditional Information |
| File size: 31744 bytes |
| MD5: f932ee7f241695d5ee6527a231795468 |
| SHA1: 6414ec3d64ede47a4eec4cd07166380b223431da |
| packers: UPX, embedded |
1674
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
