Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   "TR/Crypt.XPACK.Gen" Virustotal Ergebnisse (https://www.trojaner-board.de/52764-tr-crypt-xpack-gen-virustotal-ergebnisse.html)

Ledge 21.05.2008 13:53
"TR/Crypt.XPACK.Gen" Virustotal Ergebnisse
 
Habe ein Problem mit einen Trojaner "TR/Crypt.XPACK.Gen" habe meinen Log schon eingesendet und auf empfehlung habe ich 2 Dateien über Virustotal getestet:

C:\Temp\nEzts0230.exe

Ergebnis: 17/32 (53.13%)

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.5.20.0 2008.05.21 -
AntiVir 7.8.0.19 2008.05.21 -
Authentium 5.1.0.4 2008.05.21 -
Avast 4.8.1195.0 2008.05.21 Win32:Trojano-2873
AVG 7.5.0.516 2008.05.21 -
BitDefender 7.2 2008.05.21 Dropped:Trojan.Downloader.Small.BUY
CAT-QuickHeal 9.50 2008.05.19 -
ClamAV 0.92.1 2008.05.21 Trojan.Downloader-2966
DrWeb 4.44.0.09170 2008.05.21 Trojan.DownLoader.5013
eSafe 7.0.15.0 2008.05.20 Win32.Small.buy
eTrust-Vet 31.4.5808 2008.05.21 -
Ewido 4.0 2008.05.21 -
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.21 Trojan.NSIS.StartPage.c
Fortinet 3.14.0.0 2008.05.21 -
GData 2.0.7306.1023 2008.05.21 Trojan-Downloader.Win32.Small.buy
Ikarus T3.1.1.26.0 2008.05.21 Virus.Win32.AdWare
Kaspersky 7.0.0.125 2008.05.21 Trojan-Downloader.Win32.Small.buy
McAfee 5299 2008.05.20 -
Microsoft 1.3520 2008.05.21 Adware:Win32/Isearch.B
NOD32v2 3116 2008.05.21 Win32/TrojanDownloader.Small.BUY
Norman 5.80.02 2008.05.20 W32/DLoader.MXM.dropper
Panda 9.0.0.4 2008.05.21 Spyware/7r7t
Prevx1 V2 2008.05.21 -
Rising 20.45.12.00 2008.05.21 Trojan.DL.Adservs
Sophos 4.29.0 2008.05.21 CommAd Installer
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.21 -
TheHacker 6.2.92.314 2008.05.20 Trojan/Downloader.VB.dht
VBA32 3.12.6.6 2008.05.20 AdWare.Win32.ZenoSearch.bg
VirusBuster 4.3.26:9 2008.05.20 -
Webwasher-Gateway 6.6.2 2008.05.21 -
weitere Informationen
File size: 371553 bytes
MD5...: 90eb9d37cdf10d957fd049cd242156bc
SHA1..: 2e2f728f8080804b6111622663e6b85b7629461f
SHA256: 4dd5f8ecaa5e2b2b0bb3b62ac28d67c99f648c91f0fa002cd9992f7c80b8752b
SHA512: 3fea0679a39b0d8d5f9e392de6f7d707f7bd716e1bcb00d7cf35c0841844dfc2
26381eacd101698c8284f987f3edcee0cee5d4b7c88d2c8f5ececb384721d768
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40402d
timedatestamp.....: 0x423c2fea (Sat Mar 19 13:58:02 2005)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b32 0x5c00 6.46 76b0480223a9390fe6cd24cc4494344f
.rdata 0x7000 0x11c0 0x1200 5.22 3fcd3bcc4cb3a731007cea57c7f76fc3
.data 0x9000 0x260d4 0x400 5.20 47c5eb8732ddd1263c5187f46b0ec7d9
.ndata 0x30000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x38000 0x1000 0x800 2.92 1df771fe74d8a0d48e1d71b2275eb81f

( 8 imports )
> COMCTL32.dll: -, ImageList_AddMasked, ImageList_Destroy, ImageList_Create
> KERNEL32.dll: ExpandEnvironmentStringsA, GetEnvironmentVariableA, lstrcmpiA, CloseHandle, SetFileTime, GetFileAttributesA, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, lstrcatA, SetCurrentDirectoryA, CreateDirectoryA, SetFileAttributesA, Sleep, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, CopyFileA, ExitProcess, lstrcpynA, GlobalFree, GetWindowsDirectoryA, GetTempPathA, GetUserDefaultLangID, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, GlobalAlloc, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, SetEndOfFile, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, lstrcpyA, lstrlenA, GetSystemDirectoryA, MulDiv, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, ReadFile, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, GetCommandLineA
> USER32.dll: ExitWindowsEx, CharNextA, DialogBoxParamA, GetClassInfoA, CreateWindowExA, SystemParametersInfoA, RegisterClassA, EndDialog, ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, LoadCursorA, SetCursor, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, DispatchMessageA, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, PeekMessageA
> GDI32.dll: GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SetBkColor, SelectObject
> ADVAPI32.dll: RegEnumValueA, RegQueryValueExA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegEnumKeyA
> SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc, SHGetSpecialFolderLocation, SHFileOperationA
> ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )

Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Creating several executable files on hard-drive.
* Application uses MFC.DLL.
* File length: 371553 bytes.

[ Changes to filesystem ]
* Creates directory C:\WINDOWS\TEMP\.
* Creates file C:\WINDOWS\TEMP\nsr8199.tmp.
* Deletes file C:\WINDOWS\TEMP\nsr8199.tmp.
* Creates directory C:\WINDOWS\SYSTEM32\rDA.
* Creates file C:\WINDOWS\SYSTEM32\rDA\dBparsdll.exe.
* Creates directory C:\WINDOWS\SYSTEM32\dbW.
* Creates file C:\WINDOWS\SYSTEM32\dbW\trazcom06.exe.
* Creates directory C:\WINDOWS\SYSTEM32\3056v.
* Creates file C:\WINDOWS\SYSTEM32\3056v\Wvram13.exe.
* Creates directory C:\WINDOWS\SYSTEM32\emL1.
* Creates file C:\WINDOWS\SYSTEM32\emL1\roEbdll2.exe.

[ Process/window information ]
* Creates process \"dBparsdll.exe\".
* Creates process \"trazcom06.exe\".
* Creates process \"Wvram13.exe\".

[ Signature Scanning ]
* C:\WINDOWS\SYSTEM32\rDA\dBparsdll.exe (25105 bytes) : W32/DLoader.MXM.


packers (Kaspersky): UPX, PE_Patch.Upolyx, PE_Patch.UPX, UPX, Swf2Swc, Swf2Swc


C:\WINDOWS\system32\hgGaaaYP.dll

Ergebnis: 16/32 (50.00%)

AhnLab-V3 2008.5.16.0 2008.05.16 -
AntiVir 7.8.0.19 2008.05.18 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.05.18 -
Avast 4.8.1195.0 2008.05.18 -
AVG 7.5.0.516 2008.05.18 Generic10.YAY
BitDefender 7.2 2008.05.18 -
CAT-QuickHeal 9.50 2008.05.17 -
ClamAV 0.92.1 2008.05.19 -
DrWeb 4.44.0.09170 2008.05.17 Trojan.Packed.142
eSafe 7.0.15.0 2008.05.18 -
eTrust-Vet 31.4.5796 2008.05.16 Win32/Vundo.YT
Ewido 4.0 2008.05.18 -
F-Prot 4.4.2.54 2008.05.14 -
F-Secure 6.70.13260.0 2008.05.18 Vundo.gen179
Fortinet 3.14.0.0 2008.05.18 Virtum!tr
GData 2.0.7306.1023 2008.05.18 -
Ikarus T3.1.1.26.0 2008.05.19 Trojan.Win32.Vundo.AF
Kaspersky 7.0.0.125 2008.05.19 -
McAfee 5297 2008.05.17 Vundo
Microsoft 1.3408 2008.05.13 Trojan:Win32/Vundo.AF
NOD32v2 3107 2008.05.18 -
Norman 5.80.02 2008.05.16 Vundo.gen179
Panda 9.0.0.4 2008.05.18 Spyware/Virtumonde
Prevx1 V2 2008.05.19 Prevx Database Unreachable
Rising 20.44.62.00 2008.05.18 -
Sophos 4.29.0 2008.05.19 Troj/Virtum-Gen
Sunbelt 3.0.1123.1 2008.05.17 -
Symantec 10 2008.05.18 Trojan.Vundo
TheHacker 6.2.92.312 2008.05.18 -
VBA32 3.12.6.6 2008.05.18 Trojan.Packed.142
VirusBuster 4.3.26:9 2008.05.18 -
Webwasher-Gateway 6.6.2 2008.05.18 Trojan.Crypt.XPACK.Gen
weitere Informationen
File size: 52736 bytes
MD5...: 0e3535045706da1af690a904e5325a01
SHA1..: 195e95ce749221786bbc91dddfca810abf3c2698
SHA256: 44f47c465a4328018bb588b584bfc5a043cffd6d80be175c482e62b4555ace53
SHA512: 0161d29cc9a002d46bb97acfea0c5e43ffda3a13b0e4dc53ae56afcecaf0ec8f
8dc9efe78a11618b898d6473f91d34e2777874b53f1e101cfbce9542b66bfb5a
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100011c9
timedatestamp.....: 0x478a2fee (Sun Jan 13 15:36:14 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x706a 0x7200 7.33 10d62896fcf167c4950190a06c5f5baf
.rdata 0x9000 0x40a2 0x4200 7.85 68cc32453533a2ee4d2f7aff467c2fad
.data 0xe000 0x2695 0x1600 7.46 e6dccc59b41fefb31150274dcda80e92

( 2 imports )
> user32.dll: DispatchMessageA, DrawCaption, DrawMenuBar, DestroyCursor, EnableScrollBar, EndPaint, DestroyCaret, CreateIcon, CreateDialogParamA, CreateDialogIndirectParamA, CreateDesktopW, CharUpperBuffA, CharToOemBuffA, CharToOemA, CharNextA, ChangeMenuA, DrawStateA, ActivateKeyboardLayout
> kernel32.dll: lstrcatA, RtlUnwind, ReadFile, RaiseException, OpenFileMappingA, GetVersionExA, GetSystemTime, GetLastError, EnumResourceTypesA, EnumResourceNamesA, lstrcpyA

( 0 exports )

myrtille 22.05.2008 09:27
Hi,

erstelle bitte ein Log mit Hijackthis und Malwarebytes (lass alle gefundenen Einträge löschen)

Erstelle danach bitte noch ein Log mit DSS
  • Lade dir DSS
  • Schließe alle Anwendungen und führe DSS.exe dann mit einem Doppelklick aus
  • Führe während DSS arbeitet bitte keine anderen Aktionen durch
  • Am Ende öffnen sich 2 Datein main.txt und extra.txt
  • Poste den Inhalt beider Dateien hier

lg myrtille


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131