Исследование антивирусов 7

[senyak]

Пришел вконтакт. Скорей всего баннер или блочит винду

Файл foto.fee получен 2010.01.13 15:37:04 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.48 2010.01.13 -
AhnLab-V3 5.0.0.2 2010.01.13 -
AntiVir 7.9.1.134 2010.01.13 -
Antiy-AVL 2.0.3.7 2010.01.12 Trojan/Win32.Scar.gen
Authentium 5.2.0.5 2010.01.12 W32/Backdoor2.EWEM
Avast 4.8.1351.0 2010.01.13 -
AVG 9.0.0.725 2010.01.13 -
BitDefender 7.2 2010.01.13 -
CAT-QuickHeal 10.00 2010.01.13 -
ClamAV 0.94.1 2010.01.13 -
Comodo 3569 2010.01.13 -
DrWeb 5.0.1.12222 2010.01.13 -
eSafe 7.0.17.0 2010.01.13 -
eTrust-Vet 35.2.7234 2010.01.13 -
F-Prot 4.5.1.85 2010.01.12 W32/Backdoor2.EWEM
F-Secure 9.0.15370.0 2010.01.13 -
Fortinet 4.0.14.0 2010.01.13 -
GData 19 2010.01.13 -
Ikarus T3.1.1.80.0 2010.01.13 -
Jiangmin 13.0.900 2010.01.13 -
K7AntiVirus 7.10.946 2010.01.13 -
Kaspersky 7.0.0.125 2010.01.13 -
McAfee 5859 2010.01.12 -
McAfee+Artemis 5859 2010.01.12 -
McAfee-GW-Edition 6.8.5 2010.01.13 Heuristic.BehavesLike.Win32.Dropper.H
Microsoft 1.5302 2010.01.13 Trojan:Win32/Qhost.BT
NOD32 4767 2010.01.13 -
Norman 6.04.03 2010.01.13 -
nProtect 2009.1.8.0 2010.01.13 -
Panda 10.0.2.2 2010.01.12 -
PCTools 7.0.3.5 2010.01.13 -
Prevx 3.0 2010.01.13 -
Rising 22.30.02.06 2010.01.13 -
Sophos 4.49.0 2010.01.13 -
Sunbelt 3.2.1858.2 2010.01.13 -
Symantec 20091.2.0.41 2010.01.13 -
TheHacker 6.5.0.3.148 2010.01.13 -
TrendMicro 9.120.0.1004 2010.01.13 -
VBA32 3.12.12.1 2010.01.13 -
ViRobot 2010.1.13.2134 2010.01.13 -
VirusBuster 5.0.21.0 2010.01.13 -

Дополнительная информация
File size: 133632 bytes
MD5...: e1a5510b49b742a61fa441f042d30d92
SHA1..: dfea2b1c60cb2e94b7869ba84dfd82cd9f8099a9
SHA256: 981206c81914f231252f4987dce445a5727cab4ddcdddfb980 c21a3f08092e92
ssdeep: 1536:tQWLoQRXkE2jMq3GulH+WEI89HZGZzvh/4Tp8GMG0jCsCITUkaX+S9W:tt9
PIMTkH+95GZd4TeGMG0jCf+VUW
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e92-1263397024

[Buldozer]

Шпионская программа

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.01.15 -
AhnLab-V3 5.0.0.2 2010.01.15 -
AntiVir 7.9.1.142 2010.01.15 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.15 -
Avast 4.8.1351.0 2010.01.15 -
AVG 9.0.0.730 2010.01.15 -
BitDefender 7.2 2010.01.15 -
CAT-QuickHeal 10.00 2010.01.15 (Suspicious) - DNAScan
ClamAV 0.94.1 2010.01.15 -
Comodo 3594 2010.01.15 -
DrWeb 5.0.1.12222 2010.01.15 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7239 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.15 -
Fortinet 4.0.14.0 2010.01.15 -
GData 19 2010.01.15 -
Ikarus T3.1.1.80.0 2010.01.15 -
Jiangmin 13.0.900 2010.01.15 -
K7AntiVirus 7.10.948 2010.01.15 -
Kaspersky 7.0.0.125 2010.01.15 -
McAfee 5861 2010.01.14 -
McAfee+Artemis 5862 2010.01.15 -
McAfee-GW-Edition 6.8.5 2010.01.15 -
Microsoft 1.5302 2010.01.15 -
NOD32 4775 2010.01.15 -
Norman 6.04.03 2010.01.14 -
nProtect 2009.1.8.0 2010.01.15 -
Panda 10.0.2.2 2010.01.15 -
PCTools 7.0.3.5 2010.01.15 -
Prevx 3.0 2010.01.15 -
Rising 22.30.04.04 2010.01.15 -
Sophos 4.49.0 2010.01.15 -
Sunbelt 3.2.1858.2 2010.01.15 -
Symantec 20091.2.0.41 2010.01.15 -
TheHacker 6.5.0.4.152 2010.01.15 -
TrendMicro 9.120.0.1004 2010.01.15 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.15.2138 2010.01.15 -
VirusBuster 5.0.21.0 2010.01.15 -
Дополнительная информация
File size: 682496 bytes
MD5...: 3563906d5e23246258bc69eeb64a7b76
SHA1..: f96fc0cccbd66aa5e6cd9247a70621cc30fd034b
SHA256: ffae3836c005f45ecf30306ff3a5697bd9409230afa657b127 27c255f8e35dbc
ssdeep: 12288:EG6gwigmgoh86WBzo4GLY192cUeGl+5jUqLgc769k5S: ELg9gG32z24oLq
LgK6W4
PEiD..: -

[paul-13]

Файл setup17.exe получен 2010.01.16 15:47:06 (UTC)
Результат: 1/41 (2.44%)

a-squared 4.5.0.50 2010.01.16 -
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.16 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.16 -
ClamAV 0.94.1 2010.01.16 -
Comodo 3604 2010.01.16 -
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.15 -
F-Secure 9.0.15370.0 2010.01.16 -
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.16 -
Ikarus T3.1.1.80.0 2010.01.16 -
Jiangmin 13.0.900 2010.01.16 -
K7AntiVirus 7.10.949 2010.01.16 -
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5862 2010.01.15 -
McAfee+Artemis 5862 2010.01.15 -
McAfee-GW-Edition 6.8.5 2010.01.16 -
Microsoft 1.5302 2010.01.16 TrojanDropper:Win32/Secap.A
NOD32 4777 2010.01.16 -
Norman 6.04.03 2010.01.16 -
nProtect 2009.1.8.0 2010.01.16 -
Panda 10.0.2.2 2010.01.16 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 -
Rising 22.30.05.03 2010.01.16 -
Sophos 4.49.0 2010.01.16 -
Sunbelt 3.2.1858.2 2010.01.16 -
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.4.153 2010.01.16 -
TrendMicro 9.120.0.1004 2010.01.16 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.16 -

http://www.virustotal.com/ru/analisi...e08-1263656826

[DefesT]

File myfoto.exe received on 2010.01.16 20:19:29 (UTC)
Result: 19/41 (46.35%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.16 -
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.16 TR/Crypt.CFI.Gen
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 W32/Trojan-Gypikon-based.DM2!Maximus
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 Gen:Trojan.Heur.eu0@rDGKq!ic
CAT-QuickHeal 10.00 2010.01.16 (Suspicious) - DNAScan
ClamAV 0.94.1 2010.01.16 -
Comodo 3605 2010.01.16 Heur.Packed.Unknown
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.16 W32/Trojan-Gypikon-based.DM2!Maximus
F-Secure 9.0.15370.0 2010.01.16 Gen:Trojan.Heur.eu0@rDGKq!ic
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.16 Gen:Trojan.Heur.eu0@rDGKq!ic
Ikarus T3.1.1.80.0 2010.01.16 -
Jiangmin 13.0.900 2010.01.16 -
K7AntiVirus 7.10.949 2010.01.16 -
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5863 2010.01.16 New Malware.ag
McAfee+Artemis 5863 2010.01.16 Artemis!2BA7EF2E3485
McAfee-GW-Edition 6.8.5 2010.01.16 Heuristic.LooksLike.Win32.Suspicious.B
Microsoft 1.5302 2010.01.16 -
NOD32 4778 2010.01.16 a variant of Win32/Kryptik.LR
Norman 6.04.03 2010.01.16 W32/Obfuscated.A!genr
nProtect 2009.1.8.0 2010.01.16 -
Panda 10.0.2.2 2010.01.16 Suspicious file
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 -
Rising 22.30.05.03 2010.01.16 Packer.Win32.UnkPacker.a
Sophos 4.49.0 2010.01.16 Mal/EncPk-MX
Sunbelt 3.2.1858.2 2010.01.16 -
Symantec 20091.2.0.41 2010.01.16 Suspicious.MH690.A
TheHacker 6.5.0.5.153 2010.01.16 -
TrendMicro 9.120.0.1004 2010.01.16 Mal_Banker
VBA32 3.12.12.1 2010.01.15 Malware-Cryptor.Win32.General.3
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.16 -

Additional information
File size: 77824 bytes
MD5...: 2ba7ef2e3485a5ec9fb1b96ff8e42cc8
SHA1..: b7f6f5110da48efb6bd8f33848ba650da361ee84
SHA256: d21679c5b9ff4555cc276c3a856792d17ccf8393a1e24283fa 20f5a4f7f2f64d
http://www.virustotal.com/analisis/d...64d-1263673169

File install_flash_player.exe received on 2010.01.16 20:21:07 (UTC)
Result: 2/41 (4.88%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.16 -
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.16 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.16 -
ClamAV 0.94.1 2010.01.16 -
Comodo 3605 2010.01.16 -
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.16 -
F-Secure 9.0.15370.0 2010.01.16 -
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.16 -
Ikarus T3.1.1.80.0 2010.01.16 -
Jiangmin 13.0.900 2010.01.16 -
K7AntiVirus 7.10.949 2010.01.16 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5863 2010.01.16 -
McAfee+Artemis 5863 2010.01.16 -
McAfee-GW-Edition 6.8.5 2010.01.16 -
Microsoft 1.5302 2010.01.16 -
NOD32 4778 2010.01.16 -
Norman 6.04.03 2010.01.16 -
nProtect 2009.1.8.0 2010.01.16 -
Panda 10.0.2.2 2010.01.16 -
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 -
Rising 22.30.05.03 2010.01.16 -
Sophos 4.49.0 2010.01.16 -
Sunbelt 3.2.1858.2 2010.01.16 -
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.5.153 2010.01.16 Trojan/Dropper.Js.any
TrendMicro 9.120.0.1004 2010.01.16 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.16 -

Additional information
File size: 446125 bytes
MD5...: c530a9067a4a8c589c9dd479f2f8c528
SHA1..: 9997c1563c4783b303a48161218d941fe3d5e962
SHA256: 159888bb4d73f5c5532f66af1a52f718fb8905ba248838cff9 61a04421a1dcdf
http://www.virustotal.com/analisis/1...cdf-1263673267

File FreeVKGifts.exe received on 2010.01.16 20:24:43 (UTC)
Result: 13/39 (33.34%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.16 Worm.Win32.SillyShareCopy!IK
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.16 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 Gen:Trojan.Heur.TP.ku0@b8tBuvhc
CAT-QuickHeal 10.00 2010.01.16 (Suspicious) - DNAScan
ClamAV 0.94.1 2010.01.16 -
Comodo 3605 2010.01.16 Heur.Packed.Unknown
DrWeb 5.0.1.12222 2010.01.16 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.16 -
F-Secure 9.0.15370.0 2010.01.16 Gen:Trojan.Heur.TP.ku0@b8tBuvhc
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.16 Gen:Trojan.Heur.TP.ku0@b8tBuvhc
Ikarus T3.1.1.80.0 2010.01.16 Worm.Win32.SillyShareCopy
Jiangmin 13.0.900 2010.01.16 -
K7AntiVirus 7.10.949 2010.01.16 -
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5863 2010.01.16 -
McAfee+Artemis 5863 2010.01.16 Artemis!0795313F75FD
McAfee-GW-Edition 6.8.5 2010.01.16 Heuristic.LooksLike.Worm.SillyShareCopy.H
Microsoft 1.5302 2010.01.16 Worm:Win32/SillyShareCopy.gen
NOD32 4778 2010.01.16 -
Norman 6.04.03 2010.01.16 -
nProtect 2009.1.8.0 2010.01.16 -
Panda 10.0.2.2 2010.01.16 Trj/CI.A
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 -
Rising 22.30.05.03 2010.01.16 -
Sophos 4.49.0 2010.01.16 Mal/EncPk-MZ
Sunbelt 3.2.1858.2 2010.01.16 Trojan.Win32.Bredolab.Gen.1 (v)
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.5.153 2010.01.16 -
TrendMicro 9.120.0.1004 2010.01.16 -
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.16 -

Additional information
File size: 171008 bytes
MD5...: 0795313f75fdf8d27f0cc89ff2ea7a9a
SHA1..: 176951066cf76c95ae2ae40544bd9f124a9ad8a2
SHA256: 9108953fed28cf3f7bb6d768fa5c9a4aaabe434f95f5583994 56d1fe3ce07a8e
http://www.virustotal.com/analisis/9...a8e-1263673483

[Юльча]

Файл plugin.exe получен 2010.01.16 22:34:24 (UTC)
Результат: 9/41 (21.96%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.01.16 Trojan.Win32.LockScreen!IK
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.16 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 -
Avast 4.8.1351.0 2010.01.16 -
AVG 9.0.0.730 2010.01.16 -
BitDefender 7.2 2010.01.16 -
CAT-QuickHeal 10.00 2010.01.16 (Suspicious) - DNAScan
ClamAV 0.94.1 2010.01.16 -
Comodo 3605 2010.01.16 -
DrWeb 5.0.1.12222 2010.01.16 -
eSafe 7.0.17.0 2010.01.14 -
eTrust-Vet 35.2.7240 2010.01.15 -
F-Prot 4.5.1.85 2010.01.16 -
F-Secure 9.0.15370.0 2010.01.16 Suspicious:W32/Riskware!Online
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.16 -
Ikarus T3.1.1.80.0 2010.01.16 Trojan.Win32.LockScreen
Jiangmin 13.0.900 2010.01.16 -
K7AntiVirus 7.10.949 2010.01.16 -
Kaspersky 7.0.0.125 2010.01.16 -
McAfee 5863 2010.01.16 -
McAfee+Artemis 5863 2010.01.16 Artemis!5C6416F819BF
McAfee-GW-Edition 6.8.5 2010.01.16 -
Microsoft 1.5302 2010.01.16 Trojan:Win32/LockScreen.gen!A
NOD32 4778 2010.01.16 -
Norman 6.04.03 2010.01.16 -
nProtect 2009.1.8.0 2010.01.16 -
Panda 10.0.2.2 2010.01.16 Trj/CI.A
PCTools 7.0.3.5 2010.01.16 -
Prevx 3.0 2010.01.16 -
Rising 22.30.05.03 2010.01.16 -
Sophos 4.49.0 2010.01.16 Mal/EncPk-MZ
Sunbelt 3.2.1858.2 2010.01.16 Trojan.Win32.Bredolab.Gen.1 (v)
Symantec 20091.2.0.41 2010.01.16 -
TheHacker 6.5.0.5.153 2010.01.16 -
TrendMicro 9.120.0.1004 2010.01.16 -
VBA32 3.12.12.1 2010.01.15 -
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.16 -

Дополнительная информация
File size: 424448 bytes
MD5...: 5c6416f819bfbca2f1862691a03f68be

смс-вымогатель на номер 2474



ЗЫ.
я смотрю генератора ответного кода под него нет: у каспера - нет вообще, а предложенные коды дрвеба не срабатывают!

[Winsent]

Файл basic.js получен 2010.01.17 17:06:26 (UTC)
Результат: 6/41 (14.64%)

Антивирус Версия Обновление Результат

a-squared 4.5.0.50 2010.01.17 -
AhnLab-V3 5.0.0.2 2010.01.16 -
AntiVir 7.9.1.142 2010.01.17 -
Antiy-AVL 2.0.3.7 2010.01.12 -
Authentium 5.2.0.5 2010.01.16 JS/Redir.AH
Avast 4.8.1351.0 2010.01.17 -
AVG 9.0.0.730 2010.01.17 -
BitDefender 7.2 2010.01.17 -
CAT-QuickHeal 10.00 2010.01.16 -
ClamAV 0.94.1 2010.01.17 -
Comodo 3615 2010.01.17 -
DrWeb 5.0.1.12222 2010.01.17 -
eSafe 7.0.17.0 2010.01.17 -
eTrust-Vet 35.2.7240 2010.01.15 HTML/MalScr.A
F-Prot 4.5.1.85 2010.01.16 JS/Redir.AH
F-Secure 9.0.15370.0 2010.01.17 -
Fortinet 4.0.14.0 2010.01.16 -
GData 19 2010.01.17 -
Ikarus T3.1.1.80.0 2010.01.17 -
Jiangmin 13.0.900 2010.01.17 -
K7AntiVirus 7.10.949 2010.01.16 -
Kaspersky 7.0.0.125 2010.01.17 Trojan-Downloader.JS.Agent.exe
McAfee 5864 2010.01.17 -
McAfee+Artemis 5864 2010.01.17 -
McAfee-GW-Edition 6.8.5 2010.01.17 -
Microsoft 1.5302 2010.01.17 -
NOD32 4780 2010.01.17 JS/TrojanDownloader.Agent.NRN
Norman 6.04.03 2010.01.17 -
nProtect 2009.1.8.0 2010.01.17 -
Panda 10.0.2.2 2010.01.17 -
PCTools 7.0.3.5 2010.01.17 -
Prevx 3.0 2010.01.17 -
Rising 22.30.06.04 2010.01.17 -
Sophos 4.49.0 2010.01.17 Troj/JSRedir-AQ
Sunbelt 3.2.1858.2 2010.01.16 -
Symantec 20091.2.0.41 2010.01.17 -
TheHacker 6.5.0.6.154 2010.01.17 -
TrendMicro 9.120.0.1004 2010.01.17 -
VBA32 3.12.12.1 2010.01.17 -
ViRobot 2010.1.16.2140 2010.01.16 -
VirusBuster 5.0.21.0 2010.01.17 -

Дополнительная информация
File size: 1871 bytes
MD5...: c67ce2bc6f6d053d93901127af3d4da1
SHA1..: e8b05beb701f1e8b4ae5e930cee9a94e8a489b90
SHA256: d6821b63aea40e4c04d3649e1598cf2bb87ee15b78e4be931f e7740cabb69f3f
ssdeep: 48:ctOvHK3hCBr7yTgzsHsRqk/o7wWRmZT40Br+TgGcrWe40<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
trid..: Unknown!

[gjf]

Файло шлётся ссылкой по асе...

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.18 IM-Worm.Win32.QiMiral!IK
AhnLab-V3 5.0.0.2 2010.01.18 -
AntiVir 7.9.1.142 2010.01.18 -
Antiy-AVL 2.0.3.7 2010.01.18 -
Authentium 5.2.0.5 2010.01.18 -
Avast 4.8.1351.0 2010.01.18 -
AVG 9.0.0.730 2010.01.18 -
BitDefender 7.2 2010.01.18 -
CAT-QuickHeal 10.00 2010.01.18 -
ClamAV 0.94.1 2010.01.18 -
Comodo 3628 2010.01.18 -
DrWeb 5.0.1.12222 2010.01.18 Win32.HLLW.Piggy
eSafe 7.0.17.0 2010.01.18 -
eTrust-Vet 35.2.7244 2010.01.18 -
F-Prot 4.5.1.85 2010.01.18 -
F-Secure 9.0.15370.0 2010.01.18 -
Fortinet 4.0.14.0 2010.01.18 -
GData 19 2010.01.18 -
Ikarus T3.1.1.80.0 2010.01.18 IM-Worm.Win32.QiMiral
Jiangmin 13.0.900 2010.01.18 -
K7AntiVirus 7.10.950 2010.01.18 -
Kaspersky 7.0.0.125 2010.01.18 IM-Worm.Win32.QiMiral.x
McAfee 5865 2010.01.18 -
McAfee+Artemis 5865 2010.01.18 Artemis!D39CDCDBAFB3
McAfee-GW-Edition 6.8.5 2010.01.18 -
Microsoft 1.5302 2010.01.18 -
NOD32 4784 2010.01.18 Win32/QiMiral.AA
Norman 6.04.03 2010.01.18 -
nProtect 2009.1.8.0 2010.01.18 -
Panda 10.0.2.2 2010.01.18 Trj/CI.A
PCTools 7.0.3.5 2010.01.18 -
Prevx 3.0 2010.01.18 High Risk Cloaked Malware
Rising 22.31.00.04 2010.01.18 Trojan.Spy.Banbra.pug
Sophos 4.49.0 2010.01.18 -
Sunbelt 3.2.1858.2 2010.01.17 -
Symantec 20091.2.0.41 2010.01.18 -
TheHacker 6.5.0.6.155 2010.01.18 -
TrendMicro 9.120.0.1004 2010.01.18 -
VBA32 3.12.12.1 2010.01.17 -
ViRobot 2010.1.18.2142 2010.01.18 -
VirusBuster 5.0.21.0 2010.01.18 Worm.QiMiral.L

http://www.virustotal.com/analisis/b...709-1263848626

[ALEX(XX)]

File kui2.tmp-e2fa922b-d21d-b211-9028- received on 2010.01.19 09:25:22 (UTC)

Код:

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.19	Trojan-Ransom!IK
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.18	TR/Ransom.PogBlock.RI
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.19	-
Avast	4.8.1351.0	2010.01.18	-
AVG	9.0.0.730	2010.01.18	Generic16.AECB
BitDefender	7.2	2010.01.19	Trojan.Generic.2990194
CAT-QuickHeal	10.00	2010.01.19	-
ClamAV	0.94.1	2010.01.19	-
Comodo	3634	2010.01.19	-
DrWeb	5.0.1.12222	2010.01.19	Trojan.Winlock.591
eSafe	7.0.17.0	2010.01.18	-
eTrust-Vet	35.2.7244	2010.01.18	-
F-Prot	4.5.1.85	2010.01.18	-
F-Secure	9.0.15370.0	2010.01.19	Trojan.Generic.2990194
Fortinet	4.0.14.0	2010.01.19	W32/PogBlock.RI!tr
GData	19	2010.01.19	Trojan.Generic.2990194
Ikarus	T3.1.1.80.0	2010.01.19	Trojan-Ransom
Jiangmin	13.0.900	2010.01.19	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.19	Trojan-Ransom.Win32.PogBlock.ri
McAfee	5865	2010.01.18	-
McAfee+Artemis	5865	2010.01.18	-
McAfee-GW-Edition	6.8.5	2010.01.19	Heuristic.BehavesLike.Win32.Suspicious.I
Microsoft	1.5302	2010.01.19	Trojan:Win32/Ransom.U
NOD32	4784	2010.01.18	a variant of Win32/LockScreen.FY
Norman	6.04.03	2010.01.18	-
nProtect	2009.1.8.0	2010.01.18	-
Panda	10.0.2.2	2010.01.18	Trj/CI.A
PCTools	7.0.3.5	2010.01.19	Trojan.Generic
Prevx	3.0	2010.01.19	-
Rising	22.31.01.04	2010.01.19	-
Sophos	4.49.0	2010.01.19	-
Sunbelt	3.2.1858.2	2010.01.19	-
Symantec	20091.2.0.41	2010.01.19	Trojan Horse
TheHacker	6.5.0.6.156	2010.01.19	-
TrendMicro	9.120.0.1004	2010.01.19	TROJ_RANSOM.GY
VBA32	3.12.12.1	2010.01.19	-
ViRobot	2010.1.19.2144	2010.01.19	-
VirusBuster	5.0.21.0	2010.01.18	-

Additional information
File size: 366080 bytes
MD5...: 11906989071a01c79fdaeeab2a87d41b
SHA1..: caa3fbb7933331620984983218d760c37cba6bbd
SHA256: 5820dfe90f6601acfe4e6767a7b1e5a20d8a9a4a67b1e2d554969020f17038da
ssdeep: 6144:nTR2p3PBkpEPmuxDADcozUn4uYH4hA6+b7TBLl7XAOsJebmPdSTte:TR2ZB<BR>CEPbkAwRuYYhA6+PTtl7X6eb+<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x21b53<BR>timedatestamp.....: 0x4b41ffb3 (Mon Jan 04 14:48:19 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x3d525 0x3d600 6.71 1b3e7d296599a3767a9165e51388c650<BR>.rdata 0x3f000 0xd38e 0xd400 6.50 2602468a94aad5f9136f75c02d4300e0<BR>.data 0x4d000 0x10864 0xe600 7.77 482214080c1cfc2d304b041eff66a15c<BR>.rsrc 0x5e000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b<BR><BR>( 7 imports ) <BR>&gt; KERNEL32.dll: GetLongPathNameW, SetFileApisToANSI, SystemTimeToFileTime, SetFileValidData, GetSystemTime, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, FindClose, MoveFileExW, GetCompressedFileSizeW, UnmapViewOfFile, SetFileShortNameW, FindNextFileW, GetFileAttributesExW, GetBinaryTypeW, GetShortPathNameW, GetFileSize, CreateFileA, CreateHardLinkW, GetModuleFileNameA, FlushFileBuffers, SetFilePointer, GetFileSizeEx, GetFileType, MoveFileW, SetEndOfFile, CancelIo, SetFilePointerEx, TerminateProcess, Sleep, CreateFileMappingW, GetQueuedCompletionStatus, PostQueuedCompletionStatus, FindFirstFileW, MoveFileWithProgressW, MapViewOfFile, FlushViewOfFile, GetProcAddress, LoadLibraryA, GetFileTime, GetTempFileNameW, CopyFileW, UnlockFileEx, GetFileInformationByHandle, GetFullPathNameW, WinExec, DeleteFileW, SearchPathA, GetShortPathNameA, DeleteFileA, GetFileAttributesW, GetSystemDirectoryW, WideCharToMultiByte, ReadFileScatter, SetFileAttributesW, ExitProcess, OpenFileMappingW, UnlockFile, MultiByteToWideChar, GetLastError, CreateMutexW, GetModuleHandleA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetSystemTimeAsFileTime, WriteFileEx, ReadFile, SetFileApisToOEM, GetModuleHandleW, GetModuleFileNameW, LockFile, WriteFileGather, ReadFileEx, SetFileTime, AreFileApisANSI, GetTickCount, CreateIoCompletionPort, SearchPathW, FindFirstFileExW, CloseHandle, WriteFile, CopyFileExW, CreateFileW, GetTempPathW, LockFileEx, ReplaceFileW, MapViewOfFileEx, GetCurrentProcessId, QueryPerformanceCounter, GetCommandLineW, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, SetHandleCount, GetConsoleMode, GetConsoleCP, HeapSize, HeapAlloc, HeapFree, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RaiseException, RtlUnwind, ExitThread, ResumeThread, CreateThread, GetVersionExA, GetProcessHeap, GetStartupInfoW, VirtualFree, VirtualAlloc, HeapReAlloc, HeapDestroy, HeapCreate, GetStdHandle, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage<BR>&gt; USER32.dll: GetClientRect, GetWindowDC, ReleaseDC, GetDesktopWindow, GetWindowRect, CreateWindowExW, DrawTextW, SetTimer, LoadCursorW, ShowWindow, UpdateWindow, GetDC, GetMessageW, TranslateMessage, DispatchMessageW, UnregisterClassW, DefWindowProcW, KillTimer, PostQuitMessage, BeginPaint, EndPaint<BR>&gt; GDI32.dll: SetBkMode, SetTextColor, CreateCompatibleBitmap, CreateCompatibleDC, BitBlt, GetDIBits, DeleteDC, CreatePen, SelectObject, CreateSolidBrush, Rectangle, DeleteObject, SetDIBitsToDevice, CreateFontW<BR>&gt; ADVAPI32.dll: RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCloseKey, SetFileSecurityW, RegCreateKeyExW<BR>&gt; SHELL32.dll: SHGetFolderPathA<BR>&gt; RPCRT4.dll: UuidCreate, RpcStringFreeW, UuidToStringW<BR>&gt; WININET.dll: InternetReadFile, HttpSendRequestW, HttpOpenRequestW, InternetConnectW, InternetOpenW, InternetCrackUrlW, InternetCloseHandle<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
pdfid.: -

[Юльча]

Файл Install_Digital-Access_v.9251.exe получен 2010.01.19 17:58:48 (UTC)
Результат: 2/41 (4.88%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.01.19 -
AhnLab-V3 5.0.0.2 2010.01.19 -
AntiVir 7.9.1.142 2010.01.19 -
Antiy-AVL 2.0.3.7 2010.01.19 -
Authentium 5.2.0.5 2010.01.19 -
Avast 4.8.1351.0 2010.01.19 -
AVG 9.0.0.730 2010.01.19 -
BitDefender 7.2 2010.01.19 -
CAT-QuickHeal 10.00 2010.01.19 (Suspicious) - DNAScan
ClamAV 0.94.1 2010.01.19 -
Comodo 3638 2010.01.19 -
DrWeb 5.0.1.12222 2010.01.19 -
eSafe 7.0.17.0 2010.01.19 -
eTrust-Vet 35.2.7245 2010.01.19 -
F-Prot 4.5.1.85 2010.01.18 -
F-Secure 9.0.15370.0 2010.01.19 -
Fortinet 4.0.14.0 2010.01.19 -
GData 19 2010.01.19 -
Ikarus T3.1.1.80.0 2010.01.19 -
Jiangmin 13.0.900 2010.01.19 -
K7AntiVirus 7.10.950 2010.01.18 -
Kaspersky 7.0.0.125 2010.01.19 -
McAfee 5865 2010.01.18 -
McAfee+Artemis 5865 2010.01.18 -
McAfee-GW-Edition 6.8.5 2010.01.19 -
Microsoft 1.5302 2010.01.19 -
NOD32 4786 2010.01.19 a variant of Win32/Kryptik.BCA
Norman 6.04.03 2010.01.19 -
nProtect 2009.1.8.0 2010.01.19 -
Panda 10.0.2.2 2010.01.19 -
PCTools 7.0.3.5 2010.01.19 -
Prevx 3.0 2010.01.19 -
Rising 22.31.01.04 2010.01.19 -
Sophos 4.49.0 2010.01.19 -
Sunbelt 3.2.1858.2 2010.01.19 -
Symantec 20091.2.0.41 2010.01.19 -
TheHacker 6.5.0.6.156 2010.01.19 -
TrendMicro 9.120.0.1004 2010.01.19 -
VBA32 3.12.12.1 2010.01.19 -
ViRobot 2010.1.19.2144 2010.01.19 -
VirusBuster 5.0.21.0 2010.01.19 -

Дополнительная информация
File size: 154120 bytes
MD5...: f0742ca9615a5dea190491d61a416fc0

[Nexus]

File Piggy.zip received on 2010.01.19 20:02:52 (UTC)

Код:

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.19	-
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.19	Worm/QiMiral.Y
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.19	-
Avast	4.8.1351.0	2010.01.19	-
AVG	9.0.0.730	2010.01.19	-
BitDefender	7.2	2010.01.19	-
CAT-QuickHeal	10.00	2010.01.19	-
ClamAV	0.94.1	2010.01.19	-
Comodo	3638	2010.01.19	-
DrWeb	5.0.1.12222	2010.01.19	Win32.HLLW.Piggy
eSafe	7.0.17.0	2010.01.19	-
eTrust-Vet	35.2.7246	2010.01.19	-
F-Prot	4.5.1.85	2010.01.18	-
F-Secure	9.0.15370.0	2010.01.19	-
Fortinet	4.0.14.0	2010.01.19	-
GData	19	2010.01.19	-
Ikarus	T3.1.1.80.0	2010.01.19	IM-Worm.Win32.QiMiral
Jiangmin	13.0.900	2010.01.19	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.19	IM-Worm.Win32.QiMiral.y
McAfee	5866	2010.01.19	-
McAfee+Artemis	5866	2010.01.19	Artemis!1ED597E4D6A8
McAfee-GW-Edition	6.8.5	2010.01.19	Worm.QiMiral.Y
Microsoft	1.5302	2010.01.19	Trojan:Win32/Qimiral.A
NOD32	4787	2010.01.19	a variant of Win32/QiMiral.AA
Norman	6.04.03	2010.01.19	-
nProtect	2009.1.8.0	2010.01.19	-
Panda	10.0.2.2	2010.01.19	Trj/CI.A
PCTools	7.0.3.5	2010.01.19	-
Prevx	3.0	2010.01.19	High Risk Cloaked Malware
Rising	22.31.01.04	2010.01.19	Trojan.Spy.Banbra.pug
Sophos	4.49.0	2010.01.19	-
Sunbelt	3.2.1858.2	2010.01.19	-
Symantec	20091.2.0.41	2010.01.19	-
TheHacker	6.5.0.6.156	2010.01.19	-
TrendMicro	9.120.0.1004	2010.01.19	-
VBA32	3.12.12.1	2010.01.19	-
ViRobot	2010.1.19.2144	2010.01.19	-
VirusBuster	5.0.21.0	2010.01.19	-

Additional information
File size: 547054 bytes
MD5 : 72751c42070eb0567ba0baae232034f1
SHA1 : 7187059987cfc888a805522fbc850fda7fbb2100
SHA256: ef77549f34d17ce3feaf9891d9023ab26553e1e52b64479fed a7ccbc6bd3322d
TrID : File type identification<BR>ZIP compressed archive (100.0%)
ssdeep: 12288:pCxiq7wng735LcN7ayF4Qmr7FWTfUN8XNY/P:pCXw25LcUe4Qmr7FWbUIY/P
Prevx Info: <A href="http://info.prevx.com/aboutprogramtext.asp?PX5=C319B6BC001521C79EF817125 1FB330065334CE2" target="_blank">http://info.prevx.com/aboutprogramtext.asp?PX5=C319B6BC001521C79EF817125 1FB330065334CE2</A>
PEiD : -
RDS : NSRL Reference Data Set<BR>-

http://www.virustotal.com/analisis/e...22d-1263931372

Добавлено через 10 часов 13 минут

File Piggy.zip received on 2010.01.20 06:51:47 (UTC)

Код:

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.20	-
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.19	-
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.20	-
Avast	4.8.1351.0	2010.01.19	-
AVG	9.0.0.730	2010.01.19	-
BitDefender	7.2	2010.01.20	-
CAT-QuickHeal	10.00	2010.01.20	-
ClamAV	0.94.1	2010.01.20	-
Comodo	3642	2010.01.20	-
DrWeb	5.0.1.12222	2010.01.20	Win32.HLLW.Piggy
eSafe	7.0.17.0	2010.01.19	-
eTrust-Vet	35.2.7247	2010.01.20	-
F-Prot	4.5.1.85	2010.01.19	-
F-Secure	9.0.15370.0	2010.01.20	-
Fortinet	4.0.14.0	2010.01.20	-
GData	19	2010.01.20	-
Ikarus	T3.1.1.80.0	2010.01.20	-
Jiangmin	13.0.900	2010.01.20	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.20	IM-Worm.Win32.QiMiral.ab
McAfee	5866	2010.01.19	-
McAfee+Artemis	5866	2010.01.19	-
McAfee-GW-Edition	6.8.5	2010.01.20	-
Microsoft	1.5302	2010.01.20	Trojan:Win32/Qimiral.A
NOD32	4788	2010.01.20	a variant of Win32/QiMiral.AA
Norman	6.04.03	2010.01.19	-
nProtect	2009.1.8.0	2010.01.20	-
Panda	10.0.2.2	2010.01.19	Suspicious file
PCTools	7.0.3.5	2010.01.19	-
Prevx	3.0	2010.01.20	-
Rising	22.31.02.03	2010.01.20	Trojan.Spy.Banbra.pug
Sophos	4.49.0	2010.01.20	-
Sunbelt	3.2.1858.2	2010.01.20	-
Symantec	20091.2.0.41	2010.01.20	-
TheHacker	6.5.0.6.156	2010.01.20	-
TrendMicro	9.120.0.1004	2010.01.20	-
VBA32	3.12.12.1	2010.01.20	-
ViRobot	2010.1.20.2145	2010.01.20	-
VirusBuster	5.0.21.0	2010.01.19	-

Additional information
File size: 546704 bytes
MD5...: 6f827e286b6f9b6fa33b2972f108fbfc
SHA1..: 3a33b77e9b8c69e32a12d9311a832ab4be8f9301
SHA256: 26d6c9af1845eccf0be5ff615fc9267cbe2685fdd0cbda05f8 39cdb546cea6ef
ssdeep: 12288:hrzD3LCUk3tsNTMZ+ATht75ceglKFJuvE0ErLNWstHMW :dn3GswUA72K7u<BR>vE0IWstMW<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
pdfid.: -
trid..: ZIP compressed archive (100.0%)

http://www.virustotal.com/analisis/2...6ef-1263970307

Добавлено через 5 минут

File Piggy.zip received on 2010.01.20 06:57:58 (UTC)

Код:

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.20	-
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.19	-
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.20	-
Avast	4.8.1351.0	2010.01.19	-
AVG	9.0.0.730	2010.01.19	-
BitDefender	7.2	2010.01.20	-
CAT-QuickHeal	10.00	2010.01.20	-
ClamAV	0.94.1	2010.01.20	-
Comodo	3642	2010.01.20	-
DrWeb	5.0.1.12222	2010.01.20	Win32.HLLW.Piggy
eSafe	7.0.17.0	2010.01.19	-
eTrust-Vet	35.2.7247	2010.01.20	-
F-Prot	4.5.1.85	2010.01.19	-
F-Secure	9.0.15370.0	2010.01.20	-
Fortinet	4.0.14.0	2010.01.20	-
GData	19	2010.01.20	-
Ikarus	T3.1.1.80.0	2010.01.20	IM-Worm.Win32.QiMiral
Jiangmin	13.0.900	2010.01.20	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.20	-
McAfee	5866	2010.01.19	-
McAfee+Artemis	5866	2010.01.19	Artemis!48C08A532382
McAfee-GW-Edition	6.8.5	2010.01.20	-
Microsoft	1.5302	2010.01.20	Trojan:Win32/Qimiral.A
NOD32	4788	2010.01.20	a variant of Win32/QiMiral.AA
Norman	6.04.03	2010.01.19	-
nProtect	2009.1.8.0	2010.01.20	-
Panda	10.0.2.2	2010.01.19	Trj/CI.A
PCTools	7.0.3.5	2010.01.19	-
Prevx	3.0	2010.01.20	-
Rising	22.31.02.03	2010.01.20	Trojan.Spy.Banbra.pug
Sophos	4.49.0	2010.01.20	Mal/Generic-A
Sunbelt	3.2.1858.2	2010.01.20	-
Symantec	20091.2.0.41	2010.01.20	-
TheHacker	6.5.0.6.156	2010.01.20	-
TrendMicro	9.120.0.1004	2010.01.20	-
VBA32	3.12.12.1	2010.01.20	IM-Worm.Win32.QiMiral
ViRobot	2010.1.20.2145	2010.01.20	-
VirusBuster	5.0.21.0	2010.01.19	-

Additional information
File size: 547111 bytes
MD5...: 5941c29888979fd37b5b7adcf5803289
SHA1..: b4d440cc0d6945d8454f4d683b55deb5bc07034d
SHA256: fbe6391ef24f8797e644fc7bab5ecd96721bef44fae854b1e1 55a0c271545fdd
ssdeep: 12288:zosHUpv457v8gNFnMdbcdZRIgUIgN63JNgLFVzZaGmFN FuO:zos2QbJNld<BR>ZNJN8FV8luO<BR>
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: ZIP compressed archive (100.0%)

http://www.virustotal.com/analisis/f...fdd-1263970678

Добавлено через 11 минут

File Piggy.zip received on 2010.01.20 07:08:29 (UTC)

Код:

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.01.20	-
AhnLab-V3	5.0.0.2	2010.01.19	-
AntiVir	7.9.1.142	2010.01.19	-
Antiy-AVL	2.0.3.7	2010.01.19	-
Authentium	5.2.0.5	2010.01.20	-
Avast	4.8.1351.0	2010.01.19	-
AVG	9.0.0.730	2010.01.19	-
BitDefender	7.2	2010.01.20	-
CAT-QuickHeal	10.00	2010.01.20	-
ClamAV	0.94.1	2010.01.20	-
Comodo	3643	2010.01.20	-
DrWeb	5.0.1.12222	2010.01.20	Win32.HLLW.Piggy
eSafe	7.0.17.0	2010.01.19	-
eTrust-Vet	35.2.7247	2010.01.20	-
F-Prot	4.5.1.85	2010.01.19	-
F-Secure	9.0.15370.0	2010.01.20	-
Fortinet	4.0.14.0	2010.01.20	-
GData	19	2010.01.20	-
Ikarus	T3.1.1.80.0	2010.01.20	IM-Worm.Win32.QiMiral
Jiangmin	13.0.900	2010.01.20	-
K7AntiVirus	7.10.950	2010.01.18	-
Kaspersky	7.0.0.125	2010.01.20	IM-Worm.Win32.QiMiral.ac
McAfee	5866	2010.01.19	-
McAfee+Artemis	5866	2010.01.19	Artemis!2B330CB5C999
McAfee-GW-Edition	6.8.5	2010.01.20	-
Microsoft	1.5302	2010.01.20	Trojan:Win32/Qimiral.A
NOD32	4788	2010.01.20	a variant of Win32/QiMiral.AA
Norman	6.04.03	2010.01.19	-
nProtect	2009.1.8.0	2010.01.20	-
Panda	10.0.2.2	2010.01.19	Trj/CI.A
PCTools	7.0.3.5	2010.01.19	-
Prevx	3.0	2010.01.20	-
Rising	22.31.02.03	2010.01.20	Trojan.Spy.Banbra.pug
Sophos	4.49.0	2010.01.20	-
Sunbelt	3.2.1858.2	2010.01.20	-
Symantec	20091.2.0.41	2010.01.20	-
TheHacker	6.5.0.6.156	2010.01.20	-
TrendMicro	9.120.0.1004	2010.01.20	-
VBA32	3.12.12.1	2010.01.20	-
ViRobot	2010.1.20.2145	2010.01.20	-
VirusBuster	5.0.21.0	2010.01.19	-

Additional information
File size: 547544 bytes
MD5...: 7017cb717f216c054ba29b3fd6543297
SHA1..: 557c8a7fedda92ef6e5e95fd318753cf0d6e7727
SHA256: 91246861b0ef45171fd864e94ed2fc828d10e9e2bb6aba0059 c3c981a855af12
ssdeep: 12288:oxHFQJlSSVRUNCWASny5Z5kH2u5v4oQ2EgBEGq/ymPdosD08ExQi2:oxHF

http://www.virustotal.com/analisis/9...f12-1263971309

[Юльча]

Файл 000038.jpg.jar получен 2010.01.20 07:06:19 (UTC)
Результат: 8/41 (19.52%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.01.20 -
AhnLab-V3 5.0.0.2 2010.01.19 -
AntiVir 7.9.1.142 2010.01.19 JAVA/SMS.J2ME.M
Antiy-AVL 2.0.3.7 2010.01.19 Trojan/J2ME.Small
Authentium 5.2.0.5 2010.01.20 -
Avast 4.8.1351.0 2010.01.19 -
AVG 9.0.0.730 2010.01.19 -
BitDefender 7.2 2010.01.20 -
CAT-QuickHeal 10.00 2010.01.20 -
ClamAV 0.94.1 2010.01.20 Trojan.SMS-3
Comodo 3643 2010.01.20 TrojWare.J2ME.SMS.Small.m
DrWeb 5.0.1.12222 2010.01.20 Java.SMSSend.132
eSafe 7.0.17.0 2010.01.19 -
eTrust-Vet 35.2.7247 2010.01.20 -
F-Prot 4.5.1.85 2010.01.19 -
F-Secure 9.0.15370.0 2010.01.20 -
Fortinet 4.0.14.0 2010.01.20 -
GData 19 2010.01.20 -
Ikarus T3.1.1.80.0 2010.01.20 Trojan-SMS
Jiangmin 13.0.900 2010.01.20 -
K7AntiVirus 7.10.950 2010.01.18 -
Kaspersky 7.0.0.125 2010.01.20 Trojan-SMS.J2ME.Small.m
McAfee 5866 2010.01.19 -
McAfee+Artemis 5866 2010.01.19 -
McAfee-GW-Edition 6.8.5 2010.01.20 Java.SMS.J2ME.M
Microsoft 1.5302 2010.01.20 -
NOD32 4788 2010.01.20 -
Norman 6.04.03 2010.01.19 -
nProtect 2009.1.8.0 2010.01.20 -
Panda 10.0.2.2 2010.01.19 -
PCTools 7.0.3.5 2010.01.19 -
Prevx 3.0 2010.01.20 -
Rising 22.31.02.03 2010.01.20 -
Sophos 4.49.0 2010.01.20 -
Sunbelt 3.2.1858.2 2010.01.20 -
Symantec 20091.2.0.41 2010.01.20 -
TheHacker 6.5.0.6.156 2010.01.20 -
TrendMicro 9.120.0.1004 2010.01.20 -
VBA32 3.12.12.1 2010.01.20 -
ViRobot 2010.1.20.2145 2010.01.20 -
VirusBuster 5.0.21.0 2010.01.19 -

Дополнительная информация
File size: 29849 bytes
MD5...: ba64b80b77b14576c3c0844e68ff7238

http://www.virustotal.com/ru/analisi...880-1263971179

[Surfer]

File game.jar received on 2010.01.20 14:57:20 (UTC)
Result: 7/41 (17.08%)

a-squared 4.5.0.50 2010.01.20 -
AhnLab-V3 5.0.0.2 2010.01.19 -
AntiVir 7.9.1.142 2010.01.20 -
Antiy-AVL 2.0.3.7 2010.01.20 Trojan/J2ME.Jifake
Authentium 5.2.0.5 2010.01.20 -
Avast 4.8.1351.0 2010.01.20 -
AVG 9.0.0.730 2010.01.19 -
BitDefender 7.2 2010.01.20 -
CAT-QuickHeal 10.00 2010.01.20 -
ClamAV 0.94.1 2010.01.20 -
Comodo 3647 2010.01.20 TrojWare.J2ME.SMS.Jifake.g
DrWeb 5.0.1.12222 2010.01.20 Java.SMSSend.117
eSafe 7.0.17.0 2010.01.19 -
eTrust-Vet 35.2.7247 2010.01.20 -
F-Prot 4.5.1.85 2010.01.19 -
F-Secure 9.0.15370.0 2010.01.20 -
Fortinet 4.0.14.0 2010.01.20 -
GData 19 2010.01.20 -
Ikarus T3.1.1.80.0 2010.01.20 Win32.SuspectCrc
Jiangmin 13.0.900 2010.01.20 -
K7AntiVirus 7.10.950 2010.01.18 -
Kaspersky 7.0.0.125 2010.01.20 Trojan-SMS.J2ME.Jifake.g
McAfee 5866 2010.01.19 -
McAfee+Artemis 5866 2010.01.19 -
McAfee-GW-Edition 6.8.5 2010.01.20 -
Microsoft 1.5302 2010.01.20 -
NOD32 4789 2010.01.20 J2ME/TrojanSMS.Jifake.G
Norman 6.04.03 2010.01.20 -
nProtect 2009.1.8.0 2010.01.20 -
Panda 10.0.2.2 2010.01.19 -
PCTools 7.0.3.5 2010.01.19 -
Prevx 3.0 2010.01.20 -
Rising 22.31.02.04 2010.01.20 -
Sophos 4.49.0 2010.01.20 -
Sunbelt 3.2.1858.2 2010.01.20 -
Symantec 20091.2.0.41 2010.01.20 -
TheHacker 6.5.0.7.157 2010.01.20 -
TrendMicro 9.120.0.1004 2010.01.20 -
VBA32 3.12.12.1 2010.01.20 Trojan-SMS.J2ME.Jifake.g
ViRobot 2010.1.20.2146 2010.01.20 -
VirusBuster 5.0.21.0 2010.01.20 -

http://www.virustotal.com/analisis/a...a8a-1263999440

[Erekle]

Файл es_chemgan.EXE получен 2010.01.20 21:14:06 (UTC)
Результат: 9/41 (21.96%)

a-squared 4.5.0.50 2010.01.20 Backdoor.Win32.Bifrose.caqd!A2
AhnLab-V3 5.0.0.2 2010.01.20 -
AntiVir 7.9.1.146 2010.01.20 -
Antiy-AVL 2.0.3.7 2010.01.20 -
Authentium 5.2.0.5 2010.01.20 W32/Joke.OA
Avast 4.8.1351.0 2010.01.20 -
AVG 9.0.0.730 2010.01.19 -
BitDefender 7.2 2010.01.20 -
CAT-QuickHeal 10.00 2010.01.20 -
ClamAV 0.94.1 2010.01.20 Trojan.Downloader-20749
Comodo 3650 2010.01.20 TrojWare.Win32.Trojan.Chifrax.~A
DrWeb 5.0.1.12222 2010.01.20 -
eSafe 7.0.17.0 2010.01.20 -
eTrust-Vet 35.2.7249 2010.01.20 -
F-Prot 4.5.1.85 2010.01.20 W32/Joke.OA
F-Secure 9.0.15370.0 2010.01.20 -
Fortinet 4.0.14.0 2010.01.20 Joke/ScreenRoses
GData 19 2010.01.20 -
Ikarus T3.1.1.80.0 2010.01.20 -
Jiangmin 13.0.900 2010.01.20 -
K7AntiVirus 7.10.951 2010.01.20 -
Kaspersky 7.0.0.125 2010.01.20 -
McAfee 5867 2010.01.20 -
McAfee+Artemis 5867 2010.01.20 -
McAfee-GW-Edition 6.8.5 2010.01.20 Heuristic.LooksLike.Win32.Suspicious.S!85
Microsoft 1.5302 2010.01.20 -
NOD32 4791 2010.01.20 -
Norman 6.04.03 2010.01.20 -
nProtect 2009.1.8.0 2010.01.20 Trojan/W32.Agent.914944.H
Panda 10.0.2.2 2010.01.20 -
PCTools 7.0.3.5 2010.01.19 -
Prevx 3.0 2010.01.20 High Risk Worm
Rising 22.31.02.04 2010.01.20 -
Sophos 4.50.0 2010.01.20 -
Sunbelt 3.2.1858.2 2010.01.20 -
Symantec 20091.2.0.41 2010.01.20 -
TheHacker 6.5.0.7.157 2010.01.20 -
TrendMicro 9.120.0.1004 2010.01.20 -
VBA32 3.12.12.1 2010.01.20 -
ViRobot 2010.1.20.2146 2010.01.20 -
VirusBuster 5.0.21.0 2010.01.20 -

http://www.virustotal.com/ru/analisi...dd6-1264022046

Файл mh.exe получен 2010.01.19 09:03:40 (UTC)
Результат: 21/41 (51.22%)

a-squared 4.5.0.50 2010.01.19 PWS.Win32!IK
AhnLab-V3 5.0.0.2 2010.01.19 -
AntiVir 7.9.1.142 2010.01.18 TR/Spy.118784.64
Antiy-AVL 2.0.3.7 2010.01.19 -
Authentium 5.2.0.5 2010.01.19 -
Avast 4.8.1351.0 2010.01.18 -
AVG 9.0.0.730 2010.01.18 Worm/Generic_c.AHU
BitDefender 7.2 2010.01.19 Gen:Trojan.Heur.Nsanti.hyWbeKQ0ZH
CAT-QuickHeal 10.00 2010.01.19 -
ClamAV 0.94.1 2010.01.19 PUA.Packed.ASPack212
Comodo 3634 2010.01.19 -
DrWeb 5.0.1.12222 2010.01.19 Trojan.Packed.732
eSafe 7.0.17.0 2010.01.18 -
eTrust-Vet 35.2.7244 2010.01.18 -
F-Prot 4.5.1.85 2010.01.18 -
F-Secure 9.0.15370.0 2010.01.19 Gen:Trojan.Heur.Nsanti.hyWbeKQ0ZH
Fortinet 4.0.14.0 2010.01.19 -
GData 19 2010.01.19 Gen:Trojan.Heur.Nsanti.hyWbeKQ0ZH
Ikarus T3.1.1.80.0 2010.01.19 PWS.Win32
Jiangmin 13.0.900 2010.01.19 -
K7AntiVirus 7.10.950 2010.01.18 -
Kaspersky 7.0.0.125 2010.01.19 -
McAfee 5865 2010.01.18 PWS-Gamania.b!a
McAfee+Artemis 5865 2010.01.18 PWS-Gamania.b!a
McAfee-GW-Edition 6.8.5 2010.01.19 Heuristic.LooksLike.Win32.Suspicious.H
Microsoft 1.5302 2010.01.19 PWS:Win32/Frethog.gen!H
NOD32 4784 2010.01.18 Win32/AutoRun.PSW.OnlineGames.AP
Norman 6.04.03 2010.01.18 -
nProtect 2009.1.8.0 2010.01.18 -
Panda 10.0.2.2 2010.01.18 Generic Trojan
PCTools 7.0.3.5 2010.01.19 -
Prevx 3.0 2010.01.19 Medium Risk Malware
Rising 22.31.01.04 2010.01.19 Trojan.Win32.Generic.51F78EB8
Sophos 4.49.0 2010.01.19 Mal/Generic-A
Sunbelt 3.2.1858.2 2010.01.19 Worm.Win32.AutoRun
Symantec 20091.2.0.41 2010.01.19 W32.Gammima.AG
TheHacker 6.5.0.6.156 2010.01.19 -
TrendMicro 9.120.0.1004 2010.01.19 PAK_Generic.001
VBA32 3.12.12.1 2010.01.19 -
ViRobot 2010.1.19.2144 2010.01.19 -
VirusBuster 5.0.21.0 2010.01.18 -

http://www.virustotal.com/ru/analisi...247-1263891820

Файл scrnrdr.exe получен 2010.01.09 08:10:21 (UTC)
Результат: 15/41 (36.59%)

a-squared 4.5.0.48 2010.01.09 -
AhnLab-V3 5.0.0.2 2010.01.09 -
AntiVir 7.9.1.130 2010.01.08 -
Antiy-AVL 2.0.3.7 2010.01.08 Trojan/Win32.Agent2.gen
Authentium 5.2.0.5 2010.01.09 -
Avast 4.8.1351.0 2010.01.08 -
AVG 8.5.0.430 2010.01.04 Agent.AXNF
BitDefender 7.2 2010.01.09 -
CAT-QuickHeal 10.00 2010.01.09 -
ClamAV 0.94.1 2010.01.09 -
Comodo 3514 2010.01.08 TrojWare.Win32.Agent2.cdb
DrWeb 5.0.1.12222 2010.01.09 -
eSafe 7.0.17.0 2010.01.07 -
eTrust-Vet 35.2.7226 2010.01.08 -
F-Prot 4.5.1.85 2010.01.08 -
F-Secure 9.0.15370.0 2010.01.09 -
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.09 -
Ikarus T3.1.1.80.0 2010.01.09 -
Jiangmin 13.0.900 2010.01.09 Trojan/Agenta.cv
K7AntiVirus 7.10.942 2010.01.08 Trojan.Win32.Agent2
Kaspersky 7.0.0.125 2010.01.09 -
McAfee 5855 2010.01.08 Generic.dx
McAfee+Artemis 5855 2010.01.08 Generic.dx
McAfee-GW-Edition 6.8.5 2010.01.09 -
Microsoft 1.5302 2010.01.09 -
NOD32 4755 2010.01.08 -
Norman 6.04.03 2010.01.08 W32/Agent.LJVA
nProtect 2009.1.8.0 2010.01.09 Trojan/W32.Agent2.20480.AJ
Panda 10.0.2.2 2010.01.08 Trj/Zlob.KH
PCTools 7.0.3.5 2010.01.09 -
Prevx 3.0 2010.01.09 High Risk Worm
Rising 22.29.05.04 2010.01.09 -
Sophos 4.49.0 2010.01.09 -
Sunbelt 3.2.1858.2 2010.01.09 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.01.09 -
TheHacker 6.5.0.3.143 2010.01.09 Trojan/Agent2.cdb
TrendMicro 9.120.0.1004 2010.01.09 TROJ_ZLOB.FML
VBA32 3.12.12.1 2010.01.09 -
ViRobot 2010.1.8.2128 2010.01.08 Spyware.Agent.20480.V
VirusBuster 5.0.21.0 2010.01.08 -

http://www.virustotal.com/ru/analisi...288-1263024621

[Юльча]

Файл clips01505.scr получен 2010.01.21 17:17:05 (UTC)
Результат: 9/41 (21.95%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.01.21 Gen.Trojan!IK
AhnLab-V3 5.0.0.2 2010.01.21 -
AntiVir 7.9.1.146 2010.01.21 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2010.01.21 -
Authentium 5.2.0.5 2010.01.21 -
Avast 4.8.1351.0 2010.01.21 -
AVG 9.0.0.730 2010.01.21 -
BitDefender 7.2 2010.01.21 Gen:Trojan.Heur.mq0@s9!axieOu
CAT-QuickHeal 10.00 2010.01.21 -
ClamAV 0.94.1 2010.01.21 -
Comodo 3659 2010.01.21 -
DrWeb 5.0.1.12222 2010.01.21 Trojan.PWS.LDPinch.1941
eSafe 7.0.17.0 2010.01.20 -
eTrust-Vet 35.2.7250 2010.01.21 -
F-Prot None 2010.01.20 -
F-Secure 9.0.15370.0 2010.01.21 Gen:Trojan.Heur.mq0@s9!axieOu
Fortinet 4.0.14.0 2010.01.21 -
GData 19 2010.01.21 Gen:Trojan.Heur.mq0@s9!axieOu
Ikarus T3.1.1.80.0 2010.01.21 -
Jiangmin 13.0.900 2010.01.21 -
K7AntiVirus 7.10.951 2010.01.20 -
Kaspersky 7.0.0.125 2010.01.21 -
McAfee 5867 2010.01.20 -
McAfee+Artemis 5867 2010.01.20 Artemis!E48B9FF1A99B
McAfee-GW-Edition 6.8.5 2010.01.21 Heuristic.LooksLike.Win32.Suspicious.L!80
Microsoft 1.5302 2010.01.21 -
NOD32 4791 2010.01.20 -
Norman 6.04.03 2010.01.20 W32/Obfuscated.N2!genr
nProtect 2009.1.8.0 2010.01.21 -
Panda 10.0.2.2 2010.01.21 -
PCTools 7.0.3.5 2010.01.21 -
Prevx 3.0 2010.01.21 -
Rising 22.31.03.04 2010.01.21 -
Sophos 4.50.0 2010.01.21 -
Sunbelt 3.2.1858.2 2010.01.21 -
Symantec 20091.2.0.41 2010.01.21 -
TheHacker 6.5.0.8.157 2010.01.21 -
TrendMicro 9.120.0.1004 2010.01.21 -
VBA32 3.12.12.1 2010.01.20 -
ViRobot 2010.1.21.2148 2010.01.21 -
VirusBuster 5.0.21.0 2010.01.20 -

Дополнительная информация
File size: 196608 bytes
MD5 : e48b9ff1a99b89db5e3ba25b080a73b9

http://www.virustotal.com/ru/analisi...78b-1264094225

[gjf]

File asd3.tmp received on 2010.01.21 19:58:48 (UTC)
Current status: Loading ... finished
Result: 5/41 (12.2%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.21 -
AhnLab-V3 5.0.0.2 2010.01.21 -
AntiVir 7.9.1.146 2010.01.21 -
Antiy-AVL 2.0.3.7 2010.01.21 -
Authentium 5.2.0.5 2010.01.21 -
Avast 4.8.1351.0 2010.01.21 -
AVG 9.0.0.730 2010.01.21 -
BitDefender 7.2 2010.01.21 -
CAT-QuickHeal 10.00 2010.01.21 (Suspicious) - DNAScan
ClamAV 0.94.1 2010.01.21 -
Comodo 3660 2010.01.21 -
DrWeb 5.0.1.12222 2010.01.21 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7250 2010.01.21 -
F-Prot 4.5.1.85 2010.01.20 -
F-Secure 9.0.15370.0 2010.01.21 -
Fortinet 4.0.14.0 2010.01.21 -
GData 19 2010.01.21 -
Ikarus T3.1.1.80.0 2010.01.21 -
Jiangmin 13.0.900 2010.01.21 -
K7AntiVirus 7.10.951 2010.01.20 -
Kaspersky 7.0.0.125 2010.01.21 -
McAfee 5868 2010.01.21 -
McAfee+Artemis 5868 2010.01.21 -
McAfee-GW-Edition 6.8.5 2010.01.21 -
Microsoft 1.5302 2010.01.21 VirTool:Win32/Obfuscator.FI
NOD32 4794 2010.01.21 a variant of Win32/Kryptik.BXJ
Norman 6.04.03 2010.01.21 -
nProtect 2009.1.8.0 2010.01.21 -
Panda 10.0.2.2 2010.01.21 -
PCTools 7.0.3.5 2010.01.21 -
Prevx 3.0 2010.01.21 Medium Risk Malware
Rising 22.31.03.04 2010.01.21 -
Sophos 4.50.0 2010.01.21 Mal/FakeAV-AX
Sunbelt 3.2.1858.2 2010.01.21 -
Symantec 20091.2.0.41 2010.01.21 -
TheHacker 6.5.0.9.158 2010.01.21 -
TrendMicro 9.120.0.1004 2010.01.21 -
VBA32 3.12.12.1 2010.01.20 -
ViRobot 2010.1.21.2148 2010.01.21 -
VirusBuster 5.0.21.0 2010.01.20 -

http://www.virustotal.com/analisis/b...5cb-1264103928

Печальна ситуация с пакованными вымогателями

[Surfer]

File foto.jar received on 2010.01.21 21:57:56 (UTC)
Result: 8/41 (19.52%)

a-squared 4.5.0.50 2010.01.21 -
AhnLab-V3 5.0.0.2 2010.01.21 -
AntiVir 7.9.1.146 2010.01.21 JAVA/SMS.J2ME.M
Antiy-AVL 2.0.3.7 2010.01.21 Trojan/J2ME.Small
Authentium 5.2.0.5 2010.01.21 -
Avast 4.8.1351.0 2010.01.21 -
AVG 9.0.0.730 2010.01.21 -
BitDefender 7.2 2010.01.21 -
CAT-QuickHeal 10.00 2010.01.21 -
ClamAV 0.94.1 2010.01.21 Trojan.SMS-3
Comodo 3662 2010.01.21 TrojWare.J2ME.SMS.Small.m
DrWeb 5.0.1.12222 2010.01.21 Java.SMSSend.132
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7251 2010.01.21 -
F-Prot 4.5.1.85 2010.01.21 -
F-Secure 9.0.15370.0 2010.01.21 -
Fortinet 4.0.14.0 2010.01.21 -
GData 19 2010.01.21 -
Ikarus T3.1.1.80.0 2010.01.21 Trojan.Sms.J2me
Jiangmin 13.0.900 2010.01.21 -
K7AntiVirus 7.10.951 2010.01.20 -
Kaspersky 7.0.0.125 2010.01.21 Trojan-SMS.J2ME.Small.m
McAfee 5868 2010.01.21 -
McAfee+Artemis 5868 2010.01.21 -
McAfee-GW-Edition 6.8.5 2010.01.21 Java.SMS.J2ME.M
Microsoft 1.5302 2010.01.21 -
NOD32 4794 2010.01.21 -
Norman 6.04.03 2010.01.21 -
nProtect 2009.1.8.0 2010.01.21 -
Panda 10.0.2.2 2010.01.21 -
PCTools 7.0.3.5 2010.01.21 -
Prevx 3.0 2010.01.21 -
Rising 22.31.03.04 2010.01.21 -
Sophos 4.50.0 2010.01.21 -
Sunbelt 3.2.1858.2 2010.01.21 -
Symantec 20091.2.0.41 2010.01.21 -
TheHacker 6.5.0.9.158 2010.01.21 -
TrendMicro 9.120.0.1004 2010.01.21 -
VBA32 3.12.12.1 2010.01.21 -
ViRobot 2010.1.21.2149 2010.01.21 -
VirusBuster 5.0.21.0 2010.01.21 -

http://www.virustotal.com/analisis/3...9d0-1264111076

[Юльча]

Файл 9cU3MR6.exe получен 2010.01.23 12:17:21 (UTC)
Результат: 6/41 (14.64%)


Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.01.23 -
AhnLab-V3 5.0.0.2 2010.01.23 -
AntiVir 7.9.1.146 2010.01.22 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.23 -
Avast 4.8.1351.0 2010.01.22 -
AVG 9.0.0.730 2010.01.23 SHeur2.CHHG
BitDefender 7.2 2010.01.23 -
CAT-QuickHeal 10.00 2010.01.22 Win32.PE.Packed.Win32.Krap.af.4
ClamAV 0.94.1 2010.01.22 -
Comodo 3681 2010.01.23 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.1.12222 2010.01.23 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7255 2010.01.22 -
F-Prot 4.5.1.85 2010.01.22 -
F-Secure 9.0.15370.0 2010.01.23 -
Fortinet 4.0.14.0 2010.01.23 -
GData 19 2010.01.23 -
Ikarus T3.1.1.80.0 2010.01.23 -
Jiangmin 13.0.900 2010.01.23 -
K7AntiVirus 7.10.952 2010.01.22 -
Kaspersky 7.0.0.125 2010.01.23 -
McAfee 5869 2010.01.22 -
McAfee+Artemis 5869 2010.01.22 -
McAfee-GW-Edition 6.8.5 2010.01.23 -
Microsoft 1.5405 2010.01.23 -
NOD32 4799 2010.01.23 a variant of Win32/Kryptik.BXD
Norman 6.04.03 2010.01.23 -
nProtect 2009.1.8.0 2010.01.23 -
Panda 10.0.2.2 2010.01.22 -
PCTools 7.0.3.5 2010.01.23 -
Prevx 3.0 2010.01.23 -
Rising 22.31.04.04 2010.01.22 -
Sophos 4.50.0 2010.01.23 -
Sunbelt 3.2.1858.2 2010.01.23 -
Symantec 20091.2.0.41 2010.01.23 Suspicious.Cloud
TheHacker 6.5.0.9.160 2010.01.23 Trojan/Kryptik.bxd
TrendMicro 9.120.0.1004 2010.01.23 -
VBA32 3.12.12.1 2010.01.21 -
ViRobot 2010.1.22.2151 2010.01.22 -
VirusBuster 5.0.21.0 2010.01.22 -

Дополнительная информация
File size: 77312 bytes
MD5...: 9dfb52f4c1f4c7818d72b0f8ef25bc29

это был один из трех файлов вируса, который кроме основного функционала меняет роуты и hosts чтобы заблокировать сайты антивирусников и даже вирусинфо.инфо

[senyak]

Файл VK-Presents.exe получен 2010.01.24 10:37:46 (UTC)
Текущий статус: закончено
Результат: 21/41 (51.22%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.50 2010.01.24 Trojan.Win32.Scar!IK
AhnLab-V3 5.0.0.2 2010.01.23 -
AntiVir 7.9.1.146 2010.01.22 TR/Scar.bdyc
Antiy-AVL 2.0.3.7 2010.01.22 Trojan/Win32.Scar.gen
Authentium 5.2.0.5 2010.01.23 -
Avast 4.8.1351.0 2010.01.23 -
AVG 9.0.0.730 2010.01.24 unknown virus Win32/DH.AA54534F48
BitDefender 7.2 2010.01.24 Trojan.Generic.IS.423258
CAT-QuickHeal 10.00 2010.01.22 -
ClamAV 0.94.1 2010.01.22 -
Comodo 3690 2010.01.24 Heur.Suspicious
DrWeb 5.0.1.12222 2010.01.24 -
eSafe 7.0.17.0 2010.01.21 -
eTrust-Vet 35.2.7255 2010.01.22 -
F-Prot 4.5.1.85 2010.01.23 -
F-Secure 9.0.15370.0 2010.01.24 Trojan.Generic.IS.423258
Fortinet 4.0.14.0 2010.01.24 W32/Scar.BDYC!tr
GData 19 2010.01.24 Trojan.Generic.IS.423258
Ikarus T3.1.1.80.0 2010.01.24 Trojan.Win32.Scar
Jiangmin 13.0.900 2010.01.24 Trojan/Scar.mwk
K7AntiVirus 7.10.952 2010.01.22 Trojan.Win32.Scar.bdyc
Kaspersky 7.0.0.125 2010.01.24 Trojan.Win32.Scar.bdyc
McAfee 5870 2010.01.23 -
McAfee+Artemis 5870 2010.01.23 Artemis!2817B3A42999
McAfee-GW-Edition 6.8.5 2010.01.24 Heuristic.LooksLike.Win32.Trojan.I
Microsoft 1.5405 2010.01.24 -
NOD32 4800 2010.01.23 a variant of Win32/Qhost.NRA
Norman 6.04.03 2010.01.24 W32/Malware.KZGE
nProtect 2009.1.8.0 2010.01.24 -
Panda 10.0.2.2 2010.01.23 Trj/Downloader.MDW
PCTools 7.0.3.5 2010.01.24 Trojan.Generic
Prevx 3.0 2010.01.24 High Risk Fraudulent Security Program
Rising 22.31.06.04 2010.01.24 -
Sophos 4.50.0 2010.01.24 -
Sunbelt 3.2.1858.2 2010.01.23 -
Symantec 20091.2.0.41 2010.01.24 Trojan Horse
TheHacker 6.5.0.9.160 2010.01.24 -
TrendMicro 9.120.0.1004 2010.01.24 -
VBA32 3.12.12.1 2010.01.23 -
ViRobot 2010.1.23.2152 2010.01.23 -
VirusBuster 5.0.21.0 2010.01.23 -

Дополнительная информация
File size: 311808 bytes
MD5...: 2817b3a429999d984b0b97f1ae10c650
SHA1..: 05bfcb2f4d2c2587eaab9ff2ebc62a16bbf26cea
SHA256: 5c61ce0a66ec1b44229d050aecae51efd4647fa6d0b8a32cfa 7ff51285544357
ssdeep: 6144+CiGeq5y3NBqaAKrqm4c9t2KSGkWg2iwjyIooo888888888888 W8888888
8888V+C2BdVAKrAc9t2g9A888888888888WO
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...357-1264329466

[Buldozer]

Подозрительный файл

a-squared 4.5.0.50 2010.01.25 -
AhnLab-V3 5.0.0.2 2010.01.23 -
AntiVir 7.9.1.150 2010.01.25 -
Antiy-AVL 2.0.3.7 2010.01.22 -
Authentium 5.2.0.5 2010.01.25 -
Avast 4.8.1351.0 2010.01.25 -
AVG 9.0.0.730 2010.01.25 -
BitDefender 7.2 2010.01.25 -
CAT-QuickHeal 10.00 2010.01.25 -
ClamAV 0.94.1 2010.01.25 -
Comodo 3705 2010.01.25 -
DrWeb 5.0.1.12222 2010.01.25 -
eSafe 7.0.17.0 2010.01.25 -
eTrust-Vet 35.2.7258 2010.01.25 -
F-Prot 4.5.1.85 2010.01.25 -
F-Secure 9.0.15370.0 2010.01.25 -
Fortinet 4.0.14.0 2010.01.25 -
GData 19 2010.01.25 -
Ikarus T3.1.1.80.0 2010.01.25 -
Jiangmin 13.0.900 2010.01.24 -
K7AntiVirus 7.10.952 2010.01.22 -
Kaspersky 7.0.0.125 2010.01.25 -
McAfee 5871 2010.01.24 -
McAfee+Artemis 5871 2010.01.24 -
McAfee-GW-Edition 6.8.5 2010.01.25 -
Microsoft 1.5405 2010.01.25 -
NOD32 4804 2010.01.25 -
Norman 6.04.03 2010.01.25 -
nProtect 2009.1.8.0 2010.01.25 -
Panda 10.0.2.2 2010.01.24 -
PCTools 7.0.3.5 2010.01.25 -
Prevx 3.0 2010.01.25 -
Rising 22.32.00.04 2010.01.25 -
Sophos 4.50.0 2010.01.25 -
Sunbelt 3.2.1858.2 2010.01.24 -
Symantec 20091.2.0.41 2010.01.25 -
TheHacker 6.5.0.9.162 2010.01.25 Trojan/Spy.IamBigBrother.100
TrendMicro 9.120.0.1004 2010.01.25 -
VBA32 3.12.12.1 2010.01.23 -
ViRobot 2010.1.25.2154 2010.01.25 -
VirusBuster 5.0.21.0 2010.01.25 -

http://www.virustotal.com/ru/analisi...c1c-1264430622

[ZhIV]

File kijiu.exe received on 2010.01.28 03:25:05 (UTC)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.01.28 -
AhnLab-V3 5.0.0.2 2010.01.27 -
AntiVir 7.9.1.154 2010.01.27 -
Antiy-AVL 2.0.3.7 2010.01.27 -
Authentium 5.2.0.5 2010.01.28 W32/Damaged_File.B.gen!Eldorado
Avast 4.8.1351.0 2010.01.28 -
AVG 9.0.0.730 2010.01.27 -
BitDefender 7.2 2010.01.28 -
CAT-QuickHeal 10.00 2010.01.28 -
ClamAV 0.94.1 2010.01.27 -
Comodo 3732 2010.01.28 -
DrWeb 5.0.1.12222 2010.01.27 -
eSafe 7.0.17.0 2010.01.27 -
eTrust-Vet 35.2.7264 2010.01.27 -
F-Prot 4.5.1.85 2010.01.27 W32/Damaged_File.B.gen!Eldorado
F-Secure 9.0.15370.0 2010.01.27 -
Fortinet 4.0.14.0 2010.01.27 -
GData 19 2010.01.28 -
Ikarus T3.1.1.80.0 2010.01.28 -
Jiangmin 13.0.900 2010.01.27 -
K7AntiVirus 7.10.957 2010.01.26 -
McAfee 5874 2010.01.27 potentially unwanted program Corrupt-EP
McAfee+Artemis 5874 2010.01.27 potentially unwanted program Corrupt-EP
McAfee-GW-Edition 6.8.5 2010.01.27 -
Microsoft 1.5406 2010.01.28 -
NOD32 4811 2010.01.27 -
Norman 6.04.03 2010.01.27 -
nProtect 2009.1.8.0 2010.01.27 -
Panda 10.0.2.2 2010.01.27 -
PCTools 7.0.3.5 2010.01.28 -
Prevx 3.0 2010.01.28 -
Rising 22.32.03.01 2010.01.28 -
Sophos 4.50.0 2010.01.28 -
Sunbelt 3.2.1858.2 2010.01.28 -
Symantec 20091.2.0.41 2010.01.28 -
TheHacker 6.5.0.9.167 2010.01.28 W32/Behav-Heuristic-CorruptFile-EP
TrendMicro 9.120.0.1004 2010.01.28 -
VBA32 3.12.12.1 2010.01.27 -
ViRobot 2010.1.27.2158 2010.01.27 -
VirusBuster 5.0.21.0 2010.01.27 -

Additional information
File size: 4096 bytes
MD5...: f0395e1cde2d138eac75e890a408ff88
SHA1..: 1ac3efe0456d59d369622dd536094c8c0ec0e00e
SHA256: 07ed951ea4f714dfa8d6ea0b07c6d897f6e69ef12dc849d647 4b8b0c1f8ffbfc
ssdeep: 48:a18V8MBaCEF9OoYVm54Mqh+xsi8Vc6vFL6icA5RqjzJvVF3 gy8wH5jBijUdzx<BR>I1H8MBIF9GLMqh+G/VVSjtfwY5liaxI1uI<BR>
PEiD..: -