发表于: 2010-06-22 23:08 | 显示全部 短消息 资料
字号: 1楼

3d1594e2f4ee4d8d8186b96cde48add3---runie.dll.rar


 附件: 您所在的用户组无法下载或查看附件

文件说明符 : C:\WINDOWS\system32\runie.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2010-6-21 12:26:48
修改时间 : 2010-6-21 12:26:48
大小 : 53248 字节 52.0 KB
MD5 : 3d1594e2f4ee4d8d8186b96cde48add3
SHA1: 219439C5095CFC64BA2E1B02080270AE11CADBAA
CRC32: a32fc17d

反病毒引擎 版本 最后更新 扫描结果
a-squared 5.0.0.30 2010.06.22 Trojan-Downloader.Agent!IK
AhnLab-V3 2010.06.22.02 2010.06.22 Spyware/Win32.Gampass
AntiVir 8.2.2.6 2010.06.22 TR/Dldr.Agent.tht
Antiy-AVL 2.0.3.7 2010.06.22 -
Authentium 5.2.0.5 2010.06.22 -
Avast 4.8.1351.0 2010.06.22 -
Avast5 5.0.332.0 2010.06.22 -
AVG 9.0.0.787 2010.06.22 -
BitDefender 7.2 2010.06.22 -
CAT-QuickHeal 10.00 2010.06.22 -
ClamAV 0.96.0.3-git 2010.06.22 -
Comodo 5183 2010.06.22 -
DrWeb 5.0.2.03300 2010.06.22 -
eSafe 7.0.17.0 2010.06.22 Win32.TRDldr.Agent.T
eTrust-Vet 36.1.7658 2010.06.22 -
F-Prot 4.6.1.107 2010.06.21 -
F-Secure 9.0.15370.0 2010.06.22 -
Fortinet 4.1.133.0 2010.06.22 -
GData 21 2010.06.22 -
Ikarus T3.1.1.84.0 2010.06.22 Trojan-Downloader.Agent
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.22 -
McAfee 5.400.0.1158 2010.06.22 -
McAfee-GW-Edition 2010.1 2010.06.22 Artemis!3D1594E2F4EE
Microsoft 1.5902 2010.06.22 -
NOD32 5218 2010.06.22 -
Norman 6.05.10 2010.06.22 -
nProtect 2010-06-22.01 2010.06.22 -
Panda 10.0.2.7 2010.06.21 Suspicious file
PCTools 7.0.3.5 2010.06.22 Trojan-PSW.Gampass
Prevx 3.0 2010.06.22 Medium Risk Malware
Rising 22.53.01.04 2010.06.22 -
Sophos 4.54.0 2010.06.22 -
Sunbelt 6483 2010.06.21 -
Symantec 20101.1.0.89 2010.06.22 Infostealer.Gampass
TheHacker 6.5.2.0.302 2010.06.22 -
TrendMicro 9.120.0.1004 2010.06.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.22 -
VBA32 3.12.12.5 2010.06.22 -
ViRobot 2010.6.21.3896 2010.06.22 -
VirusBuster 5.0.27.0 2010.06.22 -
附加信息
File size: 53248 bytes
MD5...: 3d1594e2f4ee4d8d8186b96cde48add3
SHA1..: 219439c5095cfc64ba2e1b02080270ae11cadbaa
SHA256: 07c3e2ab3341713c2f0c65867c37d46ee6edd5fac7b7d55b7a06d161c97b370e
ssdeep: 768:6+kSMrrlGMs46oYQhb3TNvUq56e+SxVXkolniB9AQgpmtGRs4b1Y:61SMjRx
R3TNvIScolmQsG

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x241b
timedatestamp.....: 0x4c1d13a8 (Sat Jun 19 18:59:52 2010)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7856 0x8000 6.47 cc3ef498e5c666d4d7f273d80762d631
.rdata 0x9000 0xda8 0x1000 4.82 7c8391598020af05eca37246042beee1
.data 0xa000 0x28c8 0x2000 2.40 3745644c928056a8e1623a0be9fbf08b
.reloc 0xd000 0xe38 0x1000 3.71 51c00143328ecb31f25726f154e5a72f

( 3 imports )
> KERNEL32.dll: Sleep, CreateProcessA, GetSystemDirectoryA, GetModuleFileNameA, GetPrivateProfileStringA, WritePrivateProfileStringA, TerminateProcess, WaitForSingleObject, GetLastError, OutputDebugStringA, RtlUnwind, LCMapStringW, LCMapStringA, SetEndOfFile, LoadLibraryA, GetOEMCP, HeapFree, HeapAlloc, GetFileAttributesA, GetCommandLineA, GetVersion, HeapDestroy, HeapCreate, VirtualFree, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ExitProcess, VirtualAlloc, HeapReAlloc, CloseHandle, WriteFile, ReadFile, GetProcAddress, GetModuleHandleA, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetFilePointer, InterlockedDecrement, InterlockedIncrement, SetStdHandle, FlushFileBuffers, CreateFileA, MultiByteToWideChar, GetStringTypeA, GetStringTypeW, GetCPInfo, GetACP
> USER32.dll: CreateDesktopA, OpenDesktopA, CloseDesktop
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -

( 2 exports )
GetDLlVersion, Run

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=858DEB5F00F02163D023002DD0803D00A579B2D0' target='_blank'>http://info.prevx.com/aboutprogr ... D0803D00A579B2D0<;/a>

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; Maxthon)
http://blog.csdn.net/purpleendurer

宠辱不惊,笑看堂前花开花落; 去留无意,漫随天外云卷云舒。