我的红伞就是这样死掉的。。。。
文件 wmcodec_update.exe 接收于 2008.09.04 17:10:54 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止 结果: 9/35 (25.72%)
反病毒引擎 | 版本 | 最后更新 | 扫描结果 | AhnLab-V3 | 2008.9.4.2 | 2008.09.04 | - | AntiVir | 7.8.1.28 | 2008.09.04 | - | Authentium | 5.1.0.4 | 2008.09.03 | - | Avast | 4.8.1195.0 | 2008.09.04 | - | AVG | 8.0.0.161 | 2008.09.04 | - | BitDefender | 7.2 | 2008.09.04 | Trojan.Zlob.CQW | CAT-QuickHeal | 9.50 | 2008.09.02 | Backdoor.Small.fax | ClamAV | 0.93.1 | 2008.09.04 | Trojan.FakeAlert-566 | DrWeb | 4.44.0.09170 | 2008.09.04 | - | eSafe | 7.0.17.0 | 2008.09.03 | - | eTrust-Vet | 31.6.6069 | 2008.09.04 | - | Ewido | 4.0 | 2008.09.03 | - | F-Prot | 4.4.4.56 | 2008.09.03 | - | F-Secure | 8.0.14332.0 | 2008.09.04 | - | Fortinet | 3.14.0.0 | 2008.09.03 | - | GData | 19 | 2008.09.04 | - | Ikarus | T3.1.1.34.0 | 2008.09.04 | Virus.Trojan.Win32.BHO.egw | K7AntiVirus | 7.10.441 | 2008.09.04 | Trojan-Downloader.Win32.Agent.hec | Kaspersky | 7.0.0.125 | 2008.09.04 | - | McAfee | 5376 | 2008.09.03 | - | Microsoft | 1.3903 | 2008.09.04 | Trojan:Win32/Zlob.AR | NOD32v2 | 3415 | 2008.09.04 | - | Norman | 5.80.02 | 2008.09.04 | Malware.DJFR | Panda | 9.0.0.4 | 2008.09.03 | - | PCTools | 4.4.2.0 | 2008.09.04 | - | Prevx1 | V2 | 2008.09.04 | - | Rising | 20.60.31.00 | 2008.09.04 | - | Sophos | 4.33.0 | 2008.09.04 | Mal/FakeAV-D | Sunbelt | 3.1.1582.1 | 2008.09.02 | - | Symantec | 10 | 2008.09.04 | - | TheHacker | 6.3.0.8.072 | 2008.09.04 | Backdoor/Small.foh | TrendMicro | 8.700.0.1004 | 2008.09.04 | - | ViRobot | 2008.9.4.1363 | 2008.09.04 | - | VirusBuster | 4.5.11.0 | 2008.09.04 | - | Webwasher-Gateway | 6.6.2 | 2008.09.04 | - |
附加信息 | File size: 122390 bytes | MD5...: d196cad67ddc4d572ca56c5efda33893 | SHA1..: f208fa9c2268cec5a9379e606e67d7ce3431b28c | SHA256: e350401f32201f08b73a44ec6e259bbec559903c8cb0a9be42e2fcf7265ab744 | SHA512: 00a88409e4555c153cfd46e40ca19b046e1b66a84e57a9a5d0faebe6a2842157
ca0d837c69e113bde210003a8bdb739fbbd34b929769dc528391ff25e495b098 | PEiD..: - | TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) | PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4030ed
timedatestamp.....: 0x473efc39 (Sat Nov 17 14:35:37 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b22 0x5c00 6.47 fb692891d6592365eb18f6b3bbfa5d2e
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25cb8 0x400 5.12 c5c4701871042863b95b9217c002c503
.ndata 0x2f000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x39000 0x6c8 0x800 2.92 f6366612209bf47196d50e045e245de9
( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
( 0 exports )
|
第2次更新 样本
文件 wmcodec_update_1_.exe 接收于 2008.09.04 17:43:32 (CET)
当前状态: 正在读取 ... 队列中 等待中 扫描中 完成 未发现 停止
结果: 9/36 (25%)
反病毒引擎 | 版本 | 最后更新 | 扫描结果 | AhnLab-V3 | 2008.9.4.2 | 2008.09.04 | - | AntiVir | 7.8.1.28 | 2008.09.04 | - | Authentium | 5.1.0.4 | 2008.09.03 | - | Avast | 4.8.1195.0 | 2008.09.04 | - | AVG | 8.0.0.161 | 2008.09.04 | - | BitDefender | 7.2 | 2008.09.04 | Trojan.Zlob.CQW | CAT-QuickHeal | 9.50 | 2008.09.02 | Backdoor.Small.fax | ClamAV | 0.93.1 | 2008.09.04 | Trojan.FakeAlert-566 | DrWeb | 4.44.0.09170 | 2008.09.04 | - | eSafe | 7.0.17.0 | 2008.09.03 | - | eTrust-Vet | 31.6.6069 | 2008.09.04 | - | Ewido | 4.0 | 2008.09.04 | - | F-Prot | 4.4.4.56 | 2008.09.03 | - | F-Secure | 8.0.14332.0 | 2008.09.04 | - | Fortinet | 3.14.0.0 | 2008.09.03 | - | GData | 19 | 2008.09.04 | - | Ikarus | T3.1.1.34.0 | 2008.09.04 | Virus.Trojan.Win32.BHO.egw | K7AntiVirus | 7.10.441 | 2008.09.04 | Trojan-Downloader.Win32.Agent.hec | Kaspersky | 7.0.0.125 | 2008.09.04 | - | McAfee | 5376 | 2008.09.03 | - | Microsoft | 1.3903 | 2008.09.04 | Trojan:Win32/Zlob.AR | NOD32v2 | 3415 | 2008.09.04 | - | Norman | 5.80.02 | 2008.09.04 | Malware.DJFR | Panda | 9.0.0.4 | 2008.09.03 | - | PCTools | 4.4.2.0 | 2008.09.04 | - | Prevx1 | V2 | 2008.09.04 | - | Rising | 20.60.31.00 | 2008.09.04 | - | Sophos | 4.33.0 | 2008.09.04 | Mal/FakeAV-D | Sunbelt | 3.1.1582.1 | 2008.09.02 | - | Symantec | 10 | 2008.09.04 | - | TheHacker | 6.3.0.8.072 | 2008.09.04 | Backdoor/Small.foh | TrendMicro | 8.700.0.1004 | 2008.09.04 | - | VBA32 | 3.12.8.5 | 2008.09.04 | - | ViRobot | 2008.9.4.1363 | 2008.09.04 | - | VirusBuster | 4.5.11.0 | 2008.09.04 | - | Webwasher-Gateway | 6.6.2 | 2008.09.04 | - |
附加信息 | File size: 122390 bytes | MD5...: 80663a2f5df83d84208ce7c5eab713fb | SHA1..: eca4e8bd329400f8532a5734d253d0e27d4e5310 | SHA256: 77eb6572f8db251c1fcf77c85a6e5199f6cc2443513feedb3e2de60db745cd79 | SHA512: 92c5825fad1ad89bec8ae1c72d1bc3840f181fc4db34286366f5504d4e1264a9
f1a06d18f88f02e0d7756414d58e88959add285a332a3b1da83a6d6f842e691a | PEiD..: - | TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) | PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4030ed
timedatestamp.....: 0x473efc39 (Sat Nov 17 14:35:37 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5b22 0x5c00 6.47 fb692891d6592365eb18f6b3bbfa5d2e
.rdata 0x7000 0x129c 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25cb8 0x400 5.12 c5c4701871042863b95b9217c002c503
.ndata 0x2f000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x39000 0x6c8 0x800 2.92 f6366612209bf47196d50e045e245de9
( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
( 0 exports )
|
[ 本帖最后由 molicn 于 2008-9-4 23:45 编辑 ] |