瑞星卡卡安全论坛

首页 » 技术交流区 » 可疑文件交流 » try2672.dll---1dcdefe7b2c17736e87f72c347eff6a2
endurer - 2009-10-16 22:56:00

 附件: 您所在的用户组无法下载或查看附件

解压密码:virus

文件说明符 : C:\WINDOWS\system32\try2672.dll
属性 : A---
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 1, 0, 0, 1
说明 : MyTest3
版权 : 版权所有 (C) 2008
产品版本 : 1, 0, 0, 1
产品名称 : MyTest3 Dynamic Link Library
内部名称 : MyTest3
源文件名 : MyTest3.DLL
创建时间 : 2009-10-16 21:14:8
修改时间 : 2009-10-11 10:28:34
大小 : 171520 字节 167.512 KB
MD5 : 1dcdefe7b2c17736e87f72c347eff6a2
SHA1: B40EAB780FEB6C828FA82218D9E4DD932E56C976
CRC32: 427ecd69

文件 try2672.dll 接收于 2009.10.16 14:49:36 (UTC)
反病毒引擎版本最后更新扫描结果
a-squared4.5.0.412009.10.16Trojan-Downloader.Small!IK
AhnLab-V35.0.0.22009.10.16-
AntiVir7.9.1.352009.10.16TR/Dldr.Small.jrs
Antiy-AVL2.0.3.72009.10.16Trojan/Win32.Filka.gen
Authentium5.1.2.42009.10.16W32/Downloader.F.gen!Eldorado
Avast4.8.1351.02009.10.14-
AVG8.5.0.4202009.10.16Agent2.UVS
BitDefender7.22009.10.16Generic.Malware.FP!Pkg.7981EB71
CAT-QuickHeal10.002009.10.16-
ClamAV0.94.12009.10.16-
Comodo26212009.10.16-
DrWeb5.0.0.121822009.10.16Trojan.DownLoad.50494
eSafe7.0.17.02009.10.15Win32.TRDldr.Small.J
eTrust-Vet35.1.70712009.10.16-
F-Prot4.5.1.852009.10.15W32/Downloader.F.gen!Eldorado
F-Secure8.0.14470.02009.10.16Trojan-Spy.Win32.Filka.an
Fortinet3.120.0.02009.10.16PossibleThreat
GData192009.10.16Generic.Malware.FP!Pkg.7981EB71
IkarusT3.1.1.72.02009.10.16Trojan-Downloader.Small
Jiangmin11.0.8002009.10.16TrojanSpy.Filka.i
K7AntiVirus7.10.8722009.10.16Trojan.Win32.Malware.1
Kaspersky7.0.0.1252009.10.16Trojan-Spy.Win32.Filka.an
McAfee57722009.10.15Generic.dx!fvx
McAfee+Artemis57722009.10.15Generic.dx!fvx
McAfee-GW-Edition6.8.52009.10.16Trojan.Dldr.Small.jrs
Microsoft1.51012009.10.16-
NOD3245142009.10.16a variant of Win32/Agent.PHX
Norman6.03.022009.10.16W32/Agent.RWSY
nProtect2009.1.8.02009.10.15-
Panda10.0.2.22009.10.15Trj/CI.A
PCTools4.4.2.02009.10.16-
Prevx3.02009.10.16High Risk Cloaked Malware
Rising21.51.44.002009.10.16-
Sophos4.46.02009.10.16Mal/Generic-A
Sunbelt3.2.1858.22009.10.15Trojan.Win32.Agent
Symantec1.4.4.122009.10.16Trojan.Cinmeng
TheHacker6.5.0.2.0432009.10.15-
TrendMicro8.950.0.10942009.10.16TROJ_CINMENG.JD
VBA323.12.10.112009.10.15-
ViRobot2009.10.16.19882009.10.16-
VirusBuster4.6.5.02009.10.15-

附加信息
File size: 171520 bytes
MD5...: 1dcdefe7b2c17736e87f72c347eff6a2
SHA1..: b40eab780feb6c828fa82218d9e4dd932e56c976
SHA256: 362db39d816cf33456dad77fb08bef8e8af56a242406790818f352bb13761b4c
ssdeep: 3072:fG1qdjNOq5JADPgyNwfl02mgvTa0OhkO5gcSTSw3hRjVGqAg9PXCKNoD2rW
wKzZy:3NxJ4xa0i2yygDT9Xju6mwuZz
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9df90
timedatestamp.....: 0x4ad358dd (Mon Oct 12 16:27:09 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x74000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x75000 0x2a000 0x29200 7.92 4c371bc6ff467350a11250353656aa76
.rsrc 0x9f000 0x1000 0x800 3.39 6897e37f4fb0e14852678604a6e9c986

( 10 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect
> ADVAPI32.dll: RegCloseKey
> iphlpapi.dll: GetAdaptersInfo
> MFC42.DLL: -
> MSVCRT.dll: time
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> USER32.dll: SetTimer
> WININET.dll: InternetOpenA
> WINMM.dll: timeGetTime

( 3 exports )
InstallHook, InstallMyDll, UnInstallHook
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=D116BDFF00B7E03C9E66029DB2C4410089F9A222' target='_blank'>http://info.prevx.com/aboutprogr ... B2C4410089F9A222<;/a>
sigcheck:
publisher....:
copyright....: ____ (C) 2008
product......: MyTest3 Dynamic Link Library
description..: MyTest3
original name: MyTest3.DLL
internal name: MyTest3
file version.: 1, 0, 0, 1
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
packers (Antiy-AVL): UPX 0.89.6 - 1.02 / 1.05 - 1.22 DLL


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler 4.0; MAXTHON 2.0)
瑞星工程师19 - 2009-10-17 9:54:00
感谢楼主的支持,您提交的的样本已经上报,请继续关注瑞星~
1
查看完整版本: try2672.dll---1dcdefe7b2c17736e87f72c347eff6a2
© 2000 - 2025 Rising Corp. Ltd.