反病毒引擎 版本 最后更新 扫描结果
a-squared 4.0.0.73 2009.01.10 Trojan-Dropper.Win32.Flystud!IK
AntiVir 7.9.0.54 2009.01.09 TR/Dropper.Gen
Authentium 5.1.0.4 2009.01.10 W32/Nuj.A.gen!Eldorado
AVG 8.0.0.229 2009.01.09 SHeur2.FTU
BitDefender 7.2 2009.01.10 Trojan.AgentMB.YUDN3731763
F-Prot 4.4.4.56 2009.01.09 W32/Nuj.A.gen!Eldorado
GData 19 2009.01.10 Trojan.AgentMB.YUDN3731763
Ikarus T3.1.1.45.0 2009.01.10 Trojan-Dropper.Win32.Flystud
McRising 21.11.52.00 2009.01.10 Worm.Win32.Autorun.eyr
SecureWeb-Gateway 6.7.6 2009.01.10 Trojan.Dropper.Gen
附加信息
File size: 1403479 bytes
MD5...: 6044447ed77f107556566edba75c0979
SHA1..: 29353a44aa841b5a1b36c9b2324e8634b09d62e7
SHA256: 63c75abdf03b8417a26caee545082935902112a7fab38645b50b32d8d5fe621e
SHA512: 3bbd722896e376b2364746ba3baeccf32785cdd36fab833a2c93548ab875abf2
2b13c1340ac89ef08bfe667a92cb0e9586968146cbc7f8c4323f76cd75545e70
ssdeep: 24576:fU5HaYmzj2oo7xsAW7+gZEcRVTmUnhI0kZzpU/:ft1XUlstCsEcrmUnmrf
A
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40140b
timedatestamp.....: 0x59bffa3 (Mon Dec 25 05:33:23 1972)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x51ec 0x6000 7.01 9ab0af70f25e061492aff44ac856f6be
.rdata 0x7000 0xa4a 0x1000 3.58 367b7ce38d0c4c17f01e370dc697df5b
.data 0x8000 0x1f58 0x2000 4.61 e206116d39577d02a11bc0a12d9e8956
.data 0xa000 0x65000 0x65000 7.99 24134e003084d6408b63b9ab703e9466
.rsrc 0x6f000 0x3bf0 0x4000 3.40 825a8015620dc174a1747b2d60c4feb4
( 2 imports )
> KERNEL32.dll: GetProcAddress, LoadLibraryA, CloseHandle, WriteFile, CreateDirectoryA, GetTempPathA, ReadFile, SetFilePointer, CreateFileA, GetModuleFileNameA, GetStringTypeA, LCMapStringW, LCMapStringA, HeapAlloc, HeapFree, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, RtlUnwind, GetCPInfo, GetACP, GetOEMCP, MultiByteToWideChar, GetStringTypeW
> USER32.dll: MessageBoxA, wsprintfA
( 0 exports )
建立相同的文件名,格式化,删除文件,在运行里面上删除都不行
这些是网上病毒的分析,10/37个病毒
请提出实用的回答
|