<table border="1"><tr><td colspan="4">文件 _____.exe 接收于 2009.09.17 15:10:13 (UTC)</td></tr><tr><td>反病毒引擎</td><td>版本</td><td>最后更新</td><td>扫描结果</td</tr><tr><td>a-squared</td><td>4.5.0.24</td><td>2009.09.17</td><td style="color: red;">Trojan.Generic!IK</td</tr><tr><td>AhnLab-V3</td><td>5.0.0.2</td><td>2009.09.17</td><td>-</td</tr><tr><td>AntiVir</td><td>7.9.1.19</td><td>2009.09.17</td><td style="color: red;">HEUR/Crypted</td</tr><tr><td>Antiy-AVL</td><td>2.0.3.7</td><td>2009.09.17</td><td>-</td</tr><tr><td>Authentium</td><td>5.1.2.4</td><td>2009.09.17</td><td style="color: red;">W32/Threat-HLLAU-based!Maximus</td</tr><tr><td>Avast</td><td>4.8.1351.0</td><td>2009.09.17</td><td>-</td</tr><tr><td>AVG</td><td>8.5.0.412</td><td>2009.09.17</td><td style="color: red;">Agent2.QFL.dropper</td</tr><tr><td>BitDefender</td><td>7.2</td><td>2009.09.17</td><td style="color: red;">Dropped:Trojan.Generic.2370426</td</tr><tr><td>CAT-QuickHeal</td><td>10.00</td><td>2009.09.17</td><td>-</td</tr><tr><td>ClamAV</td><td>0.94.1</td><td>2009.09.17</td><td>-</td</tr><tr><td>Comodo</td><td>2349</td><td>2009.09.17</td><td>-</td</tr><tr><td>DrWeb</td><td>5.0.0.12182</td><td>2009.09.17</td><td>-</td</tr><tr><td>eSafe</td><td>7.0.17.0</td><td>2009.09.17</td><td style="color: red;">Suspicious File</td</tr><tr><td>eTrust-Vet</td><td>31.6.6743</td><td>2009.09.17</td><td>-</td</tr><tr><td>F-Prot</td><td>4.5.1.85</td><td>2009.09.17</td><td style="color: red;">W32/Threat-HLLAU-based!Maximus</td</tr><tr><td>F-Secure</td><td>8.0.14470.0</td><td>2009.09.17</td><td style="color: red;">Suspicious:W32/Malware!Gemini</td</tr><tr><td>Fortinet</td><td>3.120.0.0</td><td>2009.09.17</td><td>-</td</tr><tr><td>GData</td><td>19</td><td>2009.09.17</td><td style="color: red;">Dropped:Trojan.Generic.2370426</td</tr><tr><td>Ikarus</td><td>T3.1.1.72.0</td><td>2009.09.17</td><td style="color: red;">Trojan.Generic</td</tr><tr><td>Jiangmin</td><td>11.0.800</td><td>2009.09.17</td><td>-</td</tr><tr><td>K7AntiVirus</td><td>7.10.847</td><td>2009.09.17</td><td>-</td</tr><tr><td>Kaspersky</td><td>7.0.0.125</td><td>2009.09.17</td><td>-</td</tr><tr><td>McAfee</td><td>5743</td><td>2009.09.16</td><td style="color: red;">New Malware.je</td</tr><tr><td>McAfee+Artemis</td><td>5743</td><td>2009.09.16</td><td style="color: red;">Suspect-29!6D0476738E29</td</tr><tr><td>McAfee-GW-Edition</td><td>6.8.5</td><td>2009.09.17</td><td style="color: red;">Heuristic.BehavesLike.Win32.Spyware.A</td</tr><tr><td>Microsoft</td><td>1.5005</td><td>2009.09.17</td><td>-</td</tr><tr><td>NOD32</td><td>4434</td><td>2009.09.17</td><td style="color: red;">a variant of Win32/PSW.QQTen.AR</td</tr><tr><td>Norman</td><td>6.01.09</td><td>2009.09.17</td><td style="color: red;">W32/Malware.IROJ</td</tr><tr><td>nProtect</td><td>2009.1.8.0</td><td>2009.09.17</td><td>-</td</tr><tr><td>Panda</td><td>10.0.2.2</td><td>2009.09.16</td><td style="color: red;">Suspicious file</td</tr><tr><td>PCTools</td><td>4.4.2.0</td><td>2009.09.17</td><td>-</td</tr><tr><td>Prevx</td><td>3.0</td><td>2009.09.17</td><td>-</td</tr><tr><td>Rising</td><td>21.47.34.00</td><td>2009.09.17</td><td>-</td</tr><tr><td>Sophos</td><td>4.45.0</td><td>2009.09.17</td><td style="color: red;">Mal/Generic-A</td</tr><tr><td>Sunbelt</td><td>3.2.1858.2</td><td>2009.09.17</td><td>-</td</tr><tr><td>Symantec</td><td>1.4.4.12</td><td>2009.09.17</td><td>-</td</tr><tr><td>TheHacker</td><td>6.3.4.4.404</td><td>2009.09.15</td><td>-</td</tr><tr><td>TrendMicro</td><td>8.950.0.1094</td><td>2009.09.17</td><td style="color: red;">PAK_Generic.001</td</tr><tr><td>VBA32</td><td>3.12.10.10</td><td>2009.09.17</td><td style="color: red;">Win32.Agent.QAI</td</tr><tr><td>ViRobot</td><td>2009.9.17.1941</td><td>2009.09.17</td><td>-</td</tr><tr><td>VirusBuster</td><td>4.6.5.0</td><td>2009.09.17</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">附加信息</td></tr><tr><td colspan="4">File size: 47104 bytes</td></tr><tr><td colspan="4">MD5...: 6d0476738e29abe1197560adbdc92345</td></tr><tr><td colspan="4">SHA1..: 4897cba4e61ddaddeb789ee6d0719feabf06ab67</td></tr><tr><td colspan="4">SHA256: b1a6586b1b817bb14abdda07f712ec544d5e184cc4aab32e34304d99e201650b</td></tr><tr><td colspan="4">ssdeep: 768:IYoWojyQP9O7Qa+Q7qQwwUKu2F+tCcrxCiCaVhRl9CFDVpSc7lCZzxFha5:5<BR>8G7IPQwwUFtCcrxCiCIhRvCZvSOI/<BR></td></tr><tr><td colspan="4">PEiD..: -</td></tr><tr><td colspan="4">PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1a001<BR>timedatestamp.....: 0x4aafb2d7 (Tue Sep 15 15:29:27 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>0 0x1000 0xe000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>1 0xf000 0xa000 0x9600 7.98 38c3360482067a2c514ecdd365e18fe3<BR>.rsrc 0x19000 0x1000 0x800 3.36 a39a7f4eb762a4a88836934c83f9fd89<BR>.aspack 0x1a000 0x2000 0x1600 5.62 871560be0f82bbb77ca42b0341700347<BR>.adata 0x1c000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR><BR>( 10 imports ) <BR>> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA<BR>> ____$.dll: _Installhook<BR>> atl.dll: -<BR>> comctl32.dll: -<BR>> msvcrt.dll: rand<BR>> ntdll.dll: RtlAdjustPrivilege<BR>> ole32.dll: CoInitialize<BR>> oleaut32.dll: -<BR>> shlwapi.dll: StrToIntExA<BR>> user32.dll: wsprintfA<BR><BR>( 0 exports ) <BR></td></tr><tr><td colspan="4">RDS...: NSRL Reference Data Set<BR>-</td></tr><tr><td colspan="4">pdfid.: -</td></tr><tr><td colspan="4">packers (F-Prot): Aspack, UPX</td></tr><tr><td colspan="4">packers (Kaspersky): ASPack, UPX, UPX</td></tr><tr><td colspan="4">sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR></td></tr><tr><td colspan="4">trid..: Win32 EXE Yoda's Crypter (56.9%)<BR>Win32 Executable Generic (18.2%)<BR>Win32 Dynamic Link Library (generic) (16.2%)<BR>Generic Win/DOS Executable (4.2%)<BR>DOS Executable Generic (4.2%)</td></tr><tr><td colspan="4">packers (Authentium): Aspack, UPX</td></tr></table>