Antywirus Wersja Ostatnia aktualizacja Wynik
AhnLab-V3 2008.5.30.1 2008.06.03 -
AntiVir 7.8.0.26 2008.06.03 -
Authentium 5.1.0.4 2008.06.02 -
Avast 4.8.1195.0 2008.06.03 Win32:Rootkit-gen
AVG 7.5.0.516 2008.06.03 -
BitDefender 7.2 2008.06.03 -
CAT-QuickHeal 9.50 2008.06.03 -
ClamAV 0.92.1 2008.06.03 -
DrWeb 4.44.0.09170 2008.06.03 -
eSafe 7.0.15.0 2008.06.02 -
eTrust-Vet 31.4.5845 2008.06.03 -
Ewido 4.0 2008.06.03 -
F-Prot 4.4.4.56 2008.06.02 -
F-Secure 6.70.13260.0 2008.06.03 -
Fortinet 3.14.0.0 2008.06.03 -
GData 2.0.7306.1023 2008.06.03 Win32:Rootkit-gen
Ikarus T3.1.1.26.0 2008.06.03 -
Kaspersky 7.0.0.125 2008.06.03 -
McAfee 5308 2008.06.02 -
Microsoft 1.3604 2008.06.03 -
NOD32v2 3155 2008.06.03 -
Norman 5.80.02 2008.06.03 -
Panda 9.0.0.4 2008.06.03 -
Prevx1 V2 2008.06.03 -
Rising 20.47.12.00 2008.06.03 -
Sophos 4.29.0 2008.06.03 -
Sunbelt 3.0.1143.1 2008.06.03 -
Symantec 10 2008.06.03 -
TheHacker 6.2.92.332 2008.06.03 -
VBA32 3.12.6.7 2008.06.03 -
VirusBuster 4.3.26:9 2008.06.03 -
Webwasher-Gateway 6.6.2 2008.06.03 BlockReason.0
Dodatkowe informacje
File size: 12800 bytes
MD5...: b3c95bfeef6781a82a1c429f466a3a11
SHA1..: 32aa15820e984a79664db0fd48ae943931b83514
SHA256: ab4a8e6f19a4c6ea504efff99613a590861cd981849f71c3a859c9eaf23a3afd
SHA512: 40ead71c8639ee659aab37839b72e8d20eec3a100750d627a562f2968bb1ee87
c4c6093a022a9d52f3a7a386a5ad9a18d72b1ff5beb833119109a9d968ce7da2
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1001ce2
timedatestamp.....: 0x3b7de4c5 (Sat Aug 18 03:45:09 2001)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2450 0x2600 6.10 c46beef3543b16a7814b0a030f0e5000
.data 0x4000 0x1f4 0x200 1.50 1a396ac5334432d459f3697937a48e6e
.rsrc 0x5000 0x408 0x600 2.47 df415f1328865e4cbd290ad3189697e1
( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, GetCurrentProcess, GetCurrentThread, HeapAlloc, LoadLibraryExW, LeaveCriticalSection, lstrcmpW, EnterCriticalSection, LCMapStringW, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, FreeLibrary, InterlockedCompareExchange, LoadLibraryA, LocalFree, GetProcAddress, DelayLoadFailureHook, LocalAlloc
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, RtlCopySid, RtlSubAuthorityCountSid, NtClose, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlUnhandledExceptionFilter, wcslen, RtlImageNtHeader
> RPCRT4.dll: RpcMgmtSetServerStackSize, RpcMgmtWaitServerListen, RpcMgmtStopServerListening, RpcServerUnregisterIf, RpcServerUnregisterIfEx, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status
( 0 exports )
and that:
Plik został już przeskanowany:
MD5: b3c95bfeef6781a82a1c429f466a3a11
First received: 2008.06.03 10:25:55 (CET)
Data: 2008.06.03 18:57:49 (CET) [<1D]
Wyniki: 3/32
Permalink: analisis/9c696c71028cd43d361d6dc67cc61d60
Is it infected?