Main menu

Search
Login
Signup
Links
<< Previous thread | Next thread >>   
Possibile virus in X-Mule

Author Post
MaxBad62
Sun 31 Aug 2008 - 18:47

online
Registered Member #11995
Joined: Mon 23 Jun 2008 - 18:49
Location: Vicenza
Posts: 31

Dal momento che dopo aver effettuato una scansione con ClamAV, mi veniva rilevata la presenza di un Trojan, ho voluto far fare una scansione su Virus Total.
Il file in questione è X-Mule, che dovrebbe essere l'X-launcher.

Adesso sono un po' restio a mandarlo in esecuzione. Qualcuno mi può dire di più a riguardo??
Grazie, e complimenti per questo meraviglioso progetto!!

Questi sono i risultati di Virus Total.

Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.31 -
Authentium 5.1.0.4 2008.08.30 -
Avast 4.8.1195.0 2008.08.30 -
AVG 8.0.0.161 2008.08.30 -
BitDefender 7.2 2008.08.31 -
CAT-QuickHeal 9.50 2008.08.29 I-Worm.Sohanad.e[/color]
ClamAV 0.93.1 2008.08.31 Trojan.Qhost-166
DrWeb 4.44.0.09170 2008.08.31 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6057 2008.08.29 -
Ewido 4.0 2008.08.31 -
F-Prot 4.4.4.56 2008.08.30 -
Fortinet 3.14.0.0 2008.08.31 PossibleThreat
GData 19 2008.08.31 -
Ikarus T3.1.1.34.0 2008.08.31 -
K7AntiVirus 7.10.433 2008.08.30 -
Kaspersky 7.0.0.125 2008.08.31 -
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3401 2008.08.30 -
Norman 5.80.02 2008.08.29 -
Panda 9.0.0.4 2008.08.31 -
PCTools 4.4.2.0 2008.08.31 -
Prevx1 V2 2008.08.31 -
Rising 20.59.61.00 2008.08.31 -
Sophos 4.33.0 2008.08.31 -
Sunbelt 3.1.1592.1 2008.08.30 -
Symantec 10 2008.08.31 -
TheHacker 6.3.0.6.068 2008.08.30 -
TrendMicro 8.700.0.1004 2008.08.31 -
VBA32 3.12.8.4 2008.08.30 -
ViRobot 2008.8.30.1357 2008.08.30 -
VirusBuster 4.5.11.0 2008.08.31 -
Webwasher-Gateway 6.6.2 2008.08.31 -
Informazioni addizionali
File size: 574077 bytes
MD5...: 9040f675b76e0377e082430c1e725d5d
SHA1..: e6af55ef59b88c887ec5735c58dd7aaad3c128f5
SHA256: 67bf0a43278529575b493c5dd69feb014065de733f01e8a4fa80fa27cfd51f8f
SHA512: 6721da7850bb1b5b2b575c093bab1641dadba0845b06d81eafe2f64b03373b28
ee2f758db4a825e534fad8f2eebb0d1a3afc6890706fe60db431932e4dd159b7
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4422e4
timedatestamp.....: 0x44df14f2 (Sun Aug 13 12:02:58 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4e33d 0x4e400 6.57 0d4237c44d173562097be7f451cca9e6
.rdata 0x50000 0x9122 0x9200 5.37 7450b3d753d449720eacb5581fc4a13f
.data 0x5a000 0x15654 0x2400 4.06 2cb2cad3ed8365c4d051b5826abd7f01
.rsrc 0x70000 0x2b000 0x2ae00 4.11 9e05d09930e08abda263ba92ef16bb29

( 13 imports )
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
> WINMM.dll: waveOutSetVolume, timeGetTime, mciSendStringA
> COMCTL32.dll: ImageList_Remove, ImageList_Destroy, ImageList_EndDrag, ImageList_DragLeave, ImageList_DragMove, ImageList_DragEnter, ImageList_BeginDrag, ImageList_SetDragCursorImage, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx
> MPR.dll: WNetUseConnectionA, WNetGetConnectionA, WNetAddConnection2A, WNetCancelConnection2A
> KERNEL32.dll: GetCurrentThreadId, UnmapViewOfFile, OpenProcess, CreateFileMappingA, MapViewOfFile, WriteProcessMemory, ReadProcessMemory, TerminateProcess, WaitForSingleObject, SetFileTime, GetFileAttributesA, FindFirstFileA, FindClose, MultiByteToWideChar, DeleteFileA, FindNextFileA, MoveFileA, CopyFileA, GetLastError, CreateDirectoryA, RemoveDirectoryA, SetSystemPowerState, QueryPerformanceFrequency, FindResourceA, LoadResource, LockResource, SizeofResource, EnumResourceNamesA, GetLocalTime, WideCharToMultiByte, InterlockedIncrement, InterlockedDecrement, lstrcmpiA, FormatMessageA, GetExitCodeProcess, GetPrivateProfileStringA, WritePrivateProfileStringA, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, SetFilePointer, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, QueryPerformanceCounter, GetDriveTypeA, SetErrorMode, GetDiskFreeSpaceA, GetVolumeInformationA, SetVolumeLabelA, DeviceIoControl, SetFileAttributesA, GetShortPathNameA, WritePrivateProfileSectionA, GetEnvironmentVariableA, SetEnvironmentVariableA, GlobalMemoryStatus, Beep, GetComputerNameA, GetWindowsDirectoryA, GetSystemDirectoryA, GetTempPathA, GetCurrentProcessId, CreatePipe, DuplicateHandle, GetStdHandle, WriteFile, GetFileType, PeekNamedPipe, SetLastError, GetTempFileNameA, HeapFree, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, GetStartupInfoA, GetCommandLineA, DeleteCriticalSection, HeapReAlloc, HeapSize, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, TlsAlloc, TlsFree, TlsSetValue, TlsGetValue, LCMapStringA, LCMapStringW, GetACP, GetOEMCP, GetSystemInfo, GetCurrentProcess, GetModuleHandleA, GetVersionExA, GlobalFree, GlobalUnlock, ReadFile, GlobalLock, GlobalAlloc, GetFileSize, CreateFileA, FreeLibrary, GetProcAddress, LoadLibraryA, CloseHandle, CreateProcessA, Sleep, GetModuleFileNameA, GetFullPathNameA, GetCPInfo, UnhandledExceptionFilter, SetHandleCount, SetCurrentDirectoryA, GetCurrentDirectoryA, GetSystemTimeAsFileTime, ExitProcess, GetTimeZoneInformation, ExitThread, CreateThread, SetStdHandle, FlushFileBuffers, FreeEnvironmentStringsA, GetEnvironmentStrings, ResumeThread, FreeEnvironmentStringsW, GetEnvironmentStringsW, InitializeCriticalSection, RtlUnwind, InterlockedExchange, VirtualQuery, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualProtect, GetTickCount, RaiseException, SetEndOfFile, CompareStringA, CompareStringW, SetUnhandledExceptionFilter, IsBadReadPtr, LocalFileTimeToFileTime, IsBadCodePtr
> USER32.dll: CharLowerBuffA, IsClipboardFormatAvailable, OpenClipboard, GetClipboardData, CloseClipboard, CountClipboardFormats, EmptyClipboard, SetClipboardData, GetCursor, RegisterHotKey, SetActiveWindow, IsWindowEnabled, GetMenuStringA, GetSubMenu, GetCaretPos, IsZoomed, FlashWindow, EndDialog, SendDlgItemMessageA, GetDlgItem, IsWindow, GetMenu, CopyRect, EndPaint, BeginPaint, InsertMenuItemA, CopyImage, SetMenuDefaultItem, SetMenu, CreateMenu, DeleteMenu, DestroyMenu, DrawMenuBar, SetMenuItemInfoA, GetDesktopWindow, SetWindowPos, GetMessageA, RedrawWindow, wsprintfA, CharNextA, IsMenu, GetWindowTextA, GetDlgCtrlID, EnumChildWindows, GetActiveWindow, LockWindowUpdate, EnableWindow, LoadStringA, IsCharAlphaA, SetClassLongA, AdjustWindowRectEx, SetRect, SystemParametersInfoA, GetSystemMetrics, ReleaseDC, GetDC, GetSysColor, SetCursor, GetFocus, GetForegroundWindow, MessageBeep, PtInRect, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, GetMenuItemInfoA, PostMessageA, SetWindowTextA, ReleaseCapture, SetCapture, ClientToScreen, GetParent, GetWindowLongA, GetKeyState, SendMessageA, WindowFromPoint, DispatchMessageA, TranslateMessage, PeekMessageA, UnregisterHotKey, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, EnumWindows, EnumThreadWindows, SendMessageTimeoutA, SetWindowLongA, CharUpperA, GetClientRect, TrackPopupMenuEx, GetCursorPos, DefDlgProcA, IsDialogMessageA, GetClassNameA, InvalidateRect, ScreenToClient, GetWindowRect, DefWindowProcA, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageA, SetTimer, ShowWindow, CreateWindowExA, RegisterClassExA, LoadIconA, LoadCursorA, CreateIcon, SetForegroundWindow, IsIconic, FindWindowA, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, keybd_event, AttachThreadInput, GetWindowThreadProcessId, VkKeyScanA, GetKeyboardLayoutNameA, MapVirtualKeyA, MessageBoxA, LoadImageA, IsCharAlphaNumericA, GetSysColorBrush, DestroyIcon, IsCharLowerA, IsCharUpperA, CharUpperBuffA, DestroyWindow, DialogBoxParamA, IsWindowVisible
> GDI32.dll: PolyBezierTo, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, LineTo, GetTextExtentPoint32A, CreateDIBSection, BitBlt, GetDIBits, CreateDCA, GetTextFaceA, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectA, DeleteDC, CreateCompatibleDC, SelectObject, CreateFontA, GetDeviceCaps, GetStockObject, SetBkMode, SetTextColor, GetPixel, CreateSolidBrush, DeleteObject, SetBkColor
> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA
> ADVAPI32.dll: RegEnumValueA, RegDeleteValueA, RegDeleteKeyA, RegSetValueExA, RegCreateKeyExA, GetUserNameA, RegConnectRegistryA, RegEnumKeyExA, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegQueryValueExA, RegOpenKeyExA
> SHELL32.dll: SHFileOperationA, SHGetPathFromIDListA, SHGetDesktopFolder, SHGetMalloc, Shell_NotifyIconA, ExtractIconExA, ExtractIconA, DragFinish, DragQueryFileA, DragQueryPoint, SHBrowseForFolderA
> ole32.dll: CreateStreamOnHGlobal, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemAlloc, CoTaskMemFree, IIDFromString, StringFromIID, CLSIDFromString, OleInitialize, OleUninitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, StringFromCLSID
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )

[ Edited Sun 31 Aug 2008 - 19:06 ]
Back to top
Danix
Sun 31 Aug 2008 - 21:20

online

Registered Member #1
Joined: Fri 29 Dec 2006 - 05:38
Location: Sassari
Posts: 12956
Benvenuto su winPenPack

Qualcuno mi può dire di più a riguardo??

Giustappunto: -Link-
Back to top
Website
MaxBad62
Mon 01 Sep 2008 - 07:22

online
Registered Member #11995
Joined: Mon 23 Jun 2008 - 18:49
Location: Vicenza
Posts: 31
Grazie Danix!!!
Ne Deduco che allora posso utilizzarlo tranquillamemte?!?
Back to top
Danix
Sun 14 Sep 2008 - 15:33

online

Registered Member #1
Joined: Fri 29 Dec 2006 - 05:38
Location: Sassari
Posts: 12956
Problema risolto con ClamWin (vedi homepage)

dopo aver effettuato una scansione con ClamAV

ClamAV o ClamWin?
Back to top
Website
MaxBad62
Sun 14 Sep 2008 - 16:44

online
Registered Member #11995
Joined: Mon 23 Jun 2008 - 18:49
Location: Vicenza
Posts: 31
Grazie 1000 Danix. Ottimo lavoro!! Ma non vi riposate mai??
Comunque avevo già deciso di fidarmi, visto che la percentuale di antivirus che
riconoscevano una possibile infezione era così esigua.

Scusa Danix, era ClamWin!

[ Edited Sun 14 Sep 2008 - 17:27 ]
Back to top

Moderators: Danix, Taf, Rcs, Energy, zandet2, ZioZione, Admin, LordJim60

Jump:     Back to top

Syndicate this thread: rss 0.92 Syndicate this thread: rss 2.0 Syndicate this thread: RDF
Powered by e107 Forum System