1   1  /  1  页   跳转

以假换真的 beep.sys

收藏
endurer
头像
社区嘉宾
  • 帖子:22020
  • 注册: 2003-04-29
  • 来自:pe_xscan Studio
论坛8周年活动礼物
发表于: 2008-09-07 16:53 | 只看楼主 短消息 资料
字号: 1楼

以假换真的 beep.sys


 附件: 您所在的用户组无法下载或查看附件

解压密码:virus

文件说明符 : C:\WINDOWS\system32\drivers\beep.sys
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2002-10-7 12:0:0
修改时间 : 2008-9-5 16:9:0
大小 : 16256 字节 15.896 KB
MD5 : 17520c1ec38c2b92498be0ac75fa9729
SHA1: 7BCB155B57ADD016C1CEA91E0773BA92097F96D3
CRC32: 253b01e1

文件 beep.sys 接收于 2008.09.07 10:50:48 (CET)  结果: 12/36 (33.34%)
反病毒引擎版本最后更新扫描结果
AhnLab-V32008.9.6.02008.09.06-
AntiVir7.8.1.282008.09.05TR/Onlinegames.tbnn
Authentium5.1.0.42008.09.06-
Avast4.8.1195.02008.09.06Win32:Agent-ZMQ
AVG8.0.0.1612008.09.07PSW.OnlineGames.AZFZ
BitDefender7.22008.09.07-
CAT-QuickHeal9.502008.09.06-
ClamAV0.93.12008.09.07-
DrWeb4.44.0.091702008.09.06Trojan.NtRootKit.1469
eSafe7.0.17.02008.09.03-
eTrust-Vet31.6.60722008.09.05-
Ewido4.02008.09.06-
F-Prot4.4.4.562008.09.06-
F-Secure8.0.14332.02008.09.07Trojan-GameThief.Win32.OnLineGames.tbnn
Fortinet3.112.0.02008.09.07Spy/OnLineGames
GData192008.09.07Trojan-GameThief.Win32.OnLineGames.tbnn
IkarusT3.1.1.34.02008.09.07-
K7AntiVirus7.10.4432008.09.05-
Kaspersky7.0.0.1252008.09.07Trojan-GameThief.Win32.OnLineGames.tbnn
McAfee53782008.09.05-
Microsoft1.39032008.09.07VirTool:WinNT/Idicaf.C
NOD32v234232008.09.06a variant of Win32/PSW.OnLineGames.NVH
Norman5.80.022008.09.05W32/OnLineGames.BRPA
Panda9.0.0.42008.09.06-
PCTools4.4.2.02008.09.06-
Prevx1V22008.09.07-
Rising20.60.61.002008.09.07-
Sophos4.33.02008.09.07-
Sunbelt3.1.1610.12008.09.05-
Symantec102008.09.07-
TheHacker6.3.0.8.0752008.09.06-
TrendMicro8.700.0.10042008.09.05-
VBA323.12.8.52008.09.06-
ViRobot2008.9.5.13652008.09.06-
VirusBuster4.5.11.02008.09.06-
Webwasher-Gateway6.6.22008.09.05Trojan.Onlinegames.tbnn


附加信息
File size: 16256 bytes
MD5...: 17520c1ec38c2b92498be0ac75fa9729
SHA1..: 7bcb155b57add016c1cea91e0773ba92097f96d3
SHA256: 3b0d6e22916ecec365570ce821c3e7fefe2a3829dd6e7f31114778e2231e628c
SHA512: 3a6d17a3cadb9617cfd8f36f603c76ad663a01beccc2b3ebfdb76a89b17bfe76
a5707acc447b42b629fa89b4fcbe43b252138129530eb5f52017ebd5bd1bc533
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (51.1%)
Win16/32 Executable Delphi generic (12.4%)
Clipper DOS Executable (12.1%)
Generic Win/DOS Executable (12.0%)
DOS Executable Generic (12.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1387e
timedatestamp.....: 0x48b943bc (Sat Aug 30 12:57:32 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x1f34 0x1f80 6.33 94823421b916bc72963532c374c272d6
.rdata 0x2400 0x1e4 0x200 3.75 9ceeae6b76498caaccbab91af5b3f23f
.data 0x2600 0x9c0 0xa00 1.58 3155297e4c773ae78ef7be7854535ef0
PAGE 0x3000 0x449 0x480 5.80 8ccfdcf5c068494410cc5f6fae9232ca
INIT 0x3480 0xa3a 0xa80 5.92 7ac0edf3335e2a07a168098d454494a5
.reloc 0x3f00 0x294 0x300 5.34 12982e814cb19d3f2076abc45f399865

( 2 imports )
> ntoskrnl.exe: IofCompleteRequest, ZwClose, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, ZwQuerySymbolicLinkObject, wcscpy, ZwOpenSymbolicLinkObject, RtlInitUnicodeString, IoGetConfigurationInformation, IoGetDeviceObjectPointer, IoFreeIrp, IoFreeMdl, MmUnlockPages, DbgPrint, RtlImageDirectoryEntryToData, _except_handler3, ZwQuerySystemInformation, ExAllocatePoolWithTag, strstr, _strlwr, ObReferenceObjectByName, IoDriverObjectType, MmMapLockedPagesSpecifyCache, KeSetEvent, IoAllocateMdl, ZwTerminateProcess, KeServiceDescriptorTable, wcstombs, ProbeForRead, RtlRandom, KeTickCount, ExfInterlockedInsertTailList, IofCallDriver, KeGetCurrentThread, IoAllocateIrp, KeInitializeEvent, PsTerminateSystemThread, ExfInterlockedRemoveHeadList, KeSetPriorityThread, ObReferenceObjectByHandle, PsCreateSystemThread, KeInitializeSpinLock, IoCreateSymbolicLink, IoCreateDevice, swprintf, ZwMakeTemporaryObject, ZwCreateDirectoryObject, wcscat, KeBugCheckEx, KeWaitForSingleObject, ObfDereferenceObject, ExFreePoolWithTag, MmProbeAndLockPages, IoDeleteDevice
> HAL.dll: KfRaiseIrql, KfLowerIrql, KeGetCurrentIrql, KeStallExecutionProcessor

( 0 exports )


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)
http://blog.csdn.net/purpleendurer

宠辱不惊,笑看堂前花开花落; 去留无意,漫随天外云卷云舒。
分享到:
gototop
 
奇缘の随风
头像
拙长孩提狮
  • 帖子:132
  • 注册: 2006-11-07
  • 来自:
发表于: 2008-09-08 22:24 | 短消息 资料
字号: 2楼

回复:以假换真的 beep.sys

测试过  修改beep.sys的
本帖被评分 1 次
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT