john.doe | 09.08.2009 19:08 | Es ist schon interessant zu beobachten, wie von den 39 angemailten AVP/AMP-Herstellern reagiert wird. Die Mails wurden am 23.7. um 17:17 Uhr verschickt. Der erste Download erfolgte am 23.7. um 17:41 Uhr. Der letzte am 27.7. um 13:02 Uhr. Von den 39 Herstellern habe gerade einmal 14 die Dateien geladen. Klar, Malwarebytes zeigt ja auch nur Bifrost an, wird schon nicht so schlimm sein. :schmoll:
Es gibt schon einen Grund, warum ich kein AVP benutze. Code:
Datei svchost.exe empfangen 2009.08.09 18:05:44 (UTC)
Status: Beendet
Ergebnis: 6/40 (15%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 5.0.0.2 2009.08.08 -
AntiVir 7.9.0.248 2009.08.09 TR/Spy.Agent.ixe
Antiy-AVL 2.0.3.7 2009.08.07 -
Authentium 5.1.2.4 2009.08.09 -
Avast 4.8.1335.0 2009.08.08 -
AVG 8.5.0.406 2009.08.09 -
BitDefender 7.2 2009.08.09 -
CAT-QuickHeal 10.00 2009.08.08 -
ClamAV 0.94.1 2009.08.07 -
Comodo 1922 2009.08.09 -
DrWeb 5.0.0.12182 2009.08.09 -
eSafe 7.0.17.0 2009.08.09 -
eTrust-Vet 31.6.6667 2009.08.08 -
F-Prot 4.4.4.56 2009.08.09 -
F-Secure 8.0.14470.0 2009.08.09 -
Fortinet 3.120.0.0 2009.08.09 -
GData 19 2009.08.09 -
Ikarus T3.1.1.64.0 2009.08.09 Win32.Outbreak
Jiangmin 11.0.800 2009.08.09 -
K7AntiVirus 7.10.814 2009.08.08 -
Kaspersky 7.0.0.125 2009.08.09 -
McAfee 5704 2009.08.09 -
McAfee+Artemis 5704 2009.08.09 -
McAfee-GW-Edition 6.8.5 2009.08.09 Trojan.Spy.Agent.ixe
Microsoft 1.4903 2009.08.09 -
NOD32 4319 2009.08.09 -
Norman 6.01.09 2009.08.07 -
nProtect 2009.1.8.0 2009.08.09 -
Panda 10.0.0.14 2009.08.09 -
PCTools 4.4.2.0 2009.08.09 -
Prevx 3.0 2009.08.09 Medium Risk Malware
Rising 21.41.62.00 2009.08.09 -
Sophos 4.44.0 2009.08.09 Mal/GamePSW-C
Sunbelt 3.2.1858.2 2009.08.09 -
Symantec 1.4.4.12 2009.08.09 -
TheHacker 6.3.4.3.378 2009.08.08 -
TrendMicro 8.950.0.1094 2009.08.08 -
VBA32 3.12.10.9 2009.08.09 -
ViRobot 2009.8.8.1875 2009.08.08 -
VirusBuster 4.6.5.0 2009.08.09 TrojanSpy.Agent.NIWT
weitere Informationen
File size: 73729 bytes
MD5...: 4456aea8dfde1edfc05d7fa85780ba54
SHA1..: 190967915cb31dd2ec6256662a464c577a48411a
SHA256: 09f3073e334661f75e5e0ae0bf4afe0ee50448be29a983d69cd0a4321f1f9c63
ssdeep: 384:mXI2oVXstkGV7RGhVUxbCR4jV/AB9a6kH/W1xq3UZU9w1xq3UZU9kw:etkU7
LFW4pAB9EfUZU9qZU9/
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x224b
timedatestamp.....: 0x4853c0e8 (Sat Jun 14 13:00:24 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x176b 0x2000 5.02 dedc57697fa7b9189a307eb7d11812be
.rdata 0x3000 0x10ca 0x2000 3.42 86b5561120136059778b8cb23148df2e
.data 0x5000 0x4d4 0x1000 0.14 736e8bcc590ada821603a677ad2d0ab6
.rsrc 0x6000 0xbe0c 0xc000 4.37 ea973c4df23b679d7749055891235243
( 6 imports )
> WININET.dll: InternetCloseHandle, FtpPutFileA, InternetConnectA, InternetOpenA
> KERNEL32.dll: QueryPerformanceCounter, CreateThread, TerminateThread, Sleep, GetModuleHandleW, GetModuleFileNameA, GetSystemDirectoryA, CreateDirectoryA, CopyFileA, GetTickCount, TerminateProcess, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetStartupInfoW, InterlockedCompareExchange, InterlockedExchange, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime
> USER32.dll: FindWindowA, GetAsyncKeyState, DefWindowProcW, KillTimer, EndPaint, BeginPaint, CreateWindowExW, RegisterClassExW, DispatchMessageW, TranslateMessage, GetMessageW, SetTimer, PostQuitMessage
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegSetValueExA, RegOpenKeyExA
> MSVCP80.dll: __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBDABV10@@Z, __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z
> MSVCR80.dll: __p__commode, __p__fmode, __set_app_type, _crt_debugger_hook, _except_handler4_common, __CxxFrameHandler3, _controlfp_s, _invoke_watson, __3@YAXPAX@Z, fopen, fputs, fclose, fputc, atoi, __2@YAPAXI@Z, _unlock, _encode_pointer, __dllonexit, _lock, _onexit, _decode_pointer, _amsg_exit, __wgetmainargs, _cexit, _exit, _XcptFilter, exit, _wcmdln, _initterm, _initterm_e, _configthreadlocale, __setusermatherr, _adjust_fdiv
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=4456aea8dfde1edfc05d7fa85780ba54' target='_blank'>http://www.threatexpert.com/report.aspx?md5=4456aea8dfde1edfc05d7fa85780ba54</a>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=1931847E012D0F4320AB012DDDE82A003CC5645D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=1931847E012D0F4320AB012DDDE82A003CC5645D</a> Code:
Datei WindowsUpdate.exe empfangen 2009.08.09 18:28:24 (UTC)
Status: Beendet
Ergebnis: 7/41 (17.08%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.08.09 Win32.Outbreak!IK
AhnLab-V3 5.0.0.2 2009.08.08 -
AntiVir 7.9.0.248 2009.08.09 TR/Spy.Agent.ixe
Antiy-AVL 2.0.3.7 2009.08.07 -
Authentium 5.1.2.4 2009.08.09 -
Avast 4.8.1335.0 2009.08.08 -
AVG 8.5.0.406 2009.08.09 -
BitDefender 7.2 2009.08.09 -
CAT-QuickHeal 10.00 2009.08.08 -
ClamAV 0.94.1 2009.08.07 -
Comodo 1922 2009.08.09 -
DrWeb 5.0.0.12182 2009.08.09 -
eSafe 7.0.17.0 2009.08.09 -
eTrust-Vet 31.6.6667 2009.08.08 -
F-Prot 4.4.4.56 2009.08.09 -
F-Secure 8.0.14470.0 2009.08.09 -
Fortinet 3.120.0.0 2009.08.09 -
GData 19 2009.08.09 -
Ikarus T3.1.1.64.0 2009.08.09 Win32.Outbreak
Jiangmin 11.0.800 2009.08.09 -
K7AntiVirus 7.10.814 2009.08.08 -
Kaspersky 7.0.0.125 2009.08.09 -
McAfee 5704 2009.08.09 -
McAfee+Artemis 5704 2009.08.09 -
McAfee-GW-Edition 6.8.5 2009.08.09 Trojan.Spy.Agent.ixe
Microsoft 1.4903 2009.08.09 -
NOD32 4319 2009.08.09 -
Norman 6.01.09 2009.08.07 -
nProtect 2009.1.8.0 2009.08.09 -
Panda 10.0.0.14 2009.08.09 -
PCTools 4.4.2.0 2009.08.09 -
Prevx 3.0 2009.08.09 Medium Risk Malware
Rising 21.41.62.00 2009.08.09 -
Sophos 4.44.0 2009.08.09 Mal/GamePSW-C
Sunbelt 3.2.1858.2 2009.08.09 -
Symantec 1.4.4.12 2009.08.09 -
TheHacker 6.3.4.3.378 2009.08.08 -
TrendMicro 8.950.0.1094 2009.08.08 -
VBA32 3.12.10.9 2009.08.09 -
ViRobot 2009.8.8.1875 2009.08.08 -
VirusBuster 4.6.5.0 2009.08.09 TrojanSpy.Agent.NIWT
weitere Informationen
File size: 73729 bytes
MD5...: 4456aea8dfde1edfc05d7fa85780ba54
SHA1..: 190967915cb31dd2ec6256662a464c577a48411a
SHA256: 09f3073e334661f75e5e0ae0bf4afe0ee50448be29a983d69cd0a4321f1f9c63
ssdeep: 384:mXI2oVXstkGV7RGhVUxbCR4jV/AB9a6kH/W1xq3UZU9w1xq3UZU9kw:etkU7
LFW4pAB9EfUZU9qZU9/
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x224b
timedatestamp.....: 0x4853c0e8 (Sat Jun 14 13:00:24 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x176b 0x2000 5.02 dedc57697fa7b9189a307eb7d11812be
.rdata 0x3000 0x10ca 0x2000 3.42 86b5561120136059778b8cb23148df2e
.data 0x5000 0x4d4 0x1000 0.14 736e8bcc590ada821603a677ad2d0ab6
.rsrc 0x6000 0xbe0c 0xc000 4.37 ea973c4df23b679d7749055891235243
( 6 imports )
> WININET.dll: InternetCloseHandle, FtpPutFileA, InternetConnectA, InternetOpenA
> KERNEL32.dll: QueryPerformanceCounter, CreateThread, TerminateThread, Sleep, GetModuleHandleW, GetModuleFileNameA, GetSystemDirectoryA, CreateDirectoryA, CopyFileA, GetTickCount, TerminateProcess, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetStartupInfoW, InterlockedCompareExchange, InterlockedExchange, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime
> USER32.dll: FindWindowA, GetAsyncKeyState, DefWindowProcW, KillTimer, EndPaint, BeginPaint, CreateWindowExW, RegisterClassExW, DispatchMessageW, TranslateMessage, GetMessageW, SetTimer, PostQuitMessage
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegSetValueExA, RegOpenKeyExA
> MSVCP80.dll: __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBDABV10@@Z, __$_HDU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __$_9DU_$char_traits@D@std@@V_$allocator@D@1@@std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z
> MSVCR80.dll: __p__commode, __p__fmode, __set_app_type, _crt_debugger_hook, _except_handler4_common, __CxxFrameHandler3, _controlfp_s, _invoke_watson, __3@YAXPAX@Z, fopen, fputs, fclose, fputc, atoi, __2@YAPAXI@Z, _unlock, _encode_pointer, __dllonexit, _lock, _onexit, _decode_pointer, _amsg_exit, __wgetmainargs, _cexit, _exit, _XcptFilter, exit, _wcmdln, _initterm, _initterm_e, _configthreadlocale, __setusermatherr, _adjust_fdiv
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=4456aea8dfde1edfc05d7fa85780ba54' target='_blank'>http://www.threatexpert.com/report.aspx?md5=4456aea8dfde1edfc05d7fa85780ba54</a>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=1931847E012D0F4320AB012DDDE82A003CC5645D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=1931847E012D0F4320AB012DDDE82A003CC5645D</a> ciao, andreas |