пятница, 25 мая 2012 г.
167888a67a211cc9ecd43887f23d7146
FileName: 399360_167888a67a211cc9ecd43887f23d7146.exe
Size : 399360
Md5 : 167888a67a211cc9ecd43887f23d7146
PEiD : None
Virus Total Result:
NOD32 -> a variant of Win32/Kryptik.AFYH
Norman -> W32/Injector.AOHR
ClamAV -> W32.Suspect.Trojan.FakeAV
BitDefender -> Gen:Variant.Kazy.72507
F-Secure -> Gen:Variant.Kazy.72521
Sophos -> Mal/FakeAV-OY
GData -> Gen:Variant.Kazy.72507
FileInfo:
----------DOS_HEADER----------
[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x50
0x4 0x4 e_cp: 0x2
0x6 0x6 e_crlc: 0x0
0x8 0x8 e_cparhdr: 0x4
0xA 0xA e_minalloc: 0xF
0xC 0xC e_maxalloc: 0xFFFF
0xE 0xE e_ss: 0x0
0x10 0x10 e_sp: 0xB8
0x12 0x12 e_csum: 0x0
0x14 0x14 e_ip: 0x0
0x16 0x16 e_cs: 0x0
0x18 0x18 e_lfarlc: 0x40
0x1A 0x1A e_ovno: 0x1A
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0x0
0x26 0x26 e_oeminfo: 0x0
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0x7C
----------NT_HEADERS----------
[IMAGE_NT_HEADERS]
0x7C 0x0 Signature: 0x4550
----------FILE_HEADER----------
[IMAGE_FILE_HEADER]
0x80 0x0 Machine: 0x14C
0x82 0x2 NumberOfSections: 0x4
0x84 0x4 TimeDateStamp: 0x4EA70F40 [Tue Oct 25 19:34:24 2011 UTC]
0x88 0x8 PointerToSymbolTable: 0x0
0x8C 0xC NumberOfSymbols: 0x0
0x90 0x10 SizeOfOptionalHeader: 0xE0
0x92 0x12 Characteristics: 0x10F
Flags: IMAGE_FILE_LOCAL_SYMS_STRIPPED, IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE, IMAGE_FILE_LINE_NUMS_STRIPPED, IMAGE_FILE_RELOCS_STRIPPED
----------OPTIONAL_HEADER----------
[IMAGE_OPTIONAL_HEADER]
0x94 0x0 Magic: 0x10B
0x96 0x2 MajorLinkerVersion: 0xA
0x97 0x3 MinorLinkerVersion: 0x0
0x98 0x4 SizeOfCode: 0x1C00
0x9C 0x8 SizeOfInitializedData: 0x5F800
0xA0 0xC SizeOfUninitializedData: 0x0
0xA4 0x10 AddressOfEntryPoint: 0x1CF8
0xA8 0x14 BaseOfCode: 0x1000
0xAC 0x18 BaseOfData: 0x3000
0xB0 0x1C ImageBase: 0x410000
0xB4 0x20 SectionAlignment: 0x1000
0xB8 0x24 FileAlignment: 0x200
0xBC 0x28 MajorOperatingSystemVersion: 0x4
0xBE 0x2A MinorOperatingSystemVersion: 0x0
0xC0 0x2C MajorImageVersion: 0x0
0xC2 0x2E MinorImageVersion: 0x0
0xC4 0x30 MajorSubsystemVersion: 0x4
0xC6 0x32 MinorSubsystemVersion: 0x0
0xC8 0x34 Reserved1: 0x0
0xCC 0x38 SizeOfImage: 0xC8000
0xD0 0x3C SizeOfHeaders: 0x1000
0xD4 0x40 CheckSum: 0x68725
0xD8 0x44 Subsystem: 0x2
0xDA 0x46 DllCharacteristics: 0x0
0xDC 0x48 SizeOfStackReserve: 0x100000
0xE0 0x4C SizeOfStackCommit: 0x1000
0xE4 0x50 SizeOfHeapReserve: 0x100000
0xE8 0x54 SizeOfHeapCommit: 0x1000
0xEC 0x58 LoaderFlags: 0x0
0xF0 0x5C NumberOfRvaAndSizes: 0x10
DllCharacteristics:
----------PE Sections----------
[IMAGE_SECTION_HEADER]
0x174 0x0 Name: .text
0x17C 0x8 Misc: 0x1AF8
0x17C 0x8 Misc_PhysicalAddress: 0x1AF8
0x17C 0x8 Misc_VirtualSize: 0x1AF8
0x180 0xC VirtualAddress: 0x1000
0x184 0x10 SizeOfRawData: 0x1C00
0x188 0x14 PointerToRawData: 0x400
0x18C 0x18 PointerToRelocations: 0x0
0x190 0x1C PointerToLinenumbers: 0x0
0x194 0x20 NumberOfRelocations: 0x0
0x196 0x22 NumberOfLinenumbers: 0x0
0x198 0x24 Characteristics: 0x60000020
Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Entropy: 3.652401 (Min=0.0, Max=8.0)
MD5 hash: 46bf448ceb99957ffb71c7bb8b2f0e7c
SHA-1 hash: 535f549873751100d1ecad74e53741803d6cef46
SHA-256 hash: 31a92774dd3f5b96197c9419f4a37a824655df526a97335df94be0078d07fa72
SHA-512 hash: f895c247f39e425e2e48cf262ef937e42fc097bee33ba8117aadd523c71065c1605b8db953a234fbad9921cabb9ad9897d96d1b9a9cae320f58990699805830b
[IMAGE_SECTION_HEADER]
0x19C 0x0 Name: .rdata
0x1A4 0x8 Misc: 0x65000
0x1A4 0x8 Misc_PhysicalAddress: 0x65000
0x1A4 0x8 Misc_VirtualSize: 0x65000
0x1A8 0xC VirtualAddress: 0x3000
0x1AC 0x10 SizeOfRawData: 0x600
0x1B0 0x14 PointerToRawData: 0x2000
0x1B4 0x18 PointerToRelocations: 0x0
0x1B8 0x1C PointerToLinenumbers: 0x0
0x1BC 0x20 NumberOfRelocations: 0x0
0x1BE 0x22 NumberOfLinenumbers: 0x0
0x1C0 0x24 Characteristics: 0xC0000040
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 3.832506 (Min=0.0, Max=8.0)
MD5 hash: bcf5976f3fa08317ee905442c8beb3b5
SHA-1 hash: 4a2d4ee2a3123e100ff391dedddad4225d764515
SHA-256 hash: a7172bc5a1fde2e5a64148534a4704aef3c83be8cfe386f186c0aafc8b38fd87
SHA-512 hash: d541030e734412283500742560467a4f6ee069e6011703305debf5b3a8cb9bd12113b9a6e30b5a32045da373928fac9e2e2c3119cf00558a72865f7ad9b81e07
[IMAGE_SECTION_HEADER]
0x1C4 0x0 Name: .data
0x1CC 0x8 Misc: 0x5B000
0x1CC 0x8 Misc_PhysicalAddress: 0x5B000
0x1CC 0x8 Misc_VirtualSize: 0x5B000
0x1D0 0xC VirtualAddress: 0x68000
0x1D4 0x10 SizeOfRawData: 0x5AE00
0x1D8 0x14 PointerToRawData: 0x2600
0x1DC 0x18 PointerToRelocations: 0x0
0x1E0 0x1C PointerToLinenumbers: 0x0
0x1E4 0x20 NumberOfRelocations: 0x0
0x1E6 0x22 NumberOfLinenumbers: 0x0
0x1E8 0x24 Characteristics: 0xC0000040
Flags: IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 7.833041 (Min=0.0, Max=8.0)
MD5 hash: 8acd57c0e2534f8a456a2c2aebfd149a
SHA-1 hash: 64a731e8dea961d609588b1ac69bda861f0abc2a
SHA-256 hash: 2f4243f42a5fa199428789955284ba4fda124db602a37f386f9258603c870ab0
SHA-512 hash: 90ed52167af35806662d29303f4347184f5312f239732227b841e59f16506c94e3e1767394af83443204706d2e75c26fb4ad5748157fc81acefde37515adc01f
[IMAGE_SECTION_HEADER]
0x1EC 0x0 Name: .rsrc
0x1F4 0x8 Misc: 0x4335
0x1F4 0x8 Misc_PhysicalAddress: 0x4335
0x1F4 0x8 Misc_VirtualSize: 0x4335
0x1F8 0xC VirtualAddress: 0xC3000
0x1FC 0x10 SizeOfRawData: 0x4400
0x200 0x14 PointerToRawData: 0x5D400
0x204 0x18 PointerToRelocations: 0x0
0x208 0x1C PointerToLinenumbers: 0x0
0x20C 0x20 NumberOfRelocations: 0x0
0x20E 0x22 NumberOfLinenumbers: 0x0
0x210 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 5.503362 (Min=0.0, Max=8.0)
MD5 hash: b446dd9ef5279c94ccbaee74cc5c0628
SHA-1 hash: 91d53184b3cb647c348da2f3bca015dedcff921a
SHA-256 hash: 4fa75023c46adabe4f30db684068f418e6cbd5eca757817d01222a56266d123f
SHA-512 hash: 779fb6232bfe82efc542c61d9744da8b9d6c127d72fc5d32a11127828b80d9c59763615d20528c64c7ec25807b631c73e9fa54b53427fd18bcc3fae848b19690
----------Directories----------
[IMAGE_DIRECTORY_ENTRY_EXPORT]
0xF4 0x0 VirtualAddress: 0x0
0xF8 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0xFC 0x0 VirtualAddress: 0x30AC
0x100 0x4 Size: 0x64
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x104 0x0 VirtualAddress: 0xC3000
0x108 0x4 Size: 0x4335
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x10C 0x0 VirtualAddress: 0x0
0x110 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x114 0x0 VirtualAddress: 0x0
0x118 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x11C 0x0 VirtualAddress: 0x0
0x120 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_DEBUG]
0x124 0x0 VirtualAddress: 0x0
0x128 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]
0x12C 0x0 VirtualAddress: 0x0
0x130 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
0x134 0x0 VirtualAddress: 0x0
0x138 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_TLS]
0x13C 0x0 VirtualAddress: 0x0
0x140 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
0x144 0x0 VirtualAddress: 0x0
0x148 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
0x14C 0x0 VirtualAddress: 0x0
0x150 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IAT]
0x154 0x0 VirtualAddress: 0x2404
0x158 0x4 Size: 0xAC
[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
0x15C 0x0 VirtualAddress: 0x0
0x160 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
0x164 0x0 VirtualAddress: 0x0
0x168 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_RESERVED]
0x16C 0x0 VirtualAddress: 0x0
0x170 0x4 Size: 0x0
----------Imported symbols----------
[IMAGE_IMPORT_DESCRIPTOR]
0x20AC 0x0 OriginalFirstThunk: 0x3110
0x20AC 0x0 Characteristics: 0x3110
0x20B0 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x20B4 0x8 ForwarderChain: 0x0
0x20B8 0xC Name: 0x32FA
0x20BC 0x10 FirstThunk: 0x3000
KERNEL32.dll.GlobalUnlock Hint[711]
KERNEL32.dll.GetCurrentDirectoryA Hint[448]
KERNEL32.dll.lstrcpyA Hint[1352]
KERNEL32.dll.FindResourceW Hint[334]
KERNEL32.dll.GetCurrentThreadId Hint[455]
KERNEL32.dll.SetLastError Hint[1140]
KERNEL32.dll.GetCommandLineA Hint[392]
KERNEL32.dll.lstrlenA Hint[1358]
KERNEL32.dll.PulseEvent Hint[923]
KERNEL32.dll.CloseHandle Hint[84]
KERNEL32.dll.GetModuleHandleA Hint[375]
KERNEL32.dll.LocalFree Hint[841]
KERNEL32.dll.Sleep Hint[1203]
KERNEL32.dll.LoadLibraryExW Hint[829]
KERNEL32.dll.CreateFileW Hint[141]
KERNEL32.dll.GetComputerNameA Hint[398]
KERNEL32.dll.FindClose Hint[304]
KERNEL32.dll.UnmapViewOfFile Hint[1239]
KERNEL32.dll.CreateProcessA Hint[166]
KERNEL32.dll.HeapCreate Hint[1265]
[IMAGE_IMPORT_DESCRIPTOR]
0x20C0 0x0 OriginalFirstThunk: 0x3164
0x20C0 0x0 Characteristics: 0x3164
0x20C4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x20C8 0x8 ForwarderChain: 0x0
0x20CC 0xC Name: 0x33C4
0x20D0 0x10 FirstThunk: 0x3054
USER32.dll.CheckRadioButton Hint[1574]
USER32.dll.GetDC Hint[1798]
USER32.dll.CreateIcon Hint[1609]
USER32.dll.FillRect Hint[1755]
USER32.dll.GetDlgItem Hint[1804]
USER32.dll.GetCaretPos Hint[1775]
USER32.dll.CreateWindowExA Hint[1618]
USER32.dll.SetFocus Hint[1809]
USER32.dll.IsWindow Hint[1984]
USER32.dll.DispatchMessageA Hint[1683]
USER32.dll.DrawMenuBar Hint[1710]
USER32.dll.DrawEdge Hint[1704]
USER32.dll.CallWindowProcA Hint[1531]
[IMAGE_IMPORT_DESCRIPTOR]
0x20D4 0x0 OriginalFirstThunk: 0x319C
0x20D4 0x0 Characteristics: 0x319C
0x20D8 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x20DC 0x8 ForwarderChain: 0x0
0x20E0 0xC Name: 0x3412
0x20E4 0x10 FirstThunk: 0x308C
RSAENH.dll.CPHashData Hint[17]
RSAENH.dll.CPSignHash Hint[27]
RSAENH.dll.CPGenKey Hint[11]
RSAENH.dll.CPDeriveKey Hint[4]
RSAENH.dll.CPDecrypt Hint[3]
[IMAGE_IMPORT_DESCRIPTOR]
0x20E8 0x0 OriginalFirstThunk: 0x31B4
0x20E8 0x0 Characteristics: 0x31B4
0x20EC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x20F0 0x8 ForwarderChain: 0x0
0x20F4 0xC Name: 0x3430
0x20F8 0x10 FirstThunk: 0x30A4
MSASN1.dll.ASN1BERDecEoid Hint[16]
----------Resource directory----------
[IMAGE_RESOURCE_DIRECTORY]
0x5D400 0x0 Characteristics: 0x0
0x5D404 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x5D408 0x8 MajorVersion: 0x0
0x5D40A 0xA MinorVersion: 0x0
0x5D40C 0xC NumberOfNamedEntries: 0x0
0x5D40E 0xE NumberOfIdEntries: 0x2
Id: [0x3] (RT_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x5D410 0x0 Name: 0x3
0x5D414 0x4 OffsetToData: 0x80000028
[IMAGE_RESOURCE_DIRECTORY]
0x5D428 0x0 Characteristics: 0x0
0x5D42C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x5D430 0x8 MajorVersion: 0x0
0x5D432 0xA MinorVersion: 0x0
0x5D434 0xC NumberOfNamedEntries: 0x0
0x5D436 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x5D438 0x0 Name: 0x1
0x5D43C 0x4 OffsetToData: 0x80000070
[IMAGE_RESOURCE_DIRECTORY]
0x5D470 0x0 Characteristics: 0x0
0x5D474 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x5D478 0x8 MajorVersion: 0x0
0x5D47A 0xA MinorVersion: 0x0
0x5D47C 0xC NumberOfNamedEntries: 0x0
0x5D47E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x5D480 0x0 Name: 0x409
0x5D484 0x4 OffsetToData: 0xC8
[IMAGE_RESOURCE_DATA_ENTRY]
0x5D4C8 0x0 OffsetToData: 0xC30F8
0x5D4CC 0x4 Size: 0x4228
0x5D4D0 0x8 CodePage: 0x0
0x5D4D4 0xC Reserved: 0x0
Id: [0xE] (RT_GROUP_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x5D418 0x0 Name: 0xE
0x5D41C 0x4 OffsetToData: 0x80000040
[IMAGE_RESOURCE_DIRECTORY]
0x5D440 0x0 Characteristics: 0x0
0x5D444 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x5D448 0x8 MajorVersion: 0x0
0x5D44A 0xA MinorVersion: 0x0
0x5D44C 0xC NumberOfNamedEntries: 0x0
0x5D44E 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x5D450 0x0 Name: 0x1
0x5D454 0x4 OffsetToData: 0x80000088
[IMAGE_RESOURCE_DIRECTORY]
0x5D488 0x0 Characteristics: 0x0
0x5D48C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0x5D490 0x8 MajorVersion: 0x0
0x5D492 0xA MinorVersion: 0x0
0x5D494 0xC NumberOfNamedEntries: 0x0
0x5D496 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0x5D498 0x0 Name: 0x409
0x5D49C 0x4 OffsetToData: 0xD8
[IMAGE_RESOURCE_DATA_ENTRY]
0x5D4D8 0x0 OffsetToData: 0xC7320
0x5D4DC 0x4 Size: 0x14
0x5D4E0 0x8 CodePage: 0x0
0x5D4E4 0xC Reserved: 0x0
Подписаться на:
Комментарии к сообщению (Atom)
Комментариев нет:
Отправить комментарий