Thread: Need help with trojans
View Single Post
  #34 (permalink)   Top
Old 7th July 2009, 02:44 AM
ElChamuco's Avatar
ElChamuco ElChamuco is offline
Newcomer
  
Join Date: May 2009, 21 posts.
Reputation: ElChamuco is on a distinguished road
Found it! is this what u want to look at?


File RunnerExe.exe received on 2009.06.10 18:50:51 (UTC)
Current status: finished
Result: 2/38 (5.26%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 5.0.0.2 2009.06.10 -
AntiVir 7.9.0.183 2009.06.10 -
Antiy-AVL 2.0.3.1 2009.06.10 -
Authentium 5.1.2.4 2009.06.10 -
Avast 4.8.1335.0 2009.06.09 -
AVG 8.5.0.339 2009.06.10 -
BitDefender 7.2 2009.06.10 -
CAT-QuickHeal 10.00 2009.06.10 -
ClamAV 0.94.1 2009.06.10 -
Comodo 1306 2009.06.10 -
DrWeb 5.0.0.12182 2009.06.10 -
eSafe 7.0.17.0 2009.06.10 -
eTrust-Vet 31.6.6551 2009.06.10 -
F-Prot 4.4.4.56 2009.06.10 -
F-Secure 8.0.14470.0 2009.06.10 -
Fortinet 3.117.0.0 2009.06.10 -
GData 19 2009.06.10 -
Ikarus T3.1.1.59.0 2009.06.10 -
K7AntiVirus 7.10.760 2009.06.10 -
Kaspersky 7.0.0.125 2009.06.10 -
McAfee 5642 2009.06.10 -
McAfee+Artemis 5642 2009.06.10 -
McAfee-GW-Edition 6.7.6 2009.06.10 -
Microsoft 1.4701 2009.06.10 -
NOD32 4145 2009.06.10 -
Norman 6.01.09 2009.06.10 -
nProtect 2009.1.8.0 2009.06.10 -
Panda 10.0.0.14 2009.06.10 Suspicious file
PCTools 4.4.2.0 2009.06.10 -
Prevx 3.0 2009.06.10 -
Rising 21.33.24.00 2009.06.10 -
Sophos 4.42.0 2009.06.10 -
Sunbelt 3.2.1858.2 2009.06.10 -
Symantec 1.4.4.12 2009.06.10 -
TheHacker 6.3.4.3.342 2009.06.10 -
TrendMicro 8.950.0.1092 2009.06.10 -
VBA32 3.12.10.7 2009.06.10 suspected of Win32.Trojan-Downloader
ViRobot 2009.6.10.1779 2009.06.10 -
Additional information
File size: 2560 bytes
MD5 : 6c87e93bcc0442cdcd2746ca98ea55ee
SHA1 : 0c3eb83a6f1bef9443f84de00a1a048aa2cc73e2
SHA256: e6aa7e2f9f43b7f4f43ec32cfe2b6754a4f6a4ffd0fdecad43 e1363bfbca6a51
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1180
timedatestamp.....: 0x49106A29 (Tue Nov 4 16:28:41 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1BA 0x200 4.94 cf614a05993780b56c73b437f8fb675e
.rdata 0x2000 0x270 0x400 3.39 f114d95887ec6f9d8ff1c96bc4b1d777
.data 0x3000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 3 imports )

> kernel32.dll: ExitProcess, Sleep
> ntdll.dll: memset
> wininet.dll: HttpSendRequestA, InternetReadFile, InternetCloseHandle, InternetCrackUrlA, InternetOpenA, HttpOpenRequestA, InternetConnectA

( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: ThreatExpert Report
ssdeep: 24:eFGSLoUPnkJtUGb8Fqa7EoRMvmD0HVjS4bi6WSBFZSPyI/:ipPkJtUCyLWvS0HVG4biaBzg
PEiD : -
CWSandbox: Malware Report for ID: 6263850
RDS : NSRL Reference Data Set
-
Reply With Quote