h98765
發表於 2009-7-1 19:56:03
謝謝大大的分享~~YCT50B
酷酷的使者
發表於 2009-7-1 22:49:22
看的不是很懂
不過還是謝謝大大的無私分享
YCT65B YCT65B
a1874466
發表於 2009-7-2 09:29:14
有毒YCT43B
檔案 QuickKeys_v1.0.exe 接收於 2009.05.24 05:28:39 (UTC)
反病毒引擎 版本 最後更新 掃瞄結果
a-squared 4.0.0.101 2009.05.24 Trojan-●嚴禁張貼私服●!IK
AhnLab-V3 5.0.0.2 2009.05.23 Win-Trojan/Xema.variant
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.23 W32/Downloader.H.gen!Eldorado
Avast 4.8.1335.0 2009.05.23 -
AVG 8.5.0.339 2009.05.23 SHeur.BQTP
BitDefender 7.2 2009.05.24 Trojan.Generic.561239
CAT-QuickHeal 10.00 2009.05.23 Trojan.Agent.IRC
ClamAV 0.94.1 2009.05.24 -
Comodo 1157 2009.05.08 Unclassified Malware
DrWeb 5.0.0.12182 2009.05.24 -
eSafe 7.0.17.0 2009.05.21 Suspicious File
eTrust-Vet 31.6.6519 2009.05.23 -
F-Prot 4.4.4.56 2009.05.23 W32/Downloader.H.gen!Eldorado
F-Secure 8.0.14470.0 2009.05.23 -
Fortinet 3.117.0.0 2009.05.23 -
GData 19 2009.05.24 Trojan.Generic.561239
Ikarus T3.1.1.49.0 2009.05.24 Trojan-●嚴禁張貼私服●
K7AntiVirus 7.10.741 2009.05.21 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.05.24 -
McAfee 5624 2009.05.23 Generic.dx
McAfee+Ar●嚴禁張貼私服●4 2009.05.23 Generic.dx
McAfee-GW-Edition 6.7.6 2009.05.24 -
Microsoft 1.4701 2009.05.23 -
NOD32 4098 2009.05.22 a variant of Win32/Adware.VrBrothers
Norman 6.01.05 2009.05.22 W32/Adclicker.HBN
nProtect 2009.1.8.0 2009.05.24 -
Panda 10.0.0.14 2009.05.23 Malicious Packer
PC●嚴禁張貼私服●.0 2009.05.21 -
Prevx 3.0 2009.05.24 High Risk Cloaked Malware
Rising 21.30.60.00 2009.05.24 -
Sophos 4.42.0 2009.05.24 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.05.24 BehavesLike.Win32.Malware (v)
Symantec 1.4.4.12 2009.05.24 Trojan.Adclicker
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.23 -
VBA32 3.12.10.5 2009.05.24 -
ViRobot 2009.5.23.1749 2009.05.23 -
VirusBuster 4.6.5.0 2009.05.23 Trojan.DR.PeBundle.A
附加訊息
File size: 887624 bytes
MD5 : 9b0b290b91f50df328a16408a204505e
SHA1 : bdb865e7013d0cea80d1332759c6498a6e19517b
SHA256: f9aeec867dfe54fae23a9421efe3f255c51d34fdfd25f6226a23f5ee0bfb5815
PEInfo: PE Structure information<br> <br> ( base data )<br> entrypointaddress.: 0x5D8000<br> timedatestamp.....: 0x478EAE37 (Thu Jan 17 02:24:07 2008)<br> machinetype.......: 0x14C (Intel I386)<br> <br> ( 23 sections )<br> name viradd virsiz rawdsiz ntrpy md5<br> UPX0 0x1000 0x11A000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x11B000 0x4A000 0x49A00 7.95 e1ca6b2910e6d8c5e3b471f486088126<br>.rsrc 0x165000 0x7000 0x6400 5.91 a17a83690b0ea351b27133d6f36b8307<br>pebundle 0x16C000 0x3000 0x2200 7.82 d62a4f22317d0fbe220f1b0594d78cc7<br>pebundle 0x16F000 0x2000 0x2000 3.66 e982338ee70341d94a53aed95f5b5eb1<br>pebundle 0x171000 0x4000 0x3E00 7.89 69ef0e26c2e44cfc6056ded7f09ed9e1<br>pebundle 0x175000 0x2000 0x2000 3.66 1fae1059252de4471715e71b34955d18<br>pebundle 0x177000 0x5000 0x5000 7.62 87e96b9b1540adb0c01aa48947967666<br>pebundle 0x17C000 0x2000 0x2000 3.66 b387859e60f0765a45fe4037091bda28<br>pebundle 0x17E000 0x1B000 0x1AC00 7.83 8e6e1a1d29ddc38e120afc606ce1d845<br>pebundle 0x199000 0x2000 0x2000 3.67 cd7489df1e81b4d78a0f2189a0ab2a43<br>pebundle 0x19B000 0x7000 0x6400 7.93 56b818b09de732bcd7796062d69bd75f<br>pebundle 0x1A2000 0x2000 0x2000 3.66 f723a7a3d1a79b5218e806a8eda88175<br>pebundle 0x1A4000 0x1000 0x400 7.47 e653d4fa0989bf4aed21b3523c3d450d<br>pebundle 0x1A5000 0x2000 0x2000 3.66 9e39c9b28dd19f2c2e606d76c42740da<br>pebundle 0x1A7000 0x2000 0x1200 7.73 f563310bf2a100e0554bf80843428162<br>pebundle 0x1A9000 0x2000 0x2000 3.66 d3e82ef2dff81cb93e57871bcb243ffa<br>pebundle 0x1AB000 0x1000 0x600 6.62 6dc8f9bfba9e95fa3101a3fb3c2ff089<br>pebundle 0x1AC000 0x2000 0x2000 3.67 11be84292f5f98832727ad51c329f7e6<br>pebundle 0x1AE000 0xB000 0xA600 7.95 bf306f486d7c17b1ab558ad4d1c5a23a<br>pebundle 0x1B9000 0x2000 0x2000 3.67 f8a5b13ecd87ef83fbcf7a5291c774b6<br>pebundle 0x1BB000 0x1D000 0x1CE00 8.00 ea9ae3b1f5ddc7a0ca40aedc138e0236<br>pebundle 0x1D8000 0x2000 0x2000 3.67 752e97535fc824feb98251ede77c5d2a<br> <br> ( 0 imports )<br> <br> <br> ( 0 exports )<br>
TrID : File type identification<br>Win32 Executable Generic (68.0%)<br>Generic Win/DOS Executable (15.9%)<br>DOS Executable Generic (15.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 24576:jW8dYB++e2youKZS6870g8U5MGhGTu+cvP:cZl8Yg8IGTwvP
Prevx Info: <a href="http://info.prevx.com/aboutprogramtext.asp?PX5=89CBD430489997388BD50D46905A3700E7DB831B" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=89CBD430489997388BD50D46905A3700E7DB831B</a>
PEiD : PEBundle v2.44
packers (Kaspersky): PEBundle, PEBundle, PEBundle, PEBundle, PEBundle, PEBundle, PEBundle, PEBundle, PEBundle, PEBundle, UPX
packers (F-Prot): embedded, UPX
CWSandbox: <a href="http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9b0b290b91f50df328a16408a204505e" target="_blank">http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9b0b290b91f50df328a16408a204505e</a>
RDS : NSRL Reference Data Set<br>-
蘇迪
發表於 2009-7-3 09:07:58
謝謝大大的分享YCT49B
a7872761
發表於 2009-7-3 21:28:19
larcayu
發表於 2009-7-4 01:20:55
來研究看看是什麼 希望是可以用的 YCT47B
~阿影~
發表於 2009-7-4 11:21:48
感謝你的分享囉YCT49B
oh801008
發表於 2009-7-4 14:05:38
感謝大大的分享YCT46B
cfungfung
發表於 2009-7-5 13:41:32
好像有毒~~~~YCT66B
h349685777
發表於 2009-7-5 15:49:42
謝謝大大感激不盡 YCT47B
頁:
1
2
3
4
5
[6]
7
8
9
10
11