Download Link: hxxp://sessogratis.net/ProWeb016.CAB

File Name: ProWeb016.CAB
-------------------------

VirusTotal Result: 13/31 (41.94%)
AntiVir 7.6.0.85 2008.04.11 DIAL/98304.B
Avast 4.8.1169.0 2008.04.13 Win32:Dialer-gen
AVG 7.5.0.516 2008.04.12 Potentially harmful program Dialer.HFV
BitDefender 7.2 2008.04.13 Dialer.Small.AD
CAT-QuickHeal 9.50 2008.04.12 PornDialer.Agent.cn (Not a Virus)
Ewido 4.0 2008.04.12 Dialer.Small
Fortinet 3.14.0.0 2008.04.13 Dialer_ProWeb
Ikarus T3.1.1.26.0 2008.04.13 not-a-virus:Porn-Dialer.Win32.Agent.cn
Kaspersky 7.0.0.125 2008.04.13 not-a-virus:Porn-Dialer.Win32.Agent.cn
Panda 9.0.0.4 2008.04.12 Dialer.HLP
Rising 20.39.52.00 2008.04.12 Trojan.Diamin.ru
VBA32 3.12.6.4 2008.04.13 Porn-Dialer.Win32.Agent.cn
Webwasher-Gateway 6.6.2 2008.04.11 Dialer.98304.B

File Info:
File size: 37955 bytes
MD5...: 0f47c4c339700894acfcf5a2ab8230d4
SHA1..: 5507f87bbd124d55b79035f69fb573563c65eb8e
SHA256: 02569bba118d47221a5da97f49aee6b2d03286ce59162a70c06d367d0ad1e953
SHA512: b3e73cc22784a5d7671bc970dd5531f326a40843ec7f5af1783334fcebf27a77
e96229d7b0620c12eed43f9f5cf0fe1157119675821b73c48712a9188b00a1dc
PEiD..: -
PEInfo: -
Bit9 info: http://fileadvisor.bit9.com/services/ex ... a2ab8230d4

Archive preview
Modified Size Ratio CRC32 File name
11/5/2003 6:19:38 PM 1 KB ProWeb016.INF
11/5/2003 6:18:34 PM 96 KB ProWeb016.ocx

File Name: ProWeb016.ocx
-------------------------

VirusTotal Result: 15/32 (46.88%)
AntiVir 7.6.0.85 2008.04.11 DIAL/98304.B
Avast 4.8.1169.0 2008.04.13 Win32:Dialer-gen
AVG 7.5.0.516 2008.04.12 Potentially harmful program Dialer.HFV
BitDefender 7.2 2008.04.13 Dialer.Small.AD
CAT-QuickHeal 9.50 2008.04.12 PornDialer.Agent.cn (Not a Virus)
Ewido 4.0 2008.04.12 Dialer.Small
FileAdvisor 1 2008.04.13 Low threat detected
Fortinet 3.14.0.0 2008.04.13 Dial/Agent
Ikarus T3.1.1.26.0 2008.04.13 not-a-virus:Porn-Dialer.Win32.Agent.cn
Kaspersky 7.0.0.125 2008.04.13 not-a-virus:Porn-Dialer.Win32.Agent.cn
Panda 9.0.0.4 2008.04.12 Dialer.HLP
Rising 20.39.52.00 2008.04.12 Trojan.Diamin.ru
TheHacker 6.2.92.276 2008.04.12 Trojan/Dialer.Agent.cn
VBA32 3.12.6.4 2008.04.13 Porn-Dialer.Win32.Agent.cn
Webwasher-Gateway 6.6.2 2008.04.11 Dialer.98304.B

File size: 98304 bytes
MD5...: aaf0e36993483a5e110d8161dec1fe83
SHA1..: 21059e13a5fe50c34b456b166d945390f2c36564
SHA256: d2038d644cffcbd418a1cebb3e3733f7aa0d95918c2476f78dc8f1e4ecb85023
SHA512: 28cfe01d8336123df036fe72bcd1563f1b2151d202a86e295daa52bde59800cd
10cd6a4b94e5d7e9b430fb0ab1ad8d5024170eca28f7de648f7004c4e3a8c5a5
PEiD..: -
PE Structure information:
Base Data:
Entry Point Address.: 0x11001914
Time Date Stamp.....: 0x3faa8269 (Thu Nov 06 17:18:33 2003)
Machine Type.......: 0x14c (I386)

PE Sections:
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12dc6 0x13000 5.76 6971d74526ea89d600ea515ddb744959
.data 0x14000 0x13c0 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x16000 0xbb4 0x1000 2.86 ce9483f64a7a6f1480c589820151fce1
.reloc 0x17000 0x1dd4 0x2000 6.22 10092720bebd4a705089ccdab9eae146

Import table (libraries: 1)
> MSVBVM60.DLL: __vbaVarSub, _CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove, __vbaFreeVar, __vbaAptOffset, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, -, _adj_fprem1, __vbaRecAnsiToUni, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, -, _adj_fdiv_m32, __vbaAryDestruct, __vbaLateMemSt, -, __vbaExitProc, __vbaOnError, __vbaObjSet, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaBoolVar, __vbaBoolVarNull, _CIsin, __vbaErase, -, -, -, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, DllFunctionCall, __vbaLbound, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaPrintFile, __vbaStrToUnicode, -, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, __vbaInStrVar, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, __vbaI2Var, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, __vbaInStr, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, -, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, -, -, -, __vbaI4Var, -, -, -, __vbaVarAdd, __vbaAryLock, __vbaVarDup, __vbaStrToAnsi, __vbaFpI2, __vbaVarCopy, -, __vbaFpI4, -, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaCastObj, -, _allmul, __vbaLenVarB, __vbaFpCSngR4, _CItan, __vbaAryUnlock, __vbaFpCSngR8, _CIexp, __vbaFreeObj, __vbaFreeStr, -

Export table (names: 4, functions: 4)
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer

Content of ProWeb016.INF
------------------------
[version]
signature="$CHICAGO$"
AdvancedINF=2.0

[DefaultInstall]
CopyFiles=install.files
RegisterOCXs=RegisterFiles
AddReg=AddToRegistry

[RInstallApplicationFiles]
CopyFiles=install.files
RegisterOCXs=RegisterFiles
AddReg=AddToRegistry

[DestinationDirs]
install.files=11 <--- Windows\Start Menu\Programs

[SourceDisksNames]
1=%DiskName%,ProWeb016.CAB,1 <--- Program Files

[Add.Code]
ProWeb016.ocx=ProWeb016.ocx

[install.files]
ProWeb016.ocx=ProWeb016.ocx

[SourceDisksFiles]
ProWeb016.ocx=1

[ProWeb016.ocx]
file-win32-x86=thiscab
RegisterServer=yes
clsid={31F11DFA-3A23-4BC0-89B4-2FB3FB43525B}
DestDir=
FileVersion=1,0,0,0

[Setup Hooks]
AddToRegHook=AddToRegHook

[AddToRegHook]
InfSection=DefaultInstall2

[DefaultInstall2]
AddReg=AddToRegistry

[AddToRegistry]
HKLM,"SOFTWARE\Classes\CLSID\{31F11DFA-3A23-4BC0-89B4-2FB3FB43525B}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}"
HKLM,"SOFTWARE\Classes\CLSID\{31F11DFA-3A23-4BC0-89B4-2FB3FB43525B}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}"
HKCR,"Licenses",,,"Licensing: Copying the keys may be a violation of established copyrights."

[RegisterFiles]
%11%\ProWeb016.ocx <--- Windows\Start Menu\Programs