瑞星卡卡安全论坛

首页 » 技术交流区 » 可疑文件交流 » s.exe,在线扫描结果: 4/36 (11.12%)
endurer - 2008-9-2 14:12:00

 附件: 您所在的用户组无法下载或查看附件

解压密码:virus

O23 - 服务: OSEvent (OSEvent) - C:\WINDOWS\system32\s.exe| 2008-8-8 4:9:38(自动)

文件说明符 : C:\WINDOWS\system32\s.exe
属性 : A--R
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
说明 : Windows Progman Group Converter
版权 : Copyright Zhongsou(C) 2005
产品版本 : 5.1.2600.2180
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
内部名称 : GrpConv
创建时间 : 2008-8-8 12:9:38
修改时间 : 2008-7-26 9:48:34
大小 : 98304 字节 96.0 KB
MD5 : e989fd3e1b34e9beb26c6d9744143b5e
SHA1: BA27F06F5C76B7DD78D80414ADC9DC97E2647BC0
CRC32: 443ca0a9
文件 s.exe 接收于 2008.09.02 07:56:02 (CET)
反病毒引擎版本最后更新扫描结果
AhnLab-V32008.9.2.02008.09.02-
AntiVir7.8.1.232008.09.01-
Authentium5.1.0.42008.09.02-
Avast4.8.1195.02008.09.01-
AVG8.0.0.1612008.09.01-
BitDefender7.22008.09.02-
CAT-QuickHeal9.502008.08.29-
ClamAV0.93.12008.09.02-
DrWeb4.44.0.091702008.09.01-
eSafe7.0.17.02008.09.01-
eTrust-Vet31.6.60622008.09.01-
Ewido4.02008.09.01-
F-Prot4.4.4.562008.09.02-
F-Secure7.60.13501.02008.09.02-
Fortinet3.14.0.02008.09.02-
GData192008.09.02-
IkarusT3.1.1.34.02008.09.02Trojan.Win32.Jhee.V
K7AntiVirus7.10.4352008.09.01-
Kaspersky7.0.0.1252008.09.02-
McAfee53742008.09.01-
Microsoft1.38072008.09.02Trojan:Win32/Jhee.V
NOD32v234062008.09.02-
Norman5.80.022008.09.01-
Panda9.0.0.42008.09.02-
PCTools4.4.2.02008.09.01-
Prevx1V22008.09.02Malware Downloader
Rising20.60.02.002008.09.02-
Sophos4.33.02008.09.02-
Sunbelt3.1.1592.12008.08.30-
Symantec102008.09.02-
TheHacker6.3.0.8.0692008.09.01-
TrendMicro8.700.0.10042008.09.02TROJ_JHEE.BU
VBA323.12.8.42008.09.01-
ViRobot2008.9.1.13592008.09.01-
VirusBuster4.5.11.02008.09.01-
Webwasher-Gateway6.6.22008.09.01-

附加信息
File size: 98304 bytes
MD5...: e989fd3e1b34e9beb26c6d9744143b5e
SHA1..: ba27f06f5c76b7dd78d80414adc9dc97e2647bc0
SHA256: 106ab625564ca6909f70cc3e935530043046c5435275f642c48cdf66a2e02a68
SHA512: be682cd2432cf677db5a1511f8626a2f898e12ec56bd0ca438ab4a38aa143bf1
717e21d0aab5f47121e39bfbc88a9dd8ea8c2b0a1dd6e9573c74880fdae52240
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40777e
timedatestamp.....: 0x488a8272 (Sat Jul 26 01:48:34 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xea15 0xf000 6.56 bc21b827dc08dc0a38b7f037cbacd830
.rdata 0x10000 0x20a0 0x3000 3.53 5d06b741269a1ab50e725000971ad5b4
.data 0x13000 0x5da8 0x4000 1.80 cf3cbe4050c51c06a50c399959f21f72
.rsrc 0x19000 0x3a8 0x1000 1.01 d4e889dabc877175e20b2ef2f4be76dd

( 2 imports )
> KERNEL32.dll: GetModuleHandleA, GetEnvironmentVariableA, SetStdHandle, IsBadCodePtr, IsBadReadPtr, ReadFile, Sleep, GetLastError, GetModuleFileNameA, GetShortPathNameA, CreateProcessA, CreateDirectoryA, LoadLibraryA, GetProcAddress, FreeLibrary, GetWindowsDirectoryA, GetVersionExA, CloseHandle, CreateToolhelp32Snapshot, Process32First, Process32Next, OpenProcess, MultiByteToWideChar, WideCharToMultiByte, RtlUnwind, RaiseException, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, LCMapStringA, LCMapStringW, GetCPInfo, HeapSize, GetACP, GetOEMCP, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, IsBadWritePtr, SetFilePointer, FlushFileBuffers, GetStringTypeA, GetStringTypeW
> ADVAPI32.dll: ControlService, RegQueryInfoKeyA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, DeleteService, StartServiceA, QueryServiceStatus, CreateServiceA, ChangeServiceConfig2A, RegCreateKeyA, RegSetValueExA, RegCloseKey, OpenSCManagerA, OpenServiceA, CloseServiceHandle, DeregisterEventSource, GetUserNameA, CreateProcessAsUserA, OpenProcessToken

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogr ... 16D663C340007832D56
ThreatExpert info: http://www.threatexpert.com/repo ... 9beb26c6d9744143b5e


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
RisingCSC - 2008-9-3 9:32:00
文件名:s.exe
病毒名:AdWare.Win32.Zhongsou.ba


您所上报的病毒文件将在瑞星2008的20.60.20版本中处理解决,如遇特殊情况可能会推后几个版本。
超级游戏迷 - 2008-9-3 21:41:00
从名称上看象是中搜的广告流氓……:default2:
密码NET - 2009-6-11 22:25:00
啥玩艺?
1
查看完整版本: s.exe,在线扫描结果: 4/36 (11.12%)
© 2000 - 2025 Rising Corp. Ltd.