EXE拖壳前
文件 062_____________________.exe 接收于 2008.09.04 17:10:10 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止
结果: 14/36 (38.89%)
正在读取服务器信息中...
您的文件所排队列位置: 1.
预计开始时间为 39 和 56 秒之间.
扫描完成前请勿关闭窗口.
目前针对您的文件所进行的扫描进程已停止, 我们将会在稍后恢复.
如果您的等候时间超过 5 分钟, 请重新发送文件.
您的文件目前正在被 VirusTotal 扫描中,
结果将会稍后完成时生成.
您的文件已过期或不存在.
目前服务已停止, 您的文件将会稍后的未知时间内进行扫描 (位置:
). 您可以继续等待回应 (自动读取) 或者在下面的表单内输入您的电子邮件地址, 并按下 "获取", 当扫描完成时, 系统会自动给您发送电子邮件通知.
反病毒引擎 | 版本 | 最后更新 | 扫描结果 | AhnLab-V3 | 2008.9.4.2 | 2008.09.04 | - | AntiVir | 7.8.1.28 | 2008.09.04 | TR/Crypt.XPACK.Gen | Authentium | 5.1.0.4 | 2008.09.03 | - | Avast | 4.8.1195.0 | 2008.09.04 | Win32:Trojan-gen {Other} | AVG | 8.0.0.161 | 2008.09.04 | - | BitDefender | 7.2 | 2008.09.04 | Packer.RLPack.D | CAT-QuickHeal | 9.50 | 2008.09.02 | - | ClamAV | 0.93.1 | 2008.09.04 | - | DrWeb | 4.44.0.09170 | 2008.09.04 | - | eSafe | 7.0.17.0 | 2008.09.03 | Suspicious File | eTrust-Vet | 31.6.6069 | 2008.09.04 | - | Ewido | 4.0 | 2008.09.03 | - | F-Prot | 4.4.4.56 | 2008.09.03 | - | F-Secure | 8.0.14332.0 | 2008.09.04 | - | Fortinet | 3.14.0.0 | 2008.09.03 | - | GData | 19 | 2008.09.04 | Win32:Trojan-gen | Ikarus | T3.1.1.34.0 | 2008.09.04 | Packer.RLPack.D | K7AntiVirus | 7.10.441 | 2008.09.04 | Backdoor.Win32.RLPack.D | Kaspersky | 7.0.0.125 | 2008.09.04 | - | McAfee | 5376 | 2008.09.03 | New Win32 | Microsoft | 1.3903 | 2008.09.04 | - | NOD32v2 | 3415 | 2008.09.04 | - | Norman | 5.80.02 | 2008.09.04 | W32/Smalltroj.EOJC | Panda | 9.0.0.4 | 2008.09.03 | Generic Trojan | PCTools | 4.4.2.0 | 2008.09.04 | - | Prevx1 | V2 | 2008.09.04 | Malicious Software | Rising | 20.60.31.00 | 2008.09.04 | - | Sophos | 4.33.0 | 2008.09.04 | Mal/Generic-A | Sunbelt | 3.1.1582.1 | 2008.09.02 | - | Symantec | 10 | 2008.09.04 | Trojan Horse | TheHacker | 6.3.0.8.072 | 2008.09.04 | - | TrendMicro | 8.700.0.1004 | 2008.09.04 | - | VBA32 | 3.12.8.5 | 2008.09.04 | - | ViRobot | 2008.9.4.1363 | 2008.09.04 | - | VirusBuster | 4.5.11.0 | 2008.09.04 | - | Webwasher-Gateway | 6.6.2 | 2008.09.04 | Trojan.Crypt.XPACK.Gen |
附加信息 | File size: 119970 bytes | MD5...: 8f77b2b5c8f10f7d8919f91a1dec127b | SHA1..: fcbcc7487564c75565b097f661d0b072ca1aec56 | SHA256: b198e56329cfc8d87fdbbe29c7cb8ca69234d88c9edeccbbf91f769f1b22bde9 | SHA512: d4ec5f4fed12fbdfaa0ce737ae319e0764aeafa880a82cc7a8f6fa7c5bbf9cc9
dc011880645571f59e8aabd0f554b9555770e14da8f939516ae7f6c2c0957270 | PEiD..: - | TrID..: File type identification
Win32 EXE Yoda's Crypter (56.9%)
Win32 Executable Generic (18.2%)
Win32 Dynamic Link Library (generic) (16.2%)
Generic Win/DOS Executable (4.2%)
DOS Executable Generic (4.2%) | PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x447c78
timedatestamp.....: 0x48365b55 (Fri May 23 05:51:17 2008)
machinetype.......: 0x14c (I386)
( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.packed 0x1000 0x2a000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.RLPack 0x2b000 0x1d2a2 0x1d2a2 7.79 1415a3e3705d70d0dfc7da6903548c69
( 1 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree, VirtualProtect
( 0 exports )
| Prevx info: http://info.prevx.com/aboutprogr ... 1114CB8DB00A2BB65CD | packers (F-Prot): RLPack | packers (Kaspersky): RLPack |
使用脱壳机脱壳后
文件 062______________________unpacked 接收于 2008.09.04 17:13:24 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止
结果: 3/35 (8.58%)
正在读取服务器信息中...
您的文件所排队列位置: ___.
预计开始时间为 ___ 和 ___
之间.
扫描完成前请勿关闭窗口.
目前针对您的文件所进行的扫描进程已停止, 我们将会在稍后恢复.
如果您的等候时间超过 5 分钟, 请重新发送文件.
您的文件目前正在被 VirusTotal 扫描中,
结果将会稍后完成时生成.
您的文件已过期或不存在.
目前服务已停止, 您的文件将会稍后的未知时间内进行扫描 (位置:
). 您可以继续等待回应 (自动读取) 或者在下面的表单内输入您的电子邮件地址, 并按下 "获取", 当扫描完成时, 系统会自动给您发送电子邮件通知.
反病毒引擎 | 版本 | 最后更新 | 扫描结果 | AhnLab-V3 | 2008.9.4.2 | 2008.09.04 | - | AntiVir | 7.8.1.28 | 2008.09.04 | - | Authentium | 5.1.0.4 | 2008.09.03 | - | Avast | 4.8.1195.0 | 2008.09.04 | - | AVG | 8.0.0.161 | 2008.09.04 | Win32/PolyCrypt | BitDefender | 7.2 | 2008.09.04 | - | CAT-QuickHeal | 9.50 | 2008.09.02 | - | ClamAV | 0.93.1 | 2008.09.04 | - | DrWeb | 4.44.0.09170 | 2008.09.04 | - | eSafe | 7.0.17.0 | 2008.09.03 | - | eTrust-Vet | 31.6.6069 | 2008.09.04 | - | Ewido | 4.0 | 2008.09.03 | - | F-Prot | 4.4.4.56 | 2008.09.03 | - | F-Secure | 8.0.14332.0 | 2008.09.04 | - | Fortinet | 3.14.0.0 | 2008.09.03 | - | GData | 19 | 2008.09.04 | - | Ikarus | T3.1.1.34.0 | 2008.09.04 | - | K7AntiVirus | 7.10.441 | 2008.09.04 | - | Kaspersky | 7.0.0.125 | 2008.09.04 | - | McAfee | 5376 | 2008.09.03 | - | Microsoft | 1.3903 | 2008.09.04 | - | NOD32v2 | 3415 | 2008.09.04 | - | Norman | 5.80.02 | 2008.09.04 | - | Panda | 9.0.0.4 | 2008.09.03 | Suspicious file | PCTools | 4.4.2.0 | 2008.09.04 | - | Prevx1 | V2 | 2008.09.04 | - | Rising | 20.60.31.00 | 2008.09.04 | - | Sophos | 4.33.0 | 2008.09.04 | - | Sunbelt | 3.1.1582.1 | 2008.09.02 | - | TheHacker | 6.3.0.8.072 | 2008.09.04 | - | TrendMicro | 8.700.0.1004 | 2008.09.04 | - | VBA32 | 3.12.8.5 | 2008.09.04 | - | ViRobot | 2008.9.4.1363 | 2008.09.04 | - | VirusBuster | 4.5.11.0 | 2008.09.04 | - | Webwasher-Gateway | 6.6.2 | 2008.09.04 | Win32.Malware.gen (suspicious) |
附加信息 | File size: 287426 bytes | MD5...: 4a409d1f346ab4f939ef4441a769404a | SHA1..: 0d0eec924fce66f4eb6f48df877b4ac1cfd03a1e | SHA256: af4abc586868895fc075fe8a9c119b37f193648b288c9460268f7ce64258a391 | SHA512: 58802e1f7cfe825bfe10501be673a9e2d06ed16efec68e3c31840d04a82c4b7a
6352fb0ad2f4dc2aa222aa554061fda3b68891aa3100484aced211428f10a0f8 | PEiD..: - | TrID..: File type identification
Win32 EXE Yoda's Crypter (56.9%)
Win32 Executable Generic (18.2%)
Win32 Dynamic Link Library (generic) (16.2%)
Generic Win/DOS Executable (4.2%)
DOS Executable Generic (4.2%) | PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4010b8
timedatestamp.....: 0x48365b55 (Fri May 23 05:51:17 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.packed 0x1000 0x2a000 0x28870 6.81 0e099acf6d56d1eea95a92f6866a96d1
.RLPack 0x2b000 0x1e000 0x1d29c 7.79 c3f52bc6d3e564f3ac50cedbd325435b
.dswlab 0x49000 0x1000 0xc2 4.43 b86e8416e52329bc5bfe298c8da7197f
( 1 imports )
> MSVBVM60.DLL: MethCallEngine, -, -, -, -, -, EVENT_SINK_AddRef, DllFunctionCall, EVENT_SINK_Release, -, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, ProcCallEngine, -, -
( 0 exports )
|
|