Srpski | Македонски | العربية | Suomi | ihMdI | 
| עברית | 
| Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | 
| 
| Magyar | Deutsch | Česky | Polski | English
| עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | English
|
Virustotal es un servicio de análisis de archivos sospechosos que permite detectar virus, gusanos, troyanos, y malware en general. Más información... |
Análisis del archivo change_cnc3-key.exe recibido el 2008.12.03 03:54:58 (UTC)
Estado actual: análisis terminado
Estado actual: análisis terminado
Resultado: 26/37 (70.27%)
| Motor antivirus | Versión | Última actualización | Resultado |
|---|---|---|---|
| AhnLab-V3 | 2008.12.2.2 | 2008.12.02 | - |
| AntiVir | 7.9.0.36 | 2008.12.02 | DR/Dldr.Small.agns |
| Authentium | 5.1.0.4 | 2008.12.02 | - |
| Avast | 4.8.1281.0 | 2008.12.02 | Win32:Trojan-gen {Other} |
| AVG | 8.0.0.199 | 2008.12.03 | Downloader.Generic_r.BT |
| BitDefender | 7.2 | 2008.12.03 | Trojan.Downloader.Small.ABER |
| CAT-QuickHeal | 10.00 | 2008.12.03 | - |
| ClamAV | 0.94.1 | 2008.12.02 | - |
| DrWeb | 4.44.0.09170 | 2008.12.03 | Trojan.Siggen.1115 |
| eSafe | 7.0.17.0 | 2008.12.02 | Win32.Small.agns |
| eTrust-Vet | 31.6.6240 | 2008.12.03 | - |
| Ewido | 4.0 | 2008.12.02 | - |
| F-Prot | 4.4.4.56 | 2008.12.02 | - |
| F-Secure | 8.0.14332.0 | 2008.12.03 | Trojan-Downloader.Win32.Small.agns |
| Fortinet | 3.117.0.0 | 2008.12.03 | PossibleThreat |
| GData | 19 | 2008.12.03 | Trojan.Downloader.Small.ABER |
| Ikarus | T3.1.1.45.0 | 2008.12.03 | Trojan-Downloader.Win32.Small |
| K7AntiVirus | 7.10.540 | 2008.12.02 | Packed.Win32.Monder.gen |
| Kaspersky | 7.0.0.125 | 2008.12.03 | Trojan-Downloader.Win32.Small.agns |
| McAfee | 5452 | 2008.12.02 | Generic Downloader.x |
| McAfee+Artemis | 5452 | 2008.12.02 | Generic Downloader.x |
| Microsoft | 1.4205 | 2008.12.03 | Trojan:Win32/Vundo.gen!AG |
| NOD32 | 3659 | 2008.12.02 | probably a variant of Win32/Kryptik.BJ |
| Norman | 5.80.02 | 2008.12.02 | W32/Smalltroj.IWCP.dropper |
| Panda | 9.0.0.4 | 2008.12.02 | Generic Trojan |
| PCTools | 4.4.2.0 | 2008.12.02 | Trojan-Downloader.Agent!sd6 |
| Prevx1 | V2 | 2008.12.03 | Malicious Software |
| Rising | 21.06.12.00 | 2008.12.02 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.03 | Trojan.Dropper.Dldr.Small.agns |
| Sophos | 4.36.0 | 2008.12.03 | Sus/Behav-273 |
| Sunbelt | 3.1.1832.2 | 2008.12.01 | - |
| Symantec | 10 | 2008.12.03 | Downloader |
| TheHacker | 6.3.1.2.172 | 2008.12.02 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.02 | PAK_Generic.001 |
| VBA32 | 3.12.8.10 | 2008.12.02 | Trojan-Downloader.Win32.Small.agns |
| ViRobot | 2008.12.2.1496 | 2008.12.02 | Spyware.Small.Do.249207 |
| VirusBuster | 4.5.11.0 | 2008.12.02 | - |
| Información adicional |
|---|
| File size: 249207 bytes |
| MD5...: 7225361c6bac963c971f1e8ba6441732 |
| SHA1..: 4ff267037e71c6bdc873415ad5e957cdda5d8803 |
| SHA256: d75b24e1565e5e2e067d60f8a42f146c1b00da906c0e8733ddebb25fde27a8d1 |
| SHA512: aa8f6005d7293d61addfa8a5c7bdf7f3c95a6a02f0ecbca89753ec50645ca5dd 9d73d34fa2a5bf8c0e23f898415763e6b44588c6b6e1189f8b6f51ccb42446b4 |
| ssdeep: 3072:Z8U2yJN5f661xRZbALxB1Ojdgx8GYWHcNk0eMD4Ix01WRvXwpAJT3oP1Elb qP2m6:Z8U2qy6rRZb7jxGYW8Nk0u16/Y6wPVW |
| PEiD..: - |
| TrID..: File type identification WinRAR Self Extracting archive (95.7%) Win32 Executable Generic (1.5%) Win32 Dynamic Link Library (generic) (1.4%) Win32 Executable Watcom C++ (generic) (0.4%) Generic Win/DOS Executable (0.3%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401000 timedatestamp.....: 0x4623462a (Mon Apr 16 09:47:22 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x14000 0x13600 6.44 c5df2bcf4cb444a9ce3abf40dc2ae79f .data 0x15000 0x7000 0xa00 4.92 fe3e541d125dbe299f892385c2f9e9c8 .idata 0x1c000 0x1000 0x1000 5.12 37eade5359d82bcd800d9cf089c501ff .rsrc 0x1d000 0x4000 0x3c00 4.71 87390a753fe986dd8d412862ac8693b6 ( 8 imports ) > ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW > KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA > COMCTL32.DLL: - > COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA > GDI32.DLL: DeleteObject > SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA > USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA > OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize ( 0 exports ) |
| Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E38A2E3D77BDA8FFCD84033B74741300FB28EA32 |
| Norman Sandbox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * Creating several executable files on hard-drive. * File length: 249207 bytes. [ Changes to filesystem ] * Creates directory C:. * Creates directory C:\WINDOWS. * Creates file C:\WINDOWS\__tmp_rar_sfx_access_check_511. * Deletes file __tmp_rar_sfx_access_check_511. * Creates file C:\WINDOWS\readme.bat. * Creates file C:\WINDOWS\serial.exe. * Creates file C:\WINDOWS\crack.exe. * Creates file C:\WINDOWS\number.exe. * Creates file C:\WINDOWS\keygen.exe. [ Process/window information ] * Creates a dialogbox with caption \"WinRAR self-extracting archive\". * Buttons found in dialogbox: id102[278,156]\"Bro&wse...\" id1[211,207]\"Install\" id2[278,207]\"Cancel\" . * Creates a dialogbox with caption \"License\". * Buttons found in dialogbox: id1[211,207]\"Accept\" id2[278,207]\"Decline\" . * Pressing button with id 1 \"Accept\". * Pressing button with id 1 \"Install\". * Attempts to open CLSID {0000002C-5994-0005-320F-4243693F4000}. * Attemps to NULL C:\WINDOWS\readme.bat NULL. * Creates process \"CMD.EXE\". * Creates process \"serial.exe\". [ Signature Scanning ] * C:\WINDOWS\readme.bat (46 bytes) : no signature detection. * C:\WINDOWS\serial.exe (9728 bytes) : no signature detection. * C:\WINDOWS\crack.exe (59392 bytes) : W32/Smalltroj.IWCP. |
| ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=7225361c6bac963c971f1e8ba6441732 |
| packers (Kaspersky): PE_Patch.UPX, UPX |
| CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=7225361c6bac963c971f1e8ba6441732 |
| packers (F-Prot): RAR, UPX |
IMPORTANTE:
VirusTotal es un servicio gratuito ofrecido por Hispasec Sistemas, quien no garantiza la disponibilidad y continuidad de funcionamiento de éste. Pese a que el índice de detección ofrecido por el análisis simultáneo de múltiples motores antivirus es muy superior al de un sólo producto, los resultados NO garantizan la inocuidad de un archivo. No existe solución que pueda ofrecer un 100% de efectividad en el reconocimiento de virus y malware en general.
