遭遇HBKernel32.sys,53u1ttMe.2ys,HBTL.dll,HBSO2.dll,bcejnmfd.dll等2
endurer 原创
2008-10-17 第1版
部分文件信息:
文件说明符 : C:/WINDOWS/system32/Drivers/Beep.sys
属性 : A---
数字签名:Microsoft Corporation
PE文件:是
语言 : 英语(美国)
文件版本 : 5.1.2600.0 (XPClient.010817-1148)
说明 : BEEP Driver
版权 : ? Microsoft Corporation. All rights reserved.
产品版本 : 5.1.2600.0
产品名称 : Microsoft? Windows? Operating System
公司名称 : Microsoft Corporation
内部名称 : beep.sys
源文件名 : beep.sys
创建时间 : 2004-8-17 12:0:0
修改时间 : 2008-10-13 13:12:45
大小 : 4224 字节 4.128 KB
MD5 : da1f27d85e0d1525f6621372e7b685e9
SHA1: E3D2DC5EB273FA701DE8AF13B60D6BAAC7629260
CRC32: 697c40f2
文件说明符 : C:/WINDOWS/system32/drivers/HBKernel32.sys
属性 : A---
数字签名:否
PE文件:否
创建时间 : 2008-10-13 13:12:50
修改时间 : 2008-10-13 13:14:38
大小 : 16915 字节 16.531 KB
MD5 : 122048997c7333b81a0a12d5727de928
SHA1: 0DCB35B1EA2B8E85287D2FECAADB0F25C6D3FB61
CRC32: 574670e9
文件说明符 : C:/WINDOWS/system32/ozmazluz.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:18:21
修改时间 : 2008-10-13 13:18:22
大小 : 2558100 字节 2.450 MB
MD5 : 68fe68afcbbe7566238f06b92cecd887
SHA1: 654670CA51525B951BFBF0DF8458F535ACDAF5A7
CRC32: 59afabbd
文件 ozmazluz.dll 接收于 2008.10.16 03:47:22 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.10.16.0 | 2008.10.15 | Win-*/OnlineGameHack |
| AntiVir | 7.9.0.4 | 2008.10.15 | TR/Agent.553108 |
| Authentium | 5.1.0.4 | 2008.10.15 | W32/Onlinegames.4!Generic |
| Avast | 4.8.1248.0 | 2008.10.15 | Win32:OnLineGames-FAG |
| AVG | 8.0.0.161 | 2008.10.16 | PSW.Generic6.AIOJ |
| BitDefender | 7.2 | 2008.10.16 | - |
| CAT-QuickHeal | 9.50 | 2008.10.14 | - |
| ClamAV | 0.93.1 | 2008.10.15 | - |
| DrWeb | 4.44.0.09170 | 2008.10.16 | *.PWS.Wsgame.7678 |
| eSafe | 7.0.17.0 | 2008.10.15 | - |
| eTrust-Vet | 31.6.6150 | 2008.10.16 | Win32/GameStealer!generic |
| Ewido | 4.0 | 2008.10.15 | - |
| F-Prot | 4.4.4.56 | 2008.10.15 | W32/Onlinegames.4!Generic |
| F-Secure | 8.0.14332.0 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnoi |
| Fortinet | 3.113.0.0 | 2008.10.15 | - |
| GData | 19 | 2008.10.16 | Win32:OnLineGames-FAG |
| Ikarus | T3.1.1.34.0 | 2008.10.16 | Virus.*.GameThief.Win32.OnLineGames.tnoi |
| K7AntiVirus | 7.10.496 | 2008.10.15 | - |
| Kaspersky | 7.0.0.125 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnoi |
| McAfee | 5406 | 2008.10.16 | PWS-OnlineGames.ck |
| Microsoft | 1.4005 | 2008.10.16 | PWS:Win32/OnLineGames.GA |
| NOD32 | 3525 | 2008.10.15 | probably a variant of Win32/PSW.OnLineGames.NQM |
| Norman | 5.80.02 | 2008.10.15 | W32/OnLineGames.CACO |
| Panda | 9.0.0.4 | 2008.10.15 | - |
| PCTools | 4.4.2.0 | 2008.10.15 | - |
| Prevx1 | V2 | 2008.10.16 | - |
| Rising | 20.66.22.00 | 2008.10.15 | *.PSW.Win32.GameOL.qxh |
| SecureWeb-Gateway | 6.7.6 | 2008.10.16 | - |
| Sophos | 4.34.0 | 2008.10.16 | - |
| Sunbelt | 3.1.1725.1 | 2008.10.15 | - |
| Symantec | 10 | 2008.10.16 | - |
| TheHacker | 6.3.1.0.114 | 2008.10.15 | - |
| TrendMicro | 8.700.0.1004 | 2008.10.16 | - |
| VBA32 | 3.12.8.7 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnob |
| ViRobot | 2008.10.15.1421 | 2008.10.15 | - |
| VirusBuster | 4.5.11.0 | 2008.10.15 | *.DL.OnlineGames.Gen.90 |
| 附加信息 |
|---|
| File size: 2558100 bytes |
| MD5...: 68fe68afcbbe7566238f06b92cecd887 |
| SHA1..: 654670ca51525b951bfbf0df8458f535acdaf5a7 |
| SHA256: 01e859f37e7c80c16ec5b7deb2f32508e2da937f3cb09b7af9723df6ff9d2d4b |
| SHA512: 76e51b66a7ec52d4adf39f9bd69427776e182ea10d630bdc47b4c95e8badee8e 0c7a9e4f90e85d45a2aedc8dac9d58bbeb2eefa6234c22543f02cc4ff0dac6d1 |
| PEiD..: Armadillo v1.xx - v2.xx |
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10003a6a timedatestamp.....: 0x48edb4ad (Thu Oct 09 07:37:17 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2b10 0x2c00 6.13 b58785f208f677d8f9ca9dbbcb654dc4 .rdata 0x4000 0x538 0x600 4.52 230653060299590fe4d05f00713e62a0 .data 0x5000 0x1cc0 0x200 0.42 559cf8e288db86ec5be262b445ef7986 .rsrc 0x7000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x8000 0x52c 0x600 4.56 b64bb50181a1afe8f88ce1fe265b921a ( 3 imports ) > KERNEL32.dll: GetCurrentProcess, Sleep, GetModuleFileNameA, CloseHandle, SetEvent, ExitProcess, GetProcAddress, GetPrivateProfileStringA, GetTickCount, IsBadReadPtr, GetFileSize, ReadFile, SetFilePointer, CreateFileA, HeapAlloc, GetProcessHeap, VirtualProtect, TerminateProcess, GetModuleHandleA, LoadLibraryW, MultiByteToWideChar, LoadLibraryA, OpenEventA, CreateEventA, CreateThread > USER32.dll: SetWindowsHookExA, CallNextHookEx, wvsprintfA, wsprintfA, BroadcastSystemMessageA > MSVCRT.dll: strncat, _strcmpi, _adjust_fdiv, strcpy, strcat, strlen, free, sprintf, strncpy, strchr, abs, memset, strstr, strcmp, malloc, memcpy, _except_handler3, strrchr, realloc, _strlwr, _initterm ( 0 exports ) |
文件说明符 : C:/WINDOWS/system32/bcejnmfd.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:18:1
修改时间 : 2008-10-13 13:18:3
大小 : 2491820 字节 2.385 MB
MD5 : a352a857716edbca027db31e1f311905
SHA1: 6432E7CBC818FEDB534B138EA96707F9C08B0E7A
CRC32: edabb306
文件 bcejnmfd.dll 接收于 2008.10.16 03:41:14 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.10.16.0 | 2008.10.15 | Win-*/OnlineGameHack |
| AntiVir | 7.9.0.4 | 2008.10.15 | BDS/Agent.D.95 |
| Authentium | 5.1.0.4 | 2008.10.15 | W32/Onlinegames.4!Generic |
| Avast | 4.8.1248.0 | 2008.10.15 | Win32:OnLineGames-FAG |
| AVG | 8.0.0.161 | 2008.10.16 | PSW.Generic6.AIKJ |
| BitDefender | 7.2 | 2008.10.16 | - |
| CAT-QuickHeal | 9.50 | 2008.10.14 | - |
| ClamAV | 0.93.1 | 2008.10.15 | - |
| DrWeb | 4.44.0.09170 | 2008.10.16 | *.PWS.Wsgame.7679 |
| eSafe | 7.0.17.0 | 2008.10.15 | - |
| eTrust-Vet | 31.6.6150 | 2008.10.16 | Win32/GameStealer!generic |
| Ewido | 4.0 | 2008.10.15 | - |
| F-Prot | 4.4.4.56 | 2008.10.15 | W32/Onlinegames.4!Generic |
| F-Secure | 8.0.14332.0 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnoj |
| Fortinet | 3.113.0.0 | 2008.10.15 | - |
| GData | 19 | 2008.10.16 | Win32:OnLineGames-FAG |
| Ikarus | T3.1.1.34.0 | 2008.10.16 | Virus.*.GameThief.Win32.OnLineGames.tnoj |
| K7AntiVirus | 7.10.496 | 2008.10.15 | - |
| Kaspersky | 7.0.0.125 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnoj |
| McAfee | 5406 | 2008.10.16 | PWS-OnlineGames.ck |
| Microsoft | 1.4005 | 2008.10.16 | PWS:Win32/OnLineGames.GA |
| NOD32 | 3525 | 2008.10.15 | probably a variant of Win32/PSW.OnLineGames.NQM |
| Norman | 5.80.02 | 2008.10.15 | W32/OnLineGames.CACP |
| Panda | 9.0.0.4 | 2008.10.15 | - |
| PCTools | 4.4.2.0 | 2008.10.15 | - |
| Prevx1 | V2 | 2008.10.16 | - |
| Rising | 20.66.22.00 | 2008.10.15 | *.PSW.Win32.GameOL.qxh |
| SecureWeb-Gateway | 6.7.6 | 2008.10.15 | - |
| Sophos | 4.34.0 | 2008.10.16 | - |
| Sunbelt | 3.1.1725.1 | 2008.10.15 | - |
| Symantec | 10 | 2008.10.16 | Infostealer.Gampass |
| TheHacker | 6.3.1.0.114 | 2008.10.15 | - |
| TrendMicro | 8.700.0.1004 | 2008.10.16 | - |
| VBA32 | 3.12.8.7 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnoo |
| ViRobot | 2008.10.15.1421 | 2008.10.15 | - |
| VirusBuster | 4.5.11.0 | 2008.10.15 | *.DL.OnlineGames.Gen.90 |
| 附加信息 |
|---|
| File size: 2491820 bytes |
| MD5...: a352a857716edbca027db31e1f311905 |
| SHA1..: 6432e7cbc818fedb534b138ea96707f9c08b0e7a |
| SHA256: 7391d8d770e86832f90f2a5e034164b8f9bb55a61eb7c9cfd63a1f1d2ff0805f |
| SHA512: c7091d99fc4578b09c1ec52c96fb39bea828b140a7d13975452e7f2866db5d4e 798d14a3a8b6d5cbccfb06bbef7db17688e7991e7b31972208b92fb519c17004 |
| PEiD..: Armadillo v1.xx - v2.xx |
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000366a timedatestamp.....: 0x48edb552 (Thu Oct 09 07:40:02 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2710 0x2800 5.99 0c5be6ac67ddf8463d9a597bf37d2d32 .rdata 0x4000 0x516 0x600 4.40 78eb095c400c84723f845acdf8c6fcaa .data 0x5000 0x688 0x200 0.56 27859577459aee8263d88987c23c415d .rsrc 0x6000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x7000 0x466 0x600 3.80 7550d78428e9ea2e7fa357b284466045 ( 3 imports ) > KERNEL32.dll: GetCurrentProcess, Sleep, GetModuleFileNameA, CloseHandle, SetEvent, ExitProcess, GetPrivateProfileStringA, IsBadReadPtr, GetFileSize, ReadFile, SetFilePointer, CreateFileA, HeapAlloc, GetProcessHeap, VirtualProtect, TerminateProcess, GetProcAddress, GetModuleHandleA, LoadLibraryW, MultiByteToWideChar, LoadLibraryA, OpenEventA, CreateEventA, CreateThread > USER32.dll: SetWindowsHookExA, CallNextHookEx, wvsprintfA, wsprintfA, BroadcastSystemMessageA > MSVCRT.dll: strrchr, _strcmpi, _adjust_fdiv, strcpy, strcat, strlen, free, sprintf, strncpy, strstr, strchr, memset, _strnicmp, malloc, memcpy, _except_handler3, realloc, _strlwr, _initterm ( 0 exports ) |
文件说明符 : C:/WINDOWS/system32/uhtcnwqw.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:17:19
修改时间 : 2008-10-13 13:17:19
大小 : 2427680 字节 2.322 MB
MD5 : 425c648650869c711438851a8bb35718
SHA1: 7BE598C9508D84DA1F196E6EC57D0AA3A755488A
CRC32: 9aef7868
文件 uhtcnwqw.dll 接收于 2008.10.16 03:57:48 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.10.16.0 | 2008.10.15 | Win-*/OnlineGameHack |
| AntiVir | 7.9.0.4 | 2008.10.15 | TR/PSW.Online.tdy |
| Authentium | 5.1.0.4 | 2008.10.15 | W32/OnlineGames.B.gen!GSA |
| Avast | 4.8.1248.0 | 2008.10.15 | Win32:OnLineGames-FAG |
| AVG | 8.0.0.161 | 2008.10.16 | PSW.OnlineGames.BCLZ |
| BitDefender | 7.2 | 2008.10.16 | - |
| CAT-QuickHeal | 9.50 | 2008.10.14 | - |
| ClamAV | 0.93.1 | 2008.10.15 | - |
| DrWeb | 4.44.0.09170 | 2008.10.16 | *.PWS.Wsgame.7694 |
| eSafe | 7.0.17.0 | 2008.10.15 | - |
| eTrust-Vet | 31.6.6150 | 2008.10.16 | Win32/GameStealer!generic |
| Ewido | 4.0 | 2008.10.15 | - |
| F-Prot | 4.4.4.56 | 2008.10.15 | W32/OnlineGames.B.gen!GSA |
| F-Secure | 8.0.14332.0 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnvk |
| Fortinet | 3.113.0.0 | 2008.10.15 | - |
| GData | 19 | 2008.10.16 | Win32:OnLineGames-FAG |
| Ikarus | T3.1.1.34.0 | 2008.10.16 | Virus.*.GameThief.Win32.OnLineGames.tnvk |
| K7AntiVirus | 7.10.496 | 2008.10.15 | - |
| Kaspersky | 7.0.0.125 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnvk |
| McAfee | 5406 | 2008.10.16 | - |
| Microsoft | 1.4005 | 2008.10.16 | PWS:Win32/OnLineGames.GA |
| NOD32 | 3525 | 2008.10.15 | probably a variant of Win32/PSW.OnLineGames.NQM |
| Norman | 5.80.02 | 2008.10.15 | W32/OnLineGames.CAIX |
| Panda | 9.0.0.4 | 2008.10.15 | - |
| PCTools | 4.4.2.0 | 2008.10.15 | - |
| Prevx1 | V2 | 2008.10.16 | - |
| Rising | 20.66.22.00 | 2008.10.15 | *.PSW.Win32.GameOL.qua |
| SecureWeb-Gateway | 6.7.6 | 2008.10.16 | - |
| Sophos | 4.34.0 | 2008.10.16 | - |
| Sunbelt | 3.1.1725.1 | 2008.10.15 | - |
| Symantec | 10 | 2008.10.16 | - |
| TheHacker | 6.3.1.0.114 | 2008.10.15 | - |
| TrendMicro | 8.700.0.1004 | 2008.10.16 | - |
| VBA32 | 3.12.8.7 | 2008.10.16 | - |
| ViRobot | 2008.10.15.1421 | 2008.10.15 | - |
| VirusBuster | 4.5.11.0 | 2008.10.15 | - |
| 附加信息 |
|---|
| File size: 2427680 bytes |
| MD5...: 425c648650869c711438851a8bb35718 |
| SHA1..: 7be598c9508d84da1f196e6ec57d0aa3a755488a |
| SHA256: 490a8e2b42e8b2b3d864e56fe83f68f0b1a9e7af08511c05c4602b3ff3822e88 |
| SHA512: 63da2c77b8a6cbcf863cbcac34f4acadda2728a53ea07500e214976e8447b53f e9de6b047fb35034458520ab8fb8202f0de967def0510236fc3ec531b531d98b |
| PEiD..: Armadillo v1.xx - v2.xx |
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000381a timedatestamp.....: 0x48ef593c (Fri Oct 10 13:31:40 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x28c0 0x2a00 6.05 0fb2d9db108cc26915075eafa393b63f .rdata 0x4000 0x55c 0x600 4.61 6a8f3fe13a3315db842dac4a460e74db .data 0x5000 0x7a0 0x200 0.66 cb4d7a7edba5f53b698fe462d493fed3 .rsrc 0x6000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x7000 0x480 0x600 3.88 040c03c5d18932f4894f33ec52f51c63 ( 3 imports ) > KERNEL32.dll: GetCurrentProcess, Sleep, GetModuleFileNameA, CloseHandle, SetEvent, GetPrivateProfileIntA, GetPrivateProfileStringA, GetTempPathA, DeleteFileA, IsBadReadPtr, GetFileSize, ReadFile, SetFilePointer, CreateFileA, WriteFile, HeapAlloc, GetProcessHeap, VirtualProtect, TerminateProcess, GetProcAddress, GetModuleHandleA, LoadLibraryW, MultiByteToWideChar, LoadLibraryA, OpenEventA, CreateEventA, CreateThread > USER32.dll: SetWindowsHookExA, CallNextHookEx, wvsprintfA, wsprintfA, BroadcastSystemMessageA > MSVCRT.dll: malloc, _strcmpi, _adjust_fdiv, strcpy, strcat, strlen, memset, strncpy, strrchr, atoi, strncmp, free, _strnicmp, memcpy, _except_handler3, realloc, strstr, _strlwr, _initterm ( 0 exports ) |
文件说明符 : C:/WINDOWS/system32/tpphbrik.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:15:59
修改时间 : 2008-10-13 13:15:59
大小 : 2485164 字节 2.378 MB
MD5 : f41f60d133f9fe579e4cdfa0392f5516
SHA1: F5CAF3CC41A73AD123EA04C6EBF2BC5661AEFEC4
CRC32: 2052eafd
文件 tpphbrik.dll 接收于 2008.10.16 03:52:30 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.10.16.0 | 2008.10.15 | Win-*/OnlineGameHack |
| AntiVir | 7.9.0.4 | 2008.10.15 | TR/PSW.Online.aklr |
| Authentium | 5.1.0.4 | 2008.10.15 | W32/Onlinegames.4!Generic |
| Avast | 4.8.1248.0 | 2008.10.15 | Win32:OnLineGames-FAG |
| AVG | 8.0.0.161 | 2008.10.16 | PSW.OnlineGames.BCHO |
| BitDefender | 7.2 | 2008.10.16 | - |
| CAT-QuickHeal | 9.50 | 2008.10.14 | - |
| ClamAV | 0.93.1 | 2008.10.15 | *.Spy-53858 |
| DrWeb | 4.44.0.09170 | 2008.10.16 | *.PWS.Wsgame.7693 |
| eSafe | 7.0.17.0 | 2008.10.15 | - |
| eTrust-Vet | 31.6.6150 | 2008.10.16 | Win32/GameStealer!generic |
| Ewido | 4.0 | 2008.10.15 | - |
| F-Prot | 4.4.4.56 | 2008.10.15 | W32/Onlinegames.4!Generic |
| F-Secure | 8.0.14332.0 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tntv |
| Fortinet | 3.113.0.0 | 2008.10.15 | - |
| GData | 19 | 2008.10.16 | Win32:OnLineGames-FAG |
| Ikarus | T3.1.1.34.0 | 2008.10.16 | Virus.*.GameThief.Win32.OnLineGames.tntv |
| K7AntiVirus | 7.10.496 | 2008.10.15 | - |
| Kaspersky | 7.0.0.125 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tntv |
| McAfee | 5406 | 2008.10.16 | - |
| Microsoft | 1.4005 | 2008.10.16 | PWS:Win32/Lmir.S |
| NOD32 | 3525 | 2008.10.15 | probably a variant of Win32/PSW.OnLineGames.NQM |
| Norman | 5.80.02 | 2008.10.15 | W32/OnLineGames.CAGI |
| Panda | 9.0.0.4 | 2008.10.15 | - |
| PCTools | 4.4.2.0 | 2008.10.15 | - |
| Prevx1 | V2 | 2008.10.16 | - |
| Rising | 20.66.22.00 | 2008.10.15 | *.PSW.Win32.GameOL.qtn |
| SecureWeb-Gateway | 6.7.6 | 2008.10.16 | - |
| Sophos | 4.34.0 | 2008.10.16 | - |
| Sunbelt | 3.1.1725.1 | 2008.10.15 | - |
| Symantec | 10 | 2008.10.16 | Infostealer.Gampass |
| TheHacker | 6.3.1.0.114 | 2008.10.15 | - |
| TrendMicro | 8.700.0.1004 | 2008.10.16 | - |
| VBA32 | 3.12.8.7 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tntu |
| ViRobot | 2008.10.15.1421 | 2008.10.15 | - |
| VirusBuster | 4.5.11.0 | 2008.10.15 | - |
| 附加信息 |
|---|
| File size: 2485164 bytes |
| MD5...: f41f60d133f9fe579e4cdfa0392f5516 |
| SHA1..: f5caf3cc41a73ad123ea04c6ebf2bc5661aefec4 |
| SHA256: 20e1efaf70d24ffbca1d24b56a6284e13bd71dfd0cd908f9197a0977b14e373c |
| SHA512: 0834b4a002c13211377975e128b3ac1e749e00f9168ee236cf7f81fd65266bc8 290aefa10446fd20154d42676e86480e32f2ccf1f67faadd65339dc5fd2f6441 |
| PEiD..: Armadillo v1.xx - v2.xx |
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100037da timedatestamp.....: 0x48ef0be7 (Fri Oct 10 08:01:43 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2880 0x2a00 6.09 ebe0f5925e0cd4240139a323cd09eeb8 .rdata 0x4000 0x4d8 0x600 4.20 5d12515fdb43a5e0cc33dc505034607e .data 0x5000 0x1710 0x200 0.81 e1a4caf2559929cceff518b2d00bafe9 .rsrc 0x7000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x8000 0x4e8 0x600 4.37 a28844c4424a133d623e2c7dc782578b ( 3 imports ) > KERNEL32.dll: ReadFile, GetFileSize, CreateFileA, GetProcAddress, CreateEventA, OpenEventA, TerminateProcess, GetCurrentProcess, GetModuleFileNameA, SetEvent, SetFilePointer, HeapAlloc, GetProcessHeap, VirtualProtect, CloseHandle, GetModuleHandleA, LoadLibraryW, MultiByteToWideChar, LoadLibraryA, CreateThread, Sleep, ExitProcess > USER32.dll: SetWindowsHookExA, CallNextHookEx, wvsprintfA, wsprintfA, BroadcastSystemMessageA > MSVCRT.dll: strrchr, _strcmpi, _adjust_fdiv, free, sprintf, strlen, strcpy, strcat, strncpy, strchr, strstr, memset, malloc, strcmp, memcpy, _except_handler3, realloc, _strlwr, _initterm ( 0 exports ) |
文件说明符 : C:/WINDOWS/system32/flirxttw.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:15:39
修改时间 : 2008-10-13 13:15:39
大小 : 2180524 字节 2.81 MB
MD5 : 47930b9bcfa41c59819e89b9d64b5074
SHA1: E470F87D053D6D7C42DCF70654F8D0B6C299179E
CRC32: 267b5698
文件 flirxttw.dll 接收于 2008.10.16 03:34:46 (CET)
| 反病毒引擎 | 版本 | 最后更新 | 扫描结果 |
| AhnLab-V3 | 2008.10.16.0 | 2008.10.15 | Win-*/OnlineGameHack |
| AntiVir | 7.9.0.4 | 2008.10.15 | TR/PSW.Online.aklr |
| Authentium | 5.1.0.4 | 2008.10.15 | W32/OnlineGames.B.gen!GSA |
| Avast | 4.8.1248.0 | 2008.10.15 | Win32:OnLineGames-FAG |
| AVG | 8.0.0.161 | 2008.10.16 | PSW.Generic6.AIKH |
| BitDefender | 7.2 | 2008.10.16 | - |
| CAT-QuickHeal | 9.50 | 2008.10.14 | - |
| ClamAV | 0.93.1 | 2008.10.15 | - |
| DrWeb | 4.44.0.09170 | 2008.10.16 | *.PWS.Wsgame.7678 |
| eSafe | 7.0.17.0 | 2008.10.15 | - |
| eTrust-Vet | 31.6.6150 | 2008.10.16 | Win32/GameStealer!generic |
| Ewido | 4.0 | 2008.10.15 | - |
| F-Prot | 4.4.4.56 | 2008.10.15 | W32/OnlineGames.B.gen!GSA |
| F-Secure | 8.0.14332.0 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnmj |
| Fortinet | 3.113.0.0 | 2008.10.15 | - |
| GData | 19 | 2008.10.16 | Win32:OnLineGames-FAG |
| Ikarus | T3.1.1.34.0 | 2008.10.16 | Virus.*.GameThief.Win32.OnLineGames.tnmj |
| K7AntiVirus | 7.10.496 | 2008.10.15 | - |
| Kaspersky | 7.0.0.125 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnmj |
| McAfee | 5406 | 2008.10.16 | PWS-OnlineGames.ck |
| Microsoft | 1.4005 | 2008.10.16 | PWS:Win32/OnLineGames.GA |
| NOD32 | 3525 | 2008.10.15 | probably a variant of Win32/PSW.OnLineGames.NQM |
| Norman | 5.80.02 | 2008.10.15 | W32/OnLineGames.CACG |
| Panda | 9.0.0.4 | 2008.10.15 | - |
| PCTools | 4.4.2.0 | 2008.10.15 | - |
| Prevx1 | V2 | 2008.10.16 | - |
| Rising | 20.66.22.00 | 2008.10.15 | *.PSW.Win32.GameOL.qxh |
| SecureWeb-Gateway | 6.7.6 | 2008.10.15 | - |
| Sophos | 4.34.0 | 2008.10.16 | - |
| Sunbelt | 3.1.1725.1 | 2008.10.15 | - |
| Symantec | 10 | 2008.10.16 | - |
| TheHacker | 6.3.1.0.114 | 2008.10.15 | - |
| TrendMicro | 8.700.0.1004 | 2008.10.16 | - |
| VBA32 | 3.12.8.7 | 2008.10.16 | *-GameThief.Win32.OnLineGames.tnlo |
| ViRobot | 2008.10.15.1421 | 2008.10.15 | - |
| VirusBuster | 4.5.11.0 | 2008.10.15 | *.DL.OnlineGames.Gen.90 |
| 附加信息 |
|---|
| File size: 2180524 bytes |
| MD5...: 47930b9bcfa41c59819e89b9d64b5074 |
| SHA1..: e470f87d053d6d7c42dcf70654f8d0b6c299179e |
| SHA256: 24efc3483fe6800cc246341e7b5e84983131317e1d6f97b395cebb9ba306f471 |
| SHA512: 43dff472d04eae9f86c038d5e39b76e3c07436f1d90a8acfe0d5db951c73bc7f f8e03c79777144d7f35c245b3ea161ceffc61f16d96d1320e0268c8b6cbd2560 |
| PEiD..: Armadillo v1.xx - v2.xx |
| TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) |
| PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100036ba timedatestamp.....: 0x48ecb7a2 (Wed Oct 08 13:37:38 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2760 0x2800 6.11 aff661ddff4f786bdfdce566f5e5113d .rdata 0x4000 0x560 0x600 4.61 7d2e08a4c5b86486751f1cfe598570bc .data 0x5000 0x8b0 0x200 0.42 c7d57133016c8b68b8f48ccbe0d2119e .rsrc 0x6000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x7000 0x48c 0x600 3.90 db0e74022b724a7f271bafb3a057ac4d ( 3 imports ) > KERNEL32.dll: GetCurrentProcess, Sleep, GetModuleFileNameA, CloseHandle, SetEvent, ExitProcess, ReadFile, GetFileSize, CreateFileA, GetCommandLineW, GetProcAddress, GetModuleHandleA, IsBadReadPtr, SetFilePointer, HeapAlloc, GetProcessHeap, VirtualProtect, TerminateProcess, LoadLibraryW, MultiByteToWideChar, WideCharToMultiByte, LoadLibraryA, OpenEventA, CreateEventA, CreateThread > USER32.dll: BroadcastSystemMessageA, SetWindowsHookExA, CallNextHookEx, ToAscii, wsprintfA, wvsprintfA, GetKeyboardState, MapVirtualKeyA > MSVCRT.dll: strstr, _strcmpi, _adjust_fdiv, _initterm, _strlwr, realloc, strcpy, strcat, strlen, free, sprintf, strchr, strncpy, isdigit, memset, malloc, memcpy, _except_handler3, strrchr ( 0 exports ) |
文件说明符 : c:/program files/internet explorer/53u1ttme.2ys
属性 : ASH-
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:22:48
修改时间 : 2008-10-13 13:22:48
大小 : 46205 字节 45.125 KB
MD5 : b155a5df2942200ab083ef7124f1daf1
SHA1: 1389158DB1DE4635FF20A9CEE9AA1F83BD505C8A
CRC32: a4ec314b
卡巴斯基报为:Worm.Win32.AutoRun.qnt,瑞星报为:Worm.Win32.PaBug.ir
文件说明符 : c:/windows/system32/hbso2.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:13:56
修改时间 : 2008-10-13 13:13:56
大小 : 24576 字节 24.0 KB
MD5 : 4de3e578ae1d52947873e3a773a252ec
SHA1: 4BEFC98684939EA360A5052E065C69221D1428E6
CRC32: f0b143da
卡巴斯基报为:*-GameThief.Win32.Soulwork.j,瑞星报为:*.PSW.Win32.XYOnline.ahs
文件说明符 : c:/windows/system32/hbtl.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:14:38
修改时间 : 2008-10-13 13:14:38
大小 : 16896 字节 16.512 KB
MD5 : d71cd3044e83f2a965e74af7b20d03d0
SHA1: 1E1E545B0639703964D23A0D6119A7840E280CE5
CRC32: 753ce0d8
卡巴斯基报为:*-GameThief.Win32.OnLineGames.tojg,瑞星报为:*.PSW.Win32.GameOL.qxr