社区嘉宾
- 帖子:22020
- 注册:
2003-04-29
- 来自:pe_xscan Studio
|
发表于:
2008-07-12 10:00
|
只看楼主
短消息
资料
冒充瑞星的文件 RavNT.exe,soni.exe
附件: 您所在的用户组无法下载或查看附件 附件: 您所在的用户组无法下载或查看附件解压密码:virus 文件说明符 : C:\WINDOWS\RavNT.exe 属性 : A--- 数字签名:否 PE文件:是 语言 : 中文(中国) 文件版本 : 1, 0, 0, 1 说明 : RavNT Application 版权 : 版权所有 (C) 2008 产品版本 : 1, 0, 0, 1 产品名称 : Rising AntiVirus 2008 公司名称 : 瑞星 内部名称 : RavNT 源文件名 : RavNT.exe 创建时间 : 2008-7-7 15:40:36 修改时间 : 2008-7-7 15:40:36 大小 : 69753 字节 68.121 KB MD5 : 0f71426d4ec2cb092ba2b482b0a7e716 SHA1: F9763B7B730E6041BC5C44F7F7BBBA031FB1E1ED CRC32: 1d8165ef O4 - HKLM\..\Run: [RavMonS] C:\WINDOWS\soni.exe 文件说明符 : C:\WINDOWS\soni.exe 属性 : A--- 数字签名:否 PE文件:是 语言 : 中文(中国) 文件版本 : 1, 0, 0, 6 说明 : 瑞星 版权 : Copyright ? 2008 产品版本 : 1, 0, 0, 6 产品名称 : 瑞星杀毒软件 公司名称 : 瑞星 内部名称 : soni 源文件名 : soni.exe 创建时间 : 2008-7-7 16:16:58 修改时间 : 2008-7-7 16:16:58 大小 : 28672 字节 28.0 KB MD5 : bbf01792d245277580c13cb2239e0c37 SHA1: B28273FA256FD563069321645767E92B27C4B8B5 CRC32: bc95df9d 文件 RavNT.exe 接收于 2008.07.12 03:49:04 (CET) 反病毒引擎 | 版本 | 最后更新 | 扫描结果 | AhnLab-V3 | 2008.7.11.0 | 2008.07.11 | Win-Trojan/Bho.69763 | AntiVir | 7.8.0.64 | 2008.07.11 | TR/BHO.ewg | Authentium | 5.1.0.4 | 2008.07.11 | - | Avast | 4.8.1195.0 | 2008.07.12 | Win32:Trojan-gen {Other} | AVG | 7.5.0.516 | 2008.07.11 | Agent.YAQ | BitDefender | 7.2 | 2008.07.12 | - | CAT-QuickHeal | 9.50 | 2008.07.11 | Trojan.BHO.ewg | ClamAV | 0.93.1 | 2008.07.11 | - | DrWeb | 4.44.0.09170 | 2008.07.11 | - | eSafe | 7.0.17.0 | 2008.07.10 | - | eTrust-Vet | 31.6.5947 | 2008.07.11 | - | Ewido | 4.0 | 2008.07.11 | - | F-Prot | 4.4.4.56 | 2008.07.11 | - | F-Secure | 7.60.13501.0 | 2008.07.10 | - | Fortinet | 3.14.0.0 | 2008.07.11 | W32/BHO.EWG!tr | GData | 2.0.7306.1023 | 2008.07.12 | Trojan.Win32.BHO.ewg | Ikarus | T3.1.1.26.0 | 2008.07.12 | Trojan.Win32.BHO.ewg | Kaspersky | 7.0.0.125 | 2008.07.12 | Trojan.Win32.BHO.ewg | McAfee | 5337 | 2008.07.11 | - | Microsoft | 1.3704 | 2008.07.12 | - | NOD32v2 | 3263 | 2008.07.11 | a variant of Win32/Agent.NXB | Norman | 5.80.02 | 2008.07.11 | - | Panda | 9.0.0.4 | 2008.07.11 | Suspicious file | Prevx1 | V2 | 2008.07.12 | - | Rising | 20.52.41.00 | 2008.07.11 | - | Sophos | 4.31.0 | 2008.07.12 | - | Sunbelt | 3.1.1509.1 | 2008.07.04 | - | Symantec | 10 | 2008.07.12 | - | TheHacker | 6.2.96.376 | 2008.07.10 | - | TrendMicro | 8.700.0.1004 | 2008.07.11 | - | VBA32 | 3.12.6.9 | 2008.07.11 | Trojan.Win32.BHO.ewg | VirusBuster | 4.5.11.0 | 2008.07.11 | - | Webwasher-Gateway | 6.6.2 | 2008.07.11 | Trojan.BHO.ewg |
| 附加信息 | File size: 69753 bytes | MD5...: 0f71426d4ec2cb092ba2b482b0a7e716 | SHA1..: f9763b7b730e6041bc5c44f7f7bbba031fb1e1ed | SHA256: db335f883aeb4cbf4c926b034337b0ba6e4d1916e732986f13f376ea54ed43dd | SHA512: e19f568d0d4a75071b3282f58d9b5c5e53daa6d19055907a510aa70fedfe953d<BR>5b48b832920ce76ebb6397f96c09a9b2cc8f772800f8626d4ae7f7405e60af27 | PEiD..: Armadillo v1.71 | PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x405e0c<BR>timedatestamp.....: 0x4871c872 (Mon Jul 07 07:40:34 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 6 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x7505 0x8000 4.22 b97a50f0c6a2b134728758ca51cc6d92<BR>.rdata 0x9000 0xe19 0x1000 2.82 6ff3d22e68e7313c85ae88e7d5fa2d12<BR>.data 0xa000 0x169c 0x2000 2.10 47641db7270c59acaa49589d96ad9133<BR>.idata 0xc000 0x1079 0x2000 2.53 a8244460bdbc55ca46472f404515d6db<BR>.rsrc 0xe000 0x1e19 0x2000 3.70 3ffba0926d69f80918519652e188a9b0<BR>.reloc 0x10000 0xa9b 0x1000 4.47 8de4ef933441cf5e18c46a9451fe61d2<BR><BR>( 6 imports ) <BR>> MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>> MSVCRT.dll: _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _onexit, __dllonexit, _chdir, _mkdir, strlen, _stricmp, strcmp, strncpy, strcat, _setmbcp, sprintf, memset, __CxxFrameHandler, _mbsrchr, strcpy, strstr, _controlfp<BR>> KERNEL32.dll: ReleaseMutex, WaitForSingleObject, WinExec, GetPrivateProfileIntA, GetPrivateProfileStringA, MoveFileExA, WritePrivateProfileStringA, GetShortPathNameA, CopyFileA, GetSystemDefaultLangID, DeleteFileA, FindNextFileA, FindFirstFileA, SetCurrentDirectoryA, CloseHandle, CreateProcessA, LoadLibraryA, FreeLibrary, GetStartupInfoA, GetModuleFileNameA, GetVersionExA, GetSystemTime, CreateMutexA, FindClose, GetModuleHandleA, GetProcAddress<BR>> USER32.dll: KillTimer, MessageBoxA, UpdateWindow, FindWindowA, SetTimer, LoadCursorA, EnableWindow, SendMessageA<BR>> ADVAPI32.dll: RegSetValueExA, RegOpenKeyA, RegQueryValueExA, RegCloseKey, RegOpenKeyExA<BR>> urlmon.dll: URLDownloadToFileA<BR><BR>( 0 exports ) <BR> |
文件 soni.exe 接收于 2008.07.12 05:35:24 (CET) 反病毒引擎 | 版本 | 最后更新 | 扫描结果 | AhnLab-V3 | 2008.7.11.0 | 2008.07.11 | - | AntiVir | 7.8.0.64 | 2008.07.11 | TR/Agent.HYT.28672 | Authentium | 5.1.0.4 | 2008.07.11 | - | Avast | 4.8.1195.0 | 2008.07.12 | Win32:Trojan-gen {Other} | AVG | 7.5.0.516 | 2008.07.11 | Agent.YAD | BitDefender | 7.2 | 2008.07.12 | - | CAT-QuickHeal | 9.50 | 2008.07.11 | TrojanSpy.Small.buu | ClamAV | 0.93.1 | 2008.07.11 | - | DrWeb | 4.44.0.09170 | 2008.07.11 | - | eSafe | 7.0.17.0 | 2008.07.10 | - | eTrust-Vet | 31.6.5949 | 2008.07.12 | - | Ewido | 4.0 | 2008.07.11 | - | F-Prot | 4.4.4.56 | 2008.07.11 | - | F-Secure | 7.60.13501.0 | 2008.07.10 | - | Fortinet | 3.14.0.0 | 2008.07.11 | Spy/Small | GData | 2.0.7306.1023 | 2008.07.12 | Trojan-Spy.Win32.Small.buw | Ikarus | T3.1.1.26.0 | 2008.07.12 | Trojan-Spy.Win32.Small.buw | Kaspersky | 7.0.0.125 | 2008.07.12 | Trojan-Spy.Win32.Small.buw | McAfee | 5337 | 2008.07.11 | - | Microsoft | 1.3704 | 2008.07.12 | - | NOD32v2 | 3263 | 2008.07.11 | a variant of Win32/Agent.NXB | Norman | 5.80.02 | 2008.07.11 | - | Panda | 9.0.0.4 | 2008.07.11 | - | Prevx1 | V2 | 2008.07.12 | - | Rising | 20.52.42.00 | 2008.07.12 | - | Sophos | 4.31.0 | 2008.07.12 | Mal/Generic-A | Sunbelt | 3.1.1536.1 | 2008.07.12 | - | Symantec | 10 | 2008.07.12 | Trojan Horse | TheHacker | 6.2.96.376 | 2008.07.10 | - | TrendMicro | 8.700.0.1004 | 2008.07.11 | - | VBA32 | 3.12.6.9 | 2008.07.12 | Trojan-Spy.Win32.Small.buw | VirusBuster | 4.5.11.0 | 2008.07.11 | - | Webwasher-Gateway | 6.6.2 | 2008.07.11 | Trojan.Agent.HYT.28672 |
| 附加信息 | File size: 28672 bytes | MD5...: bbf01792d245277580c13cb2239e0c37 | SHA1..: b28273fa256fd563069321645767e92b27c4b8b5 | SHA256: ded46787c40017de0d3bb264b4abd7deb5c3723630d6b4713a4dc7074e505b4f | SHA512: 60edd10142117a971e033c7b472e67dcbfd9d70d96404a41379cd01e2793a96d<BR>fe8fd82010cc699c7fb5aa0bcc5ca85f27d6e82cd15d2bcfcb4a17e786253de3 | PEiD..: Armadillo v1.71 | PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x403d14<BR>timedatestamp.....: 0x4871d0f9 (Mon Jul 07 08:16:57 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2ed0 0x3000 6.35 f9f29de7875549ffbc5929b75f152164<BR>.rdata 0x4000 0x852 0x1000 3.09 48e56213fb46eadefa2e2ccec1efc7dc<BR>.data 0x5000 0xae4 0x1000 4.43 b9cc799b79926bd02fdfd153098ac557<BR>.rsrc 0x6000 0x368 0x1000 0.91 548250ee2f66116920763c7da1fc5f27<BR><BR>( 5 imports ) <BR>> urlmon.dll: URLDownloadToFileA<BR>> MFC42.DLL: -, -, -, -, -, -, -<BR>> MSVCRT.dll: __dllonexit, _onexit, _exit, atoi, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, _terminate@@YAXXZ, __set_app_type, _strcmpi, time, srand, rand, strncpy, fclose, isalnum, isspace, __CxxFrameHandler, sprintf, _except_handler3, strstr, atof, _ftol, floor, fopen, __p__fmode, fgets, _itoa, _XcptFilter, _controlfp<BR>> KERNEL32.dll: GetModuleHandleA, GetLastError, FormatMessageA, LocalFree, GetSystemDirectoryA, CreateProcessA, ResumeThread, GetPrivateProfileStringA, GetPrivateProfileIntA, GetWindowsDirectoryA, TerminateProcess, LoadLibraryA, Sleep, WaitForMultipleObjects, CreateThread, ExitProcess, GetSystemTime, GetProcAddress, GetStartupInfoA<BR>> USER32.dll: DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassExA, FindWindowA, SetTimer, PostQuitMessage, KillTimer, DefWindowProcA, GetCursorPos, GetSystemMetrics, GetWindowRect, GetClassNameA, FindWindowExA, PostMessageA, SetWindowPos, SendMessageTimeoutA, IsWindow<BR><BR>( 0 exports ) <BR> | 用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
endurer 最后编辑于 2008-07-12 11:38:05
|