瑞星卡卡安全论坛

首页 » 企业产品讨论区 » 瑞星2009公测 » 瑞星2009版查杀引擎测试 » 伪装explorer.exe图标的灰鸽子,查不出
零三 - 2008-11-1 17:56:00
IkarusT3.1.1.44.02008.11.01Trojan-Downloader
K7AntiVirus7.10.5132008.10.31-
Kaspersky7.0.0.1252008.11.01-
McAfee54202008.11.01-
Microsoft1.40052008.11.01Backdoor:Win32/Popwin.gen!E
NOD3235752008.10.31-
Norman5.80.022008.10.31-
Panda9.0.0.42008.10.31Suspicious file
PCTools4.4.2.02008.10.31-
Rising21.01.52.002008.11.01-
SecureWeb-Gateway6.7.62008.11.01Trojan.Crypt.FKM.Gen


File size: 118821 bytes
MD5...: 11c84825d18cda35e029cb2f064c4c4c
SHA1..: 50707257ba04733a40574d270d277d5a79c53793
SHA256: 82548eca44d99fec90b7a8bc36305ea64f42bac4816136e0efc1da791d1949d0
SHA512: 39c598842751674583595211aceb07f634b1d5f78ad2480931e399ecd3ad4e85
f7f202e895ac0d3e043b48fb3adf75e1aaf1a8b292284e54eeff10977c8acd2a
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x42c18e
timedatestamp.....: 0x490bbc11 (Sat Nov 01 02:16:49 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x469e 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x6000 0xae2 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x7000 0x43d8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xc000 0x7b70 0x8000 5.81 b1aaf20b8bad7d9f153812fd61041879
.bad0 0x14000 0x91f0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.bad1 0x1e000 0x12a15 0x13000 7.80 5396d2fbc675a7d7eeb8fb40cb872095
.reloc 0x31000 0x74 0x1000 0.24 a6cae4df4f392f68a6327fa6d3221d68


( 11 imports )
> urlmon.dll: URLDownloadToFileA
> WININET.dll: DeleteUrlCacheEntry
> MSVCRT.dll: _controlfp
> KERNEL32.dll: GetStartupInfoA
> USER32.dll: wsprintfA
> ADVAPI32.dll: RegSetValueExA
> SHELL32.dll: SHGetSpecialFolderPathA
> ole32.dll: CoCreateGuid
> SHLWAPI.dll: PathFileExistsA
> KERNEL32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA
> USER32.dll: MessageBoxA

( 1 exports )
_Dll2Main@@YGHPAUHINSTANCE__@@KPAX@Z



附件: 灰鸽子.rar
瑞星工程师19 - 2008-11-1 18:03:00
您的问题我们已收集,感谢您的支持。
1
查看完整版本: 伪装explorer.exe图标的灰鸽子,查不出
© 2000 - 2024 Rising Corp. Ltd.