22ce3654742c1f02ae5f343878ca71b5 --> 2.exe

maliciousbrains · **Posted:** Sun May 11, 2008 1:31 pm

Download Link: hxxp://aidd123.cn/2.exe
File Name: 2.exe
File size: 301056 bytes
MD5...: 22ce3654742c1f02ae5f343878ca71b5
SHA1..: e118b7c26d76d7b12a636d33cb1bb5ad9cf2bff6
SHA256: c3f34fab69c9f02d998500e31402c2ac142b0d209cfd2568619bc9fc0853e5dd
SHA512: f224dd0facf37e830a8fade9d9b5932699595e87f7f051debd2dbe2ed02644b9
f6f6d69cf3ae29f14798d4d70f8b8094c9d8a30c2b5ee43109803631ecca6fb1
PEiD..: ASProtect v1.23 RC1

VirusTotal Result: 14/31 (45.16%)
Scanned on 05.10.2008 22:38:04 (CET)
AntiVir 7.8.0.17 2008.05.09 TR/Agent.gmf.1
Avast 4.8.1169.0 2008.05.10 Win32:Agent-UWD
AVG 7.5.0.516 2008.05.10 Generic10.ULR
BitDefender 7.2 2008.05.08 Dropped:Rootkit.Agent.XN
CAT-QuickHeal 9.50 2008.05.10 (Suspicious) - DNAScan
F-Secure 6.70.13260.0 2008.05.10 Trojan.Win32.Agent.gmf
Fortinet 3.14.0.0 2008.05.10 W32/Agent.GMF!tr
Ikarus T3.1.1.26.0 2008.05.10 Virus.Win32.Agent.UWD
Kaspersky 7.0.0.125 2008.05.10 Trojan.Win32.Agent.gmf
NOD32v2 3090 2008.05.09 probably a variant of Win32/Genetik
Norman 5.80.02 2008.05.09 W32/Malware.CVPR
Panda 9.0.0.4 2008.05.10 Suspicious file
Sunbelt 3.0.1097.0 2008.05.07 VIPRE.Suspicious
Webwasher-Gateway 6.6.2 2008.05.09 Trojan.Agent.gmf.1

PE Structure information

( base data )
entrypointaddress.: 0x401000
timedatestamp.....: 0x481168a6 (Fri Apr 25 05:14:14 2008)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x4000 0x2600 7.98 8c8ae23fa9a531851b94c79a1839bb08
0x5000 0x1000 0x400 7.80 2789c25259f1050427f21e47bdb60157
0x6000 0x1000 0x800 7.92 8718a98b4b0320f6689b7e48ddd41e2d
0x7000 0x1000 0x200 7.58 b54a211905c8bc578347be888dac2b4c
0x8000 0x1000 0xa00 7.93 bcce2a130e4588ab80ddf5dde15afe6d
.data 0x9000 0x46000 0x45600 7.92 bcbfa5630e38ac07eb516bb14721d8c4
.adata 0x4f000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 8 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: wsprintfA
> advapi32.dll: ControlService
> msvcp60.dll: __1_Winit@std@@QAE@XZ
> msvcrt.dll: _XcptFilter
> ws2_32.dll: WSASocketA
> oleaut32.dll: VariantChangeTypeEx
> kernel32.dll: RaiseException

22ce3654742c1f02ae5f343878ca71b5 --> 2.exe

Who is online