20.47.32 无反应的 iewoptimem.exe, 疑似灰鸽子
附件:
您所在的用户组无法下载或查看附件解压密码: virus
文件说明符 : D:\test\iewoptimem.exe
属性 : A---
M$签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 3.1.7.613
说明 : Wopti 内存整理
版权 : Copyright (C) 2000-2007 Wopti
产品版本 : 3.1
产品名称 : Wopti 内存整理
公司名称 : 共软网络
合法商标 : Wopti
内部名称 : Wopti Memory Defreg
源文件名 : WoptiMem.exe
创建时间 : 2008-6-5 21:2:8
修改时间 : 2008-6-5 21:2:13
大小 : 230416 字节 225.16 KB
MD5 : 7df8562e7bc081246048678380e1b704
SHA1: 91BC62D1CDBA550E0E95F13F2C6054D1E564323E
CRC32: e39d4e9d
文件 iewoptimem.exe 接收于 2008.06.05 15:07:04 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.5.30.1 | 2008.06.05 | - |
| AntiVir | 7.8.0.26 | 2008.06.05 | - |
| Authentium | 5.1.0.4 | 2008.06.05 | - |
| Avast | 4.8.1195.0 | 2008.06.05 | Win32:GrayBird-PY |
| AVG | 7.5.0.516 | 2008.06.05 | Generic10.AEDH |
| BitDefender | 7.2 | 2008.06.05 | - |
| CAT-QuickHeal | 9.50 | 2008.06.04 | Win32.Packed.NSAnti.r |
| ClamAV | 0.92.1 | 2008.06.05 | - |
| DrWeb | 4.44.0.09170 | 2008.06.05 | - |
| eSafe | 7.0.15.0 | 2008.06.04 | suspicious Trojan/Worm |
| eTrust-Vet | 31.6.5850 | 2008.06.05 | - |
| Ewido | 4.0 | 2008.06.05 | - |
| F-Prot | 4.4.4.56 | 2008.06.05 | - |
| F-Secure | 6.70.13260.0 | 2008.06.05 | W32/Suspicious_N.gen |
| Fortinet | 3.14.0.0 | 2008.06.05 | - |
| GData | 2.0.7306.1023 | 2008.06.05 | Win32:GrayBird-PY |
| Ikarus | T3.1.1.26.0 | 2008.06.05 | Backdoor.Win32.GrayBird.EJ |
| Kaspersky | 7.0.0.125 | 2008.06.05 | - |
| McAfee | 5310 | 2008.06.04 | - |
| Microsoft | 1.3604 | 2008.06.05 | - |
| NOD32v2 | 3161 | 2008.06.05 | - |
| Norman | 5.80.02 | 2008.06.04 | W32/Suspicious_N.gen |
| Panda | 9.0.0.4 | 2008.06.05 | - |
| Prevx1 | V2 | 2008.06.05 | - |
| Rising | 20.47.32.00 | 2008.06.05 | - |
| Sophos | 4.30.0 | 2008.06.05 | Mal/Packer |
| Sunbelt | 3.0.1145.1 | 2008.06.05 | - |
| Symantec | 10 | 2008.06.05 | - |
| TheHacker | 6.2.92.335 | 2008.06.05 | - |
| VBA32 | 3.12.6.7 | 2008.06.05 | - |
| VirusBuster | 4.3.26:9 | 2008.06.04 | Packed/NSPack |
| Webwasher-Gateway | 6.6.2 | 2008.06.05 | Win32.Malware.gen (suspicious) |
|
| 附加信息 |
| File size: 230416 bytes |
| MD5...: 7df8562e7bc081246048678380e1b704 |
| SHA1..: 91bc62d1cdba550e0e95f13f2c6054d1e564323e |
| SHA256: cbae208f7158d7a88085666f0014a0e498bee62c6a03811d73fd1819c1950b25 |
| SHA512: fea635b576360ae30f5b8637ed4d5c84265dbe95a364e3f1a00c5f312732d779<BR>b1fe0558f08d95b3d215fae4b5568c8bba387ed1ca37d9379ca09429f51d55cd |
| PEiD..: NsPack v3.1 -> North Star (h) |
| PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x4a71bd<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.nsp0 0x1000 0xa3000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.nsp1 0xa4000 0x39000 0x38010 7.95 1e70be5401b69c07f886ab416881e8a1<BR>.nsp2 0xdd000 0x6d4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR><BR>( 18 imports ) <BR>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<BR>> USER32.DLL: GetKeyboardType<BR>> ADVAPI32.DLL: RegQueryValueExA<BR>> OLEAUT32.DLL: SysFreeString<BR>> KERNEL32.DLL: TlsSetValue<BR>> ADVAPI32.DLL: RegSetValueExA<BR>> KERNEL32.DLL: lstrcpyA<BR>> VERSION.DLL: VerQueryValueA<BR>> GDI32.DLL: UnrealizeObject<BR>> USER32.DLL: CreateWindowExA<BR>> KERNEL32.DLL: Sleep<BR>> OLEAUT32.DLL: SafeArrayPtrOfIndex<BR>> OLE32.DLL: CoTaskMemAlloc<BR>> COMCTL32.DLL: ImageList_SetIconSize<BR>> WINSPOOL.DRV: OpenPrinterA<BR>> SHELL32.DLL: Shell_NotifyIconA<BR>> SHELL32.DLL: SHGetSpecialFolderLocation<BR>> COMDLG32.DLL: ChooseFontA<BR><BR>( 0 exports ) <BR> |
| packers (Kaspersky): NSPack |
| packers (F-Prot): NSPack, PE_Patch |
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
