被感染的RkU3.8.341.552.rar 分析文件
结果: 7/36 (19.45%)
反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.11.14.0 2008.11.14 Win-Trojan/Downloader.28672.LH
AntiVir 7.9.0.31 2008.11.13 HEUR/Malware
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.14 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 Suspicious File
eTrust-Vet 31.6.6208 2008.11.13 -
Ewido 4.0 2008.11.13 -
F-Prot 4.4.4.56 2008.11.13 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.14 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.524 2008.11.13 -
Kaspersky 7.0.0.125 2008.11.14 -
McAfee 5433 2008.11.13 Downloader-BJK
Microsoft 1.4104 2008.11.14 -
NOD32 3612 2008.11.13 a variant of Win32/TrojanDownloader.Agent.UGC
Norman 5.80.02 2008.11.13 -
Panda 9.0.0.4 2008.11.14 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.14 -
Rising 21.03.40.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 Heuristic.Malware
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1785.2 2008.11.11 Backdoor.Win32.S (vf)
Symantec 10 2008.11.14 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.13 -
ViRobot 2008.11.14.1467 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.13 -
附加信息
File size: 167423 bytes
MD5...: 84b242af7d567f1705765a4d11ad6e25
SHA1..: f6e2cb97ae3c2b01b87d170a229bd36c2535b8f0
SHA256: ebe3c389a7fc1c99ce2fd9bb704f7780e81980b875d51690b03abf8aa991caa9
SHA512: 6eae8ae9995e79b317dde0550d8dc37293de96229da77dd4641514d0857b414a
ee0c855ddeec8c6f3f793c1a917ae2d66316b5999f2a72b23ebba18ef67ba07e
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Dynamic Link Library (generic) (54.7%)
Win32 Executable MS Visual FoxPro 7 (16.2%)
Generic Win/DOS Executable (14.4%)
DOS Executable Generic (14.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4031ef
timedatestamp.....: 0x491aa421 (Wed Nov 12 09:38:41 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x23fa 0x3000 5.23 925ad9f1fe932f836f1beb420aa3b9be
.rdata 0x4000 0xbf6 0x1000 4.15 960aa9b1d5845bec00a0f0c13d229307
.data 0x5000 0x8ad0 0x1000 0.24 68fe8900c2cd583413e0468443122c6c
.rsrc 0xe000 0xad0 0x1000 2.56 4e8bbde9c24adbc59a50b6c35ebf0448
( 4 imports )
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: time, __dllonexit, _onexit, __1type_info@@UAE@XZ, _exit, _XcptFilter, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _mbscmp, exit, rand, __CxxFrameHandler, fopen, fclose, fread, fwrite, getc, putc, _CxxThrowException, printf, _setmbcp, srand
> KERNEL32.dll: LockResource, SizeofResource, FindResourceA, SetFileAttributesA, EnumResourceNamesA, LoadLibraryExA, WinExec, DeleteFileA, Sleep, GetWindowsDirectoryA, GetModuleFileNameA, GetModuleHandleA, GetStartupInfoA, LoadResource
> USER32.dll: SendMessageA, FindWindowA, KillTimer, LookupIconIdFromDirectory, EnableWindow, LoadIconA, SetTimer |