打印机.exe--72095fd52ec75954bd1d0f27d57b9808 bbs.ikaka.com

endurer - 2009-12-22 12:41:00

附件: 您所在的用户组无法下载或查看附件

解压密码：virus

文件说明符 : D:\打印机.exe
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2009-12-21 8:59:10
修改时间 : 2009-12-21 8:59:12
大小 : 282684 字节 276.60 KB
MD5 : 72095fd52ec75954bd1d0f27d57b9808
SHA1: E303C0DE760832DCADD2C5BB972C46CE3511FF59
CRC32: 8910efdc

包含解压脚本：
/---
;The comment below contains SFX script commands
setup=8787.exe
setup=ddd.url
setup=4e4.exe
TempMode
Silent=1
Overwrite=1
---/

文件 _________.exe 接收于 2009.12.21 06:52:53 (UTC)
反病毒引擎版本最后更新扫描结果
a-squared 4.5.0.43 2009.12.21 -
AhnLab-V3 5.0.0.2 2009.12.21 -
AntiVir 7.9.1.114 2009.12.20 -
Antiy-AVL 2.0.3.7 2009.12.18 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.20 -
AVG 8.5.0.427 2009.12.20 -
BitDefender 7.2 2009.12.21 -
CAT-QuickHeal 10.00 2009.12.21 -
ClamAV 0.94.1 2009.12.21 PUA.Packed.ASPack212
Comodo 3315 2009.12.21 -
DrWeb 5.0.0.12182 2009.12.21 -
eSafe 7.0.17.0 2009.12.20 -
eTrust-Vet 35.1.7187 2009.12.21 -
F-Prot 4.5.1.85 2009.12.20 -
F-Secure 9.0.15370.0 2009.12.21 -
Fortinet 4.0.14.0 2009.12.20 -
GData 19 2009.12.21 -
Ikarus T3.1.1.79.0 2009.12.21 Gen.Trojan
Jiangmin 13.0.900 2009.12.21 -
K7AntiVirus 7.10.923 2009.12.17 -
Kaspersky 7.0.0.125 2009.12.21 -
McAfee 5838 2009.12.20 -
McAfee+Artemis 5838 2009.12.20 -
McAfee-GW-Edition 6.8.5 2009.12.21 -
Microsoft 1.5302 2009.12.20 -
NOD32 4704 2009.12.20 -
Norman 6.04.03 2009.12.20 -
nProtect 2009.1.8.0 2009.12.18 -
Panda 10.0.2.2 2009.12.15 Suspicious file
PCTools 7.0.3.5 2009.12.21 -
Prevx 3.0 2009.12.21 -
Rising 22.27.00.03 2009.12.21 -
Sophos 4.49.0 2009.12.21 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.12.20 Trojan.Win32.Generic!SB.0
Symantec 1.4.4.12 2009.12.21 Suspicious.MH690.A
TheHacker 6.5.0.3.101 2009.12.21 -
TrendMicro 9.100.0.1001 2009.12.21 PAK_Generic.001
VBA32 3.12.12.0 2009.12.19 -
ViRobot 2009.12.21.2098 2009.12.21 -
VirusBuster 5.0.21.0 2009.12.20 -

附加信息
File size: 282684 bytes
MD5...: 72095fd52ec75954bd1d0f27d57b9808
SHA1..: e303c0de760832dcadd2c5bb972c46ce3511ff59
SHA256: 86627e3efb3fa63fbd91171a7d059e821684f1816054ff18c8cb42746e15f2c0
ssdeep: 6144:vME1nmg1tDbJ5621YNtKNFuTtuUI+kvqjaJjubgD29bRKEkIcTiGRLL:Egn
JvMRuokvqjaQgDsRI5LL

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x42d20bc8 (Mon Jul 11 06:03:52 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13000 0x12600 6.46 bcefd13d879b5aa1628d5731462b1935
.data 0x14000 0x7000 0xa00 4.73 0eb9af4768d13f3fe805922a21fcbf55
.idata 0x1b000 0x1000 0x1000 5.02 7f9440e32acb299f3bda96288136b63a
.rsrc 0x1c000 0x4000 0x3c00 4.59 3ae1d431da2bc9b076ad4baaf5d397d0

( 8 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
> COMCTL32.DLL: -
> COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA
> GDI32.DLL: DeleteObject
> SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
> USER32.DLL: CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
> OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: WinRAR Self Extracting archive (95.7%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Win32 Executable Watcom C++ (generic) (0.4%)
Generic Win/DOS Executable (0.3%)
packers (Kaspersky): PE_Patch.UPX, UPX
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

packers (F-Prot): RAR, UPX, NSIS, Aspack

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 602; MAXTHON 2.0)

瑞星卡卡安全论坛