Psychobyte | 13.07.2008 09:32 | Hier das Ergebnis der ersten Datei: Code:
Datei udG7Dl7w.exe empfangen 2008.07.13 10:19:14 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.11 TR/Crypt.ULPM.Gen
Authentium 5.1.0.4 2008.07.13 -
Avast 4.8.1195.0 2008.07.13 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.07.12 Generic10.BBXO
BitDefender 7.2 2008.07.13 -
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.13 -
DrWeb 4.44.0.09170 2008.07.12 -
eSafe 7.0.17.0 2008.07.10 Suspicious File
eTrust-Vet 31.6.5949 2008.07.12 -
Ewido 4.0 2008.07.12 -
F-Prot 4.4.4.56 2008.07.13 -
F-Secure 7.60.13501.0 2008.07.12 -
Fortinet 3.14.0.0 2008.07.13 -
GData 2.0.7306.1023 2008.07.13 Trojan-Downloader.Win32.Agent.vyy
Ikarus T3.1.1.26.0 2008.07.13 Trojan.Crypt.ULPM
Kaspersky 7.0.0.125 2008.07.13 Trojan-Downloader.Win32.Agent.vyy
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.13 -
NOD32v2 3263 2008.07.11 probably unknown NewHeur_PE virus
Norman 5.80.02 2008.07.11 -
Panda 9.0.0.4 2008.07.12 Suspicious file
Prevx1 V2 2008.07.13 Malicious Software
Rising 20.52.61.00 2008.07.13 -
Sophos 4.31.0 2008.07.13 Mal/HckPk-A
Sunbelt 3.1.1536.1 2008.07.12 -
Symantec 10 2008.07.13 -
TheHacker 6.2.96.378 2008.07.13 -
TrendMicro 8.700.0.1004 2008.07.11 PAK_Generic.001
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.12 -
Webwasher-Gateway 6.6.2 2008.07.11 Trojan.Crypt.ULPM.Gen
weitere Informationen
File size: 35842 bytes
MD5...: 864f0d4577cd999eaba97ecdb9eaf10e
SHA1..: 60fd8207303048309ad5ada2cf3a9f823cc07c82
SHA256: ec9e2589d4b6c58c600a61a2d0948db2e59108ad1a1f9399da811c72c7a8f80e
SHA512: 03c265e9434a77f06e3b5e34935a5ef63c7df466cc9db1d24cd9fed53fa17330<br>d48100ad66f7500f06ba8586c6455433bac8a3ef072e9fda49d9b144bca8e9b6
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4141f9<br>timedatestamp.....: 0x4877a369 (Fri Jul 11 18:16:09 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xc000 0x9000 0x8400 7.98 2b99c4cb98f3455ab2349ca9fa649b29<br>UPX2 0x15000 0x1000 0x400 2.73 af8114c7acc7de4abf32e98010e97503<br><br>( 9 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> NETAPI32.dll: NetScheduleJobAdd<br>> ole32.dll: CoInitialize<br>> OLEAUT32.dll: -<br>> SHELL32.dll: StrChrA<br>> SHLWAPI.dll: StrDupA<br>> USER32.dll: wsprintfA<br>> WININET.dll: InternetOpenA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=ED1D8D4E02FBC4108CC3006981F6B20011108E66
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.11 TR/Crypt.ULPM.Gen
Authentium 5.1.0.4 2008.07.13 -
Avast 4.8.1195.0 2008.07.13 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.07.12 Generic10.BBXO
BitDefender 7.2 2008.07.13 -
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.13 -
DrWeb 4.44.0.09170 2008.07.12 -
eSafe 7.0.17.0 2008.07.10 Suspicious File
eTrust-Vet 31.6.5949 2008.07.12 -
Ewido 4.0 2008.07.12 -
F-Prot 4.4.4.56 2008.07.13 -
F-Secure 7.60.13501.0 2008.07.12 -
Fortinet 3.14.0.0 2008.07.13 -
GData 2.0.7306.1023 2008.07.13 Trojan-Downloader.Win32.Agent.vyy
Ikarus T3.1.1.26.0 2008.07.13 Trojan.Crypt.ULPM
Kaspersky 7.0.0.125 2008.07.13 Trojan-Downloader.Win32.Agent.vyy
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.13 -
NOD32v2 3263 2008.07.11 probably unknown NewHeur_PE virus
Norman 5.80.02 2008.07.11 -
Panda 9.0.0.4 2008.07.12 Suspicious file
Prevx1 V2 2008.07.13 Malicious Software
Rising 20.52.61.00 2008.07.13 -
Sophos 4.31.0 2008.07.13 Mal/HckPk-A
Sunbelt 3.1.1536.1 2008.07.12 -
Symantec 10 2008.07.13 -
TheHacker 6.2.96.378 2008.07.13 -
TrendMicro 8.700.0.1004 2008.07.11 PAK_Generic.001
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.12 -
Webwasher-Gateway 6.6.2 2008.07.11 Trojan.Crypt.ULPM.Gen
weitere Informationen
File size: 35842 bytes
MD5...: 864f0d4577cd999eaba97ecdb9eaf10e
SHA1..: 60fd8207303048309ad5ada2cf3a9f823cc07c82
SHA256: ec9e2589d4b6c58c600a61a2d0948db2e59108ad1a1f9399da811c72c7a8f80e
SHA512: 03c265e9434a77f06e3b5e34935a5ef63c7df466cc9db1d24cd9fed53fa17330<br>d48100ad66f7500f06ba8586c6455433bac8a3ef072e9fda49d9b144bca8e9b6
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4141f9<br>timedatestamp.....: 0x4877a369 (Fri Jul 11 18:16:09 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0xc000 0x9000 0x8400 7.98 2b99c4cb98f3455ab2349ca9fa649b29<br>UPX2 0x15000 0x1000 0x400 2.73 af8114c7acc7de4abf32e98010e97503<br><br>( 9 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> NETAPI32.dll: NetScheduleJobAdd<br>> ole32.dll: CoInitialize<br>> OLEAUT32.dll: -<br>> SHELL32.dll: StrChrA<br>> SHLWAPI.dll: StrDupA<br>> USER32.dll: wsprintfA<br>> WININET.dll: InternetOpenA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=ED1D8D4E02FBC4108CC3006981F6B20011108E66 Und Nummer zwei: Code:
Datei npfirj.dll empfangen 2008.07.13 10:30:13 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.11 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.07.13 -
Avast 4.8.1195.0 2008.07.13 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.07.12 Vundo.U
BitDefender 7.2 2008.07.13 Trojan.Vundo.EWS
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.13 -
DrWeb 4.44.0.09170 2008.07.12 -
eSafe 7.0.17.0 2008.07.10 Suspicious File
eTrust-Vet 31.6.5949 2008.07.12 -
Ewido 4.0 2008.07.12 -
F-Prot 4.4.4.56 2008.07.13 W32/Virtumonde.AB.gen!Eldorado
F-Secure 7.60.13501.0 2008.07.12 -
Fortinet 3.14.0.0 2008.07.13 W32/Monderc!tr
GData 2.0.7306.1023 2008.07.13 Trojan.Win32.Monderc.gen
Ikarus T3.1.1.26.0 2008.07.13 Virus.Trojan.Win32.Monderc
Kaspersky 7.0.0.125 2008.07.13 Trojan.Win32.Monderc.gen
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.13 Trojan:Win32/Vundo.gen!R
NOD32v2 3263 2008.07.11 -
Norman 5.80.02 2008.07.11 Vundo.gen192
Panda 9.0.0.4 2008.07.12 -
Prevx1 V2 2008.07.13 Cloaked Malware
Rising 20.52.61.00 2008.07.13 -
Sophos 4.31.0 2008.07.13 Mal/Generic-A
Sunbelt 3.1.1536.1 2008.07.12 -
Symantec 10 2008.07.13 -
TheHacker 6.2.96.378 2008.07.13 -
TrendMicro 8.700.0.1004 2008.07.11 -
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.12 -
Webwasher-Gateway 6.6.2 2008.07.11 Trojan.Crypt.XPACK.Gen
weitere Informationen
File size: 103424 bytes
MD5...: 567ceb199ac8059c434f556731100189
SHA1..: f2650b46a3f8b85557d9d7f657496d7a76fbb875
SHA256: ee55b4261f078e3b6f2485beda9dac6907ba349384ced2324465c86c2382017d
SHA512: 6a465ee6ec8ab02f92a5ef7620bdad23cd8a888d738181a39c98b710b8ad57f6<br>0176f093b5992fb6dc48b06e4fc03df376132b361dd66a102b095b3fc4ac24e7
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x100358ff<br>timedatestamp.....: 0x8075c346L (invalid)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.text 0x35000 0x1077 0x1200 6.10 f3ec8e22c3678eae1fa78845da7f37bb<br>.rdata 0x37000 0x18000 0x17400 8.00 82e2e521af6bbd935c13fb302f8e1bdc<br>.idata 0x4f000 0x1000 0x600 3.88 b780b4d05514c5e2527148496316b702<br>.reloc 0x50000 0x1000 0x400 0.82 160039d78ed8a0cf9e2fc0d3cc6bc8a8<br><br>( 4 imports ) <br>> kernel32.dll: HeapCreate, PulseEvent, HeapUnlock, GetEnvironmentVariableW, GetProcessHeaps, ExpandEnvironmentStringsA, CompareStringW, ReleaseMutex, InterlockedExchangeAdd, lstrlen, GetModuleHandleA<br>> gdi32.dll: Polyline, CreateBitmap, GdiConvertBrush, CreateEllipticRgnIndirect, CreateRoundRectRgn, EnumFontsA, RestoreDC<br>> comdlg32.dll: WantArrows, FindTextA, PrintDlgExA, ChooseColorA, GetSaveFileNameA, dwLBSubclass, LoadAlterBitmap, GetFileTitleA, CommDlgExtendedError, ReplaceTextA, Ssync_ANSI_UNICODE_Struct_For_WOW, PageSetupDlgA, ChooseFontA, PrintDlgA<br>> shell32.dll: StrStrA, ExtractIconEx, CommandLineToArgvW, StrCmpNW, DragQueryPoint, StrNCmpIW, StrCmpNIA, StrStrIW, StrCmpNA, StrStrW, SHChangeNotify, StrChrIA, ExtractIconA, InternalExtractIconListA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=8AEFB44F00329F1B94ED013B3C2E07001874F159
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.11 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.07.13 -
Avast 4.8.1195.0 2008.07.13 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.07.12 Vundo.U
BitDefender 7.2 2008.07.13 Trojan.Vundo.EWS
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.13 -
DrWeb 4.44.0.09170 2008.07.12 -
eSafe 7.0.17.0 2008.07.10 Suspicious File
eTrust-Vet 31.6.5949 2008.07.12 -
Ewido 4.0 2008.07.12 -
F-Prot 4.4.4.56 2008.07.13 W32/Virtumonde.AB.gen!Eldorado
F-Secure 7.60.13501.0 2008.07.12 -
Fortinet 3.14.0.0 2008.07.13 W32/Monderc!tr
GData 2.0.7306.1023 2008.07.13 Trojan.Win32.Monderc.gen
Ikarus T3.1.1.26.0 2008.07.13 Virus.Trojan.Win32.Monderc
Kaspersky 7.0.0.125 2008.07.13 Trojan.Win32.Monderc.gen
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.13 Trojan:Win32/Vundo.gen!R
NOD32v2 3263 2008.07.11 -
Norman 5.80.02 2008.07.11 Vundo.gen192
Panda 9.0.0.4 2008.07.12 -
Prevx1 V2 2008.07.13 Cloaked Malware
Rising 20.52.61.00 2008.07.13 -
Sophos 4.31.0 2008.07.13 Mal/Generic-A
Sunbelt 3.1.1536.1 2008.07.12 -
Symantec 10 2008.07.13 -
TheHacker 6.2.96.378 2008.07.13 -
TrendMicro 8.700.0.1004 2008.07.11 -
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.12 -
Webwasher-Gateway 6.6.2 2008.07.11 Trojan.Crypt.XPACK.Gen
weitere Informationen
File size: 103424 bytes
MD5...: 567ceb199ac8059c434f556731100189
SHA1..: f2650b46a3f8b85557d9d7f657496d7a76fbb875
SHA256: ee55b4261f078e3b6f2485beda9dac6907ba349384ced2324465c86c2382017d
SHA512: 6a465ee6ec8ab02f92a5ef7620bdad23cd8a888d738181a39c98b710b8ad57f6<br>0176f093b5992fb6dc48b06e4fc03df376132b361dd66a102b095b3fc4ac24e7
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x100358ff<br>timedatestamp.....: 0x8075c346L (invalid)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.data 0x1000 0x34000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>.text 0x35000 0x1077 0x1200 6.10 f3ec8e22c3678eae1fa78845da7f37bb<br>.rdata 0x37000 0x18000 0x17400 8.00 82e2e521af6bbd935c13fb302f8e1bdc<br>.idata 0x4f000 0x1000 0x600 3.88 b780b4d05514c5e2527148496316b702<br>.reloc 0x50000 0x1000 0x400 0.82 160039d78ed8a0cf9e2fc0d3cc6bc8a8<br><br>( 4 imports ) <br>> kernel32.dll: HeapCreate, PulseEvent, HeapUnlock, GetEnvironmentVariableW, GetProcessHeaps, ExpandEnvironmentStringsA, CompareStringW, ReleaseMutex, InterlockedExchangeAdd, lstrlen, GetModuleHandleA<br>> gdi32.dll: Polyline, CreateBitmap, GdiConvertBrush, CreateEllipticRgnIndirect, CreateRoundRectRgn, EnumFontsA, RestoreDC<br>> comdlg32.dll: WantArrows, FindTextA, PrintDlgExA, ChooseColorA, GetSaveFileNameA, dwLBSubclass, LoadAlterBitmap, GetFileTitleA, CommDlgExtendedError, ReplaceTextA, Ssync_ANSI_UNICODE_Struct_For_WOW, PageSetupDlgA, ChooseFontA, PrintDlgA<br>> shell32.dll: StrStrA, ExtractIconEx, CommandLineToArgvW, StrCmpNW, DragQueryPoint, StrNCmpIW, StrCmpNIA, StrStrIW, StrCmpNA, StrStrW, SHChangeNotify, StrChrIA, ExtractIconA, InternalExtractIconListA<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=8AEFB44F00329F1B94ED013B3C2E07001874F159 Das waren ja schon mal Treffer, danke! -Warte auf weitere Anweisungen. |