|
Ja lad mal alles bitte hoch bei VT. |
Was hältst Du davon: Außerdem ist noch eine Verknüpfung in einem Unterverzeichnis des Ordners "85c97", die heißt Microsoft Office. Und Sie verknüpft hierhin: "C:\Programme\Microsoft Office\Office\OSA9.EXE" -b -l Das sieht meiner Meinung nach auch nicht sauber aus. |
Lad sie auchmal hoch, aber die dürfte eigentlich nicht infiziert sein, da es von MS Office ist. |
Datei mozcrt19.dll empfangen 2009.10.28 18:12:07 (UTC) Status: Beendet Ergebnis: 0/40 (0%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.10.28 - AhnLab-V3 5.0.0.2 2009.10.28 - AntiVir 7.9.1.50 2009.10.28 - Antiy-AVL 2.0.3.7 2009.10.27 - Authentium 5.1.2.4 2009.10.28 - Avast 4.8.1351.0 2009.10.28 - AVG 8.5.0.423 2009.10.28 - CAT-QuickHeal 10.00 2009.10.28 - ClamAV 0.94.1 2009.10.28 - Comodo 2757 2009.10.28 - DrWeb 5.0.0.12182 2009.10.28 - eSafe 7.0.17.0 2009.10.28 - eTrust-Vet 35.1.7087 2009.10.28 - F-Prot 4.5.1.85 2009.10.28 - F-Secure 9.0.15370.0 2009.10.27 - Fortinet 3.120.0.0 2009.10.28 - GData 19 2009.10.28 - Ikarus T3.1.1.72.0 2009.10.28 - Jiangmin 11.0.800 2009.10.26 - K7AntiVirus 7.10.881 2009.10.27 - Kaspersky 7.0.0.125 2009.10.28 - McAfee 5784 2009.10.27 - McAfee+Artemis 5784 2009.10.27 - McAfee-GW-Edition 6.8.5 2009.10.28 - Microsoft 1.5202 2009.10.28 - NOD32 4552 2009.10.28 - Norman 6.03.02 2009.10.27 - nProtect 2009.1.8.0 2009.10.28 - Panda 10.0.2.2 2009.10.27 - PCTools 4.4.2.0 2009.10.19 - Prevx 3.0 2009.10.28 - Rising 21.53.24.00 2009.10.28 - Sophos 4.46.0 2009.10.28 - Sunbelt 3.2.1858.2 2009.10.27 - Symantec 1.4.4.12 2009.10.28 - TheHacker 6.5.0.2.055 2009.10.27 - TrendMicro 8.950.0.1094 2009.10.28 - VBA32 3.12.10.11 2009.10.27 - ViRobot 2009.10.28.2009 2009.10.28 - VirusBuster 4.6.5.0 2009.10.28 - weitere Informationen File size: 722424 bytes MD5...: e629ff1035eba7041eeeff4feccf6417 SHA1..: 670567eb0c8dc3bfb0abc5d65cb8f0777962b7a1 SHA256: 0ca386b97a5e7e8659b4696d87166ea4e36b127b3e63f88f2a237a3cdd877c46 ssdeep: 12288:8kbNthkHTMj3ta69Ov8Xk22JN0A+8M6x3Xo9Ho7shr46CIDmGyfR:NtFOc k2QPMwf7UDmGyp PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x23c0 timedatestamp.....: 0x4a92ba57 (Mon Aug 24 16:05:43 2009) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x788c4 0x79000 6.70 64dca5cd4d38e97001ed92e0fda22722 .rdata 0x7a000 0x2b02c 0x2c000 6.67 d87d4702623a2d402386165084fe5f5e .data 0xa6000 0x4acc 0x3000 3.94 24931ff0c00f6745c1138d0d89a3460a .rsrc 0xab000 0x3c8 0x1000 1.01 3d6b02d1f6f9404f10a2287bd23b58e5 .reloc 0xac000 0x482c 0x5000 6.07 5e0357ee902885ad7486a041b63ab3c5 ( 2 imports ) > msvcrt.dll: _getdrives > KERNEL32.dll: GetCurrentProcessId, GetLocalTime, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetProcAddress, ExitProcess, WriteFile, GetStdHandle, GetCurrentThreadId, TlsGetValue, GetCommandLineA, HeapFree, GetVersionExA, HeapAlloc, GetProcessHeap, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, ExitThread, CloseHandle, GetLastError, ResumeThread, CreateThread, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, GetCurrentThread, FindNextFileA, FindFirstFileA, FindClose, FindNextFileW, FindFirstFileW, Sleep, GetEnvironmentVariableA, VirtualFree, VirtualAlloc, GetSystemInfo, SetHandleCount, GetFileType, GetStartupInfoA, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetFilePointer, SetStdHandle, CreateFileA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, SetConsoleCtrlHandler, FreeLibrary, InterlockedExchange, LoadLibraryA, InitializeCriticalSection, MultiByteToWideChar, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, SetLocalTime, GetSystemTimeAsFileTime, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetLocaleInfoW, SetEnvironmentVariableA, SetEnvironmentVariableW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, RtlUnwind, GetTimeFormatA, GetDateFormatA, GetTimeZoneInformation, FlushFileBuffers, CompareStringA, CompareStringW, Beep, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDiskFreeSpaceA, GetLogicalDrives, SetErrorMode, GetFileAttributesA, GetCurrentDirectoryA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetDriveTypeA, CreateDirectoryA, RemoveDirectoryA, DeleteFileA, GetFileAttributesW, GetCurrentDirectoryW, SetCurrentDirectoryW, SetFileAttributesW, GetFullPathNameW, CreateDirectoryW, DeleteFileW, MoveFileW, RemoveDirectoryW, GetDriveTypeW, MoveFileA, RaiseException, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, CreateProcessW, VirtualProtect, VirtualQuery, IsDBCSLeadByteEx, ReadConsoleA, ReadConsoleW, SetConsoleMode, SetEndOfFile, DuplicateHandle, GetFileInformationByHandle, PeekNamedPipe, ReadConsoleInputA, PeekConsoleInputA, GetNumberOfConsoleInputEvents, ReadConsoleInputW, LockFile, UnlockFile, CreatePipe, ReadFile, CreateFileW, LoadLibraryW, SetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime ( 1448 exports ) $I10_OUTPUT, __0__non_rtti_object@std@@QAE@ABV01@@Z, __0bad_cast@std@@QAE@ABV01@@Z, __0bad_cast@std@@QAE@PBD@Z, __0bad_typeid@std@@QAE@ABV01@@Z, __0bad_typeid@std@@QAE@PBD@Z, __0exception@std@@QAE@ABQBD@Z, __0exception@std@@QAE@ABQBDH@Z, __0exception@std@@QAE@ABV01@@Z, __0exception@std@@QAE@XZ, __1__non_rtti_object@std@@UAE@XZ, __1bad_cast@std@@UAE@XZ, __1bad_typeid@std@@UAE@XZ, __1exception@std@@UAE@XZ, __1type_info@@UAE@XZ, __2@YAPAXI@Z, __2@YAPAXIHPBDH@Z, __3@YAXPAX@Z, __4__non_rtti_object@std@@QAEAAV01@ABV01@@Z, __4bad_cast@std@@QAEAAV01@ABV01@@Z, __4bad_typeid@std@@QAEAAV01@ABV01@@Z, __4exception@std@@QAEAAV01@ABV01@@Z, __8type_info@@QBE_NABV0@@Z, __9type_info@@QBE_NABV0@@Z, ___7__non_rtti_object@std@@6B@, ___7bad_cast@std@@6B@, ___7bad_typeid@std@@6B@, ___7exception@@6B@, ___7exception@std@@6B@, ___Fbad_cast@std@@QAEXXZ, ___Fbad_typeid@std@@QAEXXZ, ___U@YAPAXI@Z, ___U@YAPAXIHPBDH@Z, ___V@YAXPAX@Z, __Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z, __Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z, __Type_info_dtor@type_info@@CAXPAV1@@Z, __Type_info_dtor_internal@type_info@@CAXPAV1@@Z, __ValidateExecute@@YAHP6GHXZ@Z, __ValidateRead@@YAHPBXI@Z, __ValidateWrite@@YAHPAXI@Z, __inconsistency@@YAXXZ, __invalid_parameter@@YAXPBG00II@Z, __is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z, __name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z, __open@@YAHPBDHH@Z, __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z, __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z, __sopen@@YAHPBDHHH@Z, __type_info_dtor_internal_method@type_info@@QAEXXZ, __wopen@@YAHPB_WHH@Z, __wsopen@@YAHPB_WHHH@Z, _before@type_info@@QBEHABV1@@Z, _name@type_info@@QBEPBDPAU__type_info_node@@@Z, _raw_name@type_info@@QBEPBDXZ, _set_terminate@@YAP6AXXZH@Z, _set_terminate@@YAP6AXXZP6AXXZ@Z, _set_unexpected@@YAP6AXXZH@Z, _set_unexpected@@YAP6AXXZP6AXXZ@Z, _swprintf@@YAHPAGIPBGZZ, _swprintf@@YAHPA_WIPB_WZZ, _terminate@@YAXXZ, _unexpected@@YAXXZ, _vswprintf@@YAHPA_WIPB_WPAD@Z, _what@exception@std@@UBEPBDXZ, @_calloc_crt@8, @_malloc_crt@4, @_realloc_crt@8, _CIacos, _CIasin, _CIatan, _CIatan2, _CIcos, _CIcosh, _CIexp, _CIfmod, _CIlog, _CIlog10, _CIpow, _CIsin, _CIsinh, _CIsqrt, _CItan, _CItanh, _CRT_RTC_INIT, _CRT_RTC_INITW, _CreateFrameInfo, _CxxThrowException, _EH_prolog, _FindAndUnlinkFrame, _Getdays, _Getmonths, _Gettnames, _HUGE, _IsExceptionObjectToBeDestroyed, _NLG_Dispatch2, _NLG_Return, _NLG_Return2, _Strftime, _XcptFilter, __AdjustPointer, __BuildCatchObject, __BuildCatchObjectHelper, __CppXcptFilter, __CxxCallUnwindDelDtor, __CxxCallUnwindDtor, __CxxCallUnwindStdDelDtor, __CxxCallUnwindVecDtor, __CxxDetectRethrow, __CxxExceptionFilter, __CxxFrameHandler, __CxxFrameHandler2, __CxxFrameHandler3, __CxxLongjmpUnwind, __CxxQueryExceptionSize, __CxxRegisterExceptionObject, __CxxUnregisterExceptionObject, __DestructExceptionObject, __FrameUnwindFilter, __RTCastToVoid, __RTDynamicCast, __RTtypeid, __STRINGTOLD, __STRINGTOLD_L, __TypeMatch, ___fls_getvalue@4, ___fls_setvalue@8, ___lc_codepage_func, ___lc_collate_cp_func, ___lc_handle_func, ___mb_cur_max_func, ___mb_cur_max_l_func, ___setlc_active_func, ___unguarded_readlc_active_add_func, __argc, __argv, __badioinfo, __clean_type_info_names_internal, __control87_2, __create_locale, __crtCompareStringA, __crtCompareStringW, __crtGetLocaleInfoW, __crtGetStringTypeW, __crtLCMapStringA, __crtLCMapStringW, __daylight, __dllonexit, __doserrno, __dstbias, __fpecode, __free_locale, __get_app_type, __get_current_locale, __get_flsindex, __get_tlsindex, __getmainargs, __initenv, __iob_func, __isascii, __iscsym, __iscsymf, __iswcsym, __iswcsymf, __lc_clike, __lc_codepage, __lc_collate_cp, __lc_handle, __lconv, __lconv_init, __libm_sse2_acos, __libm_sse2_acosf, __libm_sse2_asin, __libm_sse2_asinf, __libm_sse2_atan, __libm_sse2_atan2, __libm_sse2_atanf, __libm_sse2_cos, __libm_sse2_cosf, __libm_sse2_exp, __libm_sse2_expf, __libm_sse2_log, __libm_sse2_log10, __libm_sse2_log10f, __libm_sse2_logf, __libm_sse2_pow, __libm_sse2_powf, __libm_sse2_sin, __libm_sse2_sinf, __libm_sse2_tan, __libm_sse2_tanf, __mb_cur_max, __p___argc, __p___argv, __p___initenv, __p___mb_cur_max, __p___wargv, __p___winitenv, __p__acmdln, __p__commode, __p__daylight, __p__dstbias, __p__environ, __p__fmode, __p__iob, __p__mbcasemap, __p__mbctype, __p__osplatform, __p__osver, __p__pctype, __p__pgmptr, __p__pwctype, __p__timezone, __p__tzname, __p__wcmdln, __p__wenviron, __p__winmajor, __p__winminor, __p__winver, __p__wpgmptr, __pctype_func, __pioinfo, __pwctype_func, __pxcptinfoptrs, __report_gsfailure, __set_app_type, __set_flsgetvalue, __setlc_active, __setusermatherr, __strncnt, __swprintf_l, __sys_errlist, __sys_nerr, __threadhandle, __threadid, __timezone, __toascii, __tzname, __unDName, __unDNameEx, __unDNameHelper, __uncaught_exception, __unguarded_readlc_active, __vswprintf_l, __wargv, __wcserror, __wcserror_s, __wcsncnt, __wgetmainargs, __winitenv, _abnormal_termination, _abs64, _access, _access_s, _acmdln, _adj_fdiv_m16i, _adj_fdiv_m32, _adj_fdiv_m32i, _adj_fdiv_m64, _adj_fdiv_r, _adj_fdivr_m16i, _adj_fdivr_m32, _adj_fdivr_m32i, _adj_fdivr_m64, _adj_fpatan, _adj_fprem, _adj_fprem1, _adj_fptan, _adjust_fdiv, _aexit_rtn, _aligned_free, _aligned_malloc, _aligned_msize, _aligned_offset_malloc, _aligned_offset_realloc, _aligned_offset_recalloc, _aligned_realloc, _aligned_recalloc, _amsg_exit, _assert, _atodbl, _atodbl_l, _atof_l, _atoflt, _atoflt_l, _atoi64, _atoi64_l, _atoi_l, _atol_l, _atoldbl, _atoldbl_l, _beep, _beginthread, _beginthreadex, _byteswap_uint64, _byteswap_ulong, _byteswap_ushort, _c_exit, _cabs, _calloc_crt, _cexit, _cgets, _cgets_s, _cgetws, _cgetws_s, _chdir, _chdrive, _chgsign, _chkesp, _chmod, _chsize, _chsize_s, _clearfp, _close, _commit, _commode, _configthreadlocale, _control87, _controlfp, _controlfp_s, _copysign, _cprintf, _cprintf_l, _cprintf_p, _cprintf_p_l, _cprintf_s, _cprintf_s_l, _cputs, _cputws, _creat, _create_locale, _crt_debugger_hook, _cscanf, _cscanf_l, _cscanf_s, _cscanf_s_l, _ctime32, _ctime32_s, _ctime64, _ctime64_s, _cwait, _cwprintf, _cwprintf_l, _cwprintf_p, _cwprintf_p_l, _cwprintf_s, _cwprintf_s_l, _cwscanf, _cwscanf_l, _cwscanf_s, _cwscanf_s_l, _daylight, _decode_pointer, _difftime32, _difftime64, _dosmaperr, _dstbias, _dup, _dup2, _dupenv_s, _ecvt, _ecvt_s, _encode_pointer, _encoded_null, _endthread, _endthreadex, _environ, _eof, _errno, _except_handler2, _except_handler3, _except_handler4_common, _execl, _execle, _execlp, _execlpe, _execv, _execve, _execvp, _execvpe, _exit, _expand, _fclose_nolock, _fcloseall, _fcvt, _fcvt_s, _fdopen, _fflush_nolock, _fgetchar, _fgetwc_nolock, _fgetwchar, _filbuf, _filelength, _filelengthi64, _fileno, _findclose, _findfirst32, _findfirst32i64, _findfirst64, _findfirst64i32, _findnext32, _findnext32i64, _findnext64, _findnext64i32, _finite, _flsbuf, _flushall, _fmode, _fpclass, _fpieee_flt, _fpreset, _fprintf_l, _fprintf_p, _fprintf_p_l, _fprintf_s_l, _fputchar, _fputwc_nolock, _fputwchar, _fread_nolock, _fread_nolock_s, _free_locale, _freea, _freea_s, _freefls, _fscanf_l, _fscanf_s_l, _fseek_nolock, _fseeki64, _fseeki64_nolock, _fsopen, _fstat32, _fstat32i64, _fstat64, _fstat64i32, _ftell_nolock, _ftelli64, _ftelli64_nolock, _ftime32, _ftime32_s, _ftime64, _ftime64_s, _ftol, _fullpath, _futime32, _futime64, _fwprintf_l, _fwprintf_p, _fwprintf_p_l, _fwprintf_s_l, _fwrite_nolock, _fwscanf_l, _fwscanf_s_l, _gcvt, _gcvt_s, _get_current_locale, _get_daylight, _get_doserrno, _get_dstbias, _get_errno, _get_fmode, _get_invalid_parameter_handler, _get_osfhandle, _get_osplatform, _get_osver, _get_output_format, _get_pgmptr, _get_printf_count_output, _get_purecall_handler, _get_terminate, _get_timezone, _get_tzname, _get_unexpected, _get_winmajor, _get_winminor, _get_winver, _get_wpgmptr, _getch, _getch_nolock, _getche, _getche_nolock, _getcwd, _getdcwd, _getdcwd_nolock, _getdiskfree, _getdllprocaddr, _getdrive, _getdrives, _getmaxstdio, _getmbcp, _getpid, _getptd, _getsystime, _getw, _getwch, _getwch_nolock, _getwche, _getwche_nolock, _getws, _getws_s, _global_unwind2, _gmtime32, _gmtime32_s, _gmtime64, _gmtime64_s, _hypot, _hypotf, _i64toa, _i64toa_s, _i64tow, _i64tow_s, _initptd, _initterm, _initterm_e, _inp, _inpd, _inpw, _invalid_parameter, _invalid_parameter_noinfo, _invoke_watson, _iob, _isalnum_l, _isalpha_l, _isatty, _iscntrl_l, _isctype, _isctype_l, _isdigit_l, _isgraph_l, _isleadbyte_l, _islower_l, _ismbbalnum, _ismbbalnum_l, _ismbbalpha, _ismbbalpha_l, _ismbbgraph, _ismbbgraph_l, _ismbbkalnum, _ismbbkalnum_l, _ismbbkana, _ismbbkana_l, _ismbbkprint, _ismbbkprint_l, _ismbbkpunct, _ismbbkpunct_l, _ismbblead, _ismbblead_l, _ismbbprint, _ismbbprint_l, _ismbbpunct, _ismbbpunct_l, _ismbbtrail, _ismbbtrail_l, _ismbcalnum, _ismbcalnum_l, _ismbcalpha, _ismbcalpha_l, _ismbcdigit, _ismbcdigit_l, _ismbcgraph, _ismbcgraph_l, _ismbchira, _ismbchira_l, _ismbckata, _ismbckata_l, _ismbcl0, _ismbcl0_l, _ismbcl1, _ismbcl1_l, _ismbcl2, _ismbcl2_l, _ismbclegal, _ismbclegal_l, _ismbclower, _ismbclower_l, _ismbcprint, _ismbcprint_l, _ismbcpunct, _ismbcpunct_l, _ismbcspace, _ismbcspace_l, _ismbcsymbol, _ismbcsymbol_l, _ismbcupper, _ismbcupper_l, _ismbslead, _ismbslead_l, _ismbstrail, _ismbstrail_l, _isnan, _isprint_l, _ispunct_l, _isspace_l, _isupper_l, _iswalnum_l, _iswalpha_l, _iswcntrl_l, _iswcsym_l, _iswcsymf_l, _iswctype_l, _iswdigit_l, _iswgraph_l, _iswlower_l, _iswprint_l, _iswpunct_l, _iswspace_l, _iswupper_l, _iswxdigit_l, _isxdigit_l, _itoa, _itoa_s, _itow, _itow_s, _j0, _j1, _jn, _kbhit, _lfind, _lfind_s, _loaddll, _local_unwind2, _local_unwind4, _localtime32, _localtime32_s, _localtime64, _localtime64_s, _lock, _lock_file, _locking, _logb, _longjmpex, _lrotl, _lrotr, _lsearch, _lsearch_s, _lseek, _lseeki64, _ltoa, _ltoa_s, _ltow, _ltow_s, _makepath, _makepath_s, _malloc_crt, _mbbtombc, _mbbtombc_l, _mbbtype, _mbbtype_l, _mbcasemap, _mbccpy, _mbccpy_l, _mbccpy_s, _mbccpy_s_l, _mbcjistojms, _mbcjistojms_l, _mbcjmstojis, _mbcjmstojis_l, _mbclen, _mbclen_l, _mbctohira, _mbctohira_l, _mbctokata, _mbctokata_l, _mbctolower, _mbctolower_l, _mbctombb, _mbctombb_l, _mbctoupper, _mbctoupper_l, _mbctype, _mblen_l, _mbsbtype, _mbsbtype_l, _mbscat_s, _mbscat_s_l, _mbschr, _mbschr_l, _mbscmp, _mbscmp_l, _mbscoll, _mbscoll_l, _mbscpy_s, _mbscpy_s_l, _mbscspn, _mbscspn_l, _mbsdec, _mbsdec_l, _mbsicmp, _mbsicmp_l, _mbsicoll, _mbsicoll_l, _mbsinc, _mbsinc_l, _mbslen, _mbslen_l, _mbslwr, _mbslwr_l, _mbslwr_s, _mbslwr_s_l, _mbsnbcat, _mbsnbcat_l, _mbsnbcat_s, _mbsnbcat_s_l, _mbsnbcmp, _mbsnbcmp_l, _mbsnbcnt, _mbsnbcnt_l, _mbsnbcoll, _mbsnbcoll_l, _mbsnbcpy, _mbsnbcpy_l, _mbsnbcpy_s, _mbsnbcpy_s_l, _mbsnbicmp, _mbsnbicmp_l, _mbsnbicoll, _mbsnbicoll_l, _mbsnbset, _mbsnbset_l, _mbsnbset_s, _mbsnbset_s_l, _mbsncat, _mbsncat_l, _mbsncat_s, _mbsncat_s_l, _mbsnccnt, _mbsnccnt_l, _mbsncmp, _mbsncmp_l, _mbsncoll, _mbsncoll_l, _mbsncpy, _mbsncpy_l, _mbsncpy_s, _mbsncpy_s_l, _mbsnextc, _mbsnextc_l, _mbsnicmp, _mbsnicmp_l, _mbsnicoll, _mbsnicoll_l, _mbsninc, _mbsninc_l, _mbsnlen, _mbsnlen_l, _mbsnset, _mbsnset_l, _mbsnset_s, _mbsnset_s_l, _mbspbrk, _mbspbrk_l, _mbsrchr, _mbsrchr_l, _mbsrev, _mbsrev_l, _mbsset, _mbsset_l, _mbsset_s, _mbsset_s_l, _mbsspn, _mbsspn_l, _mbsspnp, _mbsspnp_l, _mbsstr, _mbsstr_l, _mbstok, _mbstok_l, _mbstok_s, _mbstok_s_l, _mbstowcs_l, _mbstowcs_s_l, _mbstrlen, _mbstrlen_l, _mbstrnlen, _mbstrnlen_l, _mbsupr, _mbsupr_l, _mbsupr_s, _mbsupr_s_l, _mbtowc_l, _memccpy, _memicmp, _memicmp_l, _mkdir, _mkgmtime32, _mkgmtime64, _mktemp, _mktemp_s, _mktime32, _mktime64, _msize, _nextafter, _onexit, _open, _open_osfhandle, _osplatform, _osver, _outp, _outpd, _outpw, _pclose, _pctype, _pgmptr, _pipe, _popen, _printf_l, _printf_p, _printf_p_l, _printf_s_l, _purecall, _putch, _putch_nolock, _putenv, _putenv_s, _putw, _putwch, _putwch_nolock, _putws, _pwctype, _read, _realloc_crt, _recalloc, _recalloc_crt, _resetstkoflw, _rmdir, _rmtmp, _rotl, _rotl64, _rotr, _rotr64, _safe_fdiv, _safe_fdivr, _safe_fprem, _safe_fprem1, _scalb, _scanf_l, _scanf_s_l, _scprintf, _scprintf_l, _scprintf_p, _scprintf_p_l, _scwprintf, _scwprintf_l, _scwprintf_p, _scwprintf_p_l, _searchenv, _searchenv_s, _seh_longjmp_unwind, _seh_longjmp_unwind4, _set_SSE2_enable, _set_abort_behavior, _set_controlfp, _set_doserrno, _set_errno, _set_error_mode, _set_fmode, _set_invalid_parameter_handler, _set_malloc_crt_max_wait, _set_output_format, _set_printf_count_output, _set_purecall_handler, _seterrormode, _setjmp, _setjmp3, _setmaxstdio, _setmbcp, _setmode, _setsystime, _sleep, _snprintf, _snprintf_c, _snprintf_c_l, _snprintf_l, _snprintf_s, _snprintf_s_l, _snscanf, _snscanf_l, _snscanf_s, _snscanf_s_l, _snwprintf, _snwprintf_l, _snwprintf_s, _snwprintf_s_l, _snwscanf, _snwscanf_l, _snwscanf_s, _snwscanf_s_l, _sopen, _sopen_s, _spawnl, _spawnle, _spawnlp, _spawnlpe, _spawnv, _spawnve, _spawnvp, _spawnvpe, _splitpath, _splitpath_s, _sprintf_l, _sprintf_p, _sprintf_p_l, _sprintf_s_l, _sscanf_l, _sscanf_s_l, _stat32, _stat32i64, _stat64, _stat64i32, _statusfp, _statusfp2, _strcoll_l, _strdate, _strdate_s, _strdup, _strerror, _strerror_s, _strftime_l, _stricmp, _stricmp_l, _stricoll, _stricoll_l, _strlwr, _strlwr_l, _strlwr_s, _strlwr_s_l, _strncoll, _strncoll_l, _strnicmp, _strnicmp_l, _strnicoll, _strnicoll_l, _strnset, _strnset_s, _strrev, _strset, _strset_s, _strtime, _strtime_s, _strtod_l, _strtoi64, _strtoi64_l, _strtol_l, _strtoui64, _strtoui64_l, _strtoul_l, _strupr, _strupr_l, _strupr_s, _strupr_s_l, _strxfrm_l, _swab, _swprintf, _swprintf_c, _swprintf_p, _swprintf_p_l, _swprintf_s_l, _swscanf_l, _swscanf_s_l, _sys_errlist, _sys_nerr, _tell, _telli64, _tempnam, _time32, _time64, _timezone, _tolower, _tolower_l, _toupper, _toupper_l, _towlower_l, _towupper_l, _tzname, _tzset, _ui64toa, _ui64toa_s, _ui64tow, _ui64tow_s, _ultoa, _ultoa_s, _ultow, _ultow_s, _umask, _umask_s, _ungetc_nolock, _ungetch, _ungetch_nolock, _ungetwc_nolock, _ungetwch, _ungetwch_nolock, _unlink, _unloaddll, _unlock, _unlock_file, _utime32, _utime64, _vcprintf, _vcprintf_l, _vcprintf_p, _vcprintf_p_l, _vcprintf_s, _vcprintf_s_l, _vcwprintf, _vcwprintf_l, _vcwprintf_p, _vcwprintf_p_l, _vcwprintf_s, _vcwprintf_s_l, _vfprintf_l, _vfprintf_p, _vfprintf_p_l, _vfprintf_s_l, _vfwprintf_l, _vfwprintf_p, _vfwprintf_p_l, _vfwprintf_s_l, _vprintf_l, _vprintf_p, _vprintf_p_l, _vprintf_s_l, _vscprintf, _vscprintf_l, _vscprintf_p, _vscprintf_p_l, _vscwprintf, _vscwprintf_l, _vscwprintf_p, _vscwprintf_p_l, _vsnprintf, _vsnprintf_c, _vsnprintf_c_l, _vsnprintf_l, _vsnprintf_s, _vsnprintf_s_l, _vsnwprintf, _vsnwprintf_l, _vsnwprintf_s, _vsnwprintf_s_l, _vsprintf_l, _vsprintf_p, _vsprintf_p_l, _vsprintf_s_l, _vswprintf, _vswprintf_c, _vswprintf_l, _vswprintf_p_l, _vswprintf_s_l, _vwprintf_l, _vwprintf_p, _vwprintf_p_l, _vwprintf_s_l, _waccess, _waccess_s, _wasctime, _wasctime_s, _wassert, _wchdir, _wchmod, _wcmdln, _wcreat, _wcscoll_l, _wcsdup, _wcserror, _wcserror_s, _wcsftime_l, _wcsicmp, _wcsicmp_l, _wcsicoll, _wcsicoll_l, _wcslwr, _wcslwr_l, _wcslwr_s, _wcslwr_s_l, _wcsncoll, _wcsncoll_l, _wcsnicmp, _wcsnicmp_l, _wcsnicoll, _wcsnicoll_l, _wcsnset, _wcsnset_s, _wcsrev, _wcsset, _wcsset_s, _wcstod_l, _wcstoi64, _wcstoi64_l, _wcstol_l, _wcstombs_l, _wcstombs_s_l, _wcstoui64, _wcstoui64_l, _wcstoul_l, _wcsupr, _wcsupr_l, _wcsupr_s, _wcsupr_s_l, _wcsxfrm_l, _wctime32, _wctime32_s, _wctime64, _wctime64_s, _wctomb_l, _wctomb_s_l, _wctype, _wdupenv_s, _wenviron, _wexecl, _wexecle, _wexeclp, _wexeclpe, _wexecv, _wexecve, _wexecvp, _wexecvpe, _wfdopen, _wfindfirst32, _wfindfirst32i64, _wfindfirst64, _wfindfirst64i32, _wfindnext32, _wfindnext32i64, _wfindnext64, _wfindnext64i32, _wfopen, _wfopen_s, _wfreopen, _wfreopen_s, _wfsopen, _wfullpath, _wgetcwd, _wgetdcwd, _wgetdcwd_nolock, _wgetenv, _wgetenv_s, _winmajor, _winminor, _winver, _wmakepath, _wmakepath_s, _wmkdir, _wmktemp, _wmktemp_s, _wopen, _wperror, _wpgmptr, _wpopen, _wprintf_l, _wprintf_p, _wprintf_p_l, _wprintf_s_l, _wputenv, _wputenv_s, _wremove, _wrename, _write, _wrmdir, _wscanf_l, _wscanf_s_l, _wsearchenv, _wsearchenv_s, _wsetlocale, _wsopen, _wsopen_s, _wspawnl, _wspawnle, _wspawnlp, _wspawnlpe, _wspawnv, _wspawnve, _wspawnvp, _wspawnvpe, _wsplitpath, _wsplitpath_s, _wstat32, _wstat32i64, _wstat64, _wstat64i32, _wstrdate, _wstrdate_s, _wstrtime, _wstrtime_s, _wsystem, _wtempnam, _wtmpnam, _wtmpnam_s, _wtof, _wtof_l, _wtoi, _wtoi64, _wtoi64_l, _wtoi_l, _wtol, _wtol_l, _wunlink, _wutime32, _wutime64, _y0, _y1, _yn, abort, abs, acos, asctime, asctime_s, asin, atan, atan2, atexit, atof, atoi, atol, bsearch, bsearch_s, btowc, calloc, ceil, clearerr, clearerr_s, clock, cos, cosh, div, exit, exp, fabs, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fgetwc, fgetws, floor, fmod, fopen, fopen_s, fprintf, fprintf_s, fputc, fputs, fputwc, fputws, fread, fread_s, free, freopen, freopen_s, frexp, fscanf, fscanf_s, fseek, fsetpos, ftell, fwprintf, fwprintf_s, fwrite, fwscanf, fwscanf_s, getc, getchar, getenv, getenv_s, gets, gets_s, getwc, getwchar, is_wctype, isalnum, isalpha, iscntrl, isdigit, isgraph, isleadbyte, islower, isprint, ispunct, isspace, isupper, iswalnum, iswalpha, iswascii, iswcntrl, iswctype, iswdigit, iswgraph, iswlower, iswprint, iswpunct, iswspace, iswupper, iswxdigit, isxdigit, labs, ldexp, ldiv, localeconv, log, log10, longjmp, malloc, malloc_usable_size, mblen, mbrlen, mbrtowc, mbsrtowcs, mbsrtowcs_s, mbstowcs, mbstowcs_s, mbtowc, memalign, memchr, memcmp, memcpy, memcpy_s, memmove, memmove_s, memset, modf, perror, posix_memalign, pow, printf, printf_s, putc, putchar, puts, putwc, putwchar, qsort, qsort_s, raise, rand, rand_s, realloc, remove, rename, rewind, scanf, scanf_s, setbuf, setlocale, setvbuf, signal, sin, sinh, sprintf, sprintf_s, sqrt, srand, sscanf, sscanf_s, strcat, strcat_s, strchr, strcmp, strcoll, strcpy, strcpy_s, strcspn, strerror, strerror_s, strftime, strlen, strncat, strncat_s, strncmp, strncpy, strncpy_s, strnlen, strpbrk, strrchr, strspn, strstr, strtod, strtok, strtok_s, strtol, strtoul, strxfrm, swprintf_s, swscanf, swscanf_s, system, tan, tanh, tmpfile, tmpfile_s, tmpnam, tmpnam_s, tolower, toupper, towlower, towupper, ungetc, ungetwc, vfprintf, vfprintf_s, vfwprintf, vfwprintf_s, vprintf, vprintf_s, vsprintf, vsprintf_s, vswprintf_s, vwprintf, vwprintf_s, wcrtomb, wcrtomb_s, wcscat, wcscat_s, wcschr, wcscmp, wcscoll, wcscpy, wcscpy_s, wcscspn, wcsftime, wcslen, wcsncat, wcsncat_s, wcsncmp, wcsncpy, wcsncpy_s, wcsnlen, wcspbrk, wcsrchr, wcsrtombs, wcsrtombs_s, wcsspn, wcsstr, wcstod, wcstok, wcstok_s, wcstol, wcstombs, wcstombs_s, wcstoul, wcsxfrm, wctob, wctomb, wctomb_s, wprintf, wprintf_s, wscanf, wscanf_s RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win64 Executable Generic (46.2%) Win32 EXE PECompact compressed (generic) (22.4%) Win32 Executable MS Visual C++ (generic) (20.3%) Win32 Executable Generic (4.6%) Win32 Dynamic Link Library (generic) (4.0%) sigcheck: publisher....: Mozilla Foundation copyright....: Copyright (C) Microsoft Corporation. product......: Mozilla Custom C Runtime description..: User-Generated Microsoft (R) C/C__ Runtime Library original name: MOZCRT19.DLL internal name: MOZCRT19.DLL file version.: 8.00.0000 comments.....: n/a signers......: Mozilla Corporation Thawte Code Signing CA Thawte Premium Server CA signing date.: 9:15 PM 8/24/2009 verified.....: - |
Zitat:
Mach ich. Dachte, die Malware hat da vielleicht eine Datei reingeschmuggelt. |
Zitat:
|
Meldung von VT zur 2. Datei sqlite3.dll: Die Datei wurde bereits analysiert: MD5: 072f012fbd6c8a69a29cb7d801ef5aa8 First received: 2009.09.02 01:08:17 UTC Datum 2009.10.23 07:13:44 UTC [>5D] Ergebnisse 0/41 Permalink: analisis/0c657487075538c61d16de210c9de29f71e5c8330e713e685e2d20eb4dec90d3-1256282024 |
atei vd952342.bd empfangen 2009.10.28 18:25:17 (UTC) Status: Beendet Ergebnis: 0/41 (0%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.10.28 - AhnLab-V3 5.0.0.2 2009.10.28 - AntiVir 7.9.1.50 2009.10.28 - Antiy-AVL 2.0.3.7 2009.10.27 - Authentium 5.1.2.4 2009.10.28 - Avast 4.8.1351.0 2009.10.28 - AVG 8.5.0.423 2009.10.28 - BitDefender 7.2 2009.10.28 - CAT-QuickHeal 10.00 2009.10.28 - ClamAV 0.94.1 2009.10.28 - Comodo 2757 2009.10.28 - DrWeb 5.0.0.12182 2009.10.28 - eSafe 7.0.17.0 2009.10.28 - eTrust-Vet 35.1.7087 2009.10.28 - F-Prot 4.5.1.85 2009.10.28 - F-Secure 9.0.15370.0 2009.10.27 - Fortinet 3.120.0.0 2009.10.28 - GData 19 2009.10.28 - Ikarus T3.1.1.72.0 2009.10.28 - Jiangmin 11.0.800 2009.10.26 - K7AntiVirus 7.10.881 2009.10.27 - Kaspersky 7.0.0.125 2009.10.28 - McAfee 5784 2009.10.27 - McAfee+Artemis 5784 2009.10.27 - McAfee-GW-Edition 6.8.5 2009.10.28 - Microsoft 1.5202 2009.10.28 - NOD32 4552 2009.10.28 - Norman 6.03.02 2009.10.27 - nProtect 2009.1.8.0 2009.10.28 - Panda 10.0.2.2 2009.10.27 - PCTools 4.4.2.0 2009.10.19 - Prevx 3.0 2009.10.28 - Rising 21.53.24.00 2009.10.28 - Sophos 4.46.0 2009.10.28 - Sunbelt 3.2.1858.2 2009.10.27 - Symantec 1.4.4.12 2009.10.28 - TheHacker 6.5.0.2.056 2009.10.28 - TrendMicro 8.950.0.1094 2009.10.28 - VBA32 3.12.10.11 2009.10.27 - ViRobot 2009.10.28.2009 2009.10.28 - VirusBuster 4.6.5.0 2009.10.28 - weitere Informationen File size: 11372 bytes MD5...: 32b7881cf88c3863165f60d28d88fe9c SHA1..: c1a08d01de40a7d74f55849d5be3b06d79fa7041 SHA256: 7e78600d79e8510be01ea382b3df7968fe91973067e075e33b4e514d049bbff1 ssdeep: 192:6HX621E1UmrNbZs0aZs0L/wOx8AkO6tQVMv7bSL90kLgkR:67v/wU8Awv7bS x0kLRR PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned trid..: Generic INI configuration (100.0%) |
Datei VDAI.ntf empfangen 2009.10.28 18:28:43 (UTC) Status: Beendet Ergebnis: 0/41 (0%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.10.28 - AhnLab-V3 5.0.0.2 2009.10.28 - AntiVir 7.9.1.50 2009.10.28 - Antiy-AVL 2.0.3.7 2009.10.27 - Authentium 5.1.2.4 2009.10.28 - Avast 4.8.1351.0 2009.10.28 - AVG 8.5.0.423 2009.10.28 - BitDefender 7.2 2009.10.28 - CAT-QuickHeal 10.00 2009.10.28 - ClamAV 0.94.1 2009.10.28 - Comodo 2757 2009.10.28 - DrWeb 5.0.0.12182 2009.10.28 - eSafe 7.0.17.0 2009.10.28 - eTrust-Vet 35.1.7087 2009.10.28 - F-Prot 4.5.1.85 2009.10.28 - F-Secure 9.0.15370.0 2009.10.27 - Fortinet 3.120.0.0 2009.10.28 - GData 19 2009.10.28 - Ikarus T3.1.1.72.0 2009.10.28 - Jiangmin 11.0.800 2009.10.26 - K7AntiVirus 7.10.881 2009.10.27 - Kaspersky 7.0.0.125 2009.10.28 - McAfee 5784 2009.10.27 - McAfee+Artemis 5784 2009.10.27 - McAfee-GW-Edition 6.8.5 2009.10.28 - Microsoft 1.5202 2009.10.28 - NOD32 4552 2009.10.28 - Norman 6.03.02 2009.10.27 - nProtect 2009.1.8.0 2009.10.28 - Panda 10.0.2.2 2009.10.27 - PCTools 4.4.2.0 2009.10.19 - Prevx 3.0 2009.10.28 - Rising 21.53.24.00 2009.10.28 - Sophos 4.46.0 2009.10.28 - Sunbelt 3.2.1858.2 2009.10.27 - Symantec 1.4.4.12 2009.10.28 - TheHacker 6.5.0.2.056 2009.10.28 - TrendMicro 8.950.0.1094 2009.10.28 - VBA32 3.12.10.11 2009.10.27 - ViRobot 2009.10.28.2009 2009.10.28 - VirusBuster 4.6.5.0 2009.10.28 - weitere Informationen File size: 3715 bytes MD5...: 6276add393c3ada00c914f8cf073d3df SHA1..: 7eece5c723e894086c0b8d6154a9b76f8b9c2bed SHA256: 49a1652b0d49a571eaa127add2c89aa90a4ec71f5aafa217f462c9d544f997cb ssdeep: 96:XDyTuDZDADzDcDss6DLLRDCDPDxlzDKDCD2DqDaDPGDj95RDzDmDhwDTD8D7f vDx:GYYyl195wLp PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - trid..: Generic INI configuration (100.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned pdfid.: - |
So und jetzt kommt der Hammer: Das ist die Verknüpfung ins Windows Office Verzeichnis: "C:\Programme\Microsoft Office\Office\OSA9.EXE" -b -l Meldung von VT: Die Datei wurde bereits analysiert: MD5: f09f2bd085dfc07acc69f83108787f84 First received: 2009.06.15 07:22:14 UTC Datum 2009.06.15 07:22:14 UTC [>135D] Ergebnisse 0/39 Permalink: analisis/57da5997909f009b43eb49c2270f9321adf98483f5e7c3556fb6e4f820402d89-1245050534 |
Was bedeutet das? Heißt das dass es doch nur eine Office-datei ist, die ein anderer schon mal analysiert hat? |
Gehe auf Analysieren, nicht auf die letzten Ergebnisse bitte. |
ok, da ist die Analyse: Datei OSA9.EXE empfangen 2009.10.28 18:35:48 (UTC) Status: Beendet Ergebnis: 1/41 (2.44%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.10.28 - AhnLab-V3 5.0.0.2 2009.10.28 - AntiVir 7.9.1.50 2009.10.28 - Antiy-AVL 2.0.3.7 2009.10.27 - Authentium 5.1.2.4 2009.10.28 - Avast 4.8.1351.0 2009.10.28 - AVG 8.5.0.423 2009.10.28 - BitDefender 7.2 2009.10.28 - CAT-QuickHeal 10.00 2009.10.28 - ClamAV 0.94.1 2009.10.28 - Comodo 2757 2009.10.28 - DrWeb 5.0.0.12182 2009.10.28 - eSafe 7.0.17.0 2009.10.28 - eTrust-Vet 35.1.7088 2009.10.28 - F-Prot 4.5.1.85 2009.10.28 - F-Secure 9.0.15370.0 2009.10.27 - Fortinet 3.120.0.0 2009.10.28 - GData 19 2009.10.28 - Ikarus T3.1.1.72.0 2009.10.28 - Jiangmin 11.0.800 2009.10.26 - K7AntiVirus 7.10.881 2009.10.27 - Kaspersky 7.0.0.125 2009.10.28 - McAfee 5784 2009.10.27 - McAfee+Artemis 5784 2009.10.27 - McAfee-GW-Edition 6.8.5 2009.10.28 Heuristic.BehavesLike.Win32.Dropper.L Microsoft 1.5202 2009.10.28 - NOD32 4552 2009.10.28 - Norman 6.03.02 2009.10.27 - nProtect 2009.1.8.0 2009.10.28 - Panda 10.0.2.2 2009.10.27 - PCTools 4.4.2.0 2009.10.19 - Prevx 3.0 2009.10.28 - Rising 21.53.24.00 2009.10.28 - Sophos 4.46.0 2009.10.28 - Sunbelt 3.2.1858.2 2009.10.27 - Symantec 1.4.4.12 2009.10.28 - TheHacker 6.5.0.2.056 2009.10.28 - TrendMicro 8.950.0.1094 2009.10.28 - VBA32 3.12.10.11 2009.10.27 - ViRobot 2009.10.28.2009 2009.10.28 - VirusBuster 4.6.5.0 2009.10.28 - weitere Informationen File size: 65588 bytes MD5...: f09f2bd085dfc07acc69f83108787f84 SHA1..: fed3b454b4f8dbb26f10d113aadfbd22242a8633 SHA256: 57da5997909f009b43eb49c2270f9321adf98483f5e7c3556fb6e4f820402d89 ssdeep: 768:T9sf9zPhE7nTWJpsHGGshNdzM3jCUlU1xyOac/z:+1aT+Gs7diCUlUTacb PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x27e8 timedatestamp.....: 0x388815b7 (Fri Jan 21 08:15:51 2000) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x54c1 0x6000 5.64 8f20bb00747b3b34acbc424a351f0f47 .data 0x7000 0x504 0x1000 1.68 94b1d9f1c3986be28677bb790edd5eea .rsrc 0x8000 0x7b18 0x8000 3.65 6476d5097b0f8d36025abd637e2095ba ( 5 imports ) > ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegOpenKeyExA > GDI32.dll: CreateFontIndirectA, SelectPalette, RealizePalette, DeleteObject, GetCharWidth32A, SelectObject, GetStockObject, GetTextExtentPointW, GetDeviceCaps > KERNEL32.dll: GetModuleHandleA, GetStartupInfoA, ExitProcess, IsDBCSLeadByte, GetCommandLineA, GetLastError, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, GlobalDeleteAtom, GlobalAddAtomA, GetACP, CreateProcessA, InterlockedIncrement, InterlockedDecrement, MulDiv, DeleteFileA, MultiByteToWideChar, GetTempFileNameA, GetTempPathA, CloseHandle, CreateMutexA, SetLastError, GetCurrentDirectoryA, SetCurrentDirectoryA, Sleep, WinExec, GetVersion, GlobalHandle, GlobalSize, lstrcatA, lstrcpyA, FindClose, FindFirstFileA, ReadFile, OpenFile, GetProcAddress, LoadLibraryA > ole32.dll: OleInitialize, StgCreateDocfile, CreateFileMoniker, GetRunningObjectTable, CoRegisterClassObject, RegisterDragDrop, RevokeDragDrop, CoUninitialize, OleUninitialize, CoRevokeClassObject, CoInitialize > USER32.dll: DdeInitializeA, DdeCreateStringHandleA, DefWindowProcA, ReuseDDElParam, DdeConnect, DdeQueryConvInfo, DdeFreeStringHandle, DdeClientTransaction, DdeDisconnect, DdeUninitialize, MessageBeep, DispatchMessageA, TranslateMessage, GetMessageA, DestroyWindow, FreeDDElParam, UnpackDDElParam, PostMessageA, PackDDElParam, SendMessageA, DrawMenuBar, DeleteMenu, GetMenuItemCount, GetSystemMenu, CreateWindowExA, GetSystemMetrics, FindWindowA, RegisterClassExA, EnumWindows, MessageBoxA, SetFocus, PostQuitMessage, ReleaseDC, GetDC, WinHelpA, GetActiveWindow, EnableWindow, GetClassNameA, GetWindowThreadProcessId, SetForegroundWindow, SetActiveWindow, GetParent, UnregisterClassA, RegisterClassA, ShowWindow, IsIconic, GetDesktopWindow, SystemParametersInfoA ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable MS Visual C++ (generic) (75.0%) Win32 Executable Generic (16.9%) Generic Win/DOS Executable (3.9%) DOS Executable Generic (3.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Microsoft Corporation copyright....: Copyright(c) Microsoft Corporation 1994-1999. All rights reserved. product......: Microsoft Office 2000 description..: Microsoft Office 2000 component original name: Osa.Exe internal name: Osa file version.: 9.0.3720 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned |
Zitat:
Die Habe ich also auch nochmal analysieren lassen: Datei sqlite3.dll empfangen 2009.10.28 18:49:25 (UTC) Status: Beendet Ergebnis: 0/41 (0%) Antivirus Version letzte aktualisierung Ergebnis a-squared 4.5.0.41 2009.10.28 - AhnLab-V3 5.0.0.2 2009.10.28 - AntiVir 7.9.1.50 2009.10.28 - Antiy-AVL 2.0.3.7 2009.10.27 - Authentium 5.1.2.4 2009.10.28 - Avast 4.8.1351.0 2009.10.28 - AVG 8.5.0.423 2009.10.28 - BitDefender 7.2 2009.10.28 - CAT-QuickHeal 10.00 2009.10.28 - ClamAV 0.94.1 2009.10.28 - Comodo 2758 2009.10.28 - DrWeb 5.0.0.12182 2009.10.28 - eSafe 7.0.17.0 2009.10.28 - eTrust-Vet 35.1.7088 2009.10.28 - F-Prot 4.5.1.85 2009.10.28 - F-Secure 9.0.15370.0 2009.10.27 - Fortinet 3.120.0.0 2009.10.28 - GData 19 2009.10.28 - Ikarus T3.1.1.72.0 2009.10.28 - Jiangmin 11.0.800 2009.10.26 - K7AntiVirus 7.10.881 2009.10.27 - Kaspersky 7.0.0.125 2009.10.28 - McAfee 5784 2009.10.27 - McAfee+Artemis 5784 2009.10.27 - McAfee-GW-Edition 6.8.5 2009.10.28 - Microsoft 1.5202 2009.10.28 - NOD32 4552 2009.10.28 - Norman 6.03.02 2009.10.27 - nProtect 2009.1.8.0 2009.10.28 - Panda 10.0.2.2 2009.10.27 - PCTools 4.4.2.0 2009.10.19 - Prevx 3.0 2009.10.28 - Rising 21.53.24.00 2009.10.28 - Sophos 4.46.0 2009.10.28 - Sunbelt 3.2.1858.2 2009.10.27 - Symantec 1.4.4.12 2009.10.28 - TheHacker 6.5.0.2.056 2009.10.28 - TrendMicro 8.950.0.1094 2009.10.28 - VBA32 3.12.10.11 2009.10.27 - ViRobot 2009.10.28.2009 2009.10.28 - VirusBuster 4.6.5.0 2009.10.28 - weitere Informationen File size: 428024 bytes MD5...: 072f012fbd6c8a69a29cb7d801ef5aa8 SHA1..: 84ab28da7f8592a5baedcfc024c4e87f9d484765 SHA256: 0c657487075538c61d16de210c9de29f71e5c8330e713e685e2d20eb4dec90d3 ssdeep: 12288:Dk3WRCznJ1ei2hpDHbgKdXu29/8pgy3/e:OWRCznJ1ei2hpDHbgKdXu29/ 8pgd PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x5af90 timedatestamp.....: 0x4a92bdb0 (Mon Aug 24 16:20:00 2009) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x5a5de 0x5a600 6.62 65f7ac521b0375d46503f5f797dd492b .rdata 0x5c000 0x9093 0x9200 6.06 2bc8f280545e46e7d4981ca837966afc .data 0x66000 0x108c 0xa00 2.57 33ea2e173624737d64b129186781710a .rsrc 0x68000 0x2f0 0x400 2.50 9a7a62b6cbb6cf0dc971aefcf873963e .reloc 0x69000 0x266c 0x2800 6.34 513b102aed33756e566ca22a8ddea14c ( 2 imports ) > KERNEL32.dll: GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, AreFileApisANSI, Sleep, CloseHandle, ReadFile, GetLastError, SetFilePointer, WriteFile, SetEndOfFile, FlushFileBuffers, GetFileSize, UnlockFile, LockFile, GetFileAttributesA, DeleteFileA, GetFileAttributesW, DeleteFileW, LoadLibraryA, LoadLibraryW, GetProcAddress, FreeLibrary, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTime, GetSystemTimeAsFileTime, DeleteCriticalSection, LockFileEx, InterlockedIncrement, InitializeCriticalSection, GetTempPathA, GetTempPathW, FormatMessageA, CreateFileA, CreateFileW, GetFullPathNameA, GetFullPathNameW, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, InterlockedExchange, DisableThreadLibraryCalls > MOZCRT19.dll: atoi, isxdigit, tolower, isalnum, strncmp, memmove, toupper, qsort, _encode_pointer, _malloc_crt, _encoded_null, _decode_pointer, _initterm, _initterm_e, _amsg_exit, _adjust_fdiv, __CppXcptFilter, _crt_debugger_hook, __clean_type_info_names_internal, _unlock, __dllonexit, _lock, _onexit, _except_handler4_common, memset, realloc, free, malloc, isspace, isdigit, _localtime64_s, memcpy ( 137 exports ) sqlite3_aggregate_context, sqlite3_aggregate_count, sqlite3_auto_extension, sqlite3_bind_blob, sqlite3_bind_double, sqlite3_bind_int, sqlite3_bind_int64, sqlite3_bind_null, sqlite3_bind_parameter_count, sqlite3_bind_parameter_index, sqlite3_bind_parameter_name, sqlite3_bind_text, sqlite3_bind_text16, sqlite3_bind_value, sqlite3_busy_handler, sqlite3_busy_timeout, sqlite3_changes, sqlite3_clear_bindings, sqlite3_close, sqlite3_collation_needed, sqlite3_collation_needed16, sqlite3_column_blob, sqlite3_column_bytes, sqlite3_column_bytes16, sqlite3_column_count, sqlite3_column_decltype, sqlite3_column_decltype16, sqlite3_column_double, sqlite3_column_int, sqlite3_column_int64, sqlite3_column_name, sqlite3_column_name16, sqlite3_column_text, sqlite3_column_text16, sqlite3_column_type, sqlite3_column_value, sqlite3_commit_hook, sqlite3_complete, sqlite3_complete16, sqlite3_config, sqlite3_create_collation, sqlite3_create_collation16, sqlite3_create_function, sqlite3_create_function16, sqlite3_create_module, sqlite3_data_count, sqlite3_db_handle, sqlite3_declare_vtab, sqlite3_enable_load_extension, sqlite3_enable_shared_cache, sqlite3_errcode, sqlite3_errmsg, sqlite3_errmsg16, sqlite3_exec, sqlite3_expired, sqlite3_extended_result_codes, sqlite3_file_control, sqlite3_finalize, sqlite3_free, sqlite3_free_table, sqlite3_get_autocommit, sqlite3_get_auxdata, sqlite3_get_table, sqlite3_global_recover, sqlite3_initialize, sqlite3_interrupt, sqlite3_last_insert_rowid, sqlite3_libversion, sqlite3_libversion_number, sqlite3_load_extension, sqlite3_malloc, sqlite3_memory_alarm, sqlite3_memory_highwater, sqlite3_memory_used, sqlite3_mprintf, sqlite3_mutex_alloc, sqlite3_mutex_enter, sqlite3_mutex_free, sqlite3_mutex_leave, sqlite3_mutex_try, sqlite3_open, sqlite3_open16, sqlite3_open_v2, sqlite3_overload_function, sqlite3_prepare, sqlite3_prepare16, sqlite3_prepare16_v2, sqlite3_prepare_v2, sqlite3_profile, sqlite3_progress_handler, sqlite3_realloc, sqlite3_release_memory, sqlite3_reset, sqlite3_reset_auto_extension, sqlite3_result_blob, sqlite3_result_double, sqlite3_result_error, sqlite3_result_error16, sqlite3_result_int, sqlite3_result_int64, sqlite3_result_null, sqlite3_result_text, sqlite3_result_text16, sqlite3_result_text16be, sqlite3_result_text16le, sqlite3_result_value, sqlite3_rollback_hook, sqlite3_set_authorizer, sqlite3_set_auxdata, sqlite3_shutdown, sqlite3_sleep, sqlite3_snprintf, sqlite3_sql, sqlite3_step, sqlite3_thread_cleanup, sqlite3_total_changes, sqlite3_trace, sqlite3_transfer_bindings, sqlite3_update_hook, sqlite3_user_data, sqlite3_value_blob, sqlite3_value_bytes, sqlite3_value_bytes16, sqlite3_value_double, sqlite3_value_int, sqlite3_value_int64, sqlite3_value_numeric_type, sqlite3_value_text, sqlite3_value_text16, sqlite3_value_text16be, sqlite3_value_text16le, sqlite3_value_type, sqlite3_version, sqlite3_vfs_find, sqlite3_vfs_register, sqlite3_vfs_unregister, sqlite3_vmprintf RDS...: NSRL Reference Data Set - pdfid.: - trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: sqlite.org copyright....: n/a product......: SQLite Database Library description..: SQLite Database Library original name: sqlite3.dll internal name: sqlite3 file version.: 3.6.10 comments.....: n/a signers......: Mozilla Corporation Thawte Code Signing CA Thawte Premium Server CA signing date.: 9:15 PM 8/24/2009 verified.....: - |
Bin mal 30 Minuten weg. Bis gleich :) |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 19:10 Uhr. |
Copyright ©2000-2025, Trojaner-Board