Blockeo el Ad-Aware al ejecutar EXE (SOLUCIONADO) - Página 2

Buscar

		Foro de Spyware » Spyware - Adware - Hijackers - Malwares » Temas Solucionados
Blockeo el Ad-Aware al ejecutar EXE (SOLUCIONADO)

Para evitar Virus, Spyware y otros Malwares, te recomendamos mantenerte informado en: InfoSpyware Blog

Temas Solucionados Casos de HijackThis y Malwares resueltos.
(Solo lectura)

Página 2 de 3

Enviar a:

Herramientas

post #11

03/11/09, 21:23:43

Laura20

Usuario

Registrado: nov 2009

Ubicación: Argentina

Mensajes: 17

Re: Blockeo el Ad-Aware al ejecutar EXE

Holas de nuevo, aca te dejo el informe que me pediste, segui todos los pasos al pie de la letra.

Cita:

Análisis del archivo nwiz.exe recibido el 2009.11.04 01:16:41 (UTC)Motor antivirus Versión Última actualización Resultado
a-squared 4.5.0.41 2009.11.03 -
AhnLab-V3 5.0.0.2 2009.11.03 -
AntiVir 7.9.1.53 2009.11.03 -
Antiy-AVL 2.0.3.7 2009.11.03 -
Authentium 5.1.2.4 2009.11.04 -
Avast 4.8.1351.0 2009.11.03 -
AVG 8.5.0.423 2009.11.03 -
BitDefender 7.2 2009.11.03 -
CAT-QuickHeal 10.00 2009.11.03 -
ClamAV 0.94.1 2009.11.04 -
Comodo 2832 2009.11.04 -
DrWeb 5.0.0.12182 2009.11.04 -
eSafe 7.0.17.0 2009.11.03 -
eTrust-Vet 35.1.7100 2009.11.03 -
F-Prot 4.5.1.85 2009.11.03 -
F-Secure 9.0.15370.0 2009.10.30 -
Fortinet 3.120.0.0 2009.11.03 -
GData 19 2009.11.03 -
Ikarus T3.1.1.72.0 2009.11.03 -
Jiangmin 11.0.800 2009.11.03 -
K7AntiVirus 7.10.887 2009.11.03 -
Kaspersky 7.0.0.125 2009.11.03 -
McAfee 5791 2009.11.03 -
McAfee+Artemis 5791 2009.11.03 -
McAfee-GW-Edition 6.8.5 2009.11.04 -
Microsoft 1.5202 2009.11.04 -
NOD32 4570 2009.11.03 -
Norman 6.03.02 2009.11.03 -
nProtect 2009.1.8.0 2009.11.03 -
Panda 10.0.2.2 2009.11.03 -
PCTools 7.0.3.5 2009.11.03 -
Prevx 3.0 2009.11.04 -
Rising 21.54.14.00 2009.11.03 -
Sophos 4.47.0 2009.11.04 -
Sunbelt 3.2.1858.2 2009.11.03 -
Symantec 1.4.4.12 2009.11.04 -
TheHacker 6.5.0.2.060 2009.11.04 -
TrendMicro 8.950.0.1094 2009.11.03 -
VBA32 3.12.10.11 2009.11.03 -
ViRobot 2009.11.3.2019 2009.11.03 -
VirusBuster 4.6.5.0 2009.11.03 -

Información adicional
Tamano archivo: 1519616 bytes
MD5...: 0033ce6494554e47514d3487c9a8f93d
SHA1..: 87ad2b9e8e312936ba8316d0de4e5997b80c4398
SHA256: 2a3f641507ef66c8074808a84700426b0f9ef2fb358e80d0af 9818f507848981
ssdeep: 12288:/BD1qBg6xW46Kx61OzJbiHYGep3YXNKJoqS3wATH4AIWQ/BHqfU:6g6ARf OzNFjYDk 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2c534 timedatestamp.....: 0x43988065 (Thu Dec 08 18:50:13 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x39798 0x3a000 6.51 558ac3330aa11e07e56b36815f02ca89 .rdata 0x3b000 0x6908 0x7000 4.67 5252a1cc01310f38ccba0455c26e4a94 .data 0x42000 0xc364 0x3000 2.69 9d04af162f6a566108902cf5469e925a .rsrc 0x4f000 0x12d990 0x12e000 5.77 cef7f4d96dc5ff282d7eddc4ee4df545 ( 7 imports ) > KERNEL32.dll: SetConsoleCtrlHandler, GetTimeZoneInformation, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, SetStdHandle, LoadLibraryA, GetOEMCP, GetACP, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetCPInfo, GetDateFormatA, GetTimeFormatA, GetStringTypeW, GetStringTypeA, InitializeCriticalSection, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, GetStdHandle, WriteFile, TerminateProcess, ExitProcess, LCMapStringW, LCMapStringA, GetSystemInfo, VirtualProtect, VirtualQuery, InterlockedExchange, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, SetLastError, TlsAlloc, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, EnterCriticalSection, FatalAppExitA, LeaveCriticalSection, DeleteCriticalSection, GetVersionExA, FlushFileBuffers, GetLocaleInfoW, ReadFile, CompareStringA, CompareStringW, GetCommandLineW, GetVersionExW, WaitForSingleObject, ReleaseMutex, DeleteFileW, FindNextFileW, RemoveDirectoryW, FindFirstFileW, FindClose, SetFileAttributesW, MoveFileExW, GetWindowsDirectoryW, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, CreateFileW, CreateProcessW, GetExitCodeProcess, CloseHandle, GetCurrentThread, LocalAlloc, LocalFree, WideCharToMultiByte, GetCurrentProcess, lstrcmpiW, GetUserDefaultLCID, lstrcpynW, lstrcatW, Sleep, lstrlenW, CreateMutexW, GetLastError, lstrcmpW, OutputDebugStringW, MultiByteToWideChar, GetModuleHandleW, GetProcAddress, FreeLibrary, GetUserDefaultLangID, lstrcpyW, LoadLibraryW, GetSystemDirectoryW, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetModuleFileNameA, GetCommandLineA, GetStartupInfoA, HeapAlloc, HeapFree, RtlUnwind, GetModuleHandleA, SetEnvironmentVariableA > VERSION.dll: GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW > USER32.dll: FindWindowExW, IsWindowVisible, PostQuitMessage, PtInRect, MessageBoxW, SystemParametersInfoW, ReleaseDC, SendDlgItemMessageW, wvsprintfW, wsprintfA, ExitWindowsEx, GetClassNameW, MapWindowPoints, MapDialogRect, InvalidateRect, CallWindowProcW, LoadImageW, IsWindowEnabled, SetFocus, DestroyWindow, KillTimer, SetWindowTextW, GetClientRect, GetWindowRect, ScreenToClient, CheckDlgButton, MoveWindow, IsDlgButtonChecked, CheckRadioButton, EnableWindow, LoadStringW, SetWindowLongW, DialogBoxParamW, SetDlgItemTextW, EndDialog, SetTimer, GetDlgItem, IsWindow, GetDC, LoadCursorW, RegisterClassExW, CreateWindowExW, ShowWindow, UpdateWindow, DefWindowProcW, BeginPaint, EndPaint, GetParent, FindWindowW, SendMessageW, PostMessageW, EnumDisplaySettingsW, GetSystemMetrics, ChangeDisplaySettingsW, wsprintfW, GetWindowLongW > GDI32.dll: CreateFontW, GetDeviceCaps, GetObjectW, CreateBrushIndirect, PatBlt, GetPixel, CreateCompatibleDC, CreateBitmap, CreateCompatibleBitmap, SetStretchBltMode, StretchBlt, BitBlt, SetBkColor, GetStockObject, CreateFontIndirectW, SelectObject, SetTextColor, GetTextExtentPoint32W, TextOutW, DeleteObject, CreateDCW, DeleteDC, SetBkMode > COMCTL32.dll: PropertySheetW, CreatePropertySheetPageW > ADVAPI32.dll: RegDeleteValueW, RegFlushKey, RegEnumKeyExW, RegLoadKeyW, RegUnLoadKeyW, RegDeleteKeyW, ImpersonateSelf, OpenThreadToken, AllocateAndInitializeSid, InitializeSecurityDescriptor, GetLengthSid, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSecurityDescriptor, AccessCheck, RevertToSelf, FreeSid, RegCreateKeyExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegCloseKey > SHELL32.dll: ShellExecuteW ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
sigcheck: publisher....: NVIDIA Corporation copyright....: (C) NVIDIA Corporation. All rights reserved. product......: NVIDIA nView Wizard, Version 110.14 description..: NVIDIA nView Wizard, Version 110.14 original name: nWiz.exe internal name: nWiz file version.: 6.14.10.11014 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
trid..: InstallShield setup (40.4%) Win32 Executable MS Visual C++ (generic) (35.4%) Windows Screen Saver (12.3%) Win32 Executable Generic (8.0%) Generic Win/DOS Executable (1.8%)

Motor antivirus;Versión;Última actualización;Resultado
a-squared;4.5.0.41;2009.11.03;-
AhnLab-V3;5.0.0.2;2009.11.03;-
AntiVir;7.9.1.53;2009.11.03;-
Antiy-AVL;2.0.3.7;2009.11.03;-
Authentium;5.1.2.4;2009.11.04;-
Avast;4.8.1351.0;2009.11.03;-
AVG;8.5.0.423;2009.11.03;-
BitDefender;7.2;2009.11.03;-
CAT-QuickHeal;10.00;2009.11.03;-
ClamAV;0.94.1;2009.11.04;-
Comodo;2832;2009.11.04;-
DrWeb;5.0.0.12182;2009.11.04;-
eSafe;7.0.17.0;2009.11.03;-
eTrust-Vet;35.1.7100;2009.11.03;-
F-Prot;4.5.1.85;2009.11.03;-
F-Secure;9.0.15370.0;2009.10.30;-
Fortinet;3.120.0.0;2009.11.03;-
GData;19;2009.11.03;-
Ikarus;T3.1.1.72.0;2009.11.03;-
Jiangmin;11.0.800;2009.11.03;-
K7AntiVirus;7.10.887;2009.11.03;-
Kaspersky;7.0.0.125;2009.11.03;-
McAfee;5791;2009.11.03;-
McAfee+Artemis;5791;2009.11.03;-
McAfee-GW-Edition;6.8.5;2009.11.04;-
Microsoft;1.5202;2009.11.04;-
NOD32;4570;2009.11.03;-
Norman;6.03.02;2009.11.03;-
nProtect;2009.1.8.0;2009.11.03;-
Panda;10.0.2.2;2009.11.03;-
PCTools;7.0.3.5;2009.11.03;-
Prevx;3.0;2009.11.04;-
Rising;21.54.14.00;2009.11.03;-
Sophos;4.47.0;2009.11.04;-
Sunbelt;3.2.1858.2;2009.11.03;-
Symantec;1.4.4.12;2009.11.04;-
TheHacker;6.5.0.2.060;2009.11.04;-
TrendMicro;8.950.0.1094;2009.11.03;-
VBA32;3.12.10.11;2009.11.03;-
ViRobot;2009.11.3.2019;2009.11.03;-
VirusBuster;4.6.5.0;2009.11.03;-

Información adicional
Tamano archivo: 1519616 bytes
MD5...: 0033ce6494554e47514d3487c9a8f93d
SHA1..: 87ad2b9e8e312936ba8316d0de4e5997b80c4398
SHA256: 2a3f641507ef66c8074808a84700426b0f9ef2fb358e80d0af 9818f507848981
ssdeep: 12288:/BD1qBg6xW46Kx61OzJbiHYGep3YXNKJoqS3wATH4AIWQ/BHqfU:6g6ARf OzNFjYDk 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2c534 timedatestamp.....: 0x43988065 (Thu Dec 08 18:50:13 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x39798 0x3a000 6.51 558ac3330aa11e07e56b36815f02ca89 .rdata 0x3b000 0x6908 0x7000 4.67 5252a1cc01310f38ccba0455c26e4a94 .data 0x42000 0xc364 0x3000 2.69 9d04af162f6a566108902cf5469e925a .rsrc 0x4f000 0x12d990 0x12e000 5.77 cef7f4d96dc5ff282d7eddc4ee4df545 ( 7 imports ) > KERNEL32.dll: SetConsoleCtrlHandler, GetTimeZoneInformation, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, SetStdHandle, LoadLibraryA, GetOEMCP, GetACP, IsValidCodePage, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetCPInfo, GetDateFormatA, GetTimeFormatA, GetStringTypeW, GetStringTypeA, InitializeCriticalSection, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, HeapSize, GetStdHandle, WriteFile, TerminateProcess, ExitProcess, LCMapStringW, LCMapStringA, GetSystemInfo, VirtualProtect, VirtualQuery, InterlockedExchange, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, SetLastError, TlsAlloc, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, EnterCriticalSection, FatalAppExitA, LeaveCriticalSection, DeleteCriticalSection, GetVersionExA, FlushFileBuffers, GetLocaleInfoW, ReadFile, CompareStringA, CompareStringW, GetCommandLineW, GetVersionExW, WaitForSingleObject, ReleaseMutex, DeleteFileW, FindNextFileW, RemoveDirectoryW, FindFirstFileW, FindClose, SetFileAttributesW, MoveFileExW, GetWindowsDirectoryW, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, CreateFileW, CreateProcessW, GetExitCodeProcess, CloseHandle, GetCurrentThread, LocalAlloc, LocalFree, WideCharToMultiByte, GetCurrentProcess, lstrcmpiW, GetUserDefaultLCID, lstrcpynW, lstrcatW, Sleep, lstrlenW, CreateMutexW, GetLastError, lstrcmpW, OutputDebugStringW, MultiByteToWideChar, GetModuleHandleW, GetProcAddress, FreeLibrary, GetUserDefaultLangID, lstrcpyW, LoadLibraryW, GetSystemDirectoryW, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, GetModuleFileNameA, GetCommandLineA, GetStartupInfoA, HeapAlloc, HeapFree, RtlUnwind, GetModuleHandleA, SetEnvironmentVariableA > VERSION.dll: GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW > USER32.dll: FindWindowExW, IsWindowVisible, PostQuitMessage, PtInRect, MessageBoxW, SystemParametersInfoW, ReleaseDC, SendDlgItemMessageW, wvsprintfW, wsprintfA, ExitWindowsEx, GetClassNameW, MapWindowPoints, MapDialogRect, InvalidateRect, CallWindowProcW, LoadImageW, IsWindowEnabled, SetFocus, DestroyWindow, KillTimer, SetWindowTextW, GetClientRect, GetWindowRect, ScreenToClient, CheckDlgButton, MoveWindow, IsDlgButtonChecked, CheckRadioButton, EnableWindow, LoadStringW, SetWindowLongW, DialogBoxParamW, SetDlgItemTextW, EndDialog, SetTimer, GetDlgItem, IsWindow, GetDC, LoadCursorW, RegisterClassExW, CreateWindowExW, ShowWindow, UpdateWindow, DefWindowProcW, BeginPaint, EndPaint, GetParent, FindWindowW, SendMessageW, PostMessageW, EnumDisplaySettingsW, GetSystemMetrics, ChangeDisplaySettingsW, wsprintfW, GetWindowLongW > GDI32.dll: CreateFontW, GetDeviceCaps, GetObjectW, CreateBrushIndirect, PatBlt, GetPixel, CreateCompatibleDC, CreateBitmap, CreateCompatibleBitmap, SetStretchBltMode, StretchBlt, BitBlt, SetBkColor, GetStockObject, CreateFontIndirectW, SelectObject, SetTextColor, GetTextExtentPoint32W, TextOutW, DeleteObject, CreateDCW, DeleteDC, SetBkMode > COMCTL32.dll: PropertySheetW, CreatePropertySheetPageW > ADVAPI32.dll: RegDeleteValueW, RegFlushKey, RegEnumKeyExW, RegLoadKeyW, RegUnLoadKeyW, RegDeleteKeyW, ImpersonateSelf, OpenThreadToken, AllocateAndInitializeSid, InitializeSecurityDescriptor, GetLengthSid, InitializeAcl, AddAccessAllowedAce, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSecurityDescriptor, AccessCheck, RevertToSelf, FreeSid, RegCreateKeyExW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegQueryValueExW, RegSetValueExW, RegCloseKey > SHELL32.dll: ShellExecuteW ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
sigcheck: publisher....: NVIDIA Corporation copyright....: (C) NVIDIA Corporation. All rights reserved. product......: NVIDIA nView Wizard, Version 110.14 description..: NVIDIA nView Wizard, Version 110.14 original name: nWiz.exe internal name: nWiz file version.: 6.14.10.11014 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
trid..: InstallShield setup (40.4%) Win32 Executable MS Visual C++ (generic) (35.4%) Windows Screen Saver (12.3%) Win32 Executable Generic (8.0%) Generic Win/DOS Executable (1.8%)

De nuevo gracias por la ayuda

Pd: Si el archivo no tiene nada entonses ese no lo quito?

Pd2: de no tener nada, hago lo mismocon los demas? porque tal ves es el ad-aware que los detecto antes como virus (cuando estaban infectados) y se ahora se limpio por los procesos anteriores y antes los vio como virus tal ves los conserva en un registro como infectados, o eso es imposible?

InfoSpyware

post #12

03/11/09, 21:33:23

GuillermoTell GuillermoTell está offline

Moderador Gral.

Registrado: abr 2006

Ubicación: Colombia

Mensajes: 7.912

Re: Blockeo el Ad-Aware al ejecutar EXE

Correcto Laura, escanea los demás archivos para segurarnos de que no se trate de un falso positivo del Ad-Aware y luego vemos que es lo más conveniente de realizar para terminar la desinfección.

ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso.

Novedades del Foro | Antivirus Online | Eliminar Malwares | Políticas del Foro | Blog

* Ayúdanos haciendo una DONACIÓN para poder seguir Ayudando.
* Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
* No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

post #13

03/11/09, 22:38:27

Laura20

Usuario

Registrado: nov 2009

Ubicación: Argentina

Mensajes: 17

Re: Blockeo el Ad-Aware al ejecutar EXE

Archivo Ad-Aware

Cita:

Análisis del archivo AAWTray.exe recibido el 2009.11.04 01:42:30 (UTC)
Motor antivirus;Versión;Última actualización;Resultado
a-squared;4.5.0.41;2009.11.03;-
AhnLab-V3;5.0.0.2;2009.11.03;-
AntiVir;7.9.1.53;2009.11.03;-
Antiy-AVL;2.0.3.7;2009.11.03;-
Authentium;5.1.2.4;2009.11.04;-
Avast;4.8.1351.0;2009.11.03;-
AVG;8.5.0.423;2009.11.03;-
BitDefender;7.2;2009.11.04;-
CAT-QuickHeal;10.00;2009.11.03;-
ClamAV;0.94.1;2009.11.04;-
Comodo;2832;2009.11.04;-
DrWeb;5.0.0.12182;2009.11.04;-
eSafe;7.0.17.0;2009.11.03;-
eTrust-Vet;35.1.7100;2009.11.03;-
F-Prot;4.5.1.85;2009.11.03;-
F-Secure;9.0.15370.0;2009.10.30;-
Fortinet;3.120.0.0;2009.11.03;-
GData;19;2009.11.03;-
Ikarus;T3.1.1.72.0;2009.11.04;-
Jiangmin;11.0.800;2009.11.03;-
K7AntiVirus;7.10.887;2009.11.03;-
Kaspersky;7.0.0.125;2009.11.03;-
McAfee;5791;2009.11.03;-
McAfee+Artemis;5791;2009.11.03;-
McAfee-GW-Edition;6.8.5;2009.11.04;-
Microsoft;1.5202;2009.11.04;-
NOD32;4570;2009.11.03;-
Norman;6.03.02;2009.11.03;-
nProtect;2009.1.8.0;2009.11.03;-
Panda;10.0.2.2;2009.11.03;-
PCTools;7.0.3.5;2009.11.03;-
Prevx;3.0;2009.11.04;-
Rising;21.54.14.00;2009.11.03;-
Sophos;4.47.0;2009.11.04;-
Sunbelt;3.2.1858.2;2009.11.03;-
Symantec;1.4.4.12;2009.11.04;-
TheHacker;6.5.0.2.060;2009.11.04;-
TrendMicro;8.950.0.1094;2009.11.03;-
VBA32;3.12.10.11;2009.11.03;-
ViRobot;2009.11.3.2019;2009.11.03;-
VirusBuster;4.6.5.0;2009.11.03;-

Información adicional
Tamano archivo: 520024 bytes
MD5...: 27c529793acdfcc3e510346cc36a7c4d
SHA1..: d709fe41c3dbae10f71213e2d78c28cf954df3df
SHA256: d10c76ff0c91971325a6021bede6d38f90f26cc5bb2c80a289 055944d6eadf1c
ssdeep: 12288:qyqhZRgK8rKzpN2tq1/oohN3PKFBmwyTkgYxDzVOZ40:8HYm9Tkg+oZ40 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x4f3d6 timedatestamp.....: 0x4ab0bbbd (Wed Sep 16 10:19:41 2009) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x576fb 0x57800 6.22 5fea4fb2c770cb2102d3b3e9713a3dce .rdata 0x59000 0x19564 0x19600 5.02 ec9fd7fad4871cc18b3c7ee5c008445f .data 0x73000 0x2b00 0x1c00 5.15 dcd09ee39c3f4225c945294f178f666d .rsrc 0x76000 0x624 0x800 4.78 36a16e554d6ab80a4da40d968e49613d .reloc 0x77000 0xa32c 0xa400 5.54 f0930eb04463120eccc4bc1d96b3100f ( 9 imports ) > KERNEL32.dll: CreateProcessW, GetCurrentProcessId, GetProcessHeap, FormatMessageW, GetCurrentThread, HeapAlloc, TerminateProcess, SetUnhandledExceptionFilter, LocalFree, CloseHandle, GetProcAddress, CreateMutexW, FreeLibrary, FreeResource, LockResource, LoadResource, FindResourceExW, EnumResourceLanguagesW, LoadLibraryW, GetCurrentThreadId, IsDebuggerPresent, GetSystemTimeAsFileTime, QueryPerformanceCounter, UnhandledExceptionFilter, GetStartupInfoW, InterlockedCompareExchange, GetFileAttributesW, GetModuleFileNameW, InterlockedExchange, CreateFileW, WaitNamedPipeW, DisconnectNamedPipe, FlushFileBuffers, CancelIo, WriteFile, ReadFile, GetOverlappedResult, GetLocalTime, WaitForMultipleObjects, TerminateThread, ResetEvent, InterlockedIncrement, WaitForSingleObject, GetTickCount, SetEvent, CreateEventW, Sleep, GetModuleHandleW, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetCurrentProcess, SetProcessWorkingSetSize, ReleaseMutex, GetLastError, OutputDebugStringW > USER32.dll: DestroyMenu, TrackPopupMenu, PostMessageW, AppendMenuW, GetLastInputInfo, LoadImageW, CreatePopupMenu, MessageBoxW, EndPaint, InsertMenuItemW, BeginPaint, GetWindowTextW, GetWindowTextLengthW, GetParent, KillTimer, DestroyWindow, GetMessageW, TranslateMessage, DispatchMessageW, LoadCursorW, RegisterClassExW, CreateWindowExW, PostQuitMessage, GetDesktopWindow, DestroyIcon, wsprintfW, RegisterWindowMessageW, DrawTextW, SetWindowLongW, GetWindowLongW, TrackMouseEvent, PtInRect, OffsetRect, GetCursorPos, IsWindowVisible, SetForegroundWindow, SetWindowPos, FindWindowW, GetWindowRect, GetSystemMetrics, SetTimer, ShowWindow, UpdateWindow, ReleaseDC, DrawTextExW, GetWindowDC, SetWindowTextW, SendMessageW, SetLayeredWindowAttributes, DefWindowProcW > GDI32.dll: GetObjectW, SelectObject, BitBlt, StretchBlt, CreatePen, Rectangle, DeleteObject, SetBkMode, SetTextColor, GetStockObject, CreateFontW, CreateCompatibleDC, DeleteDC, CreateCompatibleBitmap, CreateSolidBrush > ADVAPI32.dll: SetSecurityDescriptorSacl, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegQueryValueExW, RegCloseKey, GetUserNameW, RegOpenKeyExW > SHELL32.dll: ShellExecuteW, Shell_NotifyIconW, SHGetFolderPathW > MSVCP90.dll: __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@_N@Z, _compare@_$basic_string@_WU_$char_traits@_W@std@@V _$allocator@_W@2@@std@@QBEHABV12@@Z, ___D_$basic_istringstream@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@std@@QAEXXZ, __0_$basic_istringstream@_WU_$char_traits@_W@std@@ V_$allocator@_W@2@@std@@QAE@ABV_$basic_string@_WU_ $char_traits@_W@std@@V_$allocator@_W@2@@1@H@Z, __5_$basic_istream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@AAI@Z, __5_$basic_istream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@AA_N@Z, __5_$basic_istream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@AAH@Z, _append@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@I_W@Z, _str@_$basic_istringstream@_WU_$char_traits@_W@std @@V_$allocator@_W@2@@std@@QAEXABV_$basic_string@_W U_$char_traits@_W@std@@V_$allocator@_W@2@@2@@Z, __0_$basic_istringstream@_WU_$char_traits@_W@std@@ V_$allocator@_W@2@@std@@QAE@H@Z, _seekg@_$basic_istream@_WU_$char_traits@_W@std@@@s td@@QAEAAV12@V_$fpos@H@2@@Z, _append@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@ABV12@@Z, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@PBX@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@XZ, __1_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@XZ, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@PB_W@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@XZ, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@PBD@Z, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@ABV01@@Z, _assign@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@PB_W@Z, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@PB_W@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@ABV01@@Z, __$_H_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_AV_$basic_string@_WU_$char_traits@_W@std@@V _$allocator@_W@2@@0@ABV10@0@Z, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@ABV01@@Z, __$_9_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@PB_W@Z, __$_H_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_AV_$basic_string@_WU_$char_traits@_W@std@@V _$allocator@_W@2@@0@PB_WABV10@@Z, __$_M_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@0@Z, __$_H_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_AV_$basic_string@_WU_$char_traits@_W@std@@V _$allocator@_W@2@@0@ABV10@PB_W@Z, _str@_$basic_ostringstream@_WU_$char_traits@_W@std @@V_$allocator@_W@2@@std@@QBE_AV_$basic_string@_WU _$char_traits@_W@std@@V_$allocator@_W@2@@2@XZ, ___D_$basic_ostringstream@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@std@@QAEXXZ, __0_$basic_ostringstream@_WU_$char_traits@_W@std@@ V_$allocator@_W@2@@std@@QAE@H@Z, _resize@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEXI@Z, _rend@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@QAE_AV_$reverse_iterator@V_$_S tring_iterator@_WU_$char_traits@_W@std@@V_$allocat or@_W@2@@std@@@2@XZ, _rbegin@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAE_AV_$reverse_iterator@V_$ _String_iterator@_WU_$char_traits@_W@std@@V_$alloc ator@_W@2@@std@@@2@XZ, __$_6_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YAAAV_$basic_ostream@_WU_$char_traits@_W@std@@ @0@AAV10@ABV_$basic_string@_WU_$char_traits@_W@std @@V_$allocator@_W@2@@0@@Z, _flush@_$basic_ostream@_WU_$char_traits@_W@std@@@s td@@QAEAAV12@XZ, _setstate@_$basic_ios@_WU_$char_traits@_W@std@@@st d@@QAEXH_N@Z, _sputc@_$basic_streambuf@_WU_$char_traits@_W@std@@ @std@@QAEG_W@Z, __Osfx@_$basic_ostream@_WU_$char_traits@_W@std@@@s td@@QAEXXZ, _uncaught_exception@std@@YA_NXZ, __Unlock@_$basic_streambuf@_WU_$char_traits@_W@std @@@std@@QAEXXZ, __Lock@_$basic_streambuf@_WU_$char_traits@_W@std@@ @std@@QAEXXZ, _sputn@_$basic_streambuf@_WU_$char_traits@_W@std@@ @std@@QAEHPB_WH@Z, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@I@Z, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@H@Z, _assign@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@PB_WI@Z, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@_W@Z, __$_8_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@PB_W@Z, _clear@_$basic_string@_WU_$char_traits@_W@std@@V_$ allocator@_W@2@@std@@QAEXXZ, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@K@Z, _swap@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@QAEXAAV12@@Z, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAEAAV01@PB_W@Z, _npos@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@2IB, _assign@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@ABV12@@Z, _find@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@QBEI_WI@Z, _find@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@QBEIPB_WI@Z, __$_9_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@0@Z, _substr@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QBE_AV12@II@Z, _find@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@QBEIABV12@I@Z, _replace@_$basic_string@_WU_$char_traits@_W@std@@V _$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z, _erase@_$basic_string@_WU_$char_traits@_W@std@@V_$ allocator@_W@2@@std@@QAEAAV12@II@Z, _deallocate@_$allocator@_W@std@@QAEXPA_WI@Z, _allocate@_$allocator@_W@std@@QAEPA_WI@Z, _rend@_$basic_string@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@QBE_AV_$reverse_iterator@V_$_S tring_const_iterator@_WU_$char_traits@_W@std@@V_$a llocator@_W@2@@std@@@2@XZ, _rbegin@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QBE_AV_$reverse_iterator@V_$ _String_const_iterator@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@@2@XZ, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allo cator@_W@2@@std@@QAE@PB_WI@Z, __$_8_WU_$char_traits@_W@std@@V_$allocator@_W@1@@s td@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@ @V_$allocator@_W@2@@0@0@Z, _reserve@_$basic_string@_WU_$char_traits@_W@std@@V _$allocator@_W@2@@std@@QAEXI@Z, _append@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@PB_W@Z, _append@_$basic_string@_WU_$char_traits@_W@std@@V_ $allocator@_W@2@@std@@QAEAAV12@PB_WI@Z, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@ QAEAAV01@_K@Z, _find_first_of@_$basic_string@_WU_$char_traits@_W@ std@@V_$allocator@_W@2@@std@@QBEIABV12@I@Z, _rfind@_$basic_string@_WU_$char_traits@_W@std@@V_$ allocator@_W@2@@std@@QBEI_WI@Z, _compare@_$basic_string@_WU_$char_traits@_W@std@@V _$allocator@_W@2@@std@@QBEHPB_W@Z > MSVCR90.dll: _CxxThrowException, __CxxFrameHandler3, _controlfp_s, _invoke_watson, __type_info_dtor_internal_method@type_info@@QAEXXZ , _except_handler4_common, _crt_debugger_hook, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _configthreadlocale, _initterm_e, _initterm, _wcmdln, _XcptFilter, _exit, _cexit, __wgetmainargs, _amsg_exit, _decode_pointer, __3@YAXPAX@Z, ___V@YAXPAX@Z, wcscpy_s, __2@YAPAXI@Z, __0exception@std@@QAE@ABV01@@Z, _what@exception@std@@UBEPBDXZ, __1exception@std@@UAE@XZ, __0exception@std@@QAE@ABQBD@Z, __0exception@std@@QAE@XZ, _purecall, wcsncpy_s, memmove_s, wcsncpy, memcpy_s, _localtime64_s, _time64, _wcsicmp, _wtoi, fclose, __iob_func, fwprintf_s, wcsftime, _vsnwprintf_s, _wsplitpath_s, memset, _wcsnicmp, _beginthreadex, _vscwprintf, wcschr, wcsncmp, _swprintf, wcstol, wcsstr, malloc, free, realloc, exit, memcpy, iswdigit, _itow_s, _mktime64, _wasctime_s, _terminate@@YAXXZ, _unlock, __dllonexit, _encode_pointer, _lock, _onexit > PSAPI.DLL: GetModuleBaseNameW > RPCRT4.dll: UuidCreate ( 1 exports ) __4_Init_locks@std@@QAEAAV01@ABV01@@Z 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: publisher....: Lavasoft copyright....: Copyright (C) 2009 Lavasoft. All rights reserved. product......: Ad-Aware Tray Application description..: Ad-Aware Tray Application original name: AAWTray.exe internal name: AAWTray file version.: 8, 0, 0, 0 comments.....: n/a signers......: Lavasoft AB VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 11:23 AM 9/16/2009 verified.....: -

Archivo Nero

Cita:

Análisis del archivo NeroCheck.exe recibido el 2009.11.04 01:58:21 (UTC)
Motor antivirus;Versión;Última actualización;Resultado
a-squared;4.5.0.41;2009.11.03;-
AhnLab-V3;5.0.0.2;2009.11.03;-
AntiVir;7.9.1.53;2009.11.03;-
Antiy-AVL;2.0.3.7;2009.11.03;-
Authentium;5.1.2.4;2009.11.04;-
Avast;4.8.1351.0;2009.11.03;-
AVG;8.5.0.423;2009.11.03;-
BitDefender;7.2;2009.11.04;-
CAT-QuickHeal;10.00;2009.11.03;-
ClamAV;0.94.1;2009.11.04;-
Comodo;2832;2009.11.04;-
DrWeb;5.0.0.12182;2009.11.04;-
eTrust-Vet;35.1.7100;2009.11.03;-
F-Prot;4.5.1.85;2009.11.03;-
F-Secure;9.0.15370.0;2009.10.30;-
Fortinet;3.120.0.0;2009.11.03;-
GData;19;2009.11.03;-
Ikarus;T3.1.1.72.0;2009.11.04;-
Jiangmin;11.0.800;2009.11.03;-
K7AntiVirus;7.10.887;2009.11.03;-
Kaspersky;7.0.0.125;2009.11.03;-
McAfee;5791;2009.11.03;-
McAfee+Artemis;5791;2009.11.03;-
McAfee-GW-Edition;6.8.5;2009.11.04;-
Microsoft;1.5202;2009.11.04;-
NOD32;4570;2009.11.03;-
Norman;6.03.02;2009.11.03;-
nProtect;2009.1.8.0;2009.11.03;-
Panda;10.0.2.2;2009.11.03;-
PCTools;7.0.3.5;2009.11.03;-
Prevx;3.0;2009.11.04;-
Rising;21.54.14.00;2009.11.03;-
Sophos;4.47.0;2009.11.04;-
Sunbelt;3.2.1858.2;2009.11.04;-
Symantec;1.4.4.12;2009.11.04;-
TheHacker;6.5.0.2.060;2009.11.04;-
TrendMicro;8.950.0.1094;2009.11.03;-
VBA32;3.12.10.11;2009.11.03;-
ViRobot;2009.11.3.2019;2009.11.03;-
VirusBuster;4.6.5.0;2009.11.03;-

Información adicional
Tamano archivo: 153136 bytes
MD5...: 8112d0dacae746290fc87b3a980fa719
SHA1..: a4f07b84a46646e23c452b0032dd50705d1eae69
SHA256: 43ca8ced6ab58edd97ad476c791d49c7ecd40eb8da627e8412 c0a27699a58f01
ssdeep: 3072:Le/f3sVK9vaVmDLSOwbZIbNL9yUe/s1ylhlSOEzEPy02cKfN:QSgawLQ1YN HjkeO8N 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x729d timedatestamp.....: 0x45d46fe2 (Thu Feb 15 14:36:18 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x19b84 0x1a000 6.61 eebd894091c64aacac74729196a4b371 .rdata 0x1b000 0x5bde 0x6000 4.82 8188fb716e8959fd4caccf16a9333dd0 .data 0x21000 0x5014 0x2000 3.33 d3cbd840f91616cb655afef2dcb806fd .rsrc 0x27000 0xf30 0x1000 3.23 b3c3ab2540841f1098e185a9f2ee991f ( 8 imports ) > KERNEL32.dll: GetFullPathNameA, HeapFree, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, RtlUnwind, GetStartupInfoA, HeapReAlloc, ExitProcess, TerminateProcess, HeapSize, HeapDestroy, HeapCreate, VirtualFree, LCMapStringA, LCMapStringW, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetUnhandledExceptionFilter, GetTimeZoneInformation, GetDriveTypeA, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, SetEnvironmentVariableA, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GetOEMCP, GetCPInfo, GlobalFlags, GetCurrentDirectoryA, WritePrivateProfileStringA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcmpW, CloseHandle, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, LocalAlloc, InterlockedIncrement, DeleteCriticalSection, InitializeCriticalSection, RaiseException, InterlockedDecrement, GetCurrentThread, GetCurrentThreadId, FreeLibrary, GlobalDeleteAtom, lstrcmpA, ConvertDefaultLocale, EnumResourceLanguagesA, LoadLibraryA, SetErrorMode, lstrcatA, GetModuleFileNameA, lstrcpyA, FindFirstFileA, FileTimeToLocalFileTime, FileTimeToSystemTime, FindNextFileA, FindClose, SetLastError, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, lstrcpynA, LocalFree, GetCommandLineA, GetModuleHandleA, GetProcAddress, GetCurrentProcess, ExpandEnvironmentStringsA, GetWindowsDirectoryA, CompareStringW, CompareStringA, lstrlenA, lstrcmpiA, GetVersion, FindResourceA, LoadResource, LockResource, SizeofResource, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, IsBadWritePtr, InterlockedExchange > USER32.dll: ShowWindow, SetWindowTextA, wsprintfA, SetMenuItemBitmaps, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, SetCursor, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetFocus, GetForegroundWindow, GetDlgItem, GetTopWindow, DestroyWindow, GetMessageTime, GetMessagePos, LoadIconA, MapWindowPoints, SetForegroundWindow, GetClientRect, GetMenu, AdjustWindowRectEx, GetClassInfoA, RegisterClassA, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetSubMenu, GetMenuItemCount, GetWindowRect, CopyRect, PtInRect, GetWindow, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, SetWindowsHookExA, CallNextHookEx, DestroyMenu, GetMessageA, TranslateMessage, GetMenuItemID, GetMenuState, EnableWindow, IsWindowEnabled, GetLastActivePopup, GetWindowLongA, GetParent, MessageBoxA, SendMessageA, PostQuitMessage, PostMessageA, UnhookWindowsHookEx, GetWindowTextA, UnregisterClassA, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, LoadCursorA, GetSystemMetrics, GetDC, ReleaseDC, GetSysColor, GetSysColorBrush > GDI32.dll: CreateBitmap, Escape, GetStockObject, DeleteDC, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, GetDeviceCaps, ExtTextOutA, TextOutA, RectVisible, PtVisible, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, SelectObject > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter > ADVAPI32.dll: RegOpenKeyA, RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, RegisterEventSourceA, ReportEventA, DeregisterEventSource, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA > COMCTL32.dll: - > SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA > OLEAUT32.dll: -, -, - ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%) Windows Screen Saver (18.4%) Win32 Executable Generic (12.0%) Win32 Dynamic Link Library (generic) (10.6%) Generic Win/DOS Executable (2.8%)
sigcheck: publisher....: Nero AG copyright....: Copyright (c) 1995-2006 Nero AG and its licensors product......: Nero AG NeroCheck description..: NeroCheck original name: NeroCheck.exe internal name: NeroCheck file version.: 1, 0, 0, 6 comments.....: Changed for new NeroCd2k installer signers......: Nero AG VeriSign Class 3 Code Signing 2004 CA Class 3 Public Primary Certification Authority signing date.: 2:57 PM 3/1/2007 verified.....: -

Archivo Battlefild

Cita:

Análisis del archivo BF1942.exe recibido el 2009.11.04 02:08:22 (UTC)
Motor antivirus;Versión;Última actualización;Resultado
a-squared;4.5.0.41;2009.11.04;-
AhnLab-V3;5.0.0.2;2009.11.03;-
AntiVir;7.9.1.53;2009.11.03;-
Antiy-AVL;2.0.3.7;2009.11.03;-
Authentium;5.1.2.4;2009.11.04;-
Avast;4.8.1351.0;2009.11.03;-
AVG;8.5.0.423;2009.11.03;-
BitDefender;7.2;2009.11.04;-
CAT-QuickHeal;10.00;2009.11.03;-
ClamAV;0.94.1;2009.11.04;-
Comodo;2832;2009.11.04;-
DrWeb;5.0.0.12182;2009.11.04;-
eSafe;7.0.17.0;2009.11.03;-
eTrust-Vet;35.1.7100;2009.11.03;-
F-Prot;4.5.1.85;2009.11.03;-
F-Secure;9.0.15370.0;2009.10.30;-
Fortinet;3.120.0.0;2009.11.03;-
GData;19;2009.11.04;-
Ikarus;T3.1.1.72.0;2009.11.04;-
Jiangmin;11.0.800;2009.11.03;-
K7AntiVirus;7.10.887;2009.11.03;-
Kaspersky;7.0.0.125;2009.11.03;-
McAfee;5791;2009.11.03;-
McAfee+Artemis;5791;2009.11.03;-
McAfee-GW-Edition;6.8.5;2009.11.04;-
Microsoft;1.5202;2009.11.04;-
NOD32;4570;2009.11.03;-
Norman;6.03.02;2009.11.03;-
nProtect;2009.1.8.0;2009.11.03;-
Panda;10.0.2.2;2009.11.03;-
PCTools;7.0.3.5;2009.11.03;-
Prevx;3.0;2009.11.04;-
Rising;21.54.14.00;2009.11.03;-
Sophos;4.47.0;2009.11.04;-
Sunbelt;3.2.1858.2;2009.11.04;-
Symantec;1.4.4.12;2009.11.04;-
TheHacker;6.5.0.2.060;2009.11.04;-
TrendMicro;8.950.0.1094;2009.11.03;-
VBA32;3.12.10.11;2009.11.03;-
ViRobot;2009.11.3.2019;2009.11.03;-
VirusBuster;4.6.5.0;2009.11.03;-

Información adicional
Tamano archivo: 5648384 bytes
MD5...: 7a978cdc41382320247bb7af37b394e6
SHA1..: ec2f8a51ba5ff4a63960f727857b38f2a783bbcf
SHA256: 64ecdee07676b2e04ed0b9698a97ba5c081da36b38272d8f93 f57dc67cecf7e3
ssdeep: 49152:zTKepT8v2trx/4E5mMVBflWSaUOonGWV+o8expybz8Zxh8UxrSjSwTYPd: 3 KeJ8utr14E5XV5nFV+wxpybgZs 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x404c1a timedatestamp.....: 0x417564c4 (Tue Oct 19 19:02:28 2004) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x4c1b40 0x4c2000 6.44 7cd55607009ff612460dbbd5a37b84ac .rdata 0x4c3000 0x8e33d 0x8f000 5.66 580ca20803a1321bdb05cc65038c91c5 .data 0x552000 0x14098c 0xe000 4.76 0a25f6a7da9156bacb5f60604b858d55 .data1 0x693000 0x8e0 0x1000 2.52 bd4929bb4ee6547e6217d41c6806e321 .rsrc 0x694000 0x1108 0x2000 3.04 e8ecdb37d6f158e8b17469028edc039f ( 15 imports ) > WINMM.dll: timeKillEvent, timeGetTime, timeSetEvent > KERNEL32.dll: LoadLibraryA, CreateDirectoryA, ExitProcess, CreateProcessA, CloseHandle, CreateEventA, ResetEvent, CreateMutexA, SetThreadPriority, CreateThread, GlobalMemoryStatus, GetProcAddress, SetErrorMode, GetPrivateProfileStringA, GetDriveTypeA, WaitForSingleObject, GetSystemTime, GetLocaleInfoA, GlobalLock, GlobalUnlock, GetComputerNameA, GetLocalTime, FreeLibrary, GetVersionExA, Sleep, IsProcessorFeaturePresent, GetStartupInfoA, RemoveDirectoryA, CreatePipe, GetCurrentThreadId, GetCurrentProcessId, GetExitCodeProcess, SleepEx, GetCurrentDirectoryA, ReadFile, FindFirstChangeNotificationA, FindNextChangeNotification, CreateFileA, GetLastError, CopyFileA, MoveFileA, DeleteFileA, FindClose, GetFullPathNameA, GetOverlappedResult, GetFileSize, SetFilePointer, WriteFile, GetSystemDefaultLCID, GetTickCount, QueryPerformanceCounter, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, QueryPerformanceFrequency, GetCurrentProcess, GetCurrentThread, OutputDebugStringA, GetProcessTimes, GetThreadTimes, GetExitCodeThread, FindNextFileA, FindFirstFileA, ReleaseMutex, GetModuleHandleA > USER32.dll: GetKeyboardLayout, GetKeyboardState, MapVirtualKeyExA, ToAsciiEx, LoadIconA, LoadCursorA, RegisterClassExA, GetSystemMetrics, CreateWindowExA, ShowCursor, UpdateWindow, SetWindowPos, DefWindowProcA, ShowWindow, PostQuitMessage, DestroyWindow, MessageBoxA, CallNextHookEx, CloseClipboard, EmptyClipboard, GetClipboardData, IsClipboardFormatAvailable, GetWindowRect, SetCursor, FillRect, GetWindowDC, GetClientRect, ReleaseDC, SetFocus, EnumDisplaySettingsA, ChangeDisplaySettingsA, GetFocus, PeekMessageA, TranslateMessage, DispatchMessageA, SetForegroundWindow, UnhookWindowsHookEx, SystemParametersInfoA, SetWindowsHookExA, GetAsyncKeyState, OpenClipboard > GDI32.dll: CreateSolidBrush, SetBkMode, SetBkColor, SetTextColor, GetStockObject, CreateFontA, SelectObject, TextOutA > ADVAPI32.dll: RegOpenKeyA, RegDeleteKeyA, RegCreateKeyA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey > SHELL32.dll: ShellExecuteA, SHGetSpecialFolderPathA > IMM32.dll: ImmDisableIME > BFCPRT.dll: __5_$basic_istream@DU_$char_traits@D@std@@@std@@QA EAAV01@P6AAAV01@AAV01@@Z@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@D@Z, _c_str@_$basic_string@GU_$char_traits@G@std@@V_$al locator@G@2@@std@@QBEPBGXZ, _rfind@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QBEIDI@Z, _reserve@_$basic_string@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QAEXI@Z, _resize@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEXI@Z, __A_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAGI@Z, _find_last_of@_$basic_string@DU_$char_traits@D@std @@V_$allocator@D@2@@std@@QBEIDI@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$all ocator@D@2@@std@@QBEIDI@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QAEAAV12@II@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@ABV01@II@Z, _find_last_of@_$basic_string@DU_$char_traits@D@std @@V_$allocator@D@2@@std@@QBEIPBDI@Z, _max@_$numeric_limits@M@std@@SAMXZ, _get@_$basic_istream@DU_$char_traits@D@std@@@std@@ QAEHXZ, _getline@_$basic_istream@DU_$char_traits@D@std@@@s td@@QAEAAV12@PADHD@Z, _length@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QBEIXZ, _find@_$basic_string@DU_$char_traits@D@std@@V_$all ocator@D@2@@std@@QBEIPBDI@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAADI@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@ABV12@@Z, __A_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QBEABDI@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@G@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEAAV12@ABV12@@Z, __0_$basic_istream@DU_$char_traits@D@std@@@std@@QA E@PAV_$basic_streambuf@DU_$char_traits@D@std@@@1@_ N1@Z, __1strstreambuf@std@@UAE@XZ, __0_$basic_streambuf@DU_$char_traits@D@std@@@std@@ IAE@XZ, __Init@strstreambuf@std@@IAEXHPAD0H@Z, _overflow@strstreambuf@std@@MAEHH@Z, _pbackfail@strstreambuf@std@@MAEHH@Z, _showmanyc@_$basic_streambuf@DU_$char_traits@D@std @@@std@@MAEHXZ, _underflow@strstreambuf@std@@MAEHXZ, _uflow@_$basic_streambuf@DU_$char_traits@D@std@@@s td@@MAEHXZ, _xsgetn@_$basic_streambuf@DU_$char_traits@D@std@@@ std@@MAEHPADH@Z, _xsputn@_$basic_streambuf@DU_$char_traits@D@std@@@ std@@MAEHPBDH@Z, _seekoff@strstreambuf@std@@MAE_AV_$fpos@H@2@JHH@Z, _seekpos@strstreambuf@std@@MAE_AV_$fpos@H@2@V32@H@ Z, _setbuf@_$basic_streambuf@DU_$char_traits@D@std@@@ std@@MAEPAV12@PADH@Z, _sync@_$basic_streambuf@DU_$char_traits@D@std@@@st d@@MAEHXZ, _imbue@_$basic_streambuf@DU_$char_traits@D@std@@@s td@@MAEXABVlocale@2@@Z, __Bios_base@std@@QBEPAXXZ, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@ID@Z, _sqrt@std@@YA_AV_$complex@M@1@ABV21@@Z, _append@_$basic_string@GU_$char_traits@G@std@@V_$a llocator@G@2@@std@@QAEAAV12@PBG@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@PBD@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@ABV01@@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@ @V_$allocator@G@2@@0@PBGABV10@@Z, _size@_$basic_string@DU_$char_traits@D@std@@V_$all ocator@D@2@@std@@QBEIXZ, __0_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAE@PBG@Z, _c_str@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QBEPBDXZ, __1exception@std@@UAE@XZ, _ws@std@@YAAAV_$basic_istream@DU_$char_traits@D@st d@@@1@AAV21@@Z, _eof@ios_base@std@@QBE_NXZ, _getline@_$basic_istream@DU_$char_traits@D@std@@@s td@@QAEAAV12@PADH@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QBEHPBD@Z, _reserve@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QAEXI@Z, _end@_$basic_string@DU_$char_traits@D@std@@V_$allo cator@D@2@@std@@QAE_AV_$_Ptrit@DHPADAADPADAAD@2@XZ , __0_$basic_ios@DU_$char_traits@D@std@@@std@@IAE@XZ , __Hstd@@YA_AV_$complex@M@0@ABV10@0@Z, __Gstd@@YA_AV_$complex@M@0@ABV10@0@Z, __Kstd@@YA_AV_$complex@M@0@ABV10@ABM@Z, __0exception@std@@QAE@PBD@Z, _putback@_$basic_istream@DU_$char_traits@D@std@@@s td@@QAEAAV12@D@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@ABV01@@Z, ___7exception@std@@6B@, __1_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@XZ, __Throw@std@@YAXABVexception@1@@Z, __1_$basic_ios@DU_$char_traits@D@std@@@std@@UAE@XZ , __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@ @V_$allocator@D@2@@0@ABV10@0@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@ @V_$allocator@D@2@@0@ABV10@PBD@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@0@PBD@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@ABV01@@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@0@PBD@Z, __9std@@YA_NABV_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@0@0@Z, ___D_$basic_stringstream@DU_$char_traits@D@std@@V_ $allocator@D@2@@std@@QAEXXZ, __5std@@YAAAV_$basic_istream@DU_$char_traits@D@std @@@0@AAV10@AAV_$basic_string@DU_$char_traits@D@std @@V_$allocator@D@2@@0@@Z, __0_$basic_stringstream@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QAE@ABV_$basic_string@DU_$char _traits@D@std@@V_$allocator@D@2@@1@H@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$all ocator@D@2@@std@@2IB, _find@_$basic_string@DU_$char_traits@D@std@@V_$all ocator@D@2@@std@@QBEIPBDII@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@PBD@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@PBD@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QAEAAV12@IIABV12@@Z, _substr@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QBE_AV12@II@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QAEAAV12@IIPBD@Z, _find_first_of@_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@std@@QBEIPBDII@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAE@ABV01@@Z, __Y_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@PBG@Z, __1_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAE@XZ, __Y_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@ABV01@@Z, __4_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAEAAV01@PBG@Z, __0_$basic_string@GU_$char_traits@G@std@@V_$alloca tor@G@2@@std@@QAE@XZ, __Mstd@@YA_NABV_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@0@0@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@ @V_$allocator@D@2@@0@PBDABV10@@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QBEHIIPBDI@Z, __8std@@YA_NABV_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@0@0@Z, __Raise@exception@std@@QBEXXZ, _str@_$basic_stringstream@DU_$char_traits@D@std@@V _$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$cha r_traits@D@std@@V_$allocator@D@2@@2@XZ, __6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std @@@0@AAV10@ABV_$basic_string@DU_$char_traits@D@std @@V_$allocator@D@2@@0@@Z, __6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std @@@0@AAV10@PBD@Z, __0_$basic_stringstream@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QAE@H@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QBEHABV12@@Z, ___D_$basic_ostringstream@DU_$char_traits@D@std@@V _$allocator@D@2@@std@@QAEXXZ, _str@_$basic_ostringstream@DU_$char_traits@D@std@@ V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$ch ar_traits@D@std@@V_$allocator@D@2@@2@XZ, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@_N@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@P6AAAV01@AAV01@@Z@Z, _endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@ std@@@1@AAV21@@Z, __0_$basic_ostringstream@DU_$char_traits@D@std@@V_ $allocator@D@2@@std@@QAE@H@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@I@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@H@Z, __6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std @@@0@AAV10@D@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@M@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@N@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@ABV01@@Z, _end@_$basic_string@DU_$char_traits@D@std@@V_$allo cator@D@2@@std@@QBE_AV_$_Ptrit@DHPBDABDPADAAD@2@XZ , _begin@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QBE_AV_$_Ptrit@DHPBDABDPADAAD@2@ XZ, ___D_$basic_istringstream@DU_$char_traits@D@std@@V _$allocator@D@2@@std@@QAEXXZ, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QA EAAV01@AA_N@Z, __0_$basic_istringstream@DU_$char_traits@D@std@@V_ $allocator@D@2@@std@@QAE@ABV_$basic_string@DU_$cha r_traits@D@std@@V_$allocator@D@2@@1@H@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QA EAAV01@AAH@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QA EAAV01@AAM@Z, __5std@@YAAAV_$basic_istream@DU_$char_traits@D@std @@@0@AAV10@AAD@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QA EAAV01@AAI@Z, __6std@@YAAAV_$basic_ostream@DU_$char_traits@D@std @@@0@AAV10@E@Z, __5std@@YAAAV_$basic_istream@DU_$char_traits@D@std @@@0@AAV10@AAE@Z, __Hstd@@YA_AV_$basic_string@DU_$char_traits@D@std@ @V_$allocator@D@2@@0@ABV10@D@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@ @V_$allocator@G@2@@0@ABV10@0@Z, __Hstd@@YA_AV_$basic_string@GU_$char_traits@G@std@ @V_$allocator@G@2@@0@ABV10@PBG@Z, _clear@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QAEXXZ, __Y_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAEAAV01@D@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@PBDI@Z, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@ QAEXXZ, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@Q AE@PBDH@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@PBD@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QBEHIIABV12@II@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@PBX@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QA EAAV01@AAG@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QAEAAV12@IIPBG@Z, _find_first_of@_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@std@@QBEIPBGI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$alloca tor@D@2@@std@@QAE@XZ, __1istrstream@std@@UAE@XZ, _find@_$basic_string@DU_$char_traits@D@std@@V_$all ocator@D@2@@std@@QBEIABV12@I@Z, __8std@@YA_NPBDABV_$basic_string@DU_$char_traits@D @std@@V_$allocator@D@2@@0@@Z, _erase@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QAE_AV_$_Ptrit@DHPADAADPADAAD@2@ V32@0@Z, _resize@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEXI@Z, _npos@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@2IB, _rfind@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QBEIPBDI@Z, _find_first_of@_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@std@@QBEIABV12@I@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@ID@Z, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@AAEX_N@Z, __0_$_String_val@DV_$allocator@D@std@@@std@@IAE@V_ $allocator@D@1@@Z, _replace@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QAEAAV12@V_$_Ptrit@DHPADAADPAD AAD@2@0ABV12@@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@K@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QA EAAV01@J@Z, _at@_$basic_string@DU_$char_traits@D@std@@V_$alloc ator@D@2@@std@@QAEAADI@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@QBEIPBGI@Z, _find_first_of@_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@std@@QBEIPBDI@Z, _empty@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QBE_NXZ, _insert@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@IABV12@@Z, _insert@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QAEAAV12@IPBD@Z, _copy@_$basic_string@DU_$char_traits@D@std@@V_$all ocator@D@2@@std@@QBEIPADII@Z, _replace@_$basic_string@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QAEAAV12@IIABV12@@Z, _find@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@QBEIABV12@I@Z, ___D_$basic_stringstream@GU_$char_traits@G@std@@V_ $allocator@G@2@@std@@QAEXXZ, _str@_$basic_stringstream@GU_$char_traits@G@std@@V _$allocator@G@2@@std@@QBE_AV_$basic_string@GU_$cha r_traits@G@std@@V_$allocator@G@2@@2@XZ, __6_$basic_ostream@GU_$char_traits@G@std@@@std@@QA EAAV01@H@Z, __6std@@YAAAV_$basic_ostream@GU_$char_traits@G@std @@@0@AAV10@PBG@Z, __6std@@YAAAV_$basic_ostream@GU_$char_traits@G@std @@@0@AAV10@ABV_$basic_string@GU_$char_traits@G@std @@V_$allocator@G@2@@0@@Z, __0_$basic_stringstream@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QAE@H@Z, __8std@@YA_NABV_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@0@0@Z, _compare@_$basic_string@DU_$char_traits@D@std@@V_$ allocator@D@2@@std@@QBEHIIPBD@Z, _compare@_$basic_string@GU_$char_traits@G@std@@V_$ allocator@G@2@@std@@QBEHABV12@@Z, _swap@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@QAEXAAV12@@Z, __Mstd@@YA_NABV_$basic_string@GU_$char_traits@G@st d@@V_$allocator@G@2@@0@0@Z, __5_$basic_istream@DU_$char_traits@D@std@@@std@@QA EAAV01@AAN@Z, _eof@_$char_traits@D@std@@SAHXZ, _peek@_$basic_istream@DU_$char_traits@D@std@@@std@ @QAEHXZ, _setiosflags@std@@YA_AU_$_Smanip@H@1@H@Z, _setprecision@std@@YA_AU_$_Smanip@H@1@H@Z, _max@_$numeric_limits@I@std@@SAIXZ, _cout@std@@3V_$basic_ostream@DU_$char_traits@D@std @@@1@A, __Xran@_String_base@std@@QBEXXZ, _rend@_$basic_string@DU_$char_traits@D@std@@V_$all ocator@D@2@@std@@QBE_AV_$reverse_iterator@V_$_Ptri t@DHPBDABDPADAAD@std@@@2@XZ, _find_first_of@_$basic_string@DU_$char_traits@D@st d@@V_$allocator@D@2@@std@@QBEIDI@Z, _begin@_$basic_string@DU_$char_traits@D@std@@V_$al locator@D@2@@std@@QAE_AV_$_Ptrit@DHPADAADPADAAD@2@ XZ, _rbegin@_$basic_string@DU_$char_traits@D@std@@V_$a llocator@D@2@@std@@QBE_AV_$reverse_iterator@V_$_Pt rit@DHPBDABDPADAAD@std@@@2@XZ, _size@_$basic_string@GU_$char_traits@G@std@@V_$all ocator@G@2@@std@@QBEIXZ, _pow@std@@YA_AV_$complex@M@1@ABV21@ABM@Z, __Gstd@@YA_AV_$complex@M@0@ABV10@@Z, __Dstd@@YA_AV_$complex@M@0@ABV10@0@Z > MSVCR70.dll: ftell, fseek, rename, remove, wcstombs, mbstowcs, _stricmp, _CIacos, strtok, _CIpow, strstr, memmove, malloc, strchr, tolower, isdigit, calloc, strcspn, realloc, vsprintf, strncmp, qsort, _CIasin, _finite, ceil, modf, _isnan, _except_handler3, _chdir, fread, fwrite, _getcwd, free, atof, isspace, strncpy, time, srand, isalnum, sscanf, _spawnl, _chmod, fopen, fprintf, fclose, exit, rand, isprint, _strdup, floor, sprintf, toupper, atoi, _purecall, _ftol, _mkdir, _strnicmp, __CxxFrameHandler, _CxxThrowException, _terminate@@YAXXZ, _controlfp, __1type_info@@UAE@XZ, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _amsg_exit, _acmdln, _cexit, _XcptFilter, _exit, _c_exit, _onexit, __dllonexit, strtoul, strrchr, printf, _findfirst, _findnext, _findclose, _wcsicmp, _strupr, _itoa, _CIfmod, _name@type_info@@QBEPBDXZ > WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, - > DSOUND.dll: - > DINPUT8.dll: DirectInput8Create > d3d8.dll: Direct3DCreate8 > binkw32.dll: _BinkSetSoundOnOff@8, _BinkOpenDirectSound@4, _BinkNextFrame@4, _BinkDoFrame@4, _BinkWait@4, _BinkSetVolume@12, _BinkSetVideoOnOff@8, _BinkOpen@8, _BinkClose@4, _BinkSetSoundSystem@8, _BinkCopyToBuffer@28, _BinkPause@8 > ole32.dll: CoCreateInstance, CoInitialize, CoUninitialize ( 12 exports ) __0IHostService@matchmaking@dice@@QAE@ABV012@@ Z, __0IHostService@matchmaking@dice@@QAE@XZ, __0IJoinService@matchmaking@dice@@QAE@ABV012@@Z, __0IJoinService@matchmaking@dice@@QAE@XZ, __0IService@matchmaking@dice@@QAE@ABV012@@Z, __0IService@matchmaking@dice@@QAE@XZ, __4IHostService@matchmaking@dice@@QAEAAV012@ABV012 @@Z, __4IJoinService@matchmaking@dice@@QAEAAV012@ABV012 @@Z, __4IService@matchmaking@dice@@QAEAAV012@ABV012@@Z, ___7IHostService@matchmaking@dice@@6B@, ___7IJoinService@matchmaking@dice@@6B@, ___7IService@matchmaking@dice@@6B@ 
RDS...: NSRL Reference Data Set -
pdfid.: -
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
trid..: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)

Archivo Winamp

Cita:

Análisis del archivo winamp.exe recibido el 2009.11.04 01:29:06 (UTC)
Motor antivirus;Versión;Última actualización;Resultado
a-squared;4.5.0.41;2009.11.03;-
AhnLab-V3;5.0.0.2;2009.11.03;-
AntiVir;7.9.1.53;2009.11.03;-
Antiy-AVL;2.0.3.7;2009.11.03;-
Authentium;5.1.2.4;2009.11.04;-
Avast;4.8.1351.0;2009.11.03;-
AVG;8.5.0.423;2009.11.03;-
BitDefender;7.2;2009.11.03;-
CAT-QuickHeal;10.00;2009.11.03;-
ClamAV;0.94.1;2009.11.04;-
Comodo;2832;2009.11.04;-
DrWeb;5.0.0.12182;2009.11.04;-
eSafe;7.0.17.0;2009.11.03;-
eTrust-Vet;35.1.7100;2009.11.03;-
F-Prot;4.5.1.85;2009.11.03;-
F-Secure;9.0.15370.0;2009.10.30;-
Fortinet;3.120.0.0;2009.11.03;-
GData;19;2009.11.03;-
Ikarus;T3.1.1.72.0;2009.11.03;-
Jiangmin;11.0.800;2009.11.03;-
K7AntiVirus;7.10.887;2009.11.03;-
Kaspersky;7.0.0.125;2009.11.03;-
McAfee;5791;2009.11.03;-
McAfee+Artemis;5791;2009.11.03;-
McAfee-GW-Edition;6.8.5;2009.11.04;-
Microsoft;1.5202;2009.11.04;-
NOD32;4570;2009.11.03;-
Norman;6.03.02;2009.11.03;-
nProtect;2009.1.8.0;2009.11.03;-
Panda;10.0.2.2;2009.11.03;-
PCTools;7.0.3.5;2009.11.03;-
Prevx;3.0;2009.11.04;-
Rising;21.54.14.00;2009.11.03;-
Sophos;4.47.0;2009.11.04;-
Sunbelt;3.2.1858.2;2009.11.03;-
Symantec;1.4.4.12;2009.11.04;-
TheHacker;6.5.0.2.060;2009.11.04;-
TrendMicro;8.950.0.1094;2009.11.03;-
VBA32;3.12.10.11;2009.11.03;-
ViRobot;2009.11.3.2019;2009.11.03;-
VirusBuster;4.6.5.0;2009.11.03;-

Información adicional
Tamano archivo: 1101824 bytes
MD5...: 3ee1514515c746684d4d38a81a8965c5
SHA1..: 7235bca2b4fecbc6661bceaa02f8df8099821799
SHA256: 33b6ae74b09b0386afb68a1147f4ba6375948b1c3e1748850a a3e550a9c8b758
ssdeep: 24576:qRXXHTSDq84tcmOYuciuYCkT41LCQzoOMNe:UXHTHRfk Tbuo 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x577bd timedatestamp.....: 0x439924c6 (Fri Dec 09 06:31:34 2005) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x62f32 0x63000 6.65 179aab5f45107c42d68fede18cd77bb0 .rdata 0x64000 0x10282 0x10400 6.46 c5ebcacd1a3851abd1d2a8cc873c69a8 .data 0x75000 0x19304 0x4400 4.00 bb5b6aa8c33205a8c57ebedfec730a83 .rsrc 0x8f000 0x95380 0x95400 6.05 fe70c094e79ab532711052b809011808 ( 10 imports ) > COMCTL32.dll: - > MSACM32.dll: acmFormatDetailsA, acmFormatTagDetailsA, acmStreamPrepareHeader, acmStreamConvert, acmStreamUnprepareHeader, acmStreamClose, acmStreamOpen, acmFormatSuggest, acmFormatChooseA > KERNEL32.dll: InitializeCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, SetPriorityClass, GetCurrentProcess, MultiByteToWideChar, RemoveDirectoryA, GetLastError, GetVersion, GetLocalTime, MulDiv, SystemTimeToFileTime, GetSystemTime, lstrcmpA, SetFilePointer, GetFileSize, GetModuleHandleA, LocalFree, LocalAlloc, WideCharToMultiByte, InterlockedIncrement, GetSystemTimeAsFileTime, ReadFile, SetEndOfFile, LoadLibraryExA, IsDBCSLeadByte, CopyFileA, ReleaseSemaphore, CreateSemaphoreA, GetShortPathNameA, OpenEventA, TerminateProcess, OpenProcess, ExitProcess, GetDriveTypeA, GetLogicalDrives, SetUnhandledExceptionFilter, GetLocaleInfoA, CreateEventA, SetStdHandle, GetStringTypeW, GetStringTypeA, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetSystemInfo, VirtualProtect, GetTimeZoneInformation, VirtualQuery, InterlockedExchange, LCMapStringW, LCMapStringA, HeapSize, GetFileType, GetStdHandle, SetHandleCount, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, SetLastError, TlsAlloc, GetCPInfo, GetOEMCP, GetACP, GetVersionExA, GetCommandLineA, GetStartupInfoA, GetDateFormatA, GetTimeFormatA, HeapReAlloc, RtlUnwind, HeapAlloc, HeapFree, WaitForMultipleObjects, GetEnvironmentVariableA, GlobalLock, GlobalUnlock, GetFullPathNameA, lstrcatA, DeleteFileA, MoveFileA, EnterCriticalSection, LeaveCriticalSection, CreateFileA, FindFirstFileA, LoadLibraryA, FindNextFileA, FindClose, WritePrivateProfileStructA, SetThreadPriority, FreeLibrary, WriteFile, GetProcAddress, GetPrivateProfileStructA, lstrcmpiA, SetCurrentDirectoryA, CreateDirectoryA, GetTempPathA, GetTempFileNameA, GetCurrentDirectoryA, GetPrivateProfileStringA, CreateProcessA, SetEnvironmentVariableA, lstrcpynA, WritePrivateProfileStringA, GetPrivateProfileIntA, lstrlenA, lstrcpyA, GetModuleFileNameA, GetFileAttributesA, WaitForSingleObject, CloseHandle, CreateThread, GetTickCount, Sleep, FindResourceA, LoadResource, LockResource, GlobalAlloc, GlobalFree, IsBadReadPtr, IsBadCodePtr, RaiseException, QueryPerformanceCounter, GetCurrentProcessId, CompareStringA, CompareStringW, SetFileAttributesA, FlushFileBuffers > USER32.dll: GetWindowRgn, SetFocus, GetCapture, BeginPaint, EndPaint, FillRect, SetRect, GetKeyState, IsIconic, BringWindowToTop, EnableMenuItem, TranslateAcceleratorA, CharLowerA, CharUpperA, CharUpperBuffA, DestroyIcon, DestroyCursor, BeginDeferWindowPos, DeferWindowPos, EndDeferWindowPos, SetWindowRgn, WindowFromPoint, RegisterClipboardFormatA, DialogBoxParamA, CopyRect, ModifyMenuA, SetMenuItemInfoA, CheckMenuItem, GetSubMenu, RemoveMenu, InsertMenuItemA, GetMenuItemRect, SystemParametersInfoA, GetMenuItemCount, InsertMenuA, DestroyMenu, EnumDisplaySettingsA, IsDialogMessageA, GetClassLongA, LoadMenuA, GetMenuItemInfoA, CallWindowProcA, GetSystemMetrics, GetForegroundWindow, EnableWindow, GetMessageA, MessageBoxA, GetClassInfoA, KillTimer, SetTimer, ValidateRect, GetFocus, CreatePopupMenu, DeleteMenu, UpdateWindow, GetMenuStringA, GetMessagePos, GetSystemMenu, SetClassLongA, PostQuitMessage, LoadIconA, RegisterWindowMessageA, LoadAcceleratorsA, GetWindowThreadProcessId, SendMessageTimeoutA, GetUpdateRect, SetDlgItemInt, GetDlgItemInt, SendMessageA, GetDlgItem, GetDC, DrawIconEx, SetCursorPos, IsCharAlphaA, IsWindow, wsprintfA, FindWindowExA, IsChild, LoadCursorA, SetCursor, SetCapture, ReleaseCapture, ClientToScreen, IsWindowVisible, GetCursorPos, TrackPopupMenu, PeekMessageA, TranslateMessage, DispatchMessageA, RegisterClassA, CreateWindowExA, IsDlgButtonChecked, CheckDlgButton, SendDlgItemMessageA, DefWindowProcA, FindWindowA, CharNextA, CharPrevA, SetForegroundWindow, DestroyWindow, GetDlgItemTextA, DrawTextA, GetWindowTextA, SetWindowTextA, CreateDialogParamA, PostMessageA, ScreenToClient, SetWindowLongA, SetParent, SetWindowPos, GetWindowLongA, InvalidateRect, GetWindowRect, EndDialog, GetParent, ShowWindow, SetDlgItemTextA, GetAsyncKeyState, GetClientRect, GetWindowDC, ReleaseDC, LoadImageA, LoadStringA > GDI32.dll: UpdateColors, SetBkMode, SetTextColor, LineTo, MoveToEx, GetTextExtentPoint32A, CreateFontIndirectA, CreateRectRgn, CreatePolyPolygonRgn, CreatePen, Rectangle, RoundRect, CreateCompatibleBitmap, SetBkColor, GetBkColor, GetTextColor, GetDeviceCaps, CreateFontA, GetObjectA, FillRgn, GetStockObject, CreateRectRgnIndirect, StretchBlt, SetPixel, GetPixel, CreateBrushIndirect, GetNearestColor, EnumFontsA, GetTextMetricsA, ExtSelectClipRgn, IntersectClipRect, CreateCompatibleDC, SelectObject, GetDIBits, GetDIBColorTable, DeleteDC, DeleteObject, CreatePalette, CreateDIBSection, SelectPalette, RealizePalette, CreateSolidBrush, BitBlt > comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA > ADVAPI32.dll: RegCloseKey, RegCreateKeyExA, RegOpenKeyExA, RegQueryValueExA, RegDeleteValueA, RegCreateKeyA, RegSetValueExA, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA > SHELL32.dll: DragQueryPoint, ShellExecuteA, Shell_NotifyIconA, SHGetPathFromIDListA, SHGetMalloc, DragQueryFileA, DragFinish, SHAppBarMessage, SHBrowseForFolderA, SHFileOperationA, SHGetSpecialFolderLocation > ole32.dll: RevokeDragDrop, CoRevokeClassObject, CoCreateInstance, OleInitialize, RegisterDragDrop, CoRegisterClassObject, CoCreateGuid, CoInitialize, OleUninitialize > OLEAUT32.dll: -, - ( 0 exports ) 
RDS...: NSRL Reference Data Set -
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (75.0%) Win32 Executable Generic (16.9%) Generic Win/DOS Executable (3.9%) DOS Executable Generic (3.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: publisher....: Nullsoft copyright....: Copyright (c) 1997-2005, Nullsoft product......: Winamp description..: Winamp original name: Winamp.exe internal name: WINAMP file version.: 5,1,2,275 comments.....: Visit http://www.winamp.com/ for updates. signers......: - signing date.: - verified.....: Unsigned

Archivo ACDSee

Cita:

Análisis del archivo UNWISE.EXE recibido el 2009.11.04 02:27:33 (UTC)
Motor antivirus;Versión;Última actualización;Resultado
a-squared;4.5.0.41;2009.11.04;-
AhnLab-V3;5.0.0.2;2009.11.03;-
AntiVir;7.9.1.53;2009.11.03;-
Antiy-AVL;2.0.3.7;2009.11.03;-
Authentium;5.1.2.4;2009.11.04;-
Avast;4.8.1351.0;2009.11.03;-
AVG;8.5.0.423;2009.11.03;-
BitDefender;7.2;2009.11.04;-
CAT-QuickHeal;10.00;2009.11.03;-
ClamAV;0.94.1;2009.11.04;-
Comodo;2832;2009.11.04;-
DrWeb;5.0.0.12182;2009.11.04;-
eSafe;7.0.17.0;2009.11.03;-
eTrust-Vet;35.1.7100;2009.11.03;-
F-Prot;4.5.1.85;2009.11.03;-
F-Secure;9.0.15370.0;2009.10.30;-
Fortinet;3.120.0.0;2009.11.03;-
GData;19;2009.11.04;-
Ikarus;T3.1.1.72.0;2009.11.04;-
Jiangmin;11.0.800;2009.11.03;-
K7AntiVirus;7.10.887;2009.11.03;-
Kaspersky;7.0.0.125;2009.11.03;-
McAfee;5791;2009.11.03;-
McAfee+Artemis;5791;2009.11.03;-
McAfee-GW-Edition;6.8.5;2009.11.04;-
Microsoft;1.5202;2009.11.04;-
NOD32;4570;2009.11.03;-
Norman;6.03.02;2009.11.03;-
nProtect;2009.1.8.0;2009.11.03;-
Panda;10.0.2.2;2009.11.03;-
PCTools;7.0.3.5;2009.11.03;-
Prevx;3.0;2009.11.04;-
Rising;21.54.20.00;2009.11.04;-
Sophos;4.47.0;2009.11.04;-
Sunbelt;3.2.1858.2;2009.11.04;-
Symantec;1.4.4.12;2009.11.04;-
TheHacker;6.5.0.2.060;2009.11.04;-
TrendMicro;8.950.0.1094;2009.11.03;-
VBA32;3.12.10.11;2009.11.03;-
ViRobot;2009.11.3.2019;2009.11.03;-
VirusBuster;4.6.5.0;2009.11.03;-

Información adicional
Tamano archivo: 149504 bytes
MD5...: 443e13846997c537e8f5ed61130ab705
SHA1..: 6b10d458a5f1e3dbf8dfa96b118cf232d3a66f5f
SHA256: 49ef36bd01b8ebf38c7b807a5fb44cbaf47c9d4efa883b01c4 1494c61ae4a2e2
ssdeep: 1536:m33zDSYY9/jMRBKxsae8SRlNgtjo9+qol6WRXLJjDHAUs:mnz2z/jMwe8Yc o9+qol6WpJ/HAU 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xc959 timedatestamp.....: 0x37739861 (Fri Jun 25 14:55:29 1999) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0xe937 0xea00 6.32 df12cd288c6c2234e6778eabefe6fe67 .rdata 0x10000 0x1db5 0x1e00 5.63 4abc3bbc70142929a026c6d874226376 .data 0x12000 0x1f1c 0x1600 4.78 7b1a374035c170a780778f84793252ff .rsrc 0x14000 0x125f8 0x12600 4.31 c78de2581716ffb6653dbd812ea56107 ( 6 imports ) > KERNEL32.dll: SetFileAttributesA, FindFirstFileA, FindNextFileA, MoveFileExA, GetVersionExA, RemoveDirectoryA, GetPrivateProfileStringA, GetLocalTime, CreateDirectoryA, LoadResource, LockResource, GetFileAttributesA, LoadLibraryA, GlobalLock, DeleteFileA, FreeResource, SetErrorMode, lstrcatA, GetWindowsDirectoryA, FreeLibrary, GlobalUnlock, GlobalFree, SizeofResource, _lcreat, _lwrite, _lclose, WinExec, CreateProcessA, WaitForSingleObject, WritePrivateProfileStringA, GetProcAddress, lstrcpynA, FileTimeToLocalFileTime, MultiByteToWideChar, GetFileTime, _lread, FileTimeToDosDateTime, _llseek, _lopen, GetDriveTypeA, GetSystemDirectoryA, MulDiv, lstrcmpA, lstrcmpiA, lstrcpyA, GetModuleFileNameA, lstrlenA, CopyFileA, GetTempPathA, GetTempFileNameA, GetPrivateProfileIntA, FindResourceA, GlobalAlloc, FindClose, FreeEnvironmentStringsA, HeapReAlloc, VirtualAlloc, UnhandledExceptionFilter, FreeEnvironmentStringsW, VirtualFree, HeapCreate, OpenFile, ReadFile, SetFilePointer, WriteFile, GetStdHandle, SetHandleCount, SetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, WideCharToMultiByte, GetCurrentProcess, TerminateProcess, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, HeapFree, HeapAlloc, MoveFileA, CreateFileA, GetFileType, SetEndOfFile, CloseHandle, GetFullPathNameA, SetCurrentDirectoryA, GetCurrentDirectoryA, SetEnvironmentVariableA, GetLastError, GetEnvironmentStrings, GetEnvironmentStringsW, RtlUnwind, GetCPInfo, GetOEMCP, HeapDestroy, GetACP > USER32.dll: RegisterClassA, LoadIconA, UpdateWindow, ShowWindow, LoadBitmapA, PeekMessageA, SetTimer, TranslateMessage, CreateWindowExA, GetSystemMetrics, SetWindowTextA, GetMessageA, GetSysColor, LoadCursorA, SetCursor, EnableWindow, IsWindowVisible, CreateDialogParamA, IsDialogMessageA, PostMessageA, MessageBoxA, wsprintfA, ExitWindowsEx, EndPaint, PostQuitMessage, GetClientRect, BeginPaint, ReleaseDC, InvalidateRect, GetDC, DefWindowProcA, MoveWindow, GetWindowRect, SetDlgItemTextA, EndDialog, GetDlgItemTextA, SetRect, ScreenToClient, GetDlgItem, GetWindowTextA, SendDlgItemMessageA, SetFocus, OemToCharA, CharNextA, GetDialogBaseUnits, FillRect, DrawIcon, LoadStringA, GetParent, EnumChildWindows, FindWindowA, SendMessageA, DdeCreateDataHandle, DdeInitializeA, DdeConnect, DestroyWindow, DdeClientTransaction, DdeDisconnect, DdeUninitialize, DialogBoxParamA, DispatchMessageA, KillTimer, DdeFreeDataHandle, DdeGetData, DdeCreateStringHandleA > GDI32.dll: DeleteObject, GetTextExtentPointA, TextOutA, GetObjectA, SetBkMode, CreateFontA, SetTextColor, DeleteDC, BitBlt, GetDeviceCaps, PatBlt, CreateSolidBrush, CreateCompatibleDC, RealizePalette, SelectPalette, SelectObject, SetBkColor, MoveToEx, ExtTextOutA, LineTo, CreateFontIndirectA, CreatePen, CreateCompatibleBitmap, CreateDIBitmap, StretchBlt, GetStockObject, CreatePalette > comdlg32.dll: GetOpenFileNameA > ADVAPI32.dll: RegDeleteKeyA, RegCloseKey, RegQueryValueExA, RegOpenKeyExA, CloseServiceHandle, OpenSCManagerA, RegSetValueA, RegSetValueExA, RegCreateKeyExA, RegEnumKeyExA, RegEnumValueA, RegDeleteValueA, RegEnumKeyA, RegOpenKeyA, DeleteService, ControlService, OpenServiceA > ole32.dll: CoUninitialize, CoCreateInstance, CoInitialize ( 4 exports ) _ItemDlg@16, _MainWndProc@16, _PromptDlg@16, _SharedDlg@16 
RDS...: NSRL Reference Data Set -
pdfid.: -
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
trid..: Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%)

Archivo Killera

Cita:

Análisis del archivo kaillerasrv.exe recibido el 2009.11.04 02:33:49 (UTC)
Motor antivirus;Versión;Última actualización;Resultado
a-squared;4.5.0.41;2009.11.04;-
AhnLab-V3;5.0.0.2;2009.11.03;-
AntiVir;7.9.1.53;2009.11.03;BDS/Backdoor.Gen
Antiy-AVL;2.0.3.7;2009.11.03;-
Authentium;5.1.2.4;2009.11.04;-
Avast;4.8.1351.0;2009.11.03;-
AVG;8.5.0.423;2009.11.03;-
BitDefender;7.2;2009.11.04;-
CAT-QuickHeal;10.00;2009.11.03;Trojan.Agent.ATV
ClamAV;0.94.1;2009.11.04;-
Comodo;2832;2009.11.04;-
DrWeb;5.0.0.12182;2009.11.04;-
eSafe;7.0.17.0;2009.11.03;Suspicious File
eTrust-Vet;35.1.7100;2009.11.03;-
F-Prot;4.5.1.85;2009.11.03;-
F-Secure;9.0.15370.0;2009.10.30;-
Fortinet;3.120.0.0;2009.11.03;-
GData;19;2009.11.04;-
Ikarus;T3.1.1.72.0;2009.11.04;-
Jiangmin;11.0.800;2009.11.03;Trojan/Crypt.bcd
K7AntiVirus;7.10.887;2009.11.03;Virus.Win32.Sality .AA
Kaspersky;7.0.0.125;2009.11.03;-
McAfee;5791;2009.11.03;-
McAfee+Artemis;5791;2009.11.03;-
McAfee-GW-Edition;6.8.5;2009.11.04;Trojan.Backdoor.Backdoor. Gen
Microsoft;1.5202;2009.11.04;-
NOD32;4570;2009.11.03;-
Norman;6.03.02;2009.11.03;-
nProtect;2009.1.8.0;2009.11.03;-
Panda;10.0.2.2;2009.11.03;-
PCTools;7.0.3.5;2009.11.03;-
Prevx;3.0;2009.11.04;-
Rising;21.54.20.00;2009.11.04;-
Sophos;4.47.0;2009.11.04;-
Sunbelt;3.2.1858.2;2009.11.04;-
Symantec;1.4.4.12;2009.11.04;-
TheHacker;6.5.0.2.060;2009.11.04;-
TrendMicro;8.950.0.1094;2009.11.03;PAK_Generic.001
VBA32;3.12.10.11;2009.11.03;-
ViRobot;2009.11.3.2019;2009.11.03;-
VirusBuster;4.6.5.0;2009.11.03;Trojan.ULPM.YV

Información adicional
Tamano archivo: 20992 bytes
MD5...: 9f05dce05b003bd1fea1254fe7700089
SHA1..: 64a4a42559fc33b157f32349b182b442125f593b
SHA256: ccb369c479a71e09d0e455e1b385f3cf2777274a46a34f49f1 5ee1f40d3f2792
ssdeep: 384:buFh/yt/Tcx1b9Y/dPtZnEE2+EOFP/5hs/YH5MFuO/8Yl3KRs:kYKl9Y/9EE 2+E4Phhs/oHM8QKR 
PEiD..: -
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10910 timedatestamp.....: 0x3c6dbcfc (Sat Feb 16 01:59:24 2002) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0xb000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0xc000 0x5000 0x4c00 7.83 c7501f7674fe7c1709f47627fca15c54 UPX2 0x11000 0x200 0x200 2.16 3bb88e3ce9a8a1dec0913cca304d67fc ( 4 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess > MSVCRT.dll: exit > USER32.dll: wsprintfA > WS2_32.dll: - ( 0 exports ) 
RDS...: NSRL Reference Data Set -
trid..: UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda's Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%)
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
pdfid.: -
packers (Kaspersky): UPX
packers (F-Prot): UPX

Este ultimo lo subi poruqe me lo sigue blockeando el AD-Aware y no esta en la lista de "permitidos"

post #14

03/11/09, 22:50:16

GuillermoTell GuillermoTell está offline

Moderador Gral.

Registrado: abr 2006

Ubicación: Colombia

Mensajes: 7.912

Re: Blockeo el Ad-Aware al ejecutar EXE

El Ad-Aware te da la opción de eliminarlo??

ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso.

post #15

03/11/09, 22:58:08

Laura20

Usuario

Registrado: nov 2009

Ubicación: Argentina

Mensajes: 17

Re: Blockeo el Ad-Aware al ejecutar EXE

Al ultimo archivo? osea.. al killera? no, solo que cuando lo quieor abrir lo blockea. (esta en la primer imagen del post el mensaje que sale cuando loblockea, ya que la saque con ese archivo).

Lo que me da las opciones par aeliminar son los otros archivos que estan en la seccion de "Ignorar" del Ad-aware, que tambien deje el analicis de cada uno

post #16

03/11/09, 23:06:30

GuillermoTell GuillermoTell está offline

Moderador Gral.

Registrado: abr 2006

Ubicación: Colombia

Mensajes: 7.912

Re: Blockeo el Ad-Aware al ejecutar EXE

Podrias decirme cual es la ubicación exacta de este archivo kaillerasrv.exe

ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso.

post #17

03/11/09, 23:13:23

Laura20

Usuario

Registrado: nov 2009

Ubicación: Argentina

Mensajes: 17

Re: Blockeo el Ad-Aware al ejecutar EXE

Claro, exactamente es

D:\Mis documentos\Varios\Juegos\Crear Servers Dedicados de Mame\kaillerasrv.exe

lo que me extraña es que si tiene virus porque los antivirus no lo detectan

salvo el Ad-aware que lo blockea claro.

y en el primer informe del Dr Web (posteado en los primeros post) lo habia limpiado este archivo entre otros.

post #18

03/11/09, 23:25:07

GuillermoTell GuillermoTell está offline

Moderador Gral.

Registrado: abr 2006

Ubicación: Colombia

Mensajes: 7.912

Re: Blockeo el Ad-Aware al ejecutar EXE

Lo que sucede con ese archivo es que algunos Antivirus lo detectan en casi todos los casos como Troyano y es porque el archivo se conecta como servidor para esos juegos me entiendes.

Como has estado infectada yo te recomiendo ante la duda eliminar ese archivo y la aplicación y/o carpeta relacionada con el mismo "Crear Servers Dedicados de Mame", ya con eso nos curamos en salud y estamos más tranquilos y podemos ver el panorama completo del equipo.

Lo mismo pasa con las otras aplicaciones, la protección residente nos avisa cuando un archivo potencialmente peligroso se trata de conectar a un servidor remoto sin nuestro permiso por eso es bueno saber que aplicaciones y que archivos son los que son confiables y cuales no para poder darle la orden al programa de seguridad residente o Firewall de denegar o permitir la conexión o ejecución de dicho archivo me entiendes.

ForoSpyware lo mantenemos voluntarios que tenemos nuestros trabajos y obligaciones fuera, por lo que no estamos 24/7, a lo que te pedimos paciencia en el análisis y respuesta de tu caso.

post #19

03/11/09, 23:38:11

Laura20

Usuario

Registrado: nov 2009

Ubicación: Argentina

Mensajes: 17

Re: Blockeo el Ad-Aware al ejecutar EXE

Si, asi que los otros archivos que el Ad-Aware los dejo en la lista de "Ignorar" y deje el informe de cada uno no tienen virus?

el archivo kaillerasrv.exe me preocupo poruqe si te fijas en detalle en el informe dice que entre las cosas que tiene tiene un virus llamado Virus.Win32.Sality .AA

Lo dejo remarcado en el mismo informe del archivo en rojo.

Cita:

Por ultimo dejo el ultimo escanneo que hice con el Panda Online, lo hice recien para ver como estan ahor las cosas con la diferencia del primero que esta en el primer post.

Cita:

;************************************************* ************************************************** ************************************************** ******************************
ANALYSIS: 2009-11-04 00:29:13
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;************************************************* ************************************************** ************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;================================================= ================================================== ================================================== ==============================
Lavasoft Ad-Watch Live! Antivirus Yes Yes
;================================================= ================================================== ================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;================================================= ================================================== ================================================== ==============================
00135099 adware/powerstrip Adware No 0 Yes No hkey_current_user\software\microsoft\internet explorer\extensions\cmdmapping\{669695bc-a811-4a9d-8cdf-ba8c795f261c}
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\kaneda\cookies\kaneda@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\kaneda\cookies\kaneda@atdmt[2].txt
;================================================= ================================================== ================================================== ==============================
SUSPECTS
Sent Location
;================================================= ================================================== ================================================== ==============================
;================================================= ================================================== ================================================== ==============================
VULNERABILITIES
Id Severity Description
;================================================= ================================================== ================================================== ==============================
214076 HIGH MS09-059
971486 HIGH MS09-058
214074 HIGH MS09-057
214073 HIGH MS09-056
214072 HIGH MS09-055
214071 HIGH MS09-054
213109 HIGH MS09-046
212494 HIGH MS09-042
212493 HIGH MS09-041
212490 HIGH MS09-038
212530 HIGH MS09-034
211784 HIGH MS09-032
211781 HIGH MS09-029
210625 HIGH MS09-026
210624 HIGH MS09-025
210621 HIGH MS09-022
210618 HIGH MS09-019
208380 HIGH MS09-015
208378 HIGH MS09-013
208377 HIGH MS09-012
206981 HIGH MS09-007
206980 HIGH MS09-006
204670 HIGH MS09-001
203505 HIGH MS08-071
202465 HIGH MS08-068
201683 HIGH MS08-067
201258 HIGH MS08-066
201256 HIGH MS08-064
201255 HIGH MS08-063
201253 HIGH MS08-061
209275 HIGH MS08-049
196455 MEDIUM MS08-037
194862 HIGH MS08-032
194860 HIGH MS08-030
191618 HIGH MS08-025
191616 HIGH MS08-023
191614 HIGH MS08-021
191613 HIGH MS08-020
187733 HIGH MS08-008
184380 MEDIUM MS08-002
184379 MEDIUM MS08-001
182046 HIGH MS07-067
179553 HIGH MS07-061
176383 HIGH MS07-058
170907 HIGH MS07-046
170904 HIGH MS07-043
164915 HIGH MS07-035
164911 HIGH MS07-031
157262 HIGH MS07-022
157261 HIGH MS07-021
157260 HIGH MS07-020
157259 HIGH MS07-019
156477 HIGH MS07-017
150249 HIGH MS07-013
150248 HIGH MS07-012
150247 HIGH MS07-011
150243 HIGH MS07-008
150242 HIGH MS07-007
150241 MEDIUM MS07-006
141033 MEDIUM MS06-075
137571 HIGH MS06-070
133387 MEDIUM MS06-065
133386 MEDIUM MS06-064
133385 MEDIUM MS06-063
133379 HIGH MS06-057
129977 MEDIUM MS06-053
129976 MEDIUM MS06-052
126093 HIGH MS06-051
126092 MEDIUM MS06-050
126087 HIGH MS06-046
126086 MEDIUM MS06-045
126082 HIGH MS06-041
126081 HIGH MS06-040
123421 HIGH MS06-036
123420 HIGH MS06-035
120825 MEDIUM MS06-032
120823 MEDIUM MS06-030
120818 HIGH MS06-025
120815 HIGH MS06-022
117384 MEDIUM MS06-018
114666 HIGH MS06-015
108744 MEDIUM MS06-008
108743 MEDIUM MS06-007
108742 MEDIUM MS06-006
104567 HIGH MS06-002
104237 HIGH MS06-001
96574 HIGH MS05-053
93395 HIGH MS05-051
93454 MEDIUM MS05-049
;================================================= ================================================== ================================================== ==============================

post #20

04/11/09, 11:39:42

Laura20

Usuario

Registrado: nov 2009

Ubicación: Argentina

Mensajes: 17

Re: Blockeo el Ad-Aware al ejecutar EXE

Holas yo de nuevo, encontre una herramienta del AD-Aware que me deja ver todas las aplicaciones que se estan efectuando en la pc apenas la enciendo y me da la opcion de destildarlas para que no aparescan mas.

Dejo la screen para que ver si alguna es maliciosa y tiene que ver con el problema y me recomiendencual cerrar si es que es peligrosa.

Y otra consulta, quiero instalar el ESET Smart Security, para esto es nesesario que desinstale el Ad-Aware antes de instalarlo? o puedo usar los 2 juntos sin problemas de compatibilidad?

porque el ESET Smart Security antes de instalarlo me dice que decistale cualqueir otro anti virus o programa anti malware instalado para no tener problemas con el.

Última edición por Laura20 fecha: 04/11/09 a las 11:44:39.

Página 2 de 3

« Tema Anterior | Próximo Tema »

Herramientas
Mostrar Versión Imprimible Enviar por Correo

Reglas del foro
No puedes crear nuevos temas No puedes responder temas No puedes subir adjuntos No puedes editar tus mensajes BB code is activado Las caritas están activado Código [IMG] está activado Código HTML está desactivado Trackbacks are desactivado Pingbacks are activado Refbacks are activado Políticas del foro

Temas Similares

Tema	Autor	Foro	Respuestas	Último mensaje
exe no es una aplicación win32 valida (Solucionado)	emmadelgado	Temas Solucionados	16	05/02/09 13:15:59
Desaparecio comando ejecutar (Solucionado)	gmorph	Temas Solucionados	4	26/01/09 22:07:48
No puedo ejecutar nada (Solucionado)	pogazo	Temas Solucionados	7	01/07/08 22:50:35
Imposible ejecutar ningun exe	gzu	Foro de Virus y Spywares	1	28/05/08 20:44:28
Elimina exe de antivirus y antispyware (Solucionado)	inorganico0	Temas Solucionados	7	27/11/07 14:56:01

Todas las horas son GMT -4. La hora es 02:13:11.

InfoSpyware es miembro de ASAP - Alliance of Security Analysis Professionals

Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus