Need help analysing something

Ikaethos · 02/24/2007, 17:24

this is what i got from my SV scan, its self cracked

omplete scanning result of "scriptvessel.rar", received in VirusTotal at 02.24.2007, 17:18:22 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.23.2007 no virus found
Authentium 4.93.8 02.23.2007 W32/Ardamax.D
Avast 4.7.936.0 02.23.2007 Win32:Ardamax-gen
AVG 386 02.23.2007 Potentially harmful program Ardamax.A
BitDefender 7.2 02.24.2007 Spyware.Monitor.Ardamax.P
CAT-QuickHeal 9.00 02.24.2007 Monitor.Ardamax.k (Not a Virus)
ClamAV devel-20060426 02.24.2007 Trojan.Dropper.Small-156
DrWeb 4.33 02.24.2007 no virus found
eSafe 7.0.14.0 02.23.2007 no virus found
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.24.2007 Not-A-Virus.Monitor.Win32.Ardamax.k
FileAdvisor 1 02.24.2007 no virus found
Fortinet 2.85.0.0 02.24.2007 W32/Ardamax.B!tr.spy
F-Prot 4.3.1.45 02.22.2007 W32/Ardamax.D
F-Secure 6.70.13030.0 02.24.2007 Trojan-Spy.Win32.Ardamax.b
Ikarus T3.1.0.31 02.24.2007 Monitor.Win32.Ardamax.k
Kaspersky 4.0.2.24 02.24.2007 not-a-virus:Monitor.Win32.Ardamax.k
McAfee 4970 02.23.2007 no virus found
Microsoft 1.2204 02.24.2007 ArdamaxKeylogger
NOD32v2 2078 02.23.2007 Win32/KeyLogger.Ardamax
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.24.2007 Application/Ardamax
Prevx1 V2 02.24.2007 no virus found
Sophos 4.14.0 02.24.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 no virus found
Symantec 10 02.24.2007 no virus found
TheHacker 6.1.6.063 02.23.2007 no virus found
UNA 1.83 02.23.2007 no virus found
VBA32 3.11.2 02.23.2007 suspected of Trojan-Dropper.VB.22
VirusBuster 4.3.19:9 02.23.2007 TrojanSpy.Ardamax.F

Aditional Information
File size: 1763494 bytes
MD5: c764f335761cc78a4b426ffe4b3d4db2
SHA1: 6504a3e8edb9a6cd656b3b74de9a10b064ebfae9

can someone tell me about the results detected as im fairly new to this o.O

edit: forgot to include, i beleive ardamax is a commercial keylogger, but im not overly sure

if someone wants me to send them the file to analyse pm me

tsu · 02/24/2007, 19:43

That one is stuffed with keyloggers, dont use it and remove it from your system.
Where did you get that copy?

Trojan-Virus · 02/24/2007, 21:59

jesus man get rid of that thing 0.o

knitz · 02/25/2007, 02:27

Whenever something doesn't say "no virus found" that means there is probley something bad on it.

I suggest if you ran this SV within the past... um anytime.. you need to change ALL your passwords to anything that you logged onto since running it
>

Ikaethos · 02/25/2007, 09:00

i figured something was up with all the detections, thanks for confirming what i suspected.

i got the file from someone i know who wanted me to crack it, this is the scan of the one i use.

Complete scanning result of "ScriptVessel.rar", received in VirusTotal at 02.24.2007, 18:09:30 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 02.24.2007 no virus found
Authentium 4.93.8 02.23.2007 could be a corrupted executable file
Avast 4.7.936.0 02.23.2007 no virus found
AVG 386 02.23.2007 no virus found
BitDefender 7.2 02.24.2007 no virus found
CAT-QuickHeal 9.00 02.24.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 02.24.2007 no virus found
DrWeb 4.33 02.24.2007 no virus found
eSafe 7.0.14.0 02.23.2007 Win32.Polipos.sus
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.24.2007 no virus found
FileAdvisor 1 02.24.2007 no virus found
Fortinet 2.85.0.0 02.24.2007 suspicious
F-Prot 4.3.1.45 02.22.2007 no virus found
F-Secure 6.70.13030.0 02.24.2007 no virus found
Ikarus T3.1.0.31 02.24.2007 no virus found
Kaspersky 4.0.2.24 02.24.2007 no virus found
McAfee 4970 02.23.2007 no virus found
Microsoft 1.2204 02.24.2007 no virus found
NOD32v2 2078 02.23.2007 no virus found
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.24.2007 Suspicious file
Prevx1 V2 02.24.2007 no virus found
Sophos 4.14.0 02.24.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 VIPRE.Suspicious
Symantec 10 02.24.2007 no virus found
TheHacker 6.1.6.063 02.23.2007 no virus found
UNA 1.83 02.23.2007 no virus found
VBA32 3.11.2 02.23.2007 no virus found
VirusBuster 4.3.19:9 02.23.2007 no virus found

Aditional Information
File size: 1492505 bytes
MD5: ada1623ccbf68fdc6778eb8f3c5079c7
SHA1: 7e78c05b0f40c9ee43512e0c131f7ee724e3af60
packers: UPX
packers: UPX, UPX, UPX, UPX, UPX, UPX
packers: UPX
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

as far as i know, the detections are caused by the UPX packers

andyd123 · 02/25/2007, 09:04

Woops I didnt look at the real post

sonybaci · 02/25/2007, 09:48

i got from DM SV and i got some keyloggers ~_~,i'l post the scan

<hr>Append on Feb 25 2007, 10:08<hr> HERE IT IS:

hentium 4.93.8 02.23.2007 Possibly a new variant of W32/Internet-Trojan-patched-based!Maximus
Avast 4.7.936.0 02.23.2007 Win32:Crypto
AVG 386 02.24.2007 no virus found
BitDefender 7.2 02.25.2007 no virus found
CAT-QuickHeal 9.00 02.24.2007 no virus found
ClamAV devel-20060426 02.25.2007 no virus found
DrWeb 4.33 02.25.2007 no virus found
eSafe 7.0.14.0 02.23.2007 Win32.Polipos.sus
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.24.2007 no virus found
FileAdvisor 1 02.25.2007 no virus found
Fortinet 2.85.0.0 02.25.2007 PossibleThreat!019139
F-Prot 4.3.1.45 02.22.2007 W32/Internet-Trojan-patched-based!Maximus
F-Secure 6.70.13030.0 02.24.2007 no virus found
Ikarus T3.1.0.31 02.25.2007 Trojan-PWS.Win32.Lmir.bi
Kaspersky 4.0.2.24 02.25.2007 no virus found
McAfee 4970 02.23.2007 no virus found
Microsoft 1.2204 02.25.2007 no virus found
NOD32v2 2079 02.24.2007 no virus found
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.24.2007 no virus found
Prevx1 V2 02.25.2007 no virus found
Sophos 4.14.0 02.24.2007 no virus found
Sunbelt 2.2.907.0 02.24.2007 VIPRE.Suspicious
Symantec 10 02.25.2007 no virus found
TheHacker 6.1.6.064 02.25.2007 no virus found
UNA 1.83 02.23.2007 no virus found
VBA32 3.11.2 02.24.2007 no virus found
VirusBuster 4.3.19:9 02.24.2007 no virus found