Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Keylogger (https://www.trojaner-board.de/63247-keylogger.html)

undoreal 31.10.2008 11:23

Dateien Online überprüfen lassen:


* Lasse dir auch die versteckten Dateien anzeigen!

* Suche die Seite Virtustotal auf. Kopiere folgenden Dateipfad per copy and paste in das Eingabefeld neben dem "Durchsuchen"-Button. Klicke danach auf "Senden der Datei"!

* Alternativ kannst du dir die Datei natürlich auch über den "Durchsuchen"-Button selbst heraussuchen.

Zitat:
C:\WINDOWS\System32\Drivers\aenvxh8g.SYS
C:\WINDOWS\system32\drivers\vffilter.sys
C:\WINDOWS\system32\ac3DX.ax
C:\WINDOWS\system32\nbDX.dll
C:\WINDOWS\system32\AVCDX.ax
C:\Dokumente und Einstellungen\Administrator\Profiler_update.exe
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\msfDX.dll
C:\WINDOWS\system32\nbDX.dll
Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Sollte die Datei bereits analysiert worden sein so lasse sie unbedingt trotzdem nocheinmal analysieren!
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Und suche bitte wie in meiner Signatur beschrieben wird nach folgender Datei: spzv.sys Wenn du sie findest bitte ebenfalls hochladen.

PS: Deinstalliere mal unbedingt diesen PC-Tools Spyware Fighter Quatsch!

Sep_Michi 31.10.2008 11:37
http://img3.imagebanana.com/img/48j9...htgefunden.JPG

nichts :(

undoreal 31.10.2008 11:39
Hab' grade noch was dazueditiert.. ;)

Hm. Was wir mit dem Treiber anfangen sollen weiss ich im Moment auch nicht. Du hast zwischen dem gmer Scan und dem Versuch die Datei hochzuladen keinen Neustart durchgeführt oder? Einige Schädlinge wechseln nämlich beim Systemstart ihre Namen..

Sep_Michi 31.10.2008 11:44
also ich habe lediglich nach avanger den PC neustarten lassen ... dannach hab ich nichts mehr gemacht

scanne gerade die dateien ... dauert noch nen weilchen ;)

Code:
vffilter.sys

Antivirus  Version  letzte aktualisierung  Ergebnis
AhnLab-V32008.10.30.12008.10.31-
AntiVir7.9.0.102008.10.31-
Authentium5.1.0.42008.10.31-
Avast4.8.1248.02008.10.30-
AVG8.0.0.1612008.10.30-
BitDefender7.22008.10.31-
CAT-QuickHeal9.502008.10.31-
ClamAV0.93.12008.10.31-
DrWeb4.44.0.091702008.10.31-
eSafe7.0.17.02008.10.30-
eTrust-Vet31.6.61842008.10.31-
Ewido4.02008.10.30-
F-Prot4.4.4.562008.10.30-
F-Secure8.0.14332.02008.10.31-
Fortinet3.117.0.02008.10.31-
GData192008.10.31-
IkarusT3.1.1.44.02008.10.31-
K7AntiVirus7.10.5122008.10.30-
Kaspersky7.0.0.1252008.10.31-
McAfee54192008.10.31-
Microsoft1.40052008.10.31-
NOD3235712008.10.30-
Norman5.80.022008.10.30-
Panda9.0.0.42008.10.30-
PCTools4.4.2.02008.10.30-
Prevx1V22008.10.31-
Rising21.01.42.002008.10.31-
SecureWeb-Gateway6.7.62008.10.31-
Sophos4.35.02008.10.31-
Sunbelt3.1.1767.22008.10.31-
Symantec102008.10.31-
TheHacker6.3.1.1.1352008.10.31-
TrendMicro8.700.0.10042008.10.31-
VBA323.12.8.92008.10.30-
ViRobot2008.10.31.14462008.10.31-
VirusBuster4.5.11.02008.10.30-

weitere Informationen
File size: 15496 bytes
MD5...: a133d96958e9d155cd638a3cb4eddfea
SHA1..: 26ef08e66e5e501e402ac83ad790bd6fa72c247a
SHA256: 5bb52fc1d2c7381e6e7f84e32673ac11648ec6492a93e8f9e5a458a9c71d4506
SHA512: 3490f0d32a2e70bdc058e238a4371da8574922bde92648ccd6e73d709eb737cb
01341fab0d2894a71f8ae4bbab722e25b63764a31ee30e1c612733d93a359fae
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (58.4%)
Clipper DOS Executable (13.8%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.7%)
VXD Driver (0.2%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1244a
timedatestamp.....: 0x4701e8ad (Tue Oct 02 06:43:57 2007)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0xac4 0xb00 5.74 cf9b15e3e50518402c00b2f216ee3d4b
.rdata 0xf80 0x1e6 0x200 3.79 f8f84ea85f8aa0e09fe90c61112ada03
.data 0x1180 0x1048 0x1080 0.02 ffff936550ccfeca0905c4cb85800370
INIT 0x2200 0x63c 0x680 5.55 b140668c9249eca8b19f97c7ac6dde6c
.reloc 0x2880 0x102 0x180 4.29 c239a6303cea4b6eeabedc8ebde6e5a1

( 3 imports )
> ntoskrnl.exe: KeBugCheckEx, KeTickCount, KeInitializeSpinLock, IoGetCurrentProcess, IoThreadToProcess, ExFreePoolWithTag, ExAllocatePoolWithTag, DbgPrint, RtlInitUnicodeString
> HAL.dll: KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock
> FLTMGR.SYS: FltStartFiltering, FltCloseClientPort, FltGetStreamHandleContext, FltIsDirectory, FltCancelFileOpen, FltAllocateContext, FltSetStreamHandleContext, FltReleaseContext, FltGetFileNameInformation, FltParseFileNameInformation, FltSendMessage, FltReleaseFileNameInformation, FltRegisterFilter, FltUnregisterFilter, FltCloseCommunicationPort, FltFreeSecurityDescriptor, FltCreateCommunicationPort, FltBuildDefaultSecurityDescriptor

( 0 exports )
Code:
ac3DX.ax

Antivirus  Version  letzte aktualisierung  Ergebnis
AhnLab-V32008.10.30.12008.10.31-
AntiVir7.9.0.102008.10.31-
Authentium5.1.0.42008.10.31-
Avast4.8.1248.02008.10.30-
AVG8.0.0.1612008.10.30-
BitDefender7.22008.10.31-
CAT-QuickHeal9.502008.10.31-
ClamAV0.93.12008.10.31-
DrWeb4.44.0.091702008.10.31-
eSafe7.0.17.02008.10.30Suspicious File
eTrust-Vet31.6.61842008.10.31-
Ewido4.02008.10.29-
F-Prot4.4.4.562008.10.30-
F-Secure8.0.14332.02008.10.31-
Fortinet3.117.0.02008.10.31-
GData192008.10.31-
IkarusT3.1.1.44.02008.10.31-
K7AntiVirus7.10.5122008.10.30-
Kaspersky7.0.0.1252008.10.31-
McAfee54192008.10.31-
Microsoft1.40052008.10.31-
NOD3235712008.10.30-
Norman5.80.022008.10.30-
Panda9.0.0.42008.10.30-
PCTools4.4.2.02008.10.30-
Prevx1V22008.10.31-
Rising21.01.42.002008.10.31-
SecureWeb-Gateway6.7.62008.10.31-
Sophos4.35.02008.10.31-
Sunbelt3.1.1767.22008.10.31-
Symantec102008.10.31-
TheHacker6.3.1.1.1352008.10.31-
TrendMicro8.700.0.10042008.10.31-
VBA323.12.8.92008.10.30-
ViRobot2008.10.31.14462008.10.31-
VirusBuster4.5.11.02008.10.30-

weitere Informationen
File size: 227328 bytes
MD5...: 82b0b872a489541980f3334a6330399f
SHA1..: 920427f98248806f692ebb4d5cb554be315df745
SHA256: 80ab17837ecfea83e251f63983fcdc46f5f1b8642b228b1bd026fd18e6c49071
SHA512: 1dd431ca1f227b7137cc9177bdb4e52a09a7018c487b703271eee67b9985652e
69254ceb3bff58c19f42f828215c0c40f7367da20c9b65c48057209d9c93cca6
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10081960
timedatestamp.....: 0x44d92e8c (Wed Aug 09 00:38:36 2006)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x4b000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x4c000 0x36000 0x35c00 7.88 a0058baacff67ff0bc78e807f8c2607d
.rsrc 0x82000 0x2000 0x1800 4.44 aa0bc3f2b7e94dd0432960e25a56f4e4

( 9 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: -
> GDI32.dll: GetObjectA
> MSVCRT.dll: _iob
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: ShellExecuteA
> USER32.dll: SetTimer

( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, config
packers (Kaspersky): UPX
packers (F-Prot): UPX
Code:
nbDX.dll

Antivirus  Version  letzte aktualisierung  Ergebnis
eSafe7.0.17.02008.10.30Suspicious File
Panda9.0.0.42008.10.30Suspicious file

weitere Informationen
File size: 216064 bytes
MD5...: e4b6b932b6e5ce386627ceea2a0a0f4c
SHA1..: b9bcaae7bb27161148e1301fc8d8cd3f568c6e22
SHA256: a0f6231d8f48d8579be4275b95425f80cc5f703730f5f5e9f5b8748a813282f6
SHA512: 409041941ced441b97033d035ae7fb800eccbbc0de962e8114a4bfa040b8d295
30d294f5aa51a55910314b94110ee7b36586fda7e155f7cea23c1f44880997d4
PEiD..: PECompact 2.xx --> BitSum Technologies
TrID..: File type identification
Win32 EXE PECompact compressed (v2.x) (48.9%)
Win32 EXE PECompact compressed (generic) (34.4%)
Win32 Executable Generic (7.0%)
Win32 Dynamic Link Library (generic) (6.2%)
Generic Win/DOS Executable (1.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000e540
timedatestamp.....: 0x47dd210d (Sun Mar 16 13:30:53 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xab000 0x32e00 8.00 ca6fa635de272e225cfc131d9fe20052
.rsrc 0xac000 0x2000 0x1800 6.86 446ef74531ed3e33f7b3852a7184e670
.reloc 0xae000 0x1000 0x200 0.22 8c0a50c2ebb734c97d87d426da67930d

( 8 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree
> USER32.dll: GrayStringW
> GDI32.dll: ScaleWindowExtEx
> WINSPOOL.DRV: ClosePrinter
> ADVAPI32.dll: RegCreateKeyW
> SHLWAPI.dll: PathFindFileNameW
> ole32.dll: CoTaskMemFree
> OLEAUT32.dll: -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
packers (Kaspersky): PE_Patch.PECompact, PecBundle, PECompact
packers (F-Prot): PecBundle, PECompact

Code:
AVCDX.ax

Antivirus  Version  letzte aktualisierung  Ergebnis
eSafe7.0.17.02008.10.30Suspicious File

weitere Informationen
File size: 123904 bytes
MD5...: 84957d0ce4ff261b0081679eb9c0c006
SHA1..: cb1b228a30ea8b08900375d318e76554c2f95863
SHA256: 5dcc6c3146e436dc8cf8347ca132ac941850fe5fa496934a887094649ea990ab
SHA512: a697bdfafba4f956daff993b39ece1bdd6d9e5bc811c2aeb3695dd8972e08628
aed1a90abc24b9f18170eac6f3cc1be7dd8f9a8c2fbd985a5322560bcefbbace
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (43.8%)
Win32 EXE Yoda's Crypter (38.1%)
Win32 Executable Generic (12.2%)
Generic Win/DOS Executable (2.8%)
DOS Executable Generic (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100604b0
timedatestamp.....: 0x43c6e4ed (Thu Jan 12 23:23:25 2006)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x42000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x43000 0x1e000 0x1d800 7.91 8f36f42fbbcce2d68fcd2b8c9f904478
.rsrc 0x61000 0x1000 0x800 3.88 73a0aaf25de757acbd0674f14766ed4f

( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect
> ADVAPI32.dll: RegCloseKey
> ole32.dll: CoInitialize
> USER32.dll: SetRect
> VERSION.dll: VerQueryValueA

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
Code:
Profiler_update.exe

Antivirus  Version  letzte aktualisierung  Ergebnis
Panda9.0.0.42008.10.30Suspicious file

weitere Informationen
File size: 1067520 bytes
MD5...: 0a7e2542f420a0799cbef813b8c26f02
SHA1..: 44c3435b6cf0769244509ca1ded01e4b1c2ac294
SHA256: fdbc51445354872874c7d000948af864ab5f25f4adcf7b44d33065a04b9489f9
SHA512: 793f48314f6fd0fb7b118a4f88df0df89009cd2594a854dac20d75b45c11c185
6d9b5ca824f542f252a2b485772663291676f426dfe4754215ca7da3231ed614
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x45e7fd
timedatestamp.....: 0x48132562 (Sat Apr 26 12:51:46 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xc3452 0xc3600 6.46 7c6eecacb51cd302d5b8ca970f0b3747
.rdata 0xc5000 0x2cb47 0x2cc00 4.83 7de376061c54c3bd31ff4ee10ea5065c
.data 0xf2000 0x9818 0x5200 4.41 ed39f0bc7b61bd581e849f85736f25e1
.rsrc 0xfc000 0xf0dc 0xf200 6.53 70261d53ad72e193b5f6f44a41a0501f

( 13 imports )
> KERNEL32.dll: TlsFree, GlobalFlags, SetErrorMode, GetFileAttributesW, GetFileSizeEx, GetTickCount, GetStartupInfoW, HeapFree, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, GetSystemTimeAsFileTime, HeapAlloc, RaiseException, RtlUnwind, HeapReAlloc, ExitThread, CreateThread, HeapSize, SetStdHandle, GetFileType, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetStartupInfoA, HeapCreate, VirtualFree, QueryPerformanceCounter, GetConsoleCP, GetConsoleMode, GetCPInfo, LocalReAlloc, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, GetTimeFormatA, GetDateFormatA, GetTimeZoneInformation, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetStringTypeA, GetStringTypeW, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LCMapStringA, LCMapStringW, GetProcessHeap, SetEnvironmentVariableA, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, InterlockedIncrement, LocalAlloc, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, FileTimeToLocalFileTime, FileTimeToSystemTime, CreateFileW, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, GetCurrentProcess, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, ReadFile, GetThreadLocale, GetModuleHandleA, InterlockedDecrement, GetCurrentProcessId, WaitForSingleObject, ResumeThread, SetThreadPriority, InterlockedCompareExchange, RemoveDirectoryA, DeleteFileA, MoveFileA, FindFirstFileA, FindNextFileA, CreateMutexA, CreateSemaphoreA, ReleaseMutex, WritePrivateProfileStringW, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesW, GetModuleFileNameW, lstrcmpA, GetLocaleInfoW, CompareStringA, InterlockedExchange, GetCurrentThreadId, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, ReleaseSemaphore, SleepEx, FormatMessageA, OutputDebugStringA, GetVersionExW, FreeLibrary, CompareStringW, LoadLibraryA, lstrcmpW, GetModuleHandleW, GetVersionExA, FreeResource, WideCharToMultiByte, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageW, LocalFree, lstrlenW, MulDiv, GetEnvironmentVariableW, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, GetFileTime, CreateDirectoryA, WriteFile, CreateFileA, lstrcatA, lstrcmpiA, lstrlenA, GetFileAttributesA, lstrcpyA, Sleep, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, lstrcpynW, CreateMutexW, CreateProcessW, GetLastError, CloseHandle, OpenProcess, GetProcAddress, LoadLibraryW, MultiByteToWideChar, FindResourceW, LoadResource, LockResource, GetACP, SizeofResource
> USER32.dll: MessageBeep, GetNextDlgGroupItem, InvalidateRgn, SetRect, IsRectEmpty, CopyAcceleratorTableW, CharNextW, ReleaseCapture, SetCapture, LoadCursorW, GetSysColorBrush, CharUpperW, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, InvalidateRect, DrawFocusRect, FillRect, SetCursor, GetMessageW, ValidateRect, DestroyMenu, ReleaseDC, GetDC, SetWindowContextHelpId, MapDialogRect, PostQuitMessage, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, ModifyMenuW, EnableMenuItem, CheckMenuItem, MoveWindow, SetWindowTextW, IsDialogMessageW, RegisterWindowMessageW, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, CallNextHookEx, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, GetFocus, GetForegroundWindow, GetLastActivePopup, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, MapWindowPoints, TrackPopupMenu, GetKeyState, SetMenu, IsWindowVisible, UpdateWindow, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, GetSysColor, AdjustWindowRectEx, UnregisterClassW, RegisterClipboardFormatW, EqualRect, PostThreadMessageW, ShowWindow, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcW, CallWindowProcW, GetMenu, SetWindowLongW, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindowTextLengthW, GetWindowTextW, GetWindow, SetFocus, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamW, DestroyWindow, IsWindow, GetWindowLongW, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, EndDialog, GetMenuState, GetMenuItemID, GetMenuItemCount, MessageBoxW, PostMessageW, GetSubMenu, GetCursorPos, SetForegroundWindow, DispatchMessageW, TranslateMessage, PeekMessageW, DrawIcon, GetClientRect, GetSystemMetrics, IsIconic, LoadMenuW, SetTimer, AppendMenuW, GetSystemMenu, LoadIconW, GetWindowThreadProcessId, SendMessageW, EnableWindow, SetWindowsHookExW
> GDI32.dll: ExtSelectClipRgn, DeleteDC, GetStockObject, CreateSolidBrush, GetBkColor, GetTextColor, GetRgnBox, GetMapMode, SetWindowExtEx, ScaleWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, TextOutW, RectVisible, PtVisible, GetWindowExtEx, GetDeviceCaps, SetMapMode, RestoreDC, SaveDC, SelectObject, DeleteObject, GetTextMetricsW, ExtTextOutW, BitBlt, CreateCompatibleDC, CreateRectRgnIndirect, CreateBitmap, GetObjectW, SetBkColor, SetTextColor, GetClipBox, GetViewportExtEx
> COMDLG32.dll: GetFileTitleW
> WINSPOOL.DRV: ClosePrinter, OpenPrinterW, DocumentPropertiesW
> ADVAPI32.dll: RegQueryValueW, RegOpenKeyW, RegEnumKeyW, RegDeleteKeyW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCloseKey, RegOpenKeyExW, RegCreateKeyExW
> SHELL32.dll: SHGetPathFromIDListW, SHGetMalloc, Shell_NotifyIconW, ShellExecuteW, SHBrowseForFolderW
> COMCTL32.dll: InitCommonControlsEx
> SHLWAPI.dll: PathFindFileNameW, PathStripToRootW, PathIsUNCW, PathFindExtensionW
> oledlg.dll: OleUIBusyW
> ole32.dll: CreateILockBytesOnHGlobal, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, CLSIDFromString, CLSIDFromProgID, StgCreateDocfileOnILockBytes, CoTaskMemAlloc, CoTaskMemFree, CoRegisterMessageFilter, StgOpenStorageOnILockBytes, CoGetClassObject, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -
> WININET.dll: InternetReadFile, InternetConnectA, HttpOpenRequestA, HttpAddRequestHeadersA, InternetSetOptionA, HttpSendRequestA, HttpQueryInfoA, InternetReadFileExA, InternetCrackUrlA, HttpOpenRequestW, InternetConnectW, InternetQueryDataAvailable, HttpAddRequestHeadersW, HttpQueryInfoW, InternetCloseHandle, InternetGetLastResponseInfoW, InternetOpenW, InternetSetStatusCallbackW, InternetSetFilePointer, InternetWriteFile, InternetOpenA, HttpSendRequestW

( 10 exports )
xmlrpc_XmlGetUtf16InternalEncoding, xmlrpc_XmlGetUtf8InternalEncoding, xmlrpc_XmlInitEncoding, xmlrpc_XmlInitUnknownEncoding, xmlrpc_XmlParseXmlDecl, xmlrpc_XmlPrologStateInit, xmlrpc_XmlPrologStateInitExternalEntity, xmlrpc_XmlSizeOfUnknownEncoding, xmlrpc_XmlUtf16Encode, xmlrpc_XmlUtf8Encode
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=0a7e2542f420a0799cbef813b8c26f02
Code:
flvDX.dll

Antivirus  Version  letzte aktualisierung  Ergebnis
eSafe7.0.17.02008.10.30Suspicious File

weitere Informationen
File size: 163328 bytes
MD5...: 8453687a045c926f0291301ebaf50370
SHA1..: 8d756345c945b75ef63314fa8992f1b582067ff3
SHA256: 151afe783864d2fcbe6f954d1aef0cb1a157ae41848e2f0478217cddaad61967
SHA512: 4500220ad0ec796d5c14140788a68397508b5606e019b5849d7bb6a5cb76c358
c15193748f52cc70528567541bf0e7dfd249b778af15396a199ae420e341efaf
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (52.5%)
UPX compressed Win32 Executable (18.7%)
Win32 EXE Yoda's Crypter (16.3%)
Win32 Executable Generic (5.2%)
Win32 Dynamic Link Library (generic) (4.6%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1006bf60
timedatestamp.....: 0x445872ae (Wed May 03 09:06:54 2006)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x44000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x45000 0x28000 0x27200 7.92 8c71ecde07c563755798b56de82cfa8b
.rsrc 0x6d000 0x1000 0x800 3.27 ea079b662ca468ac3b84ac5ae3533871

( 9 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect
> ADVAPI32.dll: RegEnumKeyW
> comdlg32.dll: GetFileTitleW
> GDI32.dll: SaveDC
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHLWAPI.dll: PathIsUNCW
> USER32.dll: GetDC
> WINSPOOL.DRV: ClosePrinter

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=8453687a045c926f0291301ebaf50370
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
spzv.sys nicht gefunden ...


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:32 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131