Folder comes with the .exe tail? Originally, ms-dos.com, fonts.exe, default.exe, helphost.com, etc.
Original endurer
1st
(Continued 1)
Malicious program information
File Description: D:/auto.exe
Property: -- HR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 16:28:13
Modification time: 4:43:36
Size: 33276 bytes, 32.508 KB
MD5: 83db0cdad746f7d8eb4f156f63d54a91
Sha1: 9c582652b022bd405252787dbc4a118c8050ca0d
CRC32: 508dc527
File Description: D:/MS-DOS.com
Attribute: ashr
Digital Signature: No
PE file: Yes
Language: English (USA)
File version: 1.00
Product: 1.00
Product Name: XXX
Internal name: Global
Source File Name: global.exe
Creation Time: 13:16:58
Modification time: 8:32:58
Size: 225280 bytes, 220.0 KB
MD5: a7bb6a24ad4ef53dc6f57d7fe5a9293f
Sha1: 98ec003cbe71cb1fdff87e72e04760bfde954b59
CRC32: 8b782321
File Description: D:/msdos. bat
Attribute: ashr
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modified on: 10:12:14
Size: 9032 bytes, 8.840 KB
MD5: 476f8ba41f54238ba132dec7b6c0b183
Sha1: 75a61f3005fc450bc3da8e3feb71d4670b7aae01
CRC32: c8c1af3b
File Description: C:/Windows/system32/0f7593/742f8d. exe
Property:-SHR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 17:24:51
Modification time: 17:24:52
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845
File Description: J:/ .exe
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file Description: J:/notepad.exe
Property:-SHR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file Description: J:/ .exe
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file ____________ .exe received at 10:34:24 (CET) Result: 32/39 (82.06%)
Anti-Virus engine |
Version |
Last update |
Scan results |
A-squared |
4.0.0.93 |
2009.02.18 |
Trojan. peed! Ik |
AhnLab-V3 |
2009.2.17.2 |
2009.02.18 |
Win-Trojan/xema. Variant |
AntiVir |
7.9.0.83 |
2009.02.18 |
TR/dropper. gen |
Authentium |
5.1.0.4 |
2009.02.18 |
W32/NUJ. A. Gen! Eldorado |
Avast |
4.8.1335.0 |
2009.02.17 |
Win32: spyware-gen |
AVG |
8.0.0.237 |
2009.02.17 |
Downloader. generic7.axcs |
BitDefender |
7.2 |
2009.02.18 |
Trojan. Spy. Agent. nxs |
Cat-quickheal |
10.00 |
2009.02.18 |
Trojandownloader. VB. icv |
ClamAV |
0.94.1 |
2009.02.18 |
Trojan Downloader-64424 |
Comodo |
982 |
2009.02.17 |
Trojware. win32.trojandownloader. VB. icv |
Drweb |
4.44.0.09170 |
2009.02.18 |
- |
Esafe |
7.0.20. |
2009.02.17 |
Win32.vb. icv |
ETrust-vet |
31.6.6363 |
2009.02.18 |
Win32/NUJ. dd |
F-Prot |
4.4.4.56 |
2009.02.17 |
W32/NUJ. A. Gen! Eldorado |
F-Secure |
8.0.14470.0 |
2009.02.18 |
Trojan-Downloader.Win32.VB.icv |
Fortinet |
3.117.0.0 |
2009.02.18 |
W32/Vb. icv! Tr. dldr |
Gdata |
19 |
2009.02.18 |
Trojan. Spy. Agent. nxs |
Ikarus |
T3.1.1.45.0 |
2009.02.18 |
Trojan. peed |
K7antivirus |
7.10.582 |
2009.01.09 |
Trojan-Downloader.Win32.VB.icv |
Kaspersky |
7.0.0.125 |
2009.02.18 |
Trojan-Downloader.Win32.VB.icv |
McAfee |
5529 |
2009.02.17 |
W32/Autorun. worm. DQ. gen |
McAfee + Artemis |
5529 |
2009.02.17 |
W32/Autorun. worm. DQ. gen |
Microsoft |
1.4306 |
2009.02.18 |
Trojandropper: Win32/regul |
NOD32 |
3863 |
2009.02.18 |
Probably a variant of Win32/trojandownloader. VB |
Norman |
6.00.06 |
2009.02.17 |
- |
Nprotect |
2009.1.8.0 |
2009.02.18 |
Trojan-downloader/w32.agent. 1512912 |
Panda |
9.4.3.20 |
2009.02.18 |
- |
Pctools |
4.4.2.0 |
2009.02.17 |
- |
Prevx1 |
V2 |
2009.02.18 |
- |
Rising |
21.17.21.00 |
2009.02.18 |
Worm. win32.autorun. eyr |
Secureweb-Gateway |
6.7.6 |
2009.02.18 |
Trojan. dropper. gen |
Sophos |
4.38.0 |
2009.02.18 |
Mal/encpk-GF |
Sunbelt |
3.2.1855.2 |
2009.02.17 |
Trojan-Downloader.Win32.VB.icv |
Symantec |
10 |
2009.02.18 |
W32.sillyfdc |
Thehacker |
6.3.2.2.259 |
2009.02.18 |
Trojan/Downloader. VB. icv |
TrendMicro |
8.700.0.1004 |
2009.02.18 |
- |
Vba32 |
3.12.8.13 |
2009.02.18 |
Trojan-Downloader.Win32.VB.icv |
ViRobot |
2009.2.18.1612 |
2009.02.18 |
Trojan. win32.downloader. 1512912. |
Virusbuster |
4.5.11.0 |
2009.02.17 |
- |
Additional information |
File Size: 1512912 bytes |
Md5...: f9ed6efacd6ccab81f4d27dff442ad4b |
Sha1..: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615 |
Sha256: 96543093ce6a7ee65e2eb84e164bbc4d0f373b528f15a48099189da93442a350 |
Sha512: sha512 Bytes |
Ssdeep: 24576: hjlihsfzgxsash/j2wsvidghedhgudumvhhybe9ml1k: huikkav0ghexgu Ashhkdlk |
Peid ..:- |
TRID...: file type identification Win32 executable ms visual c ++ (generic) (62.9%) Win32 executable generic (14.2%) Win32 dynamic link library (generic) (0, 12.6%) Clipper dos executable (3.3%) Generic win/DOS executable (3.3%) |
Peinfo: PE Structure Information (Base data) Entrypointaddress.: 0x40130b Timedatestamp .....: 0x59bffa3 (Mon Dec 25 05:33:23 1972) Machinetype ......: 0x14c (i386) (5 sections) Name viradd virsiz rawdsiz ntrpy MD5 . Text 0x1000 0x51bc 0x6000 6.97 a3f72f28b9891ecd2a2d700417ae796 . RDATA 0x7000 0xa4a 0x1000 3.58 777ac25ec7bba2eed5c97e65e8a812c4 . DATA 0x8000 0x1f58 0x2000 4.64 c1958dc4ce1baa3a901f8f445648ceca . Data 0xa000 0x1e000 0x1e000 6.96 dbc8adc0f20074a6b450b65cbbced4f4 . Rsrc 0x28000 0x45b8 0x5000 3.31 648c3a5969b0f4793aef2b2434130798 (2 imports) > Metadata: delimiter, loadlibrarya, closehandle, writefile, createdirectorya, gettemppatha, readfile, setfilepointer, createfilea, delimiter, heapalloc, heapfree, delimiter, delimiter, getcommandlinea, getversion, exitprocess, commit, heapcreate, virtualfree, virtualalloc, heaprealloc, terminateprocess, getcurrentprocess, partial, sethandlecount, getstdhandle, getfiletype, rtlunwind, getcpinfo, getacp, getoemcp, multibytetowidechar, getstringtypew > User32.dll: messageboxa, wsprintfa (0 exports) |
Cwsandbox info: <a href = 'HTTP: // research.sunbelt-software.com/partnerresource/md5.aspx? MD5 = f9ed6efacd6ccab81f4d27dff442ad4b 'target = '_ blank'> http://research.sunbelt-software.com/partnerresource/MD5.aspx? MD5 = f9ed6efacd6ccab81f4d27dff442ad4b </a> |