|
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware.
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: packupdate_build6_179.exeSubmission date: 2010-03-11 04:26:18 (UTC)Current status: finishedResult:
7
/42 (16.7%) |
VT Community
 not reviewed Safety score: - |
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| a-squared | 4.5.0.50 | 2010.03.11 | Trojan.Win32.FakeAV!IK |
| AhnLab-V3 | 5.0.0.2 | 2010.03.10 | - |
| AntiVir | 8.2.1.180 | 2010.03.10 | - |
| Antiy-AVL | 2.0.3.7 | 2010.03.10 | - |
| Authentium | 5.2.0.5 | 2010.03.11 | - |
| Avast | 4.8.1351.0 | 2010.03.10 | - |
| Avast5 | 5.0.332.0 | 2010.03.10 | - |
| AVG | 9.0.0.787 | 2010.03.10 | - |
| BitDefender | 7.2 | 2010.03.11 | - |
| CAT-QuickHeal | 10.00 | 2010.03.10 | (Suspicious) - DNAScan |
| ClamAV | 0.96.0.0-git | 2010.03.11 | - |
| Comodo | 4091 | 2010.02.28 | - |
| DrWeb | 5.0.1.12222 | 2010.03.11 | - |
| eSafe | 7.0.17.0 | 2010.03.10 | - |
| eTrust-Vet | 35.2.7351 | 2010.03.10 | - |
| F-Prot | 4.5.1.85 | 2010.03.10 | - |
| F-Secure | 9.0.15370.0 | 2010.03.11 | - |
| Fortinet | 4.0.14.0 | 2010.03.09 | - |
| GData | 19 | 2010.03.11 | - |
| Ikarus | T3.1.1.80.0 | 2010.03.11 | Trojan.Win32.FakeAV |
| Jiangmin | 13.0.900 | 2010.03.10 | - |
| K7AntiVirus | 7.10.994 | 2010.03.10 | - |
| Kaspersky | 7.0.0.125 | 2010.03.11 | - |
| McAfee | 5916 | 2010.03.10 | - |
| McAfee+Artemis | 5916 | 2010.03.10 | - |
| McAfee-GW-Edition | 6.8.5 | 2010.03.11 | - |
| Microsoft | 1.5502 | 2010.03.10 | - |
| NOD32 | 4933 | 2010.03.10 | - |
| Norman | 6.04.08 | 2010.03.10 | - |
| nProtect | 2009.1.8.0 | 2010.03.10 | - |
| Panda | 10.0.2.2 | 2010.03.10 | - |
| PCTools | 7.0.3.5 | 2010.03.10 | - |
| Prevx | 3.0 | 2010.03.11 | - |
| Rising | 22.38.03.01 | 2010.03.11 | - |
| Sophos | 4.51.0 | 2010.03.11 | Mal/FakeAV-BW |
| Sunbelt | 5820 | 2010.03.11 | Trojan.Win32.Generic!SB.0 |
| Symantec | 20091.2.0.41 | 2010.03.11 | Suspicious.Insight |
| TheHacker | 6.5.2.0.230 | 2010.03.11 | Trojan/FakeAV.gen |
| TrendMicro | 9.120.0.1004 | 2010.03.10 | - |
| VBA32 | 3.12.12.2 | 2010.03.09 | - |
| ViRobot | 2010.3.10.2220 | 2010.03.11 | - |
| VirusBuster | 5.0.27.0 | 2010.03.10 | - |
Additional information
|
|---|
| MD5 : 810a79b98c1dc194ec022cb7063fe3c0 |
| SHA1 : af4a77fe446f3fcd259ed02c57423c348d17934c |
| SHA256: 6c835981a6fd2f866f6200dfd5384240fab14149ddc8c162721305c11533d984 |
| ssdeep: 6144:F1H5J5dgy8eV4xiqbZv/YEi/y5zDnZnY5AajV+6aB1D0s0bPVr2ami:jZF78zvbZiStY57[*lb*]jVCD0BPVDmi |
| File size : 390656 bytes |
| First seen: 2010-03-10 18:51:30 |
| Last seen : 2010-04-20 18:34:10 |
| Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit |
| TrID: Win32 Executable MS Visual C++ (generic) (62.9%)[*lb*]Win32 Executable Generic (14.2%)[*lb*]Win32 Dynamic Link Library (generic) (12.6%)[*lb*]Win16/32 Executable Delphi generic (3.4%)[*lb*]Generic Win/DOS Executable (3.3%) |
| sigcheck: publisher....: n/a[*lb*]copyright....: n/a[*lb*]product......: n/a[*lb*]description..: n/a[*lb*]original name: n/a[*lb*]internal name: n/a[*lb*]file version.: n/a[*lb*]comments.....: n/a[*lb*]signers......: -[*lb*]signing date.: -[*lb*]verified.....: Unsigned[*lb*] |
| PEiD: - |
| PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x9B58 timedatestamp....: 0x4684074D (Thu Jun 28 19:09:01 2007) machinetype......: 0x14C (Intel I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x129F0, 0x12A00, 6.22, 87b78ad86909812059a4c60917356a81 .data, 0x14000, 0x1371A, 0xE600, 4.69, 938fd86302385a26f00d608b83e91f0b .rdata, 0x28000, 0x1E9A6, 0x17A00, 5.39, b1a60d4aecc3546f49164473722f3c91 .idata, 0x47000, 0x3DDFE, 0x23E00, 6.2, c9955ef006c678f212a4c37a7dc59817 .rsrc, 0x85000, 0x2714, 0x2800, 4.04, 1081350cefa66d24114c0fe39613699e [[ 19 import(s) ]] advapi32.dll: RegEnumKeyA, IsValidSid, RegQueryValueW, GetLengthSid, RegCreateKeyExW, SetNamedSecurityInfoW, QueryServiceConfigW, RegDeleteKeyW, RegOpenKeyW, RegEnumValueW, GetTokenInformation, ChangeServiceConfigW, InitializeAcl, RegFlushKey, RegEnumValueA, QueryServiceStatus, LookupPrivilegeValueA, IsTextUnicode, OpenThreadToken, RegQueryValueExW, LsaOpenPolicy, RegQueryInfoKeyA, GetSecurityDescriptorDacl, RegSetValueA, RegOpenKeyExW, GetSidIdentifierAuthority, RevertToSelf, GetTraceLoggerHandle, RegOpenKeyA, CryptGenRandom, CryptAcquireContextW, RegEnumKeyW, CheckTokenMembership, GetUserNameA, GetAclInformation, RegisterTraceGuidsW, UnregisterTraceGuids, RegEnumKeyExA comctl32.dll: ImageList_Draw, ImageList_Create, InitCommonControlsEx, ImageList_Destroy, InitCommonControls, ImageList_ReplaceIcon cryptui.dll: CryptUIFreeViewSignaturesPagesW, CryptUIWizCertRequest, CryptUIDlgViewCertificateW, CryptUIDlgViewCTLW, CryptUIDlgViewCRLA, CryptUIWizImport imagehlp.dll: ImageRemoveCertificate, SymUnloadModule, SymGetSearchPath, SymGetSymFromAddr, ImageRvaToVa, ImageRvaToSection, ImageNtHeader, ImageDirectoryEntryToDataEx, SymGetModuleInfo, ImageLoad, ImageEnumerateCertificates, MapAndLoad, BindImageEx, SymInitialize kernel32.dll: CompareStringW, SetEvent, IsBadWritePtr, DisableThreadLibraryCalls, lstrcpynA, lstrcatW, ExitProcess, VirtualQuery, UnmapViewOfFile, GlobalUnlock, lstrlenA, VirtualAlloc, IsDebuggerPresent, GetTickCount, SetThreadPriority, InterlockedCompareExchange, FindNextFileW, GetCPInfo, SetUnhandledExceptionFilter, LoadLibraryA, LocalAlloc, MultiByteToWideChar, Sleep, VirtualFree, GetFileSize, GetExitCodeProcess, GetProcessHeap, HeapReAlloc, GetModuleFileNameW mprapi.dll: MprInfoBlockFind, MprAdminUserServerDisconnect, MprInfoCreate, MprInfoBlockAdd, MprInfoDelete, MprConfigServerDisconnect, MprAdminServerDisconnect, MprAdminMIBServerConnect, MprAdminMIBEntryGet, MprAdminBufferFree, MprAdminIsServiceRunning, MprAdminServerConnect msacm32.dll: acmStreamClose, acmFormatTagDetailsW, acmFormatChooseW, acmStreamSize, acmGetVersion, acmStreamConvert, acmFormatSuggest, acmStreamUnprepareHeader, acmStreamOpen, acmMetrics, acmFormatDetailsW ntdsapi.dll: DsFreeDomainControllerInfoW, DsBindW, DsMapSchemaGuidsW, DsBindWithCredA, DsFreeNameResultW, DsReplicaFreeInfo ole32.dll: ProgIDFromCLSID, CLSIDFromString, StgOpenStorage, StringFromGUID2, CoCreateInstanceEx, OleUninitialize, CoInitializeSecurity, CoRegisterClassObject, CoRevokeClassObject, IIDFromString, CreateBindCtx, StgIsStorageFile, CoInitialize, CreateOleAdviseHolder, StringFromCLSID, CoCreateGuid, StgCreateDocfileOnILockBytes, CreateDataAdviseHolder, StringFromIID, CoCreateFreeThreadedMarshaler, StgCreateDocfile, CoGetObjectContext, OleRegGetMiscStatus, CoUninitialize, OleInitialize, OleLoadFromStream, CLSIDFromProgID, CoTaskMemFree, CreateStreamOnHGlobal, OleSaveToStream oleaut32.dll: RegisterTypeLib, VariantInit, SysStringLen, OleLoadPicture, VariantClear, RegisterTypeLibForUser, VariantChangeType, SysReAllocStringLen, SysAllocStringLen, SafeArrayPtrOfIndex, RevokeActiveObject, SysFreeString, SafeArrayCreate, VariantChangeTypeEx, SafeArrayGetUBound, SetErrorInfo, SysStringByteLen, SafeArrayGetElement, VariantCopyInd, GetActiveObject, SafeArrayUnaccessData, SafeArrayAccessData, SysAllocStringByteLen, VariantCopy, GetErrorInfo, LoadTypeLib, CreateErrorInfo, SafeArrayPutElement, SafeArrayGetLBound psapi.dll: GetModuleFileNameExW, GetModuleBaseNameA, GetModuleBaseNameW, GetModuleFileNameExA, EnumDeviceDrivers, GetMappedFileNameA, EnumProcessModules, GetDeviceDriverFileNameA, EnumProcesses rasapi32.dll: RasGetCredentialsW, RasDeleteEntryW, RasGetConnectStatusW, RasConnectionNotificationW, RasGetEapUserDataW, RasEnumDevicesW, RasSetAutodialAddressW, RasGetHport, RasGetEntryPropertiesA, RasGetEntryPropertiesW, RasDialW, RasSetCredentialsW rpcrt4.dll: RpcBindingVectorFree, UuidToStringA, NdrCStdStubBuffer_Release, IUnknown_QueryInterface_Proxy, NdrOleFree, UuidToStringW, IUnknown_AddRef_Proxy, NdrStubCall2, CStdStubBuffer_DebugServerRelease, RpcServerRegisterAuthInfoW, NdrClientCall2, RpcRaiseException, RpcEpResolveBinding, NdrDllUnregisterProxy, CStdStubBuffer_Connect, CStdStubBuffer_Invoke, CStdStubBuffer_QueryInterface, RpcBindingSetAuthInfoW, UuidFromStringW, RpcStringBindingComposeW, NdrDllGetClassObject, NdrStubForwardingFunction, RpcBindingFree, NdrDllCanUnloadNow, RpcStringFreeW, NdrCStdStubBuffer2_Release, CStdStubBuffer_CountRefs, RpcStringBindingParseW, CStdStubBuffer_Disconnect, RpcBindingSetAuthInfoExW, NdrOleAllocate, UuidCreate, CStdStubBuffer_AddRef, IUnknown_Release_Proxy, NdrDllRegisterProxy, RpcBindingToStringBindingW, RpcStringFreeA, NdrServerCall2 rtutils.dll: TraceRegisterExW, TraceRegisterExA, TraceDeregisterW, TraceVprintfExA, TraceDeregisterA tapi32.dll: lineOpen, lineGetID, lineGetTranslateCapsW, lineTranslateAddressW userenv.dll: CreateEnvironmentBlock, EnterCriticalPolicySection, RegisterGPNotification, GetAppliedGPOListW, RefreshPolicy, GetProfilesDirectoryW, LoadUserProfileW, UnloadUserProfile, FreeGPOListW, GetAllUsersProfileDirectoryW, GetProfileType, GetGPOListW, UnregisterGPNotification, GetUserProfileDirectoryW, LeaveCriticalPolicySection, DestroyEnvironmentBlock, GetUserProfileDirectoryA version.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, GetFileVersionInfoA, VerQueryValueA, VerQueryValueW winmm.dll: timeBeginPeriod, DefDriverProc, mixerClose, waveOutWrite, mixerGetNumDevs, timeEndPeriod, waveOutUnprepareHeader, mixerOpen, waveOutMessage, waveOutPrepareHeader, mmioRead, mixerGetLineInfoW, waveOutGetNumDevs, timeGetTime, waveInGetDevCapsW, mixerSetControlDetails, timeGetDevCaps, mixerGetControlDetailsW, mmioClose, PlaySoundW, mmioDescend, mixerGetLineControlsW, waveOutOpen wsock32.dll: ntohl, ioctlsocket, WSASetLastError, htonl, send, recvfrom, ntohs, bind, accept, listen, getsockopt, sendto |
| Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=E7233D59006F9173F66705CCDE619800493C883E |
VT Community
This file has never been reviewed by any VT Community member. Be the first one to comment on it!VirusTotal Team
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
[b]text[/b] -- bold
[i]text[/i] -- italics
[u]text[/u] -- underline
[s]text[/s] -- strikethrough
[code]text[/code] - preformatted text
You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.
Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.