Исследование антивирусов 7

**Black_N** · 03.03.2009, 13:00

Файл 3.exe получен 2009.03.03 10:38:25 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)
Цитата:

a-squared 4.0.0.101 2009.03.03 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.03.03 -
Authentium 5.1.0.4 2009.03.03 -
Avast 4.8.1335.0 2009.03.02 -
AVG 8.0.0.237 2009.03.03 -
BitDefender 7.2 2009.03.03 -
CAT-QuickHeal 10.00 2009.03.03 -
ClamAV 0.94.1 2009.03.03 -
Comodo 1017 2009.03.03 -
DrWeb 4.44.0.09170 2009.03.03 -
eSafe 7.0.17.0 2009.03.02 -
eTrust-Vet 31.6.6381 2009.03.03 -
F-Prot 4.4.4.56 2009.03.02 -
F-Secure 8.0.14470.0 2009.03.03 -
Fortinet 3.117.0.0 2009.03.03 -
GData 19 2009.03.03 -
Ikarus T3.1.1.45.0 2009.03.03 -
K7AntiVirus 7.10.654 2009.03.02 -
Kaspersky 7.0.0.125 2009.03.03 -
McAfee 5541 2009.03.02 -
McAfee+Artemis 5541 2009.03.02 -
Microsoft 1.4306 2009.03.03 -
NOD32 3902 2009.03.02 -
Norman 6.00.06 2009.03.02 W32/Zlob.CYXP
nProtect 2009.1.8.0 2009.03.03 -
Panda 10.0.0.10 2009.03.02 -
PCTools 4.4.2.0 2009.03.02 -
Prevx1 V2 2009.03.03 -
Rising 21.19.11.00 2009.03.03 -
SecureWeb-Gateway 6.7.6 2009.03.03 -
Sophos 4.39.0 2009.03.03 -
Sunbelt 3.2.1858.2 2009.03.02 <Encrypted Archive>
Symantec 10 2009.03.03 -
TheHacker 6.3.2.6.269 2009.03.02 -
TrendMicro 8.700.0.1004 2009.03.03 -
VBA32 3.12.10.1 2009.03.03 -
ViRobot 2009.3.3.1631 2009.03.03 -
VirusBuster 4.5.11.0 2009.03.02 -

Дополнительная информация
File size: 11735191 bytes
MD5...: 579ee530d8d6bd3cf7beb13aeec5fe30
SHA1..: 92bc0cc76e7c43a8a4afb1afd3bb6ccd8445c53c
SHA256: f46e372751155b25d15d89e6b9d8edfcb2cf864c2cee680a8e f27edc19db3d67
SHA512: e4186e5d3819ee1d1f8e1033737de778acff22443e2a1e9f20 f38909edbd98d3
6d7bd98b18eea78a183e292b2fe147a36d1955d1cb47cb5c1d d4fc6b91eb8dae
ssdeep: 196608:FTLWeZd0IULK/TJFDFSSvQRPAdtPwmm1BPli4ahhjKlgX3TNAJeR:oeZd
0E/TJdF1oRPAdRmr/ahhjigX3yJK
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x173a6
timedatestamp.....: 0x47d6fa36 (Tue Mar 11 21:31:34 200

machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2e906 0x2f000 6.60 9ba09777227435273354d46c8470fbd3
.rdata 0x30000 0x842e 0x9000 4.58 ec25192b7421c9cc51f1a1283f96b143
.data 0x39000 0x9d08 0x6000 2.68 e4b5677a176f441e4836113962ecddba
.rsrc 0x43000 0x9998 0xa000 4.75 91c466c33a8b81107d6d20fbb56fd1da

( 8 imports )
> KERNEL32.dll: WritePrivateProfileStringA, GetProcessVersion, SizeofResource, GetCPInfo, GetOEMCP, RtlUnwind, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, GetTimeZoneInformation, GetSystemTime, GetLocalTime, HeapReAlloc, SetEnvironmentVariableA, SetCurrentDirectoryA, GetStartupInfoA, GetCommandLineA, GetACP, HeapSize, LCMapStringA, LCMapStringW, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, CompareStringA, CompareStringW, GetFileType, SetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, GlobalFlags, SetErrorMode, TlsGetValue, GetProfileStringA, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, SetFileTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetFileTime, MulDiv, SetLastError, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetModuleHandleA, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, GlobalLock, GlobalAlloc, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, lstrcmpiA, LoadLibraryA, GetProcAddress, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, WriteFile, GetCurrentProcess, DuplicateHandle, lstrcmpA, FileTimeToSystemTime, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, CreateDirectoryA, MoveFileA, SetVolumeLabelA, GetDriveTypeA, GetCurrentDirectoryA, GetFileSize, GetDiskFreeSpaceA, FormatMessageA, LocalFree, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, lstrlenA, CreateProcessA, GetLastError, GetExitCodeProcess, GetTempPathA, GetModuleFileNameA, RemoveDirectoryA, SetFileAttributesA, DeleteFileA, InterlockedIncrement, FindNextFileA, CreateFileA, SetFilePointer, ReadFile, CloseHandle, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, GetFileAttributesA, lstrcpyA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, HeapCreate
> USER32.dll: ScreenToClient, AdjustWindowRectEx, GetSysColor, MapWindowPoints, UpdateWindow, ClientToScreen, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, LoadStringA, GetClassNameA, PtInRect, GetSysColorBrush, InflateRect, DestroyMenu, InvalidateRect, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, CreateWindowExA, GetClassLongA, SetPropA, GetPropA, CallWindowProcA, RemovePropA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, CopyRect, GetDC, ReleaseDC, EndDialog, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, GetMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, GetCursorPos, SetWindowsHookExA, GetLastActivePopup, UnhookWindowsHookEx, GetParent, SetFocus, IsWindowEnabled, ShowWindow, SetWindowPos, SetWindowLongA, GetDlgCtrlID, GetWindowTextLengthA, GetWindowTextA, SetWindowTextA, GetWindowLongA, IsDialogMessageA, SendDlgItemMessageA, GetDlgItem, CharUpperA, IsWindow, PostQuitMessage, UnregisterClassA, HideCaret, ShowCaret, CharToOemBuffA, OemToCharBuffA, wsprintfA, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageA, MessageBoxA, GetTopWindow, RegisterWindowMessageA, GetCapture, EnableWindow, LoadCursorA, SetCursor, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, PostMessageA, LoadIconA, SendMessageA, PeekMessageA, IsWindowUnicode, CharNextA, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, GetFocus
> GDI32.dll: SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, DeleteObject, GetDeviceCaps, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, PatBlt, CreateDIBitmap, GetTextExtentPointA, BitBlt, CreateCompatibleDC, CreateBitmap
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: DocumentPropertiesA, ClosePrinter, OpenPrinterA
> ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegSetValueExA
> SHELL32.dll: SHFileOperationA
> COMCTL32.dll: -

( 0 exports )
packers (F-Prot): ZIP

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Erekle** · 06.03.2009, 02:14

Файл ConfDriver.exe получен 2009.03.06 00:09:46 (CET)
Результат: 17/39 (43.59%)

a-squared 4.0.0.101 2009.03.05 -
AhnLab-V3 5.0.0.2 2009.02.27 Win-Trojan/Buzus.29184.AK
AntiVir 7.9.0.100 2009.03.05 -
Authentium 5.1.0.4 2009.03.05 -
Avast 4.8.1335.0 2009.03.05 -
AVG 8.0.0.237 2009.03.05 Generic12.ASUT
BitDefender 7.2 2009.03.05 Backdoor.Hamweq.B
CAT-QuickHeal 10.00 2009.03.05 Trojan.Buzus.afet
ClamAV 0.94.1 2009.03.05 -
Comodo 1027 2009.03.05 Worm.Win32.AutoRun.~ZU
DrWeb 4.44.0.09170 2009.03.05 Trojan.Inject.5370
eSafe 7.0.17.0 2009.03.05 Suspicious File
eTrust-Vet 31.6.6384 2009.03.05 Win32/SillyAutorun.AJE
F-Prot 4.4.4.56 2009.03.05 -
F-Secure 8.0.14470.0 2009.03.05 Worm.Win32.AutoRun.erh
Fortinet 3.117.0.0 2009.03.05 -
GData 19 2009.03.05 Backdoor.Hamweq.B
Ikarus T3.1.1.45.0 2009.03.05 -
K7AntiVirus 7.10.659 2009.03.05 -
Kaspersky 7.0.0.125 2009.03.05 Worm.Win32.AutoRun.erh
McAfee 5544 2009.03.05 -
McAfee+Artemis 5544 2009.03.05 -
Microsoft 1.4405 2009.03.06 Worm:Win32/Hamweq.A
NOD32 3911 2009.03.05 Win32/AutoRun.KS
Norman 6.00.06 2009.03.05 -
nProtect 2009.1.8.0 2009.03.05 -
Panda 10.0.0.10 2009.03.05 -
PCTools 4.4.2.0 2009.03.05 -
Prevx1 V2 2009.03.06 Medium Risk Malware
Rising 21.19.32.00 2009.03.05 -
SecureWeb-Gateway 6.7.6 2009.03.05 -
Sophos 4.39.0 2009.03.05 -
Sunbelt 3.2.1858.2 2009.03.05 -
Symantec 10 2009.03.06 -
TheHacker 6.3.2.7.272 2009.03.05 -
TrendMicro 8.700.0.1004 2009.03.05 PAK_Generic.001
VBA32 3.12.10.1 2009.03.05 Trojan.Win32.Buzus.afet
ViRobot 2009.3.5.1635 2009.03.05 -
VirusBuster 4.5.11.0 2009.03.05 Worm.AutoRun.FYJ

Дополнительная информация
File size: 29184 bytes
MD5...: 1a5f91554aad217185271b3414e10dcd
SHA1..: d6989ce427e0ff4e723cb11fa09f42147a2b347d
SHA256: 5febb6cef268db2c9c9ad227587f79dae1825a9d2db381afce b1ff98add214fe
___________________________

(eTrust - хорошо сказал

)

**vlad179** · 06.03.2009, 13:47

Файл avz00001.dta получен 2009.03.06 11:06:59 (CET)

Результат: 4/38 (10.53%)

Код:

Антивирус Версия Обновление Результат 
a-squared 4.0.0.101 2009.03.06 - 
AhnLab-V3 5.0.0.2 2009.02.27 - 
AntiVir 7.9.0.105 2009.03.06 - 
Authentium 5.1.0.4 2009.03.06 - 
Avast 4.8.1335.0 2009.03.05 - 
AVG 8.0.0.237 2009.03.05 Adload_r.HT 
BitDefender 7.2 2009.03.06 - 
CAT-QuickHeal 10.00 2009.03.06 - 
ClamAV 0.94.1 2009.03.06 - 
Comodo 1027 2009.03.05 - 
DrWeb 4.44.0.09170 2009.03.06 - 
eSafe 7.0.17.0 2009.03.05 - 
eTrust-Vet 31.6.6384 2009.03.05 - 
F-Prot 4.4.4.56 2009.03.05 W32/Hexzone.B.gen!Eldorado 
F-Secure 8.0.14470.0 2009.03.06 Trojan-Downloader.Win32.Agent.bjtm 
Fortinet 3.117.0.0 2009.03.06 - 
GData 19 2009.03.06 - 
Ikarus T3.1.1.45.0 2009.03.06 - 
K7AntiVirus 7.10.659 2009.03.05 - 
Kaspersky 7.0.0.125 2009.03.06 Trojan-Downloader.Win32.Agent.bjtm 
McAfee 5544 2009.03.05 - 
McAfee+Artemis 5544 2009.03.05 - 
Microsoft 1.4405 2009.03.06 - 
NOD32 3912 2009.03.06 - 
Norman 6.00.06 2009.03.05 - 
nProtect 2009.1.8.0 2009.03.06 - 
Panda 10.0.0.10 2009.03.05 - 
PCTools 4.4.2.0 2009.03.05 - 
Prevx1 V2 2009.03.06 - 
Rising 21.19.42.00 2009.03.06 - 
SecureWeb-Gateway 6.7.6 2009.03.06 - 
Sophos 4.39.0 2009.03.06 - 
Sunbelt 3.2.1858.2 2009.03.06 - 
Symantec 10 2009.03.06 - 
TheHacker 6.3.2.7.273 2009.03.06 - 
TrendMicro 8.700.0.1004 2009.03.05 - 
ViRobot 2009.3.6.1637 2009.03.06 - 
VirusBuster 4.5.11.0 2009.03.05 -

Дополнительная информация
File size: 509952 bytes
MD5...: 46e1e2567163dca639a3eea51399423c
SHA1..: a8c1b02c5d373cbe33dc13519e4a68a1db1d7bb6
SHA256: 6e2135bdeaeeccb22b1cb7857362980e90f50e225dac599355 e2f47557fce12e
SHA512: 4df4bf98b91ff024737143a08863144d588dbb0395c989ba07 af24218d2f39eb
077f058691b23fb20931d9601e2ff61eb9b6a03d73d1493aef 0b7a83a9d31957
ssdeep: 12288

H7t3DuI5p1LTVS9c2UIm98ODaPQUPKj1BO5RQEDHM1dDG

bt3yKp1LTV
KcgfYPj1BAR57MXi

**senyak** · 09.03.2009, 22:14

Файл ______________.exe получен 2009.03.09 20:13:40 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 15/39 (38.47%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.09 Trojan-PWS.Win32.VKont!IK
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 TR/PSW.VKont.A
Authentium 5.1.0.4 2009.03.09 -
Avast 4.8.1335.0 2009.03.09 Win32:Trojan-gen {Other}
AVG 8.0.0.237 2009.03.09 PSW.Generic6.BBIK
BitDefender 7.2 2009.03.09 Trojan.Generic.1406945
CAT-QuickHeal 10.00 2009.03.09 TrojanPSW.VKont.a
ClamAV 0.94.1 2009.03.09 -
Comodo 1039 2009.03.09 TrojWare.Win32.PSW.VKont.~A
DrWeb 4.44.0.09170 2009.03.09 Trojan.PWS.Vkontakte.6
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6387 2009.03.09 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.09 Trojan-PSW.Win32.VKont.a
Fortinet 3.117.0.0 2009.03.09 -
GData 19 2009.03.09 Trojan.Generic.1406945
Ikarus T3.1.1.45.0 2009.03.09 Trojan-PWS.Win32.VKont
K7AntiVirus 7.10.664 2009.03.09 -
Kaspersky 7.0.0.125 2009.03.09 Trojan-PSW.Win32.VKont.a
McAfee 5548 2009.03.09 -
McAfee+Artemis 5548 2009.03.09 -
Microsoft 1.4405 2009.03.09 -
NOD32 3921 2009.03.09 -
Norman 6.00.06 2009.03.09 -
nProtect 2009.1.8.0 2009.03.09 Trojan-PWS/W32.VKont.813568
Panda 10.0.0.10 2009.03.09 -
PCTools 4.4.2.0 2009.03.09 -
Prevx1 V2 2009.03.09 -
Rising 21.20.02.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.09 Trojan.PSW.VKont.A
Sophos 4.39.0 2009.03.09 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 -
TheHacker 6.3.3.0.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 -
VBA32 3.12.10.1 2009.03.09 Trojan-PSW.Win32.VKont.a
ViRobot 2009.3.9.1641 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.09 -

Дополнительная информация
File size: 813568 bytes
MD5...: 85740a68e38e51807b1fd4f9190378e3
SHA1..: 995f5fd65a8c9ac8be5aa324e9b35fc51f5f0591
SHA256: 062fc5d9ac296d44223a5ef1b39f2ba9c2f9c12511e84a993d bbf3e3fa7838eb
SHA512: 071696ae10178453a8825bc61e97cb7e617641238d1d391020 12aaf4a7949c12
a7345277494a821cdcee05d77d29d2aa2e137e88cad2b5aed3 73f16899d6cddf
ssdeep: 12288:R/jDEG2cYpCXUm6AJGAh6QkkkmRKcjRula43e:pnSDCXOLik4K1p 3
PEiD..: BobSoft Mini Delphi -> BoB / BobSoft

**ISO** · 11.03.2009, 13:17

File ximr.pif received on 03.11.2009 11:10:09 (CET)
Result: 6/39 (15.39%)

Код:

Antivirus     Version     Last Update     Result
a-squared    4.0.0.101    2009.03.11    -
AhnLab-V3    5.0.0.2    2009.03.11    -
AntiVir    7.9.0.109    2009.03.11    Worm/Autorun.esq
Authentium    5.1.0.4    2009.03.10    -
Avast    4.8.1335.0    2009.03.10    -
AVG    8.0.0.237    2009.03.10    -
BitDefender    7.2    2009.03.11    -
CAT-QuickHeal    10.00    2009.03.11    Worm.AutoRun.upf
ClamAV    0.94.1    2009.03.11    -
Comodo    1046    2009.03.10    Unclassified Malware
DrWeb    4.44.0.09170    2009.03.11    -
eSafe    7.0.17.0    2009.03.11    Win32.Worm.AutoRun.u
eTrust-Vet    31.6.6388    2009.03.09    -
F-Prot    4.4.4.56    2009.03.10    -
F-Secure    8.0.14470.0    2009.03.11    -
Fortinet    3.117.0.0    2009.03.11    -
GData    19    2009.03.11    -
Ikarus    T3.1.1.45.0    2009.03.11    -
K7AntiVirus    7.10.665    2009.03.10    -
Kaspersky    7.0.0.125    2009.03.11    -
McAfee    5549    2009.03.10    -
McAfee+Artemis    5549    2009.03.10    -
Microsoft    1.4405    2009.03.11    -
NOD32    3925    2009.03.11    -
Norman    6.00.06    2009.03.10    -
nProtect    2009.1.8.0    2009.03.11    -
Panda    10.0.0.10    2009.03.10    -
PCTools    4.4.2.0    2009.03.10    -
Prevx1    V2    2009.03.11    -
Rising    21.20.22.00    2009.03.11    -
SecureWeb-Gateway    6.7.6    2009.03.11    Worm.Autorun.esq
Sophos    4.39.0    2009.03.11    -
Sunbelt    3.2.1858.2    2009.03.10    -
Symantec    1.4.4.12    2009.03.11    -
TheHacker    6.3.3.0.278    2009.03.11    W32/AutoRun.esq
TrendMicro    8.700.0.1004    2009.03.11    -
VBA32    3.12.10.1    2009.03.11    -
ViRobot    2009.3.11.1645    2009.03.11    -
VirusBuster    4.5.11.0    2009.03.10    -

Additional information
File size: 97791 bytes
MD5...: df7ebd547e890c70d0e802454168b346
SHA1..: 4e6f4197ee2563ed06946c6016d4fac1082ed1fe
SHA256: dfa991a20f3c184292e2eb3500ebfa3466bcaa06ae0d84e893 3df9f18c7302f1
SHA512: 182a46b08005b3a7ac4f9a1738d52ad6c667721472a86a989f f2c305c952d027
25cd75c39cc2e2f93c9aefb9709c3b7919a06bc3cec4b22417 9d5061bc1962f7
ssdeep: 1536:YEwOnbNQKLjWDyy1o5RepJUEbooPRrKKRSq6Hn:Y2NQKP WDyDRepJltZrpR
SfH
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

**GeorgeS** · 11.03.2009, 16:21

А график за февраль будет опубликован?

**ike** · 11.03.2009, 22:33

Поддерживаю GeorgeS по данному вопросу. Каждый день захожу, смотрю не появился ли график за февраль.

**IgorKr** · 11.03.2009, 23:12

Файл DrShark_cracked.exe получен 2009.03.11 14:31:44 (CET)
Текущий статус: закончено
Результат: 9/39 (23.08%)

a-squared - - -
AhnLab-V3 - - -
AntiVir - - TR/Drop.RKit.CM
Authentium - - -
Avast - - -
AVG - - Downloader.Generic_r.DA
BitDefender - - -
CAT-QuickHeal - - (Suspicious) - DNAScan
ClamAV - - -
Comodo - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
F-Prot - - W32/Bepiv.A.gen!Eldorado
F-Secure - - -
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - Trojan:Win32/Tibs.IR
NOD32 - - a variant of Win32/AdProt.AF
Norman - - -
nProtect - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - Trojan.Drop.RKit.CM
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - BScope.Zhelatin.13
ViRobot - - -
VirusBuster - - -

Дополнительная информация
MD5: 7b60db539c761b2babd2d15f2b49f525
SHA1: b3bc4af1e0b5cf052012d3b109b41f642721db3f
SHA256: 375072eab89a611d7f82be38d4ba7b2c7aa366cb5f7fcb5d15 5a1b3f4b36f1a4
SHA512: 212aa4fd7ebc996d09a8339f207af2b6665325ea91fb4b264c f887e14c9dc32460dce745dbb37a99b13a8ae20436a41c13ab f1273db322b4aa1f1f729beb5afb

Добавлено через 13 минут

Файл mouth_drillers_keygen.exe получен 2009.03.11 00:40:20 (CET)
Текущий статус: закончено
Результат: 11/39 (28.21%)

a-squared 4.0.0.101 2009.03.10 Trojan.Win32.Bepiv!IK
AhnLab-V3 5.0.0.2 2009.03.10 -
AntiVir 7.9.0.107 2009.03.10 TR/Drop.RKit.CM
Authentium 5.1.0.4 2009.03.10 -
Avast 4.8.1335.0 2009.03.10 -
AVG 8.0.0.237 2009.03.10 Downloader.Generic_r.DA
BitDefender 7.2 2009.03.11 -
CAT-QuickHeal 10.00 2009.03.10 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.10 -
Comodo 1046 2009.03.10 -
DrWeb 4.44.0.09170 2009.03.11 -
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.10 W32/Bepiv.A.gen!Eldorado
F-Secure 8.0.14470.0 2009.03.10 -
Fortinet 3.117.0.0 2009.03.10 -
GData 19 2009.03.10 -
Ikarus T3.1.1.45.0 2009.03.10 Trojan.Win32.Bepiv
K7AntiVirus 7.10.665 2009.03.10 -
Kaspersky 7.0.0.125 2009.03.11 -
McAfee 5549 2009.03.10 -
McAfee+Artemis 5549 2009.03.10 -
Microsoft 1.4405 2009.03.10 Trojan:Win32/Tibs.IR
NOD32 3924 2009.03.10 a variant of Win32/AdProt.AF
Norman 6.00.06 2009.03.10 -
nProtect 2009.1.8.0 2009.03.10 -
Panda 10.0.0.10 2009.03.10 Suspicious file
PCTools 4.4.2.0 2009.03.10 -
Prevx1 V2 2009.03.11 -
Rising 21.20.11.00 2009.03.10 -
SecureWeb-Gateway 6.7.6 2009.03.10 Trojan.Drop.RKit.CM
Sophos 4.39.0 2009.03.10 -
Sunbelt 3.2.1858.2 2009.03.10 -
Symantec 1.4.4.12 2009.03.11 -
TheHacker 6.3.3.0.278 2009.03.10 -
TrendMicro 8.700.0.1004 2009.03.10 -
VBA32 3.12.10.1 2009.03.10 BScope.Zhelatin.13
ViRobot 2009.3.10.1643 2009.03.10 -
VirusBuster 4.5.11.0 2009.03.10 -

Tamano archivo: 423936 bytes
MD5...: 3d085efeb45e1235dd20f32fef05d9f5
SHA1..: fa10896649a0ec80b206b0fc63b5be17ee9ff868
SHA256: 4f89a1911484c61caf4af3412cbcf9abdb052a55bf8e307412 4fadbb20bff7e6
SHA512: cbd6179648adc70143f34e08160a0d9cefb97bca9a9f770231 75b8ba4d1bdff5
280fa19dd5d56c2d6e4f833347fa91b8c3131b29e5d5edabff 2563ab9d225d98
ssdeep: 6144:yKkVQxrxKG9cUxMNuFFg0SRDA8k0PO5lTjJ8+nb/xznFl:BfxrxKG9cUxem
r2k0PKl3J8+bZzT
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x78516
timedatestamp.....: 0x49b35db2 (Sun Mar 08 05:54:58 2009)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12192 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x14000 0xfa8c 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x24000 0x39a4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x28000 0x3a480 0x2a000 4.11 2bee61ed43584c597a888b692b42b04a
.vmp0 0x63000 0x10944 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.vmp1 0x74000 0x3d074 0x3d200 7.95 057bdd7375ca355e49aad0d903075749
.reloc 0xb2000 0x98 0x200 1.91 7ce32232fd37f057468080eaef446b63

( 9 imports )
> KERNEL32.dll: GlobalLock
> USER32.dll: LoadCursorA
> ADVAPI32.dll: RegEnumKeyExA
> ole32.dll: CoTaskMemRealloc
> OLEAUT32.dll: -
> GDI32.dll: GetStockObject
> ntdll.dll: RtlFreeHeap
> KERNEL32.dll: LoadLibraryA, VirtualProtect, GetModuleFileNameA, ExitProcess
> USER32.dll: MessageBoxA

( 0 exports )

**Rampant** · 13.03.2009, 20:34

File Putty.zip received on 03.13.2009 15:08:55 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 23/39 (58.98%)

a-squared 4.0.0.101 2009.03.13 Backdoor.Win32.Bifrose!IK
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 BDS/Bifrose.abwo
Authentium 5.1.0.4 2009.03.13 W32/Backdoor2.DEIA
Avast 4.8.1335.0 2009.03.12 -
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 Backdoor.Bifrose.afuq
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 Backdoor.Win32.Bifrose.~XH
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 W32/Backdoor2.DEIA
F-Secure 8.0.14470.0 2009.03.13 Backdoor.Win32.Bifrose.afuq
Fortinet 3.117.0.0 2009.03.13 PossibleThreat
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 Backdoor.Win32.Bifrose
K7AntiVirus 7.10.668 2009.03.12 Backdoor.Win32.Bifrose.afuq
Kaspersky 7.0.0.125 2009.03.13 Backdoor.Win32.Bifrose.afuq
McAfee 5551 2009.03.12 Backdoor-CEP
McAfee+Artemis 5551 2009.03.12 Backdoor-CEP
McAfee-GW-Edition 6.7.6 2009.03.13 Trojan.Backdoor.Bifrose.abwo
Microsoft 1.4405 2009.03.13 -
NOD32 3934 2009.03.13 probably a variant of Win32/Bifrose
Norman 6.00.06 2009.03.13 W32/Bifrose.AKOL
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 Bck/Bifrose.AKL
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 -
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 Backdoor.Win32.Bifrose.afuq
Symantec 1.4.4.12 2009.03.13 Backdoor.Bifrose
TheHacker 6.3.3.0.281 2009.03.13 Backdoor/Bifrose.abwo
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 Backdoor.Win32.Bifrose.afuq
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 Backdoor.Bifrose.KRU

File size: 217658 bytes
MD5...: dbe5288e7b022eddfcefa03bb16705ce
SHA1..: ee7fac7ae06f8a9b034c33dfae94bb99793c625e
SHA256: ae4ec7685d1471a9f905bb984c9c055c7845fee539ff1369af 112a6c90f8967a
SHA512: 882b308a46b36b79cdfdda9d4e267946adfe91bf3dcbf6fd72 79a6d7092c4819
448871475167d3d97969d84e79573366b67a61a9e5567222b5 0cfd9ec816082d
ssdeep: 6144:5fIcYuyczDuxxuoATKgC9u1CH2hulI6Z6VLW4nxFZ2zzV 7r:xIcYuRDuxkF
TKteC2q8LWMv61
PEiD..: -
TrID..: File type identification
ZIP compressed archive (100.0%)

Добавлено через 3 часа 6 минут

File zar80.zip received on 03.13.2009 18:12:44 (CET)
Current status: Loading ... queued waiting scanning finished
Result: 19/39 (48.72%)

a-squared 4.0.0.101 2009.03.13 Trojan.Win32.Agent!IK
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 TR/AvKill.Y
Authentium 5.1.0.4 2009.03.13 -
Avast 4.8.1335.0 2009.03.12 Win32:AVKill-425
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 Trojan.Avkill.Y
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 Win32.TrojanHorse
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 PossibleThreat
GData 19 2009.03.13 Trojan.Avkill.Y
Ikarus T3.1.1.45.0 2009.03.13 Trojan.Win32.Agent
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5551 2009.03.12 Generic StartPage
McAfee+Artemis 5551 2009.03.12 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.13 Trojan.AvKill.Y
Microsoft 1.4405 2009.03.13 Trojan:Win32/Agent
NOD32 3935 2009.03.13 probably a variant of Win32/StartPage
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 Adware/Startpage.CTK
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 Medium Risk Malware
Rising 21.20.42.00 2009.03.13 Backdoor.Win32.CAK.a
Sophos 4.39.0 2009.03.13 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 Backdoor.Formador
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 Trojan.Dater
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 -

File size: 2234580 bytes
MD5...: e1a120608f1737a2d9709caab14d9795
SHA1..: 3ae600e731fcf40aaedd0c552104cb39d6c5282c
SHA256: 270fece47b622b770dc74fd722af1a3ac3604795d3183ae850 a410adabffa50e
SHA512: cffeb948a5677660d53b9409f6d59f9a5ba19234b14d266d65 6ad00f02b682d6
54cc10db2235a677579bc3acb85e0fb3a7d22548977465f538 11c79277ffa117
ssdeep: 49152:G8P85o+2Hf23YbH4im7dGfcLcMWO0Hoh31nkVXZWk4ZS vTC:Ge3HQYjrm7
duc990HohlnkVXZWH7

PEiD..: -
TrID..: File type identification
ZIP compressed archive (100.0%)
PEInfo: -
packers (Kaspersky): Armadillo, WScript
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=221491A80896B6071B0119D37 DDB5A005C35FA30' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=221491A80896B6071B0119D37 DDB5A005C35FA30</a>
packers (F-Prot): ZIP, Unicode

**IgorKr** · 13.03.2009, 23:11

Файл crack__2009__DrShark_.exe получен 2009.03.13 20:56:53 (CET)
Текущий статус: закончено
Результат: 4/39 (10.26%)

a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.13 -
Avast 4.8.1335.0 2009.03.12 -
AVG 8.0.0.237 2009.03.13 SHeur2.VMT
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5552 2009.03.13 -
McAfee+Artemis 5552 2009.03.13 -
McAfee-GW-Edition 6.7.6 2009.03.13 -
Microsoft 1.4405 2009.03.13 Trojan:Win32/FakeXPA
NOD32 3935 2009.03.13 -
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 -
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 High Risk Cloaked Malware
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 Trojan.Fraudpack.Gen

Дополнительная информация
File size: 1574912 bytes
MD5...: 7368a35455b8df682be1bd6c928bf48f
SHA1..: f3f2ea8ca366d5bbf8052d2d5d483b8605ce1928
SHA256: d9c46f5f8f4c5e9406caf41cccf8358ceac58ab59f35bc3f70 99e531d90d3f60
SHA512: 492152ed9099ad766bacef7cc499175b4b0e60f680583c33d1 1ed808bb9a6289
adfb57d3ca75ca10de28c9928cc500943b8d31f9200f533dde 12555200d3445b
ssdeep: 24576:95oKLBZpodfxzOWNAhsTjFf7+j62IVPPT5A5khFNVVhB XQsyIBo/XM/Kgu
4zG:96KlAdfVQG/V+ORPPFUkNVl5E8/KH
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x176eb4 0x177000 7.98 786e08e1e3a8cd10c31f94c7de1ffa9b

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2192E52A0B541BD1F001039F5 4E7B4000423A3DF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2192E52A0B541BD1F001039F5 4E7B4000423A3DF</a>
packers (F-Prot): CAB

Добавлено через 14 минут

Файл setup.exe получен 2009.03.13 21:04:12 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)

a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.13 -
Avast 4.8.1335.0 2009.03.13 -
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5552 2009.03.13 -
McAfee+Artemis 5552 2009.03.13 -
McAfee-GW-Edition 6.7.6 2009.03.13 Trojan.Dldr.Agent.xyt
Microsoft 1.4405 2009.03.13 -
NOD32 3935 2009.03.13 -
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 Suspicious file
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 -
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 -

Дополнительная информация
File size: 566784 bytes
MD5...: 3405f8153c3703fd5fe0f114182fb786
SHA1..: d84d93c5f10e36fa1fc92a9da4e404bf2c8bd9bd
SHA256: c74c967fc49bc52827256076443794e69c92c94ca566816554 58b9f2e28547dc
SHA512: 6c79fbcf5cc7d658614f9dacfafecd61b8f6d450f1c6f343a6 55b85b08046e1c
9169940ade3141cd11ab27f470b9994b5093a2f1690305e8a2 e4abc798b13cb9
ssdeep: 12288:9rQgZtTZtiRTmAndgcPxAR+Wnutrno5Hg/7SvTT3it:9CRTmqJ6R+WK2gu
rT3it
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x80d34 0x80e00 7.89 3e3af9bf02f5254927dd49dd93f800ba

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
packers (F-Prot): CAB

Добавлено через 4 минуты

Файл DrShark_Genuine_Licence.exe получен 2009.03.13 21:07:16 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)

a-squared 4.0.0.101 2009.03.13 -
AhnLab-V3 5.0.0.2 2009.03.13 -
AntiVir 7.9.0.114 2009.03.13 -
Authentium 5.1.0.4 2009.03.13 -
Avast 4.8.1335.0 2009.03.13 -
AVG 8.0.0.237 2009.03.13 -
BitDefender 7.2 2009.03.13 -
CAT-QuickHeal 10.00 2009.03.13 -
ClamAV 0.94.1 2009.03.13 -
Comodo 1053 2009.03.13 -
DrWeb 4.44.0.09170 2009.03.13 -
eSafe 7.0.17.0 2009.03.12 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.13 -
F-Secure 8.0.14470.0 2009.03.13 -
Fortinet 3.117.0.0 2009.03.13 -
GData 19 2009.03.13 -
Ikarus T3.1.1.45.0 2009.03.13 -
K7AntiVirus 7.10.668 2009.03.12 -
Kaspersky 7.0.0.125 2009.03.13 -
McAfee 5552 2009.03.13 -
McAfee+Artemis 5552 2009.03.13 -
McAfee-GW-Edition 6.7.6 2009.03.13 -
Microsoft 1.4405 2009.03.13 Trojan:Win32/Vundo
NOD32 3935 2009.03.13 -
Norman 6.00.06 2009.03.13 -
nProtect 2009.1.8.0 2009.03.13 -
Panda 10.0.0.10 2009.03.13 -
PCTools 4.4.2.0 2009.03.13 -
Prevx1 V2 2009.03.13 High Risk Worm
Rising 21.20.42.00 2009.03.13 -
Sophos 4.39.0 2009.03.13 -
Sunbelt 3.2.1858.2 2009.03.13 -
Symantec 1.4.4.12 2009.03.13 -
TheHacker 6.3.3.0.281 2009.03.13 -
TrendMicro 8.700.0.1004 2009.03.13 -
VBA32 3.12.10.1 2009.03.12 -
ViRobot 2009.3.13.1648 2009.03.13 -
VirusBuster 4.6.5.0 2009.03.13 -

Дополнительная информация
File size: 1672704 bytes
MD5...: 6c105d240371a1ea5d36f755e1aff12a
SHA1..: e97e50e9d266d4de297ede4cc09a443813f18d5d
SHA256: 33fd00af172d3042be85e65eebf3d1d8155eb1eaf860523c43 a9928647c4d26b
SHA512: a47186e2d2a46611d859851998c9949c4f9ff404013460be06 55d8c80018fcd6
d6ca9ddbea1381f7e431a3c548d178f721ac280c5293420a0d 210c3769a15c00
ssdeep: 49152

bfNT8+u/TN1CQ08cTJ8IR42YU/ZuYZHFJCu5HZLE

bfppc28C742YmIE
Y
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x18edf8 0x18ee00 7.99 f42b03ac3ca5c83e9ef260eb47be032e

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
packers (F-Prot): CAB

**IgorKr** · 17.03.2009, 00:48

Файл __2008___DrShark_.exe получен 2009.03.16 22:27:07 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)

a-squared 4.0.0.101 2009.03.16 -
AhnLab-V3 5.0.0.2 2009.03.16 -
AntiVir 7.9.0.116 2009.03.16 -
Authentium 5.1.0.4 2009.03.16 -
Avast 4.8.1335.0 2009.03.16 -
AVG 8.0.0.237 2009.03.16 -
BitDefender 7.2 2009.03.16 -
CAT-QuickHeal 10.00 2009.03.16 -
ClamAV 0.94.1 2009.03.16 -
Comodo 1060 2009.03.16 -
DrWeb 4.44.0.09170 2009.03.16 -
eSafe 7.0.17.0 2009.03.15 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.16 -
F-Secure 8.0.14470.0 2009.03.16 -
Fortinet 3.117.0.0 2009.03.16 -
GData 19 2009.03.16 -
Ikarus T3.1.1.45.0 2009.03.16 -
K7AntiVirus 7.10.673 2009.03.16 -
Kaspersky 7.0.0.125 2009.03.16 -
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 -
McAfee-GW-Edition 6.7.6 2009.03.16 Trojan.Dldr.Agent.xyt
Microsoft 1.4405 2009.03.16 -
NOD32 3938 2009.03.16 -
Norman 6.00.06 2009.03.16 -
nProtect 2009.1.8.0 2009.03.16 -
Panda 10.0.0.10 2009.03.16 Suspicious file
PCTools 4.4.2.0 2009.03.16 -
Prevx1 V2 2009.03.16 -
Rising 21.21.02.00 2009.03.16 -
Sophos 4.39.0 2009.03.16 -
Sunbelt 3.2.1858.2 2009.03.15 -
Symantec 1.4.4.12 2009.03.16 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.16 -
VBA32 3.12.10.1 2009.03.16 -
ViRobot 2009.3.16.1650 2009.03.16 -
VirusBuster 4.6.5.0 2009.03.16 -

Дополнительная информация
File size: 566784 bytes
MD5...: aab7c653e1fba61444586e0852542b1a
SHA1..: 6199f548571059a9cef109ec5cf60077c9257e9b
SHA256: 46cb057568bb775e396f8da92462b3d8a767a638afccaf5d3a 01fd011c66e33a
SHA512: dc140248202164d22ffb01268c4625827a668ec2c4ff41c39a 47b5b0bb0c5efd
1f8b0e72f1aa0079ee09f665a9ea2b1474e521eef3d4656154 6a523e8c2bbbea
ssdeep: 12288

r+gZtTZtARTmAndgcPxAR+Wnutrno5Hg/7SvT

eRTmqJ6R+WK2gur
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x80d34 0x80e00 7.89 afdf07fc94a111c9a955e17d487dc861

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
packers (F-Prot): CAB

Добавлено через 5 минут

Файл ScreenSavers_DrShark_.exe получен 2009.03.16 22:33:16 (CET)
Текущий статус: закончено
Результат: 16/38 (42.11%)

a-squared 4.0.0.101 2009.03.16 -
AhnLab-V3 5.0.0.2 2009.03.16 -
AntiVir 7.9.0.116 2009.03.16 -
Authentium 5.1.0.4 2009.03.16 -
Avast 4.8.1335.0 2009.03.16 Win32:Trojan-gen {Other}
AVG 8.0.0.237 2009.03.16 Downloader.Generic8.YCV
BitDefender 7.2 2009.03.16 MemScan:Trojan.Generic.1465213
CAT-QuickHeal 10.00 2009.03.16 -
ClamAV 0.94.1 2009.03.16 -
Comodo 1060 2009.03.16 -
DrWeb 4.44.0.09170 2009.03.16 Trojan.Fakealert.4044
eSafe 7.0.17.0 2009.03.15 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.16 W32/Backdoor2.DXLN
F-Secure 8.0.14470.0 2009.03.16 Trojan-Downloader.Win32.Agent.bkdn
Fortinet 3.117.0.0 2009.03.16 -
GData 19 2009.03.16 MemScan:Trojan.Generic.1465213
Ikarus T3.1.1.45.0 2009.03.16 -
K7AntiVirus 7.10.673 2009.03.16 -
Kaspersky 7.0.0.125 2009.03.16 Trojan-Downloader.Win32.Agent.bkdn
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 -
McAfee-GW-Edition 6.7.6 2009.03.16 Trojan.Downloader.Gen
Microsoft 1.4405 2009.03.16 TrojanDownloader:Win32/Matcash.L
NOD32 3938 2009.03.16 a variant of Win32/TrojanDownloader.Agent.OUB
Norman 6.00.06 2009.03.16 -
nProtect 2009.1.8.0 2009.03.16 -
Panda 10.0.0.10 2009.03.16 Generic Trojan
PCTools 4.4.2.0 2009.03.16 -
Prevx1 V2 2009.03.16 Medium Risk Malware
Rising 21.21.02.00 2009.03.16 Trojan.Win32.Nodef.fxa
Sophos 4.39.0 2009.03.16 Mal/EncPk-HJ
Sunbelt 3.2.1858.2 2009.03.15 -
Symantec 1.4.4.12 2009.03.16 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.16 -
ViRobot 2009.3.16.1650 2009.03.16 -
VirusBuster 4.6.5.0 2009.03.16 -

Дополнительная информация
File size: 1435136 bytes
MD5...: 5faec4b43d7aa5a72a001c0a64859779
SHA1..: 91ef6d83f894bde1312de147e7fa6b68da9d2b61
SHA256: 842858a38b7d3e54f1a45b3a9559cefb93c5c5473b069a31be 23deaaf48afbc7
SHA512: 04f6ab696ee0f4b5d95ef82c34a28f70018817f46e24f1e2e2 ebf5d984964598
92e2524f1c06e0738fddfe538280d064173015769a2a44d2eb 4d804e934644f1
ssdeep: 24576:6yoDHoBlcCfUwwPgdwrI80POSzRlJ7UIe+p0JvT6zD+V jVa53h6R:6jDHo
Blcq/wPZ8/bJ75uT6z6ih6
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x154c38 0x154e00 7.97 42fb972561cb463a3103f935f376ab48

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E6D7359B50835C05900000A22 47B7B009C91D684' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E6D7359B50835C05900000A22 47B7B009C91D684</a>
packers (Kaspersky): PE_Patch.UPX, UPX, Edit
packers (F-Prot): CAB, RAR

Добавлено через 11 минут

Файл _ver_5.00.0__10.02.2009___DrShark получен 2009.03.16 22:46:02 (CET)
Текущий статус: закончено
Результат: 2/39 (5.13%)

a-squared 4.0.0.101 2009.03.16 -
AhnLab-V3 5.0.0.2 2009.03.16 -
AntiVir 7.9.0.116 2009.03.16 -
Authentium 5.1.0.4 2009.03.16 -
Avast 4.8.1335.0 2009.03.16 -
AVG 8.0.0.237 2009.03.16 -
BitDefender 7.2 2009.03.16 -
CAT-QuickHeal 10.00 2009.03.16 -
ClamAV 0.94.1 2009.03.16 -
Comodo 1060 2009.03.16 -
DrWeb 4.44.0.09170 2009.03.16 -
eSafe 7.0.17.0 2009.03.15 -
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.16 -
F-Secure 8.0.14470.0 2009.03.16 -
Fortinet 3.117.0.0 2009.03.16 -
GData 19 2009.03.16 -
Ikarus T3.1.1.45.0 2009.03.16 -
K7AntiVirus 7.10.673 2009.03.16 -
Kaspersky 7.0.0.125 2009.03.16 -
McAfee 5555 2009.03.16 -
McAfee+Artemis 5555 2009.03.16 -
McAfee-GW-Edition 6.7.6 2009.03.16 -
Microsoft 1.4405 2009.03.16 Trojan:Win32/Vundo
NOD32 3938 2009.03.16 -
Norman 6.00.06 2009.03.16 -
nProtect 2009.1.8.0 2009.03.16 -
Panda 10.0.0.10 2009.03.16 -
PCTools 4.4.2.0 2009.03.16 -
Prevx1 V2 2009.03.16 High Risk Worm
Rising 21.21.02.00 2009.03.16 -
Sophos 4.39.0 2009.03.16 -
Sunbelt 3.2.1858.2 2009.03.15 -
Symantec 1.4.4.12 2009.03.16 -
TheHacker 6.3.3.0.283 2009.03.16 -
TrendMicro 8.700.0.1004 2009.03.16 -
VBA32 3.12.10.1 2009.03.16 -
ViRobot 2009.3.16.1650 2009.03.16 -
VirusBuster 4.6.5.0 2009.03.16 -

Дополнительная информация
File size: 2033664 bytes
MD5...: 91cf31d90d899030daf81729cf5b4a94
SHA1..: e3758b60a2cfc3ade6109ea72058a9d89d61763d
SHA256: 6ac9627a497b70c1ac9f544b82a5384106d1e28bda6bc50d32 c4fef2bce7a575
SHA512: 2d50a37a0c596a27634f54f0aa8e2815f320702323e8184854 938589cab6493b
360210a97d2c8c25a6fc87fc9b6f4e2e16723f8f8245e185cc 880ce4cd13cd29
ssdeep: 49152:Q3tCX51cJFzPELRzEDS0iv9fFWkdIekgJ8EM7:Q3tSIF byRaMwkdIouE
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d3c
timedatestamp.....: 0x3e800062 (Tue Mar 25 07:08:18 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8f74 0x9000 6.62 912623f777d72e09b3e33e3eb3b92ecc
.data 0xa000 0x1bec 0x400 4.25 b67e6b028734fe3692a3080d8ebfe3b1
.rsrc 0xc000 0x1e6ec4 0x1e7000 7.99 daa581e9aec8b8636492f29e94dadccd

( 6 imports )
> ADVAPI32.dll: FreeSid, AllocateAndInitializeSid, EqualSid, GetTokenInformation, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, RegCloseKey, RegDeleteValueA, RegOpenKeyExA, RegSetValueExA, RegQueryValueExA, RegCreateKeyExA, RegQueryInfoKeyA
> KERNEL32.dll: LocalFree, LocalAlloc, GetLastError, GetCurrentProcess, GetModuleFileNameA, lstrlenA, GetSystemDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, DeleteFileA, SetFileAttributesA, lstrcmpA, FindFirstFileA, lstrcatA, lstrcpyA, _lclose, _llseek, _lopen, WritePrivateProfileStringA, GetWindowsDirectoryA, CreateDirectoryA, GetFileAttributesA, ExpandEnvironmentStringsA, IsDBCSLeadByte, GetShortPathNameA, GetPrivateProfileStringA, GetPrivateProfileIntA, lstrcmpiA, GlobalFree, GlobalUnlock, GlobalLock, GetProcAddress, FreeResource, LockResource, LoadResource, SizeofResource, FindResourceA, CloseHandle, WriteFile, SetFilePointer, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, SetCurrentDirectoryA, GetTempFileNameA, ExitProcess, CreateFileA, LoadLibraryExA, lstrcpynA, GetVolumeInformationA, FormatMessageA, GetCurrentDirectoryA, GetVersionExA, GetExitCodeProcess, WaitForSingleObject, CreateProcessA, GetTempPathA, GetSystemInfo, CreateMutexA, SetEvent, CreateEventA, CreateThread, ResetEvent, TerminateThread, GetDriveTypeA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, SetUnhandledExceptionFilter, ReadFile, LoadLibraryA, GetDiskFreeSpaceA, MulDiv, EnumResourceLanguagesA, FreeLibrary, GlobalAlloc
> GDI32.dll: GetDeviceCaps
> USER32.dll: ExitWindowsEx, wsprintfA, CharNextA, CharUpperA, CharPrevA, SetWindowLongA, GetWindowLongA, CallWindowProcA, DispatchMessageA, MsgWaitForMultipleObjects, PeekMessageA, SendMessageA, SetWindowPos, ReleaseDC, GetDC, GetWindowRect, SendDlgItemMessageA, GetDlgItem, SetForegroundWindow, SetWindowTextA, MessageBoxA, DialogBoxIndirectParamA, ShowWindow, EnableWindow, GetDlgItemTextA, EndDialog, GetDesktopWindow, MessageBeep, SetDlgItemTextA, LoadStringA, GetSystemMetrics
> COMCTL32.dll: -
> VERSION.dll: GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

( 0 exports )
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=3190B3A700D2FFF4704F012DD DE82A0032D1F3A5' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=3190B3A700D2FFF4704F012DD DE82A0032D1F3A5</a>
packers (F-Prot): CAB

**Hanson** · 17.03.2009, 11:55

Файл avz00001.dta (twex.exe) получен 2009.03.17 09:31:37 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 10/39 (25.65%)

Код:

Антивирус  	Версия  	Обновление  	Результат
a-squared	4.0.0.101	2009.03.17	-
AhnLab-V3	5.0.0.2	2009.03.16	-
AntiVir	7.9.0.116	2009.03.17	TR/Dropper.Gen
Authentium	5.1.0.4	2009.03.17	-
Avast	4.8.1335.0	2009.03.16	Win32:Rootkit-gen
AVG	8.0.0.237	2009.03.16	-
BitDefender	7.2	2009.03.17	-
CAT-QuickHeal	10.00	2009.03.17	(Suspicious) - DNAScan
ClamAV	0.94.1	2009.03.17	-
Comodo	1060	2009.03.16	-
DrWeb	4.44.0.09170	2009.03.17	Trojan.PWS.Panda.106
eSafe	7.0.17.0	2009.03.15	-
eTrust-Vet	31.6.6388	2009.03.09	-
F-Prot	4.4.4.56	2009.03.16	-
F-Secure	8.0.14470.0	2009.03.17	Trojan-Spy.Win32.Zbot.pox
Fortinet	3.117.0.0	2009.03.17	-
GData	19	2009.03.17	Win32:Rootkit-gen
Ikarus	T3.1.1.45.0	2009.03.17	-
K7AntiVirus	7.10.673	2009.03.16	-
Kaspersky	7.0.0.125	2009.03.17	Trojan-Spy.Win32.Zbot.pox
McAfee	5555	2009.03.16	-
McAfee+Artemis	5555	2009.03.16	-
McAfee-GW-Edition	6.7.6	2009.03.17	Trojan.Dropper.Gen
Microsoft	1.4405	2009.03.17	PWS:Win32/Zbot.gen!R
NOD32	3941	2009.03.17	-
Norman	6.00.06	2009.03.16	-
nProtect	2009.1.8.0	2009.03.17	-
Panda	10.0.0.10	2009.03.16	-
PCTools	4.4.2.0	2009.03.16	-
Prevx1	V2	2009.03.17	-
Rising	21.21.11.00	2009.03.17	-
Sophos	4.39.0	2009.03.17	-
Sunbelt	3.2.1858.2	2009.03.17	-
Symantec	1.4.4.12	2009.03.17	-
TheHacker	6.3.3.0.283	2009.03.16	-
TrendMicro	8.700.0.1004	2009.03.17	-
VBA32	3.12.10.1	2009.03.16	Trojan-Spy.Win32.Zbot
ViRobot	2009.3.17.1651	2009.03.17	-
VirusBuster	4.6.5.0	2009.03.16	-

Добавлено через 2 минуты

Файл avz00002.dta (uvsync.sys)получен 2009.03.17 09:32:35 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 16/39 (41.03%)

Код:

Антивирус  	Версия  	Обновление  	Результат
a-squared	4.0.0.101	2009.03.17	Backdoor.Win32.Haxdoor!IK
AhnLab-V3	5.0.0.2	2009.03.16	-
AntiVir	7.9.0.116	2009.03.17	-
Authentium	5.1.0.4	2009.03.17	-
Avast	4.8.1335.0	2009.03.16	-
AVG	8.0.0.237	2009.03.16	PSW.Generic7.LS
BitDefender	7.2	2009.03.17	Trojan.Spy.Goldun.NCN
CAT-QuickHeal	10.00	2009.03.17	-
ClamAV	0.94.1	2009.03.17	-
Comodo	1060	2009.03.16	-
DrWeb	4.44.0.09170	2009.03.17	-
eSafe	7.0.17.0	2009.03.15	-
eTrust-Vet	31.6.6388	2009.03.09	Win32/ProcHide!generic
F-Prot	4.4.4.56	2009.03.16	-
F-Secure	8.0.14470.0	2009.03.17	Trojan-Spy.Win32.Goldun.bwi
Fortinet	3.117.0.0	2009.03.17	-
GData	19	2009.03.17	Trojan.Spy.Goldun.NCN
Ikarus	T3.1.1.45.0	2009.03.17	Backdoor.Win32.Haxdoor
K7AntiVirus	7.10.673	2009.03.16	-
Kaspersky	7.0.0.125	2009.03.17	Trojan-Spy.Win32.Goldun.bwi
McAfee	5555	2009.03.16	-
McAfee+Artemis	5555	2009.03.16	Generic!Artemis
McAfee-GW-Edition	6.7.6	2009.03.17	-
Microsoft	1.4405	2009.03.17	Backdoor:Win32/Haxdoor
NOD32	3941	2009.03.17	-
Norman	6.00.06	2009.03.16	-
nProtect	2009.1.8.0	2009.03.17	-
Panda	10.0.0.10	2009.03.16	Trj/CI.A
PCTools	4.4.2.0	2009.03.16	-
Prevx1	V2	2009.03.17	Medium Risk Malware
Rising	21.21.11.00	2009.03.17	RootKit.Win32.Agent.epu
Sophos	4.39.0	2009.03.17	-
Sunbelt	3.2.1858.2	2009.03.17	Goldun.Fam
Symantec	1.4.4.12	2009.03.17	-
TheHacker	6.3.3.0.283	2009.03.16	Trojan/Spy.Goldun.bwi
TrendMicro	8.700.0.1004	2009.03.17	-
VBA32	3.12.10.1	2009.03.16	suspected of Rootkit.Agent.10 (paranoid heuristics)
ViRobot	2009.3.17.1651	2009.03.17	-
VirusBuster	4.6.5.0	2009.03.16	-

**Surfer** · 19.03.2009, 12:09

Файл contact.exe получен 2009.03.19 10:06:14 (CET)
Результат: 5/39 (12.83%)

Код:

a-squared	4.0.0.101	2009.03.19	-
AhnLab-V3	5.0.0.2	2009.03.19	-
AntiVir	7.9.0.120	2009.03.18	-
Authentium	5.1.2.4	2009.03.18	-
Avast	4.8.1335.0	2009.03.18	-
AVG	8.5.0.283	2009.03.19	-
BitDefender	7.2	2009.03.19	-
CAT-QuickHeal	10.00	2009.03.19	-
ClamAV	0.94.1	2009.03.19	-
Comodo	1066	2009.03.18	-
DrWeb	4.44.0.09170	2009.03.19	-
eSafe	7.0.17.0	2009.03.18	-
eTrust-Vet	31.6.6388	2009.03.09	-
F-Prot	4.4.4.56	2009.03.18	-
F-Secure	8.0.14470.0	2009.03.19	-
Fortinet	3.117.0.0	2009.03.19	-
GData	19	2009.03.19	-
Ikarus	T3.1.1.48.0	2009.03.19	-
K7AntiVirus	7.10.674	2009.03.17	-
Kaspersky	7.0.0.125	2009.03.19	-
McAfee	5557	2009.03.18	-
McAfee+Artemis	5557	2009.03.18	-
McAfee-GW-Edition	6.7.6	2009.03.18	Worm.LooksLike.Rbot
Microsoft	1.4502	2009.03.19	Trojan:Win32/Waledac.gen!A
NOD32	3947	2009.03.19	-
Norman	6.00.06	2009.03.18	Waledac.AJ
nProtect	2009.1.8.0	2009.03.19	-
Panda	10.0.0.10	2009.03.18	-
PCTools	4.4.2.0	2009.03.18	-
Prevx1	V2	2009.03.19	High Risk Cloaked Malware
Rising	21.21.31.00	2009.03.19	-
Sophos	4.39.0	2009.03.19	-
Sunbelt	3.2.1858.2	2009.03.19	-
Symantec	1.4.4.12	2009.03.19	-
TheHacker	6.3.3.0.285	2009.03.19	-
TrendMicro	8.700.0.1004	2009.03.19	-
VBA32	3.12.10.1	2009.03.18	suspected of Malware-Cryptor.Win32.General.4
ViRobot	2009.3.19.1655	2009.03.19	-
VirusBuster	4.6.5.0	2009.03.18	-

http://www.virustotal.com/ru/analisi...e2e0036e71f71b

**senyak** · 19.03.2009, 23:42

Файл ygv.exe получен 2009.03.19 21:35:32 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО
Результат: 8/38 (21.06%)

Антивирус Версия Обновление Результат
a-squared 4.0.0.101 2009.03.19 -
AhnLab-V3 5.0.0.2 2009.03.19 -
AntiVir 7.9.0.120 2009.03.19 TR/Crypt.XPACK.Gen
Authentium 5.1.2.4 2009.03.19 -
Avast 4.8.1335.0 2009.03.19 -
AVG 8.5.0.283 2009.03.19 -
BitDefender 7.2 2009.03.19 -
CAT-QuickHeal 10.00 2009.03.19 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.03.19 -
Comodo 1066 2009.03.18 -
DrWeb 4.44.0.09170 2009.03.19 -
eSafe 7.0.17.0 2009.03.19 Suspicious File
eTrust-Vet 31.6.6388 2009.03.09 -
F-Prot 4.4.4.56 2009.03.19 -
Fortinet 3.117.0.0 2009.03.19 -
GData 19 2009.03.19 -
Ikarus T3.1.1.48.0 2009.03.19 -
K7AntiVirus 7.10.676 2009.03.19 -
Kaspersky 7.0.0.125 2009.03.19 -
McAfee 5558 2009.03.19 -
McAfee+Artemis 5558 2009.03.19 Generic!Artemis
McAfee-GW-Edition 6.7.6 2009.03.19 Trojan.Crypt.XPACK.Gen
Microsoft 1.4502 2009.03.19 VirTool:Win32/Obfuscator.EO
NOD32 3948 2009.03.19 -
Norman 6.00.06 2009.03.19 -
nProtect 2009.1.8.0 2009.03.19 -
Panda 10.0.0.10 2009.03.19 Suspicious file
PCTools 4.4.2.0 2009.03.19 -
Prevx1 V2 2009.03.19 -
Rising 21.21.32.00 2009.03.19 -
Sophos 4.39.0 2009.03.19 Mal/Basine-C
Sunbelt 3.2.1858.2 2009.03.19 -
Symantec 1.4.4.12 2009.03.19 -
TheHacker 6.3.3.0.286 2009.03.19 -
TrendMicro 8.700.0.1004 2009.03.19 -
VBA32 3.12.10.1 2009.03.18 -
ViRobot 2009.3.19.1656 2009.03.19 -
VirusBuster 4.6.5.0 2009.03.19 -

Дополнительная информация
File size: 24064 bytes
MD5...: ae0cc33da9fa4e39f02f278ce70b0533
SHA1..: ae53e2ca0c1df0106b7138a22e1d3a3a158a9ae0
SHA256: 3436e7c3052bef71146e9e68cc8479a46669c7b9d24e6e42a6 a6e7910c161ece
SHA512: 8d1e3739d65a3a6d18b485eb4a0125316a1635ff49a6169cf1 146fd66052f8ae
a98a124e859b63a32af9b8238cc9802dea969d0985c0dfeea2 ea702ba52f1f45
ssdeep: 384:2lIZq4A+4UMa9UVxVYCUP3Dq89HPsr8vh9tAwotXuPdI9P w+nXGN:2lsafaa
VwTPT39HPsgp9tSteK9tnXY
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)

**ZhIV** · 23.03.2009, 08:35

Файл eawnxi.exe получен 2009.03.23 06:18:40 (CET)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.03.23	-
AhnLab-V3	5.0.0.2	2009.03.22	-
AntiVir	7.9.0.120	2009.03.22	Worm/Autorun.esq
Authentium	5.1.2.4	2009.03.23	-
Avast	4.8.1335.0	2009.03.23	-
AVG	8.5.0.283	2009.03.22	-
BitDefender	7.2	2009.03.23	-
CAT-QuickHeal	10.00	2009.03.23	-
ClamAV	0.94.1	2009.03.23	-
Comodo	1080	2009.03.22	Unclassified Malware
DrWeb	4.44.0.09170	2009.03.23	-
eSafe	7.0.17.0	2009.03.19	Win32.Worm.AutoRun.u
eTrust-Vet	31.6.6409	2009.03.20	-
F-Prot	4.4.4.56	2009.03.23	-
F-Secure	8.0.14470.0	2009.03.23	-
Fortinet	3.117.0.0	2009.03.22	-
GData	19	2009.03.23	-
Ikarus	T3.1.1.48.0	2009.03.23	-
K7AntiVirus	7.10.678	2009.03.21	-
Kaspersky	7.0.0.125	2009.03.23	-
McAfee	5561	2009.03.22	-
McAfee+Artemis	5561	2009.03.22	-
McAfee-GW-Edition	6.7.6	2009.03.22	Worm.Autorun.esq
Microsoft	1.4502	2009.03.22	-
NOD32	3953	2009.03.21	-
Norman	6.00.06	2009.03.20	-
nProtect	2009.1.8.0	2009.03.23	-
Panda	10.0.0.10	2009.03.22	-
PCTools	4.4.2.0	2009.03.22	-
Prevx1	V2	2009.03.23	-
Rising	21.22.00.00	2009.03.23	-
Sophos	4.39.0	2009.03.23	-
Sunbelt	3.2.1858.2	2009.03.22	-
Symantec	1.4.4.12	2009.03.23	-
TheHacker	6.3.3.4.287	2009.03.23	W32/AutoRun.esq
TrendMicro	8.700.0.1004	2009.03.23	-
VBA32	3.12.10.1	2009.03.23	-
ViRobot	2009.3.23.1659	2009.03.23	-
VirusBuster	4.6.5.0	2009.03.22	-

Дополнительная информация
File size: 97791 bytes
MD5...: df7ebd547e890c70d0e802454168b346
SHA1..: 4e6f4197ee2563ed06946c6016d4fac1082ed1fe
SHA256: dfa991a20f3c184292e2eb3500ebfa3466bcaa06ae0d84e893 3df9f18c7302f1
SHA512: 182a46b08005b3a7ac4f9a1738d52ad6c667721472a86a989f f2c305c952d027 25cd75c39cc2e2f93c9aefb9709c3b79 19a06bc3cec4b224179d5061bc1962f7
ssdeep: 1536:YEwOnbNQKLjWDyy1o5RepJUEbooPRrKKRSq6Hn:Y2NQKP WDyDRepJltZrpR SfH 
PEiD..: -
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

**berkut_v** · 24.03.2009, 16:27

File ___8_____________1.xls (ж_8 бюджет1.xls) received on 03.24.2009 10:13:05 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 2/39 (5.13%)

Код:

Antivirus Version Last Update Result 
a-squared 4.0.0.101 2009.03.24 - 
AhnLab-V3 5.0.0.2 2009.03.24 - 
AntiVir 7.9.0.120 2009.03.24 EXP/Office.Dropper.Gen 
Authentium 5.1.2.4 2009.03.23 - 
Avast 4.8.1335.0 2009.03.23 - 
AVG 8.5.0.283 2009.03.23 - 
BitDefender 7.2 2009.03.24 - 
CAT-QuickHeal 10.00 2009.03.24 - 
ClamAV 0.94.1 2009.03.24 - 
Comodo 1082 2009.03.23 - 
DrWeb 4.44.0.09170 2009.03.24 - 
eSafe 7.0.17.0 2009.03.23 - 
eTrust-Vet 31.6.6414 2009.03.24 - 
F-Prot 4.4.4.56 2009.03.23 - 
F-Secure 8.0.14470.0 2009.03.24 - 
Fortinet 3.117.0.0 2009.03.24 - 
GData 19 2009.03.24 - 
Ikarus T3.1.1.48.0 2009.03.24 - 
K7AntiVirus 7.10.679 2009.03.23 - 
Kaspersky 7.0.0.125 2009.03.24 - 
McAfee 5562 2009.03.23 - 
McAfee+Artemis 5562 2009.03.23 - 
McAfee-GW-Edition 6.7.6 2009.03.24 Exploit.Office.Dropper.Gen 
Microsoft 1.4502 2009.03.24 - 
NOD32 3956 2009.03.24 - 
Norman 6.00.06 2009.03.23 - 
nProtect 2009.1.8.0 2009.03.24 - 
Panda 10.0.0.10 2009.03.24 - 
PCTools 4.4.2.0 2009.03.23 - 
Prevx1 V2 2009.03.24 - 
Rising 21.22.12.00 2009.03.24 - 
Sophos 4.39.0 2009.03.24 - 
Sunbelt 3.2.1858.2 2009.03.23 - 
Symantec 1.4.4.12 2009.03.24 - 
TheHacker 6.3.3.4.288 2009.03.24 - 
TrendMicro 8.700.0.1004 2009.03.24 - 
VBA32 3.12.10.1 2009.03.23 - 
ViRobot 2009.3.23.1660 2009.03.24 - 
VirusBuster 4.6.5.0 2009.03.23 -

Additional information
File size: 110080 bytes
MD5...: 3460754ac443f614434225ab8a3fbe38
SHA1..: 2800ec7a931893109f0f28bc1ae00d89081f46cd
SHA256: d1c1ed8f6325dc0b52ed4a663c844ae667aa4a5d79e3119efc 3945e91d4f8509
SHA512: 9322c48ef644b6f1f8e5350bf732678691ecfb04c457cb688d a7b894379b2b37
59c8b8466e2befd717a32e7c987931f2a1927a6179413f701d c7c7e9829b72e9
ssdeep: 768:CxTdfKsdNGTtLtV4mzX2c3TWh7JvGMdl12q9Cr1JPdd49Z A7F7TK+BT0EbDu
Vg:+hvGbP3TWt1Gw1j9Cp3

PEiD..: -
TrID..: File type identification
Microsoft Excel sheet (78.9%)
Generic OLE2 / Multistream Compound File (21.0%)

Добавлено через 3 часа 54 минуты

в предыдущем отлове только 16 антивирусов отлавливали
File macyjf.exe received on 03.24.2009 14:13:29 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 33/40 (82.5%)

Код:

Antivirus Version Last Update Result 
a-squared 4.0.0.101 2009.03.24 Trojan.Win32.Autoit!IK 
AhnLab-V3 5.0.0.2 2009.03.24 Win-Trojan/Midgare.236544 
AntiVir 7.9.0.120 2009.03.24 TR/Onlinegames.A3 
Antiy-AVL 2.0.3.1 2009.03.24 - 
Authentium 5.1.2.4 2009.03.23 W32/Trojan3.AIQ 
Avast 4.8.1335.0 2009.03.23 Win32:Agent-AEEP 
AVG 8.5.0.283 2009.03.23 Worm/Autoit.LQN 
BitDefender 7.2 2009.03.24 Worm.Generic.41831 
CAT-QuickHeal 10.00 2009.03.24 Backdoor.Agent.adzv 
ClamAV 0.94.1 2009.03.24 Trojan.Autoit-72 
Comodo 1082 2009.03.23 TrojWare.Win32.Trojan.Agent.Gen 
DrWeb 4.44.0.09170 2009.03.24 Win32.HLLW.Autoruner.6013 
eSafe 7.0.17.0 2009.03.23 Win32.Autorun.worm.z 
eTrust-Vet 31.6.6414 2009.03.24 - 
F-Prot 4.4.4.56 2009.03.23 W32/Trojan3.AIQ 
F-Secure 8.0.14470.0 2009.03.24 Trojan.Win32.Agent2.efp 
Fortinet 3.117.0.0 2009.03.24 W32/Autorun.ZF!worm 
GData 19 2009.03.24 Worm.Generic.41831 
Ikarus T3.1.1.48.0 2009.03.24 Trojan.Win32.Autoit 
K7AntiVirus 7.10.679 2009.03.23 Trojan.Win32.Midgare.roo 
Kaspersky 7.0.0.125 2009.03.24 Trojan.Win32.Agent2.efp 
McAfee 5562 2009.03.23 W32/Autorun.worm.n 
McAfee+Artemis 5562 2009.03.23 W32/Autorun.worm.n 
McAfee-GW-Edition 6.7.6 2009.03.24 Trojan.Onlinegames.A3 
Microsoft 1.4502 2009.03.24 Worm:AutoIt/Renocide.gen!B 
NOD32 3957 2009.03.24 Win32/Packed.Autoit.Gen 
Norman 6.00.06 2009.03.23 W32/Smalltroj.LCYY 
nProtect 2009.1.8.0 2009.03.24 - 
Panda 10.0.0.10 2009.03.24 Trj/Agent.LPX 
PCTools 4.4.2.0 2009.03.24 - 
Prevx1 V2 2009.03.24 High Risk System Back Door 
Rising 21.22.12.00 2009.03.24 - 
Sophos 4.39.0 2009.03.24 Mal/Generic-A 
Sunbelt 3.2.1858.2 2009.03.23 - 
Symantec 1.4.4.12 2009.03.24 W32.Harakit 
TheHacker 6.3.3.4.288 2009.03.24 Trojan/Midgare.rvm 
TrendMicro 8.700.0.1004 2009.03.24 WORM_AUTORUN.HOZ 
VBA32 3.12.10.1 2009.03.23 Trojan.Autoit.gen 
ViRobot 2009.3.24.1661 2009.03.24 Trojan.Win32.Klone.345416.B 
VirusBuster 4.6.5.0 2009.03.23 -

Additional information
File size: 345416 bytes
MD5...: a68fed9bb2efde1ff0dca8dedff7a736
SHA1..: f45a20db3894e39cedc1c8d211f48acb39889bff
SHA256: 8e2d845d7cb056a05d1e10d2de82632fbeb2fb96edda7298d2 4e899d53ff1163
SHA512: 5de48df6e28a5033080a42c27c88db8c9f28051fb9fddabcfb 1f85f4f0522bdb
86c86b8c21ccea289fb586a9df20a2823aedf460862594f508 9e8cc6e9d386f0
ssdeep: 6144

jk1EHI7OyXfOe5JnVZFrv7p4TKcw5TCDx+a62foC0ji61D48js o

jGjPO
evnllBcCMfAC0j88Yo

PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x90ed0
timedatestamp.....: 0x4850e379 (Thu Jun 12 08:51:05 200

machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x57000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x58000 0x3a000 0x39200 7.92 e5dd1823a0945d13b9b1eafb53f1cd15
.rsrc 0x92000 0x1000 0x600 3.17 46fa8faf2149b0d50b1dadb772597c8c

( 13 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegCloseKey
> COMCTL32.dll: ImageList_Create
> comdlg32.dll: GetSaveFileNameW
> GDI32.dll: LineTo
> MPR.dll: WNetUseConnectionW
> ole32.dll: CoInitialize
> OLEAUT32.dll: -
> SHELL32.dll: DragFinish
> USER32.dll: GetDC
> VERSION.dll: VerQueryValueW
> WINMM.dll: timeGetTime
> WSOCK32.dll: -

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=38FE752C48FF656A45B10527A ABF3E00D8D6AEF3' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=38FE752C48FF656A45B10527A ABF3E00D8D6AEF3</a>

**rxx** · 25.03.2009, 18:32

File autorun.inf received on 03.25.2009 16:28:29 (CET)
Current status: finished
Result: 18/39 (46.16%)

Код:

Antivirus Version	Last Update	Result
a-squared	-	-	Worm.Win32.Conficker!IK
AhnLab-V3	-	-	-
AntiVir	-	-	-
Antiy-AVL	-	-	-
Authentium	-	-	-
Avast	-	-	-
AVG	-	-	Worm/Generic_c.ZW
BitDefender	-	-	Worm.Autorun.VHG
CAT-QuickHeal	-	-	-
ClamAV	-	-	Worm.Autorun-1838
Comodo	-	-	Worm.Win32.AutoRun.etg
DrWeb	-	-	Win32.HLLW.Shadow
eSafe	-	-	-
eTrust-Vet	-	-	INF/Conficker
F-Prot	-	-	-
F-Secure	-	-	Worm:W32/Downaduprun.A
Fortinet	-	-	-
GData	-	-	Worm.Autorun.VHG
Ikarus	-	-	Worm.Win32.Conficker
K7AntiVirus	-	-	-
Kaspersky	-	-	-
McAfee	-	-	-
McAfee+Artemis	-	-	-
McAfee-GW-Edition	-	-	-
Microsoft	-	-	Worm:Win32/Conficker.B!inf
NOD32	-	-	INF/Conficker
Norman	-	-	-
nProtect	-	-	-
Panda	-	-	-
PCTools	-	-	-
Prevx1	-	-	-
Rising	-	-	-
Sophos	-	-	Mal/ConfInf-A
Sunbelt	-	-	INF.Autorun (v)
Symantec	-	-	W32.Downadup!autorun
TheHacker	-	-	W32/Conficker.autorunL
TrendMicro	-	-	TROJ_DOWNAD.AF
VBA32	-	-	Trojan.Autorun.gen
ViRobot	-	-	-
VirusBuster	-	-	INF.Conficker.F

Additional information
File size: 59306 bytes
MD5...: 060dc978741e7ff27686ca8885802623
SHA1..: 4e32ff1cf3243ce56ff278cc0924b601784463d1
SHA256: 4202574ee60beb13a329f4ba6f6bc55a6e3cfbdfccab929f50 024603d9cde020
SHA512: 6665cf3425448730ae8cf04d1d46b20ff088a915a912ed4061 136f44639dc10e
a469d38e636281f11850630cf92de41ba946bba2a0a4ef2266 cc5408dc587599
ssdeep: 1536:IS+zcVPpjrVmdmwGvp1kGEJ5V7hAUJcFc00LZ:+g9plmW 8PD2Gc2Z
PEiD..: -
TrID..: File type identification
Text - UTF-16 (LE) encoded (66.6%)
MP3 audio (33.3%)
PEInfo: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Unicode

**serjel** · 27.03.2009, 19:04

Файл A0045214.exe получен 2009.03.27 16:50:19 (CET)
Текущий статус: Загрузка ... в очереди ожидание проверка закончено НЕ НАЙДЕНО ОСТАНОВЛЕНО

Результат: 8/39 (20.52%)

Код:

Антивирус Версия Обновление Результат 
a-squared 4.0.0.101 2009.03.27 - 
AhnLab-V3 5.0.0.2 2009.03.27 - 
AntiVir 7.9.0.129 2009.03.27 - 
Antiy-AVL 2.0.3.1 2009.03.27 - 
Authentium 5.1.2.4 2009.03.27 - 
Avast 4.8.1335.0 2009.03.26 - 
AVG 8.5.0.283 2009.03.27 - 
BitDefender 7.2 2009.03.27 - 
CAT-QuickHeal 10.00 2009.03.26 - 
ClamAV 0.94.1 2009.03.27 - 
Comodo 1086 2009.03.27 ApplicUnsaf.Win32.AdWare.Mycentria.~A 
DrWeb 4.44.0.09170 2009.03.27 Trojan.Mycentria.22 
eSafe 7.0.17.0 2009.03.26 Win32.Banker 
eTrust-Vet 31.6.6420 2009.03.27 - 
F-Prot 4.4.4.56 2009.03.27 - 
F-Secure 8.0.14470.0 2009.03.27 - 
Fortinet 3.117.0.0 2009.03.27 - 
GData 19 2009.03.27 - 
Ikarus T3.1.1.48.0 2009.03.27 - 
K7AntiVirus 7.10.683 2009.03.27 - 
Kaspersky 7.0.0.125 2009.03.27 - 
McAfee 5565 2009.03.26 potentially unwanted program Generic PUP 
McAfee+Artemis 5565 2009.03.26 potentially unwanted program Generic PUP 
McAfee-GW-Edition 6.7.6 2009.03.27 - 
Microsoft 1.4502 2009.03.27 - 
NOD32 3969 2009.03.27 Win32/Adware.Mycentria 
Norman 6.00.06 2009.03.27 - 
nProtect 2009.1.8.0 2009.03.27 - 
Panda 10.0.0.10 2009.03.27 - 
PCTools 4.4.2.0 2009.03.27 - 
Prevx1 V2 2009.03.27 Medium Risk Malware 
Rising 21.22.42.00 2009.03.27 - 
Sophos 4.40.0 2009.03.27 - 
Sunbelt 3.2.1858.2 2009.03.26 - 
Symantec 1.4.4.12 2009.03.27 - 
TheHacker 6.3.3.7.292 2009.03.26 - 
TrendMicro 8.700.0.1004 2009.03.27 - 
VBA32 3.12.10.1 2009.03.26 Win32.Adware.Mycentria 
ViRobot 2009.3.27.1666 2009.03.27 -

Дополнительная информация
File size: 55586 bytes
MD5...: 9f5bc21ebdc08e169168124221f5deab
SHA1..: 8f9cda38451f1903a8e3da4ba8ff15927f8fc878
SHA256: 611c6a838934f4312796f88721657c0bc46595aefbced64e4c 00c604b04d3536
SHA512: 891f619bab571926629c8e07d508da34c27227e41dc0a62cda cbaa9099e1da6f
9ff077ddad236592add893474cb7c878e033a6f80a26c30db9 e6eb2171069859
ssdeep: 1536:FKDqJvz2xyM40DSmJAqAELVigPvtMOUheOs4d:FKDAfCD SmJPAI0uP0eOBd

PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x315d
timedatestamp.....: 0x460e79c3 (Sat Mar 31 15:09:55 2007)
machinetype.......: 0x14c (I386)

**Kuzz** · 30.03.2009, 14:27

Файл avz00025.dta получен 2009.03.30 12:22:02 (CET)
Текущий статус: закончено
Результат: 15/40 (37.5%)

Код:

a-squared 4.0.0.101 2009.03.30 Riskware.AdWare.Mywebsearch!IK 
AhnLab-V3 5.0.0.2 2009.03.30 - 
AntiVir 7.9.0.129 2009.03.30 - 
Antiy-AVL 2.0.3.1 2009.03.30 AdTool/Win32.MyWebSearch 
Authentium 5.1.2.4 2009.03.29 W32/HackTool.BAC 
Avast 4.8.1335.0 2009.03.29 - 
AVG 8.5.0.285 2009.03.29 - 
BitDefender 7.2 2009.03.30 - 
CAT-QuickHeal 10.00 2009.03.30 - 
ClamAV 0.94.1 2009.03.29 - 
Comodo 1089 2009.03.29 ApplicUnwnt.Win32.Toolbar.MyWebSearch 
DrWeb 4.44.0.09170 2009.03.30 - 
eSafe 7.0.17.0 2009.03.27 - 
eTrust-Vet 31.6.6424 2009.03.30 - 
F-Prot 4.4.4.56 2009.03.29 W32/HackTool.BAC 
F-Secure 8.0.14470.0 2009.03.30 - 
Fortinet 3.117.0.0 2009.03.30 W32/MyWebSearch 
GData 19 2009.03.30 - 
Ikarus T3.1.1.48.0 2009.03.30 not-a-virus:AdWare.Mywebsearch 
K7AntiVirus 7.10.684 2009.03.28 not-a-virus:AdTool.Win32.MyWebSearch.az 
Kaspersky 7.0.0.125 2009.03.30 - 
McAfee 5568 2009.03.29 potentially unwanted program MWS 
McAfee+Artemis 5568 2009.03.29 potentially unwanted program MWS 
McAfee-GW-Edition 6.7.6 2009.03.30 - 
Microsoft 1.4502 2009.03.30 - 
NOD32 3974 2009.03.30 Win32/Toolbar.MyWebSearch 
Norman 6.00.06 2009.03.27 - 
nProtect 2009.1.8.0 2009.03.30 Trojan-Clicker/W32.Toolbar.57344.B 
Panda 10.0.0.10 2009.03.29 Application/MyWebSearch 
PCTools 4.4.2.0 2009.03.29 - 
Prevx1 V2 2009.03.30 - 
Rising 21.23.03.00 2009.03.30 - 
Sophos 4.40.0 2009.03.30 - 
Sunbelt 3.2.1858.2 2009.03.29 - 
Symantec 1.4.4.12 2009.03.30 - 
TheHacker 6.3.3.9.296 2009.03.30 Adware/MyWebSearch.az 
TrendMicro 8.700.0.1004 2009.03.30 - 
VBA32 3.12.10.1 2009.03.29 - 
ViRobot 2009.3.30.1668 2009.03.30 Adware.AskBar.To.57344 
VirusBuster 4.6.5.0 2009.03.30 -

Дополнительная информация
File size: 57344 bytes
MD5...: 30e4c0a012ae80e8479523a8d9a3217f
SHA1..: f5e602af05e25de625fd401f9492a66659ea20b7
SHA256: 23b4fd1592eed3c2d06877fa909ed13985e0d3ca76db856cb2 16a1ec6af4c5cd
SHA512: cd9e775e448c78bc370d4d208a6383308f596d01409d0909c0 cbfb34fe9adf2b
410764d3e9c245001d013581f97335edc70c1fb7c090c5e1c0 11d4e6342e52ca
ssdeep: 768:iARygQiAOPjVbMVcEFjZW4ed44RO2/9IXH+jMF0MjaN5lJJwr6imhAlw:iAR
ygQAj+VcMd2VLMHON53Jw+imhAl

PEiD..: -

**ZhIV** · 31.03.2009, 10:23

Файл avz00001.dta получен 2009.03.31 08:16:17 (CET)

Код:

Антивирус	Версия	Обновление	Результат
a-squared	4.0.0.101	2009.03.31	Packer.Krunchy!IK
AhnLab-V3	5.0.0.2	2009.03.31	-
AntiVir	7.9.0.129	2009.03.30	TR/Drop.Agent.akxp
Antiy-AVL	2.0.3.1	2009.03.30	-
Authentium	5.1.2.4	2009.03.30	W32/Heuristic-210!Eldorado
Avast	4.8.1335.0	2009.03.30	-
AVG	8.5.0.285	2009.03.30	SHeur2.YCD
BitDefender	7.2	2009.03.31	Packer.Krunchy.B
CAT-QuickHeal	10.00	2009.03.30	TrojanDropper.Agent.akxp
ClamAV	0.94.1	2009.03.31	-
Comodo	1090	2009.03.30	-
DrWeb	4.44.0.09170	2009.03.31	-
eSafe	7.0.17.0	2009.03.27	Suspicious File
eTrust-Vet	31.6.6425	2009.03.30	-
F-Prot	4.4.4.56	2009.03.30	W32/Heuristic-210!Eldorado
F-Secure	8.0.14470.0	2009.03.31	Trojan-Dropper.Win32.Agent.akxp
Fortinet	3.117.0.0	2009.03.31	PossibleThreat
GData	19	2009.03.31	Packer.Krunchy.B
Ikarus	T3.1.1.49.0	2009.03.31	Packer.Krunchy
K7AntiVirus	7.10.685	2009.03.30	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2009.03.31	Trojan-Dropper.Win32.Agent.akxp
McAfee	5569	2009.03.30	-
McAfee+Artemis	5569	2009.03.30	Generic!Artemis
McAfee-GW-Edition	6.7.6	2009.03.30	Trojan.Drop.Agent.akxp
Microsoft	1.4502	2009.03.31	Trojan:Win32/Meredrop
NOD32	3976	2009.03.30	Win32/IRCBot.AMC
Norman	6.00.06	2009.03.30	W32/Spybot.gen6
nProtect	2009.1.8.0	2009.03.31	-
Panda	10.0.0.10	2009.03.30	Generic Malware
PCTools	4.4.2.0	2009.03.30	Packed/FRBR
Prevx1	V2	2009.03.31	High Risk Worm
Rising	21.23.10.00	2009.03.31	Trojan.DL.Win32.Nodef.gd
Sophos	4.40.0	2009.03.31	-
Sunbelt	3.2.1858.2	2009.03.31	-
Symantec	1.4.4.12	2009.03.31	-
TheHacker	6.3.3.9.296	2009.03.30	Trojan/Dropper.Agent.akxp
TrendMicro	8.700.0.1004	2009.03.30	WORM_SPYBOT.AUM
VBA32	3.12.10.1	2009.03.29	-
ViRobot	2009.3.30.1668	2009.03.31	-
VirusBuster	4.6.5.0	2009.03.30	Packed/FRBR

Дополнительная информация
File size: 23552 bytes
MD5...: 202a1c4c061a09929398bce42001997f
SHA1..: 3a53f384a7f5d17ba01d018ba752b9b025577946
SHA256: a36da5ac32bd8f724dbecf1ecc302d397e1ff471c7a826eaa1 afb54bdcb4aa12
SHA512: adf0e7664b5117c5f410962f2a0dc2720ef5c05a8a2486f610 31a0575f85f3b2 11b7a0ce3a1c2ba97373f4a0f562c7f3 a187b23966b2ba0c09b5dde3df78f5ce
ssdeep: 384:A0s9TUQHU43B5NKdnBEb4lW4vs3Zd7vuEMt1WSltv7Ekhl SrFZjYHp7myKYb wXcE:A0OTUQP3nNzcxYBSlWXYtmVY0sx Yp3h/ 
PEiD..: -

Исследование антивирусов 7

Опции темы

Mycentria

Похожие темы

Исследование антивирусов 6

Исследование антивирусов 5

Исследование антивирусов 4

Исследование антивирусов 3

Исследование антивирусов 2

Метки для этой темы

Ваши права в разделе