|
初生襁褓狮
|
发表于:
2008-11-12 14:51
|
只看楼主
短消息
资料
回复: 可疑文件!
忘了附加信息了,抱歉。 | 附加信息 | | File size: 319488 bytes | | MD5...: dee992f971efaa8e1b724c48ff11a6ef | | SHA1..: 18c313e234fc92bdd06b7b2446115294b8dcc60b | | SHA256: 43a4fa4dfe650fbaa8fd58420e62ea8c7fbda72bdbd5dbe01c191e0270df56c2 | SHA512: 695f7e51fa1f0bd3ccaa7f66260e63f76056943434854b76f4438c79ff8b9f50
5102059cb06b2069962a1fb7e72e8f053dc4a5a6862e2f3db83c3c06bc820004 | | PEiD..: - | TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%) | PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10024832
timedatestamp.....: 0x491070bc (Tue Nov 04 15:56:44 2008)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x38979 0x38a00 6.62 c0ba078ca2694b9097dd5788701c3da5
.rdata 0x3a000 0xc181 0xc200 5.11 e4a9ca249cf18ac39cfdca7fe0821a7e
.data 0x47000 0x5a94 0x3c00 3.68 c1134e46575e7eec22ddf5d9da90c2cb
Shared 0x4d000 0x24 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x4e000 0x190 0x200 4.18 b6f6591f1a66f5be5d2a9bdc19d280ec
.reloc 0x4f000 0x4f72 0x5000 5.79 5e2c42afe7fb184756cfc31d3738cde7
( 11 imports )
> iphlpapi.dll: GetAdaptersInfo
> KERNEL32.dll: RaiseException, FindResourceW, SizeofResource, LockResource, LoadResource, FindResourceExW, InterlockedIncrement, InterlockedDecrement, Sleep, GetPrivateProfileIntW, GetPrivateProfileStringW, GetTempPathW, GetTempFileNameW, lstrcpyW, CreateProcessW, SetLastError, CreateMutexW, GetWindowsDirectoryW, FindFirstFileW, FindNextFileW, FindClose, EnterCriticalSection, LeaveCriticalSection, lstrlenW, GetLocalTime, CreateFileW, SetFilePointer, WriteFile, WideCharToMultiByte, CreateFileA, SystemTimeToFileTime, DeviceIoControl, WriteProcessMemory, GetCurrentProcess, GlobalAlloc, GetModuleHandleW, GetTickCount, GlobalLock, GlobalUnlock, FlushInstructionCache, MulDiv, lstrcmpW, VirtualQuery, VirtualProtect, VirtualAlloc, InterlockedCompareExchange, ResumeThread, GetThreadContext, SetThreadContext, SuspendThread, CompareStringW, CompareStringA, WaitForSingleObject, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, RtlUnwind, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, GetDateFormatA, GetTimeFormatA, GetTimeZoneInformation, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetModuleFileNameA, GetStdHandle, GetOEMCP, GetCPInfo, HeapCreate, ExitProcess, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleHandleA, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetCommandLineA, GetSystemTimeAsFileTime, VirtualFree, IsProcessorFeaturePresent, LoadLibraryA, GetProcessHeap, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetVersionExA, CloseHandle, CreateThread, CreateEventW, SetEvent, GetLastError, MultiByteToWideChar, GetCurrentProcessId, DeleteCriticalSection, InitializeCriticalSection, GetModuleFileNameW, GetCurrentThreadId, FreeLibrary, GetCurrentThread, GetProcAddress, LoadLibraryW, SetEnvironmentVariableA, ReadFile, FlushFileBuffers
> USER32.dll: PostThreadMessageW, PeekMessageW, DispatchMessageW, TranslateMessage, ShowWindow, CreateDialogParamW, DefWindowProcW, GetWindowThreadProcessId, FindWindowW, SetWindowsHookExW, CallNextHookEx, UnhookWindowsHookEx, SendMessageW, RegisterWindowMessageW, CreateWindowExW, CallWindowProcW, GetDlgItem, GetWindow, SetFocus, GetFocus, IsChild, RedrawWindow, DestroyAcceleratorTable, CharNextW, GetSysColor, CreateAcceleratorTableW, MoveWindow, ReleaseCapture, SetCapture, FillRect, InvalidateRect, InvalidateRgn, ReleaseDC, GetDC, GetMessageW, UnregisterClassA, SetTimer, KillTimer, GetDesktopWindow, GetClientRect, GetWindowRect, SetWindowPos, SetWindowTextW, GetWindowLongW, SetWindowLongW, SetWindowPlacement, BeginPaint, EndPaint, DestroyWindow, ScreenToClient, IsWindow, GetParent, OffsetRect, GetClassInfoExW, RegisterClassExW, GetWindowTextW, GetWindowTextLengthW, LoadCursorW, GetSystemMetrics, VkKeyScanW, PostMessageW, InflateRect, SetRect, PtInRect, GetCursorPos, ClientToScreen, EnumChildWindows, GetClassNameW
> GDI32.dll: GetStockObject, GetObjectW, GetDeviceCaps, BitBlt, DeleteDC, CreateCompatibleDC, SelectObject, DeleteObject, CreateCompatibleBitmap, CreateSolidBrush
> ADVAPI32.dll: RegCreateKeyExW, RegQueryValueExW, RegEnumValueW, RegQueryInfoKeyW, RegCloseKey, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW
> SHELL32.dll: SHGetPathFromIDListW, SHGetFolderLocation
> ole32.dll: OleUninitialize, CoUninitialize, CoTaskMemAlloc, StringFromGUID2, OleLockRunning, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, CoCreateInstance, OleInitialize, StringFromCLSID, CreateStreamOnHGlobal, CoTaskMemFree, CoInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> SHLWAPI.dll: PathIsRelativeW, PathFindFileNameW, PathFindOnPathW, PathFileExistsW, PathFindExtensionW, StrStrIW, UrlCanonicalizeW
> urlmon.dll: CoInternetGetSession, URLDownloadToFileW, URLDownloadToCacheFileW
> WININET.dll: InternetCloseHandle, HttpSendRequestA, HttpOpenRequestA, InternetConnectA, InternetOpenA, FindCloseUrlCache, DeleteUrlCacheEntryW, FindNextUrlCacheEntryW, FindFirstUrlCacheEntryW, InternetCrackUrlW, InternetCanonicalizeUrlW
( 4 exports )
SendStatisticDataOnInstall, UpdateIFEOInfo, fnClose, fnOpen
|
|
