Dobrý den,
minulý týden mi AVG 2012 při kontrole našlo dva trojany - PSW.Generic10.BHJA, který přesunulo do trezoru
a PSW.Generic10.BHKG, který nebylo schopno odstranit. Zůstaly napadené následující soubory. C:\WINDOWS\explorer.exe (1924):\C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll:\memory". C:\WINDOWS\explorer.exe (1924)
Druhý den jsem znovu provedl test, ale AVG už nic nenašlo. Nějak se mi to nezdá, proto prosím o kontrolu logu. Díky.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:48:12, on 10.2.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\trend micro\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: MyAshampoo - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA2.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-842925246-1682526488-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
--
End of file - 12128 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Trojský kůň PSW.Generic10.BHKG
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Trojský kůň PSW.Generic10.BHKG
Zdravím!
Nezdá se to ani mně, navíc je AVG detekoval jako generic, tj nalezený heuristickou analýzou. Vir to být nemusí. Otestujte oba soubory online na www.virustotal.com . Výsledek oznamte.
Nezdá se to ani mně, navíc je AVG detekoval jako generic, tj nalezený heuristickou analýzou. Vir to být nemusí. Otestujte oba soubory online na www.virustotal.com . Výsledek oznamte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Trojský kůň PSW.Generic10.BHKG
Ještě pro upřesnění - C:\WINDOWS\explorer.exe (1924) jsem nikde nenašel, takže jsem zadal pouze
C:\WINDOWS\explorer.exe
Stejně tak C:\WINDOWS\explorer.exe (1924):\C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll:\memory"
nelze najít, takže jsem zadal pouze C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
Tady jsou výsledky z virustotalu:
C:\WINDOWS\explorer.exe
SHA256: 096ce5536bfb81c3982c464485e536e727edc7c31c8e67cef06644845f20126d
SHA1: 59180eef4bf949f99db4d91171f140fa6a21e5e0
MD5: 27afd587c462e280ee046b8cca3c2cd1
File size: 1010.0 KB ( 1034240 bytes )
File name: EXPLORER.EXE
File type: Win32 EXE
Tags: peexe mz
Detection ratio: 0 / 46
Analysis date: 2013-02-08 16:28:55 UTC ( 1 den, 21 hodin ago )
0
0
Less details
Analysis
Comments
Votes
Additional information
ssdeep
12288:tHmcoCUyZtwAvAs4wTCyrPTFNm0VezaQG5oJpaz/g/J/v5qS:Jmfty/wAvN7lrDm0Ve7Gmaz/g/J/xq
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ExifTool
SubsystemVersion.........: 4.1
InitializedDataSize......: 751104
ImageVersion.............: 5.1
ProductName..............: Microsoft(R) Windows (R) 2000 Operating System
FileVersionNumber........: 6.0.2900.5512
UninitializedDataSize....: 0
LanguageCode.............: Czech
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 6.00.2900.5512 (xpsp.080413-2105)
TimeStamp................: 2008:04:13 20:17:04+01:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: explorer
ProductVersion...........: 6.00.2900.5512
FileDescription..........: Pr zkumn k Windows
OSVersion................: 5.1
OriginalFilename.........: EXPLORER.EXE
LegalCopyright...........: Microsoft Corporation. V echna pr va vyhrazena.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 282112
FileSubtype..............: 0
ProductVersionNumber.....: 6.0.2900.5512
EntryPoint...............: 0x1a55f
ObjectFileType...........: Executable application
Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft(R) Windows (R) 2000 Operating System
verified.................:
internal name............: explorer
copyright................: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
original name............: EXPLORER.EXE
file version.............: 6.00.2900.5512 (xpsp.080413-2105)
description..............: Pr_zkumn_k Windows
Portable Executable structural information
Compilation timedatestamp.....: 2008-04-13 19:17:04
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0001A55F
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 281609 282112 6.38 26445bd0519c4e1bec1430a53c1c1f78
.data 286720 7604 6144 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 294912 730128 730624 6.63 4955f4479dac601695e1af555183c83c
.reloc 1028096 14156 14336 6.78 ec335057489badbf6d8142b57175fd91
PE Imports....................:
[[msvcrt.dll]]
_except_handler3, malloc, memmove, realloc, free, _ftol, _itow, _vsnwprintf
[[SHDOCVW.dll]]
Ord(110), Ord(125), Ord(111)
[[GDI32.dll]]
GetTextMetricsW, CreateFontIndirectW, PatBlt, SetStretchBltMode, CreateRectRgnIndirect, CombineRgn, GetClipBox, GetViewportOrgEx, GetLayout, GetDeviceCaps, TranslateCharsetInfo, OffsetViewportOrgEx, DeleteDC, SetBkMode, DeleteObject, IntersectClipRect, BitBlt, CreateDIBSection, SetTextColor, OffsetWindowOrgEx, CreatePatternBrush, ExtTextOutW, GetObjectW, GetTextExtentPoint32W, GetStockObject, SetViewportOrgEx, SelectClipRgn, CreateCompatibleDC, StretchBlt, CreateRectRgn, GetClipRgn, SelectObject, SetBkColor, GetTextExtentPointW, GetBkColor, CreateCompatibleBitmap
[[ADVAPI32.dll]]
RegCreateKeyExW, RegEnumValueW, RegCloseKey, GetUserNameW, RegDeleteValueW, RegQueryInfoKeyW, RegQueryValueExA, RegEnumKeyExW, RegEnumKeyW, RegCreateKeyW, RegOpenKeyExA, RegOpenKeyExW, RegNotifyChangeKeyValue, RegSetValueW, RegQueryValueExW, RegQueryValueW, RegSetValueExW
[[KERNEL32.dll]]
ReleaseMutex, DeactivateActCtx, WaitForSingleObject, CreateJobObjectW, GetFileAttributesW, SetInformationJobObject, GetLocalTime, DeleteCriticalSection, GetCurrentProcess, LocalAlloc, UnhandledExceptionFilter, SetErrorMode, GetLocaleInfoW, LoadLibraryW, InterlockedExchange, GetSystemTimeAsFileTime, HeapReAlloc, GetThreadPriority, FreeLibrary, LocalFree, ResumeThread, InitializeCriticalSection, FindClose, HeapDestroy, MoveFileW, GetEnvironmentVariableW, SetLastError, DeviceIoControl, InterlockedDecrement, GetUserDefaultLangID, GetModuleFileNameW, ExitProcess, lstrcmpiW, LoadLibraryExA, SetThreadPriority, DelayLoadFailureHook, ActivateActCtx, GetSystemDefaultLCID, LoadLibraryExW, FlushInstructionCache, GetPrivateProfileStringW, RegisterWaitForSingleObject, CreateThread, GetSystemDirectoryW, SetUnhandledExceptionFilter, CreateMutexW, MulDiv, SetPriorityClass, TerminateProcess, GetModuleHandleExW, GlobalAlloc, GetCurrentThreadId, InterlockedIncrement, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, TerminateThread, lstrcmpiA, GetLastError, SetEvent, QueryPerformanceCounter, GetTickCount, GetVersionExA, LoadLibraryA, GetWindowsDirectoryW, OpenProcess, GetDateFormatW, GetStartupInfoW, ReadProcessMemory, GetUserDefaultLCID, GetProcessHeap, GetTimeFormatW, lstrcpyW, GetBinaryTypeW, ExpandEnvironmentStringsW, FindNextFileW, ResetEvent, FindFirstFileW, lstrcmpW, GetProcAddress, CreateEventW, CreateFileW, CreateEventA, HeapAlloc, LeaveCriticalSection, GlobalGetAtomNameW, SystemTimeToFileTime, GlobalFree, AssignProcessToJobObject, GetSystemWindowsDirectoryW, SetProcessShutdownParameters, lstrlenW, VirtualFree, GetQueuedCompletionStatus, CompareFileTime, GetCurrentProcessId, CreateIoCompletionPort, GetCommandLineW, HeapSize, InterlockedCompareExchange, GetCurrentThread, lstrcpynW, GetModuleHandleA, CloseHandle, GetModuleHandleW, GetFileAttributesExW, GetLongPathNameW, UnregisterWait, OpenEventW, CreateProcessW, Sleep, GetProcessTimes, VirtualAlloc
[[UxTheme.dll]]
GetThemeFont, GetThemeBackgroundRegion, GetThemeMargins, GetThemeRect, GetThemeBackgroundContentRect, Ord(47), GetThemeBool, GetThemeTextExtent, DrawThemeText, OpenThemeData, IsAppThemed, DrawThemeParentBackground, CloseThemeData, DrawThemeBackground, GetThemeColor, GetThemePartSize, SetWindowTheme
[[BROWSEUI.dll]]
Ord(118), Ord(106), Ord(107), Ord(135)
[[SHELL32.dll]]
SHBindToParent, Ord(154), Ord(727), Ord(127), Ord(91), Ord(152), Ord(245), Ord(89), Ord(54), Ord(60), Ord(162), Ord(155), Ord(241), Ord(85), Ord(18), Ord(731), Ord(653), Ord(68), DuplicateIcon, Ord(16), Ord(149), Ord(182), Ord(190), Ord(719), Ord(77), Ord(645), SHGetPathFromIDListW, Ord(196), Ord(733), Ord(132), SHChangeNotify, Ord(17), ShellExecuteExW, Ord(64), Ord(72), Ord(201), Ord(188), SHGetPathFromIDListA, Ord(195), Ord(233), Ord(161), Ord(102), Ord(747), Ord(193), Ord(147), Ord(100), Ord(61), SHGetDesktopFolder, Ord(25), Ord(90), Ord(71), Ord(244), Ord(711), Ord(660), Ord(137), Ord(134), Ord(4), Ord(732), SHGetSpecialFolderPathW, Ord(680), SHGetFolderLocation, Ord(2), Ord(82), Ord(723), SHGetFolderPathW, Ord(181), Ord(753), SHAddToRecentDocs, Ord(148), Ord(23), Ord(22), Ord(644), Ord(6), Ord(21), Ord(67), Ord(236), Ord(202), SHGetSpecialFolderLocation, SHUpdateRecycleBinIcon, ExtractIconExW, SHParseDisplayName, Ord(200), Ord(254)
[[ntdll.dll]]
RtlNtStatusToDosError, NtQueryInformationProcess
[[ole32.dll]]
CoInitializeEx, OleUninitialize, CoUninitialize, OleInitialize, CoRevokeClassObject, RevokeDragDrop, RegisterDragDrop, CoMarshalInterThreadInterfaceInStream, CoFreeUnusedLibraries, DoDragDrop, CreateBindCtx, CoRegisterClassObject, CoCreateInstance
[[SHLWAPI.dll]]
Ord(156), Ord(217), SHRegGetUSValueW, PathIsDirectoryW, Ord(192), SHRegGetBoolUSValueW, Ord(184), Ord(237), SHDeleteValueW, Ord(476), Ord(346), Ord(250), StrToIntW, Ord(176), SHRegOpenUSKeyW, PathUnquoteSpacesW, PathFindFileNameW, Ord(164), SHCreateThreadRef, PathQuoteSpacesW, Ord(460), PathRemoveBlanksW, Ord(199), SHSetValueW, Ord(154), Ord(548), Ord(219), Ord(178), StrRetToBufW, Ord(437), PathParseIconLocationW, PathFindExtensionW, PathRemoveArgsW, SHDeleteKeyW, SHGetValueW, Ord(292), Ord(171), Ord(165), StrCatW, StrCmpIW, Ord(467), Ord(204), Ord(478), PathRemoveFileSpecW, StrCatBuffW, StrCpyW, Ord(244), PathAppendW, Ord(163), StrCmpW, StrCmpNW, StrCpyNW, Ord(197), Ord(16), Ord(563), Ord(212), PathGetArgsW, Ord(509), Ord(479), PathIsPrefixW, Ord(278), PathGetDriveNumberW, Ord(213), PathStripToRootW, PathCombineW, Ord(439), Ord(9), AssocQueryKeyW, Ord(413), SHRegSetUSValueW, StrStrIW, SHRegQueryUSValueW, Ord(513), Ord(175), AssocQueryStringW, SHRegCloseUSKey, PathIsNetworkPathW, StrDupW, Ord(10), SHSetThreadRef, AssocCreate, Ord(172), Ord(8), SHRegWriteUSValueW, StrCmpNIW, SHOpenRegStream2W, Ord(225), Ord(512), SHStrDupW, Ord(174), Ord(241), Ord(433), Ord(279), StrChrW, wnsprintfW, PathFileExistsW, Ord(194), Ord(215), SHRegCreateUSKeyW, Ord(157), Ord(240), Ord(260), Ord(177), Ord(193), Ord(158), Ord(236), SHQueryValueExW, StrRetToStrW
[[USER32.dll]]
RedrawWindow, ChangeDisplaySettingsW, GetMessagePos, SetWindowRgn, UnregisterHotKey, LoadBitmapW, DestroyMenu, PostQuitMessage, GetForegroundWindow, LockSetForegroundWindow, SetWindowPos, GetNextDlgTabItem, IsWindow, EndPaint, WindowFromPoint, CascadeWindows, CharUpperBuffW, SetMenuItemInfoW, SetActiveWindow, GetDC, GetCursorPos, ReleaseDC, GetDlgCtrlID, SendMessageW, GetClientRect, AllowSetForegroundWindow, DrawTextW, SetScrollPos, LoadImageW, ClientToScreen, GetActiveWindow, RegisterHotKey, RegisterClipboardFormatW, LoadAcceleratorsW, GetMenuItemID, PtInRect, DrawEdge, GetParent, UpdateWindow, GetPropW, EqualRect, SetClassLongW, EnumWindows, GetMenuState, GetMessageW, ShowWindow, GetNextDlgGroupItem, SetPropW, EnumDisplayMonitors, PeekMessageW, EnableWindow, SetWindowPlacement, CharUpperW, ShowWindowAsync, GetSystemMenu, ChildWindowFromPoint, TranslateMessage, IsWindowEnabled, GetWindow, GetMenuDefaultItem, GetDlgItemInt, SetMenuDefaultItem, InternalGetWindowText, GetIconInfo, MsgWaitForMultipleObjects, PrintWindow, SetParent, RegisterClassW, IsZoomed, GetWindowPlacement, LoadStringW, IsHungAppWindow, IsIconic, EnumDisplayDevicesW, TrackPopupMenuEx, DrawFocusRect, GetDCEx, FillRect, MonitorFromPoint, CopyRect, GetSysColorBrush, CreateWindowExW, GetWindowLongW, GetWindowInfo, GetSubMenu, IsChild, SetFocus, RegisterWindowMessageW, GetMonitorInfoW, OpenInputDesktop, BeginPaint, OffsetRect, DefWindowProcW, CopyIcon, KillTimer, CharNextA, TrackMouseEvent, SendNotifyMessageW, MapWindowPoints, GetClassInfoExW, GetSystemMetrics, SetWindowLongW, GetWindowRect, InflateRect, SetCapture, EnumChildWindows, EnumDisplaySettingsExW, SetWindowLongA, SendDlgItemMessageW, PostMessageW, InvalidateRect, CheckDlgButton, DrawCaption, WaitMessage, CreatePopupMenu, CheckMenuItem, GetWindowLongA, GetClassLongW, GetLastActivePopup, SetWindowTextW, SetTimer, GetDlgItem, RemovePropW, BringWindowToTop, ScreenToClient, GetScrollInfo, TrackPopupMenu, GetMenuItemCount, IsDlgButtonChecked, SetDlgItemInt, LoadCursorW, LoadIconW, DispatchMessageW, InsertMenuW, SwitchToThisWindow, SetForegroundWindow, NotifyWinEvent, ExitWindowsEx, GetMenuItemInfoW, GetAsyncKeyState, ChildWindowFromPointEx, IntersectRect, EndDialog, FindWindowW, GetCapture, EndTask, GetShellWindow, MessageBeep, LoadMenuW, RemoveMenu, GetWindowThreadProcessId, DeferWindowPos, BeginDeferWindowPos, MessageBoxW, RegisterClassExW, MoveWindow, DialogBoxParamW, AppendMenuW, AdjustWindowRectEx, GetFocus, GetSysColor, SendMessageCallbackW, SetScrollInfo, GetKeyState, EndDeferWindowPos, GetDoubleClickTime, DestroyIcon, IsWindowVisible, TileWindows, GetDesktopWindow, SubtractRect, SetCursorPos, SystemParametersInfoW, UnionRect, MonitorFromWindow, SetRect, DeleteMenu, MonitorFromRect, CharNextW, CallWindowProcW, GetClassNameW, DestroyWindow, ModifyMenuW, EnableMenuItem, CloseDesktop, IsRectEmpty, SendMessageTimeoutW, SetCursor, GetAncestor, TranslateAcceleratorW
[[OLEAUT32.dll]]
Ord(2), Ord(9)
PE Resources..................:
Resource type Number of resources
RT_ICON 113
RT_BITMAP 32
RT_STRING 22
RT_GROUP_ICON 18
RT_DIALOG 7
RT_MENU 5
Struct(240) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Resource language Number of resources
CZECH DEFAULT 201
Symantec Reputation
Suspicious.Insight
First seen by VirusTotal
2009-02-13 16:57:33 UTC ( 3 roky, 12 měsíců ago )
Last seen by VirusTotal
2013-02-08 16:28:55 UTC ( 1 den, 21 hodin ago )
File names (max. 25)
explorer
explorer2.exe
explorer.ex
Explorer.EXE
expbak.exe
explorer.exe
exre.exe
file-44602_exe
explorer1.exe
_explorer.exe
explorer_nbpivonkova.exe
EXPLORER.EXE
file-3027442_exe
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
SHA256: 40297a9f2cabf6217cde60dbb85bad454cdf6651c58b039bd3473026840b6842
SHA1: 4f58ebfd028fb15aeab53e219eefc5cfa8c71ded
MD5: 8f08f3d3a15c6a82f70ddc04554ca808
File size: 387.7 KB ( 397016 bytes )
File name: PDFShell.dll
File type: Win32 DLL
Tags: signed pedll
Detection ratio: 0 / 45
Analysis date: 2013-02-10 13:57:29 UTC ( 15 minut ago )
0
0
Less details
Analysis
Comments
Votes
Additional information
ssdeep
3072:KjlONj5kxg0JR+Bb7d+yD+fO1Jb2LLv21HL2bw/ZBeFZyea4aOQ0i2ogl8y7hqhE:U4p6xgHfdT+fO1dcbRoTQD
TrID
DirectShow filter (59.7%)
Windows OCX File (36.5%)
Win32 Executable Generic (2.5%)
Generic Win/DOS Executable (0.5%)
DOS Executable Generic (0.5%)
ExifTool
SubsystemVersion.........: 5.0
InitializedDataSize......: 332288
ImageVersion.............: 0.0
ProductName..............: Adobe PDF Shell Extension
FileVersionNumber........: 10.1.5.33
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 9.0
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 10.1.5.33
TimeStamp................: 2012:12:18 13:02:37+00:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: PDFShell
ProductVersion...........: 10.1.5.33
FileDescription..........: PDF Shell Extension
OSVersion................: 5.0
OriginalFilename.........: PDFShell.dll
LegalCopyright...........: Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Adobe Systems, Inc.
CodeSize.................: 55808
FileSubtype..............: 0
ProductVersionNumber.....: 10.1.5.33
EntryPoint...............: 0xd60f
ObjectFileType...........: Dynamic link library
Sigcheck
publisher................: Adobe Systems, Inc.
product..................: Adobe PDF Shell Extension
verified.................:
internal name............: PDFShell
copyright................: Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
original name............: PDFShell.dll
signing date.............: 2:09 PM 12/18/2012
signers..................: Adobe Systems, Incorporated; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5
file version.............: 10.1.5.33
description..............: PDF Shell Extension
Portable Executable structural information
Compilation timedatestamp.....: 2012-12-18 13:02:37
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0000D60F
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 55054 55296 6.30 fdc218f851c6994257e6cfce35938c9b
.orpc 61440 51 512 0.75 51603889d842863f042809b0cc0e7ba5
.rdata 65536 21861 22016 4.92 ac2d015c69d152c6f6537943f7328a96
.data 90112 3528 2560 4.80 a11556b2a59397a429068501106aa315
.rsrc 94208 300036 300544 4.57 1477435972dbaa0100ac8385f465777e
.reloc 397312 6934 7168 5.62 2a63eea779b9fbd27b91bf474c518583
PE Imports....................:
[[VERSION.dll]]
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
[[GDI32.dll]]
GdiFlush, CreateDIBSection
[[ADVAPI32.dll]]
RegCreateKeyExW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegDeleteKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW
[[KERNEL32.dll]]
CallNamedPipeW, SetThreadLocale, GetLastError, SetCurrentDirectoryW, GetSystemTimeAsFileTime, LoadLibraryA, GetUserDefaultLangID, ReleaseMutex, CreateNamedPipeW, LoadLibraryW, WaitForSingleObject, GetVersionExW, SetEvent, QueryPerformanceCounter, EnterCriticalSection, IsDebuggerPresent, GetTickCount, OutputDebugStringA, GetFileAttributesW, lstrlenW, DisconnectNamedPipe, GetCurrentProcess, SystemTimeToFileTime, SizeofResource, GetCurrentDirectoryW, GetThreadLocale, GetCurrentProcessId, OpenProcess, GetDateFormatW, GetVolumeInformationW, LoadLibraryExW, MultiByteToWideChar, ReadProcessMemory, GetProcAddress, InterlockedCompareExchange, FileTimeToSystemTime, lstrcpynW, GetTimeFormatW, RaiseException, WaitNamedPipeW, CreateThread, GetModuleFileNameW, GetModuleHandleA, GetSystemDirectoryW, DeleteCriticalSection, ReadFile, SetNamedPipeHandleState, InterlockedExchange, SetUnhandledExceptionFilter, WriteFile, InterlockedIncrement, CreateMutexW, ResetEvent, OpenMutexW, UnhandledExceptionFilter, WaitForMultipleObjects, GetModuleHandleW, FileTimeToLocalFileTime, FreeLibrary, LocalFree, FormatMessageW, TerminateProcess, ConnectNamedPipe, CreateEventW, lstrcmpiW, InitializeCriticalSection, LoadResource, FindResourceW, CreateFileW, CreateProcessW, InterlockedDecrement, Sleep, GetCurrentThreadId, GetVersion, LeaveCriticalSection, LocalAlloc, SetLastError, CloseHandle
[[OLEAUT32.dll]]
Ord(161), Ord(149), Ord(277), Ord(6), Ord(186), Ord(150), Ord(7), Ord(162), Ord(163), Ord(2), Ord(9)
[[MSVCP90.dll]]
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z, ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ, ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, ?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ, ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z, ?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ, ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z, ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z, ??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z, ?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ, ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z, ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z, ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ, ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z, ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z, ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, ?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z, ?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ, ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z, ?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB, ?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z, ??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ, ?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
[[SHELL32.dll]]
DragQueryFileW
[[RPCRT4.dll]]
IUnknown_Release_Proxy, NdrOleAllocate, IUnknown_QueryInterface_Proxy, NdrDllUnregisterProxy, NdrDllRegisterProxy, NdrDllCanUnloadNow, NdrStubForwardingFunction, UuidToStringW, NdrDllGetClassObject, NdrOleFree, UuidCreate, IUnknown_AddRef_Proxy, RpcStringFreeW, NdrCStdStubBuffer2_Release
[[ole32.dll]]
CoTaskMemAlloc, ReleaseStgMedium, CoTaskMemRealloc, CoCreateInstance, CoTaskMemFree, StringFromGUID2
[[SHLWAPI.dll]]
PathRenameExtensionW
[[USER32.dll]]
MapWindowPoints, SetWindowLongW, MessageBoxW, GetParent, SendMessageW, GetWindowRect, GetActiveWindow, TranslateMessage, GetWindowTextW, WaitForInputIdle, LoadStringW, GetDlgItem, DispatchMessageW, GetWindowLongW, GetDlgItemTextW, CharNextW, SetDlgItemTextW, SetWindowPos, PeekMessageW
[[MSVCR90.dll]]
_snprintf_s, rand, malloc, srand, _time64, __dllonexit, ?terminate@@YAXXZ, wcsncpy_s, swprintf_s, memset, wcscpy_s, isdigit, _vsnwprintf, __clean_type_info_names_internal, _recalloc, _amsg_exit, _wsplitpath_s, ?_type_info_dtor_internal_method@type_info@@QAEXXZ, _CxxThrowException, ??2@YAPAXI@Z, _lock, _onexit, _encode_pointer, ??_V@YAXPAX@Z, _local_unwind4, _initterm_e, _adjust_fdiv, wcscat_s, _wcsicmp, tolower, memmove_s, _unlock, _crt_debugger_hook, ??3@YAXPAX@Z, free, memcpy_s, _except_handler4_common, memcpy, ??0exception@std@@QAE@ABV01@@Z, ??1exception@std@@UAE@XZ, __CxxFrameHandler3, _decode_pointer, _wmakepath_s, wcsrchr, _malloc_crt, _encoded_null, __CppXcptFilter, wcsstr, ??0exception@std@@QAE@XZ, _initterm
PE Exports....................:
??4_Init_locks@std@@QAEAAV01@ABV01@@Z, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
PE Resources..................:
Resource type Number of resources
RT_ICON 7
RT_DIALOG 1
TYPELIB 1
RT_MANIFEST 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
RT_GROUP_ICON 1
Resource language Number of resources
ENGLISH US 14
First seen by VirusTotal
2013-01-09 14:48:51 UTC ( 1 měsíc ago )
Last seen by VirusTotal
2013-02-10 13:57:29 UTC ( 15 minut ago )
File names (max. 25)
PDFShell
PDFShell.dll
pdfshell.dll
vt-upload-EsPBm2
file-5034856_dll
C:\WINDOWS\explorer.exe
Stejně tak C:\WINDOWS\explorer.exe (1924):\C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll:\memory"
nelze najít, takže jsem zadal pouze C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
Tady jsou výsledky z virustotalu:
C:\WINDOWS\explorer.exe
SHA256: 096ce5536bfb81c3982c464485e536e727edc7c31c8e67cef06644845f20126d
SHA1: 59180eef4bf949f99db4d91171f140fa6a21e5e0
MD5: 27afd587c462e280ee046b8cca3c2cd1
File size: 1010.0 KB ( 1034240 bytes )
File name: EXPLORER.EXE
File type: Win32 EXE
Tags: peexe mz
Detection ratio: 0 / 46
Analysis date: 2013-02-08 16:28:55 UTC ( 1 den, 21 hodin ago )
0
0
Less details
Analysis
Comments
Votes
Additional information
ssdeep
12288:tHmcoCUyZtwAvAs4wTCyrPTFNm0VezaQG5oJpaz/g/J/v5qS:Jmfty/wAvN7lrDm0Ve7Gmaz/g/J/xq
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ExifTool
SubsystemVersion.........: 4.1
InitializedDataSize......: 751104
ImageVersion.............: 5.1
ProductName..............: Microsoft(R) Windows (R) 2000 Operating System
FileVersionNumber........: 6.0.2900.5512
UninitializedDataSize....: 0
LanguageCode.............: Czech
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 6.00.2900.5512 (xpsp.080413-2105)
TimeStamp................: 2008:04:13 20:17:04+01:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: explorer
ProductVersion...........: 6.00.2900.5512
FileDescription..........: Pr zkumn k Windows
OSVersion................: 5.1
OriginalFilename.........: EXPLORER.EXE
LegalCopyright...........: Microsoft Corporation. V echna pr va vyhrazena.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 282112
FileSubtype..............: 0
ProductVersionNumber.....: 6.0.2900.5512
EntryPoint...............: 0x1a55f
ObjectFileType...........: Executable application
Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft(R) Windows (R) 2000 Operating System
verified.................:
internal name............: explorer
copyright................: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
original name............: EXPLORER.EXE
file version.............: 6.00.2900.5512 (xpsp.080413-2105)
description..............: Pr_zkumn_k Windows
Portable Executable structural information
Compilation timedatestamp.....: 2008-04-13 19:17:04
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0001A55F
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 281609 282112 6.38 26445bd0519c4e1bec1430a53c1c1f78
.data 286720 7604 6144 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 294912 730128 730624 6.63 4955f4479dac601695e1af555183c83c
.reloc 1028096 14156 14336 6.78 ec335057489badbf6d8142b57175fd91
PE Imports....................:
[[msvcrt.dll]]
_except_handler3, malloc, memmove, realloc, free, _ftol, _itow, _vsnwprintf
[[SHDOCVW.dll]]
Ord(110), Ord(125), Ord(111)
[[GDI32.dll]]
GetTextMetricsW, CreateFontIndirectW, PatBlt, SetStretchBltMode, CreateRectRgnIndirect, CombineRgn, GetClipBox, GetViewportOrgEx, GetLayout, GetDeviceCaps, TranslateCharsetInfo, OffsetViewportOrgEx, DeleteDC, SetBkMode, DeleteObject, IntersectClipRect, BitBlt, CreateDIBSection, SetTextColor, OffsetWindowOrgEx, CreatePatternBrush, ExtTextOutW, GetObjectW, GetTextExtentPoint32W, GetStockObject, SetViewportOrgEx, SelectClipRgn, CreateCompatibleDC, StretchBlt, CreateRectRgn, GetClipRgn, SelectObject, SetBkColor, GetTextExtentPointW, GetBkColor, CreateCompatibleBitmap
[[ADVAPI32.dll]]
RegCreateKeyExW, RegEnumValueW, RegCloseKey, GetUserNameW, RegDeleteValueW, RegQueryInfoKeyW, RegQueryValueExA, RegEnumKeyExW, RegEnumKeyW, RegCreateKeyW, RegOpenKeyExA, RegOpenKeyExW, RegNotifyChangeKeyValue, RegSetValueW, RegQueryValueExW, RegQueryValueW, RegSetValueExW
[[KERNEL32.dll]]
ReleaseMutex, DeactivateActCtx, WaitForSingleObject, CreateJobObjectW, GetFileAttributesW, SetInformationJobObject, GetLocalTime, DeleteCriticalSection, GetCurrentProcess, LocalAlloc, UnhandledExceptionFilter, SetErrorMode, GetLocaleInfoW, LoadLibraryW, InterlockedExchange, GetSystemTimeAsFileTime, HeapReAlloc, GetThreadPriority, FreeLibrary, LocalFree, ResumeThread, InitializeCriticalSection, FindClose, HeapDestroy, MoveFileW, GetEnvironmentVariableW, SetLastError, DeviceIoControl, InterlockedDecrement, GetUserDefaultLangID, GetModuleFileNameW, ExitProcess, lstrcmpiW, LoadLibraryExA, SetThreadPriority, DelayLoadFailureHook, ActivateActCtx, GetSystemDefaultLCID, LoadLibraryExW, FlushInstructionCache, GetPrivateProfileStringW, RegisterWaitForSingleObject, CreateThread, GetSystemDirectoryW, SetUnhandledExceptionFilter, CreateMutexW, MulDiv, SetPriorityClass, TerminateProcess, GetModuleHandleExW, GlobalAlloc, GetCurrentThreadId, InterlockedIncrement, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, TerminateThread, lstrcmpiA, GetLastError, SetEvent, QueryPerformanceCounter, GetTickCount, GetVersionExA, LoadLibraryA, GetWindowsDirectoryW, OpenProcess, GetDateFormatW, GetStartupInfoW, ReadProcessMemory, GetUserDefaultLCID, GetProcessHeap, GetTimeFormatW, lstrcpyW, GetBinaryTypeW, ExpandEnvironmentStringsW, FindNextFileW, ResetEvent, FindFirstFileW, lstrcmpW, GetProcAddress, CreateEventW, CreateFileW, CreateEventA, HeapAlloc, LeaveCriticalSection, GlobalGetAtomNameW, SystemTimeToFileTime, GlobalFree, AssignProcessToJobObject, GetSystemWindowsDirectoryW, SetProcessShutdownParameters, lstrlenW, VirtualFree, GetQueuedCompletionStatus, CompareFileTime, GetCurrentProcessId, CreateIoCompletionPort, GetCommandLineW, HeapSize, InterlockedCompareExchange, GetCurrentThread, lstrcpynW, GetModuleHandleA, CloseHandle, GetModuleHandleW, GetFileAttributesExW, GetLongPathNameW, UnregisterWait, OpenEventW, CreateProcessW, Sleep, GetProcessTimes, VirtualAlloc
[[UxTheme.dll]]
GetThemeFont, GetThemeBackgroundRegion, GetThemeMargins, GetThemeRect, GetThemeBackgroundContentRect, Ord(47), GetThemeBool, GetThemeTextExtent, DrawThemeText, OpenThemeData, IsAppThemed, DrawThemeParentBackground, CloseThemeData, DrawThemeBackground, GetThemeColor, GetThemePartSize, SetWindowTheme
[[BROWSEUI.dll]]
Ord(118), Ord(106), Ord(107), Ord(135)
[[SHELL32.dll]]
SHBindToParent, Ord(154), Ord(727), Ord(127), Ord(91), Ord(152), Ord(245), Ord(89), Ord(54), Ord(60), Ord(162), Ord(155), Ord(241), Ord(85), Ord(18), Ord(731), Ord(653), Ord(68), DuplicateIcon, Ord(16), Ord(149), Ord(182), Ord(190), Ord(719), Ord(77), Ord(645), SHGetPathFromIDListW, Ord(196), Ord(733), Ord(132), SHChangeNotify, Ord(17), ShellExecuteExW, Ord(64), Ord(72), Ord(201), Ord(188), SHGetPathFromIDListA, Ord(195), Ord(233), Ord(161), Ord(102), Ord(747), Ord(193), Ord(147), Ord(100), Ord(61), SHGetDesktopFolder, Ord(25), Ord(90), Ord(71), Ord(244), Ord(711), Ord(660), Ord(137), Ord(134), Ord(4), Ord(732), SHGetSpecialFolderPathW, Ord(680), SHGetFolderLocation, Ord(2), Ord(82), Ord(723), SHGetFolderPathW, Ord(181), Ord(753), SHAddToRecentDocs, Ord(148), Ord(23), Ord(22), Ord(644), Ord(6), Ord(21), Ord(67), Ord(236), Ord(202), SHGetSpecialFolderLocation, SHUpdateRecycleBinIcon, ExtractIconExW, SHParseDisplayName, Ord(200), Ord(254)
[[ntdll.dll]]
RtlNtStatusToDosError, NtQueryInformationProcess
[[ole32.dll]]
CoInitializeEx, OleUninitialize, CoUninitialize, OleInitialize, CoRevokeClassObject, RevokeDragDrop, RegisterDragDrop, CoMarshalInterThreadInterfaceInStream, CoFreeUnusedLibraries, DoDragDrop, CreateBindCtx, CoRegisterClassObject, CoCreateInstance
[[SHLWAPI.dll]]
Ord(156), Ord(217), SHRegGetUSValueW, PathIsDirectoryW, Ord(192), SHRegGetBoolUSValueW, Ord(184), Ord(237), SHDeleteValueW, Ord(476), Ord(346), Ord(250), StrToIntW, Ord(176), SHRegOpenUSKeyW, PathUnquoteSpacesW, PathFindFileNameW, Ord(164), SHCreateThreadRef, PathQuoteSpacesW, Ord(460), PathRemoveBlanksW, Ord(199), SHSetValueW, Ord(154), Ord(548), Ord(219), Ord(178), StrRetToBufW, Ord(437), PathParseIconLocationW, PathFindExtensionW, PathRemoveArgsW, SHDeleteKeyW, SHGetValueW, Ord(292), Ord(171), Ord(165), StrCatW, StrCmpIW, Ord(467), Ord(204), Ord(478), PathRemoveFileSpecW, StrCatBuffW, StrCpyW, Ord(244), PathAppendW, Ord(163), StrCmpW, StrCmpNW, StrCpyNW, Ord(197), Ord(16), Ord(563), Ord(212), PathGetArgsW, Ord(509), Ord(479), PathIsPrefixW, Ord(278), PathGetDriveNumberW, Ord(213), PathStripToRootW, PathCombineW, Ord(439), Ord(9), AssocQueryKeyW, Ord(413), SHRegSetUSValueW, StrStrIW, SHRegQueryUSValueW, Ord(513), Ord(175), AssocQueryStringW, SHRegCloseUSKey, PathIsNetworkPathW, StrDupW, Ord(10), SHSetThreadRef, AssocCreate, Ord(172), Ord(8), SHRegWriteUSValueW, StrCmpNIW, SHOpenRegStream2W, Ord(225), Ord(512), SHStrDupW, Ord(174), Ord(241), Ord(433), Ord(279), StrChrW, wnsprintfW, PathFileExistsW, Ord(194), Ord(215), SHRegCreateUSKeyW, Ord(157), Ord(240), Ord(260), Ord(177), Ord(193), Ord(158), Ord(236), SHQueryValueExW, StrRetToStrW
[[USER32.dll]]
RedrawWindow, ChangeDisplaySettingsW, GetMessagePos, SetWindowRgn, UnregisterHotKey, LoadBitmapW, DestroyMenu, PostQuitMessage, GetForegroundWindow, LockSetForegroundWindow, SetWindowPos, GetNextDlgTabItem, IsWindow, EndPaint, WindowFromPoint, CascadeWindows, CharUpperBuffW, SetMenuItemInfoW, SetActiveWindow, GetDC, GetCursorPos, ReleaseDC, GetDlgCtrlID, SendMessageW, GetClientRect, AllowSetForegroundWindow, DrawTextW, SetScrollPos, LoadImageW, ClientToScreen, GetActiveWindow, RegisterHotKey, RegisterClipboardFormatW, LoadAcceleratorsW, GetMenuItemID, PtInRect, DrawEdge, GetParent, UpdateWindow, GetPropW, EqualRect, SetClassLongW, EnumWindows, GetMenuState, GetMessageW, ShowWindow, GetNextDlgGroupItem, SetPropW, EnumDisplayMonitors, PeekMessageW, EnableWindow, SetWindowPlacement, CharUpperW, ShowWindowAsync, GetSystemMenu, ChildWindowFromPoint, TranslateMessage, IsWindowEnabled, GetWindow, GetMenuDefaultItem, GetDlgItemInt, SetMenuDefaultItem, InternalGetWindowText, GetIconInfo, MsgWaitForMultipleObjects, PrintWindow, SetParent, RegisterClassW, IsZoomed, GetWindowPlacement, LoadStringW, IsHungAppWindow, IsIconic, EnumDisplayDevicesW, TrackPopupMenuEx, DrawFocusRect, GetDCEx, FillRect, MonitorFromPoint, CopyRect, GetSysColorBrush, CreateWindowExW, GetWindowLongW, GetWindowInfo, GetSubMenu, IsChild, SetFocus, RegisterWindowMessageW, GetMonitorInfoW, OpenInputDesktop, BeginPaint, OffsetRect, DefWindowProcW, CopyIcon, KillTimer, CharNextA, TrackMouseEvent, SendNotifyMessageW, MapWindowPoints, GetClassInfoExW, GetSystemMetrics, SetWindowLongW, GetWindowRect, InflateRect, SetCapture, EnumChildWindows, EnumDisplaySettingsExW, SetWindowLongA, SendDlgItemMessageW, PostMessageW, InvalidateRect, CheckDlgButton, DrawCaption, WaitMessage, CreatePopupMenu, CheckMenuItem, GetWindowLongA, GetClassLongW, GetLastActivePopup, SetWindowTextW, SetTimer, GetDlgItem, RemovePropW, BringWindowToTop, ScreenToClient, GetScrollInfo, TrackPopupMenu, GetMenuItemCount, IsDlgButtonChecked, SetDlgItemInt, LoadCursorW, LoadIconW, DispatchMessageW, InsertMenuW, SwitchToThisWindow, SetForegroundWindow, NotifyWinEvent, ExitWindowsEx, GetMenuItemInfoW, GetAsyncKeyState, ChildWindowFromPointEx, IntersectRect, EndDialog, FindWindowW, GetCapture, EndTask, GetShellWindow, MessageBeep, LoadMenuW, RemoveMenu, GetWindowThreadProcessId, DeferWindowPos, BeginDeferWindowPos, MessageBoxW, RegisterClassExW, MoveWindow, DialogBoxParamW, AppendMenuW, AdjustWindowRectEx, GetFocus, GetSysColor, SendMessageCallbackW, SetScrollInfo, GetKeyState, EndDeferWindowPos, GetDoubleClickTime, DestroyIcon, IsWindowVisible, TileWindows, GetDesktopWindow, SubtractRect, SetCursorPos, SystemParametersInfoW, UnionRect, MonitorFromWindow, SetRect, DeleteMenu, MonitorFromRect, CharNextW, CallWindowProcW, GetClassNameW, DestroyWindow, ModifyMenuW, EnableMenuItem, CloseDesktop, IsRectEmpty, SendMessageTimeoutW, SetCursor, GetAncestor, TranslateAcceleratorW
[[OLEAUT32.dll]]
Ord(2), Ord(9)
PE Resources..................:
Resource type Number of resources
RT_ICON 113
RT_BITMAP 32
RT_STRING 22
RT_GROUP_ICON 18
RT_DIALOG 7
RT_MENU 5
Struct(240) 1
RT_MANIFEST 1
RT_ACCELERATOR 1
RT_VERSION 1
Resource language Number of resources
CZECH DEFAULT 201
Symantec Reputation
Suspicious.Insight
First seen by VirusTotal
2009-02-13 16:57:33 UTC ( 3 roky, 12 měsíců ago )
Last seen by VirusTotal
2013-02-08 16:28:55 UTC ( 1 den, 21 hodin ago )
File names (max. 25)
explorer
explorer2.exe
explorer.ex
Explorer.EXE
expbak.exe
explorer.exe
exre.exe
file-44602_exe
explorer1.exe
_explorer.exe
explorer_nbpivonkova.exe
EXPLORER.EXE
file-3027442_exe
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
SHA256: 40297a9f2cabf6217cde60dbb85bad454cdf6651c58b039bd3473026840b6842
SHA1: 4f58ebfd028fb15aeab53e219eefc5cfa8c71ded
MD5: 8f08f3d3a15c6a82f70ddc04554ca808
File size: 387.7 KB ( 397016 bytes )
File name: PDFShell.dll
File type: Win32 DLL
Tags: signed pedll
Detection ratio: 0 / 45
Analysis date: 2013-02-10 13:57:29 UTC ( 15 minut ago )
0
0
Less details
Analysis
Comments
Votes
Additional information
ssdeep
3072:KjlONj5kxg0JR+Bb7d+yD+fO1Jb2LLv21HL2bw/ZBeFZyea4aOQ0i2ogl8y7hqhE:U4p6xgHfdT+fO1dcbRoTQD
TrID
DirectShow filter (59.7%)
Windows OCX File (36.5%)
Win32 Executable Generic (2.5%)
Generic Win/DOS Executable (0.5%)
DOS Executable Generic (0.5%)
ExifTool
SubsystemVersion.........: 5.0
InitializedDataSize......: 332288
ImageVersion.............: 0.0
ProductName..............: Adobe PDF Shell Extension
FileVersionNumber........: 10.1.5.33
UninitializedDataSize....: 0
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 9.0
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 10.1.5.33
TimeStamp................: 2012:12:18 13:02:37+00:00
FileType.................: Win32 DLL
PEType...................: PE32
InternalName.............: PDFShell
ProductVersion...........: 10.1.5.33
FileDescription..........: PDF Shell Extension
OSVersion................: 5.0
OriginalFilename.........: PDFShell.dll
LegalCopyright...........: Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Adobe Systems, Inc.
CodeSize.................: 55808
FileSubtype..............: 0
ProductVersionNumber.....: 10.1.5.33
EntryPoint...............: 0xd60f
ObjectFileType...........: Dynamic link library
Sigcheck
publisher................: Adobe Systems, Inc.
product..................: Adobe PDF Shell Extension
verified.................:
internal name............: PDFShell
copyright................: Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
original name............: PDFShell.dll
signing date.............: 2:09 PM 12/18/2012
signers..................: Adobe Systems, Incorporated; VeriSign Class 3 Code Signing 2010 CA; VeriSign Class 3 Public Primary Certification Authority - G5
file version.............: 10.1.5.33
description..............: PDF Shell Extension
Portable Executable structural information
Compilation timedatestamp.....: 2012-12-18 13:02:37
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0000D60F
PE Sections...................:
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 55054 55296 6.30 fdc218f851c6994257e6cfce35938c9b
.orpc 61440 51 512 0.75 51603889d842863f042809b0cc0e7ba5
.rdata 65536 21861 22016 4.92 ac2d015c69d152c6f6537943f7328a96
.data 90112 3528 2560 4.80 a11556b2a59397a429068501106aa315
.rsrc 94208 300036 300544 4.57 1477435972dbaa0100ac8385f465777e
.reloc 397312 6934 7168 5.62 2a63eea779b9fbd27b91bf474c518583
PE Imports....................:
[[VERSION.dll]]
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
[[GDI32.dll]]
GdiFlush, CreateDIBSection
[[ADVAPI32.dll]]
RegCreateKeyExW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegDeleteKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW
[[KERNEL32.dll]]
CallNamedPipeW, SetThreadLocale, GetLastError, SetCurrentDirectoryW, GetSystemTimeAsFileTime, LoadLibraryA, GetUserDefaultLangID, ReleaseMutex, CreateNamedPipeW, LoadLibraryW, WaitForSingleObject, GetVersionExW, SetEvent, QueryPerformanceCounter, EnterCriticalSection, IsDebuggerPresent, GetTickCount, OutputDebugStringA, GetFileAttributesW, lstrlenW, DisconnectNamedPipe, GetCurrentProcess, SystemTimeToFileTime, SizeofResource, GetCurrentDirectoryW, GetThreadLocale, GetCurrentProcessId, OpenProcess, GetDateFormatW, GetVolumeInformationW, LoadLibraryExW, MultiByteToWideChar, ReadProcessMemory, GetProcAddress, InterlockedCompareExchange, FileTimeToSystemTime, lstrcpynW, GetTimeFormatW, RaiseException, WaitNamedPipeW, CreateThread, GetModuleFileNameW, GetModuleHandleA, GetSystemDirectoryW, DeleteCriticalSection, ReadFile, SetNamedPipeHandleState, InterlockedExchange, SetUnhandledExceptionFilter, WriteFile, InterlockedIncrement, CreateMutexW, ResetEvent, OpenMutexW, UnhandledExceptionFilter, WaitForMultipleObjects, GetModuleHandleW, FileTimeToLocalFileTime, FreeLibrary, LocalFree, FormatMessageW, TerminateProcess, ConnectNamedPipe, CreateEventW, lstrcmpiW, InitializeCriticalSection, LoadResource, FindResourceW, CreateFileW, CreateProcessW, InterlockedDecrement, Sleep, GetCurrentThreadId, GetVersion, LeaveCriticalSection, LocalAlloc, SetLastError, CloseHandle
[[OLEAUT32.dll]]
Ord(161), Ord(149), Ord(277), Ord(6), Ord(186), Ord(150), Ord(7), Ord(162), Ord(163), Ord(2), Ord(9)
[[MSVCP90.dll]]
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z, ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ, ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, ?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ, ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z, ?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ, ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z, ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z, ??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z, ?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ, ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z, ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ, ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z, ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ, ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z, ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z, ??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, ?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z, ?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ, ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z, ?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB, ?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z, ??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ, ?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
[[SHELL32.dll]]
DragQueryFileW
[[RPCRT4.dll]]
IUnknown_Release_Proxy, NdrOleAllocate, IUnknown_QueryInterface_Proxy, NdrDllUnregisterProxy, NdrDllRegisterProxy, NdrDllCanUnloadNow, NdrStubForwardingFunction, UuidToStringW, NdrDllGetClassObject, NdrOleFree, UuidCreate, IUnknown_AddRef_Proxy, RpcStringFreeW, NdrCStdStubBuffer2_Release
[[ole32.dll]]
CoTaskMemAlloc, ReleaseStgMedium, CoTaskMemRealloc, CoCreateInstance, CoTaskMemFree, StringFromGUID2
[[SHLWAPI.dll]]
PathRenameExtensionW
[[USER32.dll]]
MapWindowPoints, SetWindowLongW, MessageBoxW, GetParent, SendMessageW, GetWindowRect, GetActiveWindow, TranslateMessage, GetWindowTextW, WaitForInputIdle, LoadStringW, GetDlgItem, DispatchMessageW, GetWindowLongW, GetDlgItemTextW, CharNextW, SetDlgItemTextW, SetWindowPos, PeekMessageW
[[MSVCR90.dll]]
_snprintf_s, rand, malloc, srand, _time64, __dllonexit, ?terminate@@YAXXZ, wcsncpy_s, swprintf_s, memset, wcscpy_s, isdigit, _vsnwprintf, __clean_type_info_names_internal, _recalloc, _amsg_exit, _wsplitpath_s, ?_type_info_dtor_internal_method@type_info@@QAEXXZ, _CxxThrowException, ??2@YAPAXI@Z, _lock, _onexit, _encode_pointer, ??_V@YAXPAX@Z, _local_unwind4, _initterm_e, _adjust_fdiv, wcscat_s, _wcsicmp, tolower, memmove_s, _unlock, _crt_debugger_hook, ??3@YAXPAX@Z, free, memcpy_s, _except_handler4_common, memcpy, ??0exception@std@@QAE@ABV01@@Z, ??1exception@std@@UAE@XZ, __CxxFrameHandler3, _decode_pointer, _wmakepath_s, wcsrchr, _malloc_crt, _encoded_null, __CppXcptFilter, wcsstr, ??0exception@std@@QAE@XZ, _initterm
PE Exports....................:
??4_Init_locks@std@@QAEAAV01@ABV01@@Z, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
PE Resources..................:
Resource type Number of resources
RT_ICON 7
RT_DIALOG 1
TYPELIB 1
RT_MANIFEST 1
RT_STRING 1
REGISTRY 1
RT_VERSION 1
RT_GROUP_ICON 1
Resource language Number of resources
ENGLISH US 14
First seen by VirusTotal
2013-01-09 14:48:51 UTC ( 1 měsíc ago )
Last seen by VirusTotal
2013-02-10 13:57:29 UTC ( 15 minut ago )
File names (max. 25)
PDFShell
PDFShell.dll
pdfshell.dll
vt-upload-EsPBm2
file-5034856_dll
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Trojský kůň PSW.Generic10.BHKG
Soubory jsou čisté, není co řešit. Vyčkejte na další aktualizaci, možná bude problém napraven.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Trojský kůň PSW.Generic10.BHKG
Díky za pomoc !
-
Rudy
- Site Admin
- Příspěvky: 119524
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Trojský kůň PSW.Generic10.BHKG
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?