endurer - 2009-3-2 12:44:00
附件: 您所在的用户组无法下载或查看附件解压密码:virus
文件说明符 : C:\WINDOWS\hatben.dll
属性 : -SH-
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 1, 0, 2, 1
说明 : Microsoft WinEvent Support
版权 : Copyright ? 2002
备注 : Microsoft WinEvent
产品版本 : 1, 0, 2, 1
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
内部名称 : wthelp
源文件名 : wthelp.dll
创建时间 : 2009-2-23 9:46:19
修改时间 : 2009-2-23 9:46:20
大小 : 45056 字节 44.0 KB
MD5 : 324dcaf42ee74c1b1491a0492a67abcb
SHA1: 49E5475BBCDB3D1A7B4C678292163D067C262CF7
CRC32: 8ef0bc80
文件 hatben.dll 接收于 2009.03.02 05:21:34 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| a-squared | 4.0.0.101 | 2009.03.02 | Trojan.Generic!IK |
| AhnLab-V3 | 5.0.0.2 | 2009.02.27 | - |
| AntiVir | 7.9.0.98 | 2009.03.01 | TR/Gendal.45056.5 |
| Authentium | 5.1.0.4 | 2009.03.01 | - |
| Avast | 4.8.1335.0 | 2009.03.01 | Win32:Trojan-gen {Other} |
| AVG | 8.0.0.237 | 2009.03.01 | Clicker.KVF |
| BitDefender | 7.2 | 2009.03.02 | Trojan.Generic.338183 |
| CAT-QuickHeal | None | 2009.02.28 | - |
| ClamAV | 0.94.1 | 2009.03.02 | - |
| Comodo | 986 | 2009.02.20 | - |
| DrWeb | 4.44.0.09170 | 2009.03.02 | Trojan.DownLoader.36054 |
| eSafe | 7.0.17.0 | 2009.02.26 | - |
| eTrust-Vet | 31.6.6379 | 2009.03.02 | - |
| F-Prot | 4.4.4.56 | 2009.03.01 | - |
| F-Secure | 8.0.14470.0 | 2009.03.01 | - |
| Fortinet | 3.117.0.0 | 2009.03.02 | Adware/AdClicker |
| GData | 19 | 2009.03.02 | Trojan.Generic.338183 |
| Ikarus | T3.1.1.45.0 | 2009.03.02 | Trojan.Generic |
| K7AntiVirus | 7.10.649 | 2009.02.27 | Trojan.Win32.Malware.1 |
| Kaspersky | 7.0.0.125 | 2009.03.02 | - |
| McAfee | 5540 | 2009.03.01 | AdClicker-ET |
| McAfee+Artemis | 5540 | 2009.03.01 | AdClicker-ET |
| Microsoft | 1.4306 | 2009.03.01 | - |
| NOD32 | 3899 | 2009.03.02 | probably a variant of Win32/TrojanClicker.Agent |
| Norman | 6.00.06 | 2009.02.27 | - |
| nProtect | 2009.1.8.0 | 2009.03.02 | Trojan/W32.Small.45056.AG |
| Panda | 10.0.0.10 | 2009.03.01 | Generic Trojan |
| PCTools | 4.4.2.0 | 2009.03.01 | - |
| Prevx1 | V2 | 2009.03.02 | Medium Risk Malware |
| Rising | 21.19.00.00 | 2009.03.02 | - |
| SecureWeb-Gateway | 6.7.6 | 2009.03.02 | Trojan.Gendal.45056.5 |
| Sophos | 4.39.0 | 2009.03.02 | - |
| Sunbelt | 3.2.1858.2 | 2009.02.28 | - |
| Symantec | 10 | 2009.03.02 | Trojan Horse |
| TheHacker | 6.3.2.6.268 | 2009.03.01 | - |
| TrendMicro | 8.700.0.1004 | 2009.03.02 | TROJ_CLICKER.BRQ |
| VBA32 | 3.12.10.1 | 2009.03.01 | Trojan.DownLoader.36054 |
| ViRobot | 2009.2.28.1629 | 2009.03.02 | - |
| VirusBuster | 4.5.11.0 | 2009.03.01 | - |
| 附加信息 |
| File size: 45056 bytes |
| MD5...: 324dcaf42ee74c1b1491a0492a67abcb |
| SHA1..: 49e5475bbcdb3d1a7b4c678292163d067c262cf7 |
| SHA256: 84a65d9161979f4f695fde29eb0c2639e1e8aab385fada4fdd06e55d5d31e0ab |
| SHA512: c973f0f20c7162176c6891a0dd55d419f9deb9b6af3942acd9d59e3ab5418b30 5bf09396938a36d5924c0cedbf3a32880c4d45603cdca6d9becc1f010b3fae95 |
| ssdeep: 768:QxhT8nf2/WPsTt3KWgBTWu3Io9X8j9FmBX:QxhT8OqsZKxbYoF8j9IBX |
| PEiD..: Armadillo v1.xx - v2.xx |
| TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x13b9 timedatestamp.....: 0x478cd644 (Tue Jan 15 15:50:28 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3ccc 0x4000 6.33 ea1e7c233261cfc18a53f6d8e0918c3e .rdata 0x5000 0x1b08 0x2000 4.36 f1c22b52bf870a7fd13c14e3349c9b5c .data 0x7000 0x940 0x1000 0.79 22b826ad68012b30852118c238308dcd WTShared 0x8000 0x4 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110 .rsrc 0x9000 0x438 0x1000 1.10 3cb88c9f7f329cedec7bcb4524d28313 .reloc 0xa000 0xa62 0x1000 4.15 2f0a3268cc1d39a2fd87ec0cf8d4d871 ( 2 imports ) > KERNEL32.dll: VirtualQuery, OpenProcess, SetLastError, CreateFileA, UnmapViewOfFile, CloseHandle, MapViewOfFile, OpenFileMappingA, FlushInstructionCache, VirtualProtect, RtlUnwind, GetStringTypeW, GetStringTypeA, LCMapStringW, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA > USER32.dll: GetWindowTextA, GetWindowThreadProcessId, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, FindWindowA ( 1 exports ) StartWTHelp |
| Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=84C47A3F00FC9A1CB07600EA61BCB7008DB501A8' target='_blank'>http://info.prevx.com/aboutprogr ... 61BCB7008DB501A8<;/a> |
| CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=324dcaf42ee74c1b1491a0492a67abcb' target='_blank'>http://research.sunbelt-software ... 1491a0492a67abcb<;/a> |
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; InfoPath.1)