VT Detection ratio: 1 / 43 7666784.dll

fireold

這個 gd 也攔截三次

*** Process ***

Process: 3260
File name: rundll32.exe
Path: c:\windows\system32\rundll32.exe

Publisher: Microsoft Windows
Creation date: 07/14/09 03:21:29
Modification date: 07/14/09 01:14:31

Started by: explorer.exe
Publisher: Microsoft Windows


*** Actions ***

The program has executed actions in the name of another program.
The program is trying to create a startup item to launch a program automatically at system startup.
The program has created or manipulated an executable file.
The program created a copy of itself.
An executable file was stored in a suspicious location.

YGLxKcwGKyd3YmJycgcsJygmJicILSctJyonCS4n1y4np3JyrHAqdIJCJyd0cnArJygnJycHqHKCcnJycoArJycnJyYG6HJyYmJycpArFp/SyZAtJwjpcnLLcsJycmugJyd7YmJysgeacnK2csJy8g+qcnK2oCwntywnLCe3BtpygmJicoKwKycnJiYnB6xygmJicoLALycnJycmBo1y0nLCcnLgLCcoJiYnCI9ycmJicnLwLCcnJycmBncqJweHKicsJyonCIcrJycmJicHhy0nJyYmJweHLicoJygmBpcvJygmJicIpysaujVmKisaujVmKicaujVmKgqnLifXCscvJ9cqJ5hycntwjnKC/QAA
Rules version: 4.1.0
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 30732

"C:\Windows\system32\rundll32.exe" "C:\7666784.dll",exp
C:\Windows\Explorer.EXE

-----------------------------------------------------------

*** Process ***

Process: 3660
File name: rundll32.exe
Path: c:\progra~2\rundll32.exe

Publisher: Microsoft Windows
Creation date: 05/19/13 12:25:01
Modification date: 05/19/13 12:25:03

Started by: rundll32.exe
Publisher: Microsoft Windows


*** Actions ***

The program has executed actions in the name of another program.
The program is trying to create a startup item to launch a program automatically at system startup.
The program establishes a network connection.
A network connection was established using another programs context.
An executable file was stored in a suspicious location.

YGLxkpmwcnInJiYnd8BygmJicoLQcpJygnJy4HJyrHJyLyenC6dCJycmJnRycCsnJyYmJweocnJiYnJygC4nJyYmJwe5YvGSiJAtJwjpcnJrcnIpJ5cNenKyJyYmJ3ugKSf/cnIpJ86gKif/oCwntyYnl3Jy2aAtJygmJicIu3JyYmJycsAqJygmJicIjXJyYmJycuAsJygmJicIj3JyYmJycnCncnJwqHKCcoJiYnC4cnJiYnJycNhycmJicnJw+XKCYmJygnC6oqFbY6aioqFbY6ZyoqFbY6aScOpycntw/HJye3JyKSeXDucoJ/cNAA
Rules version: 4.1.0
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 30732

C:\PROGRA~2\rundll32.exe C:\PROGRA~2\lffjm.dat,FG00
"C:\Windows\system32\rundll32.exe" "C:\7666784.dll",exp

------------------------------------------------

*** Process ***

Process: 1384
File name: rundll32.exe
Path: c:\progra~2\rundll32.exe

Publisher: Microsoft Windows
Creation date: 05/19/13 12:25:01
Modification date: 05/19/13 12:25:03

Started by: rundll32.exe
Publisher: Microsoft Windows


*** Actions ***

The program has executed actions in the name of another program.
The program establishes a network connection.
A network connection was established using another programs context.

YGLRjIKWsHJyJyd3YmLAcnJiYnJy4HLiKifXcsINuWLRjHKqkC4nbXJyLyd7oCcne2JicrIHmnJyLyf3YmKgKif3oCwnbXJyLyd7oC0nKCcoJgascoJygmJi4CwnKCcoJgaPcnJiYnJycNhycmJicnJw+XKCYmJygnC6oqFbY6aCoqFbY6Zy0rFdY7ZycOpy0gbHLydtcnIvJ3twjnJyvQAA
Rules version: 4.1.0
OS: Windows 6.1 Service Pack 1.0 Build: 7601 - Workstation 32bit OS
dll version: 30732

C:\PROGRA~2\rundll32.exe C:\PROGRA~2\lffjm.dat,FG03
C:\PROGRA~2\rundll32.exe C:\PROGRA~2\lffjm.dat,FG00