http://www.threatexpert.com/submit.aspx
点“浏览”找到病毒样本(最大不超过5MB)
在Your E-mail address里填上你的电子邮箱地址,分析报告会发到你填的邮箱中
然后选上下面的I agree to be bound by the Terms and Conditions
再点Submit
看到绿色的√就说明上传成功了,等几分钟报告就会发到你的电子邮箱中
这是我收到的报告全文:
-----------------------
Thank you for submitting your sample to ThreatExpert.
Yoursubmission was processed successfully and the analysis report isattached (password "threatexpert"). You can also view the results ofyour submission on our website at:
http://www.threatexpert.com/report.aspx?md5=808b55eda5a6192170f496ec2ce14f09
Details of your submission
Submission received: 28 July 2008, 01:13:27 AM
Processing time: 4 min 38 sec
File MD5: 0x808B55EDA5A6192170F496EC2CE14F09
File size: 368,640 bytes
ThreatExpertis used by security researchers, government agencies and corporationsaround the world to help keep the bad guys out. If you would like tolearn more about ThreatExpert, or how you could license the technology,please visit us online at
http://www.threatexpert.com/ or contact us at
info@threatexpert.com.
Thankyou again for submitting your sample we hope the information has beenuseful. Please remember you can submit new samples any time at
http://www.threatexpert.com/submit.aspx
Regards,
The ThreatExpert Team
Use of the information in this report is bound by the ThreatExpert Terms and Conditions of Use (
http://www.threatexpert.com/terms.aspx).
-----------------------
报告地址:
http://www.threatexpert.com/report.aspx?md5=808b55eda5a6192170f496ec2ce14f09
附件report.zip也是报告,解压密码为threatexpert
从报告中可以看出,该程序都创建了哪些文件,运行了哪些程序
这个样本图标伪装成Windows Media Player,首先释放出_delme.bat删除自身,同时向收藏夹中加入两个网址,别的没什么
有了这个威胁分析系统,我们对病毒样本的分析会变得很简单
前提是能够看懂上面的大部分英文
OK, that's all. Let's enjoy it!!
