Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   Ist das Virus oder nicht? (https://www.trojaner-board.de/62905-virus.html)

dartfeld 25.10.2008 18:20
Ist das Virus oder nicht?
 
Hallo hab mal ne datei auf virustotal.com hochgeladen rarreg hat sich kein scanner beschwert wohl aber bei der .exe hier die Auswertung:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.18.0 2008.10.18 -
AntiVir 7.9.0.5 2008.10.17 -
Authentium 5.1.0.4 2008.10.18 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.17 -
BitDefender 7.2 2008.10.18 -
CAT-QuickHeal 9.50 2008.10.18 -
ClamAV 0.93.1 2008.10.18 -
DrWeb 4.44.0.09170 2008.10.18 -
eSafe 7.0.17.0 2008.10.16 ��������������������
eTrust-Vet 31.6.6154 2008.10.17 -
Ewido 4.0 2008.10.18 -
F-Prot 4.4.4.56 2008.10.17 -
F-Secure 8.0.14332.0 2008.10.18 Suspicious:W32/Perfloger.o!Gemini
Fortinet 3.113.0.0 2008.10.17 -
GData 19 2008.10.18 -
Ikarus T3.1.1.44.0 2008.10.18 -
K7AntiVirus 7.10.498 2008.10.17 -
Kaspersky 7.0.0.125 2008.10.18 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.18 -
NOD32 3534 2008.10.18 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.18 -
PCTools 4.4.2.0 2008.10.17 -
Prevx1 V2 2008.10.18 Suspicious
Rising 20.66.52.00 2008.10.18 -
SecureWeb-Gateway 6.7.6 2008.10.18 -
Sophos 4.34.0 2008.10.18 -
Sunbelt 3.1.1732.1 2008.10.18 Trojan-GameThief.Win32.Magania.adxx
Symantec 10 2008.10.18 -
TheHacker 6.3.1.0.118 2008.10.17 -
TrendMicro 8.700.0.1004 2008.10.17 -
VBA32 3.12.8.7 2008.10.17 -
ViRobot 2008.10.18.1426 2008.10.18 -
VirusBuster 4.5.11.0 2008.10.17 -
weitere Informationen
File size: 1235242 bytes
MD5...: 176379d08a2c54f20548a7f2c43182e7
SHA1..: 21bd9c2eac26b6f32f455eede9169474aae41735
SHA256: a8bbd88da49a386b203e9d98f832cc805578f5a85c3db30499 e1ee1109186543
SHA512: 89b951c806f213c429376e8c7b0792faec8d2864a755c4738c 64c6805c52e39d
73dc9feefb7d1c36a54cfd9bf076ec731f2ac4a271d0920a45 ff0e9590084637
PEiD..: -
TrID..: File type identification
WinRAR Self Extracting archive (95.7%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Win32 Executable Watcom C++ (generic) (0.4%)
Generic Win/DOS Executable (0.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401000
timedatestamp.....: 0x48761595 (Thu Jul 10 13:58:45 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x11000 0x10c00 6.43 72ea52a5c653c58b8261153a04fde271
.data 0x12000 0x4000 0xa00 4.82 17d4a2350e324586bc9d1aaf2c1f0acc
.idata 0x16000 0x1000 0x1000 4.82 e27ffcd8a94845acb5ff60b94d525d99
.rsrc 0x17000 0x6000 0x6000 6.79 304fa9cdfaa8296eeb7a500e848814b2

( 8 imports )
> ADVAPI32.DLL: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA
> KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetSystemTime, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
> COMCTL32.DLL: -
> COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA
> GDI32.DLL: DeleteObject
> SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
> USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
> OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize

( 0 exports )
Prevx info: Prevx CSI solutions for business
ThreatExpert info: ThreatExpert Report
packers (Kaspersky): PE_Patch, Edit
packers (F-Prot): RAR
ist das jetzt en virus oder waren die 2/3 Alarme Fehlalarme.
Danke für eure Antworten.


Bitte beachte die NUBs
Der Rest steht ausführlich in der PN
Gruß cad


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55