|
社区嘉宾
- 帖子:22020
- 注册:
2003-04-29
- 来自:pe_xscan Studio
|
发表于:
2010-06-22 22:56
|
显示全部
短消息
资料
6091f8462733811243247323604dbc3c-----nsDk.dll.rar
 附件: 您所在的用户组无法下载或查看附件O2 - IeAddOn(HkcuExSt) - - {57CC5BE6-65FB-4533-B5C3-11DF00ACC50B} = C:\WINDOWS\system32\nsDk.dll 文件说明符 : C:\WINDOWS\system32\nsDk.dll 属性 : ---- 数字签名:否 PE文件:是 获取文件版本信息大小失败! 创建时间 : 2008-4-14 20:0:0 修改时间 : 2008-4-14 20:0:0 大小 : 53248 字节 52.0 KB MD5 : 6091f8462733811243247323604dbc3c SHA1: 49C66E1D34CD47F2FBFD2F27258BC4402CCE77D0 CRC32: 7279b9b5 文件 nsDk.dll 接收于 2010.06.22 14:46:23 (UTC) | 反病毒引擎 | 版本 | 最后更新 | 扫描结果 | | a-squared | 5.0.0.30 | 2010.06.22 | Trojan.Win32.Jkfg!IK | | AhnLab-V3 | 2010.06.22.02 | 2010.06.22 | Win-Trojan/Agent.53248.AIQ | | AntiVir | 8.2.2.6 | 2010.06.22 | TR/Crypt.XPACK.Gen | | Antiy-AVL | 2.0.3.7 | 2010.06.22 | - | | Authentium | 5.2.0.5 | 2010.06.22 | W32/Koutodoor.J.gen!Eldorado | | Avast | 4.8.1351.0 | 2010.06.22 | Win32:Caxnet | | Avast5 | 5.0.332.0 | 2010.06.22 | Win32:Caxnet | | AVG | 9.0.0.787 | 2010.06.22 | Win32/Cryptor | | BitDefender | 7.2 | 2010.06.22 | Gen:Variant.Koutodoor.3 | | CAT-QuickHeal | 10.00 | 2010.06.22 | - | | ClamAV | 0.96.0.3-git | 2010.06.22 | - | | Comodo | 5183 | 2010.06.22 | TrojWare.Win32.Zybr.B | | DrWeb | 5.0.2.03300 | 2010.06.22 | Trojan.Siggen1.49071 | | eSafe | 7.0.17.0 | 2010.06.22 | - | | eTrust-Vet | 36.1.7658 | 2010.06.22 | - | | F-Prot | 4.6.1.107 | 2010.06.21 | W32/Koutodoor.J.gen!Eldorado | | F-Secure | 9.0.15370.0 | 2010.06.22 | Gen:Variant.Koutodoor.3 | | Fortinet | 4.1.133.0 | 2010.06.22 | - | | GData | 21 | 2010.06.22 | Gen:Variant.Koutodoor.3 | | Ikarus | T3.1.1.84.0 | 2010.06.22 | Trojan.Win32.Jkfg | | Jiangmin | 13.0.900 | 2010.06.15 | Heur:Trojan/JunkCode | | Kaspersky | 7.0.0.125 | 2010.06.22 | Trojan.Win32.Jkfg.qs | | McAfee | 5.400.0.1158 | 2010.06.22 | BackDoor-EPM.gen.a | | McAfee-GW-Edition | 2010.1 | 2010.06.22 | BackDoor-EPM.gen.a | | Microsoft | 1.5902 | 2010.06.22 | Trojan:Win32/Koutodoor.C!dll | | NOD32 | 5218 | 2010.06.22 | - | | Norman | 6.05.10 | 2010.06.22 | - | | nProtect | 2010-06-22.01 | 2010.06.22 | Gen:Variant.Koutodoor.3 | | Panda | 10.0.2.7 | 2010.06.21 | Trj/Jkfg.B | | PCTools | 7.0.3.5 | 2010.06.22 | - | | Prevx | 3.0 | 2010.06.22 | Medium Risk Malware | | Rising | 22.53.01.04 | 2010.06.22 | - | | Sophos | 4.54.0 | 2010.06.22 | Troj/BHO-PX | | Sunbelt | 6483 | 2010.06.21 | - | | Symantec | 20101.1.0.89 | 2010.06.22 | - | | TheHacker | 6.5.2.0.302 | 2010.06.22 | Trojan/Jkfg.qs | | TrendMicro | 9.120.0.1004 | 2010.06.22 | - | | TrendMicro-HouseCall | 9.120.0.1004 | 2010.06.22 | - | | VBA32 | 3.12.12.5 | 2010.06.22 | Trojan.Win32.Jkfg.qs | | ViRobot | 2010.6.21.3896 | 2010.06.22 | Trojan.Win32.Jkfg.53248 | | VirusBuster | 5.0.27.0 | 2010.06.22 | - |
| | 附加信息 | | File size: 53248 bytes | | MD5...: 6091f8462733811243247323604dbc3c | | SHA1..: 49c66e1d34cd47f2fbfd2f27258bc4402cce77d0 | | SHA256: 4ecf2a4c63eaee3a7d551c70662bcd82de7577621222dbdf4ea3bff0a2f67450 | | ssdeep: 1536:aAEuW40wl3K9AOChYpGda/Mtr2TtgH2n:abL4Vl3K9AjSsa/MR2JgH2<BR> | | PEiD..: - | | PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x7f81<BR>timedatestamp.....: 0x4c113b5b (Thu Jun 10 19:22:03 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x7030 0x8000 6.32 2cbc9168829178fc2ba8d0287db52c30<BR>.rdata 0x9000 0xbc4 0x1000 4.25 09289effa121510f3c3da79bc524f48a<BR>.data 0xa000 0xfcc 0x1000 5.55 60b38a046a9b098458c94d110e77eaec<BR>.rsrc 0xb000 0x650 0x1000 1.51 a32641df552fa0b2fa66cd29371e7a62<BR>.reloc 0xc000 0x6a8 0x1000 3.21 be4f84f1307be431cb3d3cacf3b09fa6<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: GetLocalTime, WritePrivateProfileStringA, GetModuleFileNameA, GetWindowsDirectoryA, GetSystemDirectoryA, GetProcAddress, DeleteFileA, LeaveCriticalSection, EnterCriticalSection, GetLastError, CreateEventA, MoveFileA, SetFileAttributesA, MultiByteToWideChar, FindNextFileA, FindFirstFileA, GetCommandLineW, DisableThreadLibraryCalls, Process32First, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, HeapAlloc, GetSystemInfo, GetVersionExA, HeapCreate, HeapDestroy, lstrlenW, lstrlenA, GetShortPathNameA, GetModuleHandleA, Sleep, CreateThread, WideCharToMultiByte, Process32Next, CloseHandle, LoadLibraryA, FreeLibrary, InitializeCriticalSection, GetCurrentProcessId<BR>> USER32.dll: GetMessageA, TranslateMessage, DispatchMessageA, CallNextHookEx, SetWindowTextA, SendMessageA, RegisterClassExA, IsWindow, ShowWindow, FindWindowExA, KillTimer, SetTimer, PostMessageA, DefWindowProcA, CreateWindowExA<BR>> ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey<BR>> SHELL32.dll: CommandLineToArgvW<BR>> ole32.dll: CoInitialize, CoCreateInstance<BR>> OLEAUT32.dll: -, -, -, -, -<BR>> MSVCRT.dll: _strlwr, memcmp, memcpy, _purecall, strchr, fopen, fwrite, free, _initterm, malloc, _adjust_fdiv, _stricmp, rand, fclose, strrchr, strcmp, __2@YAPAXI@Z, memset, _access, strstr, strlen, sprintf, __3@YAXPAX@Z, strcpy, strcat<BR><BR>( 4 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<BR> | | RDS...: NSRL Reference Data Set<BR>- | | pdfid.: - | | trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) | | Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security ... 2010-021223-0550-99 | | sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> | | <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=644B84E100073E4DD05F001D8D517300EE9F0810' target='_blank'>http://info.prevx.com/aboutprogr ... D517300EE9F0810&;lt;/a> |
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; Maxthon)
|
