(Sony) Posted May 25, 2012 Share Posted May 25, 2012 This is the hidden content, please Sign In or Sign Up Explicacion: Tenemos el primeiro % marcado... contas 26 offsets para tras e entre lo 26 offsets hasta 28 vas tentando combinaciones. En la figura tienes: K @ . _ . R nessa zona es onde consigo mejores resultados és onde quito "suspicious" de Panda... e se altera por ex.... R @ = / - F ou seja tentando varias combinaciones de simbolos e letras. Tamben consegui buenos resultados con algunas firmas alternado alguns de offsets en toda la zona marca a negro. Scan Antes: File Info Report date: 2012-05-23. File name: encrypt.eXe File size: 81983 bytes MD5 Hash: a810bc10ba839b0d8aeab4f2c786bc7f SHA1 Hash: 8c36c7ae368f2c717436e25c788b551db44ef3e3 Detection rate: 15 out of 37 Status: INFECTED Detections AVG - Trojan horse Dropper.Generic6.OCH. Acavir - Clean. Avast 5 -Clean. Avast -Clean. Avira -TR/Agent.36864.320. BitDefender -Gen:Trojan.Heur.ZGY.5. VirusBuster Internet Security -Clean. Clam Antivirus -Clean. COMODO Internet Security -Clean. DrWeb -Trojan.VbCrypt.66. eTrust-Vet -Win32/VBNA.A!generic. F-PROT Antivirus -Clean. F-Secure Internet Security -Gen:Trojan.Heur.ZGY.5. G Data -Gen:Trojan.Heur.ZGY.5. IKARUS Security-Virus.Win32.VBInject. Kaspersky Antivirus -Clean. McAfee -Clean. MS Security Essentials -VirTool:Win32/VBInject.gen!ID. ESET NOD32 -Trojan.Win32/Injector.MAF. Norman -W32/VBInject.YR. Norton -Clean. Panda Security -Suspicious. A-Squared Security -Clean. Quick Heal Antivirus -Clean. Rising Antivirus -Clean. Solo Antivirus -Clean. Sophos -Mal/EncPk-DV. Trend Micro Internet Security -virus found deleted. VBA32 Antivirus -Clean. Vexira Antivirus -Clean. Webroot Internet Security -Clean. Zoner AntiVirus -Clean. Ad-Aware -Clean. AhnLab V3 Internet Security -Clean. Bullguard -virus: Gen:Trojan.Heur.ZGY.5. Imunitet -Clean. Vipre -Clean. Stub Despues: File Info Report date: 2012-05-23. File name: encrypt3.exe File size: 81983 bytes MD5 Hash: 4fa40e5b2440e1f6a3ac849c214be297 SHA1 Hash: 46185d7801e13f52721753ca460d9cf86b740c10 Detection rate: 12 out of 37 Status: INFECTED Detections AVG - Clean. Acavir - Clean. Avast 5 -Clean. Avast -Clean. Avira -TR/Agent.36864.320. BitDefender -Gen:Trojan.Heur.ZGY.5. VirusBuster Internet Security -Clean. Clam Antivirus -Clean. COMODO Internet Security -Clean. DrWeb -Trojan.VbCrypt.66. eTrust-Vet -Win32/VBNA.A!generic. F-PROT Antivirus -Clean. F-Secure Internet Security -Gen:Trojan.Heur.ZGY.5. G Data -Gen:Trojan.Heur.ZGY.5. IKARUS Security-Virus.Win32.VBInject. Kaspersky Antivirus -Clean. McAfee -Clean. MS Security Essentials -VirTool:Win32/VBInject.gen!ID. ESET NOD32 -Trojan.Win32/Injector.MAF. Norman -W32/VBInject.YR. Norton -Clean. Panda Security -Clean. A-Squared Security -Clean. Quick Heal Antivirus -Clean. Rising Antivirus -Clean. Solo Antivirus -Clean. Sophos -Mal/EncPk-DV. Trend Micro Internet Security -Clean. VBA32 Antivirus -Clean. Vexira Antivirus -Clean. Webroot Internet Security -Clean. Zoner AntiVirus -Clean. Ad-Aware -Clean. AhnLab V3 Internet Security -Clean. Bullguard -virus: Gen:Trojan.Heur.ZGY.5. Imunitet -Clean. Vipre -Clean. :paranoico: Link to comment Share on other sites More sharing options...
roñoso Posted May 25, 2012 Share Posted May 25, 2012 gracias sony sabes que lo probe y me saco varios avs muy bueno el tip saludos Link to comment Share on other sites More sharing options...
GoldenArrow Posted May 26, 2012 Share Posted May 26, 2012 (edited) gracias sony sabes que lo probe y me saco varios avs muy bueno el tip saludos Holla... Si lo resulta me a revelado la TIP porque yo tengo buenos resultado em varios Stubs... Otro Scan tentando en el mismos offsets con outras combinaciones ( pelas pruebas no existe combinacion especifica, como comentei... és question de prueba e error)... esse aqui me quitou Avira: Stub antes: File Info Report date: 2012-05-22. Scan Occured: This is the hidden content, please Sign In or Sign Up Link to scan: This is the hidden content, please Sign In or Sign Up File name: golldi.eXe File size: 81983 bytes MD5 Hash: bc99aa0d8eb28faac93ebb75486aa82f SHA1 Hash: cbcf7cc5cd18c3df357925f2e3aca28c670130e5 Detection rate: 11 out of 37 Status: INFECTED Detections AVG - Clean. Acavir - Clean. Avast 5 -Clean. Avast -Clean. Avira -TR/Agent.36864.320. BitDefender -Clean. VirusBuster Internet Security -Clean. Clam Antivirus -Clean. COMODO Internet Security -Clean. DrWeb -Trojan.VbCrypt.66. eTrust-Vet -Win32/VBNA.A!generic. F-PROT Antivirus -Clean. F-Secure Internet Security -Gen:Trojan.Heur.ZGY.5. G Data -Gen:Trojan.Heur.ZGY.5. IKARUS Security-Virus.Win32.VBInject. Kaspersky Antivirus -Clean. McAfee -Clean. MS Security Essentials -VirTool:Win32/VBInject.gen!ID. ESET NOD32 -Trojan.Win32/Injector.MAF. Norman -W32/VBInject.YR. Norton -Clean. Panda Security -Clean. A-Squared Security -Clean. Quick Heal Antivirus -Clean. Rising Antivirus -Clean. Solo Antivirus -Clean. Sophos -Mal/EncPk-DV. Trend Micro Internet Security -Clean. VBA32 Antivirus -Clean. Vexira Antivirus -Clean. Webroot Internet Security -Clean. Zoner AntiVirus -Clean. Ad-Aware -Clean. AhnLab V3 Internet Security -Clean. Bullguard -virus: Gen:Trojan.Heur.ZGY.5. Imunitet -Clean. Vipre -Clean. *** This is the hidden content, please Sign In or Sign Up Stub con offsets modificados: File Info Report date: 2012-05-22. Scan Occured: This is the hidden content, please Sign In or Sign Up Link to scan: This is the hidden content, please Sign In or Sign Up File name: golldiii.exe File size: 81983 bytes MD5 Hash: 779f5f6d5de3ae26cc274431e4ce429a SHA1 Hash: 0f0f92bb30e8cc143fc07fea67dece53d99d7926 Detection rate: 13 out of 37 Status: INFECTED Detections AVG - Clean. Acavir - Clean. Avast 5 -Clean. Avast -Clean. Avira -Clean. BitDefender -Clean. VirusBuster Internet Security -Clean. Clam Antivirus -Clean. COMODO Internet Security -Clean. DrWeb -Trojan.VbCrypt.66. eTrust-Vet -Win32/VBNA.A!generic. F-PROT Antivirus -Clean. F-Secure Internet Security -Gen:Trojan.Heur.ZGY.5. G Data -Gen:Trojan.Heur.ZGY.5. IKARUS Security-Virus.Win32.VBInject. Kaspersky Antivirus -HEUR:Trojan.Win32.Generic. McAfee -Clean. MS Security Essentials -VirTool:Win32/CeeInject.gen!A. ESET NOD32 -Trojan.Win32/Injector.MAF. Norman -W32/VBInject.YR. Norton -Clean. Panda Security -Clean. A-Squared Security -Clean. Quick Heal Antivirus -Clean. Rising Antivirus -Clean. Solo Antivirus -Clean. Sophos -Mal/EncPk-DV. Trend Micro Internet Security -Mal_Repyh. VBA32 Antivirus -Clean. Vexira Antivirus -Clean. Webroot Internet Security -Clean. Zoner AntiVirus -Clean. Ad-Aware -Clean. AhnLab V3 Internet Security -Clean. Bullguard -virus: Gen:Trojan.Heur.ZGY.5. Imunitet -Gen:Trojan.Heur.ZGY.5. Vipre -Clean. *** This is the hidden content, please Sign In or Sign Up Gracias (sony) por publicarlo aqui en el forum... Saludos... Edited May 26, 2012 by GoldenArrow Link to comment Share on other sites More sharing options...
Recommended Posts