伪装explorer.exe图标的灰鸽子,查不出
Ikarus | T3.1.1.44.0 | 2008.11.01 | Trojan-Downloader |
K7AntiVirus | 7.10.513 | 2008.10.31 | - |
Kaspersky | 7.0.0.125 | 2008.11.01 | - |
McAfee | 5420 | 2008.11.01 | - |
Microsoft | 1.4005 | 2008.11.01 | Backdoor:Win32/Popwin.gen!E |
NOD32 | 3575 | 2008.10.31 | - |
Norman | 5.80.02 | 2008.10.31 | - |
Panda | 9.0.0.4 | 2008.10.31 | Suspicious file |
PCTools | 4.4.2.0 | 2008.10.31 | - |
Rising | 21.01.52.00 | 2008.11.01 | - |
SecureWeb-Gateway | 6.7.6 | 2008.11.01 | Trojan.Crypt.FKM.Gen |
File size: 118821 bytes |
MD5...: 11c84825d18cda35e029cb2f064c4c4c |
SHA1..: 50707257ba04733a40574d270d277d5a79c53793 |
SHA256: 82548eca44d99fec90b7a8bc36305ea64f42bac4816136e0efc1da791d1949d0 |
SHA512: 39c598842751674583595211aceb07f634b1d5f78ad2480931e399ecd3ad4e85 f7f202e895ac0d3e043b48fb3adf75e1aaf1a8b292284e54eeff10977c8acd2a |
PEiD..: - |
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
PEInfo: PE Structure information
( base data ) entrypointaddress.: 0x42c18e timedatestamp.....: 0x490bbc11 (Sat Nov 01 02:16:49 2008) machinetype.......: 0x14c (I386)
( 7 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x469e 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rdata 0x6000 0xae2 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .data 0x7000 0x43d8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .rsrc 0xc000 0x7b70 0x8000 5.81 b1aaf20b8bad7d9f153812fd61041879 .bad0 0x14000 0x91f0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e .bad1 0x1e000 0x12a15 0x13000 7.80 5396d2fbc675a7d7eeb8fb40cb872095 .reloc 0x31000 0x74 0x1000 0.24 a6cae4df4f392f68a6327fa6d3221d68
( 11 imports ) > urlmon.dll: URLDownloadToFileA > WININET.dll: DeleteUrlCacheEntry > MSVCRT.dll: _controlfp > KERNEL32.dll: GetStartupInfoA > USER32.dll: wsprintfA > ADVAPI32.dll: RegSetValueExA > SHELL32.dll: SHGetSpecialFolderPathA > ole32.dll: CoCreateGuid > SHLWAPI.dll: PathFileExistsA > KERNEL32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA > USER32.dll: MessageBoxA
( 1 exports ) _Dll2Main@@YGHPAUHINSTANCE__@@KPAX@Z
|
附件:
下载次数:512
文件类型:application/octet-stream
文件大小:
上传时间:2008-11-1 17:56:21
描述:rar
零三 最后编辑于 2008-11-01 17:57:04