The Mid-Autumn Festival is just around the corner"

In the past few days, a qyou sent me a file named "gift .rar" and had to receive it.

 

File Description: D:/gift .rar
Attribute: ---
Digital Signature: No
PE file: No
Creation Time: 19:58:11
Modification time: 19:58:14
Size: 228370 bytes, 223.18 KB
MD5: 0aeb9d71c978e070f90d95fe27317350
Sha1: 9a0aafee836a12e8aa6d6a024e3eb7d28c204f61
CRC32: ff1496d7

 

Decompress the package:

File Description: D:/gift/open a gift/open it again/Open It/then open/trust me, open it./do you think you are joking?/What else?/Haha/Are you feeling confused?/Do you think there is no end to it? /Are you disappointed? /The next one will be there! /Or not? /This time./Why Not! /This is the last layer./be prepared. Don't be excited !. EXE
Attribute: ---
Digital Signature: No
PE file: Yes
An error occurred while obtaining the file version information!
Creation Time: 19:59:34
Modification time: 15:35:34
Size: 916480 bytes, 895.0 KB
MD5: 38ca55c7c695e14bc80cfa46c80d64b3
Sha1: 86d38ad2070e5f1eefa040a2a3aabc21eb2e5a14
CRC32: f3441c43

 

A deep directory ~

 

 

This time is busy, no time to test, directly upload the compressed package to the http://www.virustotal.com scan, the results are as follows:

 

File Name:

Gift .rar

Submission date:

2010-09-16 14:20:36 (UTC)

Current status:

Queued Queued Analyzing Finished

Result:

12/43 (27.9%)

Antivirus	Version	Last update	Result
AhnLab-V3	2010.09.16.01	2010.09.16	-
AntiVir	8.2.4.52	2010.09.16	-
Antiy-AVL	2.0.3.7	2010.09.16	-
Authentium	5.2.0.5	2010.09.16	W32/joke. OA
Avast	4.8.1351.0	2010.09.16	-
Avast5	5.0.594.0	2010.09.16	-
AVG	9.0.0.851	2010.09.16	-
BitDefender	7.2	2010.09.16	-
Cat-quickheal	11.00	2010.09.16	-
ClamAV	0.96.2.0-Git	2010.09.16	Trojan Downloader-20749
Comodo	6097	2010.09.16	Trojware. win32.trojan. chifrax .~ A
Drweb	5.0.2.03300	2010.09.16	-
Emsisoft	5.0.0.37	2010.09.16	-
Esafe	7.0.20.	2010.09.15	Win32.backdoor. grayb
ETrust-vet	36.1.7859	2010.09.16	-
F-Prot	4.6.1.107	2010.09.16	W32/joke. OA
F-Secure	9.0.15370.0	2010.09.16	-
Fortinet	4.1.143.0	2010.09.16	Joke/screenroses
Gdata	21	2010.09.16	-
Ikarus	T3.1.1.88.0	2010.09.16	-
Jiangmin	13.0.900	2010.09.16	-
K7antivirus	9.63.2522	2010.09.15	Jokeprogram
Kaspersky	7.0.0.125	2010.09.16	-
McAfee	5.400.0.1158	2010.09.16	-
McAfee-GW-Edition	2010.1c	2010.09.16	-
Microsoft	1.6103	2010.09.16	-
NOD32	5455	2010.09.16	Probably a variant of Win32/agent. koqbdxw
Norman	6.06.06	2010.09.15	Suspicious_gen2.adgoq
Nprotect	September 2010-09-16.02	2010.09.16	-
Panda	10.0.2.7	2010.09.16	-
Pctools	7.0.3.5	2010.09.16	-
Prevx	3.0	2010.09.16	High risk Worm
Rising	22.65.03.04	2010.09.16	Trojan. win32.generic. 522a7a89
Sophos	4.57.0	2010.09.16	-
Sunbelt	6882	2010.09.16	-
SUPERAntiSpyware	4.40.0.1006	2010.09.16	-
Symantec	20101.1.1.7	2010.09.16	Joke. rosenu
Thehacker	6.7.0.0.020	2010.09.16	-
TrendMicro	9.120.0.1004	2010.09.16	-
TrendMicro-housecall	9.120.0.1004	2010.09.16	-
Vba32	3.12.14.0	2010.09.16	-
ViRobot	2010.8.25.4006	2010.09.16	-
Virusbuster	12.65.9.0	2010.09.16	-

Additional informationShow all
MD5:0aeb9d71c978e070f90d95fe27317350
Sha1:9a0aafee836a12e8aa6d6a024e3eb7d28c204f61
Sha256:F248370694ec8001ebf05417dde3062a615e7a1365d5038d2c88a50756068e6a

 

It may be a malicious program, or it may be just a joke program. Be careful!