bfilo.exe---27739801917eb54129f7d2a666363fad

瑞星卡卡安全论坛技术交流区 可疑文件交流 bfilo.exe---27739801917eb54129f7d2a666363fad

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

1 / 1 页

跳转页

社区嘉宾

帖子:22020
注册: 2003-04-29
来自:pe_xscan Studio

发表于： 2009-10-16 23:44 | 只看楼主 短消息资料

字号：小中大 1楼

bfilo.exe---27739801917eb54129f7d2a666363fad

附件: 您所在的用户组无法下载或查看附件

解压密码：virus

O23 - 服务: ISBCCCS (IMAPI System By Catch CD-Burning COM Service) - C:\WINDOWS\system32\bfilo.exe (自动)

文件说明符 : C:\WINDOWS\bfilo.exe
属性 : A---
数字签名:否
PE文件:是
语言 : 英语(美国)
文件版本 : 1, 0, 0, 1
说明 : mssvr Module
版权 : Copyright 2009
产品版本 : 1, 0, 0, 1
产品名称 : mssvr Module
内部名称 : mssvr
源文件名 : mssvr.EXE
创建时间 : 2009-10-16 23:17:14
修改时间 : 2009-10-9 18:26:58
大小 : 45056 字节 44.0 KB
MD5 : 27739801917eb54129f7d2a666363fad
SHA1: ACE452E7EA6F1AC2A85FB2549AF7AF077038908F
CRC32: 6a23889f
文件 bfilo.exe 接收于 2009.10.16 15:34:47 (UTC)

反病毒引擎	版本	最后更新	扫描结果
a-squared	4.5.0.41	2009.10.16	Trojan-Downloader.Win32.Phinit!IK
AhnLab-V3	5.0.0.2	2009.10.16	-
AntiVir	7.9.1.35	2009.10.16	TR/Downloader.Gen
Antiy-AVL	2.0.3.7	2009.10.16	-
Authentium	5.1.2.4	2009.10.16	-
Avast	4.8.1351.0	2009.10.14	-
AVG	8.5.0.420	2009.10.16	Generic4.OPG
BitDefender	7.2	2009.10.16	Application.Generic.236077
CAT-QuickHeal	10.00	2009.10.16	-
ClamAV	0.94.1	2009.10.16	-
Comodo	2622	2009.10.16	-
DrWeb	5.0.0.12182	2009.10.16	-
eSafe	7.0.17.0	2009.10.15	-
eTrust-Vet	35.1.7071	2009.10.16	-
F-Prot	4.5.1.85	2009.10.15	-
F-Secure	8.0.14470.0	2009.10.16	-
Fortinet	3.120.0.0	2009.10.16	-
GData	19	2009.10.16	Application.Generic.236077
Ikarus	T3.1.1.72.0	2009.10.16	Trojan-Downloader.Win32.Phinit
Jiangmin	11.0.800	2009.10.16	TrojanDownloader.Agent.bttt
K7AntiVirus	7.10.872	2009.10.16	-
Kaspersky	7.0.0.125	2009.10.16	-
McAfee	5772	2009.10.15	-
McAfee+Artemis	5772	2009.10.15	Artemis!27739801917E
McAfee-GW-Edition	6.8.5	2009.10.16	Heuristic.BehavesLike.Win32.Rootkit.L
Microsoft	1.5101	2009.10.16	TrojanDownloader:Win32/Phinit.B
NOD32	4515	2009.10.16	probably a variant of Win32/Adware.NewWeb
Norman	6.03.02	2009.10.16	-
nProtect	2009.1.8.0	2009.10.15	-
Panda	10.0.2.2	2009.10.15	Trj/CI.A
PCTools	4.4.2.0	2009.10.16	-
Prevx	3.0	2009.10.16	-
Rising	21.51.44.00	2009.10.16	-
Sophos	4.46.0	2009.10.16	Mal/Generic-A
Sunbelt	3.2.1858.2	2009.10.15	-
Symantec	1.4.4.12	2009.10.16	-
TheHacker	6.5.0.2.043	2009.10.15	-
TrendMicro	8.950.0.1094	2009.10.16	-
VBA32	3.12.10.11	2009.10.15	-
ViRobot	2009.10.16.1988	2009.10.16	-
VirusBuster	4.6.5.0	2009.10.15	-

附加信息

File size: 45056 bytes

MD5...: 27739801917eb54129f7d2a666363fad

SHA1..: ace452e7ea6f1ac2a85fb2549af7af077038908f

SHA256: fdb6fd1a972cdc7e8330b9c0bce54950ee6f334699d3e43449fee1492559ba57

ssdeep: 768:lWYfyi0Kpi6fZ/MMDA6TNwqMwhpYMB2vK29aGv7rdsoex29ONft:UYf/0Kpi
6f5MINwqp4ooKzgshNft

PEiD..: -

PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5f5a
timedatestamp.....: 0x4acf0ff2 (Fri Oct 09 10:26:58 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5606 0x6000 5.97 b5929e53dac0c3f0a1d05a01e10eb7af
.rdata 0x7000 0x1d96 0x2000 4.59 224d6575735b5412d442ecad59f1f567
.data 0x9000 0x9f0 0x1000 3.41 1e5cc91d3d2b81a4203d15383c21a3f4
.rsrc 0xa000 0x968 0x1000 2.40 417379093d7a6ba21678e79f9154001c

( 9 imports )
> WININET.dll: InternetCloseHandle, InternetOpenUrlA, InternetOpenA, InternetReadFile
> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> MSVCRT.dll: free, malloc, memcpy, sprintf, _splitpath, memset, strcpy, realloc, memcmp, __0exception@@QAE@ABV0@@Z, strlen, _CxxThrowException, strcmp, _strupr, atol, _mbslwr, __dllonexit, _onexit, __1type_info@@UAE@XZ, _except_handler3, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _stricmp, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, __CxxFrameHandler, _controlfp
> KERNEL32.dll: GetStartupInfoA, GetPrivateProfileSectionNamesA, GetPrivateProfileStringA, WritePrivateProfileStringA, MoveFileExA, GetTickCount, WinExec, DeleteFileA, CreateToolhelp32Snapshot, Process32First, Process32Next, GetWindowsDirectoryA, CreateDirectoryA, lstrcatA, lstrcpyA, LoadLibraryA, GetProcAddress, InitializeCriticalSection, IsDBCSLeadByte, lstrcpynA, LoadLibraryExA, GetLastError, CloseHandle, GetCurrentProcess, GetCurrentThread, GetModuleFileNameA, SetLastError, Sleep, GetCurrentThreadId, lstrcmpiA, GetCommandLineA, lstrlenA, lstrlenW, MultiByteToWideChar, GetShortPathNameA, GetModuleHandleA, WideCharToMultiByte, FreeLibrary, SizeofResource, LoadResource, FindResourceA, OpenProcess
> USER32.dll: PostThreadMessageA, GetMessageA, CharNextA, LoadStringA, KillTimer, SetTimer, TranslateMessage, DispatchMessageA
> ADVAPI32.dll: RegEnumKeyExA, RegCreateKeyExA, RegOpenKeyExA, StartServiceCtrlDispatcherA, RegDeleteValueA, RegSetValueExA, RegCloseKey, RegQueryValueExA, SetServiceStatus, RegisterServiceCtrlHandlerA, RegDeleteKeyA, OpenServiceA, ControlService, QueryServiceStatus, DeleteService, OpenSCManagerA, CreateServiceA, ChangeServiceConfig2A, CloseServiceHandle, GetAclInformation, AddAce, InitializeAcl, GetAce, AddAccessAllowedAce, LookupAccountNameA, GetTokenInformation, OpenThreadToken, OpenProcessToken, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, GetLengthSid, CopySid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegQueryInfoKeyA, RegEnumValueA, CreateProcessAsUserA
> ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CoTaskMemRealloc, CoInitializeEx, CoUninitialize, CoInitializeSecurity, CoRegisterClassObject, CoRevokeClassObject, CoCreateInstance, CoInitialize
> OLEAUT32.dll: -, -, -, -, -
> MSVCP60.dll: __0out_of_range@std@@QAE@ABV01@@Z, __1out_of_range@std@@UAE@XZ, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, ___7out_of_range@std@@6B@, __0logic_error@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, __0logic_error@std@@QAE@ABV01@@Z

( 0 exports )

RDS...: NSRL Reference Data Set
-

pdfid.: -

trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:
publisher....:
copyright....: Copyright 2009
product......: mssvr Module
description..: mssvr Module
original name: mssvr.EXE
internal name: mssvr
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler 4.0; MAXTHON 2.0)

http://blog.csdn.net/purpleendurer

宠辱不惊，笑看堂前花开花落；去留无意，漫随天外云卷云舒。

分享到：

瑞星工程师19 在线技术支持工程师帖子:3977 注册: 2008-09-08 来自:	发表于： 2009-10-17 09:57 \| 短消息资料字号：小中大 2楼回复：bfilo.exe---27739801917eb54129f7d2a666363fad 感谢楼主的支持，您提交的的样本已经上报，请继续关注瑞星~
瑞星工程师19 在线技术支持工程师帖子:3977 注册: 2008-09-08 来自:

夲號ヱ被ジ盜叱咤花甲狮帖子:7083 注册: 2008-08-21 来自:昆仑琼华派	发表于： 2009-10-17 13:05 \| 短消息资料字号：小中大 3楼回复: bfilo.exe---27739801917eb54129f7d2a666363fad 附件: 您所在的用户组无法下载或查看附件
夲號ヱ被ジ盜叱咤花甲狮帖子:7083 注册: 2008-08-21 来自:昆仑琼华派

<<上一主题|下一主题>>

1 / 1 页

跳转页

瑞星卡卡安全论坛技术交流区可疑文件交流 bfilo.exe---27739801917eb54129f7d2a666363fad

bfilo.exe---27739801917eb54129f7d2a666363fad

bfilo.exe---27739801917eb54129f7d2a666363fad

回复：bfilo.exe---27739801917eb54129f7d2a666363fad

回复: bfilo.exe---27739801917eb54129f7d2a666363fad