winbug32.rom Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.19.2 2008.09.19 Win-Trojan/Fraudload.33280.V
AntiVir 7.8.1.34 2008.09.19 TR/Crypt.FD
Authentium 5.1.0.4 2008.09.19 -
Avast 4.8.1195.0 2008.09.19 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.09.19 Agent_r.AL
BitDefender 7.2 2008.09.19 Trojan.Crypt.FD
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.19 Trojan.Mezzia-215
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 Win32/VMalum.DTRW
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.19 -
F-Secure 8.0.14332.0 2008.09.20 Trojan-Downloader.Win32.FraudLoad.cra
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 Trojan-Downloader.Win32.FraudLoad.cra
Ikarus T3.1.1.34.0 2008.09.19 Trojan.FakeCodecs.O
K7AntiVirus 7.10.464 2008.09.19 Trojan-Downloader.Win32.FraudLoad.cra
Kaspersky 7.0.0.125 2008.09.20 Trojan-Downloader.Win32.FraudLoad.cra
McAfee 5388 2008.09.19 Downloader.gen.a
Microsoft 1.3903 2008.09.20 Trojan:Win32/Nebuler.gen!D
NOD32v2 3457 2008.09.19 probably a variant of Win32/TrojanDownloader.Agent
Norman 5.80.02 2008.09.19 Nebuler.A
Panda 9.0.0.4 2008.09.20 Suspicious file
PCTools 4.4.2.0 2008.09.19 -
Prevx1 V2 2008.09.20 Cloaked Malware
Rising 20.62.52.00 2008.09.20 Trojan.DL.Win32.Undef.ann
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1651.1 2008.09.19 Trojan.Crypt.FD
Symantec 10 2008.09.19 Backdoor.Trojan
TheHacker 6.3.0.9.089 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 TROJ_AGENT.AWAK
VBA32 3.12.8.5 2008.09.19 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.19 -
Webwasher-Gateway 6.6.2 2008.07.21 -
weitere Informationen
File size: 33280 bytes
MD5...: 8d5eeb7aab9abde469921e22f28db633
SHA1..: c839ae48e294e34943d65b4bc9d5ff4299e054e2
SHA256: 3fb9571cd857392a9a59270c5eb80762ec41ad27cf9031d2481536016bc69ba5
SHA512: 9bb117eeca2c123eeee2a3a64159eec27084d001501aa563009403190b323d64
d0b6657302bd621f1b76d167f425443f50e3c3a9606b653634bc78ba25d9de21
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10001024
timedatestamp.....: 0x48924b7e (Thu Jul 31 23:32:14 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x63de 0x6400 6.22 62ed81d3e5e99e35eac3e9a2eb6d08e6
.rdata 0x8000 0xdc2 0xe00 5.19 637ddae782de2efe7cfaf3459e6fe5eb
.data 0x9000 0x34a4 0x400 5.54 34155a0b5844a5c4c8fa3bce84a40663
.reloc 0xd000 0x770 0x800 5.85 15c6864f273b97891a042d40f5365c15
( 4 imports )
> KERNEL32.dll: CreateProcessA, GetTempPathA, lstrlenA, GetSystemTime, lstrcatA, lstrcpynA, CreateThread, GetLastError, WaitForSingleObject, lstrcmpA, CreateEventA, GetLocaleInfoA, MoveFileExA, GetModuleHandleA, FreeLibrary, GetSystemDirectoryA, SystemTimeToFileTime, GetCurrentThreadId, GetVersionExA, SetEvent, lstrcmpiA, GetProcAddress, VirtualAlloc, lstrcpyA, VirtualFree, GetWindowsDirectoryA, CreateFileA, GetFileSize, WritePrivateProfileStringA, OpenProcess, MoveFileA, GetVolumeInformationA, ReadProcessMemory, ReadFile, VirtualProtectEx, GetTempFileNameA, HeapAlloc, DeleteFileA, HeapFree, GetProcessHeap, GetThreadContext, SetThreadContext, VirtualQueryEx, GlobalAlloc, TerminateProcess, GlobalFree, ResumeThread, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, VirtualQuery, RtlUnwind, GetVersion, Sleep, ExitProcess, CloseHandle, CreateMutexA, GetModuleFileNameA, WriteFile, FindAtomA, GetLocalTime, LoadLibraryA, GetTickCount, IsDebuggerPresent
> USER32.dll: GetThreadDesktop, SetThreadDesktop, CloseDesktop, OpenInputDesktop, FindWindowExA, FindWindowA, DispatchMessageA, GetMessageA, GetWindowThreadProcessId, GetWindowRect, CreateWindowExA, RegisterClassExA, DefWindowProcA, SetWindowsHookExA, GetFocus, GetCursorPos, EqualRect, TranslateMessage, IsWindowVisible, InflateRect, LoadCursorA, LoadIconA, CallNextHookEx, GetCaretPos, PostMessageA, wsprintfA, ClientToScreen
> ADVAPI32.dll: RegEnumValueA, RegEnumKeyExA, RegCreateKeyExA, RegOpenKeyExA, RegCloseKey, RegDeleteValueA, CreateProcessAsUserA, RegQueryValueExA, OpenProcessToken, RegDeleteKeyA
> SHLWAPI.dll: SHDeleteValueA, SHSetValueA, SHGetValueA, SHDeleteKeyA
( 5 exports )
SKGInst, SKGRun, SKGShutdown, SKGStartup, SKGTest
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1076A0C8003B7BF0823F0051C3BBD600394E144E uiwbrdr.sys Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.9.19.2 2008.09.19 -
AntiVir 7.8.1.34 2008.09.19 -
Authentium 5.1.0.4 2008.09.19 -
Avast 4.8.1195.0 2008.09.19 -
AVG 8.0.0.161 2008.09.19 -
BitDefender 7.2 2008.09.19 -
CAT-QuickHeal 9.50 2008.09.20 -
ClamAV 0.93.1 2008.09.19 -
DrWeb 4.44.0.09170 2008.09.20 -
eSafe 7.0.17.0 2008.09.18 -
eTrust-Vet 31.6.6095 2008.09.19 -
Ewido 4.0 2008.09.20 -
F-Prot 4.4.4.56 2008.09.19 -
Fortinet 3.113.0.0 2008.09.20 -
GData 19 2008.09.20 -
Ikarus T3.1.1.34.0 2008.09.19 -
K7AntiVirus 7.10.464 2008.09.19 -
Kaspersky 7.0.0.125 2008.09.20 -
McAfee 5388 2008.09.19 -
Microsoft 1.3903 2008.09.20 -
NOD32v2 3457 2008.09.19 -
Norman 5.80.02 2008.09.19 -
Panda 9.0.0.4 2008.09.20 -
PCTools 4.4.2.0 2008.09.19 -
Prevx1 V2 2008.09.20 -
Rising 20.62.52.00 2008.09.20 -
Sophos 4.33.0 2008.09.20 -
Sunbelt 3.1.1651.1 2008.09.19 -
Symantec 10 2008.09.19 -
TheHacker 6.3.0.9.089 2008.09.20 -
TrendMicro 8.700.0.1004 2008.09.20 -
VBA32 3.12.8.5 2008.09.19 -
ViRobot 2008.9.20.1385 2008.09.20 -
VirusBuster 4.5.11.0 2008.09.19 -
Webwasher-Gateway 6.6.2 2008.07.21 -
weitere Informationen
File size: 272896 bytes
MD5...: d10b8d5077ee593de0b7c0125be54453
SHA1..: 43586c8bb33b7ef40d5bce44fe22342d37215eec
SHA256: 102139e23ce1acdc0bf90f850a4e41a38fd9aa7e760703dcc49e4ffbfacda1c7
SHA512: e445706fbf992bb6ea9499da2aeb1fcb1b6a9b877eaedf01dcc33ccab8d8956f
8f844540ec2eeff01759a260cdb2930e45393f002009331336ac15dcb3c3e543
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x52000
timedatestamp.....: 0x488ed9bb (Tue Jul 29 08:50:03 2008)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xe008 0xe200 6.63 7afb63fa804496c3eac1a3268d80f3e4
.rdata 0x10000 0xe44 0x1000 5.09 0215293bc6f72259e72674c4709f1088
.data 0x11000 0x1204 0x600 3.79 26e03b8ac628da6d8656c41b93ebd91a
PAGE 0x13000 0x2d0d0 0x2d200 6.52 4b3b2c902b49695243983a6cf1942bd5
.edata 0x41000 0x33 0x200 0.50 696a385625bbf0a056ee6e137f567cef
INIT 0x42000 0x1d96 0x1e00 6.00 cf26b3162ac8c622dcf0a6552dd45aa1
.rsrc 0x44000 0x3d0 0x400 3.20 17ab347fa06b635fd1cb6a59409b4926
.reloc 0x45000 0x3660 0x3800 6.55 542f3f7887d998590081b2a1a70ec7e2
( 3 imports )
> ntoskrnl.exe: ExAllocatePoolWithTag, RtlIntegerToUnicodeString, IoGetRequestorSessionId, ExFreePoolWithTag, RtlUpcaseUnicodeChar, KeSetEvent, KeInitializeEvent, KeQuerySystemTime, MmUnlockPages, KeWaitForSingleObject, IofCallDriver, IoSetTopLevelIrp, IoGetTopLevelIrp, IoBuildPartialMdl, MmBuildMdlForNonPagedPool, IoFreeIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, IoAllocateIrp, _except_handler3, RtlAbsoluteToSelfRelativeSD, RtlSetDaclSecurityDescriptor, RtlAddAccessAllowedAce, RtlLengthSid, RtlGetDaclSecurityDescriptor, RtlSelfRelativeToAbsoluteSD, ZwSetSecurityObject, ZwQuerySecurityObject, RtlInitUnicodeString, KeWaitForMultipleObjects, KeDelayExecutionThread, RtlEqualUnicodeString, FsRtlIsNameInExpression, RtlUpcaseUnicodeString, IofCompleteRequest, ZwQueryValueKey, ZwOpenKey, IoDeleteSymbolicLink, IoCreateSymbolicLink, FsRtlNotifyUninitializeSync, FsRtlNotifyInitializeSync, RtlPrefixUnicodeString, FsRtlNotifyFullReportChange, FsRtlDissectName, FsRtlNotifyCleanup, FsRtlNotifyFullChangeDirectory, ExIsResourceAcquiredExclusiveLite, ExDeleteResourceLite, ExInitializeResourceLite, IoGetRelatedDeviceObject, IoFileObjectType, ZwOpenFile, RtlCopyUnicodeString, IoGetCurrentProcess, ExReleaseResourceLite, ExAcquireResourceExclusiveLite, KeTickCount, KeBugCheckEx, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlCompareUnicodeString, RtlAssert, IoReleaseCancelSpinLock, RtlLengthSecurityDescriptor, ExAcquireResourceSharedLite, _abnormal_termination, IoGetStackLimits, IoCheckShareAccess, IoRemoveShareAccess, IoSetShareAccess, IoUpdateShareAccess, SeQuerySessionIdToken, FsRtlDoesNameContainWildCards, memmove, FsRtlIsNtstatusExpected, CcSetFileSizes, _stricmp, PsGetProcessImageFileName, IoGetRequestorProcess, KeGetCurrentThread, KeLeaveCriticalRegion, IoIsOperationSynchronous, KeEnterCriticalRegion, MmGetSystemRoutineAddress, KeReleaseMutex, ExReleaseFastMutexUnsafe, ExAcquireFastMutexUnsafe, IoCreateDevice, IoDeleteDevice, KeInitializeMutex, ExInitializeNPagedLookasideList, ObReferenceObjectByHandle, IoWMIRegistrationControl, ExDeleteNPagedLookasideList, IoUnregisterFileSystem, FsRtlDeregisterUncProvider, IoRegisterFileSystem, FsRtlRegisterUncProvider, SeReleaseSubjectContext, SeCaptureSubjectContext, ExQueueWorkItem, IoRaiseInformationalHardError, SeQueryAuthenticationIdToken, IoCheckEaBufferValidity, CcUninitializeCacheMap, FsRtlFastUnlockAll, FsRtlFastUnlockSingle, ExSetResourceOwnerPointer, FsRtlProcessFileLock, _local_unwind2, RtlCreateUnicodeString, ZwQuerySymbolicLinkObject, ZwOpenSymbolicLinkObject, ZwOpenDirectoryObject, wcschr, MmCanFileBeTruncated, RtlFreeUnicodeString, ProbeForWrite, ProbeForRead, RtlCompareMemory, ExConvertExclusiveToSharedLite, MmMapLockedPagesSpecifyCache, CcInitializeCacheMap, FsRtlNormalizeNtstatus, ExRaiseStatus, MmFlushImageSection, ExReleaseResourceForThreadLite, ExfInterlockedAddUlong, KeResetEvent, CcPrepareMdlWrite, CcCopyWrite, CcSetReadAheadGranularity, FsRtlCheckLockForWriteAccess, ExIsResourceAcquiredSharedLite, CcPurgeCacheSection, CcFlushCache, CcDeferWrite, CcCanIWrite, CcMdlRead, CcCopyRead, CcSetAdditionalCacheAttributes, FsRtlCheckLockForReadAccess, FsRtlPostStackOverflow, MmForceSectionClosed, CcMdlReadComplete, CcMdlWriteComplete, KeClearEvent, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, _allmul, FsRtlInitializeFileLock, SeTokenIsRestricted, sprintf, FsRtlUninitializeFileLock, ExAllocatePoolWithTagPriority, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, ExAcquireSharedWaitForExclusive, ExAcquireSharedStarveExclusive, PsCreateSystemThread, PsTerminateSystemThread, ObReferenceObjectByPointer, PsThreadType, KeInsertQueue, KeRemoveQueue, KeInitializeQueue, KeRundownQueue, PsIsThreadTerminating, RtlGetVersion, ZwQuerySystemInformation, MmQuerySystemSize, LsaFreeReturnBuffer, RtlGetCallersAddress, KeCancelTimer, KeSetTimer, KefReleaseSpinLockFromDpcLevel, KefAcquireSpinLockAtDpcLevel, _alldiv, KeInitializeTimer, KeInitializeDpc, IoCancelIrp, CcFastCopyRead, CcFastCopyWrite, CcZeroData, ObfDereferenceObject, ZwClose, ZwCreateFile, ExFreePool, DbgPrint
> HAL.dll: KeGetCurrentIrql, KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex
> ksecdd.sys: GetSecurityUserInfo
( 0 exports )
packers (Kaspersky): PE_Patch |