Srpski | Македонски | العربية | Suomi | ihMdI | | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virus Total

VirusTotal הינו שירות אשר מנתח קבצים חשודים ומקדם זיהוי מהיר של וירוסים, תולעים, טרויינים וכל סוגי תוכנות זדונה שמזוהות על ידי מנועים של אנטיורוסים שונים. מידע נוסף...
קובץ change_cnc3-key.exe התקבל ב 2008.12.03 03:54:58 (UTC)
מצב נוכחי: הסתיים
תוצאה:26/37 (70.27%)
אנטיוירוס גרסה עדכון אחרון תוצאה
AhnLab-V3 2008.12.2.2 2008.12.02 -
AntiVir 7.9.0.36 2008.12.02 DR/Dldr.Small.agns
Authentium 5.1.0.4 2008.12.02 -
Avast 4.8.1281.0 2008.12.02 Win32:Trojan-gen {Other}
AVG 8.0.0.199 2008.12.03 Downloader.Generic_r.BT
BitDefender 7.2 2008.12.03 Trojan.Downloader.Small.ABER
CAT-QuickHeal 10.00 2008.12.03 -
ClamAV 0.94.1 2008.12.02 -
DrWeb 4.44.0.09170 2008.12.03 Trojan.Siggen.1115
eSafe 7.0.17.0 2008.12.02 Win32.Small.agns
eTrust-Vet 31.6.6240 2008.12.03 -
Ewido 4.0 2008.12.02 -
F-Prot 4.4.4.56 2008.12.02 -
F-Secure 8.0.14332.0 2008.12.03 Trojan-Downloader.Win32.Small.agns
Fortinet 3.117.0.0 2008.12.03 PossibleThreat
GData 19 2008.12.03 Trojan.Downloader.Small.ABER
Ikarus T3.1.1.45.0 2008.12.03 Trojan-Downloader.Win32.Small
K7AntiVirus 7.10.540 2008.12.02 Packed.Win32.Monder.gen
Kaspersky 7.0.0.125 2008.12.03 Trojan-Downloader.Win32.Small.agns
McAfee 5452 2008.12.02 Generic Downloader.x
McAfee+Artemis 5452 2008.12.02 Generic Downloader.x
Microsoft 1.4205 2008.12.03 Trojan:Win32/Vundo.gen!AG
NOD32 3659 2008.12.02 probably a variant of Win32/Kryptik.BJ
Norman 5.80.02 2008.12.02 W32/Smalltroj.IWCP.dropper
Panda 9.0.0.4 2008.12.02 Generic Trojan
PCTools 4.4.2.0 2008.12.02 Trojan-Downloader.Agent!sd6
Prevx1 V2 2008.12.03 Malicious Software
Rising 21.06.12.00 2008.12.02 -
SecureWeb-Gateway 6.7.6 2008.12.03 Trojan.Dropper.Dldr.Small.agns
Sophos 4.36.0 2008.12.03 Sus/Behav-273
Sunbelt 3.1.1832.2 2008.12.01 -
Symantec 10 2008.12.03 Downloader
TheHacker 6.3.1.2.172 2008.12.02 -
TrendMicro 8.700.0.1004 2008.12.02 PAK_Generic.001
VBA32 3.12.8.10 2008.12.02 Trojan-Downloader.Win32.Small.agns
ViRobot 2008.12.2.1496 2008.12.02 Spyware.Small.Do.249207
VirusBuster 4.5.11.0 2008.12.02 -
מידע נוסף
File size: 249207 bytes
MD5...: 7225361c6bac963c971f1e8ba6441732
SHA1..: 4ff267037e71c6bdc873415ad5e957cdda5d8803
SHA256: d75b24e1565e5e2e067d60f8a42f146c1b00da906c0e8733ddebb25fde27a8d1
SHA512: aa8f6005d7293d61addfa8a5c7bdf7f3c95a6a02f0ecbca89753ec50645ca5dd
9d73d34fa2a5bf8c0e23f898415763e6b44588c6b6e1189f8b6f51ccb42446b4
ssdeep: 3072:Z8U2yJN5f661xRZbALxB1Ojdgx8GYWHcNk0eMD4Ix01WRvXwpAJT3oP1Elb
qP2m6:Z8U2qy6rRZb7jxGYW8Nk0u16/Y6wPVW
PEiD..: -
TrID..: File type identification
WinRAR Self Extracting archive (95.7%)
Win32 Executable Generic (1.5%)
Win32 Dynamic Link Library (generic) (1.4%)
Win32 Executable Watcom C++ (generic) (0.4%)
Generic Win/DOS Executable (0.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401000
timedatestamp.....: 0x4623462a (Mon Apr 16 09:47:22 2007)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x14000 0x13600 6.44 c5df2bcf4cb444a9ce3abf40dc2ae79f
.data 0x15000 0x7000 0xa00 4.92 fe3e541d125dbe299f892385c2f9e9c8
.idata 0x1c000 0x1000 0x1000 5.12 37eade5359d82bcd800d9cf089c501ff
.rsrc 0x1d000 0x4000 0x3c00 4.71 87390a753fe986dd8d412862ac8693b6

( 8 imports )
> ADVAPI32.DLL: AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, SetFileSecurityA, SetFileSecurityW
> KERNEL32.DLL: CloseHandle, CompareStringA, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, DosDateTimeToFileTime, ExitProcess, ExpandEnvironmentStringsA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, FindResourceA, FreeLibrary, GetCPInfo, GetCommandLineA, GetCurrentDirectoryA, GetCurrentProcess, GetDateFormatA, GetFileAttributesA, GetFileAttributesW, GetFileType, GetFullPathNameA, GetLastError, GetLocaleInfoA, GetModuleFileNameA, GetModuleHandleA, GetNumberFormatA, GetProcAddress, GetProcessHeap, GetStdHandle, GetTempPathA, GetTickCount, GetTimeFormatA, GetVersionExA, GlobalAlloc, HeapAlloc, HeapFree, HeapReAlloc, IsDBCSLeadByte, LoadLibraryA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, MultiByteToWideChar, ReadFile, SetCurrentDirectoryA, SetEndOfFile, SetEnvironmentVariableA, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFileTime, SetLastError, Sleep, SystemTimeToFileTime, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcmpiA, lstrlenA
> COMCTL32.DLL: -
> COMDLG32.DLL: CommDlgExtendedError, GetOpenFileNameA, GetSaveFileNameA
> GDI32.DLL: DeleteObject
> SHELL32.DLL: SHBrowseForFolderA, SHChangeNotify, SHFileOperationA, SHGetFileInfoA, SHGetMalloc, SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA
> USER32.DLL: CharToOemA, CharToOemBuffA, CharUpperA, CopyRect, CreateWindowExA, DefWindowProcA, DestroyIcon, DestroyWindow, DialogBoxParamA, DispatchMessageA, EnableWindow, EndDialog, FindWindowExA, GetClassNameA, GetClientRect, GetDlgItem, GetDlgItemTextA, GetMessageA, GetParent, GetSysColor, GetSystemMetrics, GetWindow, GetWindowLongA, GetWindowRect, GetWindowTextA, IsWindow, IsWindowVisible, LoadBitmapA, LoadCursorA, LoadIconA, LoadStringA, MapWindowPoints, MessageBoxA, OemToCharA, OemToCharBuffA, PeekMessageA, PostMessageA, RegisterClassExA, SendDlgItemMessageA, SendMessageA, SetDlgItemTextA, SetFocus, SetMenu, SetWindowLongA, SetWindowPos, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow, WaitForInputIdle, wsprintfA, wvsprintfA
> OLE32.DLL: CLSIDFromString, CoCreateInstance, CreateStreamOnHGlobal, OleInitialize, OleUninitialize

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=E38A2E3D77BDA8FFCD84033B74741300FB28EA32
Norman Sandbox: [ General information ]
* **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**.
* Creating several executable files on hard-drive.
* File length: 249207 bytes.

[ Changes to filesystem ]
* Creates directory C:.
* Creates directory C:\WINDOWS.
* Creates file C:\WINDOWS\__tmp_rar_sfx_access_check_511.
* Deletes file __tmp_rar_sfx_access_check_511.
* Creates file C:\WINDOWS\readme.bat.
* Creates file C:\WINDOWS\serial.exe.
* Creates file C:\WINDOWS\crack.exe.
* Creates file C:\WINDOWS\number.exe.
* Creates file C:\WINDOWS\keygen.exe.

[ Process/window information ]
* Creates a dialogbox with caption \"WinRAR self-extracting archive\".
* Buttons found in dialogbox: id102[278,156]\"Bro&wse...\" id1[211,207]\"Install\" id2[278,207]\"Cancel\" .
* Creates a dialogbox with caption \"License\".
* Buttons found in dialogbox: id1[211,207]\"Accept\" id2[278,207]\"Decline\" .
* Pressing button with id 1 \"Accept\".
* Pressing button with id 1 \"Install\".
* Attempts to open CLSID {0000002C-5994-0005-320F-4243693F4000}.
* Attemps to NULL C:\WINDOWS\readme.bat NULL.
* Creates process \"CMD.EXE\".
* Creates process \"serial.exe\".

[ Signature Scanning ]
* C:\WINDOWS\readme.bat (46 bytes) : no signature detection.
* C:\WINDOWS\serial.exe (9728 bytes) : no signature detection.
* C:\WINDOWS\crack.exe (59392 bytes) : W32/Smalltroj.IWCP.
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=7225361c6bac963c971f1e8ba6441732
packers (Kaspersky): PE_Patch.UPX, UPX
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=7225361c6bac963c971f1e8ba6441732
packers (F-Prot): RAR, UPX

שימו לב שימו לב: VirusTotal הינו שיורת חינם המוצע על ידי Hispasec Sistemas. אין הבטחות לגבי זמינות והמשך השירות הזה. למרות שרמת הזיהוי שמתאפשרת על ידי שימוש בכמה מנועי אנטיוירוסים הרבה יותר עליונה מאשר רק מוצר אחד, התוצאות הללו אינן מבטיחות את אי-נזק של הקובץ. כרגע, לא קיים פתרון אשר מציע 100% אפקטיביות לזיהוי וירוסים ותוכנות זדונה.

קובץ אחר