Re: Vírus winlogon.exe
Napsal: 03 úno 2010 20:26
tak to je fajn ... myslim že v robote mam tak si požičiam zajtra...
Dal som otestovať tie súbory čo sipísal na Virustotale tak pripajam vysledky.
1. svchost.exe
Soubor svchost.exe přijatý 2010.02.03 11:57:19 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.03 Trojan.Patched.CX.75!IK
AntiVir 7.9.1.158 2010.02.03 TR/Patched.CX.75
Ikarus T3.1.1.80.0 2010.02.03 Trojan.Patched.CX.75
K7AntiVirus 7.10.963 2010.02.02 Trojan.Win32.Patched.cx
McAfee+Artemis 5880 2010.02.02 Artemis!9491C2135C30
McAfee-GW-Edition 6.8.5 2010.02.03 Heuristic.LooksLike.Trojan.Patched.L
Sophos 4.50.0 2010.02.03 Mal/Generic-A
TheHacker 6.5.1.0.178 2010.02.03 Trojan/Patched.cx
Rozšiřující informace
File size: 16896 bytes
MD5...: 9491c2135c30b82bb1a6acf928063a59
SHA1..: 9311fb6943c96ba254988e6e02d7419eca6f368f
SHA256: 7a5dfb41fa1996c7b88e7e8db80939fbdd0c9a6c0678dd22af41fb6a075669ef
ssdeep: 384:cYiRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:WT/3Ska6Lh8C<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2509<BR>timedatestamp.....: 0x41107ed6 (Wed Aug 04 06:14:46 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2c00 0x2c00 6.29 6fc4d075dfb37185ffae8eacb467b822<BR>.data 0x4000 0x1f0 0x200 1.61 553c0ebbbc67abab785f2065a062b522<BR>.rsrc 0x5000 0x2000 0x1000 1.13 0c277f1d169c34cef7c2b672c4e78b97<BR><BR>( 4 imports ) <BR>> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW<BR>> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook<BR>> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid<BR>> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Generic Host Process for Win32 Services<BR>original name: svchost.exe<BR>internal name: svchost.exe<BR>file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
2. explorer.exe
Soubor explorer.exe přijatý 2010.02.03 12:16:47 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.03 Virus.Win32.Virut.q!IK
AhnLab-V3 5.0.0.2 2010.02.03 -
AntiVir 7.9.1.158 2010.02.03 TR/Patched.CX.199
Antiy-AVL 2.0.3.7 2010.02.03 -
Authentium 5.2.0.5 2010.02.03 -
Avast 4.8.1351.0 2010.02.02 -
AVG 9.0.0.730 2010.02.02 -
BitDefender 7.2 2010.02.03 -
CAT-QuickHeal 10.00 2010.02.03 -
ClamAV 0.96.0.0-git 2010.02.03 -
Comodo 3805 2010.02.03 -
DrWeb 5.0.1.12222 2010.02.03 -
eTrust-Vet 35.2.7278 2010.02.03 -
F-Prot 4.5.1.85 2010.02.01 -
F-Secure 9.0.15370.0 2010.02.03 -
Fortinet 4.0.14.0 2010.02.03 -
GData 19 2010.02.03 -
Ikarus T3.1.1.80.0 2010.02.03 Virus.Win32.Virut.q
Jiangmin 13.0.900 2010.02.03 -
K7AntiVirus 7.10.963 2010.02.02 Trojan.Win32.Patched.cx
Kaspersky 7.0.0.125 2010.02.03 -
McAfee 5880 2010.02.02 -
McAfee+Artemis 5880 2010.02.02 -
McAfee-GW-Edition 6.8.5 2010.02.03 Heuristic.LooksLike.Trojan.Patched.K
Microsoft 1.5406 2010.02.03 -
NOD32 4831 2010.02.03 -
Norman 6.04.03 2010.02.03 -
nProtect 2009.1.8.0 2010.02.03 -
Panda 10.0.2.2 2010.02.02 -
PCTools 7.0.3.5 2010.02.03 -
Prevx 3.0 2010.02.03 -
Rising 22.33.02.04 2010.02.03 -
Sophos 4.50.0 2010.02.03 -
Sunbelt 3.2.1858.2 2010.02.03 Trojan.Win32.Malware
TheHacker 6.5.1.0.178 2010.02.03 Trojan/Patched.cx
TrendMicro 9.120.0.1004 2010.02.03 -
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.3.2170 2010.02.03 -
VirusBuster 5.0.21.0 2010.02.03 -
Rozšiřující informace
File size: 1034240 bytes
MD5...: 6b06b770badd3ba36da67304ff587ce2
SHA1..: 3b3fa827ffa6ee96584ff33c55920f9414430c30
SHA256: e72ddacbf0cecf804f2e0990f64f6b7bb024ad12b6a3dffb7c972b194e4ecbb2
ssdeep: 12288:azEut4RuAwGgc7fNuIEGpPoHWr2Rkf8I+skzan1/g/J/v5nn:azEuAwj2f<BR>NuIhakf8I+sk81/g/J/Jn<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1e24e<BR>timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44689 0x44800 6.38 b257b3cd7102cece46cd7366aff0f34b<BR>.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf<BR>.rsrc 0x48000 0xb2278 0xb2400 6.63 abf6dc1befe1a4a4c7f6ef51d1a6f907<BR>.reloc 0xfb000 0x5000 0x4000 6.30 2cceb568629fcd58f12a65fe9b21d563<BR><BR>( 13 imports ) <BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -<BR>> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> BROWSEUI.dll: -, -, -, -<BR>> SHDOCVW.dll: -, -, -<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Windows Explorer<BR>original name: EXPLORER.EXE<BR>internal name: explorer<BR>file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
3. lsass.exe
Soubor lsass.exe přijatý 2010.02.03 18:48:48 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.03 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2010.02.03 Win32/Liger
AntiVir 7.9.1.158 2010.02.03 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2010.02.03 Trojan/Win32.Patched.gen
Authentium 5.2.0.5 2010.02.03 W32/Patched.D.gen!Eldorado
Avast 4.8.1351.0 2010.02.02 Win32:Patched-CK
AVG 9.0.0.730 2010.02.03 Win32/PEPatch.AO
BitDefender 7.2 2010.02.03 Trojan.Patched.U
CAT-QuickHeal 10.00 2010.02.03 Trojan.Patched.AA
ClamAV 0.96.0.0-git 2010.02.03 Trojan.Agent-5069
Comodo 3807 2010.02.03 TrojWare.Win32.Patched.B
DrWeb 5.0.1.12222 2010.02.03 Trojan.Starter.384
eSafe 7.0.17.0 2010.02.03 -
eTrust-Vet 35.2.7278 2010.02.03 Win32/Donise.H
F-Prot 4.5.1.85 2010.02.03 W32/Patched.D.gen!Eldorado
F-Secure 9.0.15370.0 2010.02.03 Trojan.Patched.U
Fortinet 4.0.14.0 2010.02.03 W32/Patched.CX
GData 19 2010.02.03 Trojan.Patched.U
Ikarus T3.1.1.80.0 2010.02.03 Trojan.Win32.Patched
Jiangmin 13.0.900 2010.02.03 Win32/InfectExplorer.c
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.03 Trojan.Win32.Patched.aa
McAfee 5881 2010.02.03 W32/PEPatcher.c
McAfee+Artemis 5881 2010.02.03 W32/PEPatcher.c
McAfee-GW-Edition 6.8.5 2010.02.03 Heuristic.LooksLike.Win32.SuspiciousPE.H
Microsoft 1.5406 2010.02.03 TrojanDownloader:Win32/Donise.C!patched
NOD32 4832 2010.02.03 Win32/TrojanProxy.Agent.NCI
Norman 6.04.03 2010.02.03 W32/Smalltroj.DGHM
nProtect 2009.1.8.0 2010.02.03 Virus/W32.Patched.G
Panda 10.0.2.2 2010.02.03 W32/PatchLog.gen
PCTools 7.0.3.5 2010.02.03 Win32.Agent.IMP
Prevx 3.0 2010.02.03 -
Rising 22.33.02.04 2010.02.03 Trojan.Win32.Patched.aa
Sophos 4.50.0 2010.02.03 W32/Liger-A
Sunbelt 3.2.1858.2 2010.02.03 -
TheHacker 6.5.1.0.178 2010.02.03 W32/PEPatcher.gen
TrendMicro 9.120.0.1004 2010.02.03 PE_PATCHEP.A
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.3.2170 2010.02.03 Win32.Patched.C
VirusBuster 5.0.21.0 2010.02.03 Win32.Agent.IMP
Rozšiřující informace
File size: 14848 bytes
MD5...: 7471eea1dfb2baa638b79e9afee8c746
SHA1..: d07b54cd5d90d7988f07438336420625e014f32b
SHA256: c9125526e200e4f2dc0f459348dff7345a70f650da10e69b0db411d1108fed1f
ssdeep: 384:lbY9gHUJemIeSbWC8iLW74a8WfMptsN0BhgO49:ljsiQzRfMpy0BF4<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x6000<BR>timedatestamp.....: 0x41107b4d (Wed Aug 04 05:59:41 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x10d0 0x1200 6.01 d107b4f218abee66665545859fb9cc89<BR>.data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250<BR>.rsrc 0x4000 0x3000 0x2200 6.46 d5d487f373972e5f98657f436d6dabf5<BR><BR>( 5 imports ) <BR>> ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf<BR>> KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery<BR>> ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter<BR>> LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo<BR>> SAMSRV.dll: SamIInitialize, SampUsingDsData<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: LSA Shell (Export Version)<BR>original name: lsass.exe<BR>internal name: lsass.exe<BR>file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
4. winlogon.exe
Soubor winlogon.exe přijatý 2010.02.03 18:54:02 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.03 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2010.02.03 Win32/Liger
AntiVir 7.9.1.158 2010.02.03 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2010.02.03 Trojan/Win32.Patched.gen
Authentium 5.2.0.5 2010.02.03 W32/Patched.D.gen!Eldorado
Avast 4.8.1351.0 2010.02.02 Win32:Patched-CK
AVG 9.0.0.730 2010.02.03 Win32/PEPatch.AO
BitDefender 7.2 2010.02.03 Trojan.Patched.U
CAT-QuickHeal 10.00 2010.02.03 Trojan.Patched.AA
ClamAV 0.96.0.0-git 2010.02.03 Trojan.Agent-5069
Comodo 3807 2010.02.03 TrojWare.Win32.Patched.B
DrWeb 5.0.1.12222 2010.02.03 Trojan.Starter.384
eSafe 7.0.17.0 2010.02.03 -
eTrust-Vet 35.2.7278 2010.02.03 Win32/Donise.H
F-Prot 4.5.1.85 2010.02.03 W32/Patched.D.gen!Eldorado
F-Secure 9.0.15370.0 2010.02.03 Trojan.Patched.U
Fortinet 4.0.14.0 2010.02.03 W32/Patched.CX
GData 19 2010.02.03 Trojan.Patched.U
Ikarus T3.1.1.80.0 2010.02.03 Trojan.Win32.Patched
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.03 Trojan.Win32.Patched.aa
McAfee 5881 2010.02.03 W32/PEPatcher.c
McAfee-GW-Edition 6.8.5 2010.02.03 Trojan.Patched.Gen
Microsoft 1.5406 2010.02.03 TrojanDownloader:Win32/Donise.C!patched
NOD32 4832 2010.02.03 Win32/TrojanProxy.Agent.NCI
Norman 6.04.03 2010.02.03 -
nProtect 2009.1.8.0 2010.02.03 Virus/W32.Patched.G
Panda 10.0.2.2 2010.02.03 -
PCTools 7.0.3.5 2010.02.03 Win32.Agent.IMP
Prevx 3.0 2010.02.03 -
Rising 22.33.02.04 2010.02.03 Trojan.Win32.Patched.aa
Sophos 4.50.0 2010.02.03 W32/Liger-A
Sunbelt 3.2.1858.2 2010.02.03 -
TheHacker 6.5.1.0.178 2010.02.03 W32/PEPatcher.gen
TrendMicro 9.120.0.1004 2010.02.03 PE_PATCHEP.A
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.3.2170 2010.02.03 Win32.Patched.C
VirusBuster 5.0.21.0 2010.02.03 Win32.Agent.IMP
Rozšiřující informace
File size: 506368 bytes
MD5...: d9bc8bcf463a057e9eed66e3488e1d87
SHA1..: adb548ebdb68dd009c6e91c046711b82c9dff799
SHA256: 96cd2220cb21bdf558cf556e3a6e3e53a67d91ecf10cfd9c8b537e63046516ae
ssdeep: 6144:JYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcrFIzdFz/N5Wjy<BR>fTNQG:JVLBhic7Qy1vSneJFDNhp8<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x80000<BR>timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6f288 0x6f400 6.82 5a133ab60f38b5d739d86c8290fa5a3c<BR>.data 0x71000 0x4d90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30<BR>.rsrc 0x76000 0xb000 0xa200 3.40 2bb1b3745407866a9cbfb9f1d0319594<BR><BR>( 20 imports ) <BR>> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<BR>> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<BR>> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<BR>> GDI32.dll: RemoveFontResourceW, AddFontResourceW<BR>> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree<BR>> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<BR>> NDdeApi.dll: -, -, -, -<BR>> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess<BR>> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<BR>> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<BR>> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<BR>> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<BR>> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage<BR>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<BR>> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<BR>> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -<BR>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<BR>> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff<BR>> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<BR>> WS2_32.dll: -, getaddrinfo, -<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (80.9%)<BR>Win32 Executable Generic (8.0%)<BR>Win32 Dynamic Link Library (generic) (7.1%)<BR>Generic Win/DOS Executable (1.8%)<BR>DOS Executable Generic (1.8%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Windows NT Logon Application<BR>original name: WINLOGON.EXE<BR>internal name: winlogon<BR>file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
Dal som otestovať tie súbory čo sipísal na Virustotale tak pripajam vysledky.
1. svchost.exe
Soubor svchost.exe přijatý 2010.02.03 11:57:19 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.03 Trojan.Patched.CX.75!IK
AntiVir 7.9.1.158 2010.02.03 TR/Patched.CX.75
Ikarus T3.1.1.80.0 2010.02.03 Trojan.Patched.CX.75
K7AntiVirus 7.10.963 2010.02.02 Trojan.Win32.Patched.cx
McAfee+Artemis 5880 2010.02.02 Artemis!9491C2135C30
McAfee-GW-Edition 6.8.5 2010.02.03 Heuristic.LooksLike.Trojan.Patched.L
Sophos 4.50.0 2010.02.03 Mal/Generic-A
TheHacker 6.5.1.0.178 2010.02.03 Trojan/Patched.cx
Rozšiřující informace
File size: 16896 bytes
MD5...: 9491c2135c30b82bb1a6acf928063a59
SHA1..: 9311fb6943c96ba254988e6e02d7419eca6f368f
SHA256: 7a5dfb41fa1996c7b88e7e8db80939fbdd0c9a6c0678dd22af41fb6a075669ef
ssdeep: 384:cYiRrTp13SkhnRCwOV5JpeLCdw9rDpWCl8CbW:WT/3Ska6Lh8C<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2509<BR>timedatestamp.....: 0x41107ed6 (Wed Aug 04 06:14:46 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2c00 0x2c00 6.29 6fc4d075dfb37185ffae8eacb467b822<BR>.data 0x4000 0x1f0 0x200 1.61 553c0ebbbc67abab785f2065a062b522<BR>.rsrc 0x5000 0x2000 0x1000 1.13 0c277f1d169c34cef7c2b672c4e78b97<BR><BR>( 4 imports ) <BR>> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW<BR>> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook<BR>> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid<BR>> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Generic Host Process for Win32 Services<BR>original name: svchost.exe<BR>internal name: svchost.exe<BR>file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
2. explorer.exe
Soubor explorer.exe přijatý 2010.02.03 12:16:47 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.03 Virus.Win32.Virut.q!IK
AhnLab-V3 5.0.0.2 2010.02.03 -
AntiVir 7.9.1.158 2010.02.03 TR/Patched.CX.199
Antiy-AVL 2.0.3.7 2010.02.03 -
Authentium 5.2.0.5 2010.02.03 -
Avast 4.8.1351.0 2010.02.02 -
AVG 9.0.0.730 2010.02.02 -
BitDefender 7.2 2010.02.03 -
CAT-QuickHeal 10.00 2010.02.03 -
ClamAV 0.96.0.0-git 2010.02.03 -
Comodo 3805 2010.02.03 -
DrWeb 5.0.1.12222 2010.02.03 -
eTrust-Vet 35.2.7278 2010.02.03 -
F-Prot 4.5.1.85 2010.02.01 -
F-Secure 9.0.15370.0 2010.02.03 -
Fortinet 4.0.14.0 2010.02.03 -
GData 19 2010.02.03 -
Ikarus T3.1.1.80.0 2010.02.03 Virus.Win32.Virut.q
Jiangmin 13.0.900 2010.02.03 -
K7AntiVirus 7.10.963 2010.02.02 Trojan.Win32.Patched.cx
Kaspersky 7.0.0.125 2010.02.03 -
McAfee 5880 2010.02.02 -
McAfee+Artemis 5880 2010.02.02 -
McAfee-GW-Edition 6.8.5 2010.02.03 Heuristic.LooksLike.Trojan.Patched.K
Microsoft 1.5406 2010.02.03 -
NOD32 4831 2010.02.03 -
Norman 6.04.03 2010.02.03 -
nProtect 2009.1.8.0 2010.02.03 -
Panda 10.0.2.2 2010.02.02 -
PCTools 7.0.3.5 2010.02.03 -
Prevx 3.0 2010.02.03 -
Rising 22.33.02.04 2010.02.03 -
Sophos 4.50.0 2010.02.03 -
Sunbelt 3.2.1858.2 2010.02.03 Trojan.Win32.Malware
TheHacker 6.5.1.0.178 2010.02.03 Trojan/Patched.cx
TrendMicro 9.120.0.1004 2010.02.03 -
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.3.2170 2010.02.03 -
VirusBuster 5.0.21.0 2010.02.03 -
Rozšiřující informace
File size: 1034240 bytes
MD5...: 6b06b770badd3ba36da67304ff587ce2
SHA1..: 3b3fa827ffa6ee96584ff33c55920f9414430c30
SHA256: e72ddacbf0cecf804f2e0990f64f6b7bb024ad12b6a3dffb7c972b194e4ecbb2
ssdeep: 12288:azEut4RuAwGgc7fNuIEGpPoHWr2Rkf8I+skzan1/g/J/v5nn:azEuAwj2f<BR>NuIhakf8I+sk81/g/J/Jn<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1e24e<BR>timedatestamp.....: 0x41107ece (Wed Aug 04 06:14:38 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 4 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x44689 0x44800 6.38 b257b3cd7102cece46cd7366aff0f34b<BR>.data 0x46000 0x1d90 0x1800 1.29 d0b87d8ce5a34731be197efb73b5d7bf<BR>.rsrc 0x48000 0xb2278 0xb2400 6.63 abf6dc1befe1a4a4c7f6ef51d1a6f907<BR>.reloc 0xfb000 0x5000 0x4000 6.30 2cceb568629fcd58f12a65fe9b21d563<BR><BR>( 13 imports ) <BR>> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf<BR>> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW<BR>> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, RegisterWaitForSingleObject, OpenEventW, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, DelayLoadFailureHook, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, GetFileAttributesExW, MulDiv, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, InitializeCriticalSectionAndSpinCount<BR>> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, SetTextColor, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, CreateRectRgnIndirect, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode<BR>> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, CopyRect, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, PtInRect, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, ModifyMenuW, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW<BR>> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess<BR>> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, StrCmpNW, -, -<BR>> SHELL32.dll: -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, ShellExecuteExW, -, -, -, -, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, SHGetSpecialFolderLocation, -, -, -, -, SHGetSpecialFolderPathW, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -<BR>> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop<BR>> OLEAUT32.dll: -, -<BR>> BROWSEUI.dll: -, -, -, -<BR>> SHDOCVW.dll: -, -, -<BR>> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Windows Explorer<BR>original name: EXPLORER.EXE<BR>internal name: explorer<BR>file version.: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
3. lsass.exe
Soubor lsass.exe přijatý 2010.02.03 18:48:48 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.03 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2010.02.03 Win32/Liger
AntiVir 7.9.1.158 2010.02.03 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2010.02.03 Trojan/Win32.Patched.gen
Authentium 5.2.0.5 2010.02.03 W32/Patched.D.gen!Eldorado
Avast 4.8.1351.0 2010.02.02 Win32:Patched-CK
AVG 9.0.0.730 2010.02.03 Win32/PEPatch.AO
BitDefender 7.2 2010.02.03 Trojan.Patched.U
CAT-QuickHeal 10.00 2010.02.03 Trojan.Patched.AA
ClamAV 0.96.0.0-git 2010.02.03 Trojan.Agent-5069
Comodo 3807 2010.02.03 TrojWare.Win32.Patched.B
DrWeb 5.0.1.12222 2010.02.03 Trojan.Starter.384
eSafe 7.0.17.0 2010.02.03 -
eTrust-Vet 35.2.7278 2010.02.03 Win32/Donise.H
F-Prot 4.5.1.85 2010.02.03 W32/Patched.D.gen!Eldorado
F-Secure 9.0.15370.0 2010.02.03 Trojan.Patched.U
Fortinet 4.0.14.0 2010.02.03 W32/Patched.CX
GData 19 2010.02.03 Trojan.Patched.U
Ikarus T3.1.1.80.0 2010.02.03 Trojan.Win32.Patched
Jiangmin 13.0.900 2010.02.03 Win32/InfectExplorer.c
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.03 Trojan.Win32.Patched.aa
McAfee 5881 2010.02.03 W32/PEPatcher.c
McAfee+Artemis 5881 2010.02.03 W32/PEPatcher.c
McAfee-GW-Edition 6.8.5 2010.02.03 Heuristic.LooksLike.Win32.SuspiciousPE.H
Microsoft 1.5406 2010.02.03 TrojanDownloader:Win32/Donise.C!patched
NOD32 4832 2010.02.03 Win32/TrojanProxy.Agent.NCI
Norman 6.04.03 2010.02.03 W32/Smalltroj.DGHM
nProtect 2009.1.8.0 2010.02.03 Virus/W32.Patched.G
Panda 10.0.2.2 2010.02.03 W32/PatchLog.gen
PCTools 7.0.3.5 2010.02.03 Win32.Agent.IMP
Prevx 3.0 2010.02.03 -
Rising 22.33.02.04 2010.02.03 Trojan.Win32.Patched.aa
Sophos 4.50.0 2010.02.03 W32/Liger-A
Sunbelt 3.2.1858.2 2010.02.03 -
TheHacker 6.5.1.0.178 2010.02.03 W32/PEPatcher.gen
TrendMicro 9.120.0.1004 2010.02.03 PE_PATCHEP.A
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.3.2170 2010.02.03 Win32.Patched.C
VirusBuster 5.0.21.0 2010.02.03 Win32.Agent.IMP
Rozšiřující informace
File size: 14848 bytes
MD5...: 7471eea1dfb2baa638b79e9afee8c746
SHA1..: d07b54cd5d90d7988f07438336420625e014f32b
SHA256: c9125526e200e4f2dc0f459348dff7345a70f650da10e69b0db411d1108fed1f
ssdeep: 384:lbY9gHUJemIeSbWC8iLW74a8WfMptsN0BhgO49:ljsiQzRfMpy0BF4<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x6000<BR>timedatestamp.....: 0x41107b4d (Wed Aug 04 05:59:41 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x10d0 0x1200 6.01 d107b4f218abee66665545859fb9cc89<BR>.data 0x3000 0x6c 0x200 0.20 86a789a893c60d5e207d053188cdc250<BR>.rsrc 0x4000 0x3000 0x2200 6.46 d5d487f373972e5f98657f436d6dabf5<BR><BR>( 5 imports ) <BR>> ADVAPI32.dll: FreeSid, CheckTokenMembership, AllocateAndInitializeSid, OpenThreadToken, ImpersonateSelf, RevertToSelf<BR>> KERNEL32.dll: CloseHandle, GetCurrentThread, ExitThread, SetUnhandledExceptionFilter, SetErrorMode, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, RtlUnwind, InterlockedExchange, VirtualQuery<BR>> ntdll.dll: NtSetInformationProcess, RtlInitUnicodeString, NtCreateEvent, NtOpenEvent, NtSetEvent, NtClose, NtRaiseHardError, RtlAdjustPrivilege, NtShutdownSystem, RtlUnhandledExceptionFilter<BR>> LSASRV.dll: LsaISetupWasRun, LsapDsDebugInitialize, LsapAuOpenSam, LsapCheckBootMode, ServiceInit, LsapInitLsa, LsapDsInitializePromoteInterface, LsapDsInitializeDsStateInfo<BR>> SAMSRV.dll: SamIInitialize, SampUsingDsData<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: LSA Shell (Export Version)<BR>original name: lsass.exe<BR>internal name: lsass.exe<BR>file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
4. winlogon.exe
Soubor winlogon.exe přijatý 2010.02.03 18:54:02 (UTC)Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.02.03 Trojan.Win32.Patched!IK
AhnLab-V3 5.0.0.2 2010.02.03 Win32/Liger
AntiVir 7.9.1.158 2010.02.03 TR/Patched.Gen
Antiy-AVL 2.0.3.7 2010.02.03 Trojan/Win32.Patched.gen
Authentium 5.2.0.5 2010.02.03 W32/Patched.D.gen!Eldorado
Avast 4.8.1351.0 2010.02.02 Win32:Patched-CK
AVG 9.0.0.730 2010.02.03 Win32/PEPatch.AO
BitDefender 7.2 2010.02.03 Trojan.Patched.U
CAT-QuickHeal 10.00 2010.02.03 Trojan.Patched.AA
ClamAV 0.96.0.0-git 2010.02.03 Trojan.Agent-5069
Comodo 3807 2010.02.03 TrojWare.Win32.Patched.B
DrWeb 5.0.1.12222 2010.02.03 Trojan.Starter.384
eSafe 7.0.17.0 2010.02.03 -
eTrust-Vet 35.2.7278 2010.02.03 Win32/Donise.H
F-Prot 4.5.1.85 2010.02.03 W32/Patched.D.gen!Eldorado
F-Secure 9.0.15370.0 2010.02.03 Trojan.Patched.U
Fortinet 4.0.14.0 2010.02.03 W32/Patched.CX
GData 19 2010.02.03 Trojan.Patched.U
Ikarus T3.1.1.80.0 2010.02.03 Trojan.Win32.Patched
K7AntiVirus 7.10.966 2010.02.03 -
Kaspersky 7.0.0.125 2010.02.03 Trojan.Win32.Patched.aa
McAfee 5881 2010.02.03 W32/PEPatcher.c
McAfee-GW-Edition 6.8.5 2010.02.03 Trojan.Patched.Gen
Microsoft 1.5406 2010.02.03 TrojanDownloader:Win32/Donise.C!patched
NOD32 4832 2010.02.03 Win32/TrojanProxy.Agent.NCI
Norman 6.04.03 2010.02.03 -
nProtect 2009.1.8.0 2010.02.03 Virus/W32.Patched.G
Panda 10.0.2.2 2010.02.03 -
PCTools 7.0.3.5 2010.02.03 Win32.Agent.IMP
Prevx 3.0 2010.02.03 -
Rising 22.33.02.04 2010.02.03 Trojan.Win32.Patched.aa
Sophos 4.50.0 2010.02.03 W32/Liger-A
Sunbelt 3.2.1858.2 2010.02.03 -
TheHacker 6.5.1.0.178 2010.02.03 W32/PEPatcher.gen
TrendMicro 9.120.0.1004 2010.02.03 PE_PATCHEP.A
VBA32 3.12.12.1 2010.02.03 -
ViRobot 2010.2.3.2170 2010.02.03 Win32.Patched.C
VirusBuster 5.0.21.0 2010.02.03 Win32.Agent.IMP
Rozšiřující informace
File size: 506368 bytes
MD5...: d9bc8bcf463a057e9eed66e3488e1d87
SHA1..: adb548ebdb68dd009c6e91c046711b82c9dff799
SHA256: 96cd2220cb21bdf558cf556e3a6e3e53a67d91ecf10cfd9c8b537e63046516ae
ssdeep: 6144:JYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcrFIzdFz/N5Wjy<BR>fTNQG:JVLBhic7Qy1vSneJFDNhp8<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x80000<BR>timedatestamp.....: 0x41107edc (Wed Aug 04 06:14:52 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x6f288 0x6f400 6.82 5a133ab60f38b5d739d86c8290fa5a3c<BR>.data 0x71000 0x4d90 0x2000 6.20 baa64d00a5f8a540a38a60d2aff66f30<BR>.rsrc 0x76000 0xb000 0xa200 3.40 2bb1b3745407866a9cbfb9f1d0319594<BR><BR>( 20 imports ) <BR>> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorA, A_SHAInit, A_SHAUpdate, A_SHAFinal, LsaStorePrivateData, LsaRetrievePrivateData, LsaNtStatusToWinError, CryptGetUserKey, CryptGetKeyParam, CryptEncrypt, CryptSetProvParam, CryptSignHashW, CryptDeriveKey, CryptGetProvParam, RegOpenCurrentUser, RegDeleteKeyW, AddAccessAllowedAceEx, RegSetKeySecurity, I_ScSendTSMessage, MD5Init, MD5Update, MD5Final, SetFileSecurityA, AllocateLocallyUniqueId, LsaOpenPolicy, LsaQueryInformationPolicy, LsaFreeMemory, LsaClose, RegNotifyChangeKeyValue, QueryServiceConfigW, SetKernelObjectSecurity, ConvertStringSecurityDescriptorToSecurityDescriptorW, RegEnumKeyExW, GetCurrentHwProfileW, RegCloseKey, RegQueryValueExW, RegOpenKeyW, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExW, CreateProcessAsUserW, DuplicateTokenEx, CloseServiceHandle, ControlService, StartServiceW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, EqualSid, GetTokenInformation, RegSetValueExW, RegCreateKeyExW, CryptGenRandom, CryptDestroyHash, CryptVerifySignatureW, CryptSetHashParam, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDecrypt, ReportEventW, RegisterEventSourceW, CryptImportKey, CryptAcquireContextW, CryptReleaseContext, CryptDestroyKey, RegEnumValueW, RegQueryInfoKeyW, RegDeleteValueW, CredFree, CredDeleteW, CredEnumerateW, CopySid, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetUserNameW, OpenThreadToken, EnumServicesStatusW, ImpersonateLoggedOnUser, RegQueryValueExA, CheckTokenMembership, DeregisterEventSource, LsaGetUserName, RevertToSelf, LookupAccountSidW, IsValidSid, SetTokenInformation, LogonUserW, LookupAccountNameW, OpenProcessToken, SynchronizeWindows31FilesAndWindowsNTRegistry, QueryWindows31FilesMigration, AdjustTokenPrivileges, RegQueryInfoKeyA<BR>> AUTHZ.dll: AuthzInitializeResourceManager, AuthzAccessCheck, AuthziFreeAuditEventType, AuthziInitializeAuditEvent, AuthziInitializeAuditParams, AuthziInitializeAuditEventType, AuthziLogAuditEvent, AuthzFreeAuditEvent, AuthzFreeResourceManager, AuthzFreeHandle<BR>> CRYPT32.dll: CryptImportPublicKeyInfo, CryptVerifyMessageSignature, CertCreateCertificateContext, CertSetCertificateContextProperty, CertVerifyCertificateChainPolicy, CryptSignMessage, CertCloseStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFindExtension, CryptDecryptMessage, CertGetCertificateContextProperty, CertAddCertificateContextToStore, CertOpenStore, CertVerifySubjectCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertFreeCertificateContext, CertEnumCertificatesInStore, CryptImportPublicKeyInfoEx<BR>> GDI32.dll: RemoveFontResourceW, AddFontResourceW<BR>> KERNEL32.dll: WTSGetActiveConsoleSessionId, GetTimeFormatW, GetUserDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, GetProcAddress, LoadLibraryW, GetModuleHandleW, SystemTimeToFileTime, GetSystemTime, SetLastError, TerminateProcess, GetCurrentProcess, CreateTimerQueueTimer, CreateThread, lstrcpynW, GetShortPathNameW, GetProfileStringW, FreeLibrary, ReleaseSemaphore, CreateSemaphoreW, GetSystemInfo, GetComputerNameW, GetEnvironmentVariableW, WaitForSingleObjectEx, LoadResource, FindResourceW, SetThreadExecutionState, DeleteTimerQueueTimer, ResetEvent, GetSystemDirectoryW, TransactNamedPipe, SetNamedPipeHandleState, GetTickCount, CreateFileW, GlobalGetAtomNameW, VirtualLock, VirtualQuery, GetDriveTypeW, Beep, OpenMutexW, QueueUserWorkItem, LeaveCriticalSection, EnterCriticalSection, DisconnectNamedPipe, SearchPathW, lstrcatW, LocalReAlloc, ExpandEnvironmentStringsW, TerminateThread, ResumeThread, GetDiskFreeSpaceExW, GlobalMemoryStatusEx, DeleteFileW, WriteProfileStringW, ReadFile, FindVolumeClose, FindNextVolumeW, FindFirstVolumeW, FormatMessageW, SetPriorityClass, MoveFileExW, WaitForMultipleObjectsEx, GetExitCodeProcess, SleepEx, InterlockedExchange, FindClose, FindFirstFileW, GetWindowsDirectoryW, SetTimerQueueTimer, GetComputerNameA, GetVersionExW, VerSetConditionMask, WriteFile, WaitNamedPipeW, WaitForMultipleObjects, ConnectNamedPipe, DuplicateHandle, OpenProcess, GetOverlappedResult, GetVersionExA, lstrcmpW, SetEnvironmentVariableW, UnregisterWait, CreateNamedPipeW, CreateRemoteThread, CreateActCtxW, GetModuleFileNameW, ExitProcess, LoadLibraryExW, SetErrorMode, SetUnhandledExceptionFilter, GetPrivateProfileStringW, LocalSize, VirtualAlloc, VirtualQueryEx, DebugBreak, CreateFileA, InitializeCriticalSection, ProcessIdToSessionId, SetInformationJobObject, AssignProcessToJobObject, TerminateJobObject, PostQueuedCompletionStatus, PulseEvent, GetQueuedCompletionStatus, CreateIoCompletionPort, CreateJobObjectW, ActivateActCtx, DeactivateActCtx, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, UnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, GetCurrentProcessId, SetThreadPriority, GetCurrentThreadId, lstrcmpiW, GetProfileIntW, LoadLibraryExA, lstrcpyW, lstrlenW, Sleep, LocalAlloc, CreateEventW, GetExitCodeThread, SetThreadAffinityMask, GetProcessAffinityMask, CreateWaitableTimerW, CreateMutexW, OpenEventW, RegisterWaitForSingleObject, WaitForSingleObject, CreateProcessW, SetWaitableTimer, ReleaseMutex, SetEvent, UnregisterWaitEx, CloseHandle, lstrlenA, lstrcpyA, MultiByteToWideChar, GetACP, WideCharToMultiByte, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, lstrcmpiA, GetFileSize, SetFilePointer, GlobalAlloc, GlobalFree, GetLastError, LocalFree, lstrcatA, lstrcmpA, GetLogicalDriveStringsA, GetDriveTypeA, GetVolumeInformationW, GlobalMemoryStatus, CreateMutexA, FindResourceExW, LockResource, SizeofResource, VerifyVersionInfoW, GetSystemDirectoryA, GetCurrentThread, DelayLoadFailureHook, BaseInitAppcompatCacheSupport, OpenProfileUserMapping, CloseProfileUserMapping, BaseCleanupAppcompatCacheSupport, InitializeCriticalSectionAndSpinCount, VirtualProtect, CreateEventA, TlsSetValue, DeleteCriticalSection, TlsGetValue, TlsAlloc, VirtualFree, TlsFree<BR>> msvcrt.dll: _vsnwprintf, wcslen, wcsncpy, wcsstr, atoi, wcstok, memmove, wcschr, swprintf, swscanf, _local_unwind2, _wcslwr, wcscmp, _snwprintf, malloc, _c_exit, _exit, _XcptFilter, _cexit, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __3@YAXPAX@Z, __2@YAPAXI@Z, __CxxFrameHandler, _itow, _snprintf, _wtol, _strnicmp, sscanf, wcstombs, sprintf, strchr, strncmp, atof, _ftol, isspace, __set_app_type, wcscpy, _controlfp, wcsncmp, _wcsupr, ceil, wcscat, _except_handler3, free, _wcsicmp<BR>> NDdeApi.dll: -, -, -, -<BR>> ntdll.dll: RtlAllocateHeap, NtPowerInformation, NtSetSystemPowerState, NtRaiseHardError, RtlDeleteCriticalSection, NtOpenSymbolicLinkObject, NtReplyPort, NtCompleteConnectPort, NtReplyWaitReceivePort, NtAcceptConnectPort, NtCreatePort, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, NtLockProductActivationKeys, RtlTimeToTimeFields, NtUnmapViewOfSection, NtMapViewOfSection, NtOpenSection, NtQuerySymbolicLinkObject, NtQueryVolumeInformationFile, NtSetSecurityObject, RtlAdjustPrivilege, NtOpenFile, NtFsControlFile, RtlAllocateAndInitializeSid, RtlDestroyEnvironment, RtlFreeHeap, NtQueryInformationToken, NtShutdownSystem, RtlEnterCriticalSection, RtlLeaveCriticalSection, RtlInitializeCriticalSection, RtlCreateEnvironment, RtlQueryEnvironmentVariable_U, RtlSetEnvironmentVariable, RtlInitUnicodeString, NtOpenKey, NtQueryValueKey, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, NtAllocateLocallyUniqueId, RtlGetDaclSecurityDescriptor, RtlCopySid, RtlLengthSid, NtSetInformationThread, NtDuplicateToken, NtDuplicateObject, RtlEqualSid, RtlSetDaclSecurityDescriptor, NtClose, RtlOpenCurrentUser, RtlCreateSecurityDescriptor, RtlAddAce, RtlCreateAcl, RtlNtStatusToDosError, NtOpenDirectoryObject, NtQuerySystemInformation, NtCreateEvent, NtCreatePagingFile, RtlDosPathNameToNtPathName_U, RtlRegisterWait, NtSetValueKey, NtCreateKey, RtlTimeToSecondsSince1980, NtQuerySystemTime, NtPrivilegeObjectAuditAlarm, NtPrivilegeCheck, NtOpenThreadToken, NtOpenProcessToken, RtlUnhandledExceptionFilter, NtQueryInformationProcess, DbgBreakPoint, RtlCheckProcessParameters, RtlSetThreadIsCritical, RtlSetProcessIsCritical, RtlInitString, NtInitiatePowerAction, DbgPrint, NtFilterToken, NtQueryInformationJobObject, NtOpenEvent, RtlGetAce, RtlQueryInformationAcl, NtQuerySecurityObject, RtlCompareUnicodeString, NtSetInformationProcess<BR>> PROFMAP.dll: InitializeProfileMappingApi, RemapAndMoveUserW<BR>> PSAPI.DLL: EnumProcesses, EnumProcessModules, GetModuleBaseNameW<BR>> REGAPI.dll: RegDefaultUserConfigQueryW, RegUserConfigQuery<BR>> RPCRT4.dll: RpcServerRegisterIfEx, RpcServerUseProtseqEpW, RpcImpersonateClient, I_RpcMapWin32Status, RpcServerRegisterIf, RpcGetAuthorizationContextForClient, RpcFreeAuthorizationContext, RpcServerListen, RpcRevertToSelf, NdrServerCall2, UuidCreate<BR>> Secur32.dll: GetUserNameExW, LsaLookupAuthenticationPackage, LsaRegisterLogonProcess, LsaCallAuthenticationPackage<BR>> SETUPAPI.dll: SetupDiDestroyDeviceInfoList, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceRegistryPropertyW<BR>> USER32.dll: SetFocus, EnumWindows, CreateWindowStationW, RegisterLogonProcess, RecordShutdownReason, LoadLocalFonts, UnhookWindowsHook, SetWindowsHookW, GetWindowTextW, CallNextHookEx, DialogBoxParamW, GetWindowPlacement, GetSystemMenu, DeleteMenu, SetWindowPlacement, SetUserObjectInformationW, GetAsyncKeyState, PostThreadMessageW, SetUserObjectSecurity, CreateDesktopW, KillTimer, GetMessageTime, SetLogonNotifyWindow, UnlockWindowStation, SetTimer, ReplyMessage, UnregisterHotKey, RegisterHotKey, OpenInputDesktop, GetUserObjectInformationW, CloseDesktop, RegisterDeviceNotificationW, SetThreadDesktop, CreateWindowExW, GetMessageW, TranslateMessage, RegisterWindowMessageW, SetCursor, DefWindowProcW, FindWindowW, MessageBoxW, SendNotifyMessageW, PostQuitMessage, MsgWaitForMultipleObjects, GetWindowRect, GetSystemMetrics, PeekMessageW, DispatchMessageW, SetProcessWindowStation, UpdateWindow, ShowWindow, SetWindowPos, PostMessageW, ExitWindowsEx, EnumDisplayMonitors, SystemParametersInfoW, GetDlgItem, SendMessageW, CreateDialogParamW, DestroyWindow, GetWindowLongW, GetDlgItemTextW, EndDialog, SetWindowLongW, LoadStringW, SetWindowTextW, SetDlgItemTextW, wsprintfW, wsprintfA, LockWindowStation, MBToWCSEx, SetWindowStationUser, UpdatePerUserSystemParameters, DialogBoxIndirectParamW, wvsprintfW, SetLastErrorEx, LoadCursorW, CheckDlgButton, IsDlgButtonChecked, RegisterClassW, CloseWindowStation, LoadImageW, GetParent, GetKeyState, GetDesktopWindow, SetForegroundWindow, SwitchDesktop, OpenDesktopW<BR>> USERENV.dll: WaitForUserPolicyForegroundProcessing, GetAllUsersProfileDirectoryW, -, -, -, -, WaitForMachinePolicyForegroundProcessing, -, -, -, UnloadUserProfile, LoadUserProfileW, GetUserProfileDirectoryW, RegisterGPNotification, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnregisterGPNotification, -<BR>> VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW<BR>> WINSTA.dll: WinStationRequestSessionsList, WinStationQueryLogonCredentialsW, WinStationIsHelpAssistantSession, WinStationAutoReconnect, _WinStationWaitForConnect, WinStationDisconnect, _WinStationCallback, WinStationNameFromLogonIdW, _WinStationFUSCanRemoteUserDisconnect, WinStationEnumerate_IndexedW, WinStationGetMachinePolicy, WinStationQueryInformationW, WinStationFreeMemory, WinStationReset, _WinStationNotifyDisconnectPipe, WinStationConnectW, WinStationSetInformationW, WinStationShutdownSystem, WinStationCheckLoopBack, _WinStationNotifyLogon, _WinStationNotifyLogoff<BR>> WINTRUST.dll: CryptCATCatalogInfoFromContext, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminAcquireContext, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseCatalogContext, WTHelperProvDataFromStateData, WinVerifyTrust, WTHelperGetProvSignerFromChain, CryptCATAdminReleaseContext<BR>> WS2_32.dll: -, getaddrinfo, -<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win64 Executable Generic (80.9%)<BR>Win32 Executable Generic (8.0%)<BR>Win32 Dynamic Link Library (generic) (7.1%)<BR>Generic Win/DOS Executable (1.8%)<BR>DOS Executable Generic (1.8%)
sigcheck:<BR>publisher....: Microsoft Corporation<BR>copyright....: (c) Microsoft Corporation. All rights reserved.<BR>product......: Microsoft_ Windows_ Operating System<BR>description..: Windows NT Logon Application<BR>original name: WINLOGON.EXE<BR>internal name: winlogon<BR>file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
