Virustotal. MD5: 623ce118b366c99a887ab2fedbf899d1 W32/Malware a variant of Win32/PSW.OnLineGames.NNS BehavesLike:Trojan.ShellHook

Fişier Isw.COM primit la data de 2008.08.30 09:04:09 (UTC)
Status actual: încheiat

Rezultat: 21/36 (58.33%)

Antivirus	Versiune	Ultima actualizare	Rezultat
AhnLab-V3	2008.8.29.0	2008.08.29	-
AntiVir	7.8.1.23	2008.08.29	TR/ATRAPS.Gen
Authentium	5.1.0.4	2008.08.30	-
Avast	4.8.1195.0	2008.08.29	Win32:OnLineGames-BKC
AVG	8.0.0.161	2008.08.29	-
BitDefender	7.2	2008.08.30	BehavesLike:Trojan.ShellHook
CAT-QuickHeal	9.50	2008.08.29	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.08.30	-
DrWeb	4.44.0.09170	2008.08.29	Trojan.PWS.Gamania.origin
eSafe	7.0.17.0	2008.08.28	Suspicious File
eTrust-Vet	31.6.6057	2008.08.29	-
Ewido	4.0	2008.08.29	-
F-Prot	4.4.4.56	2008.08.29	-
F-Secure	7.60.13501.0	2008.08.30	W32/Malware
Fortinet	3.14.0.0	2008.08.30	-
GData	19	2008.08.30	Win32:OnLineGames-BKC
Ikarus	T3.1.1.34.0	2008.08.30	Virus.Win32.OnLineGames.AHK
K7AntiVirus	7.10.432	2008.08.29	Trojan.Win32.Malware.1
Kaspersky	7.0.0.125	2008.08.30	-
McAfee	5373	2008.08.29	-
Microsoft	1.3807	2008.08.25	PWS:Win32/Gamania.gen!D
NOD32v2	3401	2008.08.30	a variant of Win32/PSW.OnLineGames.NNS
Norman	5.80.02	2008.08.29	W32/Malware
Panda	9.0.0.4	2008.08.29	Suspicious file
PCTools	4.4.2.0	2008.08.29	Packed/BeRo
Prevx1	V2	2008.08.30	-
Rising	20.59.51.00	2008.08.30	Packer.Win32.PePatch.d
Sophos	4.33.0	2008.08.30	Mal/LineDLL-B
Sunbelt	3.1.1592.1	2008.08.30	-
Symantec	10	2008.08.30	-
TheHacker	6.3.0.6.068	2008.08.30	-
TrendMicro	8.700.0.1004	2008.08.29	Cryp_Bero
VBA32	3.12.8.4	2008.08.29	MalwareScope.Trojan-PSW.Game.13
ViRobot	2008.8.29.1355	2008.08.29	-
VirusBuster	4.5.11.0	2008.08.29	Packed/BeRo
Webwasher-Gateway	6.6.2	2008.08.29	Trojan.ATRAPS.Gen

Informaţii suplimentare
File size: 87552 bytes
MD5...: 623ce118b366c99a887ab2fedbf899d1
SHA1..: 3b58aee7445f10c553d23a859a96ac1a651290e5
SHA256: d302d14a5d607d0fb7e710f8fd28c8dd1fbaa279abc9713b8c939d73febbd64d
SHA512: b38ca745735beca46a729c38c0a96934cae317dc0a5f987259928c2ea9671b1c 529c141ae71c2c73377afff8e77fb925c1250ab479a2a60493cf9074252c289e
PEiD..: BeRoEXEPacker v1.00 [LZMA] -> BeRo / Farbrausch
TrID..: File type identification Generic Win/DOS Executable (40.0%) DOS Executable Generic (39.9%) Maple Common Binary file (generic) (20.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x43405f timedatestamp.....: 0x48b4c20c (Wed Aug 27 02:55:08 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 packerBY 0x1000 0x32001 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e bero_fr 0x34000 0x15069 0x15200 7.99 e42add9d782e2a1b0078c9c29a926a26 .rsrc 0x4a000 0x8000 0x200 1.48 5d1f640a19dc57bbc0d205d683a30615 ( 1 imports ) > kernel32.dll: LoadLibraryA, GetProcAddress ( 0 exports )
Norman Sandbox: [ General information ] * IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD). * Accesses executable file from resource section. * File length: 87552 bytes. [ Changes to filesystem ] * Creates file C:\WINDOWS\2.bat. * Deletes file %0. * Creates file C:\WINDOWS\Debug\92F54D81A560.dll. [ Changes to registry ] * Creates key \"HKCR\CLSID\{D468BE53-03E2-4294-8967-CB67C9990F1B}\". * Sets value \"\"=\"fsvdf\" in key \"HKCR\CLSID\{D468BE53-03E2-4294-8967-CB67C9990F1B}\". * Creates key \"HKCR\CLSID\{D468BE53-03E2-4294-8967-CB67C9990F1B}\InProcServer32\". * Sets value \"\"=\"C:\WINDOWS\Debug\92F54D81A560.dll\" in key \"HKCR\CLSID\{D468BE53-03E2-4294-8967-CB67C9990F1B}\InProcServer32\". * Sets value \"ThrEaDiNgModEL\"=\"aPaRTmEnT\" in key \"HKCR\CLSID\{D468BE53-03E2-4294-8967-CB67C9990F1B}\InProcServer32\". [ Network ] * Hooks into Shell explorer. [ Process/window information ] * Creates a mutex 2B75625A. * Creates process \"CMD.EXE\".
packers (Avast): BeRoEXE, UPX
packers (Kaspersky): BeRo, PE_Patch.UPX, UPX, PE_Patch.MaskPE
packers (F-Prot): BeRo

ATENŢIE: VirusTotal este un serviciu gratuit oferit de Hispasec Sistemas. Nu există nici o garanţie asupra disponibilităţii şi continuităţii acestui serviciu. Deşi rata de detecţie oferită de folosirea mai multor motoare antivirus este mult superioară aceleia oferite de un singur produs, aceste rezultate NU garantează faptul că un fişier nu este infectat. Momentan, nu există nici o soluţie care să ofere o rată de detecţie de 100% pentru viruşi şi alte ameninţări informatice.


	VirusTotal este un serviciu care analizează fişierele suspecte şi facilitează detecţia rapidă a viruşilor, troienilor şi a tuturor ameninţărilor informatice detectate de motoarele antivirus. Mai multe informaţii...

VirusTotal este un serviciu care analizează fişierele suspecte şi facilitează detecţia rapidă a viruşilor, troienilor şi a tuturor ameninţărilor informatice detectate de motoarele antivirus. Mai multe informaţii...