39df865a386eacd882b64d82ae4d74c9---kpscc.sys

瑞星卡卡安全论坛技术交流区 可疑文件交流 39df865a386eacd882b64d82ae4d74c9---kpscc.sys

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第四十七次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

社区嘉宾

帖子:22020
注册: 2003-04-29
来自:pe_xscan Studio

发表于： 2011-01-23 12:54 | 只看楼主 短消息资料

字号：小中大 1楼

39df865a386eacd882b64d82ae4d74c9---kpscc.sys

附件: 您所在的用户组无法下载或查看附件

O23 - 服务: DMusic (Microsoft Kernel DLS Syntheiszer) - C:\WINDOWS\system32\drivers\kpscc.sys | 2011-1-21 17:48:31(手动)

文件说明符 : C:\WINDOWS\system32\drivers\kpscc.sys
属性 : ASH-
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2011-1-21 17:48:31
修改时间 : 2011-1-21 17:48:31
大小 : 2112 字节 2.64 KB
MD5 : 39df865a386eacd882b64d82ae4d74c9
SHA1: 334FD37696CF23AAF847564689F4DB4A81087C21
CRC32: 503b4008

http://www.virustotal.com/file-scan/report.html?id=6249de12afe3bd4af3b713874e087831302bfbd48a2a17ee141fa7fb8a9c4235-1295758047

AhnLab-V3	2011.01.18.00	2011.01.17	Trojan/Win32.Agent
AntiVir	7.11.1.216	2011.01.21	TR/Agent.fygn
Antiy-AVL	2.0.3.7	2011.01.18	Trojan/Win32.Agent.gen
Avast	4.8.1351.0	2011.01.22	Win32:Malware-gen
Avast5	5.0.677.0	2011.01.22	Win32:Malware-gen
AVG	10.0.0.1190	2011.01.22	Agent2.BTQJ
BitDefender	7.2	2011.01.22	Trojan.Generic.5225404
CAT-QuickHeal	11.00	2011.01.22	Trojan.Agent.gjxb
ClamAV	0.96.4.0	2011.01.22	-
Commtouch	5.2.11.5	2011.01.22	W32/MalwareF.UIQD
Comodo	7468	2011.01.22	UnclassifiedMalware
DrWeb	5.0.2.03300	2011.01.22	Trojan.Siggen2.11657
Emsisoft	5.1.0.1	2011.01.22	Trojan.Win32.Agent!IK
eSafe	7.0.17.0	2011.01.20	Win32.TRAgent.Fygn
eTrust-Vet	36.1.8115	2011.01.21	Win32/Agent.SN
F-Prot	4.6.2.117	2011.01.21	W32/MalwareF.UIQD
F-Secure	9.0.16160.0	2011.01.22	Trojan.Generic.5225404
Fortinet	4.2.254.0	2011.01.22	W32/Agent.GJXB!tr
GData	21	2011.01.22	Trojan.Generic.5225404
Ikarus	T3.1.1.97.0	2011.01.22	Trojan.Win32.Agent
Jiangmin	13.0.900	2011.01.22	Trojan/Agent.emqw
K7AntiVirus	9.77.3618	2011.01.22	Trojan
Kaspersky	7.0.0.125	2011.01.22	Trojan.Win32.Agent.gjxb
McAfee	5.400.0.1158	2011.01.22	Generic.dx!vgh
McAfee-GW-Edition	2010.1C	2011.01.22	Generic.dx!vgh
Microsoft	1.6502	2011.01.22	Trojan:Win32/Trufip!rts
NOD32	5808	2011.01.22	Win32/Delf.PTN
Norman	6.06.12	2011.01.22	W32/Suspicious_Gen2.FBIJC
nProtect	2011-01-18.01	2011.01.18	Trojan/W32.Agent.2112.D
Panda	10.0.2.7	2011.01.22	Generic Trojan
PCTools	7.0.3.5	2011.01.22	Trojan.Gen
Prevx	3.0	2011.01.23	-
Rising	23.41.05.03	2011.01.22	-
Sophos	4.61.0	2011.01.22	Mal/Generic-L
SUPERAntiSpyware	4.40.0.1006	2011.01.22	-
Symantec	20101.3.0.103	2011.01.22	Trojan.Gen
TheHacker	6.7.0.1.118	2011.01.21	Trojan/Agent.fygn
TrendMicro	9.120.0.1004	2011.01.22	TROJ_AGENT.AWPP
TrendMicro-HouseCall	9.120.0.1004	2011.01.22	TROJ_AGENT.AWPP
VBA32	3.12.14.3	2011.01.21	Trojan.Agent.gjxb
VIPRE	8155	2011.01.22	Trojan.Win32.Generic!BT
ViRobot	2011.1.22.4269	2011.01.22	-
VirusBuster	13.6.159.2	2011.01.22	Trojan.Agent!ngqrSxVKa7A

Additional information

Show all

MD5 : 39df865a386eacd882b64d82ae4d74c9

SHA1 : 334fd37696cf23aaf847564689f4db4a81087c21

SHA256: 6249de12afe3bd4af3b713874e087831302bfbd48a2a17ee141fa7fb8a9c4235

ssdeep: 24:eFGSlNEYCmK9wlsOLkijNGZCUNFfTWxDHjDg0+2quTgLswR9trVg:ilybmK9wqjnQUNFfTWV
HHgw9TgbRPV

File size : 2112 bytes

First seen: 2010-12-18 01:50:22

Last seen : 2011-01-23 04:47:27

TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)

sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3E8
timedatestamp....: 0x4D076CD6 (Tue Dec 14 13:10:46 2010)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x2E0, 0x22E, 0x240, 5.56, 4ffbf2d62a356c033e452d5e02b46250
.rdata, 0x520, 0x24, 0x40, 1.44, 18b9d582a65d04e9b7bfb077d06dd53b
.data, 0x560, 0x120, 0x120, 0.00, 4556165d7fe41c7700cbe455a5767d40
_INIT_, 0x680, 0x18, 0x20, 0.54, 2a636ae56e32953ad842589262c7710c
_EXIT_, 0x6A0, 0x18, 0x20, 0.54, 2a636ae56e32953ad842589262c7710c
INIT, 0x6C0, 0x106, 0x120, 4.37, 02b93393d411b5895ae4e8bc30a3c091
.reloc, 0x7E0, 0x48, 0x60, 2.89, a0dc1f891dcbe7dfcf307100a4e6485c

[[ 1 import(s) ]]
NTOSKRNL.EXE: PsLookupProcessByProcessId, RtlInitUnicodeString, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, DbgPrint, IoDeleteSymbolicLink, IofCompleteRequest

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)

http://blog.csdn.net/purpleendurer

宠辱不惊，笑看堂前花开花落；去留无意，漫随天外云卷云舒。

分享到：

<<上一主题|下一主题>>

1 / 1 页

跳转页