Srpski | Македонски | العربية | Suomi | ihMdI | 
| עברית | 
| Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | 
| 
| Magyar | Deutsch | Česky | Polski | Español | English
| עברית | | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Français | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
|
VirusTotal je servis, ki analizira sumljive datoteke in omogoča hitro prepoznavanje virusov, črvov, trojanov in vseh ostalih zlonamernih programov katere prepoznajo antivirusni programi. Več informacij... |
Datoteka bad.exe prejeto 2008.07.17 04:38:24 (UTC)
Trenutni status: končano
Trenutni status: končano
Rezultati: 21/33 (63.64%)
| Antivirus | Verzija | Zadnja posodobitev | Rezultat |
|---|---|---|---|
| AhnLab-V3 | 2008.7.17.0 | 2008.07.16 | - |
| AntiVir | 7.8.0.68 | 2008.07.16 | TR/Crypt.FKM.Gen |
| Authentium | 5.1.0.4 | 2008.07.16 | - |
| Avast | 4.8.1195.0 | 2008.07.17 | Win32:Agent-GPS |
| AVG | 7.5.0.516 | 2008.07.16 | Agent.YJZ |
| BitDefender | 7.2 | 2008.07.17 | DeepScan:Generic.Malware.FBldld.526CB581 |
| CAT-QuickHeal | 9.50 | 2008.07.16 | - |
| ClamAV | 0.93.1 | 2008.07.17 | - |
| DrWeb | 4.44.0.09170 | 2008.07.16 | Trojan.Spambot.origin |
| eSafe | 7.0.17.0 | 2008.07.16 | Suspicious File |
| eTrust-Vet | 31.6.5961 | 2008.07.17 | Win32/Danmec!generic |
| Ewido | 4.0 | 2008.07.16 | - |
| F-Prot | 4.4.4.56 | 2008.07.16 | - |
| F-Secure | 7.60.13501.0 | 2008.07.17 | W32/Malware |
| Fortinet | 3.14.0.0 | 2008.07.17 | PossibleThreat |
| GData | 2.0.7306.1023 | 2008.07.17 | Win32:Agent-GPS |
| Ikarus | T3.1.1.26.0 | 2008.07.17 | Virus.Win32.Agent.GPS |
| Kaspersky | 7.0.0.125 | 2008.07.17 | Backdoor.Win32.Agent.mnl |
| McAfee | 5340 | 2008.07.16 | - |
| Microsoft | 1.3704 | 2008.07.17 | Backdoor:Win32/Agent.ACG |
| NOD32v2 | 3274 | 2008.07.17 | probably a variant of Win32/Agent.NEQ |
| Norman | 5.80.02 | 2008.07.16 | W32/Malware |
| Panda | 9.0.0.4 | 2008.07.16 | - |
| Prevx1 | V2 | 2008.07.17 | - |
| Rising | 20.53.22.00 | 2008.07.16 | - |
| Sophos | 4.31.0 | 2008.07.17 | Sus/Behav-1021 |
| Sunbelt | 3.1.1536.1 | 2008.07.15 | - |
| Symantec | 10 | 2008.07.17 | Trojan.Asprox |
| TheHacker | 6.2.96.381 | 2008.07.16 | - |
| TrendMicro | 8.700.0.1004 | 2008.07.17 | Possible_Asprox |
| VBA32 | 3.12.8.0 | 2008.07.17 | suspected of Trojan-PSW.Pinch.12 (paranoid heuristics) |
| VirusBuster | 4.5.11.0 | 2008.07.16 | Trojan.Damnec.Gen |
| Webwasher-Gateway | 6.6.2 | 2008.07.17 | Trojan.Crypt.FKM.Gen |
| Dodatne informacije |
|---|
| File size: 52224 bytes |
| MD5...: d394efd063619cd1fb77f11d7eae9199 |
| SHA1..: f31ff3b49b14d6e9f76d9265fcc95eae6fd7d4cc |
| SHA256: fbf24a0c258514fffe2fce0597fc60e8b9c247a683a68001bbaa5ad09e2034ef |
| SHA512: fce348cda438d3efff1dec87b1167713ae889180dbf5f40209a739fe9cdadb39 e679b70d216ef39967c4ba0edf86fc1000b957ac3bfc84592134226fec3c1c6f |
| PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x421ef0 timedatestamp.....: 0x487ba459 (Mon Jul 14 19:09:13 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x15000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x16000 0xd000 0xc200 7.92 0f5bf6aaaea80821607dd5b9cb4ab742 .rsrc 0x23000 0x1000 0x600 2.99 0b20e20aa9fc33e446bcd76b5ddf0247 ( 2 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess > MSVCRT.dll: free ( 0 exports ) |
| Norman Sandbox: [ General information ] * **IMPORTANT: PLEASE SEND THE SCANNED FILE TO: ANALYSIS@NORMAN.NO - REMEMBER TO ENCRYPT IT (E.G. ZIP WITH PASSWORD)**. * File length: 52224 bytes. [ Changes to filesystem ] * Deletes file C:\WINDOWS\lg32.txt. * Creates file C:\WINDOWS\TEMP\~1999.tmp. * Deletes file C:\WINDOWS\ws386.ini. * Creates file C:\WINDOWS\ws386.ini. * Deletes file C:\WINDOWS\TEMP\~1999.tmp. * Creates file C:\WINDOWS\db32.txt. * Deletes file C:\WINDOWS\system32\aspimgr.exe. * Creates file C:\WINDOWS\system32\aspimgr.exe. * Creates file C:\WINDOWS\TEMP\_check32.bat. * Deletes file \"c:\sample.exe\". * Creates file C:\WINDOWS\TEMP\~1919.tmp. * Deletes file C:\WINDOWS\TEMP\~1919.tmp. * Creates file C:\WINDOWS\s32.txt. [ Changes to registry ] * Accesses Registry key \"HKCU\SOFTWARE\Far\Plugins\FTP\Hosts\". * Creates key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Sets value \"ImagePath\"=\"C:\WINDOWS\system32\aspimgr.exe\" in key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Sets value \"DisplayName\"=\"Microsoft ASPI Manager\" in key \"HKLM\System\CurrentControlSet\Services\aspimgr\". * Accesses Registry key \"HKLM\Software\Microsoft\Sft\". * Creates key \"HKLM\Software\Microsoft\Sft\". * Sets value \"default\"=\"{00000000-0000-0000-0000-00003F000F00}\" in key \"HKLM\Software\Microsoft\Sft\". [ Network services ] * Connects to \"ns.uk2.net\" on port 53 (IP). * Connects to \"www.yahoo.com\" on port 80 (IP). * Connects to \"www.web.de\" on port 80 (IP). * Connects to \"FAKE\" on port 4660 (IP). * Sets up a HTTP server on port 80. [ Security issues ] * Possible backdoor functionality [HTTP] port 80. [ Process/window information ] * Attempts to access service \"aspimgr\". * Creates service \"aspimgr (Microsoft ASPI Manager)\" as \"C:\WINDOWS\system32\aspimgr.exe\". * Creates process \"aspimgr.exe\". * Attemps to open C:\WINDOWS\TEMP\_check32.bat NULL. * Creates process \"CMD.EXE\". |
| packers (Kaspersky): PE_Patch.UPX, UPX |
| packers (F-Prot): UPX |
| packers (Avast): UPX |
POZOR:
VirusTotal je brezplačen servis, ki ga ponuja Hispasec Sistemas. Ni nobenih zagotovil glede razpoložljivosti in stalnosti tega servisa. čeprav je stopnja prepoznavanja nevarnih datotek zaradi uporabe večjega števila antivirusnih programov veliko boljša, kot v primeru uporabe samo enega antivirusnega programa, ti rezultati vseeno NE zagotavljajo varnosti uporabe pregledanih datotek. Trenutno ne obstaja nobena taka rešitev, ki bi nudila 100% učinkovitost pri prepoznavanju virusov in ostalih zlonamernih programov.
