the_pillo
The Magnificent
Group: Verified Member
Joined: 09 Jul 2009
Donor: 
Posts: 1105
Gold: 0.00
Clan: Honor
Status:
Warn: 
Reputation: 32
|
 #2 Posted: 01 Dec 2010 10:21 am Post subject: |
 |
|
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=VirTool:Win32/VBInject.gen!DM
could be part of the bot but here is the scan from it. i dont like that panda doesnt trust it.
| Code: |
Antivirus Version Last Update Result
AhnLab-V3 2010.12.01.04 2010.12.01 -
AntiVir 7.10.14.161 2010.12.01 -
Antiy-AVL 2.0.3.7 2010.12.01 -
Avast 4.8.1351.0 2010.12.01 -
Avast5 5.0.677.0 2010.12.01 -
AVG 9.0.0.851 2010.12.01 -
BitDefender 7.2 2010.12.01 -
CAT-QuickHeal 11.00 2010.12.01 -
ClamAV 0.96.4.0 2010.12.01 -
Command 5.2.11.5 2010.12.01 -
Comodo 6913 2010.12.01 -
DrWeb 5.0.2.03300 2010.12.01 -
Emsisoft 5.0.0.50 2010.12.01 -
eSafe 7.0.17.0 2010.12.01 -
eTrust-Vet 36.1.8011 2010.12.01 -
F-Prot 4.6.2.117 2010.11.30 -
F-Secure 9.0.16160.0 2010.12.01 -
Fortinet 4.2.254.0 2010.12.01 -
GData 21 2010.12.01 -
Ikarus T3.1.1.90.0 2010.12.01 -
Jiangmin 13.0.900 2010.12.01 -
K7AntiVirus 9.69.3126 2010.11.30 -
Kaspersky 7.0.0.125 2010.12.01 -
McAfee 5.400.0.1158 2010.12.01 -
McAfee-GW-Edition 2010.1C 2010.12.01 -
Microsoft 1.6402 2010.12.01 VirTool:Win32/VBInject
NOD32 5664 2010.12.01 -
Norman 6.06.10 2010.12.01 -
nProtect 2010-12-01.01 2010.12.01 -
Panda 10.0.2.7 2010.11.30 Suspicious file
PCTools 7.0.3.5 2010.12.01 -
Prevx 3.0 2010.12.01 -
Rising 22.76.01.07 2010.12.01 -
Sophos 4.60.0 2010.12.01 -
SUPERAntiSpyware 4.40.0.1006 2010.12.01 -
Symantec 20101.2.0.161 2010.12.01 -
TheHacker 6.7.0.1.094 2010.12.01 -
TrendMicro 9.120.0.1004 2010.12.01 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.01 -
VBA32 3.12.14.2 2010.12.01 -
VIPRE 7464 2010.12.01 -
ViRobot 2010.12.1.4178 2010.12.01 -
VirusBuster 13.6.68.0 2010.12.01 -
Additional informationShow all
MD5 : 9af8bd0180a19a0d09f058747e946e3b
SHA1 : b444658d53f498715c5889331138e16f7d4dbaf0
SHA256: ec6e31b61c8212b868b8ed50c3816229273878ce7ab7746753b50ce950752888
ssdeep: 6144:I8aubIzs6YLLTykCrMnerylPY3CODBOcaUYg6l5xGXw+Yu8Tk/P:IybI+LLzCrMneryl8C
vLUYgkHSck3
File size : 352256 bytes
First seen: 2010-12-01 11:02:57
Last seen : 2010-12-01 14:18:47
TrID:
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1FA0
timedatestamp....: 0x4CF071D9 (Sat Nov 27 02:50:01 2010)
machinetype......: 0x14c (I386)
[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x767C, 0x8000, 5.63, 1291af998c51670ce861f1ada671a6dc
.data, 0x9000, 0x3A8, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0xA000, 0x4B394, 0x4C000, 7.95, 10d8dc9ec3f5e8c6234e0e03d22431b1
[[ 1 import(s) ]]
MSVBVM60.DLL: __vbaStrI2, _CIcos, _adj_fptan, __vbaAryMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, __vbaFpR8, _CIsin, -, __vbaChkstk, __vbaGenerateBoundsError, __vbaAryConstruct2, __vbaI2I4, DllFunctionCall, __vbaFpUI1, _adj_fpatan, __vbaUI1I2, _CIsqrt, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, -, __vbaUbound, -, -, _CIlog, __vbaErrorOverflow, __vbaVar2Vec, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaAryLock, __vbaStrToAnsi, __vbaFpI2, __vbaFpI4, -, _CIatan, __vbaAryCopy, __vbaStrMove, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaFreeStr
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 32768
Company:
EntryPoint: 0x1fa0
FileDescrip:
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 344 kB
FileSubtype: 0
FileType: Win32 EXE
FileVers:
FileVersionNumber: 6.1.33.0
ImageVersion: 1.0
InitializedDataSize: 315392
Internal:
LanguageCode: English (U.S.)
LegalCopyr:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
PEType: PE32
Product:
ProductVer:
ProductVersionNumber: 6.1.33.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:11:27 03:50:01+01:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight
F-Secure DeepGuard:Suspicious:W32/Malware!Online
|
_____________________
Happiness is a disease, and smiling is the cough that spreads it - pillo-
"When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours." |
|
RPG
Arcade
FAQ/Rules
Search
Memberlist
Usergroups
Live Chat
Log in
Register
