 | Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... |
[size=0.9em]0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
KiaoBoSetup.exe
Submission date:
2010-10-09 08:55:14 (UTC)
Current status:
queued queued analysing finished
Result:
12/ 43 (27.9%)
| VT Community
[size=0.8em]not reviewed
[size=0.8em] Safety score: - |
| Antivirus | Version | Last Update | Result | | AhnLab-V3 | 2010.10.09.00 | 2010.10.08 | - | | AntiVir | 7.10.12.167 | 2010.10.08 | TR/Downloader.Gen | | Antiy-AVL | 2.0.3.7 | 2010.10.09 | - | | Authentium | 5.2.0.5 | 2010.10.09 | - | | Avast | 4.8.1351.0 | 2010.10.09 | - | | Avast5 | 5.0.594.0 | 2010.10.09 | - | | AVG | 9.0.0.851 | 2010.10.08 | - | | BitDefender | 7.2 | 2010.10.09 | - | | CAT-QuickHeal | 11.00 | 2010.10.08 | - | | ClamAV | 0.96.2.0-git | 2010.10.09 | Trojan.Downloader-84425 | | Comodo | 6327 | 2010.10.09 | Heur.Suspicious | | DrWeb | 5.0.2.03300 | 2010.10.09 | - | | Emsisoft | 5.0.0.50 | 2010.10.09 | Trojan.Win32.Pasta.ls!A2 | | eSafe | 7.0.17.0 | 2010.10.07 | - | | eTrust-Vet | 36.1.7901 | 2010.10.08 | - | | F-Prot | 4.6.2.117 | 2010.10.08 | W32/Blocker-based!Maximus | | F-Secure | 9.0.15370.0 | 2010.10.09 | Suspicious:W32/Malware!Gemini | | Fortinet | 4.2.249.0 | 2010.10.09 | - | | GData | 21 | 2010.10.09 | - | | Ikarus | T3.1.1.90.0 | 2010.10.09 | - | | Jiangmin | 13.0.900 | 2010.10.09 | - | | K7AntiVirus | 9.65.2707 | 2010.10.08 | - | | Kaspersky | 7.0.0.125 | 2010.10.09 | - | | McAfee | 5.400.0.1158 | 2010.10.09 | - | | McAfee-GW-Edition | 2010.1C | 2010.10.08 | Heuristic.BehavesLike.Win32.Suspicious.L | | Microsoft | 1.6201 | 2010.10.09 | - | | NOD32 | 5516 | 2010.10.08 | - | | Norman | 6.06.07 | 2010.10.09 | W32/StartPage.WTF | | nProtect | 2010-10-09.01 | 2010.10.09 | - | | Panda | 10.0.2.7 | 2010.10.09 | - | | PCTools | 7.0.3.5 | 2010.10.09 | - | | Prevx | 3.0 | 2010.10.09 | Medium Risk Malware | | Rising | 22.68.05.00 | 2010.10.09 | - | | Sophos | 4.58.0 | 2010.10.09 | Address Tool Bar | | Sunbelt | 7021 | 2010.10.09 | Trojan.Win32.Generic!BT | | SUPERAntiSpyware | 4.40.0.1006 | 2010.10.09 | Trojan.Agent/Gen-StartPage | | Symantec | 20101.2.0.161 | 2010.10.09 | - | | TheHacker | 6.7.0.1.053 | 2010.10.08 | - | | TrendMicro | 9.120.0.1004 | 2010.10.08 | - | | TrendMicro-HouseCall | 9.120.0.1004 | 2010.10.09 | - | | VBA32 | 3.12.14.1 | 2010.10.08 | - | | ViRobot | 2010.9.25.4060 | 2010.10.09 | - | | VirusBuster | 12.67.9.0 | 2010.10.08 | - |
Additional information
Show all
| | MD5 : 8eb4c3a6912209615bc18e5fdab6413e | | SHA1 : af0e8aa4849545dff7de0d4aa402aa0ade378d03 | | SHA256: 305456211696a48262dd425d8429942bf27d681e1398a10b157b2c8dc2508061 | | ssdeep: 98304:5YWmR1fjhoBL0qFKcuJCza3Ge2TA9uaZQ/SgBNxeCnHNzTH:5JBL028SUuaMSgnPHZH | | File size : 4352801 bytes | | First seen: 2010-10-09 08:55:14 | | Last seen : 2010-10-09 08:55:14 | TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%) | sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
| | packers (F-Prot): NSIS, UTF-8 | | packers (Kaspersky): Swf2Swc, Swf2Swc, Swf2Swc, Swf2Swc, Swf2Swc | PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x3150
timedatestamp....: 0x4A3AB2AC (Thu Jun 18 21:33:32 2009)
machinetype......: 0x14c (I386)
[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x5DC4, 0x5E00, 6.51, edf99746478ec4f22d3f839540b0378e
.rdata, 0x7000, 0x129C, 0x1400, 5.05, e1b381c03cad2ee5a1d8b8d88a277d84
.data, 0x9000, 0x25C58, 0x400, 4.80, 72224490b487b215a4fcfaa7237504f6
.ndata, 0x2F000, 0x9000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.rsrc, 0x38000, 0x90E8, 0x9200, 5.02, 1f16946affd9af70dbd5219706ecb769
[[ 8 import(s) ]]
KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
| Prevx Info:
http://info.prevx.com/aboutprogramtext.asp?PX5=72BDE032214371F26B9542AFDDC07800851F1489 | ExifTool:
file metadata
CodeSize: 24064
EntryPoint: 0x3150
FileSize: 4.2 MB
FileType: Win32 EXE
ImageVersion: 6.0
InitializedDataSize: 164864
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2009:06:18 23:33:32+02:00
UninitializedDataSize: 1024
[/td][/td] | | Symantec reputation:Suspicious.Insight |
VT Community
|
发表于 2010-10-7 19:47:56
