da coolman » gio giu 03, 2010 11:34 am
questa e' l'analisi di virus total del seguente file:
C:\Programmi\Application Updater\ApplicationUpdater.exe
Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File ApplicationUpdater.exe received on 2010.05.29 01:13:47 (UTC)
Current status: finished
Result: 0/41 (0.00%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.28.01 2010.05.28 -
AntiVir 8.2.1.242 2010.05.28 -
Antiy-AVL 2.0.3.7 2010.05.26 -
Authentium 5.2.0.5 2010.05.29 -
Avast 4.8.1351.0 2010.05.29 -
Avast5 5.0.332.0 2010.05.29 -
AVG 9.0.0.787 2010.05.29 -
BitDefender 7.2 2010.05.29 -
CAT-QuickHeal 10.00 2010.05.28 -
ClamAV 0.96.0.3-git 2010.05.29 -
Comodo 4942 2010.05.25 -
DrWeb 5.0.2.03300 2010.05.29 -
eSafe 7.0.17.0 2010.05.27 -
eTrust-Vet 35.2.7519 2010.05.29 -
F-Prot 4.6.0.103 2010.05.29 -
F-Secure 9.0.15370.0 2010.05.28 -
Fortinet 4.1.133.0 2010.05.28 -
GData 21 2010.05.29 -
Ikarus T3.1.1.84.0 2010.05.28 -
Jiangmin 13.0.900 2010.05.28 -
Kaspersky 7.0.0.125 2010.05.29 -
McAfee 5.400.0.1158 2010.05.29 -
McAfee-GW-Edition 2010.1 2010.05.28 -
Microsoft 1.5802 2010.05.28 -
NOD32 5154 2010.05.28 -
Norman 6.04.12 2010.05.28 -
nProtect 2010-05-28.01 2010.05.28 -
Panda 10.0.2.7 2010.05.28 -
PCTools 7.0.3.5 2010.05.28 -
Prevx 3.0 2010.05.29 -
Rising 22.49.04.04 2010.05.28 -
Sophos 4.53.0 2010.05.28 -
Sunbelt 6371 2010.05.29 -
Symantec 20101.1.0.89 2010.05.28 -
TheHacker 6.5.2.0.288 2010.05.27 -
TrendMicro 9.120.0.1004 2010.05.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.29 -
VBA32 3.12.12.5 2010.05.28 -
ViRobot 2010.5.20.2326 2010.05.28 -
VirusBuster 5.0.27.0 2010.05.28 -
Additional information
File size: 375296 bytes
MD5 : 70a5f4951487a9c8d2ea47718ad64ee4
SHA1 : 20f7e80d0bb4ebca5291cabfe4c46a68b938f033
SHA256: e751945d2576c90267e123bfd862eb0429e609358af0d7df215254f6af917da0
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x25776
timedatestamp.....: 0x4B28FEE9 (Wed Dec 16 16:38:17 2009)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3BAD0 0x3BC00 6.59 3061ae8dcc6425702aab092b4059f389
.rdata 0x3D000 0xD1F6 0xD200 4.43 7b7abec5acd426ce48fdb59119d1c25b
.data 0x4B000 0x3CD8 0x2000 3.92 3a5795b0fa22f4258dea4693529eba5e
.rsrc 0x4F000 0xC0B4 0xC200 4.37 bf8f5dfc9a8e5d0e11920a4fdff2141d
.reloc 0x5C000 0x45CA 0x4600 5.45 0392691fdb0c29d73b3531c241be811e
( 9 imports )
> advapi32.dll: RegCreateKeyExW, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorLength, MakeSelfRelativeSD, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCloseKey, CreateProcessAsUserW, OpenProcessToken, DuplicateTokenEx, GetTokenInformation, LookupAccountSidW, IsValidSid, GetLengthSid, ConvertSidToStringSidW, CopySid, DeleteService, OpenServiceW, DeregisterEventSource, ReportEventW, RegisterEventSourceW, SetServiceStatus, RegisterServiceCtrlHandlerW, CloseServiceHandle, CreateServiceW, OpenSCManagerW, StartServiceCtrlDispatcherW
> kernel32.dll: CreateDirectoryW, MoveFileExW, DeleteFileW, CopyFileW, GetTempFileNameW, FindFirstFileW, FindNextFileW, FindClose, GetFileAttributesW, GetVersionExW, TerminateProcess, GetModuleHandleA, GetProcAddress, GetVersion, LoadLibraryW, OutputDebugStringA, GetTempPathW, CreateMutexW, GetPrivateProfileStringW, CreateThread, MultiByteToWideChar, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, SetErrorMode, FreeLibrary, SetEnvironmentVariableA, CompareStringW, CompareStringA, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetLocaleInfoA, GetConsoleMode, GetConsoleCP, InitializeCriticalSectionAndSpinCount, LoadLibraryA, ExpandEnvironmentStringsW, ReadFile, WideCharToMultiByte, GetCurrentProcessId, GetCurrentThreadId, FindResourceExW, FindResourceW, LoadResource, LockResource, SizeofResource, SetFilePointer, CreateFileW, WriteFile, HeapAlloc, FormatMessageW, HeapFree, GetProcessHeap, InterlockedIncrement, lstrlenA, OutputDebugStringW, DebugBreak, InterlockedDecrement, lstrlenW, OpenProcess, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, GetModuleHandleW, ReleaseMutex, OpenMutexW, Sleep, SetLastError, CloseHandle, LocalFree, RaiseException, SetEvent, WaitForSingleObject, CreateEventW, GetLastError, GetModuleFileNameW, InitializeCriticalSection, GetTimeZoneInformation, GetDateFormatA, GetTimeFormatA, GetTickCount, QueryPerformanceCounter, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, VirtualFree, HeapCreate, GetModuleFileNameA, GetStdHandle, ExitProcess, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, RtlUnwind, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, HeapSize, HeapReAlloc, HeapDestroy
> ole32.dll: CoCreateInstance, CoTaskMemFree, OleRun
> oleaut32.dll: -, -, -, -, -, -, -
> shell32.dll: ShellExecuteW, SHGetFolderPathW
> shlwapi.dll: PathAppendW, PathAddBackslashW, PathFileExistsW, PathIsDirectoryW
> user32.dll: RealGetWindowClassW, LoadStringW, ModifyMenuW, CharNextW, IsWindow, IsMenu, SetWindowTextW, wvsprintfW, LoadImageW, SendMessageW, LoadBitmapW, GetSystemMetrics
> userenv.dll: LoadUserProfileW, CreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile
> wininet.dll: HttpOpenRequestW, InternetGetConnectedState, InternetQueryOptionW, HttpQueryInfoW, InternetCrackUrlW, InternetCloseHandle, InternetReadFile, HttpSendRequestW, InternetConnectW, InternetOpenW
( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 6144:PCi4SRDgqC9cQspcp6rAfm4bDJXLXAfhiMTjXLv3AAbpWJe:ai4SRD85fmcDJX7ikMHX0pY
sigcheck: publisher....: Spigot, Inc.
copyright....: Copyright (c) 2005-2009 Spigot, Inc.
product......: Application Updater
description..: Application Updater
original name: ApplicationUpdater.exe
internal name: ApplicationUpdater.exe
file version.: 1, 0, 3, 12
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-