|
初生襁褓狮
|
发表于:
2009-09-10 10:13
|
只看楼主
短消息
资料
回复: mfpmp.exe进程作用?木马?
扫描我的explorer.exe: 文件 explorer.exe 接收于 2009.09.10 01:48:11 (UTC)
当前状态: 完成
结果: 0/41 (0%)
[img=14,14]https://www.virustotal.com/img/compress-icon.png[/img] 格式化文本
打印结果 [img=14,14]https://www.virustotal.com/img/print-icon.png[/img]
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 | | a-squared | 4.5.0.24 | 2009.09.10 | - | [tr=rgb(226,]AhnLab-V3 | 5.0.0.2 | 2009.09.09 | - | | AntiVir | 7.9.1.14 | 2009.09.09 | - | [tr=rgb(226,]Antiy-AVL | 2.0.3.7 | 2009.09.09 | - | | Authentium | 5.1.2.4 | 2009.09.09 | - | [tr=rgb(226,]Avast | 4.8.1351.0 | 2009.09.09 | - | | AVG | 8.5.0.412 | 2009.09.10 | - | [tr=rgb(226,]BitDefender | 7.2 | 2009.09.10 | - | | CAT-QuickHeal | 10.00 | 2009.09.09 | - | [tr=rgb(226,]ClamAV | 0.94.1 | 2009.09.10 | - | | Comodo | 2268 | 2009.09.10 | - | [tr=rgb(226,]DrWeb | 5.0.0.12182 | 2009.09.10 | - | | eSafe | 7.0.17.0 | 2009.09.09 | - | [tr=rgb(226,]eTrust-Vet | 31.6.6728 | 2009.09.09 | - | | F-Prot | 4.5.1.85 | 2009.09.09 | - | [tr=rgb(226,]F-Secure | 8.0.14470.0 | 2009.09.10 | - | | Fortinet | 3.120.0.0 | 2009.09.10 | - | [tr=rgb(226,]GData | 19 | 2009.09.10 | - | | Ikarus | T3.1.1.72.0 | 2009.09.10 | - | [tr=rgb(226,]Jiangmin | 11.0.800 | 2009.09.09 | - | | K7AntiVirus | 7.10.840 | 2009.09.09 | - | [tr=rgb(226,]Kaspersky | 7.0.0.125 | 2009.09.10 | - | | McAfee | 5736 | 2009.09.09 | - | [tr=rgb(226,]McAfee+Artemis | 5736 | 2009.09.09 | - | | McAfee-GW-Edition | 6.8.5 | 2009.09.09 | - | [tr=rgb(226,]Microsoft | 1.5005 | 2009.09.10 | - | | NOD32 | 4412 | 2009.09.10 | - | [tr=rgb(226,]Norman | 6.01.09 | 2009.09.09 | - | | nProtect | 2009.1.8.0 | 2009.09.09 | - | [tr=rgb(226,]Panda | 10.0.2.2 | 2009.09.09 | - | | PCTools | 4.4.2.0 | 2009.09.09 | - | [tr=rgb(226,]Prevx | 3.0 | 2009.09.10 | - | | Rising | 21.46.24.00 | 2009.09.09 | - | [tr=rgb(226,]Sophos | 4.45.0 | 2009.09.10 | - | | Sunbelt | 3.2.1858.2 | 2009.09.10 | - | [tr=rgb(226,]Symantec | 1.4.4.12 | 2009.09.10 | - | | TheHacker | 6.3.4.3.399 | 2009.09.09 | - | [tr=rgb(226,]TrendMicro | 8.950.0.1094 | 2009.09.09 | - | | VBA32 | 3.12.10.10 | 2009.09.09 | - | [tr=rgb(226,]ViRobot | 2009.9.9.1925 | 2009.09.09 | - | | VirusBuster | 4.6.5.0 | 2009.09.09 | - |
| 附加信息 | | File size: 2927104 bytes | [tr=rgb(226,]MD5...: 4f554999d7d5f05daaebba7b5ba1089d | | SHA1..: e509a42554cc0e5888ac8bf494d3c02223238609 | [tr=rgb(226,]SHA256: 178d20aaecbd408dffda71ae4d70ad61c278229b4cd7dcd7b854a9a8404ca657 | ssdeep: 24576:RJxr/smirDRnW+7pGYCW5uXSA7jTeFadRsxKb/g/J/ulZ:R3DsmiZLC8A7
/eFw33l
| [tr=rgb(226,]PEiD..: - | PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x271b3
timedatestamp.....: 0x4907e242 (Wed Oct 29 04:10:42 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x6bea5 0x6c000 6.42 01efa0ddb451b63dd0bfb396b1d576ab
.data 0x6d000 0x215c 0x2000 0.84 7f3a4ccfbf6b5dd627231a22b6ee6f12
.rsrc 0x70000 0x2566a0 0x256800 7.04 bc9643f9701a6c8da708d2bd5b751ff2
.reloc 0x2c7000 0x5a34 0x5c00 6.74 a246e27f509144adabfb479ba70f67ce
( 19 imports )
> ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, EventUnregister, EventRegister, GetUserNameW, RegDeleteValueW, RegEnumKeyExW, RegQueryInfoKeyW, TraceMessage, RegOpenKeyW, RegEnumKeyW, RegEnumValueW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, QueryServiceStatus, CheckTokenMembership, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenThreadToken, ConvertSidToStringSidW, StartServiceW, CreateWellKnownSid
> KERNEL32.dll: GetSystemTime, GetFileAttributesW, FindClose, FindNextFileW, FindFirstFileW, GetLocalTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, FlushInstructionCache, RaiseException, GetSystemWindowsDirectoryW, SetLastError, ReadFile, GetFileSize, CreateFileW, InterlockedCompareExchange, LoadLibraryA, SystemTimeToFileTime, ExpandEnvironmentStringsW, GlobalGetAtomNameW, MultiByteToWideChar, GetEnvironmentVariableW, GetCurrentProcessId, GetModuleHandleW, lstrlenW, OpenEventW, SetEvent, GetBinaryTypeW, EnterCriticalSection, LeaveCriticalSection, GetSystemTimeAsFileTime, CompareFileTime, GlobalFree, GetTickCount, MulDiv, GetUserDefaultLangID, GetPrivateProfileIntW, GetCurrentThread, GetThreadPriority, GetCurrentThreadId, SetThreadPriority, CompareStringOrdinal, lstrcmpiW, HeapSetInformation, SetErrorMode, CreateMutexW, ReleaseMutex, GetTimeZoneInformation, SetFilePointer, SetProcessShutdownParameters, GetSystemDirectoryW, CreateEventW, SetTermsrvAppInstallMode, RegisterApplicationRestart, ExitProcess, GetModuleFileNameW, GetPrivateProfileStringW, HeapDestroy, InitializeCriticalSection, DeleteCriticalSection, GetCurrentProcess, GetProcessHeap, HeapAlloc, QueryPerformanceFrequency, GetFileAttributesExW, QueueUserWorkItem, GetLongPathNameW, GetProcessTimes, TerminateThread, GetProcessId, CreateIoCompletionPort, GetQueuedCompletionStatus, GetWindowsDirectoryW, FormatMessageW, QueryFullProcessImageNameW, GlobalAlloc, DuplicateHandle, GetCurrentDirectoryW, WideCharToMultiByte, WriteFile, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, GetUserDefaultUILanguage, LoadLibraryW, GetProcAddress, FreeLibrary, WaitForSingleObject, CreateProcessW, GetCommandLineW, GetStartupInfoW, CreateThread, AssignProcessToJobObject, ResumeThread, Sleep, QueryInformationJobObject, LocalAlloc, LocalFree, CloseHandle, OpenProcess, SetPriorityClass, GetPriorityClass, CreateJobObjectW, SetInformationJobObject, GetLastError, InterlockedDecrement, InterlockedIncrement, HeapFree, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, DelayLoadFailureHook
> GDI32.dll: GetStockObject, CombineRgn, GetLayout, CreatePatternBrush, OffsetViewportOrgEx, GdiAlphaBlend, GetTextExtentPoint32W, ExtTextOutW, SetWindowOrgEx, GetPixel, PatBlt, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, CreateRectRgnIndirect, SetTextColor, SetBkMode, GetTextMetricsW, CreateFontIndirectW, CreateSolidBrush, GetObjectW, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, DeleteDC, GetDeviceCaps
> USER32.dll: GetDlgItem, LoadCursorW, RegisterClassW, IsChild, SetTimer, MonitorFromRect, SetWindowTextW, SetClassLongW, GetClassInfoW, GetClassLongW, KillTimer, GetClassInfoExW, IsWindowEnabled, GetShellWindow, GetIconInfo, SetScrollInfo, GetLastActivePopup, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, IsWindowVisible, IsWindow, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, SetFocus, SetForegroundWindow, LoadMenuW, SetMenuInfo, SetMenuDefaultItem, GetSubMenu, TrackPopupMenuEx, LoadImageW, InsertMenuItemW, DestroyIcon, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharUpperBuffW, PostQuitMessage, LoadStringW, ShutdownBlockReasonCreate, GetWindowLongA, SetWindowLongW, UnregisterDeviceNotification, RegisterDeviceNotificationW, RegisterWindowMessageW, SetWindowPos, RegisterClassExW, GetDesktopWindow, UpdateWindow, InvalidateRect, BeginPaint, LoadBitmapW, SetLayeredWindowAttributes, EndPaint, ShowWindow, DefWindowProcW, MoveWindow, DestroyWindow, UnregisterClassW, SetProcessDPIAware, PeekMessageW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, GetKeyboardLayout, ActivateKeyboardLayout, IsProcessDPIAware, PrintWindow, GetDCEx, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, ChildWindowFromPointEx, GetCapture, GetGUIThreadInfo, SetWindowLongA, CharUpperW, GetWindowDC, RegisterClipboardFormatW, UnhookWinEvent, SetWinEventHook, ReleaseCapture, GetUserObjectInformationW, GetProcessWindowStation, FlashWindowEx, GetForegroundWindow, PostMessageW, CreatePopupMenu, GetWindowThreadProcessId, MsgWaitForMultipleObjectsEx, CharPrevW, CharNextW, DispatchMessageW, TranslateMessage, GetMessageW, EqualRect, UnionRect, MapWindowPoints, GetClientRect, EnumWindows, EndTask, SetThreadDesktop, GetThreadDesktop, GetMenuItemID, IsHungAppWindow, DrawTextW, GetSysColor, TrackPopupMenu, SendMessageCallbackW, DeregisterShellHookWindow, EndDialog, IsDlgButtonChecked, LoadIconW, GetSysColorBrush, CloseDesktop, OpenInputDesktop, SetActiveWindow, IsRectEmpty, GetAsyncKeyState, RegisterShellHookWindow, FillRect, GetCursorPos, SetPropW, CopyRect, LockSetForegroundWindow, MonitorFromPoint, InflateRect, GetClassNameW, SubtractRect, RedrawWindow, EnumDisplayMonitors, OffsetRect, IntersectRect, SetWindowRgn, GetMenuState, GhostWindowFromHungWindow, HungWindowFromGhostWindow, GetWindowPlacement, RemovePropW, SendMessageTimeoutW, UnregisterHotKey, RegisterHotKey, InsertMenuW, ModifyMenuW, ClientToScreen, ScreenToClient, GetMenuItemCount, GetFocus, GetScrollInfo, InternalGetWindowText, GetKeyState, ChangeDisplaySettingsW, GetWindowLongW, EnumChildWindows, SendMessageW, GetWindow, GetWindowRect, PtInRect, SetCursor, ChildWindowFromPoint, SetCursorPos, GetMessagePos, LoadAcceleratorsW, WaitMessage, TranslateAcceleratorW, GetWindowRgnBox, GetActiveWindow, MessageBeep, SetWindowPlacement, SetRect, SendNotifyMessageW, UpdateLayeredWindow, GetLastInputInfo, SendDlgItemMessageW, AllowSetForegroundWindow, RemoveMenu, SetParent, CallWindowProcW, EnableWindow, GetDlgItemInt, SetDlgItemInt, CheckDlgButton, CopyIcon, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, DrawEdge, WindowFromPoint, GetDoubleClickTime, SetCapture, TrackMouseEvent, LockWorkStation, AppendMenuW, GetParent, SetScrollPos, SetRectEmpty, AdjustWindowRectEx, BringWindowToTop, CascadeWindows, GetSystemMetrics, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DestroyMenu, GetMenuDefaultItem, TileWindows, GetAncestor, SwitchToThisWindow, CheckMenuItem, ShowWindowAsync
> msvcrt.dll: memset, _unlock, _ftol2_sse, _except_handler4_common, __set_app_type, memcpy, free, memmove, realloc, __dllonexit, _lock, _onexit, _terminate@@YAXXZ, _controlfp, _vsnwprintf, malloc, __wgetmainargs, _cexit, _exit, __p__fmode, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode
> ntdll.dll: NtOpenThreadToken, NtOpenProcessToken, RtlGetProductInfo, NtQueryInformationToken, NtClose, NtQueryInformationProcess, NtSetInformationProcess, WinSqmAddToStream, NtSetSystemInformation
> SHLWAPI.dll: PathGetDriveNumberW, -, -, PathRemoveFileSpecW, -, -, SHRegGetUSValueW, -, StrDupW, PathQuoteSpacesW, -, -, -, -, StrChrIW, -, -, -, SHRegOpenUSKeyW, SHRegQueryUSValueW, StrCmpW, AssocQueryStringW, -, -, -, -, -, AssocQueryKeyW, PathParseIconLocationW, PathIsPrefixW, -, PathRemoveExtensionW, SHOpenRegStream2W, PathFileExistsW, -, -, -, -, PathFindExtensionW, SHQueryInfoKeyW, -, -, -, -, -, -, -, -, SHDeleteKeyW, PathAppendW, SHDeleteValueW, -, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, PathFindFileNameW, -, SHSetValueW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, -, -, PathCombineW, SHRegGetValueW, StrToIntW, -, -, -, PathGetArgsW, StrChrW, -, -, -, -, SHStrDupW, -, -, -, -, -, StrRetToBufW, -, -, -, -, -, -, StrRetToStrW, -, -, StrStrIW, -, -, PathMatchSpecW, PathIsRootW, PathIsNetworkPathW, SHQueryValueExW, AssocCreate, StrCmpIW, -, -, -, StrCmpNW, -, -, StrPBrkW, -, -, -, PathStripToRootW, -, PathIsDirectoryW, -
> SHELL32.dll: -, -, -, -, -, -, -, -, SHGetDesktopFolder, -, SHBindToFolderIDListParent, -, -, -, -, -, -, SHGetIDListFromObject, -, -, -, -, -, -, SHCreateShellItemArrayFromIDLists, -, -, SHCreateItemFromIDList, SHCreateShellItemArrayFromShellItem, -, -, SHBindToFolderIDListParentEx, SHChangeNotify, SHAddToRecentDocs, DuplicateIcon, -, -, -, ShellExecuteW, -, -, SHGetPathFromIDListA, SHUpdateRecycleBinIcon, SHGetKnownFolderIDList, SHGetFolderPathEx, SHFileOperationW, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -, -, -, -, -, -, -, ExtractIconExW, -, -, -, -, SHGetSpecialFolderLocation, -, -, SHBindToParent, Shell_NotifyIconW, SHGetFolderPathAndSubDirW, Shell_GetCachedImageIndexW, SHGetFolderPathW, -, SHEvaluateSystemCommandTemplate, -, -, -, -, -, -, -, -, -, -, -, SHBindToObject, -, ShellExecuteExW, -, -, SHGetSpecialFolderPathW, -, SHParseDisplayName, -, SHGetFolderLocation, -, -, -, -, -
> ole32.dll: CoTaskMemFree, CoCreateInstance, CoRegisterClassObject, CoRevokeClassObject, CoGetClassObject, OleInitialize, OleUninitialize, CoGetObject, StringFromGUID2, CoUninitialize, CoInitialize, RevokeDragDrop, RegisterDragDrop, CoRegisterMessageFilter, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoTaskMemAlloc, CoCreateFreeThreadedMarshaler, DoDragDrop, CoInitializeEx, CreateBindCtx, CoFreeUnusedLibraries, PropVariantClear
> OLEAUT32.dll: -, -, -, -, -, -
> SHDOCVW.dll: -, -
> UxTheme.dll: IsCompositionActive, IsAppThemed, GetThemeMargins, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, DrawThemeTextEx, GetThemeFont, GetThemeColor, GetThemeBool, GetThemeInt, SetWindowTheme, DrawThemeText, GetThemeTextExtent, DrawThemeBackground, CloseThemeData, OpenThemeData, DrawThemeParentBackground, GetThemePartSize, GetThemeMetric, GetThemeBackgroundContentRect
> POWRPROF.dll: GetPwrCapabilities
> dwmapi.dll: DwmIsCompositionEnabled, -, DwmSetWindowAttribute, DwmEnableBlurBehindWindow, DwmQueryThumbnailSourceSize, DwmGetColorizationColor, DwmUpdateThumbnailProperties, DwmRegisterThumbnail, DwmUnregisterThumbnail
> gdiplus.dll: GdiplusShutdown, GdipCloneImage, GdipDrawImageRectI, GdipSetInterpolationMode, GdiplusStartup, GdipCreateFromHDC, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipGetImageHeight, GdipGetImageWidth, GdipDisposeImage, GdipLoadImageFromFileICM, GdipLoadImageFromFile, GdipDeleteGraphics, GdipFree, GdipAlloc, GdipSetCompositingMode
> slc.dll: SLGetWindowsInformationDWORD
> RPCRT4.dll: RpcBindingFree, RpcStringFreeW, RpcBindingFromStringBindingW, NdrClientCall2, RpcStringBindingComposeW, I_RpcExceptionFilter, RpcBindingSetAuthInfoExW
> PROPSYS.dll: PSGetPropertyKeyFromName, PSPropertyKeyFromString, PSGetPropertyDescription, PSGetNameFromPropertyKey, VariantToBooleanWithDefault, VariantToInt32WithDefault, VariantToStringWithDefault, PSCreateMemoryPropertyStore, VariantToStringAlloc, PropVariantToStringAlloc
> BROWSEUI.dll: -, -
( 0 exports )
| [tr=rgb(226,]RDS...: NSRL Reference Data Set
- | | pdfid.: - | [tr=rgb(226,]trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) | | ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=4f554999d7d5f05daaebba7b5ba1089d' target='_blank'>http://www.threatexpert.com/report.aspx?md5=4f554999d7d5f05daaebba7b5ba1089d<;/a> |
[img=14,14]https://www.virustotal.com/img/notice-icon.png[/img] 注意: VirusTotal 是 Hispasec Sistemas 提供的免费服务. 我们不保证任何该服务的可用性和持续性. 尽管使用多种反病毒引擎所提供的检测率优于使用单一产品, 但这些结果并不保证文件无害. 目前来说, 没有任何一种解决方案可以提供 100% 的病毒和恶意软件检测率. 如果您购买了一款声称具有此能力的产品, 那么您可能已经成为受害者.
为何有http://www.threatexpert.com/report.aspx?这个链接?什么意思?
 附件:
您所在的用户组无法下载或查看附件
|
