Keylogger also ich habe lediglich nach avanger den PC neustarten lassen ... dannach hab ich nichts mehr gemacht
scanne gerade die dateien ... dauert noch nen weilchen
Code:
Alles auswählen Aufklappen ATTFilter
vffilter.sys
Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.30.1 2008.10.31 - AntiVir 7.9.0.10 2008.10.31 - Authentium 5.1.0.4 2008.10.31 - Avast 4.8.1248.0 2008.10.30 - AVG 8.0.0.161 2008.10.30 - BitDefender 7.2 2008.10.31 - CAT-QuickHeal 9.50 2008.10.31 - ClamAV 0.93.1 2008.10.31 - DrWeb 4.44.0.09170 2008.10.31 - eSafe 7.0.17.0 2008.10.30 - eTrust-Vet 31.6.6184 2008.10.31 - Ewido 4.0 2008.10.30 - F-Prot 4.4.4.56 2008.10.30 - F-Secure 8.0.14332.0 2008.10.31 - Fortinet 3.117.0.0 2008.10.31 - GData 19 2008.10.31 - Ikarus T3.1.1.44.0 2008.10.31 - K7AntiVirus 7.10.512 2008.10.30 - Kaspersky 7.0.0.125 2008.10.31 - McAfee 5419 2008.10.31 - Microsoft 1.4005 2008.10.31 - NOD32 3571 2008.10.30 - Norman 5.80.02 2008.10.30 - Panda 9.0.0.4 2008.10.30 - PCTools 4.4.2.0 2008.10.30 - Prevx1 V2 2008.10.31 - Rising 21.01.42.00 2008.10.31 - SecureWeb-Gateway 6.7.6 2008.10.31 - Sophos 4.35.0 2008.10.31 - Sunbelt 3.1.1767.2 2008.10.31 - Symantec 10 2008.10.31 - TheHacker 6.3.1.1.135 2008.10.31 - TrendMicro 8.700.0.1004 2008.10.31 - VBA32 3.12.8.9 2008.10.30 - ViRobot 2008.10.31.1446 2008.10.31 - VirusBuster 4.5.11.0 2008.10.30 -
weitere Informationen
File size: 15496 bytes
MD5...: a133d96958e9d155cd638a3cb4eddfea
SHA1..: 26ef08e66e5e501e402ac83ad790bd6fa72c247a
SHA256: 5bb52fc1d2c7381e6e7f84e32673ac11648ec6492a93e8f9e5a458a9c71d4506
SHA512: 3490f0d32a2e70bdc058e238a4371da8574922bde92648ccd6e73d709eb737cb
01341fab0d2894a71f8ae4bbab722e25b63764a31ee30e1c612733d93a359fae
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1244a
timedatestamp.....: 0x4701e8ad (Tue Oct 02 06:43:57 2007)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xac4 0xb00 5.74 cf9b15e3e50518402c00b2f216ee3d4b
.rdata 0xf80 0x1e6 0x200 3.79 f8f84ea85f8aa0e09fe90c61112ada03
.data 0x1180 0x1048 0x1080 0.02 ffff936550ccfeca0905c4cb85800370
INIT 0x2200 0x63c 0x680 5.55 b140668c9249eca8b19f97c7ac6dde6c
.reloc 0x2880 0x102 0x180 4.29 c239a6303cea4b6eeabedc8ebde6e5a1
( 3 imports )
> ntoskrnl.exe: KeBugCheckEx, KeTickCount, KeInitializeSpinLock, IoGetCurrentProcess, IoThreadToProcess, ExFreePoolWithTag, ExAllocatePoolWithTag, DbgPrint, RtlInitUnicodeString
> HAL.dll: KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock
> FLTMGR.SYS: FltStartFiltering, FltCloseClientPort, FltGetStreamHandleContext, FltIsDirectory, FltCancelFileOpen, FltAllocateContext, FltSetStreamHandleContext, FltReleaseContext, FltGetFileNameInformation, FltParseFileNameInformation, FltSendMessage, FltReleaseFileNameInformation, FltRegisterFilter, FltUnregisterFilter, FltCloseCommunicationPort, FltFreeSecurityDescriptor, FltCreateCommunicationPort, FltBuildDefaultSecurityDescriptor
( 0 exports )
Code:
Alles auswählen Aufklappen ATTFilter
ac3DX.ax
Antivirus Version letzte aktualisierung Ergebnis AhnLab-V3 2008.10.30.1 2008.10.31 - AntiVir 7.9.0.10 2008.10.31 - Authentium 5.1.0.4 2008.10.31 - Avast 4.8.1248.0 2008.10.30 - AVG 8.0.0.161 2008.10.30 - BitDefender 7.2 2008.10.31 - CAT-QuickHeal 9.50 2008.10.31 - ClamAV 0.93.1 2008.10.31 - DrWeb 4.44.0.09170 2008.10.31 - eSafe 7.0.17.0 2008.10.30 Suspicious File eTrust-Vet 31.6.6184 2008.10.31 - Ewido 4.0 2008.10.29 - F-Prot 4.4.4.56 2008.10.30 - F-Secure 8.0.14332.0 2008.10.31 - Fortinet 3.117.0.0 2008.10.31 - GData 19 2008.10.31 - Ikarus T3.1.1.44.0 2008.10.31 - K7AntiVirus 7.10.512 2008.10.30 - Kaspersky 7.0.0.125 2008.10.31 - McAfee 5419 2008.10.31 - Microsoft 1.4005 2008.10.31 - NOD32 3571 2008.10.30 - Norman 5.80.02 2008.10.30 - Panda 9.0.0.4 2008.10.30 - PCTools 4.4.2.0 2008.10.30 - Prevx1 V2 2008.10.31 - Rising 21.01.42.00 2008.10.31 - SecureWeb-Gateway 6.7.6 2008.10.31 - Sophos 4.35.0 2008.10.31 - Sunbelt 3.1.1767.2 2008.10.31 - Symantec 10 2008.10.31 - TheHacker 6.3.1.1.135 2008.10.31 - TrendMicro 8.700.0.1004 2008.10.31 - VBA32 3.12.8.9 2008.10.30 - ViRobot 2008.10.31.1446 2008.10.31 - VirusBuster 4.5.11.0 2008.10.30 -
weitere Informationen
File size: 227328 bytes
MD5...: 82b0b872a489541980f3334a6330399f
SHA1..: 920427f98248806f692ebb4d5cb554be315df745
SHA256: 80ab17837ecfea83e251f63983fcdc46f5f1b8642b228b1bd026fd18e6c49071
SHA512: 1dd431ca1f227b7137cc9177bdb4e52a09a7018c487b703271eee67b9985652e
69254ceb3bff58c19f42f828215c0c40f7367da20c9b65c48057209d9c93cca6
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10081960
timedatestamp.....: 0x44d92e8c (Wed Aug 09 00:38:36 2006)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x4b000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x4c000 0x36000 0x35c00 7.88 a0058baacff67ff0bc78e807f8c2607d
.rsrc 0x82000 0x2000 0x1800 4.44 aa0bc3f2b7e94dd0432960e25a56f4e4
( 9 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: -
> GDI32.dll: GetObjectA
> MSVCRT.dll: _iob
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: ShellExecuteA
> USER32.dll: SetTimer
( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, config
packers (Kaspersky): UPX
packers (F-Prot): UPX
Code:
Alles auswählen Aufklappen ATTFilter
nbDX.dll
Antivirus Version letzte aktualisierung Ergebnis eSafe 7.0.17.0 2008.10.30 Suspicious File Panda 9.0.0.4 2008.10.30 Suspicious file
weitere Informationen
File size: 216064 bytes
MD5...: e4b6b932b6e5ce386627ceea2a0a0f4c
SHA1..: b9bcaae7bb27161148e1301fc8d8cd3f568c6e22
SHA256: a0f6231d8f48d8579be4275b95425f80cc5f703730f5f5e9f5b8748a813282f6
SHA512: 409041941ced441b97033d035ae7fb800eccbbc0de962e8114a4bfa040b8d295
30d294f5aa51a55910314b94110ee7b36586fda7e155f7cea23c1f44880997d4
PEiD..: PECompact 2.xx --> BitSum Technologies
TrID..: File type identification
Win32 EXE PECompact compressed (v2.x) (48.9%)
Win32 EXE PECompact compressed (generic) (34.4%)
Win32 Executable Generic (7.0%)
Win32 Dynamic Link Library (generic) (6.2%)
Generic Win/DOS Executable (1.6%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000e540
timedatestamp.....: 0x47dd210d (Sun Mar 16 13:30:53 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xab000 0x32e00 8.00 ca6fa635de272e225cfc131d9fe20052
.rsrc 0xac000 0x2000 0x1800 6.86 446ef74531ed3e33f7b3852a7184e670
.reloc 0xae000 0x1000 0x200 0.22 8c0a50c2ebb734c97d87d426da67930d
( 8 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree
> USER32.dll: GrayStringW
> GDI32.dll: ScaleWindowExtEx
> WINSPOOL.DRV: ClosePrinter
> ADVAPI32.dll: RegCreateKeyW
> SHLWAPI.dll: PathFindFileNameW
> ole32.dll: CoTaskMemFree
> OLEAUT32.dll: -
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact
packers (F-Prot): PecBundle, PECompact
Code:
Alles auswählen Aufklappen ATTFilter
AVCDX.ax
Antivirus Version letzte aktualisierung Ergebnis eSafe 7.0.17.0 2008.10.30 Suspicious File
weitere Informationen
File size: 123904 bytes
MD5...: 84957d0ce4ff261b0081679eb9c0c006
SHA1..: cb1b228a30ea8b08900375d318e76554c2f95863
SHA256: 5dcc6c3146e436dc8cf8347ca132ac941850fe5fa496934a887094649ea990ab
SHA512: a697bdfafba4f956daff993b39ece1bdd6d9e5bc811c2aeb3695dd8972e08628
aed1a90abc24b9f18170eac6f3cc1be7dd8f9a8c2fbd985a5322560bcefbbace
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x100604b0
timedatestamp.....: 0x43c6e4ed (Thu Jan 12 23:23:25 2006)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x42000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x43000 0x1e000 0x1d800 7.91 8f36f42fbbcce2d68fcd2b8c9f904478
.rsrc 0x61000 0x1000 0x800 3.88 73a0aaf25de757acbd0674f14766ed4f
( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect
> ADVAPI32.dll: RegCloseKey
> ole32.dll: CoInitialize
> USER32.dll: SetRect
> VERSION.dll: VerQueryValueA
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
Code:
Alles auswählen Aufklappen ATTFilter
Profiler_update.exe
Antivirus Version letzte aktualisierung Ergebnis Panda 9.0.0.4 2008.10.30 Suspicious file
weitere Informationen
File size: 1067520 bytes
MD5...: 0a7e2542f420a0799cbef813b8c26f02
SHA1..: 44c3435b6cf0769244509ca1ded01e4b1c2ac294
SHA256: fdbc51445354872874c7d000948af864ab5f25f4adcf7b44d33065a04b9489f9
SHA512: 793f48314f6fd0fb7b118a4f88df0df89009cd2594a854dac20d75b45c11c185
6d9b5ca824f542f252a2b485772663291676f426dfe4754215ca7da3231ed614
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x45e7fd
timedatestamp.....: 0x48132562 (Sat Apr 26 12:51:46 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xc3452 0xc3600 6.46 7c6eecacb51cd302d5b8ca970f0b3747
.rdata 0xc5000 0x2cb47 0x2cc00 4.83 7de376061c54c3bd31ff4ee10ea5065c
.data 0xf2000 0x9818 0x5200 4.41 ed39f0bc7b61bd581e849f85736f25e1
.rsrc 0xfc000 0xf0dc 0xf200 6.53 70261d53ad72e193b5f6f44a41a0501f
( 13 imports )
> KERNEL32.dll: TlsFree, GlobalFlags, SetErrorMode, GetFileAttributesW, GetFileSizeEx, GetTickCount, GetStartupInfoW, HeapFree, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, GetSystemTimeAsFileTime, HeapAlloc, RaiseException, RtlUnwind, HeapReAlloc, ExitThread, CreateThread, HeapSize, SetStdHandle, GetFileType, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetStartupInfoA, HeapCreate, VirtualFree, QueryPerformanceCounter, GetConsoleCP, GetConsoleMode, GetCPInfo, LocalReAlloc, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, GetTimeFormatA, GetDateFormatA, GetTimeZoneInformation, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStringTypeA, GetStringTypeW, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LCMapStringA, LCMapStringW, GetProcessHeap, SetEnvironmentVariableA, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, InterlockedIncrement, LocalAlloc, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, FileTimeToLocalFileTime, FileTimeToSystemTime, CreateFileW, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, ReadFile, GetThreadLocale, GetModuleHandleA, InterlockedDecrement, GetCurrentProcessId, WaitForSingleObject, ResumeThread, SetThreadPriority, InterlockedCompareExchange, RemoveDirectoryA, DeleteFileA, MoveFileA, FindFirstFileA, FindNextFileA, CreateMutexA, CreateSemaphoreA, ReleaseMutex, WritePrivateProfileStringW, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesW, GetModuleFileNameW, lstrcmpA, GetLocaleInfoW, CompareStringA, InterlockedExchange, GetCurrentThreadId, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, ReleaseSemaphore, SleepEx, FormatMessageA, OutputDebugStringA, GetVersionExW, FreeLibrary, CompareStringW, LoadLibraryA, lstrcmpW, GetModuleHandleW, GetVersionExA, FreeResource, WideCharToMultiByte, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageW, LocalFree, lstrlenW, MulDiv, GetEnvironmentVariableW, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, GetFileTime, CreateDirectoryA, WriteFile, CreateFileA, lstrcatA, lstrcmpiA, lstrlenA, GetFileAttributesA, lstrcpyA, Sleep, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, lstrcpynW, CreateMutexW, CreateProcessW, GetLastError, CloseHandle, OpenProcess, GetProcAddress, LoadLibraryW, MultiByteToWideChar, FindResourceW, LoadResource, LockResource, GetACP, SizeofResource
> USER32.dll: MessageBeep, GetNextDlgGroupItem, InvalidateRgn, SetRect, IsRectEmpty, CopyAcceleratorTableW, CharNextW, ReleaseCapture, SetCapture, LoadCursorW, GetSysColorBrush, CharUpperW, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, InvalidateRect, DrawFocusRect, FillRect, SetCursor, GetMessageW, ValidateRect, DestroyMenu, ReleaseDC, GetDC, SetWindowContextHelpId, MapDialogRect, PostQuitMessage, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, ModifyMenuW, EnableMenuItem, CheckMenuItem, MoveWindow, SetWindowTextW, IsDialogMessageW, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, CallNextHookEx, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, GetFocus, GetForegroundWindow, GetLastActivePopup, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, TrackPopupMenu, GetKeyState, SetMenu, IsWindowVisible, UpdateWindow, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, GetSysColor, AdjustWindowRectEx, UnregisterClassW, RegisterClipboardFormatW, EqualRect, PostThreadMessageW, ShowWindow, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcW, CallWindowProcW, GetMenu, SetWindowLongW, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindowTextLengthW, GetWindowTextW, GetWindow, SetFocus, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamW, DestroyWindow, IsWindow, GetWindowLongW, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, GetMenuState, GetMenuItemID, GetMenuItemCount, MessageBoxW, PostMessageW, GetSubMenu, GetCursorPos, SetForegroundWindow, DispatchMessageW, TranslateMessage, PeekMessageW, DrawIcon, GetClientRect, GetSystemMetrics, IsIconic, LoadMenuW, SetTimer, AppendMenuW, GetSystemMenu, LoadIconW, GetWindowThreadProcessId, SendMessageW, EnableWindow, SetWindowsHookExW
> GDI32.dll: ExtSelectClipRgn, DeleteDC, GetStockObject, CreateSolidBrush, GetBkColor, GetTextColor, GetRgnBox, GetMapMode, SetWindowExtEx, ScaleWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, TextOutW, RectVisible, PtVisible, GetWindowExtEx, GetDeviceCaps, SetMapMode, RestoreDC, SaveDC, SelectObject, DeleteObject, GetTextMetricsW, ExtTextOutW, BitBlt, CreateCompatibleDC, CreateRectRgnIndirect, CreateBitmap, GetObjectW, SetBkColor, SetTextColor, GetClipBox, GetViewportExtEx
> COMDLG32.dll: GetFileTitleW
> WINSPOOL.DRV: ClosePrinter, OpenPrinterW, DocumentPropertiesW
> ADVAPI32.dll: RegQueryValueW, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCloseKey, RegOpenKeyExW, RegCreateKeyExW
> SHELL32.dll: SHGetPathFromIDListW, SHGetMalloc, Shell_NotifyIconW, ShellExecuteW, SHBrowseForFolderW
> COMCTL32.dll: InitCommonControlsEx
> SHLWAPI.dll: PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathFindExtensionW
> oledlg.dll: OleUIBusyW
> ole32.dll: CreateILockBytesOnHGlobal, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, CLSIDFromString, CLSIDFromProgID, StgCreateDocfileOnILockBytes, CoTaskMemAlloc, CoTaskMemFree, CoRegisterMessageFilter, StgOpenStorageOnILockBytes, CoGetClassObject, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> WININET.dll: InternetReadFile, InternetConnectA, HttpOpenRequestA, HttpAddRequestHeadersA, InternetSetOptionA, HttpSendRequestA, HttpQueryInfoA, InternetReadFileExA, InternetCrackUrlA, HttpOpenRequestW, InternetConnectW, InternetQueryDataAvailable, HttpAddRequestHeadersW, HttpQueryInfoW, InternetCloseHandle, InternetGetLastResponseInfoW, InternetOpenW, InternetSetStatusCallbackW, InternetSetFilePointer, InternetWriteFile, InternetOpenA, HttpSendRequestW
( 10 exports )
xmlrpc_XmlGetUtf16InternalEncoding, xmlrpc_XmlGetUtf8InternalEncoding, xmlrpc_XmlInitEncoding, xmlrpc_XmlInitUnknownEncoding, xmlrpc_XmlParseXmlDecl, xmlrpc_XmlPrologStateInit, xmlrpc_XmlPrologStateInitExternalEntity, xmlrpc_XmlSizeOfUnknownEncoding, xmlrpc_XmlUtf16Encode, xmlrpc_XmlUtf8Encode
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=0a7e2542f420a0799cbef813b8c26f02
Code:
Alles auswählen Aufklappen ATTFilter
flvDX.dll
Antivirus Version letzte aktualisierung Ergebnis eSafe 7.0.17.0 2008.10.30 Suspicious File
weitere Informationen
File size: 163328 bytes
MD5...: 8453687a045c926f0291301ebaf50370
SHA1..: 8d756345c945b75ef63314fa8992f1b582067ff3
SHA256: 151afe783864d2fcbe6f954d1aef0cb1a157ae41848e2f0478217cddaad61967
SHA512: 4500220ad0ec796d5c14140788a68397508b5606e019b5849d7bb6a5cb76c358
c15193748f52cc70528567541bf0e7dfd249b778af15396a199ae420e341efaf
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (52.5%)
UPX compressed Win32 Executable (18.7%)
Win32 EXE Yoda's Crypter (16.3%)
Win32 Executable Generic (5.2%)
Win32 Dynamic Link Library (generic) (4.6%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1006bf60
timedatestamp.....: 0x445872ae (Wed May 03 09:06:54 2006)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x44000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x45000 0x28000 0x27200 7.92 8c71ecde07c563755798b56de82cfa8b
.rsrc 0x6d000 0x1000 0x800 3.27 ea079b662ca468ac3b84ac5ae3533871
( 9 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect
> ADVAPI32.dll: RegEnumKeyW
> comdlg32.dll: GetFileTitleW
> GDI32.dll: SaveDC
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHLWAPI.dll: PathIsUNCW
> USER32.dll: GetDC
> WINSPOOL.DRV: ClosePrinter
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=8453687a045c926f0291301ebaf50370
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
spzv.sys nicht gefunden ...
Geändert von Sep_Michi (31.10.2008 um 12:04 Uhr)
31.10.2008, 11:23
Linear-Darstellung
