Исследование антивирусов 7

[valho]

С зараженного оф. сайта download master

Из самой проги тоже лезло много чего, так как они свою рекламу там пихают, чёт не стал разбираться как её блочить, удалил наф

[senyak]

Файл RaitingMaster3.jar получен 2009.09.17 22:19:50 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.17 -
AhnLab-V3 5.0.0.2 2009.09.17 -
AntiVir 7.9.1.19 2009.09.17 JAVA/SMS.Konov.e
Antiy-AVL 2.0.3.7 2009.09.17 Trojan/J2ME.Konov
Authentium 5.1.2.4 2009.09.17 -
Avast 4.8.1351.0 2009.09.17 Other:Malware-gen
AVG 8.5.0.412 2009.09.17 Java/SMS.A
BitDefender 7.2 2009.09.17 -
CAT-QuickHeal 10.00 2009.09.17 -
ClamAV 0.94.1 2009.09.17 Trojan.J2ME
Comodo 2353 2009.09.18 TrojWare.J2ME.SMS.Konov.e
DrWeb 5.0.0.12182 2009.09.17 Java.SMSSend.18
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6744 2009.09.17 -
F-Prot 4.5.1.85 2009.09.18 -
F-Secure 8.0.14470.0 2009.09.17 Trojan-SMS.J2ME.Konov.e
Fortinet 3.120.0.0 2009.09.17 -
GData 19 2009.09.17 Other:Malware-gen
Ikarus T3.1.1.72.0 2009.09.17 Trojan-SMS
Jiangmin 11.0.800 2009.09.17 -
K7AntiVirus 7.10.847 2009.09.17 -
Kaspersky 7.0.0.125 2009.09.18 Trojan-SMS.J2ME.Konov.e
McAfee 5744 2009.09.17 -
McAfee+Artemis 5744 2009.09.17 -
McAfee-GW-Edition 6.8.5 2009.09.17 Java.SMS.Konov.e
Microsoft 1.5005 2009.09.17 -
NOD32 4435 2009.09.17 J2ME/TrojanSMS.Konov.E
Norman 6.01.09 2009.09.17 -
nProtect 2009.1.8.0 2009.09.17 -
Panda 10.0.2.2 2009.09.17 -
PCTools 4.4.2.0 2009.09.17 -
Prevx 3.0 2009.09.18 -
Rising 21.47.34.00 2009.09.17 -
Sophos 4.45.0 2009.09.17 -
Sunbelt 3.2.1858.2 2009.09.17 -
Symantec 1.4.4.12 2009.09.17 Trojan Horse
TheHacker 6.3.4.4.404 2009.09.15 -
TrendMicro 8.950.0.1094 2009.09.17 -
VBA32 3.12.10.10 2009.09.17 -
ViRobot 2009.9.17.1941 2009.09.17 -
VirusBuster 4.6.5.0 2009.09.17 -

Дополнительная информация
File size: 2369 bytes
MD5...: 53beac59d8e5c928b0f2e7c41ab148ab
SHA1..: d8f112ad6079e8767c0725a5139402b9786c2ecf
SHA256: e5d639488a2b328e6747a29deacf5ccf0435c7d3c8090d44df 15262f317b7ab0
ssdeep: 48:51FTQo0tOURs9y3VeiTEzrTnHOCmmJwLnDfaS7EsvNf:XFT iOURs9qVeiT6TH
mX3ixsvNf
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com./ru/analis...ab0-1253225990

[senyak]

Файл Jimmeconomy.jar получен 2009.09.18 21:12:37 (UTC)
Текущий статус: закончено
Результат: 11/41 (26.83%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.18 -
AhnLab-V3 5.0.0.2 2009.09.18 -
AntiVir 7.9.1.19 2009.09.18 JAVA/SMS.J2ME.Kon.I
Antiy-AVL 2.0.3.7 2009.09.18 Trojan/J2ME.Konov
Authentium 5.1.2.4 2009.09.18 -
Avast 4.8.1351.0 2009.09.18 Other:Malware-gen
AVG 8.5.0.412 2009.09.18 -
BitDefender 7.2 2009.09.18 -
CAT-QuickHeal 10.00 2009.09.18 -
ClamAV 0.94.1 2009.09.18 -
Comodo 2360 2009.09.18 TrojWare.J2ME.SMS.Konov.i
DrWeb 5.0.0.12182 2009.09.18 Java.SMSSend.51
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6745 2009.09.18 Java/SMSTroj
F-Prot 4.5.1.85 2009.09.18 -
F-Secure 8.0.14470.0 2009.09.18 -
Fortinet 3.120.0.0 2009.09.18 -
GData 19 2009.09.18 Other:Malware-gen
Ikarus T3.1.1.72.0 2009.09.18 Trojan-SMS
Jiangmin 11.0.800 2009.09.18 -
K7AntiVirus 7.10.848 2009.09.18 -
Kaspersky 7.0.0.125 2009.09.18 Trojan-SMS.J2ME.Konov.i
McAfee 5745 2009.09.18 -
McAfee+Artemis 5745 2009.09.18 -
McAfee-GW-Edition 6.8.5 2009.09.18 Java.SMS.J2ME.Kon.I
Microsoft 1.5005 2009.09.18 -
NOD32 4438 2009.09.18 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.18 -
Panda 10.0.2.2 2009.09.18 -
PCTools 4.4.2.0 2009.09.18 -
Prevx 3.0 2009.09.18 -
Rising 21.47.42.00 2009.09.18 -
Sophos 4.45.0 2009.09.18 -
Sunbelt 3.2.1858.2 2009.09.18 -
Symantec 1.4.4.12 2009.09.18 -
TheHacker 6.5.0.2.011 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.18 -
VBA32 3.12.10.10 2009.09.18 Java.SMSSend.51
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.18 -

Дополнительная информация
File size: 165859 bytes
MD5...: 87a421743de577bfa70476675f49f0cf
SHA1..: 90d1ce8a35b46059187999ddd57555915d24c3a4
SHA256: c7c99d0fe868a1aa768331a354f8aca4d9cb875ea93bd47904 3e7212b9dd2619
ssdeep: 3072:O6br4V4QrVYwF3wz/5OGER8EBBucamPMZPAn9lSEZnO4vpkNwdYWPoldFPh
tio7:O6KbVwz/5OlW8gcamP8PAn6aO4vWNwd6
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...619-1253308357





Файл foto.jar получен 2009.09.18 21:21:32 (UTC)
Текущий статус: закончено
Результат: 19/41 (46.35%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.18 -
AhnLab-V3 5.0.0.2 2009.09.18 -
AntiVir 7.9.1.19 2009.09.18 JAVA/Boxer.1
Antiy-AVL 2.0.3.7 2009.09.18 Trojan/J2ME.Boxer
Authentium 5.1.2.4 2009.09.18 -
Avast 4.8.1351.0 2009.09.18 Other:Malware-gen
AVG 8.5.0.412 2009.09.18 Java/SMS.C
BitDefender 7.2 2009.09.18 Trojan.Java.SMSsend.A
CAT-QuickHeal 10.00 2009.09.18 -
ClamAV 0.94.1 2009.09.18 -
Comodo 2360 2009.09.18 TrojWare.J2ME.SMS.Boxer.i
DrWeb 5.0.0.12182 2009.09.18 Java.SMSSend.41
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6745 2009.09.18 -
F-Prot 4.5.1.85 2009.09.18 -
F-Secure 8.0.14470.0 2009.09.18 Trojan-SMS.J2ME.Boxer.i
Fortinet 3.120.0.0 2009.09.18 -
GData 19 2009.09.18 Trojan.Java.SMSsend.A
Ikarus T3.1.1.72.0 2009.09.18 Trojan-SMS
Jiangmin 11.0.800 2009.09.18 -
K7AntiVirus 7.10.848 2009.09.18 -
Kaspersky 7.0.0.125 2009.09.18 Trojan-SMS.J2ME.Boxer.i
McAfee 5745 2009.09.18 J2ME/Boxer
McAfee+Artemis 5745 2009.09.18 J2ME/Boxer
McAfee-GW-Edition 6.8.5 2009.09.18 Java.Boxer.1
Microsoft 1.5005 2009.09.18 Trojan:Java/Boxer.A
NOD32 4438 2009.09.18 J2ME/TrojanSMS.Swapi.F
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.18 -
Panda 10.0.2.2 2009.09.18 -
PCTools 4.4.2.0 2009.09.18 -
Prevx 3.0 2009.09.18 -
Rising 21.47.42.00 2009.09.18 -
Sophos 4.45.0 2009.09.18 Troj/Boxer-A
Sunbelt 3.2.1858.2 2009.09.18 -
Symantec 1.4.4.12 2009.09.18 Trojan Horse
TheHacker 6.5.0.2.011 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.18 TROJ_BOXER.B
VBA32 3.12.10.10 2009.09.18 -
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.18 -

Дополнительная информация
File size: 19167 bytes
MD5...: e413385fa1d746556c0d4a9fb319bb8f
SHA1..: 1e660f1beabcd28e2fb9d5752309353165bca661
SHA256: 3e9eaec41e8b7ef9613eebb38828fad9eacb92632be281f0a4 c46d421158a5c8
ssdeep: 384:3I08errDClyW2ugxiKPM4z4khCLswpYmN9RGyqrCMpR0fA 70T13qh:39O8xF
PVz4jLRLNEaI4TZG
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...5c8-1253308892

[Ingener]

Файл dm3.exe получен 2009.09.19 00:40:41 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)

a-squared 4.5.0.24 2009.09.19 Packed.Win32.Tdss!IK
AhnLab-V3 5.0.0.2 2009.09.18 -
AntiVir 7.9.1.19 2009.09.18 TR/PCK.Tdss.Z.1092
Antiy-AVL 2.0.3.7 2009.09.18 Packed/Win32.TDSS
Authentium 5.1.2.4 2009.09.19 -
Avast 4.8.1351.0 2009.09.18 -
AVG 8.5.0.412 2009.09.19 Packed.Monder
BitDefender 7.2 2009.09.19 -
CAT-QuickHeal 10.00 2009.09.18 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.18 -
Comodo 2362 2009.09.19 -
DrWeb 5.0.0.12182 2009.09.19 -
eSafe 7.0.17.0 2009.09.17 Suspicious File
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.18 -
F-Secure 8.0.14470.0 2009.09.18 Packed.Win32.TDSS.z
Fortinet 3.120.0.0 2009.09.19 -
GData 19 2009.09.19 -
Ikarus T3.1.1.72.0 2009.09.18 Packed.Win32.Tdss
Jiangmin 11.0.800 2009.09.18 -
K7AntiVirus 7.10.848 2009.09.18 -
Kaspersky 7.0.0.125 2009.09.19 Packed.Win32.TDSS.z
McAfee 5745 2009.09.18 -
McAfee+Artemis 5745 2009.09.18 Artemis!62018239EDD7
McAfee-GW-Edition 6.8.5 2009.09.18 Trojan.PCK.Tdss.Z.1092
Microsoft 1.5005 2009.09.18 -
NOD32 4439 2009.09.19 a variant of Win32/Kryptik.AND
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.18 -
Panda 10.0.2.2 2009.09.18 Suspicious file
PCTools 4.4.2.0 2009.09.18 -
Prevx 3.0 2009.09.19 Medium Risk Malware
Rising 21.47.42.00 2009.09.18 -
Sophos 4.45.0 2009.09.19 -
Sunbelt 3.2.1858.2 2009.09.19 -
Symantec 1.4.4.12 2009.09.19 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.18 -
VBA32 3.12.10.10 2009.09.18 -
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.18 -

Дополнительная информация
File size: 93696 bytes
MD5 : 62018239edd702419737f0bead200df3
SHA1 : e5d2cadfc95a3d33bb9b11ccce2c89ab1172252f
SHA256: 27013813316360af9b86551743cb957a04e7bf7433777e3d6f 17073a9054310f
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4AB0C1CC (Wed Sep 16 12:45:32 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5C1C 0x5E00 7.86 b98b3371447c00d35a874e187c98a64a
.rdata 0x7000 0x598E 0x5A00 7.81 92879f4cdc4c2ec38ceaf931a615c6d1
.data 0xD000 0x532E 0x5400 7.89 1fd28ded16cc5df0f8f2cffe540039fb
.rsrc 0x13000 0x5B7E 0x5C00 7.78 a6795cc3b43abe84acb1bda3f59ae922
.reloc 0x19000 0x38 0x200 0.88 84460ef7710c08ff9b3686decd943135

( 5 imports )

> comdlg32.dll: CommDlgExtendedError, GetOpenFileNameW, LoadAlterBitmap, LoadAlterBitmap, PrintDlgA, ReplaceTextA, WantArrows, GetFileTitleW, dwOKSubclass, ChooseFontA, FindTextW, ReplaceTextA
> kernel32.dll: GetModuleHandleA, GetLocalTime, Beep, CreateFileW, VirtualFree, LoadLibraryA, VirtualProtect, MapViewOfFile, FileTimeToDosDateTime, SetEvent, GetLongPathNameA, VirtualAlloc, GetModuleHandleW, OpenJobObjectA, ExitThread
> msvcrt.dll: _mbstrlen, _ismbcupper, fread, _ltow, _ismbchira, wcstoul, ___V@YAXPAX@Z, strncpy, _gcvt, wcscmp, __4bad_typeid@@QAEAAV0@ABV0@@Z, atof, _rotr, fgetws, _y0, _winver, mktime, _wsystem, _wspawnle, isleadbyte, _wcsupr, memcpy
> opengl32.dll: glMatrixMode, glBlendFunc, glRasterPos2fv, glNormal3fv, glFogiv, glRasterPos3sv
> winmm.dll: wod32Message, mciGetDeviceIDW, mmioOpenW, joyConfigChanged, midiStreamRestart, midiOutGetErrorTextA, tid32Message, mciGetErrorStringA, midiInGetNumDevs, auxGetDevCapsW, waveInGetPosition

( 0 exports )
TrID : File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.a...37f0bead200df3
ssdeep: 15369odc8qz/fOqm6cuB+KFCeaM0x5uUBQj0/NCrOiJsMzGucxpaTtho7OuwcKxPx/9WWzItNK9F4ugQjiNCKiZcGgDhKL
Prevx Info: http://info.prevx.com/aboutprogramte...C2C200E8137474
PEiD : -
RDS : NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...10f-1253320841



Файл Install.exe получен 2009.09.19 02:00:17 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)

a-squared 4.5.0.24 2009.09.19 -
AhnLab-V3 5.0.0.2 2009.09.18 -
AntiVir 7.9.1.19 2009.09.18 -
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.19 -
Avast 4.8.1351.0 2009.09.18 -
AVG 8.5.0.412 2009.09.19 -
BitDefender 7.2 2009.09.19 -
CAT-QuickHeal 10.00 2009.09.18 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.18 -
Comodo 2362 2009.09.19 -
DrWeb 5.0.0.12182 2009.09.19 -
eSafe 7.0.17.0 2009.09.17 Suspicious File
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.18 -
F-Secure 8.0.14470.0 2009.09.18 -
Fortinet 3.120.0.0 2009.09.19 -
GData 19 2009.09.19 -
Ikarus T3.1.1.72.0 2009.09.18 -
Jiangmin 11.0.800 2009.09.18 -
K7AntiVirus 7.10.848 2009.09.18 -
Kaspersky 7.0.0.125 2009.09.19 -
McAfee 5745 2009.09.18 -
McAfee+Artemis 5745 2009.09.18 Artemis!4680E921B431
McAfee-GW-Edition 6.8.5 2009.09.18 Heuristic.LooksLike.Trojan.Dldr.FraudLo.C
Microsoft 1.5005 2009.09.18 TrojanDownloader:Win32/FakeRean
NOD32 4439 2009.09.19 a variant of Win32/Kryptik.ANC
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.18 -
Panda 10.0.2.2 2009.09.18 Suspicious file
PCTools 4.4.2.0 2009.09.18 -
Prevx 3.0 2009.09.19 Medium Risk Malware
Rising 21.47.42.00 2009.09.18 -
Sophos 4.45.0 2009.09.19 Mal/EncPk-IF
Sunbelt 3.2.1858.2 2009.09.19 -
Symantec 1.4.4.12 2009.09.19 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.18 -
VBA32 3.12.10.10 2009.09.18 Trojan-Downloader.Win32.FraudLoad.cdf
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.18 -

Дополнительная информация
File size: 200304 bytes
MD5...: 4680e921b4319339d98fdd3fa907a3df
SHA1..: 73cd5a5407649b2990351bc075824b1857c26cca
SHA256: db168ca50ccb5e6af699755ebae1032647f1ea59a5bc4b173a be1d5c699af62a
ssdeep: 6144:KBLkRZYRQ351Dm3tJyzG1qeRUqtZV/YI7hyHJff:KLkPmdJlq6zZLYJ3
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7b61
timedatestamp.....: 0x4aa9446f (Thu Sep 10 18:24:47 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6dd7 0x6e00 7.97 10beaa5f98c6fc0a44460fcb0425023d
.rdata 0x8000 0x674 0x800 4.05 47e62302a0b7246c41a6a72da0daadff
.data 0x9000 0x33dc9 0x22a00 7.94 6a5ad95853c7a538cb65fded85245243
.rsrc 0x3d000 0x6436 0x6600 6.28 a949bf4f5442f202b47afa5877c6afae
.reloc 0x44000 0x8a 0x200 2.01 948c3ecb170e4a8e50568bfe3c55bde3

( 3 imports )
> KERNEL32.DLL: TerminateProcess, GetOEMCP, MapViewOfFile, GetStartupInfoA, LCMapStringA, GetModuleHandleA, lstrcmpW, GetACP, GetSystemTimeAsFileTime, MoveFileA, GetDriveTypeA, DisableThreadLibraryCalls, HeapAlloc, GetFullPathNameW, LocalFree, CreateFileA, FindNextFileA, LoadResource, VirtualProtect, EnumSystemLocalesA, VirtualQuery, SetThreadLocale, InterlockedExchange, GetModuleFileNameW, GetConsoleOutputCP, ExitProcess, SetLastError, SetUnhandledExceptionFilter, SetEvent, CreateThread, FreeEnvironmentStringsA, GetCurrentProcessId, Sleep, BeginUpdateResourceW, GetVersionExA, GetCommandLineA, WriteFile, SetConsoleCP, SetStdHandle, HeapCreate, VirtualAlloc, lstrcmpA, CopyFileW, InterlockedDecrement
> USER32.DLL: LoadCursorA, CharNextW, CallNextHookEx, PeekMessageA, BeginPaint, GetSubMenu, GetForegroundWindow, LoadCursorW, wsprintfA
> MSVCRT.DLL: ___U@YAPAXI@Z, _cexit, __CxxFrameHandler, _CxxThrowException, __0exception@@QAE@XZ, _initterm, __dllonexit, _lock

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Unknown Corporation
copyright....: (c) Unknown Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Unknown SC
original name: Unknown
internal name: Unknown.exe
file version.: 3.1.7.152
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=45163E8A70B73FF00EFB039EC 1B375007BD7FA9B' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=45163E8A70B73FF00EFB039EC 1B375007BD7FA9B</a>

http://www.virustotal.com/ru/analisi...62a-1253325617



Файл ms_powerpoint_png.jpg получен 2009.09.19 18:32:24 (UTC)
Текущий статус: закончено
Результат: 24/41 (58.54%)

a-squared 4.5.0.24 2009.09.19 Gen.Trojan!IK
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.19 W32/Heuristic-210!Eldorado
Avast 4.8.1351.0 2009.09.18 Win32:Trojan-gen {Other}
AVG 8.5.0.412 2009.09.19 SHeur2.BCOU
BitDefender 7.2 2009.09.19 Gen:Trojan.Heur.PT.dqWabi3y3Yk
CAT-QuickHeal 10.00 2009.09.19 Trojan.Agent.ATV
ClamAV 0.94.1 2009.09.19 -
Comodo 2371 2009.09.19 TrojWare.Win32.PSW.Agent.nwg
DrWeb 5.0.0.12182 2009.09.19 -
eSafe 7.0.17.0 2009.09.17 Suspicious File
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.19 W32/Heuristic-210!Eldorado
F-Secure 8.0.14470.0 2009.09.18 Trojan-PSW.Win32.Agent.nwg
Fortinet 3.120.0.0 2009.09.19 -
GData 19 2009.09.19 Gen:Trojan.Heur.PT.dqWabi3y3Yk
Ikarus T3.1.1.72.0 2009.09.19 Gen.Trojan
Jiangmin 11.0.800 2009.09.19 -
K7AntiVirus 7.10.849 2009.09.19 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.09.19 Trojan-PSW.Win32.Agent.nwg
McAfee 5746 2009.09.19 Generic.dx!fdp
McAfee+Artemis 5746 2009.09.19 Generic.dx!fdp
McAfee-GW-Edition 6.8.5 2009.09.18 Heuristic.LooksLike.Win32.Suspicious.A!89
Microsoft 1.5005 2009.09.19 PWS:Win32/Sapbexts.A
NOD32 4441 2009.09.19 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.19 -
Panda 10.0.2.2 2009.09.19 Trj/CI.A
PCTools 4.4.2.0 2009.09.19 -
Prevx 3.0 2009.09.19 Medium Risk Malware
Rising 21.47.52.00 2009.09.19 Packer.Win32.UnkPacker.d
Sophos 4.45.0 2009.09.19 Mal/Behav-116
Sunbelt 3.2.1858.2 2009.09.19 -
Symantec 1.4.4.12 2009.09.19 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.18 PAK_Generic.001
VBA32 3.12.10.10 2009.09.18 -
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.19 -

Дополнительная информация
File size: 60798 bytes
MD5...: 45fb9f8733b3f0b26d38195b2c5ae54e
SHA1..: 7371eecafbaeefd0dc5f4dd5737f745586133f59
SHA256: 51eda4521b3ee9d6917832e4e04a4f58891867b8f7b0ade617 25fd124ba40f82
ssdeep: 1536:j4XzoOMJuMzHuME2D5R7JW/69wREdR7joR4:s3MjuME2FR7JuaeR4
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x15288
timedatestamp.....: 0x4aa7b104 (Wed Sep 09 13:43:32 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0xc7bc 0x8000 7.60 5bd95121239885613ca7790f80fae2c6
0xe000 0x41a8 0x2000 7.98 8195b2ab5878462b8b5ce34331a3b603
0x13000 0x1740 0x1000 7.24 5a5b0537443dc1b2b85b6f0f5a4fc9d9
.UPX 0x15000 0xd000 0x2d7e 7.96 faec9a63524945f25a0c41c67d8bbc79

( 1 imports )
> Kernel32.dll: LoadLibraryA, GetProcAddress

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 EXE Yoda's Crypter (56.9%)
Win32 Executable Generic (18.2%)
Win32 Dynamic Link Library (generic) (16.2%)
Generic Win/DOS Executable (4.2%)
DOS Executable Generic (4.2%)
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=45fb9f8733b3f0b26d38195b2c5ae54e' target='_blank'>http://www.threatexpert.com/report.aspx?md5=45fb9f8733b3f0b26d38195b2c5ae54e</a>
packers (F-Prot): YodaProt
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C3C55D117EE4FC2DED180048A C2C4700B3544303' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=C3C55D117EE4FC2DED180048A C2C4700B3544303</a>
packers (Authentium): YodaProt
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://www.virustotal.com/ru/analisi...f82-1253385144

[ZhIV]

File bsersysguard.exe received on 2009.09.21 03:49:31 (UTC)

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.21 Trojan.Win32.VB!IK
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 TR/VB.vrd
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.20 -
Avast 4.8.1351.0 2009.09.20 Win32:Trojan-gen {Other}
AVG 8.5.0.412 2009.09.20 -
BitDefender 7.2 2009.09.21 -
CAT-QuickHeal 10.00 2009.09.19 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.21 -
Comodo 2386 2009.09.21 -
DrWeb 5.0.0.12182 2009.09.21 Trojan.Fakealert.4943
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.20 -
F-Secure 8.0.14470.0 2009.09.21 Trojan.Win32.VB.vrd
Fortinet 3.120.0.0 2009.09.21 W32/VB.VRD!tr
GData 19 2009.09.21 Win32:Trojan-gen {Other}
Ikarus T3.1.1.72.0 2009.09.21 Trojan.Win32.VB
Jiangmin 11.0.800 2009.09.20 -
K7AntiVirus 7.10.849 2009.09.19 Trojan.Win32.VB.vrd
Kaspersky 7.0.0.125 2009.09.21 Trojan.Win32.VB.vrd
McAfee 5747 2009.09.20 -
McAfee+Artemis 5747 2009.09.20 Artemis!C11856D9D1D1
McAfee-GW-Edition 6.8.5 2009.09.20 Heuristic.LooksLike.Worm.C
Microsoft 1.5005 2009.09.21 -
NOD32 4441 2009.09.19 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.20 -
Panda 10.0.2.2 2009.09.20 Trj/CI.A
PCTools 4.4.2.0 2009.09.20 -
Prevx 3.0 2009.09.21 -
Rising 21.48.00.00 2009.09.21 -
Sophos 4.45.0 2009.09.21 -
Sunbelt 3.2.1858.2 2009.09.20 -
Symantec 1.4.4.12 2009.09.21 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.20 -
VBA32 3.12.10.10 2009.09.20 -
ViRobot 2009.9.21.1944 2009.09.21 -
VirusBuster 4.6.5.0 2009.09.20 -

Additional information
File size: 272896 bytes
MD5...: c11856d9d1d199c94511a67a2ecf4b89
SHA1..: 6046cdc98a5e62592afe1da8f6f8d53ddb8c878b
SHA256: 634ee8ca209a184bcd59cb19bdd5133e2414c2fd6c1107c312 a781381cf8b566
ssdeep: 3072:YxlohsWvgZfsTdrH1sXoJVvCzigVQgtmZkkTGAdyERp6c ZNGHyUt3+lIRBk<BR>zx2Ce:YPkUmVqzLftmZkAXj6+eU8Bk7B +yhH0<BR>
PEiD..: -

[senyak]

Файл abflxy.pdf получен 2009.09.22 15:42:30 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.22 -
AhnLab-V3 5.0.0.2 2009.09.22 -
AntiVir 7.9.1.23 2009.09.22 -
Antiy-AVL 2.0.3.7 2009.09.22 -
Authentium 5.1.2.4 2009.09.21 -
Avast 4.8.1351.0 2009.09.21 JS:Pdfka-QK
AVG 8.5.0.412 2009.09.22 -
BitDefender 7.2 2009.09.22 -
CAT-QuickHeal 10.00 2009.09.22 -
ClamAV 0.94.1 2009.09.22 -
Comodo 2403 2009.09.22 -
DrWeb 5.0.0.12182 2009.09.22 -
eSafe 7.0.17.0 2009.09.22 -
eTrust-Vet 31.6.6753 2009.09.22 -
F-Prot 4.5.1.85 2009.09.21 -
F-Secure 8.0.14470.0 2009.09.22 Exploit.JS.Pdfka.aar
Fortinet 3.120.0.0 2009.09.22 -
GData 19 2009.09.22 JS:Pdfka-QK
Ikarus T3.1.1.72.0 2009.09.22 -
Jiangmin 11.0.800 2009.09.22 -
K7AntiVirus 7.10.851 2009.09.22 -
Kaspersky 7.0.0.125 2009.09.22 Exploit.JS.Pdfka.aar
McAfee 5749 2009.09.22 -
McAfee+Artemis 5748 2009.09.21 -
McAfee-GW-Edition 6.8.5 2009.09.22 -
Microsoft 1.5005 2009.09.22 -
NOD32 4447 2009.09.22 -
Norman 6.01.09 2009.09.22 -
nProtect 2009.1.8.0 2009.09.22 -
Panda 10.0.2.2 2009.09.22 -
PCTools 4.4.2.0 2009.09.22 -
Prevx 3.0 2009.09.22 -
Rising 21.48.14.00 2009.09.22 -
Sophos 4.45.0 2009.09.22 -
Sunbelt 3.2.1858.2 2009.09.22 Exploit.PDF-JS.Gen (v)
Symantec 1.4.4.12 2009.09.22 -
TheHacker 6.5.0.2.014 2009.09.21 -
TrendMicro 8.950.0.1094 2009.09.22 -
VBA32 3.12.10.10 2009.09.21 -
ViRobot 2009.9.22.1948 2009.09.22 -
VirusBuster 4.6.5.0 2009.09.22 -

Дополнительная информация
File size: 15720 bytes
MD5...: f5a18cfad974b050a986c4f8fc009efa
SHA1..: 9d5cbe6b9ccaac36d5148ae3bf4fdf550987f084
SHA256: b0f6cd5ea1cdb9fbdb335b2448c0347e07d2ffcf0d1779af56 a6d466b41f4123
ssdeep: 384:4eH18/e/nhU7yL2x16w80vvbaPvDs4GS7CVoL7puJy7i/NRSE7at8YilWv:4
e9L0b8+vww43mVoMQiFsb
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...123-1253634150

[senyak]

Файл foto35.scr получен 2009.09.23 14:20:40 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.23 -
AhnLab-V3 5.0.0.2 2009.09.23 -
AntiVir 7.9.1.23 2009.09.23 -
Antiy-AVL 2.0.3.7 2009.09.23 -
Authentium 5.1.2.4 2009.09.23 -
Avast 4.8.1351.0 2009.09.21 -
AVG 8.5.0.412 2009.09.23 -
BitDefender 7.2 2009.09.23 Trojan.FakeAntivirus.Gen
CAT-QuickHeal 10.00 2009.09.23 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.23 -
Comodo 2414 2009.09.23 -
DrWeb 5.0.0.12182 2009.09.23 -
eSafe 7.0.17.0 2009.09.23 Suspicious File
eTrust-Vet 31.6.6756 2009.09.23 -
F-Prot 4.5.1.85 2009.09.23 -
F-Secure 8.0.14470.0 2009.09.23 -
Fortinet 3.120.0.0 2009.09.23 -
GData 19 2009.09.23 Trojan.FakeAntivirus.Gen
Ikarus T3.1.1.72.0 2009.09.23 -
Jiangmin 11.0.800 2009.09.23 -
K7AntiVirus 7.10.852 2009.09.23 -
Kaspersky 7.0.0.125 2009.09.23 -
McAfee 5749 2009.09.22 -
McAfee+Artemis 5749 2009.09.22 -
McAfee-GW-Edition 6.8.5 2009.09.23 Heuristic.LooksLike.Win32.Suspicious.H!89
Microsoft 1.5005 2009.09.23 -
NOD32 4450 2009.09.23 -
Norman 6.01.09 2009.09.23 -
nProtect 2009.1.8.0 2009.09.23 -
Panda 10.0.2.2 2009.09.23 -
PCTools 4.4.2.0 2009.09.23 -
Prevx 3.0 2009.09.23 -
Rising 21.48.24.00 2009.09.23 -
Sophos 4.45.0 2009.09.23 -
Sunbelt 3.2.1858.2 2009.09.23 -
Symantec 1.4.4.12 2009.09.23 -
TheHacker 6.5.0.2.015 2009.09.22 -
TrendMicro 8.950.0.1094 2009.09.23 -
VBA32 3.12.10.10 2009.09.23 -
ViRobot 2009.9.23.1950 2009.09.23 -
VirusBuster 4.6.5.0 2009.09.23 -

Дополнительная информация
File size: 151040 bytes
MD5...: bcf940dfa991f737fe2414029a88a334
SHA1..: f3113c927560e1c83abaf921c2470a58c05421bc
SHA256: be7013ba7aeb4816fb20194a5db3ae6a4a2675df5273015902 990e944dd90f06
ssdeep: 1536:yZxDKrEp0179py+in9mnvOt+S44KdKqdIuH9Otxz+yjEL 8LdI/+7tJEE3V1
Ji5YD:yHuwpyDi9mKRqdZH9oU8CGtKKngYny
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...f06-1253715640

[Ingener]

Файл getexe.exe получен 2009.09.23 19:56:23 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)

a-squared 4.5.0.24 2009.09.23 Trojan.Win32.Tibs!IK
AhnLab-V3 5.0.0.2 2009.09.23 -
AntiVir 7.9.1.23 2009.09.23 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.23 -
Authentium 5.1.2.4 2009.09.23 -
Avast 4.8.1351.0 2009.09.23 -
AVG 8.5.0.412 2009.09.23 -
BitDefender 7.2 2009.09.23 Application.Generic.218490
CAT-QuickHeal 10.00 2009.09.23 -
ClamAV 0.94.1 2009.09.23 -
Comodo 2416 2009.09.23 -
DrWeb 5.0.0.12182 2009.09.23 Trojan.DownLoad.47417
eSafe 7.0.17.0 2009.09.23 -
eTrust-Vet 31.6.6757 2009.09.23 -
F-Prot 4.5.1.85 2009.09.23 -
F-Secure 8.0.14470.0 2009.09.23 -
Fortinet 3.120.0.0 2009.09.23 -
GData 19 2009.09.23 Application.Generic.218490
Ikarus T3.1.1.72.0 2009.09.23 Trojan.Win32.Tibs
Jiangmin 11.0.800 2009.09.23 -
K7AntiVirus 7.10.852 2009.09.23 -
Kaspersky 7.0.0.125 2009.09.23 -
McAfee 5750 2009.09.23 -
McAfee+Artemis 5750 2009.09.23 Artemis!DF2CF3C5209B
McAfee-GW-Edition 6.8.5 2009.09.23 Trojan.Crypt.ZPACK.Gen
Microsoft 1.5005 2009.09.23 Trojan:Win32/Tibs.IT
NOD32 4451 2009.09.23 -
Norman 6.01.09 2009.09.23 W32/Smalltroj.SFZS
nProtect 2009.1.8.0 2009.09.23 -
Panda 10.0.2.2 2009.09.23 Generic Trojan
PCTools 4.4.2.0 2009.09.23 -
Prevx 3.0 2009.09.23 Medium Risk Malware
Rising 21.48.24.00 2009.09.23 Trojan.DL.Win32.Nodef.ago
Sophos 4.45.0 2009.09.23 -
Sunbelt 3.2.1858.2 2009.09.23 -
Symantec 1.4.4.12 2009.09.23 -
TheHacker 6.5.0.2.015 2009.09.22 -
TrendMicro 8.950.0.1094 2009.09.23 -
VBA32 3.12.10.10 2009.09.23 Heur.Malware-Cryptor.MTA.10
ViRobot 2009.9.23.1950 2009.09.23 -
VirusBuster 4.6.5.0 2009.09.23 -

Дополнительная информация
File size: 23552 bytes
MD5...: df2cf3c5209b76dce33596331a96026a
SHA1..: e75382f0b32323f2b795bbe00d4dfadc4e90f4f5
SHA256: 8a1218da6bdb03427a9bf48a8f8015b47e1ce0ea7564c36094 53a0f712a68811
ssdeep: 384:vxGLu/EO5NCpN71uFbPcY3w/SX/oW+141irfionWzJ7ZYZXhKH60MkougbJf
:JtXU7x/SX/oD1Nmg8J7ZYrvldu8N
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x21e5
timedatestamp.....: 0x4aafc40e (Tue Sep 15 16:42:54 2009)
machinetype.......: 0x14c (I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4790 0x4800 6.53 3848902087579fc1478896509ae71176
.data 0x6000 0x1000 0x1000 5.67 537fcaf76706f116033f433191ec2385

( 1 imports )
> KERNEL32.DLL: GetFileSize, CloseHandle, AddAtomA, DeleteFileW, EndUpdateResourceW, VirtualProtect, ExitProcess, GetDiskFreeSpaceW, GetAtomNameW, GetDateFormatW, GetModuleHandleW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B1D25CB800B2B5705CEF0087B 933C800096EBB2D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B1D25CB800B2B5705CEF0087B 933C800096EBB2D</a>
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=df2cf3c5209b76dce33596331a96026a' target='_blank'>http://www.threatexpert.com/report.aspx?md5=df2cf3c5209b76dce33596331a96026a</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

http://www.virustotal.com/ru/analisi...811-1253735783



Файл manual.swf получен 2009.09.23 20:24:15 (UTC)
Текущий статус: закончено
Результат: 13/41 (31.71%)

a-squared 4.5.0.24 2009.09.23 -
AhnLab-V3 5.0.0.2 2009.09.23 -
AntiVir 7.9.1.23 2009.09.23 HTML/Malicious.Flash.Gen
Antiy-AVL 2.0.3.7 2009.09.23 -
Authentium 5.1.2.4 2009.09.23 SWF/MultiExploit.A!Camelot
Avast 4.8.1351.0 2009.09.23 SWFownloader-E
AVG 8.5.0.412 2009.09.23 -
BitDefender 7.2 2009.09.23 Exploit.SWF.Shellcode.Gen
CAT-QuickHeal 10.00 2009.09.23 -
ClamAV 0.94.1 2009.09.23 -
Comodo 2417 2009.09.23 -
DrWeb 5.0.0.12182 2009.09.23 Exploit.SWF.116
eSafe 7.0.17.0 2009.09.23 -
eTrust-Vet 31.6.6757 2009.09.23 -
F-Prot 4.5.1.85 2009.09.23 -
F-Secure 8.0.14470.0 2009.09.23 Exploit.SWF.Agent.au
Fortinet 3.120.0.0 2009.09.23 -
GData 19 2009.09.23 Exploit.SWF.Shellcode.Gen
Ikarus T3.1.1.72.0 2009.09.23 -
Jiangmin 11.0.800 2009.09.23 -
K7AntiVirus 7.10.852 2009.09.23 -
Kaspersky 7.0.0.125 2009.09.23 Exploit.SWF.Agent.au
McAfee 5750 2009.09.23 -
McAfee+Artemis 5750 2009.09.23 -
McAfee-GW-Edition 6.8.5 2009.09.23 Script.Malicious.Flash.Gen
Microsoft 1.5005 2009.09.23 TrojanDownloader:Win32/Swif.M
NOD32 4451 2009.09.23 -
Norman 6.01.09 2009.09.23 -
nProtect 2009.1.8.0 2009.09.23 Exploit.SWF.Gen
Panda 10.0.2.2 2009.09.23 -
PCTools 4.4.2.0 2009.09.23 -
Prevx 3.0 2009.09.23 -
Rising 21.48.24.00 2009.09.23 -
Sophos 4.45.0 2009.09.23 Troj/SwfDldr-H
Sunbelt 3.2.1858.2 2009.09.23 -
Symantec 1.4.4.12 2009.09.23 Bloodhound.Exploit.193
TheHacker 6.5.0.2.015 2009.09.22 -
TrendMicro 8.950.0.1094 2009.09.23 -
VBA32 3.12.10.10 2009.09.23 -
ViRobot 2009.9.23.1950 2009.09.23 -
VirusBuster 4.6.5.0 2009.09.23 -

Дополнительная информация
File size: 10722 bytes
MD5...: 1ab0ec2298af8fe7d912119cd7cf5d2e
SHA1..: 921501ff470f7f984d2de4279d1fa19dcf171691
SHA256: 2671eb3a1f9ee04168d1b3d5e00fbe206fb2656395a068e8a4 e1269e91af8b1d
ssdeep: 192:mtPUT+KKIRPr4SI4W0GdMec+4TCCFUSOustDMS2EYZvgCc 9pCYGl6/ST5:Kq
NBxI4W0oomwOdI4i4CcvCYf/c5
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Macromedia Flash Player Compressed Movie (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): Swf2Swc

http://www.virustotal.com/ru/analisi...b1d-1253737455



Файл default получен 2009.09.23 20:32:22 (UTC)
Текущий статус: закончено
Результат: 3/41 (7.32%)

a-squared 4.5.0.24 2009.09.23 -
AhnLab-V3 5.0.0.2 2009.09.23 -
AntiVir 7.9.1.23 2009.09.23 -
Antiy-AVL 2.0.3.7 2009.09.23 -
Authentium 5.1.2.4 2009.09.23 -
Avast 4.8.1351.0 2009.09.23 -
AVG 8.5.0.412 2009.09.23 -
BitDefender 7.2 2009.09.23 -
CAT-QuickHeal 10.00 2009.09.23 -
ClamAV 0.94.1 2009.09.23 -
Comodo 2417 2009.09.23 -
DrWeb 5.0.0.12182 2009.09.23 -
eSafe 7.0.17.0 2009.09.23 -
eTrust-Vet 31.6.6757 2009.09.23 -
F-Prot 4.5.1.85 2009.09.23 -
F-Secure 8.0.14470.0 2009.09.23 Trojan-Downloader.JS.LuckySploit.q
Fortinet 3.120.0.0 2009.09.23 -
GData 19 2009.09.23 -
Ikarus T3.1.1.72.0 2009.09.23 -
Jiangmin 11.0.800 2009.09.23 -
K7AntiVirus 7.10.852 2009.09.23 -
Kaspersky 7.0.0.125 2009.09.23 Trojan-Downloader.JS.LuckySploit.q
McAfee 5750 2009.09.23 -
McAfee+Artemis 5750 2009.09.23 -
McAfee-GW-Edition 6.8.5 2009.09.23 -
Microsoft 1.5005 2009.09.23 -
NOD32 4451 2009.09.23 -
Norman 6.01.09 2009.09.23 -
nProtect 2009.1.8.0 2009.09.23 -
Panda 10.0.2.2 2009.09.23 -
PCTools 4.4.2.0 2009.09.23 -
Prevx 3.0 2009.09.23 -
Rising 21.48.24.00 2009.09.23 -
Sophos 4.45.0 2009.09.23 Mal/ObfJS-BX
Sunbelt 3.2.1858.2 2009.09.23 -
Symantec 1.4.4.12 2009.09.23 -
TheHacker 6.5.0.2.015 2009.09.22 -
TrendMicro 8.950.0.1094 2009.09.23 -
VBA32 3.12.10.10 2009.09.23 -
ViRobot 2009.9.23.1950 2009.09.23 -
VirusBuster 4.6.5.0 2009.09.23 -

Дополнительная информация
File size: 9959 bytes
MD5 : d58ae9e6fb9d7b70babe828b1423d342
SHA1 : 8675dc340057d442a7274c20305c68e5bf586245
SHA256: afaa2967abc1fabc8ccaba68f44455523bea53a2246a118cfa b6197380283323
TrID : File type identification
file seems to be plain text/ASCII (0.0%)
ssdeep: 192:wnLTBnnZYazLIt+gei+IPnLXphB9jE8ow5X301Qq9lArA0 u:GvBnn3zckg1+o19xosXE1T9lV5
PEiD : -
RDS : NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...323-1253737942

[senyak]

Файл pdf.pdf получен 2009.09.23 17:15:30 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.51%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.23 -
AhnLab-V3 5.0.0.2 2009.09.23 PDF/Exploit
AntiVir 7.9.1.23 2009.09.23 -
Antiy-AVL 2.0.3.7 2009.09.23 -
Authentium 5.1.2.4 2009.09.23 -
Avast 4.8.1351.0 2009.09.21 JS:Pdfka-QK
AVG 8.5.0.412 2009.09.23 -
BitDefender 7.2 2009.09.23 Exploit.PDF-JS.Gen
CAT-QuickHeal 10.00 2009.09.23 -
ClamAV 0.94.1 2009.09.23 -
Comodo 2415 2009.09.23 -
DrWeb 5.0.0.12182 2009.09.23 -
eSafe 7.0.17.0 2009.09.23 -
eTrust-Vet 31.6.6756 2009.09.23 -
F-Prot 4.5.1.85 2009.09.23 -
F-Secure 8.0.14470.0 2009.09.23 Exploit.Win32.Pidief.bpw
Fortinet 3.120.0.0 2009.09.23 -
GData 19 2009.09.23 Exploit.PDF-JS.Gen
Ikarus T3.1.1.72.0 2009.09.23 -
Jiangmin 11.0.800 2009.09.23 -
K7AntiVirus 7.10.852 2009.09.23 -
Kaspersky 7.0.0.125 2009.09.23 Exploit.Win32.Pidief.bpw
McAfee 5750 2009.09.23 -
McAfee+Artemis 5750 2009.09.23 -
McAfee-GW-Edition 6.8.5 2009.09.23 Exploit.PDF.Recursedecrypt.gen
Microsoft 1.5005 2009.09.23 -
NOD32 4451 2009.09.23 -
Norman 6.01.09 2009.09.23 -
nProtect 2009.1.8.0 2009.09.23 -
Panda 10.0.2.2 2009.09.23 -
PCTools 4.4.2.0 2009.09.23 -
Prevx 3.0 2009.09.23 -
Rising 21.48.24.00 2009.09.23 -
Sophos 4.45.0 2009.09.23 -
Sunbelt 3.2.1858.2 2009.09.23 Exploit.PDF-JS.Gen (v)
Symantec 1.4.4.12 2009.09.23 -
TheHacker 6.5.0.2.015 2009.09.22 -
TrendMicro 8.950.0.1094 2009.09.23 -
VBA32 3.12.10.10 2009.09.23 -
ViRobot 2009.9.23.1950 2009.09.23 -
VirusBuster 4.6.5.0 2009.09.23 -

Дополнительная информация
File size: 8078 bytes
MD5 : d20f1e05864e0653f083f313be161726
SHA1 : d52222405e91c04c9b8831cdf189e5645f18cc28
SHA256: 76739e8c0de9b39aa97bff7c1e333a91fd892dd24f6966fde4 31658d6bcc2f49
TrID : File type identification
Adobe Portable Document Format (100.0%)
ssdeep: 192:f+1ROqrurXr+wIOJ4pvq/XkDqQ7e7Vd+sMQIfbThY0LP0wv43l0lgY85:W1ROqrsXr+wIOJ t/UDv7oXdWThY0z0rf

http://www.virustotal.com/ru/analisi...f49-1253726130





Файл Install.exe получен 2009.09.23 17:15:47 (UTC)
Текущий статус: закончено
Результат: 17/40 (42.50%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.23 Trojan-Downloader.Win32.FakeRean!IK
AhnLab-V3 5.0.0.2 2009.09.23 -
AntiVir 7.9.1.23 2009.09.23 TR/Dldr.FakeRean.20
Antiy-AVL 2.0.3.7 2009.09.23 -
Authentium 5.1.2.4 2009.09.23 -
Avast 4.8.1351.0 2009.09.21 -
AVG 8.5.0.412 2009.09.23 -
BitDefender 7.2 2009.09.23 Trojan.Generic.CJ.YEQ
CAT-QuickHeal 10.00 2009.09.23 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.23 -
Comodo 2415 2009.09.23 -
DrWeb 5.0.0.12182 2009.09.23 Trojan.Fakealert.5089
eSafe 7.0.17.0 2009.09.23 Suspicious File
eTrust-Vet 31.6.6756 2009.09.23 -
F-Prot 4.5.1.85 2009.09.23 W32/FakeAlert.CW.gen!Eldorado
F-Secure 8.0.14470.0 2009.09.23 Trojan.Win32.FraudPack.udx
Fortinet 3.120.0.0 2009.09.23 -
GData 19 2009.09.23 Trojan.Generic.CJ.YEQ
Ikarus T3.1.1.72.0 2009.09.23 Trojan-Downloader.Win32.FakeRean
Jiangmin 11.0.800 2009.09.23 -
K7AntiVirus 7.10.852 2009.09.23 -
Kaspersky 7.0.0.125 2009.09.23 Trojan.Win32.FraudPack.udx
McAfee 5750 2009.09.23 -
McAfee+Artemis 5750 2009.09.23 Suspect-29!44271D7CA275
McAfee-GW-Edition 6.8.5 2009.09.23 Trojan.Dldr.FakeRean.20
Microsoft 1.5005 2009.09.23 TrojanDownloader:Win32/FakeRean
NOD32 4451 2009.09.23 Win32/Adware.XPAntiSpyware.AA
Norman 6.01.09 2009.09.23 -
nProtect 2009.1.8.0 2009.09.23 -
Panda 10.0.2.2 2009.09.23 Suspicious file
PCTools 4.4.2.0 2009.09.23 -
Rising 21.48.24.00 2009.09.23 -
Sophos 4.45.0 2009.09.23 Mal/EncPk-IF
Sunbelt 3.2.1858.2 2009.09.23 -
Symantec 1.4.4.12 2009.09.23 -
TheHacker 6.5.0.2.015 2009.09.22 -
TrendMicro 8.950.0.1094 2009.09.23 -
VBA32 3.12.10.10 2009.09.23 -
ViRobot 2009.9.23.1950 2009.09.23 -
VirusBuster 4.6.5.0 2009.09.23 -

Дополнительная информация
File size: 159856 bytes
MD5 : 44271d7ca275f464420a071a69cef1fc
SHA1 : 0cfe8ebf6003648d706a9ac1cf385fef7cc97898
SHA256: 18f632a27934f2840f22b414dde814a309c3feb9a18bafdb88 136218bb62e875
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7CE7
timedatestamp.....: 0x44D93E06 (Wed Aug 9 03:44:38 2006)
machinetype.......: 0x14C (Intel I386)

http://www.virustotal.com/ru/analisi...875-1253726147

[senyak]

Файл DemO.rar получен 2009.09.25 08:27:57 (UTC)
Текущий статус: закончено
Результат: 16/41 (39.03%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.25 -
AhnLab-V3 5.0.0.2 2009.09.24 -
AntiVir 7.9.1.25 2009.09.24 TR/Spy.47274
Antiy-AVL 2.0.3.7 2009.09.25 Trojan/VBS.AntiAV
Authentium 5.1.2.4 2009.09.25 -
Avast 4.8.1351.0 2009.09.24 -
AVG 8.5.0.412 2009.09.24 -
BitDefender 7.2 2009.09.25 Gen:Trojan.Heur.cmHfrzDajqocA
CAT-QuickHeal 10.00 2009.09.25 -
ClamAV 0.94.1 2009.09.25 -
Comodo 2429 2009.09.25 -
DrWeb 5.0.0.12182 2009.09.25 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6760 2009.09.25 -
F-Prot 4.5.1.85 2009.09.24 -
F-Secure 8.0.14470.0 2009.09.25 Trojan.VBS.AntiAV.b
Fortinet 3.120.0.0 2009.09.25 -
GData 19 2009.09.25 Gen:Trojan.Heur.cmHfrzDajqocA
Ikarus T3.1.1.72.0 2009.09.25 Trojan-Spy.Win32.KeyLogger
Jiangmin 11.0.800 2009.09.25 -
K7AntiVirus 7.10.853 2009.09.24 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.09.25 Trojan.VBS.AntiAV.b
McAfee 5751 2009.09.24 -
McAfee+Artemis 5751 2009.09.24 Artemis!FFCC46B35EAC
McAfee-GW-Edition 6.8.5 2009.09.25 Trojan.Spy.47274
Microsoft 1.5005 2009.09.23 -
NOD32 4455 2009.09.24 -
Norman 6.01.09 2009.09.24 Malware.ITLS
nProtect 2009.1.8.0 2009.09.25 -
Panda 10.0.2.2 2009.09.24 Suspicious file
PCTools 4.4.2.0 2009.09.24 -
Prevx 3.0 2009.09.25 -
Rising 21.48.41.00 2009.09.25 -
Sophos 4.45.0 2009.09.25 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.09.24 -
Symantec 1.4.4.12 2009.09.25 Infostealer
TheHacker 6.5.0.2.017 2009.09.24 Trojan/Dropper.Agent.bayl
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.25.1953 2009.09.25 -
VirusBuster 4.6.5.0 2009.09.24 -

Дополнительная информация
File size: 157651 bytes
MD5...: 14c1fb3e623bb18c14fcfd616e3eeb3b
SHA1..: edf90e6a7b3b6ba28a79735a3e7203ed4cd22f92
SHA256: 21587e4fb74e285979f8a3c831ca53a136d58ea17ce482ee10 081e706889d543
ssdeep: 3072:6yeG0KdbEcioh5yeG0KdbEcioh9SASocDWc5hAL:6yIKd bEcJTyIKdbEcJh
wA1gWc5hAL
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set

http://www.virustotal.com/ru/analisi...543-1253867277

[senyak]

Файл setup.exe получен 2009.09.26 09:42:37 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.63%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.26 Trojan.Win32.FakeSmoke!IK
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.25 -
Authentium 5.1.2.4 2009.09.25 -
Avast 4.8.1351.0 2009.09.26 -
AVG 8.5.0.412 2009.09.26 -
BitDefender 7.2 2009.09.26 -
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.26 -
Comodo 2442 2009.09.26 -
DrWeb 5.0.0.12182 2009.09.26 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6761 2009.09.25 -
F-Prot 4.5.1.85 2009.09.25 -
F-Secure 8.0.14470.0 2009.09.26 Trojan-Downloader.Win32.Genome.rnv
Fortinet 3.120.0.0 2009.09.26 -
GData 19 2009.09.26 -
Ikarus T3.1.1.72.0 2009.09.26 Trojan.Win32.FakeSmoke
Jiangmin 11.0.800 2009.09.26 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.26 Trojan-Downloader.Win32.Genome.rnv
McAfee 5752 2009.09.25 -
McAfee+Artemis 5752 2009.09.25 Artemis!4DD25C70AB09
McAfee-GW-Edition 6.8.5 2009.09.26 -
Microsoft 1.5005 2009.09.23 -
NOD32 4458 2009.09.25 -
Norman 6.01.09 2009.09.25 -
nProtect 2009.1.8.0 2009.09.26 -
Panda 10.0.2.2 2009.09.25 -
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.26 -
Rising 21.48.52.00 2009.09.26 -
Sophos 4.45.0 2009.09.26 -
Sunbelt 3.2.1858.2 2009.09.26 -
Symantec 1.4.4.12 2009.09.26 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.25 -

Дополнительная информация
File size: 61815 bytes
MD5 : 4dd25c70ab098e13c24673a224c26a63
SHA1 : d815c88216a77e7e3f8c3116c8254acc0a4db78c
SHA256: 3c4cf20300efbbbae724ad3644432488f949f5756f6fff2141 2917ffe790b2c6
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...2c6-1253958157

Добавлено через 6 часов 42 минуты

Файл foto17.scr получен 2009.09.26 16:14:09 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.26 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.25 -
Authentium 5.1.2.4 2009.09.25 -
Avast 4.8.1351.0 2009.09.26 -
AVG 8.5.0.412 2009.09.26 -
BitDefender 7.2 2009.09.26 -
CAT-QuickHeal 10.00 2009.09.26 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.26 -
Comodo 2446 2009.09.26 -
DrWeb 5.0.0.12182 2009.09.26 Trojan.Winlock.252
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6761 2009.09.25 -
F-Prot 4.5.1.85 2009.09.25 -
F-Secure 8.0.14470.0 2009.09.26 -
Fortinet 3.120.0.0 2009.09.26 -
GData 19 2009.09.26 -
Ikarus T3.1.1.72.0 2009.09.26 -
Jiangmin 11.0.800 2009.09.26 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.26 Trojan-Dropper.Win32.Smser.ed
McAfee 5753 2009.09.26 -
McAfee+Artemis 5753 2009.09.26 -
McAfee-GW-Edition 6.8.5 2009.09.26 Heuristic.LooksLike.Win32.Suspicious.H!89
Microsoft 1.5005 2009.09.23 -
NOD32 4459 2009.09.26 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.26 -
Panda 10.0.2.2 2009.09.26 -
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.26 -
Rising 21.48.52.00 2009.09.26 -
Sophos 4.45.0 2009.09.26 -
Sunbelt 3.2.1858.2 2009.09.26 -
Symantec 1.4.4.12 2009.09.26 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.26 -

Дополнительная информация
File size: 151040 bytes
MD5...: e451a27c1a2ac70911cc45436c6fe42a
SHA1..: 5bb491db1d945cfe5060559dd107c1f0351d78b2
SHA256: 7e5bfc3e356c1daccb36242511bdcb1235200a49554b68141b 9ea03cd9cdce95
ssdeep: 3072nHLBRkgXetgOF22/kw/WwrQNaRp78CmdkKov8dPyTqhFnHLBRkrtgrw/
rQkRXjjUd6e
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e95-1253981649

[Winsent]

Файл foto35.scr получен 2009.09.26 18:09:36 (UTC)

Антивирус Версия Обновление Результат

a-squared 4.5.0.24 2009.09.26 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.25 -
Authentium 5.1.2.4 2009.09.25 -
Avast 4.8.1351.0 2009.09.26 -
AVG 8.5.0.412 2009.09.26 -
BitDefender 7.2 2009.09.26 -
CAT-QuickHeal 10.00 2009.09.26 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.26 -
Comodo 2446 2009.09.26 -
DrWeb 5.0.0.12182 2009.09.26 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6761 2009.09.25 -
F-Prot 4.5.1.85 2009.09.25 -
F-Secure 8.0.14470.0 2009.09.26 -
Fortinet 3.120.0.0 2009.09.26 -
GData 19 2009.09.26 -
Ikarus T3.1.1.72.0 2009.09.26 -
Jiangmin 11.0.800 2009.09.26 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.26 -
McAfee 5753 2009.09.26 -
McAfee+Artemis 5753 2009.09.26 -
McAfee-GW-Edition 6.8.5 2009.09.26 Heuristic.LooksLike.Win32.Suspicious.H!89
Microsoft 1.5005 2009.09.23 -
NOD32 4460 2009.09.26 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.26 -
Panda 10.0.2.2 2009.09.26 -
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.26 -
Rising 21.48.52.00 2009.09.26 -
Sophos 4.45.0 2009.09.26 -
Sunbelt 3.2.1858.2 2009.09.26 -
Symantec 1.4.4.12 2009.09.26 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.26 -

Дополнительная информация
File size: 151040 bytes
MD5...: 858f85c78f459631ef96603d18a1fb72
SHA1..: b2ad393fa37838dbf3c7120af055b47f789beb25
SHA256: d20fcf234d37c5acdf4203409bbfe8a447bb4110c4b1a39838 235224b5ed8753
ssdeep: 3072:FCA5N/8h5LL5rLbon1ZNlxVTOZHQ0OWykzeKaU:/X8h5L5LoPTG/OOd<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10ee<br>timedatestamp.....: 0x494807bd (Tue Dec 16 19:55:41 200<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>Coqp0msc 0x1000 0x9c0f 0x9e00 5.72 dfa09b1702ea343d7e306c100a744368<br>S9qC1feu 0xb000 0x2da 0x400 3.87 c4240ab126d56f92054f8343ada3a53c<br>QiGVS3Mm 0xc000 0x19405 0x19600 7.97 10d53d0d222f6dd663767eb2e3abfc89<br>.rsrc 0x26000 0x26000 0x1200 3.65 030f64094fede62a4d311a5b1d94e2ea<br><br>( 0 imports ) <br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win32 Dynamic Link Library (generic) (55.3%)<br>Win16/32 Executable Delphi generic (15.1%)<br>Generic Win/DOS Executable (14.6%)<br>DOS Executable Generic (14.6%)<br>VXD Driver (0.2%)
sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

[senyak]

Файл exploree.exe получен 2009.09.26 20:36:36 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.26 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.25 -
Authentium 5.1.2.4 2009.09.26 -
Avast 4.8.1351.0 2009.09.26 -
AVG 8.5.0.412 2009.09.26 -
BitDefender 7.2 2009.09.26 Trojan.CryptRedol.Gen.3
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.26 -
Comodo 2447 2009.09.26 -
DrWeb 5.0.0.12182 2009.09.26 Trojan.PWS.LDPinch.4308
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6761 2009.09.25 -
F-Prot 4.5.1.85 2009.09.26 -
F-Secure 8.0.14470.0 2009.09.26 -
Fortinet 3.120.0.0 2009.09.26 -
GData 19 2009.09.26 Trojan.CryptRedol.Gen.3
Ikarus T3.1.1.72.0 2009.09.26 Trojan.CryptRedol
Jiangmin 11.0.800 2009.09.26 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.26 Trojan-PSW.Win32.LdPinch.gzu
McAfee 5753 2009.09.26 -
McAfee+Artemis 5753 2009.09.26 Artemis!A0ADCAEABE24
McAfee-GW-Edition 6.8.5 2009.09.26 -
Microsoft 1.5005 2009.09.23 -
NOD32 4460 2009.09.26 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.26 -
Panda 10.0.2.2 2009.09.26 Trj/CI.A
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.26 -
Rising 21.48.52.00 2009.09.26 -
Sophos 4.45.0 2009.09.26 -
Sunbelt 3.2.1858.2 2009.09.26 -
Symantec 1.4.4.12 2009.09.26 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.26 -

Дополнительная информация
File size: 24576 bytes
MD5...: a0adcaeabe2415a991023d495e021649
SHA1..: dc5b2395e9dd887faca09eefba3a623595c6303d
SHA256: 266cbc2529b31b31eef604a01b7c9fffff8bc2745a6a4bfe25 2e6ab7c74f47c5
ssdeep: 384:jgbh4XWczy8DJIK/vRtpZqrpkiPfVfDPSaWhOElNSKlwYzMNQ6Fhr:22Gcz4
e3+kC+aW9lMRuMN
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...7c5-1253997396




Файл svvghost.exe получен 2009.09.26 20:37:50 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.26 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.25 2009.09.25 -
Antiy-AVL 2.0.3.7 2009.09.25 -
Authentium 5.1.2.4 2009.09.26 -
Avast 4.8.1351.0 2009.09.26 -
AVG 8.5.0.412 2009.09.26 -
BitDefender 7.2 2009.09.26 -
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.26 -
Comodo 2447 2009.09.26 -
DrWeb 5.0.0.12182 2009.09.26 Trojan.Winlock.252
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6761 2009.09.25 -
F-Prot 4.5.1.85 2009.09.26 -
F-Secure 8.0.14470.0 2009.09.26 -
Fortinet 3.120.0.0 2009.09.26 -
GData 19 2009.09.26 -
Ikarus T3.1.1.72.0 2009.09.26 -
Jiangmin 11.0.800 2009.09.26 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.26 Trojan-Ransom.Win32.SMSer.lm
McAfee 5753 2009.09.26 -
McAfee+Artemis 5753 2009.09.26 -
McAfee-GW-Edition 6.8.5 2009.09.26 -
Microsoft 1.5005 2009.09.23 -
NOD32 4460 2009.09.26 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.26 -
Panda 10.0.2.2 2009.09.26 Suspicious file
PCTools 4.4.2.0 2009.09.25 -
Prevx 3.0 2009.09.26 -
Rising 21.48.52.00 2009.09.26 -
Sophos 4.45.0 2009.09.26 -
Sunbelt 3.2.1858.2 2009.09.26 Trojan-Spy.Win32.Zbot.gen (v)
Symantec 1.4.4.12 2009.09.26 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.25 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.26 -

Дополнительная информация
File size: 70144 bytes
MD5...: 999ca33934dff046cadb2bcf2b2c083f
SHA1..: 449419448ce9035ae0bc23874c14ca5aa633e123
SHA256: 052bad87c63fe3581a20af34cd4a634facef6411d83db91caf 125757553e0b0f
ssdeep: 1536:qwby+xZsj4/WkTf6KQsMdnBaRKz/B1TVMT8Uy2u6Vefe:qyTZsU/WkqBaQ1
U8U3BVeG
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...b0f-1253997470

[senyak]

Итак, едим дальше

Файл setup.exe получен 2009.09.27 22:46:33 (UTC)
Текущий статус: закончено
Результат: 4/41 (9.76%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.27 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.27 2009.09.28 -
Antiy-AVL 2.0.3.7 2009.09.27 -
Authentium 5.1.2.4 2009.09.27 -
Avast 4.8.1351.0 2009.09.27 Win32:MalOb-T
AVG 8.5.0.412 2009.09.27 -
BitDefender 7.2 2009.09.28 -
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.27 -
Comodo 2456 2009.09.28 -
DrWeb 5.0.0.12182 2009.09.27 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6763 2009.09.27 -
F-Prot 4.5.1.85 2009.09.27 -
F-Secure 8.0.14470.0 2009.09.28 -
Fortinet 3.120.0.0 2009.09.27 -
GData 19 2009.09.28 Win32:MalOb-T
Ikarus T3.1.1.72.0 2009.09.27 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.28 -
McAfee 5754 2009.09.27 -
McAfee+Artemis 5754 2009.09.27 -
McAfee-GW-Edition 6.8.5 2009.09.27 -
Microsoft 1.5005 2009.09.23 -
NOD32 4462 2009.09.27 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.27 -
Panda 10.0.2.2 2009.09.27 -
PCTools 4.4.2.0 2009.09.27 -
Prevx 3.0 2009.09.28 -
Rising 21.48.62.00 2009.09.27 -
Sophos 4.45.0 2009.09.28 Mal/TDSSPack-Q
Sunbelt 3.2.1858.2 2009.09.27 -
Symantec 1.4.4.12 2009.09.28 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.27 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.27 -

Дополнительная информация
File size: 29184 bytes
MD5...: b7df3410748e02c94aa620a583ba4f3c
SHA1..: 9d3d55cdabbf130621eddd47b36b1c2d4e69a6f2
SHA256: dcd439bc7b6986100ee8cbf9b10ad16d8057025d03c91af3ea 3486ca5b8cba86
ssdeep: 384:XHVN4SGOJThoZIOMSWbW68fhOS6y8gj43HjB9v5isJ+fL2 eukfqkJ:X1KhzZ
RMhq68fhv7MjHhis0Xukh
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...a86-1254091593




Файл alex_359fab6b7b7c4da8dafedba92bfd получен 2009.09.27 22:51:26 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.64%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.27 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.27 2009.09.28 -
Antiy-AVL 2.0.3.7 2009.09.27 -
Authentium 5.1.2.4 2009.09.27 -
Avast 4.8.1351.0 2009.09.27 -
AVG 8.5.0.412 2009.09.27 -
BitDefender 7.2 2009.09.28 -
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.27 -
Comodo 2456 2009.09.28 -
DrWeb 5.0.0.12182 2009.09.27 Trojan.DownLoad.47337
eSafe 7.0.17.0 2009.09.24 -
eTrust-Vet 31.6.6763 2009.09.27 -
F-Prot 4.5.1.85 2009.09.27 -
F-Secure 8.0.14470.0 2009.09.28 Trojan-Downloader.Win32.Mufanom.dhq
Fortinet 3.120.0.0 2009.09.27 -
GData 19 2009.09.28 -
Ikarus T3.1.1.72.0 2009.09.27 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.28 Trojan-Downloader.Win32.Mufanom.dhq
McAfee 5754 2009.09.27 -
McAfee+Artemis 5754 2009.09.27 Artemis!2D1DA14CB700
McAfee-GW-Edition 6.8.5 2009.09.27 -
Microsoft 1.5005 2009.09.23 -
NOD32 4462 2009.09.27 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.27 -
Panda 10.0.2.2 2009.09.27 -
PCTools 4.4.2.0 2009.09.27 -
Prevx 3.0 2009.09.28 -
Rising 21.48.62.00 2009.09.27 -
Sophos 4.45.0 2009.09.28 -
Sunbelt 3.2.1858.2 2009.09.27 Trojan.Win32.Hiloti.gen (v)
Symantec 1.4.4.12 2009.09.28 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.27 Bscope.Malware-Cryptor.Tip
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.27 -

Дополнительная информация
File size: 48128 bytes
MD5...: 2d1da14cb7002228062482328aece505
SHA1..: fee148febfe28e01778a5410c6c1c5ba185a258a
SHA256: 21a8314e630f19d18322dcaa40628a86595985d839d2ff3711 fc34a02c421ef6
ssdeep: 768:S6wY7zaHIfoloEiz727w4DHvqj4RWc7yxQG/e/v1/g2HZNmyjDfH:Swpo694
zv/RWcest/v5NmWTH
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...ef6-1254091886




Файл Soft_252.exe получен 2009.09.27 22:53:52 (UTC)
Текущий статус: закончено
Результат: 10/41 (24.4%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.27 Trojan.Win32.FakeAV!IK
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.27 2009.09.28 TR/FakeXPA.A.734
Antiy-AVL 2.0.3.7 2009.09.27 -
Authentium 5.1.2.4 2009.09.27 -
Avast 4.8.1351.0 2009.09.27 -
AVG 8.5.0.412 2009.09.27 Generic14.BJCV
BitDefender 7.2 2009.09.28 -
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.27 -
Comodo 2456 2009.09.28 -
DrWeb 5.0.0.12182 2009.09.27 -
eSafe 7.0.17.0 2009.09.24 -
eTrust-Vet 31.6.6763 2009.09.27 -
F-Prot 4.5.1.85 2009.09.27 -
F-Secure 8.0.14470.0 2009.09.28 -
Fortinet 3.120.0.0 2009.09.27 -
GData 19 2009.09.28 -
Ikarus T3.1.1.72.0 2009.09.27 Trojan.Win32.FakeAV
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.28 Trojan.Win32.FraudPack.ukq
McAfee 5754 2009.09.27 FakeAlert-IS
McAfee+Artemis 5754 2009.09.27 FakeAlert-IS
McAfee-GW-Edition 6.8.5 2009.09.27 -
Microsoft 1.5005 2009.09.23 -
NOD32 4462 2009.09.27 a variant of Win32/Kryptik.AOJ
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.27 -
Panda 10.0.2.2 2009.09.27 Trj/CI.A
PCTools 4.4.2.0 2009.09.27 -
Prevx 3.0 2009.09.28 High Risk Cloaked Malware
Rising 21.48.62.00 2009.09.27 -
Sophos 4.45.0 2009.09.28 -
Sunbelt 3.2.1858.2 2009.09.27 -
Symantec 1.4.4.12 2009.09.28 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.27 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.27 -

Дополнительная информация
File size: 184832 bytes
MD5...: 0ec7e0825b52a7d49a59b3a020733d4e
SHA1..: f5b6c877a9b299994cf7df430bae84df4b5c2292
SHA256: f279107de90782021a5e87ad54f2d02bb6f9b04203f3bce2c4 b7eec20594daa6
ssdeep: 3072:1iYPYym8x9ATvD2+PXHLBBwJ+KlIn8xNxZxHn/GMpPOSt/fS4iTP:8wx9AT
b2QLwkKlOKOsPOS564A
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...aa6-1254092032




Файл update.exe получен 2009.09.27 22:52:36 (UTC)
Текущий статус: закончено
Результат: 4/41 (9.76%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.27 -
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.27 2009.09.28 -
Antiy-AVL 2.0.3.7 2009.09.27 -
Authentium 5.1.2.4 2009.09.27 -
Avast 4.8.1351.0 2009.09.27 -
AVG 8.5.0.412 2009.09.27 -
BitDefender 7.2 2009.09.28 -
CAT-QuickHeal 10.00 2009.09.26 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.27 -
Comodo 2456 2009.09.28 -
DrWeb 5.0.0.12182 2009.09.27 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6763 2009.09.27 -
F-Prot 4.5.1.85 2009.09.27 -
F-Secure 8.0.14470.0 2009.09.28 -
Fortinet 3.120.0.0 2009.09.27 -
GData 19 2009.09.28 -
Ikarus T3.1.1.72.0 2009.09.27 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.28 -
McAfee 5754 2009.09.27 -
McAfee+Artemis 5754 2009.09.27 Artemis!CD4D63AA9DF3
McAfee-GW-Edition 6.8.5 2009.09.27 -
Microsoft 1.5005 2009.09.23 -
NOD32 4462 2009.09.27 -
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.27 -
Panda 10.0.2.2 2009.09.27 -
PCTools 4.4.2.0 2009.09.27 -
Prevx 3.0 2009.09.28 -
Rising 21.48.62.00 2009.09.27 Packer.Win32.UnkPacker.a
Sophos 4.45.0 2009.09.28 -
Sunbelt 3.2.1858.2 2009.09.27 -
Symantec 1.4.4.12 2009.09.28 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.27 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.27 -

Дополнительная информация
File size: 69632 bytes
MD5...: cd4d63aa9df325a973ae3038db79436a
SHA1..: 08a3d77d9547fab493eceb33d99da48fe4269295
SHA256: ea1442cb4818a228bdcb1cd98006ae31187696685a6ec62638 1973fc869551cc
ssdeep: 1536:nOyhNnGd+cQcNmApp/XWlxgLCV5Gw3JGpojrtM47Kp88eXAd:jG3NmApp/W
lxg6Ew5S8rtZ80Ad
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...1cc-1254091956




Файл your_exe.exe получен 2009.09.27 22:54:36 (UTC)
Текущий статус: закончено
Результат: 16/41 (39.03%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.27 Trojan-Downloader.Win32.Harnig!IK
AhnLab-V3 5.0.0.2 2009.09.26 -
AntiVir 7.9.1.27 2009.09.28 TR/Crypt.XPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.27 -
Authentium 5.1.2.4 2009.09.27 -
Avast 4.8.1351.0 2009.09.27 Win32:Walivun
AVG 8.5.0.412 2009.09.27 -
BitDefender 7.2 2009.09.28 -
CAT-QuickHeal 10.00 2009.09.26 -
ClamAV 0.94.1 2009.09.27 -
Comodo 2456 2009.09.28 Heur.Packed.Unknown
DrWeb 5.0.0.12182 2009.09.27 Win32.HLLW.Autoruner.7622
eSafe 7.0.17.0 2009.09.24 -
eTrust-Vet 31.6.6763 2009.09.27 -
F-Prot 4.5.1.85 2009.09.27 -
F-Secure 8.0.14470.0 2009.09.28 Trojan-Downloader.Win32.Genome.rnq
Fortinet 3.120.0.0 2009.09.27 W32/Genome.RNQ!tr.dldr
GData 19 2009.09.28 Win32:Walivun
Ikarus T3.1.1.72.0 2009.09.27 Trojan-Downloader.Win32.Harnig
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.28 Trojan-Downloader.Win32.Genome.rnq
McAfee 5754 2009.09.27 -
McAfee+Artemis 5754 2009.09.27 Artemis!4CC96065EB6A
McAfee-GW-Edition 6.8.5 2009.09.27 Trojan.Crypt.XPACK.Gen
Microsoft 1.5005 2009.09.23 -
NOD32 4462 2009.09.27 Win32/TrojanDownloader.Small.OOT
Norman 6.01.09 2009.09.26 -
nProtect 2009.1.8.0 2009.09.27 -
Panda 10.0.2.2 2009.09.27 Trj/CI.A
PCTools 4.4.2.0 2009.09.27 -
Prevx 3.0 2009.09.28 Medium Risk Malware
Rising 21.48.62.00 2009.09.27 -
Sophos 4.45.0 2009.09.28 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.09.27 -
Symantec 1.4.4.12 2009.09.28 -
TheHacker 6.5.0.2.019 2009.09.26 -
TrendMicro 8.950.0.1094 2009.09.25 -
VBA32 3.12.10.11 2009.09.27 -
ViRobot 2009.9.26.1958 2009.09.26 -
VirusBuster 4.6.5.0 2009.09.27 -

Дополнительная информация
File size: 12800 bytes
MD5...: 4cc96065eb6a09a3fdca664b1f77805c
SHA1..: a73cbfc80fcaefbdf5fdb6c515dfbdb07a2f6068
SHA256: 68f6b5b091142d4c24779e4d245e7c6fdd2d6ffa8844072191 845f79bbc29a95
ssdeep: 384:3IQqVn6HBCS6O+wpnOrYAGU9s8ubvbS0l:4L6hCbJwphAb 7uv
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...a95-1254092076

[valho]

File hdd7.exe received on 2009.09.29 10:55:36 (UTC)
Current status: finished
Result: 14/41 (34.15%)

a-squared 4.5.0.24 2009.09.29 -
AhnLab-V3 5.0.0.2 2009.09.29 -
AntiVir 7.9.1.27 2009.09.29 HEUR/Malware
Antiy-AVL 2.0.3.7 2009.09.29 -
Authentium 5.1.2.4 2009.09.29 -
Avast 4.8.1351.0 2009.09.28 -
AVG 8.5.0.412 2009.09.29 Agent.DD
BitDefender 7.2 2009.09.29 MemScan:Trojan.Krotten.B
CAT-QuickHeal 10.00 2009.09.29 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.29 -
Comodo 2469 2009.09.29 TrojWare.Win32.KRotten.~A
DrWeb 5.0.0.12182 2009.09.29 -
eSafe 7.0.17.0 2009.09.24 Suspicious File
eTrust-Vet 31.6.6767 2009.09.29 -
F-Prot 4.5.1.85 2009.09.29 -
F-Secure 8.0.14470.0 2009.09.29 -
Fortinet 3.120.0.0 2009.09.29 W32/Krotten.B!tr
GData 19 2009.09.29 MemScan:Trojan.Krotten.B
Ikarus T3.1.1.72.0 2009.09.29 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.855 2009.09.26 -
Kaspersky 7.0.0.125 2009.09.29 -
McAfee 5755 2009.09.28 StartPage-IP
McAfee+Artemis 5755 2009.09.28 StartPage-IP
McAfee-GW-Edition 6.8.5 2009.09.29 Heuristic.Malware
Microsoft 1.5005 2009.09.23 -
NOD32 4466 2009.09.29 -
Norman 6.01.09 2009.09.28 W32/Krotten.CI
nProtect 2009.1.8.0 2009.09.29 -
Panda 10.0.2.2 2009.09.28 -
PCTools 4.4.2.0 2009.09.28 -
Prevx 3.0 2009.09.29 -
Rising 21.49.13.00 2009.09.29 Packer.Win32.UnkPacker.b
Sophos 4.45.0 2009.09.29 -
Sunbelt 3.2.1858.2 2009.09.29 -
Symantec 1.4.4.12 2009.09.29 -
TheHacker 6.5.0.2.021 2009.09.28 -
TrendMicro 8.500.0.1002 2009.09.29 PAK_Generic.001
VBA32 3.12.10.11 2009.09.29 -
ViRobot 2009.9.29.1962 2009.09.29 -
VirusBuster 4.6.5.0 2009.09.28 -

Additional information
File size: 33451 bytes
MD5 : b8eb1b852d4917006d204d1d4b7bf56a
SHA1 : 0cfbb0e36b5ee13423d0db8f3e19630c8c17e961
SHA256: 24ecfe3dee189a7603094646503e21cdf40a13ecce0ef8aa64 17ac7c6d9d14c4
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5B2D
timedatestamp.....: 0x40715C58 (Mon Apr 5 15:17:12 2004)
machinetype.......: 0x14C (Intel I386)

[Erekle]

Файл bcjhokdt_1_.png получен 2009.09.30 21:35:01 (UTC)
Результат: 9/41 (21.95%)

a-squared 4.5.0.24 2009.09.30 -
AhnLab-V3 5.0.0.2 2009.09.30 -
AntiVir 7.9.1.27 2009.09.30 HEUR/Crypted.E
Antiy-AVL 2.0.3.7 2009.09.30 -
Authentium 5.1.2.4 2009.09.30 W32/Damaged_File.gen!Eldorado
Avast 4.8.1351.0 2009.09.30 -
AVG 8.5.0.412 2009.09.30 Worm/Downadup
BitDefender 7.2 2009.09.30 -
CAT-QuickHeal 10.00 2009.09.30 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.09.30 -
Comodo 2475 2009.09.30 -
DrWeb 5.0.0.12182 2009.09.30 -
eSafe 7.0.17.0 2009.09.30 Suspicious File
eTrust-Vet 31.6.6770 2009.09.30 -
F-Prot 4.5.1.85 2009.09.30 W32/Damaged_File.gen!Eldorado
F-Secure 8.0.14470.0 2009.09.30 -
Fortinet 3.120.0.0 2009.09.30 -
GData 19 2009.09.30 -
Ikarus T3.1.1.72.0 2009.09.30 -
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.857 2009.09.30 -
Kaspersky 7.0.0.125 2009.09.30 -
McAfee 5757 2009.09.30 potentially unwanted program Corrupt-07!51F57CED0378
McAfee+Artemis 5757 2009.09.30 potentially unwanted program Corrupt-07!51F57CED0378
McAfee-GW-Edition 6.8.5 2009.09.30 -
Microsoft 1.5005 2009.09.23 -
NOD32 4471 2009.09.30 -
Norman 6.01.09 2009.09.30 -
nProtect 2009.1.8.0 2009.09.30 -
Panda 10.0.2.2 2009.09.30 -
PCTools 4.4.2.0 2009.09.30 -
Prevx 3.0 2009.09.30 -
Rising 21.49.22.00 2009.09.30 Packer.Win32.UnkPacker.a
Sophos 4.45.0 2009.09.30 -
Sunbelt 3.2.1858.2 2009.09.30 -
Symantec 1.4.4.12 2009.09.30 -
TheHacker 6.5.0.2.023 2009.09.30 -
TrendMicro 8.950.0.1094 2009.09.30 -
VBA32 3.12.10.11 2009.09.30 -
ViRobot 2009.9.30.1965 2009.09.30 -
VirusBuster 4.6.5.0 2009.09.30 -

Дополнительная информация
File size: 26280 bytes
MD5 : 51f57ced03783f80656104cad1b76806
SHA1 : 791a074670e07ed2ffc8a77888ca214b32a45538
SHA256: b5e3017218f85ec4224f2a4007bf73093b95c2b92448a99bbe e8cce29ed4ea32

http://www.virustotal.com/ru/analisi...a32-1254346501

(таких недоношенных было несколько, начиная с размера 2 кб. Во всех случаях результат такой же)
_______________

Файл jwgkvsq.vmx получен 2009.09.16 15:45:39 (UTC)
Результат: 39/41 (95.12%)

a-squared 4.5.0.24 2009.09.16 Net-Worm.Win32.Kido!IK
AhnLab-V3 5.0.0.2 2009.09.16 Win32/Conficker.worm.Gen
AntiVir 7.9.1.18 2009.09.16 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2009.09.16 Worm/Win32.Kido.gen
Authentium 5.1.2.4 2009.09.16 W32/Conficker!Generic
Avast 4.8.1351.0 2009.09.15 Win32:Rootkit-gen
AVG 8.5.0.412 2009.09.16 Worm/Downadup
BitDefender 7.2 2009.09.16 Application.Generic.204330
CAT-QuickHeal 10.00 2009.09.16 Win32.Net-Worm.Kido.ih.3.Pack
ClamAV 0.94.1 2009.09.16 -
Comodo 2335 2009.09.16 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.09.16 Win32.HLLW.Shadow.based
eSafe 7.0.17.0 2009.09.15 Win32.Conficker.worm
eTrust-Vet 31.6.6740 2009.09.16 Win32/Conficker
F-Prot 4.5.1.85 2009.09.15 W32/Conficker!Generic
F-Secure 8.0.14470.0 2009.09.16 Worm:W32/Downadup.gen!A
Fortinet 3.120.0.0 2009.09.16 W32/Conficker.A!worm
GData 19 2009.09.16 Application.Generic.204330
Ikarus T3.1.1.72.0 2009.09.16 Net-Worm.Win32.Kido
Jiangmin 11.0.800 2009.09.16 Worm/Kido.mk
K7AntiVirus 7.10.845 2009.09.15 Net-Worm.Win32.Kido
Kaspersky 7.0.0.125 2009.09.16 Net-Worm.Win32.Kido.ih
McAfee 5742 2009.09.15 W32/Conficker.worm.gen.a
McAfee+Artemis 5742 2009.09.15 Suspect-29!B420138B88ED
McAfee-GW-Edition 6.8.5 2009.09.16 Trojan.Dropper.Gen
Microsoft 1.5005 2009.09.16 Worm:Win32/Conficker.B
NOD32 4429 2009.09.16 Win32/Conficker.AA
Norman 6.01.09 2009.09.16 W32/Conficker.FA
nProtect 2009.1.8.0 2009.09.16 Worm/W32.Kido.156520
Panda 10.0.2.2 2009.09.16 W32/Conficker.C.worm
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.16 High Risk Fraudulent Security Program
Rising 21.47.22.00 2009.09.16 Worm.Win32.MS08-067.c
Sophos 4.45.0 2009.09.16 Mal/Conficker-A
Sunbelt 3.2.1858.2 2009.09.16 Worm.Win32.Downad.Gen (v)
Symantec 1.4.4.12 2009.09.16 W32.Downadup.B
TheHacker 6.3.4.4.404 2009.09.15 W32/Kido.ih
TrendMicro 8.950.0.1094 2009.09.16 WORM_DOWNAD.AD
VBA32 3.12.10.10 2009.09.15 Worm.Win32.kido.88
ViRobot 2009.9.16.1939 2009.09.16 Worm.Win32.Conficker.156520
VirusBuster 4.6.5.0 2009.09.15 Trojan.Conficker.Gen!Pac

Дополнительная информация
File size: 156520 bytes
MD5 : b420138b88eda83a51fea5298f72864a
SHA1 : 0e644fc39a287e6f020ede6d6c9dd708b1a871ba
SHA256: 8fe51a999ce37b2d8996b7021223cbbcbd35f6e7b151766d6a 2ce4592f13fa3a
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x18A10
timedatestamp.....: 0x4383FABD (Wed Nov 23 06:14:37 2005)
machinetype.......: 0x14C (Intel I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x6000 0x13000 0x12C00 7.80 0493f6c2743b9faa3098674b6fc4b0bc
UPX2 0x19000 0x1000 0x200 3.68 13eaee584ec79764c7625b66ea5dc07e
( 0 imports )
( 0 exports )
TrID : File type identification
UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.5%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Clipper DOS Executable (2.5%)
ssdeep: 3072:w197n3Hrj6erceHy69fjcNUoQ+1Fcz755g:w11XruWL9f jcN31Mt5g
Prevx Info: http://info.prevx.com/aboutprogramte...12420087CAF4B4
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
packers (Authentium): UPX
RDS : NSRL Reference Data Set
-

http://www.virustotal.com/ru/analisi...a3a-1253115939

_______________

Файл aaa.bin (autorun.inf) получен 2009.09.13 11:33:44 (UTC)
Результат: 24/41 (58.54%)

a-squared 4.5.0.24 2009.09.13 Worm.Win32.Conficker!IK
AhnLab-V3 5.0.0.2 2009.09.13 -
AntiVir 7.9.1.14 2009.09.11 TR/Autorun.59288
Antiy-AVL 2.0.3.7 2009.09.11 -
Authentium 5.1.2.4 2009.09.12 -
Avast 4.8.1351.0 2009.09.12 BV:AutoRun-S
AVG 8.5.0.412 2009.09.13 Worm/Generic_c.ZW
BitDefender 7.2 2009.09.13 Worm.Autorun.VHG
CAT-QuickHeal 10.00 2009.09.12 -
ClamAV 0.94.1 2009.09.13 Worm.Autorun-1838
Comodo 2303 2009.09.13 Worm.Win32.AutoRun.etg
DrWeb 5.0.0.12182 2009.09.13 Win32.HLLW.Shadow
eSafe 7.0.17.0 2009.09.10 -
eTrust-Vet 31.6.6733 2009.09.11 INF/Conficker
F-Prot 4.5.1.85 2009.09.12 -
F-Secure 8.0.14470.0 2009.09.13 Worm:W32/Downaduprun.A
Fortinet 3.120.0.0 2009.09.13 -
GData 19 2009.09.13 Worm.Autorun.VHG
Ikarus T3.1.1.72.0 2009.09.13 Worm.Win32.Conficker
Jiangmin 11.0.800 2009.09.13 -
K7AntiVirus 7.10.843 2009.09.12 -
Kaspersky 7.0.0.125 2009.09.13 Net-Worm.Win32.Kido.ih
McAfee 5739 2009.09.12 -
McAfee+Artemis 5739 2009.09.12 -
McAfee-GW-Edition 6.8.5 2009.09.13 Trojan.Autorun.59288
Microsoft 1.5005 2009.09.13 Worm:Win32/Conficker.B!inf
NOD32 4421 2009.09.13 -
Norman 6.01.09 2009.09.11 -
nProtect 2009.1.8.0 2009.09.12 -
Panda 10.0.2.2 2009.09.13 W32/Conficker.C.worm
PCTools 4.4.2.0 2009.09.11 -
Prevx 3.0 2009.09.13 -
Rising 21.46.61.00 2009.09.13 -
Sophos 4.45.0 2009.09.13 Mal/ConfInf-A
Sunbelt 3.2.1858.2 2009.09.12 INF.Autorun (v)
Symantec 1.4.4.12 2009.09.13 W32.Downadup!autorun
TheHacker 6.3.4.4.402 2009.09.12 W32/Conficker.autorunL
TrendMicro 8.950.0.1094 2009.09.13 TROJ_DOWNAD.AD
VBA32 3.12.10.10 2009.09.11 Trojan.Autorun.gen
ViRobot 2009.9.12.1932 2009.09.12 INF.Autorun.59288.B
VirusBuster 4.6.5.0 2009.09.12 INF.Conficker.F

Дополнительная информация
File size: 59288 bytes
MD5 : 06d8fb2498d84cae5f96c281685b2e73
SHA1 : 8d91ceca90353aa644a7ff538fd75f0906d24027
SHA256: fc1ea07f84e1d19fecb1bb2bf7779729700817f4d7483b779e 8a567c3826c552
TrID : File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%)

http://www.virustotal.com/ru/analisi...552-1252841624

[Shu_b]

Очередные промежуточные итоги народного тестирования август-сентябрь:

[senyak]

Файл 335i.exe получен 2009.10.07 18:00:31 (UTC)
Текущий статус: закончено
Результат: 4/41 (9.76%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.41 2009.10.07 -
AhnLab-V3 5.0.0.2 2009.10.07 -
AntiVir 7.9.1.33 2009.10.07 -
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.07 W32/Heuristic-CO2!Eldorado
Avast 4.8.1351.0 2009.10.07 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.07 -
CAT-QuickHeal 10.00 2009.10.07 -
ClamAV 0.94.1 2009.10.07 -
Comodo 2527 2009.10.07 -
DrWeb 5.0.0.12182 2009.10.07 -
eSafe 7.0.17.0 2009.10.06 -
eTrust-Vet 35.1.7055 2009.10.07 -
F-Prot 4.5.1.85 2009.10.07 W32/Damaged_File.B.gen!Eldorado
F-Secure 8.0.14470.0 2009.10.07 -
Fortinet 3.120.0.0 2009.10.07 -
GData 19 2009.10.07 -
Ikarus T3.1.1.72.0 2009.10.07 -
Jiangmin 11.0.800 2009.10.07 -
K7AntiVirus 7.10.864 2009.10.07 -
Kaspersky 7.0.0.125 2009.10.07 -
McAfee 5764 2009.10.07 potentially unwanted program Corrupt-07!5D39807FF1A2
McAfee+Artemis 5764 2009.10.07 potentially unwanted program Corrupt-07!5D39807FF1A2
McAfee-GW-Edition 6.8.5 2009.10.07 -
Microsoft 1.5101 2009.10.07 -
NOD32 4488 2009.10.07 -
Norman 6.01.09 2009.10.07 -
nProtect 2009.1.8.0 2009.10.07 -
Panda 10.0.2.2 2009.10.06 -
PCTools 4.4.2.0 2009.10.07 -
Prevx 3.0 2009.10.07 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.07 -
Sunbelt 3.2.1858.2 2009.10.07 -
Symantec 1.4.4.12 2009.10.07 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.07 -
VBA32 3.12.10.11 2009.10.07 -
ViRobot 2009.10.7.1974 2009.10.07 -
VirusBuster 4.6.5.0 2009.10.07 -

Дополнительная информация
File size: 18719 bytes
MD5...: 5d39807ff1a214527e72bad58bed96a7
SHA1..: b7570ccf8585a883fc8d74a8c5325d6a3c1199d8
SHA256: 18c8ffbbef424d4ba1479934207cdd19ac0aa94b9b583615cd e061ed93750994
ssdeep: 384:lRXdYOzLpWTFByV2q7G2iq4vxD6tOLDNshjSQpnjdZYK5Z :LdTPpWTFBy232
gvxut8ehjSQF0Y
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...994-1254938431




Файл cash.exe получен 2009.10.07 18:00:46 (UTC)
Текущий статус: закончено
Результат: 5/41 (12.2%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.41 2009.10.07 -
AhnLab-V3 5.0.0.2 2009.10.07 -
AntiVir 7.9.1.33 2009.10.07 -
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.07 -
Avast 4.8.1351.0 2009.10.07 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.07 -
CAT-QuickHeal 10.00 2009.10.07 -
ClamAV 0.94.1 2009.10.07 -
Comodo 2527 2009.10.07 -
DrWeb 5.0.0.12182 2009.10.07 Trojan.Senum.2
eSafe 7.0.17.0 2009.10.06 -
eTrust-Vet 35.1.7055 2009.10.07 Win32/Warduncrypt!generic
F-Prot 4.5.1.85 2009.10.07 -
F-Secure 8.0.14470.0 2009.10.07 Trojan-Downloader.Win32.CodecPack.kdq
Fortinet 3.120.0.0 2009.10.07 -
GData 19 2009.10.07 -
Ikarus T3.1.1.72.0 2009.10.07 -
Jiangmin 11.0.800 2009.10.07 -
K7AntiVirus 7.10.864 2009.10.07 -
Kaspersky 7.0.0.125 2009.10.07 Trojan-Downloader.Win32.CodecPack.kdq
McAfee 5764 2009.10.07 -
McAfee+Artemis 5764 2009.10.07 -
McAfee-GW-Edition 6.8.5 2009.10.07 -
Microsoft 1.5101 2009.10.07 -
NOD32 4488 2009.10.07 -
Norman 6.01.09 2009.10.07 -
nProtect 2009.1.8.0 2009.10.07 -
Panda 10.0.2.2 2009.10.06 -
PCTools 4.4.2.0 2009.10.07 -
Prevx 3.0 2009.10.07 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.07 Mal/EncPk-JY
Sunbelt 3.2.1858.2 2009.10.07 -
Symantec 1.4.4.12 2009.10.07 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.07 -
VBA32 3.12.10.11 2009.10.07 -
ViRobot 2009.10.7.1974 2009.10.07 -
VirusBuster 4.6.5.0 2009.10.07 -

Дополнительная информация
File size: 8461 bytes
MD5...: 29cfa8608161ac24347cd83e23ef72c9
SHA1..: 91ff2074a642685f8085267211abb03ee32002d6
SHA256: afba36cb7d9892abec5bce9a86dc2284375138db95f2cf6902 5b718c88b2ad8a
ssdeep: 192:llu8Vli7Q979IRhkReomuh/girdcrHaMc4KgWzP8:NVoYI781bRczNc4KgWz
k
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...d8a-1254938446




Файл loader_ok.exe получен 2009.10.07 18:01:26 (UTC)
Текущий статус: закончено
Результат: 14/41 (34.15%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.41 2009.10.07 Trojan.Win32.Buzus!IK
AhnLab-V3 5.0.0.2 2009.10.07 -
AntiVir 7.9.1.33 2009.10.07 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.07 -
Avast 4.8.1351.0 2009.10.07 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.07 Trojan.Generic.2506315
CAT-QuickHeal 10.00 2009.10.07 -
ClamAV 0.94.1 2009.10.07 -
Comodo 2527 2009.10.07 -
DrWeb 5.0.0.12182 2009.10.07 Trojan.PWS.LDPinch.4308
eSafe 7.0.17.0 2009.10.06 -
eTrust-Vet 35.1.7055 2009.10.07 -
F-Prot 4.5.1.85 2009.10.07 -
F-Secure 8.0.14470.0 2009.10.07 Trojan.Win32.Buzus.bwwp
Fortinet 3.120.0.0 2009.10.07 -
GData 19 2009.10.07 Trojan.Generic.2506315
Ikarus T3.1.1.72.0 2009.10.07 Trojan.Win32.Buzus
Jiangmin 11.0.800 2009.10.07 -
K7AntiVirus 7.10.864 2009.10.07 Trojan.Win32.Buzus.bwwp
Kaspersky 7.0.0.125 2009.10.07 Trojan.Win32.Buzus.bwwp
McAfee 5764 2009.10.07 -
McAfee+Artemis 5764 2009.10.07 Suspect-29!D2F6C8FD38D5
McAfee-GW-Edition 6.8.5 2009.10.07 Trojan.Dropper.Gen
Microsoft 1.5101 2009.10.07 VirTool:Win32/VBInject.gen!CE
NOD32 4488 2009.10.07 -
Norman 6.01.09 2009.10.07 W32/Buzus.XGF
nProtect 2009.1.8.0 2009.10.07 -
Panda 10.0.2.2 2009.10.06 -
PCTools 4.4.2.0 2009.10.07 -
Prevx 3.0 2009.10.07 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.07 -
Sunbelt 3.2.1858.2 2009.10.07 -
Symantec 1.4.4.12 2009.10.07 Trojan Horse
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.07 -
VBA32 3.12.10.11 2009.10.07 -
ViRobot 2009.10.7.1974 2009.10.07 -
VirusBuster 4.6.5.0 2009.10.07 -

Дополнительная информация
File size: 30376 bytes
MD5...: d2f6c8fd38d52e0a35feb8fa5458a1fb
SHA1..: 43a739689ba0924d8b07b9cb75622516ea1d0173
SHA256: 8917d305241eb3c6a09521b53fbaf16e455399c5d909763b24 d19bc847996e48
ssdeep: 384:3OWWMUJE8c7ocqpOHT9gseyyWHFhzXXA/YXFX6Y3/Vv124MFD+bJqFRGkwVM
L20:+o8cU3pOHT9gseyDHj13JGy9+4t70
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...e48-1254938486




Файл pool.exe получен 2009.10.07 18:04:32 (UTC)
Текущий статус: закончено
Результат: 8/41 (19.52%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.41 2009.10.07 -
AhnLab-V3 5.0.0.2 2009.10.07 -
AntiVir 7.9.1.33 2009.10.07 HEUR/Crypted
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.07 W32/Damaged_File.gen!Eldorado
Avast 4.8.1351.0 2009.10.07 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.07 -
CAT-QuickHeal 10.00 2009.10.07 -
ClamAV 0.94.1 2009.10.07 -
Comodo 2527 2009.10.07 -
DrWeb 5.0.0.12182 2009.10.07 -
eSafe 7.0.17.0 2009.10.06 Suspicious File
eTrust-Vet 35.1.7055 2009.10.07 -
F-Prot 4.5.1.85 2009.10.07 W32/Damaged_File.gen!Eldorado
F-Secure 8.0.14470.0 2009.10.07 -
Fortinet 3.120.0.0 2009.10.07 -
GData 19 2009.10.07 -
Ikarus T3.1.1.72.0 2009.10.07 -
Jiangmin 11.0.800 2009.10.07 -
K7AntiVirus 7.10.864 2009.10.07 -
Kaspersky 7.0.0.125 2009.10.07 -
McAfee 5764 2009.10.07 potentially unwanted program Corrupt-07!B5EF2527F951
McAfee+Artemis 5764 2009.10.07 potentially unwanted program Corrupt-07!B5EF2527F951
McAfee-GW-Edition 6.8.5 2009.10.07 Heuristic.LooksLike.Win32.SuspiciousPE.A!83
Microsoft 1.5101 2009.10.07 -
NOD32 4488 2009.10.07 -
Norman 6.01.09 2009.10.07 -
nProtect 2009.1.8.0 2009.10.07 -
Panda 10.0.2.2 2009.10.06 -
PCTools 4.4.2.0 2009.10.07 -
Prevx 3.0 2009.10.07 -
Rising 21.49.22.00 2009.09.30 Packer.Win32.UnkPacker.a
Sophos 4.45.0 2009.10.07 -
Sunbelt 3.2.1858.2 2009.10.07 -
Symantec 1.4.4.12 2009.10.07 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.07 -
VBA32 3.12.10.11 2009.10.07 -
ViRobot 2009.10.7.1974 2009.10.07 -
VirusBuster 4.6.5.0 2009.10.07 -

Дополнительная информация
File size: 43516 bytes
MD5...: b5ef2527f951dd23b7100ecae8977499
SHA1..: f240f517c00a22414a7fc6442eeeef5c7ae92e61
SHA256: f554faa19dbb5bd19265e5e5241668bbceb77c995aa46e865d 032fda69f823d9
ssdeep: 768:FzhxJerC5NCROFt5A7P3+I74cxjMRlNT+6STfpOlsI+bIe U5ZHXeBc3Nq:Vc
0YO3WJM8YRf7SzpOTuIl36f
PEiD..: -
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...3d9-1254938672




Файл WebSetup_05.10.09.exe получен 2009.10.07 18:05:04 (UTC)
Текущий статус: закончено
Результат: 6/41 (14.63%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.41 2009.10.07 -
AhnLab-V3 5.0.0.2 2009.10.07 -
AntiVir 7.9.1.33 2009.10.07 -
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.07 W32/Damaged_File.gen!Eldorado
Avast 4.8.1351.0 2009.10.07 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.07 -
CAT-QuickHeal 10.00 2009.10.07 -
ClamAV 0.94.1 2009.10.07 -
Comodo 2527 2009.10.07 -
DrWeb 5.0.0.12182 2009.10.07 -
eSafe 7.0.17.0 2009.10.06 Suspicious File
eTrust-Vet 35.1.7055 2009.10.07 -
F-Prot 4.5.1.85 2009.10.07 W32/Damaged_File.gen!Eldorado
F-Secure 8.0.14470.0 2009.10.07 -
Fortinet 3.120.0.0 2009.10.07 -
GData 19 2009.10.07 -
Ikarus T3.1.1.72.0 2009.10.07 -
Jiangmin 11.0.800 2009.10.07 -
K7AntiVirus 7.10.864 2009.10.07 -
Kaspersky 7.0.0.125 2009.10.07 -
McAfee 5764 2009.10.07 potentially unwanted program Corrupt-07!D463AF82D266
McAfee+Artemis 5764 2009.10.07 potentially unwanted program Corrupt-07!D463AF82D266
McAfee-GW-Edition 6.8.5 2009.10.07 Heuristic.LooksLike.Win32.Suspicious.A
Microsoft 1.5101 2009.10.07 -
NOD32 4488 2009.10.07 -
Norman 6.01.09 2009.10.07 -
nProtect 2009.1.8.0 2009.10.07 -
Panda 10.0.2.2 2009.10.06 -
PCTools 4.4.2.0 2009.10.07 -
Prevx 3.0 2009.10.07 -
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.07 -
Sunbelt 3.2.1858.2 2009.10.07 -
Symantec 1.4.4.12 2009.10.07 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.07 -
VBA32 3.12.10.11 2009.10.07 -
ViRobot 2009.10.7.1974 2009.10.07 -
VirusBuster 4.6.5.0 2009.10.07 -

Дополнительная информация
File size: 62503 bytes
MD5 : d463af82d266d494901878db47194ed6
SHA1 : c58745d57ed3131d39b1ab67f23e8338e0ba97f8
SHA256: c48362749679ead6dc4274eeb10b939bde5ff7be7e661f42a4 56fb0c00db19e9
PEInfo: PE Structure information

http://www.virustotal.com/ru/analisi...9e9-1254938704

[Шапельский Александр]

C:\WINNT\system32\drivers\rk_remover.sys
Файл rk_remover.sys получен 2009.09.21 12:41:19 (UTC)
Текущий статус: закончено
Результат: 19/41 (46.34%)

Антивирус Версия Обновление Результат
a-squared 4.5.0.24 2009.09.21 Gen.Rootkit!IK
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.21 TR/Crypt.XPACK.Gen
Antiy-AVL 2.0.3.7 2009.09.21 -
Authentium 5.1.2.4 2009.09.21 -
Avast 4.8.1351.0 2009.09.20 Win32:Rootkit-gen
AVG 8.5.0.412 2009.09.21 Win32/Patched
BitDefender 7.2 2009.09.21 Gen:Rootkit.Heur.HGW@eaOkW6l
CAT-QuickHeal 10.00 2009.09.21 Trojan.Agent.ATV
ClamAV 0.94.1 2009.09.21 -
Comodo 2391 2009.09.21 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.09.21 -
eSafe 7.0.17.0 2009.09.17 Win32.TRCrypt.XPACK
eTrust-Vet 31.6.6750 2009.09.21 -
F-Prot 4.5.1.85 2009.09.21 -
F-Secure 8.0.14470.0 2009.09.21 -
Fortinet 3.120.0.0 2009.09.21 PossibleThreat
GData 19 2009.09.21 Gen:Rootkit.Heur.HGW@eaOkW6l
Ikarus T3.1.1.72.0 2009.09.21 Gen.Rootkit
Jiangmin 11.0.800 2009.09.21 -
K7AntiVirus 7.10.850 2009.09.21 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.09.21 -
McAfee 5747 2009.09.20 Generic.dx!iq
McAfee+Artemis 5747 2009.09.20 Generic.dx!iq
McAfee-GW-Edition 6.8.5 2009.09.21 Trojan.Crypt.XPACK.Gen
Microsoft 1.5005 2009.09.21 -
NOD32 4442 2009.09.21 a variant of Win32/Kryptik.NF
Norman 6.01.09 2009.09.21 -
nProtect 2009.1.8.0 2009.09.21 -
Panda 10.0.2.2 2009.09.21 Generic Malware
PCTools 4.4.2.0 2009.09.20 -
Prevx 3.0 2009.09.21 High Risk Worm
Rising 21.48.04.00 2009.09.21 -
Sophos 4.45.0 2009.09.21 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.09.20 -
Symantec 1.4.4.12 2009.09.21 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.21 -
VBA32 3.12.10.10 2009.09.20 -
ViRobot 2009.9.21.1945 2009.09.21 -
VirusBuster 4.6.5.0 2009.09.20 -

Дополнительная информация File size: 548352 bytes MD5 : 7150d019e8a36511f7f5040fb4d5b91b SHA1 : c6bb031bc88eecfec5587f3c7e2329a5e9aa877c SHA256: 5688ab1b9fb7a2918478d0df02f94fc3a0aec1511b794c0b49 568d4ec1a7ae9b PEInfo: PE Structure information
http://www.virustotal.com/ru/analisi...e9b-1253536879

[valho]

File Rave2ins.exe received on 2009.10.08 14:18:28 (UTC)
Current status: finished
Result: 5/41 (12.2%)

a-squared 4.5.0.41 2009.10.08 Trojan-Dropper!IK
AhnLab-V3 5.0.0.2 2009.10.08 -
AntiVir 7.9.1.35 2009.10.08 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2009.10.05 -
Authentium 5.1.2.4 2009.10.08 -
Avast 4.8.1351.0 2009.10.07 -
AVG 8.5.0.420 2009.10.04 -
BitDefender 7.2 2009.10.08 -
CAT-QuickHeal 10.00 2009.10.08 -
ClamAV 0.94.1 2009.10.08 -
Comodo 2537 2009.10.08 -
DrWeb 5.0.0.12182 2009.10.08 -
eSafe 7.0.17.0 2009.10.06 -
eTrust-Vet 35.1.7057 2009.10.08 -
F-Prot 4.5.1.85 2009.10.07 -
F-Secure 8.0.14470.0 2009.10.08 -
Fortinet 3.120.0.0 2009.10.08 -
GData 19 2009.10.08 -
Ikarus T3.1.1.72.0 2009.10.08 Trojan-Dropper
Jiangmin 11.0.800 2009.10.08 -
K7AntiVirus 7.10.865 2009.10.08 -
Kaspersky 7.0.0.125 2009.10.08 -
McAfee 5764 2009.10.07 -
McAfee+Artemis 5764 2009.10.07 -
McAfee-GW-Edition 6.8.5 2009.10.08 Heuristic.BehavesLike.Win32.Dropper.C
Microsoft 1.5101 2009.10.08 -
NOD32 4490 2009.10.08 -
Norman 6.01.09 2009.10.08 -
nProtect 2009.1.8.0 2009.10.08 -
Panda 10.0.2.2 2009.10.07 -
PCTools 4.4.2.0 2009.10.08 -
Prevx 3.0 2009.10.08 High Risk Worm
Rising 21.49.22.00 2009.09.30 -
Sophos 4.45.0 2009.10.08 -
Sunbelt 3.2.1858.2 2009.10.07 -
Symantec 1.4.4.12 2009.10.08 -
TheHacker 6.5.0.2.033 2009.10.07 -
TrendMicro 8.950.0.1094 2009.10.08 -
VBA32 3.12.10.11 2009.10.08 -
ViRobot 2009.10.8.1976 2009.10.08 -
VirusBuster 4.6.5.0 2009.10.08 -

Additional information
File size: 438272 bytes
MD5...: b7f9cf6c149415ce2af368969c69896e
SHA1..: ea16bd8cbcb2b5c713c9061f4130102eed0939c6
SHA256: 689d6c944747e9507cd43425d55bae0a886f08069d7bfa8e8c 72d97caa00f4c5
ssdeep: 6144:6jnYTVXWrMhME83+UU79HvuwYGtLO0rD6gWBcmRaaN56T 6cU1hJIG8:TpGr
M8iv9lYq9kR9lrq
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1070
timedatestamp.....: 0x39deb497 (Sat Oct 07 05:28:55 2000)
machinetype.......: 0x14c (I386)
http://info.prevx.com/aboutprogramte...9781009FC60FCF