附件: 您所在的用户组无法下载或查看附件

解压密码：virus

文件说明符 : C:\WINDOWS\system32\EndViewRun.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2009-10-16 21:14:8
修改时间 : 2009-10-11 0:40:8
大小 : 24576 字节 24.0 KB
MD5 : c2ee6991360293ad4ba89e3a432f4d80
SHA1: 79F5A303788B1BB790F46456C2CBBC02D8E99211
CRC32: bce75fe6

文件 EndViewRun.dll 接收于 2009.10.16 14:07:15 (UTC)

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.5.0.41	2009.10.16	Trojan-Downloader.Small!IK
AhnLab-V3	5.0.0.2	2009.10.16	-
AntiVir	7.9.1.35	2009.10.16	TR/Dldr.Small.jrs
Antiy-AVL	2.0.3.7	2009.10.16	-
Authentium	5.1.2.4	2009.10.16	-
Avast	4.8.1351.0	2009.10.14	-
AVG	8.5.0.420	2009.10.16	-
BitDefender	7.2	2009.10.16	-
CAT-QuickHeal	10.00	2009.10.16	Trojan.Agent.ATV
ClamAV	0.94.1	2009.10.16	-
Comodo	2621	2009.10.16	-
DrWeb	5.0.0.12182	2009.10.16	-
eSafe	7.0.17.0	2009.10.15	Win32.TRDldr.Small.J
eTrust-Vet	35.1.7071	2009.10.16	-
F-Prot	4.5.1.85	2009.10.15	-
F-Secure	8.0.14470.0	2009.10.16	-
Fortinet	3.120.0.0	2009.10.16	PossibleThreat
GData	19	2009.10.16	-
Ikarus	T3.1.1.72.0	2009.10.16	Trojan-Downloader.Small
Jiangmin	11.0.800	2009.10.16	Trojan/Clicker.hj
K7AntiVirus	7.10.872	2009.10.16	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.10.16	-
McAfee	5772	2009.10.15	-
McAfee+Artemis	5772	2009.10.15	Artemis!C2EE69913602
McAfee-GW-Edition	6.8.5	2009.10.16	Trojan.Dldr.Small.jrs
Microsoft	1.5101	2009.10.16	-
NOD32	4514	2009.10.16	-
Norman	6.03.02	2009.10.16	-
nProtect	2009.1.8.0	2009.10.15	-
Panda	10.0.2.2	2009.10.15	-
PCTools	4.4.2.0	2009.10.16	-
Prevx	3.0	2009.10.16	-
Rising	21.51.44.00	2009.10.16	-
Sophos	4.46.0	2009.10.16	Mal/Generic-A
Sunbelt	3.2.1858.2	2009.10.15	-
Symantec	1.4.4.12	2009.10.16	-
TheHacker	6.5.0.2.043	2009.10.15	-
TrendMicro	8.950.0.1094	2009.10.16	-
VBA32	3.12.10.11	2009.10.15	-
ViRobot	2009.10.16.1988	2009.10.16	-
VirusBuster	4.6.5.0	2009.10.15	Trojan.DL.Small.CLDP

附加信息

File size: 24576 bytes

MD5...: c2ee6991360293ad4ba89e3a432f4d80

SHA1..: 79f5a303788b1bb790f46456c2cbbc02d8e99211

SHA256: c8756ba9e31fee5032d6eb3e1f3ad3abef905f0e71cc1135d5b1ac61be106117

ssdeep: 192:VkRzZHh4AgG3E4/x+jWpXMViL0zlgpsstzsae7h3kYB+l:uZeehWWpX7p1Te 7hJA

PEiD..: -

PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x249b timedatestamp.....: 0x4ab07c55 (Wed Sep 16 05:49:09 2009) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1560 0x2000 4.81 666c35c1d0ed0fbe1d637a81420629bc .rdata 0x3000 0x57e 0x1000 2.06 18d595a83347bb08c12a162a0ae9bf86 .data 0x4000 0x290 0x1000 1.23 4da1c77d1edeb2fb91f7cd11750ad755 .reloc 0x5000 0x2d0 0x1000 1.13 16fffa6a2f77f96ca97f93fbd68336be ( 6 imports ) > KERNEL32.dll: DeleteFileA, TerminateProcess, FindClose, FindNextFileA, FindFirstFileA, Sleep, DisableThreadLibraryCalls, CreateProcessA, GetLastError > USER32.dll: EnumChildWindows, GetWindowThreadProcessId, GetClassNameA, GetParent, CloseDesktop, SetForegroundWindow, EnumDesktopWindows, PostMessageA, CreateDesktopA, SendMessageA > ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey > SHELL32.dll: SHGetSpecialFolderPathA > WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, - > MSVCRT.dll: _adjust_fdiv, _initterm, time, srand, strchr, rand, atoi, strcmp, strcat, strcpy, _strcmpi, sprintf, malloc, strstr, free, strlen, memset, memcpy ( 3 exports ) GetDLlVersion, Run, Sunbelt

RDS...: NSRL Reference Data Set -

pdfid.: -

trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler 4.0; MAXTHON 2.0)

感谢楼主的支持，您提交的的样本已经上报，请继续关注瑞星~