psychoaki | 04.05.2009 09:52 | SET20.tmp Code:
a-squared 4.0.0.101 2009.05.04 -
AhnLab-V3 5.0.0.2 2009.05.03 -
AntiVir 7.9.0.160 2009.05.04 -
Antiy-AVL 2.0.3.1 2009.04.30 -
Authentium 5.1.2.4 2009.05.03 -
Avast 4.8.1335.0 2009.05.03 -
AVG 8.5.0.327 2009.05.03 -
BitDefender 7.2 2009.05.04 -
CAT-QuickHeal 10.00 2009.05.04 -
ClamAV 0.94.1 2009.05.04 -
Comodo 1149 2009.05.03 -
DrWeb 4.44.0.09170 2009.05.04 -
eSafe 7.0.17.0 2009.05.03 -
eTrust-Vet 31.6.6487 2009.05.02 -
F-Prot 4.4.4.56 2009.05.03 -
F-Secure 8.0.14470.0 2009.05.04 -
Fortinet 3.117.0.0 2009.05.04 -
GData 19 2009.05.04 -
Ikarus T3.1.1.49.0 2009.05.04 -
K7AntiVirus 7.10.722 2009.05.02 -
Kaspersky 7.0.0.125 2009.05.04 -
McAfee 5604 2009.05.03 -
McAfee+Artemis 5604 2009.05.03 -
McAfee-GW-Edition 6.7.6 2009.05.04 -
Microsoft 1.4602 2009.05.04 -
NOD32 4050 2009.05.03 -
Norman 6.01.05 2009.04.30 -
nProtect 2009.1.8.0 2009.05.04 -
Panda 10.0.0.14 2009.05.03 -
PCTools 4.4.2.0 2009.05.03 -
Prevx1 3.0 2009.05.04 -
Rising 21.28.01.00 2009.05.04 -
Sophos 4.41.0 2009.05.04 -
Sunbelt 3.2.1858.2 2009.05.03 -
Symantec 1.4.4.12 2009.05.04 -
TheHacker 6.3.4.1.318 2009.05.03 -
TrendMicro 8.950.0.1092 2009.05.04 -
VBA32 3.12.10.4 2009.05.04 -
ViRobot 2009.5.4.1718 2009.05.04 -
VirusBuster 4.6.5.0 2009.05.03 -
weitere Informationen
File size: 826368 bytes
MD5...: 9f434e15a82d1322fb6860e317783e57
SHA1..: b56b644bca830632069c0bb6531d86f36398b9c5
SHA256: a9418499ed4b920eb4ea86be92a2bc0a7b0f1c6b65b0e804110e0e519f534f34
SHA512: 5ef42264e399786c63467e2a575061c41508c934f564aea3d70ed5b7ae1c96bd
e07b46c0076bbb3d3ced07849aa3fbd2a80af8a0ba788f95121233bf1cd501e3
ssdeep: 12288:ZySFDWc1uR1UKPeoWb6pCnew9OmaoSksjVZpBVpbgkMMIMMutuElREJ:9i
c1A2K1xQxaoKp1bgkMMIMMurE
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1784
timedatestamp.....: 0x49ac73d6 (Tue Mar 03 00:03:34 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9b1d0 0x9b200 6.60 e518d72b4d5f0559bb1c8ad8c990a725
.data 0x9d000 0x7780 0x4000 1.45 dd1e746927d46d06478b2f58a489cad4
.rsrc 0xa5000 0x24d50 0x24e00 4.73 a29bddfdfb84eb391b8d682a438e1186
.reloc 0xca000 0x568c 0x5800 6.72 c7657d7c60a35008d68c35003acb6da5
( 8 imports )
> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, _iob, isleadbyte, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, islower, __isascii, strtol, memmove, strrchr, atoi, realloc, free, malloc, wcstok, _vsnprintf, memcpy, memset, _vsnwprintf, wcsncmp, bsearch, _wcsnicmp, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, strtoul, time, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr
> ntdll.dll: RtlConvertSidToUnicodeString, RtlUnwind, RtlMoveMemory
> SHLWAPI.dll: SHRegGetValueW, PathAddBackslashW, -, SHRegGetValueA, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, PathCombineW, PathFindFileNameW, StrStrIA
> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, TraceEvent, DuplicateTokenEx, ConvertStringSidToSidA, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsA, RegQueryInfoKeyW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus
> KERNEL32.dll: DosDateTimeToFileTime, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileA, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, FreeLibraryAndExitThread, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetModuleHandleA, FormatMessageA, SetErrorMode, FlushViewOfFile, SystemTimeToFileTime, GetTickCount, TlsFree, TlsGetValue, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, lstrlenW, DeleteFileA, FormatMessageW, GetSystemTime, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSection, InterlockedDecrement, lstrlenA, lstrcmpiA, InterlockedIncrement, DeleteCriticalSection, ResetEvent, LocalFree, ReleaseMutex, CompareStringA, CreateMutexA, CreateEventA, MultiByteToWideChar, WideCharToMultiByte, WaitForSingleObject, OutputDebugStringA, UnmapViewOfFile, SetEndOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, LoadLibraryW, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetModuleFileNameW, GetComputerNameA, LoadResource, FindResourceExW, LocalAlloc, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, InitializeCriticalSectionAndSpinCount, WritePrivateProfileStringW, GetFileAttributesW, GetModuleHandleW, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDBCSLeadByteEx, GetProcAddress, LoadLibraryA, FreeLibrary, SetEvent, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW
> USER32.dll: CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, GetWindowThreadProcessId, EnumChildWindows, IsWindowVisible, GetAncestor, EnumWindows, CharNextExA, PostMessageA, IsWindow, SetWindowPos, SetDlgItemTextW, DestroyIcon, SetForegroundWindow, GetWindow, GetWindowRect, EqualRect, IntersectRect, EndDialog, SetFocus, GetDlgItem, SetWindowTextW, EnableWindow, KillTimer, FindWindowW, RegisterWindowMessageW, PostMessageW, DestroyWindow, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA
> Normaliz.dll: IdnToUnicode, IdnToAscii
> iertutil.dll: -, -, -, -
( 229 exports )
CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl
PDFiD.: -
RDS...: NSRL Reference Data Set sc.exe Code:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.05.04 -
AhnLab-V3 5.0.0.2 2009.05.03 -
AntiVir 7.9.0.160 2009.05.04 -
Antiy-AVL 2.0.3.1 2009.04.30 -
Authentium 5.1.2.4 2009.05.03 -
Avast 4.8.1335.0 2009.05.03 -
AVG 8.5.0.327 2009.05.03 -
BitDefender 7.2 2009.05.04 -
CAT-QuickHeal 10.00 2009.05.04 -
ClamAV 0.94.1 2009.05.04 -
Comodo 1149 2009.05.03 -
DrWeb 4.44.0.09170 2009.05.04 -
eSafe 7.0.17.0 2009.05.03 -
eTrust-Vet 31.6.6487 2009.05.02 -
F-Prot 4.4.4.56 2009.05.03 -
F-Secure 8.0.14470.0 2009.05.04 -
Fortinet 3.117.0.0 2009.05.04 -
GData 19 2009.05.04 -
Ikarus T3.1.1.49.0 2009.05.04 -
K7AntiVirus 7.10.722 2009.05.02 -
Kaspersky 7.0.0.125 2009.05.04 -
McAfee 5604 2009.05.03 -
McAfee+Artemis 5604 2009.05.03 -
McAfee-GW-Edition 6.7.6 2009.05.04 -
Microsoft 1.4602 2009.05.04 -
NOD32 4050 2009.05.03 -
Norman 6.01.05 2009.04.30 -
nProtect 2009.1.8.0 2009.05.04 -
Panda 10.0.0.14 2009.05.03 -
PCTools 4.4.2.0 2009.05.03 -
Prevx1 3.0 2009.05.04 -
Rising 21.28.01.00 2009.05.04 -
Sophos 4.41.0 2009.05.04 -
Sunbelt 3.2.1858.2 2009.05.03 -
Symantec 1.4.4.12 2009.05.04 -
TheHacker 6.3.4.1.318 2009.05.03 -
TrendMicro 8.950.0.1092 2009.05.04 -
VBA32 3.12.10.4 2009.05.04 -
ViRobot 2009.5.4.1718 2009.05.04 -
VirusBuster 4.6.5.0 2009.05.03 -
weitere Informationen
File size: 35328 bytes
MD5...: beabd93e229c090b1f87d34a1b927eac
SHA1..: 7a6d143135b513cb1686d763a662993e32a9a541
SHA256: 08043870756d971d475ed12cf96d0b370295fb04fb094d430d37f03f019b5750
SHA512: 762227ee78c5453e48bb3f0c91ba583460fd213e7f5e8cd5ed63747f37452269
1d95d68cc330af9a2ede9dbe3f86f685777bf010d9623249df023e5f0d797b39
ssdeep: 768:P13KMpusnG2FZXbhbUCOH2A/GWRIgBmaH:P14snlOHhrNH
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x844a
timedatestamp.....: 0x498c134c (Fri Feb 06 10:39:08 2009)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7dda 0x7e00 6.17 995d351b3a9c10cc18aeae5fd3ec1d82
.data 0x9000 0x850 0x200 0.19 d11a7cca04496b853e4492993f707803
.rsrc 0xa000 0x420 0x600 2.54 a4d821f59560b26b98c0ee8ab9fa5b0f
( 4 imports )
> msvcrt.dll: _c_exit, wcsncmp, wcscmp, _exit, _wtol, wcscpy, _wcsicmp, wcslen, _XcptFilter, _cexit, exit, __winitenv, __wgetmainargs, _initterm, __setusermatherr, _adjust_fdiv, printf, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _getche
> ADVAPI32.dll: QueryServiceObjectSecurity, OpenSCManagerW, StartServiceW, QueryServiceStatusEx, DeleteService, NotifyBootConfigStatus, GetServiceDisplayNameW, GetServiceKeyNameW, EnumServicesStatusW, EnumServiceGroupW, EnumServicesStatusExW, QueryServiceStatus, LockServiceDatabase, UnlockServiceDatabase, QueryServiceLockStatusW, ConvertStringSecurityDescriptorToSecurityDescriptorW, SetServiceObjectSecurity, ConvertSecurityDescriptorToStringSecurityDescriptorW, EnumDependentServicesW, CreateServiceW, CloseServiceHandle, ChangeServiceConfigW, ControlService, RegOpenKeyExW, RegQueryValueExW, QueryServiceConfigW, OpenServiceW, QueryServiceConfig2W, ChangeServiceConfig2W, ConvertSidToStringSidW, RegCloseKey
> KERNEL32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryW, GetProcAddress, FreeLibrary, LocalFree, LocalAlloc, GetLastError, FormatMessageW, GetModuleHandleA
> ntdll.dll: RtlInitUnicodeString, RtlAdjustPrivilege, RtlNtStatusToDosError
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set |