Srpski | Македонски | العربية | Suomi | ihMdI | 
| עברית | 
| Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | 
| 
| Magyar | Deutsch | Česky | Polski | English
| עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | English
|
Virustotal es un servicio de análisis de archivos sospechosos que permite detectar virus, gusanos, troyanos, y malware en general. Más información... |
Análisis del archivo bad.exe recibido el 2008.07.17 04:38:24 (UTC)
Estado actual: análisis terminado
Estado actual: análisis terminado
Resultado: 21/33 (63.64%)
| Motor antivirus | Versión | Última actualización | Resultado |
|---|---|---|---|
| AhnLab-V3 | 2008.7.17.0 | 2008.07.16 | - |
| AntiVir | 7.8.0.68 | 2008.07.16 | TR/Crypt.FKM.Gen |
| Authentium | 5.1.0.4 | 2008.07.16 | - |
| Avast | 4.8.1195.0 | 2008.07.17 | Win32:Agent-GPS |
| AVG | 7.5.0.516 | 2008.07.16 | Agent.YJZ |
| BitDefender | 7.2 | 2008.07.17 | DeepScan:Generic.Malware.FBldld.526CB581 |
| CAT-QuickHeal | 9.50 | 2008.07.16 | - |
| ClamAV | 0.93.1 | 2008.07.17 | - |
| DrWeb | 4.44.0.09170 | 2008.07.16 | Trojan.Spambot.origin |
| eSafe | 7.0.17.0 | 2008.07.16 | Suspicious File |
| eTrust-Vet | 31.6.5961 | 2008.07.17 | Win32/Danmec!generic |
| Ewido | 4.0 | 2008.07.16 | - |
| F-Prot | 4.4.4.56 | 2008.07.16 | - |
| F-Secure | 7.60.13501.0 | 2008.07.17 | W32/Malware |
| Fortinet | 3.14.0.0 | 2008.07.17 | PossibleThreat |
| GData | 2.0.7306.1023 | 2008.07.17 | Win32:Agent-GPS |
| Ikarus | T3.1.1.26.0 | 2008.07.17 | Virus.Win32.Agent.GPS |
| Kaspersky | 7.0.0.125 | 2008.07.17 | Backdoor.Win32.Agent.mnl |
| McAfee | 5340 | 2008.07.16 | - |
| Microsoft | 1.3704 | 2008.07.17 | Backdoor:Win32/Agent.ACG |
| NOD32v2 | 3274 | 2008.07.17 | probably a variant of Win32/Agent.NEQ |
| Norman | 5.80.02 | 2008.07.16 | W32/Malware |
| Panda | 9.0.0.4 | 2008.07.16 | - |
| Prevx1 | V2 | 2008.07.17 | - |
| Rising | 20.53.22.00 | 2008.07.16 | - |
| Sophos | 4.31.0 | 2008.07.17 | Sus/Behav-1021 |
| Sunbelt | 3.1.1536.1 | 2008.07.15 | - |
| Symantec | 10 | 2008.07.17 | Trojan.Asprox |
| TheHacker | 6.2.96.381 | 2008.07.16 | - |
| TrendMicro | 8.700.0.1004 | 2008.07.17 | Possible_Asprox |
| VBA32 | 3.12.8.0 | 2008.07.17 | suspected of Trojan-PSW.Pinch.12 (paranoid heuristics) |
| VirusBuster | 4.5.11.0 | 2008.07.16 | Trojan.Damnec.Gen |
| Webwasher-Gateway | 6.6.2 | 2008.07.17 | Trojan.Crypt.FKM.Gen |
| Información adicional |
|---|
| File size: 52224 bytes |
| MD5...: d394efd063619cd1fb77f11d7eae9199 |
| SHA1..: f31ff3b49b14d6e9f76d9265fcc95eae6fd7d4cc |
| SHA256: fbf24a0c258514fffe2fce0597fc60e8b9c247a683a68001bbaa5ad09e2034ef |
| SHA512: fce348cda438d3efff1dec87b1167713ae889180dbf5f40209a739fe9cdadb39 e679b70d216ef39967c4ba0edf86fc1000b957ac3bfc84592134226fec3c1c6f |
| PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x421ef0 timedatestamp.....: 0x487ba459 (Mon Jul 14 19:09:13 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x15000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x16000 0xd000 0xc200 7.92 0f5bf6aaaea80821607dd5b9cb4ab742 .rsrc 0x23000 0x1000 0x600 2.99 0b20e20aa9fc33e446bcd76b5ddf0247 ( 2 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess > MSVCRT.dll: free ( 0 exports ) |
| Norman Sandbox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 52224 bytes. [ Changes to filesystem ] * Deletes file C:\WINDOWS\lg32.txt. * Creates file C:\WINDOWS\TEMP\~1999.tmp. * Deletes file C:\WINDOWS\ws386.ini. * Creates file C:\WINDOWS\ws386.ini. * Deletes file C:\WINDOWS\TEMP\~1999.tmp. * Creates file C:\WINDOWS\db32.txt. * Deletes file C:\WINDOWS\system32\aspimgr.exe. * Creates file C:\WINDOWS\system32\aspimgr.exe. * Creates file C:\WINDOWS\TEMP\_check32.bat. * Deletes file \"c:\sample.exe\". * Creates file C:\WINDOWS\TEMP\~1919.tmp. * Deletes file C:\WINDOWS\TEMP\~1919.tmp. * Creates file C:\WINDOWS\s32.txt. [ Changes to registry ] * Accesses Registry key \"HKCU\SOFTWARE\Far\Plugins\FTP\Hosts\". * Creates key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Sets value \"ImagePath\"=\"C:\WINDOWS\system32\aspimgr.exe\" in key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Sets value \"DisplayName\"=\"Microsoft ASPI Manager\" in key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Accesses Registry key \"HKLM\Software\Microsoft\Sft\". * Creates key \"HKLM\Software\Microsoft\Sft\". * Sets value \"default\"=\"{00000000-0000-0000-0000-00003F000F00}\" in key \"HKLM\Software\Microsoft\Sft\". [ Network services ] * Connects to \"ns.uk2.net\" on port 53 (IP). * Connects to \"www.yahoo.com\" on port 80 (IP). * Connects to \"www.web.de\" on port 80 (IP). * Connects to \"FAKE\" on port 4660 (IP). * Sets up a HTTP server on port 80. [ Security issues ] * Possible backdoor functionality [HTTP] port 80. [ Process/window information ] * Attempts to access service \"aspimgr\". * Creates service \"aspimgr (Microsoft ASPI Manager)\" as \"C:\WINDOWS\system32\aspimgr.exe\". * Creates process \"aspimgr.exe\". * Attemps to open C:\WINDOWS\TEMP\_check32.bat NULL. * Creates process \"CMD.EXE\". |
| packers (Kaspersky): PE_Patch.UPX, UPX |
| packers (F-Prot): UPX |
| packers (Avast): UPX |
IMPORTANTE:
VirusTotal es un servicio gratuito ofrecido por Hispasec Sistemas, quien no garantiza la disponibilidad y continuidad de funcionamiento de éste. Pese a que el índice de detección ofrecido por el análisis simultáneo de múltiples motores antivirus es muy superior al de un sólo producto, los resultados NO garantizan la inocuidad de un archivo. No existe solución que pueda ofrecer un 100% de efectividad en el reconocimiento de virus y malware en general.
