- <analysis cwsversion="1.107" time="21.03.2007 07:01:47" file="f18c74ed027bfe67d4878bd4c83aa5bd.exe" logpath="C:\analysis\log\f18c74ed027bfe67d4878bd4c83aa5bd.exe\run_1\">
- <calltree>
  <process_call index="1" pid="388" filename="c:\f18c74ed027bfe67d4878bd4c83aa5bd.exe" starttime="00:00.188" startreason="AnalysisTarget" />
  </calltree>
- <processes>
- <process index="1" pid="388" filename="c:\f18c74ed027bfe67d4878bd4c83aa5bd.exe" filesize="421376" md5="2c6de228c77ced474b27cee6991e70c5" username="nepenthes" parentindex="0" starttime="00:00.188" terminationtime="00:04.047" startreason="AnalysisTarget" terminationreason="NormalTermination" executionstatus="OK">
- <virusscan_section>
- <scanner name="ClamAV" application_version="0.88.2" signature_file_version="2888">
  <additional_info />
  </scanner>
- <scanner name="BDC/Linux-Console" application_version="7.0.2492" signature_file_version="30788">
  <classification>OK</classification>
  <additional_info />
  </scanner>
- <scanner name="AntiVir Workstation" application_version="2.1.10-24" signature_file_version="6.38.0.87">
  <classification>OK</classification>
  <additional_info />
  </scanner>
  </virusscan_section>
- <default_section>
  <message>NtVdmControl</message>
  </default_section>
- <dll_handling_section>
  <load_dll dll="C:\WINDOWS\system32\ntvdm.exe" successful="1" address="$F000000" size="688128" />
  <load_dll dll="C:\WINDOWS\system32\ntdll.dll" successful="1" address="$7C910000" size="749568" />
  <load_dll dll="C:\WINDOWS\system32\kernel32.dll" successful="1" address="$7C800000" size="1073152" />
  <load_dll dll="C:\WINDOWS\system32\ADVAPI32.dll" successful="1" address="$77DA0000" size="696320" />
  <load_dll dll="C:\WINDOWS\system32\RPCRT4.dll" successful="1" address="$77E50000" size="593920" />
  <load_dll dll="C:\WINDOWS\system32\GDI32.dll" successful="1" address="$77EF0000" size="290816" />
  <load_dll dll="C:\WINDOWS\system32\USER32.dll" successful="1" address="$77D10000" size="589824" />
  <load_dll dll="C:\WINDOWS\system32\oleaut32.dll" successful="1" address="$770F0000" size="573440" />
  <load_dll dll="C:\WINDOWS\system32\msvcrt.dll" successful="1" address="$77BE0000" size="360448" />
  <load_dll dll="C:\WINDOWS\system32\ole32.dll" successful="1" address="$774B0000" size="1298432" />
  <load_dll dll="C:\WINDOWS\system32\comctl32.dll" successful="1" address="$5D450000" size="630784" />
  <load_dll dll="C:\WINDOWS\system32\wsock32.dll" successful="1" address="$71A30000" size="40960" />
  <load_dll dll="C:\WINDOWS\system32\WS2_32.dll" successful="1" address="$71A10000" size="94208" />
  <load_dll dll="C:\WINDOWS\system32\WS2HELP.dll" successful="1" address="$71A00000" size="32768" />
  <load_dll dll="C:\WINDOWS\system32\pstorec.dll" successful="1" address="$5E490000" size="53248" />
  <load_dll dll="C:\WINDOWS\system32\ATL.DLL" successful="1" address="$76AD0000" size="69632" />
  <load_dll dll="C:\WINDOWS\system32\Wship6.dll" successful="1" address="$590B0000" size="28672" />
  <load_dll dll="C:\WINDOWS\system32\Secur32.dll" successful="1" address="$77FC0000" size="69632" />
  </dll_handling_section>
- <filesystem_section>
  <get_file_attributes filetype="File" srcfile="C:\WINDOWS\_default.pif" desiredaccess="FILE_ANY_ACCESS" flags="SECURITY_ANONYMOUS" fileinformationclass="FileBasicInformation" />
  </filesystem_section>
- <registry_section>
  <open_key key="HKEY_LOCAL_MACHINE" subkey_or_value="SYSTEM\CurrentControlSet\Control\Wow\CpuEnv" />
  <open_key key="HKEY_LOCAL_MACHINE" subkey_or_value="HARDWARE\DESCRIPTION\System" />
  <query_value key="HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System" subkey_or_value="Identifier" />
  </registry_section>
- <process_section>
  <kill_process targetpid="388" showwindow="SW_HIDE" apifunction="NtTerminateProcess" />
  </process_section>
- <system_info_section>
  <get_windows_directory />
  </system_info_section>
  </process>
  </processes>
  </analysis>

%75是毒。

看不懂