Srpski | Македонски | العربية | Suomi | ihMdI | 
| עברית | 
| Slovenščina | Dansk | Русский | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | 
| 
| Magyar | Deutsch | Česky | Polski | Español | English
| עברית | | Slovenščina | Dansk | Русский | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
|
VirusTotal este un serviciu care analizează fişierele suspecte şi facilitează detecţia rapidă a viruşilor, troienilor şi a tuturor ameninţărilor informatice detectate de motoarele antivirus. Mai multe informaţii... |
Fişier bad.exe primit la data de 2008.07.17 04:38:24 (UTC)
Status actual: încheiat
Status actual: încheiat
Rezultat: 21/33 (63.64%)
| Antivirus | Versiune | Ultima actualizare | Rezultat |
|---|---|---|---|
| AhnLab-V3 | 2008.7.17.0 | 2008.07.16 | - |
| AntiVir | 7.8.0.68 | 2008.07.16 | TR/Crypt.FKM.Gen |
| Authentium | 5.1.0.4 | 2008.07.16 | - |
| Avast | 4.8.1195.0 | 2008.07.17 | Win32:Agent-GPS |
| AVG | 7.5.0.516 | 2008.07.16 | Agent.YJZ |
| BitDefender | 7.2 | 2008.07.17 | DeepScan:Generic.Malware.FBldld.526CB581 |
| CAT-QuickHeal | 9.50 | 2008.07.16 | - |
| ClamAV | 0.93.1 | 2008.07.17 | - |
| DrWeb | 4.44.0.09170 | 2008.07.16 | Trojan.Spambot.origin |
| eSafe | 7.0.17.0 | 2008.07.16 | Suspicious File |
| eTrust-Vet | 31.6.5961 | 2008.07.17 | Win32/Danmec!generic |
| Ewido | 4.0 | 2008.07.16 | - |
| F-Prot | 4.4.4.56 | 2008.07.16 | - |
| F-Secure | 7.60.13501.0 | 2008.07.17 | W32/Malware |
| Fortinet | 3.14.0.0 | 2008.07.17 | PossibleThreat |
| GData | 2.0.7306.1023 | 2008.07.17 | Win32:Agent-GPS |
| Ikarus | T3.1.1.26.0 | 2008.07.17 | Virus.Win32.Agent.GPS |
| Kaspersky | 7.0.0.125 | 2008.07.17 | Backdoor.Win32.Agent.mnl |
| McAfee | 5340 | 2008.07.16 | - |
| Microsoft | 1.3704 | 2008.07.17 | Backdoor:Win32/Agent.ACG |
| NOD32v2 | 3274 | 2008.07.17 | probably a variant of Win32/Agent.NEQ |
| Norman | 5.80.02 | 2008.07.16 | W32/Malware |
| Panda | 9.0.0.4 | 2008.07.16 | - |
| Prevx1 | V2 | 2008.07.17 | - |
| Rising | 20.53.22.00 | 2008.07.16 | - |
| Sophos | 4.31.0 | 2008.07.17 | Sus/Behav-1021 |
| Sunbelt | 3.1.1536.1 | 2008.07.15 | - |
| Symantec | 10 | 2008.07.17 | Trojan.Asprox |
| TheHacker | 6.2.96.381 | 2008.07.16 | - |
| TrendMicro | 8.700.0.1004 | 2008.07.17 | Possible_Asprox |
| VBA32 | 3.12.8.0 | 2008.07.17 | suspected of Trojan-PSW.Pinch.12 (paranoid heuristics) |
| VirusBuster | 4.5.11.0 | 2008.07.16 | Trojan.Damnec.Gen |
| Webwasher-Gateway | 6.6.2 | 2008.07.17 | Trojan.Crypt.FKM.Gen |
| Informaţii suplimentare |
|---|
| File size: 52224 bytes |
| MD5...: d394efd063619cd1fb77f11d7eae9199 |
| SHA1..: f31ff3b49b14d6e9f76d9265fcc95eae6fd7d4cc |
| SHA256: fbf24a0c258514fffe2fce0597fc60e8b9c247a683a68001bbaa5ad09e2034ef |
| SHA512: fce348cda438d3efff1dec87b1167713ae889180dbf5f40209a739fe9cdadb39 e679b70d216ef39967c4ba0edf86fc1000b957ac3bfc84592134226fec3c1c6f |
| PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x421ef0 timedatestamp.....: 0x487ba459 (Mon Jul 14 19:09:13 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x15000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x16000 0xd000 0xc200 7.92 0f5bf6aaaea80821607dd5b9cb4ab742 .rsrc 0x23000 0x1000 0x600 2.99 0b20e20aa9fc33e446bcd76b5ddf0247 ( 2 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess > MSVCRT.dll: free ( 0 exports ) |
| Norman Sandbox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 52224 bytes. [ Changes to filesystem ] * Deletes file C:\WINDOWS\lg32.txt. * Creates file C:\WINDOWS\TEMP\~1999.tmp. * Deletes file C:\WINDOWS\ws386.ini. * Creates file C:\WINDOWS\ws386.ini. * Deletes file C:\WINDOWS\TEMP\~1999.tmp. * Creates file C:\WINDOWS\db32.txt. * Deletes file C:\WINDOWS\system32\aspimgr.exe. * Creates file C:\WINDOWS\system32\aspimgr.exe. * Creates file C:\WINDOWS\TEMP\_check32.bat. * Deletes file \"c:\sample.exe\". * Creates file C:\WINDOWS\TEMP\~1919.tmp. * Deletes file C:\WINDOWS\TEMP\~1919.tmp. * Creates file C:\WINDOWS\s32.txt. [ Changes to registry ] * Accesses Registry key \"HKCU\SOFTWARE\Far\Plugins\FTP\Hosts\". * Creates key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Sets value \"ImagePath\"=\"C:\WINDOWS\system32\aspimgr.exe\" in key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Sets value \"DisplayName\"=\"Microsoft ASPI Manager\" in key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Accesses Registry key \"HKLM\Software\Microsoft\Sft\". * Creates key \"HKLM\Software\Microsoft\Sft\". * Sets value \"default\"=\"{00000000-0000-0000-0000-00003F000F00}\" in key \"HKLM\Software\Microsoft\Sft\". [ Network services ] * Connects to \"ns.uk2.net\" on port 53 (IP). * Connects to \"www.yahoo.com\" on port 80 (IP). * Connects to \"www.web.de\" on port 80 (IP). * Connects to \"FAKE\" on port 4660 (IP). * Sets up a HTTP server on port 80. [ Security issues ] * Possible backdoor functionality [HTTP] port 80. [ Process/window information ] * Attempts to access service \"aspimgr\". * Creates service \"aspimgr (Microsoft ASPI Manager)\" as \"C:\WINDOWS\system32\aspimgr.exe\". * Creates process \"aspimgr.exe\". * Attemps to open C:\WINDOWS\TEMP\_check32.bat NULL. * Creates process \"CMD.EXE\". |
| packers (Kaspersky): PE_Patch.UPX, UPX |
| packers (F-Prot): UPX |
| packers (Avast): UPX |
ATENŢIE:
VirusTotal este un serviciu gratuit oferit de Hispasec Sistemas. Nu există nici o garanţie asupra disponibilităţii şi continuităţii acestui serviciu. Deşi rata de detecţie oferită de folosirea mai multor motoare antivirus este mult superioară aceleia oferite de un singur produs, aceste rezultate NU garantează faptul că un fişier nu este infectat. Momentan, nu există nici o soluţie care să ofere o rată de detecţie de 100% pentru viruşi şi alte ameninţări informatice.
