endurer - 2010-6-22 22:56:00
附件: 您所在的用户组无法下载或查看附件O2 - IeAddOn(HkcuExSt) - - {57CC5BE6-65FB-4533-B5C3-11DF00ACC50B} = C:\WINDOWS\system32\nsDk.dll
文件说明符 : C:\WINDOWS\system32\nsDk.dll
属性 : ----
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-4-14 20:0:0
修改时间 : 2008-4-14 20:0:0
大小 : 53248 字节 52.0 KB
MD5 : 6091f8462733811243247323604dbc3c
SHA1: 49C66E1D34CD47F2FBFD2F27258BC4402CCE77D0
CRC32: 7279b9b5
文件 nsDk.dll 接收于 2010.06.22 14:46:23 (UTC)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| a-squared | 5.0.0.30 | 2010.06.22 | Trojan.Win32.Jkfg!IK |
| AhnLab-V3 | 2010.06.22.02 | 2010.06.22 | Win-Trojan/Agent.53248.AIQ |
| AntiVir | 8.2.2.6 | 2010.06.22 | TR/Crypt.XPACK.Gen |
| Antiy-AVL | 2.0.3.7 | 2010.06.22 | - |
| Authentium | 5.2.0.5 | 2010.06.22 | W32/Koutodoor.J.gen!Eldorado |
| Avast | 4.8.1351.0 | 2010.06.22 | Win32:Caxnet |
| Avast5 | 5.0.332.0 | 2010.06.22 | Win32:Caxnet |
| AVG | 9.0.0.787 | 2010.06.22 | Win32/Cryptor |
| BitDefender | 7.2 | 2010.06.22 | Gen:Variant.Koutodoor.3 |
| CAT-QuickHeal | 10.00 | 2010.06.22 | - |
| ClamAV | 0.96.0.3-git | 2010.06.22 | - |
| Comodo | 5183 | 2010.06.22 | TrojWare.Win32.Zybr.B |
| DrWeb | 5.0.2.03300 | 2010.06.22 | Trojan.Siggen1.49071 |
| eSafe | 7.0.17.0 | 2010.06.22 | - |
| eTrust-Vet | 36.1.7658 | 2010.06.22 | - |
| F-Prot | 4.6.1.107 | 2010.06.21 | W32/Koutodoor.J.gen!Eldorado |
| F-Secure | 9.0.15370.0 | 2010.06.22 | Gen:Variant.Koutodoor.3 |
| Fortinet | 4.1.133.0 | 2010.06.22 | - |
| GData | 21 | 2010.06.22 | Gen:Variant.Koutodoor.3 |
| Ikarus | T3.1.1.84.0 | 2010.06.22 | Trojan.Win32.Jkfg |
| Jiangmin | 13.0.900 | 2010.06.15 | Heur:Trojan/JunkCode |
| Kaspersky | 7.0.0.125 | 2010.06.22 | Trojan.Win32.Jkfg.qs |
| McAfee | 5.400.0.1158 | 2010.06.22 | BackDoor-EPM.gen.a |
| McAfee-GW-Edition | 2010.1 | 2010.06.22 | BackDoor-EPM.gen.a |
| Microsoft | 1.5902 | 2010.06.22 | Trojan:Win32/Koutodoor.C!dll |
| NOD32 | 5218 | 2010.06.22 | - |
| Norman | 6.05.10 | 2010.06.22 | - |
| nProtect | 2010-06-22.01 | 2010.06.22 | Gen:Variant.Koutodoor.3 |
| Panda | 10.0.2.7 | 2010.06.21 | Trj/Jkfg.B |
| PCTools | 7.0.3.5 | 2010.06.22 | - |
| Prevx | 3.0 | 2010.06.22 | Medium Risk Malware |
| Rising | 22.53.01.04 | 2010.06.22 | - |
| Sophos | 4.54.0 | 2010.06.22 | Troj/BHO-PX |
| Sunbelt | 6483 | 2010.06.21 | - |
| Symantec | 20101.1.0.89 | 2010.06.22 | - |
| TheHacker | 6.5.2.0.302 | 2010.06.22 | Trojan/Jkfg.qs |
| TrendMicro | 9.120.0.1004 | 2010.06.22 | - |
| TrendMicro-HouseCall | 9.120.0.1004 | 2010.06.22 | - |
| VBA32 | 3.12.12.5 | 2010.06.22 | Trojan.Win32.Jkfg.qs |
| ViRobot | 2010.6.21.3896 | 2010.06.22 | Trojan.Win32.Jkfg.53248 |
| VirusBuster | 5.0.27.0 | 2010.06.22 | - |
| 附加信息 | |||
| File size: 53248 bytes | |||
| MD5...: 6091f8462733811243247323604dbc3c | |||
| SHA1..: 49c66e1d34cd47f2fbfd2f27258bc4402cce77d0 | |||
| SHA256: 4ecf2a4c63eaee3a7d551c70662bcd82de7577621222dbdf4ea3bff0a2f67450 | |||
| ssdeep: 1536:aAEuW40wl3K9AOChYpGda/Mtr2TtgH2n:abL4Vl3K9AjSsa/MR2JgH2<BR> | |||
| PEiD..: - | |||
| PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x7f81<BR>timedatestamp.....: 0x4c113b5b (Thu Jun 10 19:22:03 2010)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x7030 0x8000 6.32 2cbc9168829178fc2ba8d0287db52c30<BR>.rdata 0x9000 0xbc4 0x1000 4.25 09289effa121510f3c3da79bc524f48a<BR>.data 0xa000 0xfcc 0x1000 5.55 60b38a046a9b098458c94d110e77eaec<BR>.rsrc 0xb000 0x650 0x1000 1.51 a32641df552fa0b2fa66cd29371e7a62<BR>.reloc 0xc000 0x6a8 0x1000 3.21 be4f84f1307be431cb3d3cacf3b09fa6<BR><BR>( 7 imports ) <BR>> KERNEL32.dll: GetLocalTime, WritePrivateProfileStringA, GetModuleFileNameA, GetWindowsDirectoryA, GetSystemDirectoryA, GetProcAddress, DeleteFileA, LeaveCriticalSection, EnterCriticalSection, GetLastError, CreateEventA, MoveFileA, SetFileAttributesA, MultiByteToWideChar, FindNextFileA, FindFirstFileA, GetCommandLineW, DisableThreadLibraryCalls, Process32First, DeleteCriticalSection, InterlockedIncrement, InterlockedDecrement, HeapAlloc, GetSystemInfo, GetVersionExA, HeapCreate, HeapDestroy, lstrlenW, lstrlenA, GetShortPathNameA, GetModuleHandleA, Sleep, CreateThread, WideCharToMultiByte, Process32Next, CloseHandle, LoadLibraryA, FreeLibrary, InitializeCriticalSection, GetCurrentProcessId<BR>> USER32.dll: GetMessageA, TranslateMessage, DispatchMessageA, CallNextHookEx, SetWindowTextA, SendMessageA, RegisterClassExA, IsWindow, ShowWindow, FindWindowExA, KillTimer, SetTimer, PostMessageA, DefWindowProcA, CreateWindowExA<BR>> ADVAPI32.dll: RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey<BR>> SHELL32.dll: CommandLineToArgvW<BR>> ole32.dll: CoInitialize, CoCreateInstance<BR>> OLEAUT32.dll: -, -, -, -, -<BR>> MSVCRT.dll: _strlwr, memcmp, memcpy, _purecall, strchr, fopen, fwrite, free, _initterm, malloc, _adjust_fdiv, _stricmp, rand, fclose, strrchr, strcmp, __2@YAPAXI@Z, memset, _access, strstr, strlen, sprintf, __3@YAXPAX@Z, strcpy, strcat<BR><BR>( 4 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<BR> | |||
| RDS...: NSRL Reference Data Set<BR>- | |||
| pdfid.: - | |||
| trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) | |||
| Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security ... 2010-021223-0550-99 | |||
| sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> | |||
| <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=644B84E100073E4DD05F001D8D517300EE9F0810' target='_blank'>http://info.prevx.com/aboutprogr ... D517300EE9F0810&;lt;/a> | |||
用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; Maxthon)