本报告详细分析了三个可疑文件s.exe、4f4.exe和fh8.dll的安全状况,通过多种反病毒引擎检测发现这些文件中包含多种类型的恶意软件,如木马、广告软件等,并提供了详细的检测结果和文件信息。
文件说明符 : C:/WINDOWS/system32/s.exe
属性 : A--R
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
说明 : Windows Progman Group Converter
版权 : Copyright Zhongsou(C) 2005
产品版本 : 5.1.2600.2180
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
内部名称 : GrpConv
创建时间 : 2008-8-8 12:9:38
修改时间 : 2008-7-26 9:48:34
大小 : 98304 字节 96.0 KB
MD5 : e989fd3e1b34e9beb26c6d9744143b5e
SHA1: BA27F06F5C76B7DD78D80414ADC9DC97E2647BC0
CRC32: 443ca0a9
文件 s.exe 接收于 2008.09.02 07:56:02 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.9.2.0 | 2008.09.02 | - |
| AntiVir | 7.8.1.23 | 2008.09.01 | - |
| Authentium | 5.1.0.4 | 2008.09.02 | - |
| Avast | 4.8.1195.0 | 2008.09.01 | - |
| AVG | 8.0.0.161 | 2008.09.01 | - |
| BitDefender | 7.2 | 2008.09.02 | - |
| CAT-QuickHeal | 9.50 | 2008.08.29 | - |
| ClamAV | 0.93.1 | 2008.09.02 | - |
| DrWeb | 4.44.0.09170 | 2008.09.01 | - |
| eSafe | 7.0.17.0 | 2008.09.01 | - |
| eTrust-Vet | 31.6.6062 | 2008.09.01 | - |
| Ewido | 4.0 | 2008.09.01 | - |
| F-Prot | 4.4.4.56 | 2008.09.02 | - |
| F-Secure | 7.60.13501.0 | 2008.09.02 | - |
| Fortinet | 3.14.0.0 | 2008.09.02 | - |
| GData | 19 | 2008.09.02 | - |
| Ikarus | T3.1.1.34.0 | 2008.09.02 | Trojan.Win32.Jhee.V |
| K7AntiVirus | 7.10.435 | 2008.09.01 | - |
| Kaspersky | 7.0.0.125 | 2008.09.02 | - |
| McAfee | 5374 | 2008.09.01 | - |
| Microsoft | 1.3807 | 2008.09.02 | Trojan:Win32/Jhee.V |
| NOD32v2 | 3406 | 2008.09.02 | - |
| Norman | 5.80.02 | 2008.09.01 | - |
| Panda | 9.0.0.4 | 2008.09.02 | - |
| PCTools | 4.4.2.0 | 2008.09.01 | - |
| Prevx1 | V2 | 2008.09.02 | Malware Downloader |
| Rising | 20.60.02.00 | 2008.09.02 | - |
| Sophos | 4.33.0 | 2008.09.02 | - |
| Sunbelt | 3.1.1592.1 | 2008.08.30 | - |
| Symantec | 10 | 2008.09.02 | - |
| TheHacker | 6.3.0.8.069 | 2008.09.01 | - |
| TrendMicro | 8.700.0.1004 | 2008.09.02 | TROJ_JHEE.BU |
| VBA32 | 3.12.8.4 | 2008.09.01 | - |
| ViRobot | 2008.9.1.1359 | 2008.09.01 | - |
| VirusBuster | 4.5.11.0 | 2008.09.01 | - |
| Webwasher-Gateway | 6.6.2 | 2008.09.01 | - |
| 附加信息 |
|---|
| File size: 98304 bytes |
| MD5...: e989fd3e1b34e9beb26c6d9744143b5e |
| SHA1..: ba27f06f5c76b7dd78d80414adc9dc97e2647bc0 |
| SHA256: 106ab625564ca6909f70cc3e935530043046c5435275f642c48cdf66a2e02a68 |
| SHA512: be682cd2432cf677db5a1511f8626a2f898e12ec56bd0ca438ab4a38aa143bf1 717e21d0aab5f47121e39bfbc88a9dd8ea8c2b0a1dd6e9573c74880fdae52240 |
| PEiD..: Armadillo v1.71 |
| TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40777e timedatestamp.....: 0x488a8272 (Sat Jul 26 01:48:34 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xea15 0xf000 6.56 bc21b827dc08dc0a38b7f037cbacd830 .rdata 0x10000 0x20a0 0x3000 3.53 5d06b741269a1ab50e725000971ad5b4 .data 0x13000 0x5da8 0x4000 1.80 cf3cbe4050c51c06a50c399959f21f72 .rsrc 0x19000 0x3a8 0x1000 1.01 d4e889dabc877175e20b2ef2f4be76dd ( 2 imports ) > KERNEL32.dll: GetModuleHandleA, GetEnvironmentVariableA, SetStdHandle, IsBadCodePtr, IsBadReadPtr, ReadFile, Sleep, GetLastError, GetModuleFileNameA, GetShortPathNameA, CreateProcessA, CreateDirectoryA, LoadLibraryA, GetProcAddress, FreeLibrary, GetWindowsDirectoryA, GetVersionExA, CloseHandle, CreateToolhelp32Snapshot, Process32First, Process32Next, OpenProcess, MultiByteToWideChar, WideCharToMultiByte, RtlUnwind, RaiseException, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, LCMapStringA, LCMapStringW, GetCPInfo, HeapSize, GetACP, GetOEMCP, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, IsBadWritePtr, SetFilePointer, FlushFileBuffers, GetStringTypeA, GetStringTypeW > ADVAPI32.dll: ControlService, RegQueryInfoKeyA, SetServiceStatus, RegisterServiceCtrlHandlerA, StartServiceCtrlDispatcherA, DeleteService, StartServiceA, QueryServiceStatus, CreateServiceA, ChangeServiceConfig2A, RegCreateKeyA, RegSetValueExA, RegCloseKey, OpenSCManagerA, OpenServiceA, CloseServiceHandle, DeregisterEventSource, GetUserNameA, CreateProcessAsUserA, OpenProcessToken ( 0 exports ) |
| Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=09D2F541009E3A18805B016D663C340007832D56 |
| ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=e989fd3e1b34e9beb26c6d9744143b5e |
文件说明符 : C:/WINDOWS/system32/4f4.exe
属性 : ---R
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 7, 0, 6000, 381
说明 : Windows Update Automatic Updates
版权 : Copyright Zhongsou(C) 2005
产品版本 : 7, 0, 6000, 381
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
内部名称 : wuauclt
创建时间 : 2008-8-14 19:39:15
修改时间 : 2008-8-18 9:23:23
大小 : 114688 字节 112.0 KB
MD5 : 7d9d179ed12d26eff1a7c5d2aadc1884
SHA1: 42608AD8247C89CD6C52697AF082FBCA213FA5CC
CRC32: c44ee596
文件 4f4.exe 接收于 2008.09.02 07:51:50 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.9.2.0 | 2008.09.02 | - |
| AntiVir | 7.8.1.23 | 2008.09.01 | - |
| Authentium | 5.1.0.4 | 2008.09.02 | - |
| Avast | 4.8.1195.0 | 2008.09.01 | Win32:Trojan-gen {Other} |
| AVG | 8.0.0.161 | 2008.09.01 | - |
| BitDefender | 7.2 | 2008.09.02 | Trojan.Generic.667569 |
| CAT-QuickHeal | 9.50 | 2008.08.29 | - |
| ClamAV | 0.93.1 | 2008.09.02 | - |
| DrWeb | 4.44.0.09170 | 2008.09.01 | - |
| eSafe | 7.0.17.0 | 2008.09.01 | - |
| eTrust-Vet | 31.6.6062 | 2008.09.01 | - |
| Ewido | 4.0 | 2008.09.01 | - |
| F-Prot | 4.4.4.56 | 2008.09.02 | - |
| F-Secure | 7.60.13501.0 | 2008.09.02 | Trojan.Win32.BHO.gdt |
| Fortinet | 3.14.0.0 | 2008.09.02 | - |
| GData | 19 | 2008.09.02 | Trojan.Win32.BHO.gdt |
| Ikarus | T3.1.1.34.0 | 2008.09.02 | Trojan.Win32.Jhee.V |
| K7AntiVirus | 7.10.435 | 2008.09.01 | - |
| Kaspersky | 7.0.0.125 | 2008.09.02 | Trojan.Win32.BHO.gdt |
| McAfee | 5374 | 2008.09.01 | - |
| Microsoft | 1.3807 | 2008.09.02 | Trojan:Win32/Jhee.V |
| NOD32v2 | 3406 | 2008.09.02 | a variant of Win32/BHO.NCY |
| Norman | 5.80.02 | 2008.09.01 | - |
| Panda | 9.0.0.4 | 2008.09.02 | - |
| PCTools | 4.4.2.0 | 2008.09.01 | - |
| Prevx1 | V2 | 2008.09.02 | Malicious Software |
| Rising | 20.60.02.00 | 2008.09.02 | Trojan.Win32.BHO.fef |
| Sophos | 4.33.0 | 2008.09.02 | - |
| Sunbelt | 3.1.1592.1 | 2008.08.30 | - |
| Symantec | 10 | 2008.09.02 | - |
| TheHacker | 6.3.0.8.069 | 2008.09.01 | - |
| TrendMicro | 8.700.0.1004 | 2008.09.02 | - |
| VBA32 | 3.12.8.4 | 2008.09.01 | - |
| ViRobot | 2008.9.1.1359 | 2008.09.01 | - |
| VirusBuster | 4.5.11.0 | 2008.09.01 | - |
| Webwasher-Gateway | 6.6.2 | 2008.09.01 | - |
| 附加信息 |
|---|
| File size: 114688 bytes |
| MD5...: 7d9d179ed12d26eff1a7c5d2aadc1884 |
| SHA1..: 42608ad8247c89cd6c52697af082fbca213fa5cc |
| SHA256: 923b711004868c4b93fda6ded1c75b05097d0ad7901c18a3b9cf4fac21392c06 |
| SHA512: b7873b2bb3169c353aba5657da10e6685adf71bbfac998f330819ed01684757d c829419cf9105695c7d4aac685a2127868e610e623bc9fba2f31d322dfb9aaff |
| PEiD..: Armadillo v1.71 |
| TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x40d7ce timedatestamp.....: 0x48a8cf0b (Mon Aug 18 01:23:23 2008) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x148a5 0x15000 6.58 9540ea1874c6abf2d0412723de0fd4ef .rdata 0x16000 0x2636 0x3000 3.92 d3825aad0a09cace49691d3fb795bdfa .data 0x19000 0x4068 0x2000 3.46 f23487b12d7926a9080d896434f01aac .rsrc 0x1e000 0x420 0x1000 1.11 7e1601bbdaf4774922a6674fbd7eb714 ( 4 imports ) > KERNEL32.dll: ReadFile, CreateFileA, DeviceIoControl, GetModuleHandleA, lstrlenA, MultiByteToWideChar, WideCharToMultiByte, LocalFree, SetEndOfFile, SetStdHandle, IsBadCodePtr, Sleep, GetLastError, GetModuleFileNameA, CreateDirectoryA, GetFileAttributesA, DeleteFileA, CreateProcessA, WaitForSingleObject, CloseHandle, SetFileAttributesA, CopyFileA, GetPrivateProfileStringA, LoadLibraryA, GetProcAddress, GetVersionExA, FreeLibrary, GetWindowsDirectoryA, IsBadReadPtr, GetStringTypeW, GetStringTypeA, FlushFileBuffers, SetFilePointer, IsBadWritePtr, VirtualAlloc, RtlUnwind, RaiseException, GetCommandLineA, GetVersion, ExitProcess, HeapFree, HeapAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, LCMapStringA, LCMapStringW, GetCPInfo, HeapSize, GetACP, GetOEMCP, SetUnhandledExceptionFilter, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, WriteFile > ADVAPI32.dll: RegisterServiceCtrlHandlerA, RegEnumValueA, SetServiceStatus, StartServiceCtrlDispatcherA, ControlService, DeleteService, StartServiceA, QueryServiceStatus, CreateServiceA, ChangeServiceConfig2A, RegCreateKeyA, RegSetValueExA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, DeregisterEventSource, RegQueryInfoKeyA, RegOpenKeyExA, RegCloseKey > ole32.dll: CoUninitialize, CoGetClassObject, StringFromCLSID, CoInitialize > OLEAUT32.dll: - ( 0 exports ) |
| Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1A741BE600E22A09C07901CE1AE8BF0084B630EB |
文件说明符 : C:/WINDOWS/system32/8g4.dll
属性 : ---R
数字签名:否
PE文件:是
语言 : 英语(美国)
文件版本 : 6, 0, 2900, 3395
说明 : Internet Extensions for Win32
版权 : Copyright 2007
备注 :
产品版本 : 6, 0, 2900, 3395
产品名称 : Microsoft(R) Windows(R) Operating System
公司名称 : Microsoft Corporation
内部名称 : wininet.dll
创建时间 : 2008-8-16 7:28:49
修改时间 : 2008-8-18 9:24:6
大小 : 53248 字节 52.0 KB
MD5 : 8b0f13a77904747fa97c94ca9d385820
SHA1: DEEA688792B17F0963627910AEFCDEEF1C29A93A
CRC32: 5f208cad
文件 8g4.dll 接收于 2008.09.02 08:03:07 (CET) 结果: 7/36 (19.45%)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.9.2.0 | 2008.09.02 | - |
| AntiVir | 7.8.1.23 | 2008.09.01 | ADSPY/Bho.aeu |
| Authentium | 5.1.0.4 | 2008.09.02 | - |
| Avast | 4.8.1195.0 | 2008.09.01 | - |
| AVG | 8.0.0.161 | 2008.09.01 | - |
| BitDefender | 7.2 | 2008.09.02 | Adware.BDSearch.1 |
| CAT-QuickHeal | 9.50 | 2008.08.29 | - |
| ClamAV | 0.93.1 | 2008.09.02 | - |
| DrWeb | 4.44.0.09170 | 2008.09.01 | Adware.Sogou.119 |
| eSafe | 7.0.17.0 | 2008.09.01 | - |
| eTrust-Vet | 31.6.6062 | 2008.09.01 | - |
| Ewido | 4.0 | 2008.09.01 | - |
| F-Prot | 4.4.4.56 | 2008.09.02 | - |
| F-Secure | 7.60.13501.0 | 2008.09.02 | - |
| Fortinet | 3.14.0.0 | 2008.09.02 | - |
| GData | 19 | 2008.09.02 | - |
| Ikarus | T3.1.1.34.0 | 2008.09.02 | AdWare.Bdsearch.1 |
| K7AntiVirus | 7.10.435 | 2008.09.01 | - |
| Kaspersky | 7.0.0.125 | 2008.09.02 | - |
| McAfee | 5374 | 2008.09.01 | - |
| Microsoft | 1.3807 | 2008.09.02 | - |
| NOD32v2 | 3406 | 2008.09.02 | - |
| Norman | 5.80.02 | 2008.09.01 | - |
| Panda | 9.0.0.4 | 2008.09.02 | - |
| PCTools | 4.4.2.0 | 2008.09.01 | Adware.WSearch.O |
| Prevx1 | V2 | 2008.09.02 | - |
| Rising | 20.60.10.00 | 2008.09.02 | - |
| Sophos | 4.33.0 | 2008.09.02 | DesktopMedia |
| Sunbelt | 3.1.1592.1 | 2008.08.30 | - |
| Symantec | 10 | 2008.09.02 | - |
| TheHacker | 6.3.0.8.069 | 2008.09.01 | - |
| TrendMicro | 8.700.0.1004 | 2008.09.02 | - |
| VBA32 | 3.12.8.4 | 2008.09.01 | - |
| ViRobot | 2008.9.1.1359 | 2008.09.01 | - |
| VirusBuster | 4.5.11.0 | 2008.09.01 | - |
| Webwasher-Gateway | 6.6.2 | 2008.09.01 | Ad-Spyware.Bho.aeu |
| 附加信息 |
|---|
| File size: 53248 bytes |
| MD5...: 8b0f13a77904747fa97c94ca9d385820 |
| SHA1..: deea688792b17f0963627910aefcdeef1c29a93a |
| SHA256: 5f98c4e22ab2101045c5f6f50fd03e2b43603b277389ddfeae1b6ab77ab5642d |
| SHA512: e5f314dbe88bdf68a89a4676cd3459abd8b1c88b42e19318f4489b7a4e57bc5b 3fbf105077ec0c123c6732fa5c8292927518bd3791ce3d3f8627f20d66de4c4a |
| PEiD..: Armadillo v1.xx - v2.xx |
| TrID..: File type identification DirectShow filter (52.6%) Windows OCX File (32.2%) Win32 Executable MS Visual C++ (generic) (9.8%) Win32 Executable Generic (2.2%) Win32 Dynamic Link Library (generic) (1.9%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10007153 timedatestamp.....: 0x48a8ced7 (Mon Aug 18 01:22:31 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x6846 0x7000 6.12 bf6c802cab768d06827795f8a039bd62 .rdata 0x8000 0x1f42 0x2000 5.09 70d66633da7462cc773003a3c24c6e86 .data 0xa000 0x2250 0x1000 1.78 24134641bcf54f63f31c909833171a5e .rsrc 0xd000 0xed0 0x1000 4.09 d331bda4646b0bb8d6cc9254ce2dea02 .reloc 0xe000 0xef2 0x1000 5.15 2be4cafb06c52c0d0369dbfad86010c7 ( 8 imports ) > MFC42.DLL: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > MSVCRT.dll: memcmp, strlen, strcpy, memset, _access, realloc, malloc, free, _EH_prolog, strcat, strrchr, strncpy, strncmp, __dllonexit, _onexit, _except_handler3, _terminate@@YAXXZ, _initterm, _adjust_fdiv, __1type_info@@UAE@XZ, __CxxFrameHandler, _purecall, _mbslwr, memcpy, sprintf > KERNEL32.dll: InterlockedDecrement, LocalAlloc, LocalFree, GetModuleHandleA, DeviceIoControl, CreateFileA, CreateDirectoryA, GetTempFileNameA, GetDriveTypeA, SearchPathA, GetFileAttributesA, WaitForSingleObject, SetFileAttributesA, GetVolumeInformationA, OpenMutexA, GetWindowsDirectoryA, GetSystemDirectoryA, CreateProcessA, CloseHandle, GetVersionExA, GetProcessHeap, GetLogicalDrives, lstrcatA, lstrcpyA, LoadLibraryA, GetProcAddress, HeapDestroy, IsDBCSLeadByte, lstrcpynA, lstrcmpiA, LoadLibraryExA, GetLastError, FindResourceA, LoadResource, SizeofResource, FreeLibrary, WideCharToMultiByte, GetShortPathNameA, lstrlenA, MultiByteToWideChar, GetModuleFileNameA, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, InterlockedIncrement, EnterCriticalSection, CopyFileA, lstrlenW > USER32.dll: CharNextA > ADVAPI32.dll: RegEnumValueA, RegCreateKeyExA, RegDeleteValueA, RegCloseKey, RegOpenKeyExA, RegEnumKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegDeleteKeyA, RegCreateKeyA, RegQueryValueA, RegSetValueA, RegSetKeySecurity, RegUnLoadKeyA, RegNotifyChangeKeyValue, CloseServiceHandle, OpenServiceA, OpenSCManagerA, QueryServiceStatus, RegQueryValueExA > ole32.dll: CoTaskMemAlloc, CoTaskMemRealloc, CoCreateInstance, CoTaskMemFree > OLEAUT32.dll: -, -, -, -, -, -, - > MSVCP60.dll: _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __1_Winit@std@@QAE@XZ, __0_Winit@std@@QAE@XZ, __1Init@ios_base@std@@QAE@XZ, __0Init@ios_base@std@@QAE@XZ, _substr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV12@II@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@PBD@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@0@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@0@ABV10@PBD@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z ( 4 exports ) DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer |
文件说明符 : C:/WINDOWS/system32/fh8.dll
属性 : ---R
数字签名:否
PE文件:是
语言 : 中文(中国)
文件版本 : 4, 1, 0, 3936
说明 : MS DTC administrative component
版权 : 版权所有 (C) 2006
产品版本 : 4, 1, 0, 3936
产品名称 : Microsoft Distributed Transaction Coordinator
公司名称 : Microsoft Corporation
内部名称 : msdtcui
创建时间 : 2008-8-16 7:28:49
修改时间 : 2008-8-18 9:24:8
大小 : 679936 字节 664.0 KB
MD5 : 5cc9d394a169a062f7ff5a083e1d2f16
SHA1: DA8F216AFD1A4E61DDD93B447BB697520D0AC697
CRC32: 5e40c01c
文件 fh8.dll 接收于 2008.09.02 08:12:20 (CET) 结果: 20/36 (55.56%)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.9.2.0 | 2008.09.02 | - |
| AntiVir | 7.8.1.23 | 2008.09.01 | TR/Agent.49152 |
| Authentium | 5.1.0.4 | 2008.09.02 | - |
| Avast | 4.8.1195.0 | 2008.09.01 | Win32:Agent-GRW |
| AVG | 8.0.0.161 | 2008.09.01 | Generic_r.D |
| BitDefender | 7.2 | 2008.09.02 | Adware.BDSearch.1 |
| CAT-QuickHeal | 9.50 | 2008.08.29 | AdWare.BHO.cox (Not a Virus) |
| ClamAV | 0.93.1 | 2008.09.02 | - |
| DrWeb | 4.44.0.09170 | 2008.09.01 | Adware.Sogou.120 |
| eSafe | 7.0.17.0 | 2008.09.01 | - |
| eTrust-Vet | 31.6.6062 | 2008.09.01 | - |
| Ewido | 4.0 | 2008.09.01 | - |
| F-Prot | 4.4.4.56 | 2008.09.02 | - |
| F-Secure | 7.60.13501.0 | 2008.09.02 | AdWare.Win32.BHO.cox |
| Fortinet | 3.14.0.0 | 2008.09.02 | Adware/DesktopMedia |
| GData | 19 | 2008.09.02 | Win32:Agent-GRW |
| Ikarus | T3.1.1.34.0 | 2008.09.02 | Virus.Win32.Agent.GRW |
| K7AntiVirus | 7.10.435 | 2008.09.01 | Trojan.Win32.Malware.1 |
| Kaspersky | 7.0.0.125 | 2008.09.02 | not-a-virus:AdWare.Win32.BHO.cox |
| McAfee | 5374 | 2008.09.01 | potentially unwanted program Adware-DesktopMedia |
| Microsoft | 1.3807 | 2008.09.02 | Adware:Win32/Rugo |
| NOD32v2 | 3406 | 2008.09.02 | - |
| Norman | 5.80.02 | 2008.09.01 | - |
| Panda | 9.0.0.4 | 2008.09.02 | - |
| PCTools | 4.4.2.0 | 2008.09.01 | - |
| Prevx1 | V2 | 2008.09.02 | Worm |
| Rising | 20.60.10.00 | 2008.09.02 | AdWare.Win32.Mnless.ahb |
| Sophos | 4.33.0 | 2008.09.02 | - |
| Sunbelt | 3.1.1592.1 | 2008.08.30 | Adware.Bdsearch |
| Symantec | 10 | 2008.09.02 | - |
| TheHacker | 6.3.0.8.069 | 2008.09.01 | - |
| TrendMicro | 8.700.0.1004 | 2008.09.02 | - |
| VBA32 | 3.12.8.4 | 2008.09.01 | AdWare.Win32.BHO.cox |
| ViRobot | 2008.9.1.1359 | 2008.09.01 | Adware.BHO.679936.D |
| VirusBuster | 4.5.11.0 | 2008.09.01 | - |
| Webwasher-Gateway | 6.6.2 | 2008.09.01 | Ad-Spyware.BDSearch.1.45 |
| 附加信息 |
|---|
| File size: 679936 bytes |
| MD5...: 5cc9d394a169a062f7ff5a083e1d2f16 |
| SHA1..: da8f216afd1a4e61ddd93b447bb697520d0ac697 |
| SHA256: f230b2961b14d6f817312d09786e3b8270eb85571e0f6acfff0e6a9aed56f6ab |
| SHA512: d73fbdd486596eda659f1f05e9f532496a02f18625ca4c1801cc18811c88024a 2127f14f1f7d2163749c364f920b729ebedd2704792146bdd1e78e97e1759fbb |
| PEiD..: - |
| TrID..: File type identification Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10044883 timedatestamp.....: 0x48a8ce36 (Mon Aug 18 01:19:50 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x79f76 0x7a000 6.62 daa7ab1749d0349d0d49b08f790012dd .rdata 0x7b000 0xc4ce 0xd000 4.73 470ce27f912cec8a2fb64d136a712951 .data 0x88000 0x52e2c 0xd000 2.61 31fa3a006582c503094bbf1d8a2c44ce .rsrc 0xdb000 0x1258 0x2000 3.01 9f55d89a8fd45e9f03a4f5db7ab987b7 .reloc 0xdd000 0xe674 0xf000 5.83 a465aad81a0719d36866c17035df8794 ( 9 imports ) > WS2_32.dll: -, -, - > ole32.dll: CoTaskMemRealloc, CLSIDFromString, CLSIDFromProgID, CoGetClassObject, OleLockRunning, CoTaskMemAlloc, StringFromGUID2, OleUninitialize, OleInitialize, CreateStreamOnHGlobal, CoCreateInstance, CoUninitialize, CoInitialize, CoTaskMemFree > WININET.dll: InternetOpenA, InternetReadFile, GetUrlCacheEntryInfoA, InternetCrackUrlA, DeleteUrlCacheEntry, InternetConnectA, InternetCloseHandle, HttpOpenRequestA, HttpSendRequestA > urlmon.dll: URLDownloadToFileA > KERNEL32.dll: RaiseException, InitializeCriticalSection, DeleteCriticalSection, GetLocalTime, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, OpenFileMappingA, ReleaseMutex, FlushViewOfFile, WaitForSingleObject, CreateMutexA, FindClose, FindFirstFileA, GetLastError, GetSystemTimeAsFileTime, SetErrorMode, MultiByteToWideChar, GetShortPathNameA, GetTempFileNameA, GetTempPathA, CopyFileA, Sleep, SetFileAttributesA, GetWindowsDirectoryA, DeleteFileA, GetVolumeInformationA, GetSystemDirectoryA, FindNextFileA, lstrcmpA, lstrcatA, lstrcpyA, CreateDirectoryA, GetVersionExA, SetProcessWorkingSetSize, GetCurrentProcess, GetTickCount, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, EnterCriticalSection, LeaveCriticalSection, FlushInstructionCache, HeapFree, GetProcessHeap, HeapAlloc, WideCharToMultiByte, InterlockedDecrement, lstrlenA, GetCurrentThreadId, GlobalUnlock, GlobalLock, GlobalAlloc, lstrlenW, MulDiv, InterlockedIncrement, GetModuleFileNameA, SetEvent, GetModuleHandleA, FreeLibrary, SizeofResource, LoadResource, LoadLibraryExA, lstrcmpiA, lstrcpynA, IsDBCSLeadByte, GetProcAddress, LoadLibraryA, CreateThread, OpenEventA, CreateProcessA, WaitForMultipleObjects, CreateEventA, Module32Next, Module32First, CreateToolhelp32Snapshot, GetCurrentDirectoryA, Process32Next, Process32First, ReadFile, CreateFileA, TerminateProcess, DeviceIoControl, VirtualAlloc, VirtualFree, SetFilePointer, WriteFile, SetEndOfFile, GetStdHandle, QueryPerformanceCounter, HeapSize, GetCurrentProcessId, SetUnhandledExceptionFilter, IsBadWritePtr, HeapCreate, FlushFileBuffers, HeapDestroy, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, GetOEMCP, GetCPInfo, LCMapStringW, LCMapStringA, RemoveDirectoryA, GetCommandLineA, HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualProtect, GetFileAttributesA, GetDriveTypeA, FileTimeToLocalFileTime, FileTimeToSystemTime, ExitProcess, RtlUnwind, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, IsBadReadPtr, IsBadCodePtr, GetTimeZoneInformation, SetStdHandle, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, LocalFree, FindResourceA, GetFullPathNameA > USER32.dll: GetForegroundWindow, SetForegroundWindow, SystemParametersInfoA, MapWindowPoints, ShowWindow, UpdateWindow, PeekMessageA, GetMessageA, TranslateMessage, DispatchMessageA, EnumWindows, AdjustWindowRectEx, FindWindowExA, PostMessageA, CreateAcceleratorTableA, CharNextA, GetParent, GetClassNameA, RedrawWindow, IsWindow, GetDlgItem, SetFocus, GetFocus, IsChild, GetWindow, DestroyAcceleratorTable, BeginPaint, EndPaint, GetDesktopWindow, InvalidateRgn, InvalidateRect, FillRect, SetCapture, ReleaseCapture, GetSysColor, CreateWindowExA, CallWindowProcA, RegisterWindowMessageA, RegisterClassExA, GetWindowTextLengthA, GetWindowTextA, DefWindowProcA, SetActiveWindow, LoadCursorA, GetClassInfoExA, KillTimer, SetTimer, SetWindowPos, MoveWindow, SetWindowTextA, SendMessageA, GetWindowLongA, SetWindowLongA, DestroyWindow, PostQuitMessage, wsprintfA, SetWindowRgn, ReleaseDC, GetWindowRect, GetClientRect, GetSystemMetrics, LoadImageA, UnregisterClassA, GetDC > GDI32.dll: CreateRectRgn, GetPixel, RestoreDC, CreateSolidBrush, GetStockObject, GetObjectA, GetDeviceCaps, BitBlt, CreateCompatibleBitmap, DeleteDC, SelectObject, CreateCompatibleDC, CombineRgn, SaveDC, DeleteObject > ADVAPI32.dll: RegOpenKeyA, RegQueryValueExA, InitializeSecurityDescriptor, RegSetValueExA, RegCreateKeyA, GetUserNameA, RegCreateKeyExA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, RegEnumKeyExA, SetSecurityDescriptorDacl, RegCloseKey > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, - ( 8 exports ) Always, CallByControl, GetPlayerVersion, HxcDown, HxcUpdate, RunAD, Stop, playAdh |
| Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=52B62B9300B9F45560080A686AD6A100F0A85D5F |
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
