Folder comes with the .exe tail? Originally, ms-dos.com, fonts.exe, default.exe, helphost.com, etc.

Source: Internet
Author: User
Tags crc32 sha1

Folder comes with the .exe tail? Originally, ms-dos.com, fonts.exe, default.exe, helphost.com, etc.

 

Original endurer
1st

 

(Continued 1)

 

Malicious program information

 

File Description: D:/auto.exe
Property: -- HR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 16:28:13
Modification time: 4:43:36
Size: 33276 bytes, 32.508 KB
MD5: 83db0cdad746f7d8eb4f156f63d54a91
Sha1: 9c582652b022bd405252787dbc4a118c8050ca0d
CRC32: 508dc527

 

File Description: D:/MS-DOS.com
Attribute: ashr
Digital Signature: No
PE file: Yes
Language: English (USA)
File version: 1.00
Product: 1.00
Product Name: XXX
Internal name: Global
Source File Name: global.exe
Creation Time: 13:16:58
Modification time: 8:32:58
Size: 225280 bytes, 220.0 KB
MD5: a7bb6a24ad4ef53dc6f57d7fe5a9293f
Sha1: 98ec003cbe71cb1fdff87e72e04760bfde954b59
CRC32: 8b782321

 

File Description: D:/msdos. bat
Attribute: ashr
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time:
Modified on: 10:12:14
Size: 9032 bytes, 8.840 KB
MD5: 476f8ba41f54238ba132dec7b6c0b183
Sha1: 75a61f3005fc450bc3da8e3feb71d4670b7aae01
CRC32: c8c1af3b

 

File Description: C:/Windows/system32/0f7593/742f8d. exe
Property:-SHR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 17:24:51
Modification time: 17:24:52
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845

File Description: J:/ .exe
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file Description: J:/notepad.exe
Property:-SHR
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file Description: J:/ .exe
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 11:49:47
Modification time: 11:49:47
Size: 1512912 bytes 1.453 MB
MD5: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
CRC32: 4ceea845 file ____________ .exe received at 10:34:24 (CET) Result: 32/39 (82.06%)

Anti-Virus engine Version Last update Scan results
A-squared 4.0.0.93 2009.02.18 Trojan. peed! Ik
AhnLab-V3 2009.2.17.2 2009.02.18 Win-Trojan/xema. Variant
AntiVir 7.9.0.83 2009.02.18 TR/dropper. gen
Authentium 5.1.0.4 2009.02.18 W32/NUJ. A. Gen! Eldorado
Avast 4.8.1335.0 2009.02.17 Win32: spyware-gen
AVG 8.0.0.237 2009.02.17 Downloader. generic7.axcs
BitDefender 7.2 2009.02.18 Trojan. Spy. Agent. nxs
Cat-quickheal 10.00 2009.02.18 Trojandownloader. VB. icv
ClamAV 0.94.1 2009.02.18 Trojan Downloader-64424
Comodo 982 2009.02.17 Trojware. win32.trojandownloader. VB. icv
Drweb 4.44.0.09170 2009.02.18 -
Esafe 7.0.20. 2009.02.17 Win32.vb. icv
ETrust-vet 31.6.6363 2009.02.18 Win32/NUJ. dd
F-Prot 4.4.4.56 2009.02.17 W32/NUJ. A. Gen! Eldorado
F-Secure 8.0.14470.0 2009.02.18 Trojan-Downloader.Win32.VB.icv
Fortinet 3.117.0.0 2009.02.18 W32/Vb. icv! Tr. dldr
Gdata 19 2009.02.18 Trojan. Spy. Agent. nxs
Ikarus T3.1.1.45.0 2009.02.18 Trojan. peed
K7antivirus 7.10.582 2009.01.09 Trojan-Downloader.Win32.VB.icv
Kaspersky 7.0.0.125 2009.02.18 Trojan-Downloader.Win32.VB.icv
McAfee 5529 2009.02.17 W32/Autorun. worm. DQ. gen
McAfee + Artemis 5529 2009.02.17 W32/Autorun. worm. DQ. gen
Microsoft 1.4306 2009.02.18 Trojandropper: Win32/regul
NOD32 3863 2009.02.18 Probably a variant of Win32/trojandownloader. VB
Norman 6.00.06 2009.02.17 -
Nprotect 2009.1.8.0 2009.02.18 Trojan-downloader/w32.agent. 1512912
Panda 9.4.3.20 2009.02.18 -
Pctools 4.4.2.0 2009.02.17 -
Prevx1 V2 2009.02.18 -
Rising 21.17.21.00 2009.02.18 Worm. win32.autorun. eyr
Secureweb-Gateway 6.7.6 2009.02.18 Trojan. dropper. gen
Sophos 4.38.0 2009.02.18 Mal/encpk-GF
Sunbelt 3.2.1855.2 2009.02.17 Trojan-Downloader.Win32.VB.icv
Symantec 10 2009.02.18 W32.sillyfdc
Thehacker 6.3.2.2.259 2009.02.18 Trojan/Downloader. VB. icv
TrendMicro 8.700.0.1004 2009.02.18 -
Vba32 3.12.8.13 2009.02.18 Trojan-Downloader.Win32.VB.icv
ViRobot 2009.2.18.1612 2009.02.18 Trojan. win32.downloader. 1512912.
Virusbuster 4.5.11.0 2009.02.17 -
Additional information
File Size: 1512912 bytes
Md5...: f9ed6efacd6ccab81f4d27dff442ad4b
Sha1..: 1a5d72751ec0c68caf5c7aed7c858cf76e0d4615
Sha256: 96543093ce6a7ee65e2eb84e164bbc4d0f373b528f15a48099189da93442a350
Sha512: sha512
Bytes
Ssdeep: 24576: hjlihsfzgxsash/j2wsvidghedhgudumvhhybe9ml1k: huikkav0ghexgu
Ashhkdlk
Peid ..:-
TRID...: file type identification
Win32 executable ms visual c ++ (generic) (62.9%)
Win32 executable generic (14.2%)
Win32 dynamic link library (generic) (0, 12.6%)
Clipper dos executable (3.3%)
Generic win/DOS executable (3.3%)
Peinfo: PE Structure Information

(Base data)
Entrypointaddress.: 0x40130b
Timedatestamp .....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)
Machinetype ......: 0x14c (i386)

(5 sections)
Name viradd virsiz rawdsiz ntrpy MD5
. Text 0x1000 0x51bc 0x6000 6.97 a3f72f28b9891ecd2a2d700417ae796
. RDATA 0x7000 0xa4a 0x1000 3.58 777ac25ec7bba2eed5c97e65e8a812c4
. DATA 0x8000 0x1f58 0x2000 4.64 c1958dc4ce1baa3a901f8f445648ceca
. Data 0xa000 0x1e000 0x1e000 6.96 dbc8adc0f20074a6b450b65cbbced4f4
. Rsrc 0x28000 0x45b8 0x5000 3.31 648c3a5969b0f4793aef2b2434130798

(2 imports)
> Metadata: delimiter, loadlibrarya, closehandle, writefile, createdirectorya, gettemppatha, readfile, setfilepointer, createfilea, delimiter, heapalloc, heapfree, delimiter, delimiter, getcommandlinea, getversion, exitprocess, commit, heapcreate, virtualfree, virtualalloc, heaprealloc, terminateprocess, getcurrentprocess, partial, sethandlecount, getstdhandle, getfiletype, rtlunwind, getcpinfo, getacp, getoemcp, multibytetowidechar, getstringtypew
> User32.dll: messageboxa, wsprintfa

(0 exports)

Cwsandbox info: <a href = 'HTTP: // research.sunbelt-software.com/partnerresource/md5.aspx? MD5 = f9ed6efacd6ccab81f4d27dff442ad4b 'target = '_ blank'> http://research.sunbelt-software.com/partnerresource/MD5.aspx? MD5 = f9ed6efacd6ccab81f4d27dff442ad4b </a>

 

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.