Sign in to follow this  
Followers 0
slaughter

TR/Dropper.Gen

4 posts in this topic

some of my scripts AVira detects as virus

No. Name Type Danger Description Detection added

1. TR/Dropper.Gen2 Trojan 12 Oct 2009 see here

2. TR/Dropper.Gen Trojan 19 Jun 2007 see here

what to do? A lot users a using some my apps so im in a truble ;)

Share this post


Link to post
Share on other sites



Take a look at this thread Are my AutoIt EXE's really infected?, The gist of it is "Report the false positive to your Av vendor".

Are you using any types of packers/protectors, or are you using an older build of AutoIt3?

Share this post


Link to post
Share on other sites

My Autoit exe file also treat as TR/Dropper.gen trojan. I had sent it to Avira for more then two days but still no action, it keep alert as trojan. Avira never update their definition. My customers don't want to run my program now and wait for solution. Which version of Script to Exe will solve this problem? I tried the latest one but still same.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Avira never update their definition.

It would appear that they do else you would not find yourself in this predicament. Or perhaps....

Just passed an up to date executable through VT, and nothings changed really since the last time I checked all this.

3 Flags by the same vendors for the same shit, but no flags for the vendor you mention. (what a surprise)

File Yo.exe received on 2010.01.13 13:05:50 (UTC) Result: 3/41 (7.32%)

Antivirus_______Version_____Last_Update_____Result

a-squared_______4.5.0.48____2010.01.13______Trojan.Win32.Dropper!A2
AhnLab-V3_______5.0.0.2_____2010.01.12______-
AntiVir_________7.9.1.134___2010.01.13______-
Antiy-AVL_______2.0.3.7_____2010.01.12______-
Authentium______5.2.0.5_____2010.01.12______-
Avast___________4.8.1351.0__2010.01.12______-
AVG_____________9.0.0.725___2010.01.13______-
BitDefender_____7.2_________2010.01.13______-
CAT-QuickHeal___10.00_______2010.01.13______-
ClamAV__________0.94.1______2010.01.13______-
Comodo__________3568________2010.01.13______-
DrWeb___________5.0.1.12222_2010.01.13______-
eSafe___________7.0.17.0____2010.01.13______-
eTrust-Vet______35.2.7234___2010.01.13______-
F-Prot__________4.5.1.85____2010.01.12______-
F-Secure________9.0.15370.0_2010.01.13______-
Fortinet________4.0.14.0____2010.01.13______-
GData___________19__________2010.01.13______-
Ikarus__________T3.1.1.80.0_2010.01.13______-
Jiangmin________13.0.900____2010.01.13______-
K7AntiVirus_____7.10.944____2010.01.11______-
Kaspersky_______7.0.0.125___2010.01.13______-
McAfee__________5859________2010.01.12______-
McAfee+Artemis__5859________2010.01.12______-
McAfee-GW-Edit__6.8.5_______2010.01.13______Heuristic.BehavesLike.Win32.Spyware.J
Microsoft_______1.5302______2010.01.13______-
NOD32___________4766________2010.01.13______-
Norman__________6.04.03_____2010.01.13______-
nProtect________2009.1.8.0__2010.01.13______-
Panda___________10.0.2.2____2010.01.12______-
PCTools_________7.0.3.5_____2010.01.13______-
Prevx___________3.0_________2010.01.13______Medium_Risk_Malware
Rising__________22.30.02.06_2010.01.13______-
Sophos__________4.49.0______2010.01.13______-
Sunbelt_________3.2.1858.2__2010.01.13______-
Symantec________20091.2.0.41_2010.01.13_____-
TheHacker_______6.5.0.3.148_2010.01.13______-
TrendMicro______9.120.0.1004_2010.01.13_____-
VBA32___________3.12.12.1____2010.01.13_____-
ViRobot_________2010.1.13.2134_2010.01.13___-
VirusBuster_____5.0.21.0_____2010.01.12_____-

Additional information
File size: 637666 bytes
MD5...: 0ce9cc4b6d9193ea6eccbe78df9e8f62
SHA1..: 5ca61dd7fa023a08e9e617dc8b7b43cb276e390d
SHA256: 42c310dc9c4beb27e8809de2c9f35cec75b3e2b44a882dc264d031be3d451aa2
ssdeep: 12288:aZjMLf11MmPQeRXEHYYS3gA0FJO1t3C6Qox:aafIiy4NwdL0Qox
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x18150
timedatestamp.....: 0x4b2a6d7c (Thu Dec 17 17:42:20 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x817db 0x81800 6.60 65da5cf25d2638a9e0501ad857d0c520
.rdata 0x83000 0xd7b4 0xd800 4.93 cec745f0a27fdfa71b4a6a5257882a33
.data 0x91000 0x16f18 0x3200 4.12 e2b7c410ea360050a2f1fa394d4c33fc
.rsrc 0xa8000 0x9298 0x9400 5.53 4dee82f3369c5ddfd373ee228111876f

( 16 imports )
> WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> VERSION.dll: VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
> WINMM.dll: timeGetTime, waveOutSetVolume, mciSendStringW
> COMCTL32.dll: ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
> MPR.dll: WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
> WININET.dll: InternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
> PSAPI.DLL: EnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
> USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
> KERNEL32.dll: WaitForSingleObject, HeapFree, GetProcessHeap, HeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, ReadFile, SetFilePointer, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, CreateThread, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, WriteFile, GetStdHandle, CreatePipe, InterlockedExchange, EnterCriticalSection, TerminateThread, LeaveCriticalSection, DeleteCriticalSection, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, VirtualAlloc, LoadLibraryExW, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, LoadLibraryA, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, FreeLibrary, InitializeCriticalSection, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetProcAddress, LoadLibraryW, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, InitializeCriticalSectionAndSpinCount, HeapReAlloc, HeapCreate, RtlUnwind, GetConsoleCP, GetConsoleMode, SetHandleCount, GetFileType, GetStartupInfoA, FlushFileBuffers, SetStdHandle, LCMapStringW, LCMapStringA, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, SizeofResource, SetEnvironmentVariableA
> USER32.dll: CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, AdjustWindowRectEx, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, UnregisterHotKey, SetKeyboardState, GetKeyboardState, GetKeyState, keybd_event, VkKeyScanA, GetKeyboardLayoutNameA, CharUpperW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, GetMenuItemID, PeekMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, CharLowerBuffW, MonitorFromRect, LoadImageW, GetAsyncKeyState, CreateIconFromResourceEx, InvalidateRect
> GDI32.dll: DeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, LineTo, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
> COMDLG32.dll: GetSaveFileNameW, GetOpenFileNameW
> ADVAPI32.dll: RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetSecurityDescriptorDacl, GetAce, AddAce, GetAclInformation
> SHELL32.dll: DragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
> ole32.dll: OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=398D5C51E286E573BAA0098CF34FCB009A1EC2EF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=398D5C51E286E573BAA0098CF34FCB009A1EC2EF</a>

sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..:
original name: n/a
internal name: n/a
file version.: 3, 3, 2, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

pdftt

Edited by Mobius

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0