这个folder.exe到底是什么？

ashe_vaan

很久以前在同学U盘发现过。就它一个文件。
搜索了一下，发现这个帖子里也发过：http://bbs.kafan.cn/viewthread.php?tid=58414
但文件大小和我的不一样。多引擎扫描没有一个杀软报毒。

库洛洛

The file 'folder.exe' has been determined to be 'KNOWN CLEAN'. In particular this means that we could not find any malicious content. Please note that the file is part of 'Ostrosoft Internet Tools 6.2'.

KNOWN CLEAN

bytin

啥也扫不出来

qxc0574

Disassembly of File: folder.exe
Code Offset = 00001000, Code Size = 00011000
Data Offset = 00012000, Data Size = 00001000

Number of Objects = 0004 (dec), Imagebase = 22170000h

   Object01: .text    RVA: 00001000 Offset: 00001000 Size: 00011000 Flags: 60000020
   Object02: .data    RVA: 00012000 Offset: 00012000 Size: 00001000 Flags: C0000040
   Object03: .rsrc    RVA: 00013000 Offset: 00013000 Size: 00007000 Flags: C0000040
   Object04: .reloc   RVA: 0001A000 Offset: 0001A000 Size: 00002000 Flags: 42000040


+++++++++++++++++++ MENU INFORMATION ++++++++++++++++++

        There Are No Menu Resources in This Application

+++++++++++++++++ DIALOG INFORMATION ++++++++++++++++++

Number of Dialogs =    2 (decimal)

Name: DialogID_0191, # of Controls=007, Caption:"About Microsoft Winsock Control", ClassName:""
     001 - ControlID:FFFF, Control Class:"STATIC" Control Text:""
     002 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Microsoft Winsock ActiveX Control 6.0 (SP6)"
     003 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Copyright ?1997-2000, Microsoft Corp."
     004 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Copyright ?1997, NetManage Inc."
     005 - ControlID:0001, Control Class:"BUTTON" Control Text:"OK"
     006 - ControlID:00CD, Control Class:"STATIC" Control Text:"6.0 (SP6)"
     007 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Version"
Name: DialogID_0192, # of Controls=008, Caption:"", ClassName:""
     001 - ControlID:FFFF, Control Class:"STATIC" Control Text:"&Protocol"
     002 - ControlID:00C9, Control Class:"COMBOBOX" Control Text:""
     003 - ControlID:FFFF, Control Class:"STATIC" Control Text:"Remote&Host"
     004 - ControlID:00CA, Control Class:"EDIT" Control Text:""
     005 - ControlID:FFFF, Control Class:"STATIC" Control Text:"RemoteP&ort"
     006 - ControlID:00CB, Control Class:"EDIT" Control Text:""
     007 - ControlID:FFFF, Control Class:"STATIC" Control Text:"&LocalPort"
     008 - ControlID:00CC, Control Class:"EDIT" Control Text:""

+++++++++++++++++++ IMPORTED FUNCTIONS ++++++++++++++++++
Number of Imported Modules =    7 (decimal)

   Import Module 001: WSOCK32.dll
   Import Module 002: KERNEL32.dll
   Import Module 003: USER32.dll
   Import Module 004: ole32.dll
   Import Module 005: ADVAPI32.dll
   Import Module 006: OLEAUT32.dll
   Import Module 007: GDI32.dll

+++++++++++++++++++ IMPORT MODULE DETAILS +++++++++++++++

   Import Module 001: WSOCK32.dll

Addr:80000001 hint(0001) Name: accept
Addr:8000000D hint(000D) Name: listen
Addr:8000000C hint(000C) Name: ioctlsocket
Addr:80000010 hint(0010) Name: recv
Addr:8000006F hint(006F) Name: WSAGetLastError
Addr:80000070 hint(0070) Name: WSASetLastError
Addr:80000012 hint(0012) Name: select
Addr:80000097 hint(0097) Name: __WSAFDIsSet
Addr:80000016 hint(0016) Name: shutdown
Addr:8000000F hint(000F) Name: ntohs
Addr:80000014 hint(0014) Name: sendto
Addr:80000011 hint(0011) Name: recvfrom
Addr:80000004 hint(0004) Name: connect
Addr:80000007 hint(0007) Name: getsockopt
Addr:80000015 hint(0015) Name: setsockopt
Addr:80000006 hint(0006) Name: getsockname
Addr:80000005 hint(0005) Name: getpeername
Addr:80000003 hint(0003) Name: closesocket
Addr:8000006C hint(006C) Name: WSACancelAsyncRequest
Addr:80000033 hint(0033) Name: gethostbyaddr
Addr:80000002 hint(0002) Name: bind
Addr:80000065 hint(0065) Name: WSAAsyncSelect
Addr:80000017 hint(0017) Name: socket
Addr:80000073 hint(0073) Name: WSAStartup
Addr:80000074 hint(0074) Name: WSACleanup
Addr:8000000B hint(000B) Name: inet_ntoa
Addr:80000067 hint(0067) Name: WSAAsyncGetHostByName
Addr:80000066 hint(0066) Name: WSAAsyncGetHostByAddr
Addr:80000034 hint(0034) Name: gethostbyname
Addr:80000009 hint(0009) Name: htons
Addr:80000039 hint(0039) Name: gethostname
Addr:8000000A hint(000A) Name: inet_addr
Addr:80000013 hint(0013) Name: send

   Import Module 002: KERNEL32.dll

Addr:00011332 hint(026E) Name: WideCharToMultiByte
Addr:00011462 hint(014C) Name: GetVersion
Addr:00011470 hint(0116) Name: GetProcAddress
Addr:000113EE hint(00FC) Name: GetModuleFileNameA
Addr:00011404 hint(0179) Name: InitializeCriticalSection
Addr:000112C8 hint(016E) Name: HeapFree
Addr:000112D4 hint(0168) Name: HeapAlloc
Addr:000112E0 hint(0118) Name: GetProcessHeap
Addr:000112F2 hint(029E) Name: lstrcpynA
Addr:000112FE hint(029B) Name: lstrcpyA
Addr:0001130A hint(02A1) Name: lstrlenA
Addr:00011316 hint(0292) Name: lstrcatA
Addr:00011322 hint(0186) Name: IsBadWritePtr
Addr:00011446 hint(0051) Name: DisableThreadLibraryCalls
Addr:00011348 hint(02A2) Name: lstrlenW
Addr:00011354 hint(018F) Name: LeaveCriticalSection
Addr:0001136C hint(00D6) Name: GetCurrentThreadId
Addr:00011382 hint(0058) Name: EnterCriticalSection
Addr:0001139A hint(019A) Name: LocalFree
Addr:000113A6 hint(0093) Name: FormatMessageA
Addr:000113B8 hint(0145) Name: GetTickCount
Addr:000113C8 hint(01AB) Name: MultiByteToWideChar
Addr:000113DE hint(021E) Name: SetLastError
Addr:000114C0 hint(00F6) Name: GetLocaleInfoA
Addr:00011420 hint(004C) Name: DeleteCriticalSection
Addr:00011438 hint(0098) Name: FreeLibrary
Addr:0001155C hint(0295) Name: lstrcmpA
Addr:000114EA hint(017B) Name: InterlockedDecrement
Addr:00011482 hint(00E8) Name: GetFileAttributesA
Addr:00011498 hint(0151) Name: GetWindowsDirectoryA
Addr:000114B0 hint(0190) Name: LoadLibraryA
Addr:0001150E hint(00F4) Name: GetLastError
Addr:000114D2 hint(017E) Name: InterlockedIncrement
Addr:00011502 hint(0298) Name: lstrcmpiA
Addr:0001153E hint(0089) Name: FindResourceA
Addr:0001151E hint(01A3) Name: LockResource
Addr:0001152E hint(0195) Name: LoadResource
Addr:0001154E hint(0171) Name: HeapReAlloc

   Import Module 003: USER32.dll

Addr:000116F6 hint(00B4) Name: EndDialog
Addr:00011702 hint(00A0) Name: DrawEdge
Addr:000116E4 hint(008E) Name: DialogBoxParamA
Addr:0001170E hint(0172) Name: LoadCursorA
Addr:000116C4 hint(0195) Name: MessageBoxA
Addr:000116D2 hint(00D5) Name: GetActiveWindow
Addr:00011734 hint(00EE) Name: GetDC
Addr:0001173C hint(0021) Name: CharNextA
Addr:00011728 hint(01CD) Name: ReleaseDC
Addr:00011756 hint(0203) Name: SetParent
Addr:00011762 hint(013D) Name: GetWindowRect
Addr:00011748 hint(022D) Name: ShowWindow
Addr:00011782 hint(025E) Name: WinHelpA
Addr:0001178E hint(0160) Name: IsDialogMessageA
Addr:000117A2 hint(0137) Name: GetWindow
Addr:000117AE hint(011B) Name: GetNextDlgTabItem
Addr:000117C2 hint(0168) Name: IsWindowEnabled
Addr:000117D4 hint(00F3) Name: GetDlgItem
Addr:000117E2 hint(015D) Name: IsChild
Addr:000117EC hint(0101) Name: GetKeyState
Addr:00011772 hint(021E) Name: SetWindowPos
Addr:000116B6 hint(0170) Name: LoadBitmapA
Addr:00011824 hint(016A) Name: IsWindowVisible
Addr:00011836 hint(00B6) Name: EndPaint
Addr:00011842 hint(00E4) Name: GetClientRect
Addr:00011852 hint(0009) Name: BeginPaint
Addr:000116A2 hint(012C) Name: GetSystemMetrics
Addr:00011676 hint(00F5) Name: GetDlgItemTextA
Addr:0001187A hint(0036) Name: ClientToScreen
Addr:0001188C hint(01A5) Name: OffsetRect
Addr:0001189A hint(00C9) Name: EqualRect
Addr:000118A6 hint(0151) Name: IntersectRect
Addr:000118B6 hint(021F) Name: SetWindowRgn
Addr:000118C6 hint(01BB) Name: PtInRect
Addr:000118D2 hint(0194) Name: MessageBeep
Addr:00011694 hint(0183) Name: LoadStringA
Addr:00011688 hint(0167) Name: IsWindow
Addr:00011806 hint(0048) Name: CreateDialogIndirectParamA
Addr:000117FA hint(011D) Name: GetParent
Addr:00011664 hint(01F2) Name: SetDlgItemTextA
Addr:0001161E hint(01DA) Name: SendMessageA
Addr:0001160C hint(0080) Name: DefWindowProcA
Addr:000115FA hint(013A) Name: GetWindowLongA
Addr:000115EA hint(008A) Name: DestroyWindow
Addr:000115C6 hint(021B) Name: SetWindowLongA
Addr:000115BA hint(016D) Name: KillTimer
Addr:000115AE hint(0216) Name: SetTimer
Addr:0001159A hint(024D) Name: UnregisterClassA
Addr:00011588 hint(01BE) Name: RegisterClassA
Addr:00011578 hint(01AF) Name: PeekMessageA
Addr:00011568 hint(01B1) Name: PostMessageA
Addr:0001164E hint(01D8) Name: SendDlgItemMessageA
Addr:0001163E hint(00F4) Name: GetDlgItemInt
Addr:0001162E hint(01F1) Name: SetDlgItemInt
Addr:00011860 hint(01F5) Name: SetFocus
Addr:0001186C hint(019D) Name: MoveWindow
Addr:000115D8 hint(0055) Name: CreateWindowExA
Addr:0001171C hint(0264) Name: wsprintfA

   Import Module 004: ole32.dll

Addr:000118F0 hint(0044) Name: CoTaskMemAlloc
Addr:000118E0 hint(0045) Name: CoTaskMemFree
Addr:00011902 hint(000C) Name: CoCreateInstance
Addr:00011916 hint(0056) Name: CreateOleAdviseHolder

   Import Module 005: ADVAPI32.dll

Addr:0001192E hint(0120) Name: RegDeleteValueA
Addr:000119C4 hint(0135) Name: RegQueryValueA
Addr:000119B6 hint(012D) Name: RegOpenKeyA
Addr:000119A2 hint(0136) Name: RegQueryValueExA
Addr:00011992 hint(0123) Name: RegEnumKeyExA
Addr:00011982 hint(011E) Name: RegDeleteKeyA
Addr:00011972 hint(012E) Name: RegOpenKeyExA
Addr:00011960 hint(011B) Name: RegCreateKeyExA
Addr:0001194E hint(0141) Name: RegSetValueExA
Addr:00011940 hint(0117) Name: RegCloseKey

   Import Module 006: OLEAUT32.dll

Addr:8000000C hint(000C) Name: VariantChangeType
Addr:80000004 hint(0004) Name: SysAllocStringLen
Addr:80000002 hint(0002) Name: SysAllocString
Addr:80000028 hint(0028) Name: SafeArrayRedim
Addr:80000007 hint(0007) Name: SysStringLen
Addr:800000A3 hint(00A3) Name: RegisterTypeLib
Addr:800000A1 hint(00A1) Name: LoadTypeLib
Addr:800000BA hint(00BA) Name: UnRegisterTypeLib
Addr:800000B7 hint(00B7) Name: LoadTypeLibEx
Addr:800001A1 hint(01A1) Name: OleCreatePropertyFrame
Addr:800000A2 hint(00A2) Name: LoadRegTypeLib
Addr:800000C9 hint(00C9) Name: SetErrorInfo
Addr:80000006 hint(0006) Name: SysFreeString
Addr:800000CA hint(00CA) Name: CreateErrorInfo
Addr:800000C8 hint(00C8) Name: GetErrorInfo
Addr:80000018 hint(0018) Name: SafeArrayUnaccessData
Addr:80000010 hint(0010) Name: SafeArrayDestroy
Addr:80000009 hint(0009) Name: VariantClear
Addr:80000096 hint(0096) Name: SysAllocStringByteLen
Addr:8000000F hint(000F) Name: SafeArrayCreate
Addr:80000095 hint(0095) Name: SysStringByteLen
Addr:80000013 hint(0013) Name: SafeArrayGetUBound
Addr:80000014 hint(0014) Name: SafeArrayGetLBound
Addr:80000012 hint(0012) Name: SafeArrayGetElemsize
Addr:80000008 hint(0008) Name: VariantInit
Addr:80000017 hint(0017) Name: SafeArrayAccessData
Addr:80000011 hint(0011) Name: SafeArrayGetDim

   Import Module 007: GDI32.dll

Addr:00011A30 hint(00C7) Name: GetDeviceCaps
Addr:00011A1A hint(001F) Name: CreateCompatibleDC
Addr:00011A40 hint(003C) Name: CreateRectRgnIndirect
Addr:00011A6C hint(0111) Name: GetWindowExtEx
Addr:00011A58 hint(010E) Name: GetViewportExtEx
Addr:000119F4 hint(0043) Name: DeleteDC
Addr:000119E4 hint(0046) Name: DeleteObject
Addr:000119D6 hint(00EA) Name: GetObjectA
Addr:00011A7E hint(0116) Name: LPtoDP
Addr:00011A88 hint(0161) Name: SetMapMode
Addr:00011A96 hint(0174) Name: SetViewportExtEx
Addr:00011AAA hint(0178) Name: SetWindowExtEx
Addr:00011ABC hint(0175) Name: SetViewportOrgEx
Addr:00011AD0 hint(0179) Name: SetWindowOrgEx
Addr:00011AE2 hint(0020) Name: CreateDCA
Addr:00011A00 hint(000A) Name: BitBlt
Addr:00011A0A hint(014A) Name: SelectObject

+++++++++++++++++++ EXPORTED FUNCTIONS ++++++++++++++++++
Number of Exported Functions = 0005 (decimal)


Addr:2217B5BC Ord:   1 (0001h) Name: DLLGetDocumentation
Addr:22171660 Ord:   2 (0002h) Name: DllCanUnloadNow
Addr:22171D6B Ord:   3 (0003h) Name: DllGetClassObject
Addr:2217B65D Ord:   4 (0004h) Name: DllRegisterServer
Addr:2217B67A Ord:   5 (0005h) Name: DllUnregisterServer

qxc0574

还是删除好了!!

qigang

不是病毒。

4楼已给答案。

sunqqq1987

双击没启动

ashe_vaan

Disassembly是分解的意思。
你是在用一个分解软件的软件分析了folder.exe？
不懂，没见过