Folder comes with the .exe tail? Originally, ms-dos.com, fonts.exe, default.exe, helphost.com, etc.

Last Update:2018-12-05 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Original endurer
1st

(Continued 1)

Malicious program information

File Description: D:/auto.exe
Property: -- HR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 16:28:13
Modification time: 4:43:36
Size: 33276 bytes, 32.508 KB
MD5: 83db0cdad746f7d8eb4f156f63d54a91
Sha1: 9c582652b022bd405252787dbc4a118c8050ca0d
CRC32: 508dc527

File Description: D:/MS-DOS.com
Attribute: ashr
Digital Signature: No
PE file: Yes
Language: English (USA)
File version: 1.00
Product: 1.00
Product Name: XXX
Internal name: Global
Source File Name: global.exe
Creation Time: 13:16:58
Modification time: 8:32:58
Size: 225280 bytes, 220.0 KB
MD5: a7bb6a24ad4ef53dc6f57d7fe5a9293f
Sha1: 98ec003cbe71cb1fdff87e72e04760bfde954b59
CRC32: 8b782321

File Description: D:/msdos. bat
Attribute: ashr
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modified on: 10:12:14
Size: 9032 bytes, 8.840 KB
MD5: 476f8ba41f54238ba132dec7b6c0b183
Sha1: 75a61f3005fc450bc3da8e3feb71d4670b7aae01
CRC32: c8c1af3b

File Description: C:/Windows/system32/0f7593/742f8d. exe
Property:-SHR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 17:24:51
Modification time: 17:24:52
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845

File Description: J:/ .exe
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file Description: J:/notepad.exe
Property:-SHR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file Description: J:/ .exe
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file ____________ .exe received at 10:34:24 (CET) Result: 32/39 (82.06%)

Anti-Virus engine	Version	Last update	Scan results
A-squared	4.0.0.93	2009.02.18	Trojan. peed! Ik
AhnLab-V3	2009.2.17.2	2009.02.18	Win-Trojan/xema. Variant
AntiVir	7.9.0.83	2009.02.18	TR/dropper. gen
Authentium	5.1.0.4	2009.02.18	W32/NUJ. A. Gen! Eldorado
Avast	4.8.1335.0	2009.02.17	Win32: spyware-gen
AVG	8.0.0.237	2009.02.17	Downloader. generic7.axcs
BitDefender	7.2	2009.02.18	Trojan. Spy. Agent. nxs
Cat-quickheal	10.00	2009.02.18	Trojandownloader. VB. icv
ClamAV	0.94.1	2009.02.18	Trojan Downloader-64424
Comodo	982	2009.02.17	Trojware. win32.trojandownloader. VB. icv
Drweb	4.44.0.09170	2009.02.18	-
Esafe	7.0.20.	2009.02.17	Win32.vb. icv
ETrust-vet	31.6.6363	2009.02.18	Win32/NUJ. dd
F-Prot	4.4.4.56	2009.02.17	W32/NUJ. A. Gen! Eldorado
F-Secure	8.0.14470.0	2009.02.18	Trojan-Downloader.Win32.VB.icv
Fortinet	3.117.0.0	2009.02.18	W32/Vb. icv! Tr. dldr
Gdata	19	2009.02.18	Trojan. Spy. Agent. nxs
Ikarus	T3.1.1.45.0	2009.02.18	Trojan. peed
K7antivirus	7.10.582	2009.01.09	Trojan-Downloader.Win32.VB.icv
Kaspersky	7.0.0.125	2009.02.18	Trojan-Downloader.Win32.VB.icv
McAfee	5529	2009.02.17	W32/Autorun. worm. DQ. gen
McAfee + Artemis	5529	2009.02.17	W32/Autorun. worm. DQ. gen
Microsoft	1.4306	2009.02.18	Trojandropper: Win32/regul
NOD32	3863	2009.02.18	Probably a variant of Win32/trojandownloader. VB
Norman	6.00.06	2009.02.17	-
Nprotect	2009.1.8.0	2009.02.18	Trojan-downloader/w32.agent. 1512912
Panda	9.4.3.20	2009.02.18	-
Pctools	4.4.2.0	2009.02.17	-
Prevx1	V2	2009.02.18	-
Rising	21.17.21.00	2009.02.18	Worm. win32.autorun. eyr
Secureweb-Gateway	6.7.6	2009.02.18	Trojan. dropper. gen
Sophos	4.38.0	2009.02.18	Mal/encpk-GF
Sunbelt	3.2.1855.2	2009.02.17	Trojan-Downloader.Win32.VB.icv
Symantec	10	2009.02.18	W32.sillyfdc
Thehacker	6.3.2.2.259	2009.02.18	Trojan/Downloader. VB. icv
TrendMicro	8.700.0.1004	2009.02.18	-
Vba32	3.12.8.13	2009.02.18	Trojan-Downloader.Win32.VB.icv
ViRobot	2009.2.18.1612	2009.02.18	Trojan. win32.downloader. 1512912.
Virusbuster	4.5.11.0	2009.02.17	-

Additional information
File Size: 1512912 bytes
Md5...: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1..: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
Sha256: 96543093ce6a7ee65e2eb84e164bbc4d0f373b528f15a48099189da93442a350
Sha512: sha512 Bytes
Ssdeep: 24576: hjlihsfzgxsash/j2wsvidghedhgudumvhhybe9ml1k: huikkav0ghexgu Ashhkdlk
Peid ..:-
TRID...: file type identification Win32 executable ms visual c ++ (generic) (62.9%) Win32 executable generic (14.2%) Win32 dynamic link library (generic) (0, 12.6%) Clipper dos executable (3.3%) Generic win/DOS executable (3.3%)
Peinfo: PE Structure Information (Base data) Entrypointaddress.: 0x40130b Timedatestamp .....: 0x59bffa3 (Mon Dec 25 05:33:23 1972) Machinetype ......: 0x14c (i386) (5 sections) Name viradd virsiz rawdsiz ntrpy MD5 . Text 0x1000 0x51bc 0x6000 6.97 a3f72f28b9891ecd2a2d700417ae796 . RDATA 0x7000 0xa4a 0x1000 3.58 777ac25ec7bba2eed5c97e65e8a812c4 . DATA 0x8000 0x1f58 0x2000 4.64 c1958dc4ce1baa3a901f8f445648ceca . Data 0xa000 0x1e000 0x1e000 6.96 dbc8adc0f20074a6b450b65cbbced4f4 . Rsrc 0x28000 0x45b8 0x5000 3.31 648c3a5969b0f4793aef2b2434130798 (2 imports) > Metadata: delimiter, loadlibrarya, closehandle, writefile, createdirectorya, gettemppatha, readfile, setfilepointer, createfilea, delimiter, heapalloc, heapfree, delimiter, delimiter, getcommandlinea, getversion, exitprocess, commit, heapcreate, virtualfree, virtualalloc, heaprealloc, terminateprocess, getcurrentprocess, partial, sethandlecount, getstdhandle, getfiletype, rtlunwind, getcpinfo, getacp, getoemcp, multibytetowidechar, getstringtypew > User32.dll: messageboxa, wsprintfa (0 exports)
Cwsandbox info: <a href = 'HTTP: // research.sunbelt-software.com/partnerresource/md5.aspx? MD5 = f9ed6efacd6ccab81f4d27dff442ad4b 'target = '_ blank'> http://research.sunbelt-software.com/partnerresource/MD5.aspx? MD5 = f9ed6efacd6ccab81f4d27dff442ad4b </a>

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Folder comes with the .exe tail? Originally, ms-dos.com, fonts.exe, default.exe, helphost.com, etc.

Contact Us

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support