遭遇HBKernel32.sys,53u1ttMe.2ys,HBTL.dll,HBSO2.dll,bcejnmfd.dll等2

最新推荐文章于 2021-01-24 13:34:39 发布

iteye_6637

最新推荐文章于 2021-01-24 13:34:39 发布

阅读量249

点赞数

文章标签：操作系统

遭遇HBKernel32.sys,53u1ttMe.2ys,HBTL.dll,HBSO2.dll,bcejnmfd.dll等2

endurer 原创
2008-10-17 第1版

部分文件信息：

文件说明符 : C:/WINDOWS/system32/Drivers/Beep.sys
属性 : A---
数字签名:Microsoft Corporation
PE文件:是
语言 : 英语(美国)
文件版本 : 5.1.2600.0 (XPClient.010817-1148)
说明 : BEEP Driver
版权 : ? Microsoft Corporation. All rights reserved.
产品版本 : 5.1.2600.0
产品名称 : Microsoft? Windows? Operating System
公司名称 : Microsoft Corporation
内部名称 : beep.sys
源文件名 : beep.sys
创建时间 : 2004-8-17 12:0:0
修改时间 : 2008-10-13 13:12:45
大小 : 4224 字节 4.128 KB
MD5 : da1f27d85e0d1525f6621372e7b685e9
SHA1: E3D2DC5EB273FA701DE8AF13B60D6BAAC7629260
CRC32: 697c40f2

文件说明符 : C:/WINDOWS/system32/drivers/HBKernel32.sys
属性 : A---
数字签名:否
PE文件:否
创建时间 : 2008-10-13 13:12:50
修改时间 : 2008-10-13 13:14:38
大小 : 16915 字节 16.531 KB
MD5 : 122048997c7333b81a0a12d5727de928
SHA1: 0DCB35B1EA2B8E85287D2FECAADB0F25C6D3FB61
CRC32: 574670e9

文件说明符 : C:/WINDOWS/system32/ozmazluz.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:18:21
修改时间 : 2008-10-13 13:18:22
大小 : 2558100 字节 2.450 MB
MD5 : 68fe68afcbbe7566238f06b92cecd887
SHA1: 654670CA51525B951BFBF0DF8458F535ACDAF5A7
CRC32: 59afabbd

文件 ozmazluz.dll 接收于 2008.10.16 03:47:22 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.10.16.0	2008.10.15	Win-Trojan/OnlineGameHack
AntiVir	7.9.0.4	2008.10.15	TR/Agent.553108
Authentium	5.1.0.4	2008.10.15	W32/Onlinegames.4!Generic
Avast	4.8.1248.0	2008.10.15	Win32:OnLineGames-FAG
AVG	8.0.0.161	2008.10.16	PSW.Generic6.AIOJ
BitDefender	7.2	2008.10.16	-
CAT-QuickHeal	9.50	2008.10.14	-
ClamAV	0.93.1	2008.10.15	-
DrWeb	4.44.0.09170	2008.10.16	Trojan.PWS.Wsgame.7678
eSafe	7.0.17.0	2008.10.15	-
eTrust-Vet	31.6.6150	2008.10.16	Win32/GameStealer!generic
Ewido	4.0	2008.10.15	-
F-Prot	4.4.4.56	2008.10.15	W32/Onlinegames.4!Generic
F-Secure	8.0.14332.0	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnoi
Fortinet	3.113.0.0	2008.10.15	-
GData	19	2008.10.16	Win32:OnLineGames-FAG
Ikarus	T3.1.1.34.0	2008.10.16	Virus.Trojan.GameThief.Win32.OnLineGames.tnoi
K7AntiVirus	7.10.496	2008.10.15	-
Kaspersky	7.0.0.125	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnoi
McAfee	5406	2008.10.16	PWS-OnlineGames.ck
Microsoft	1.4005	2008.10.16	PWS:Win32/OnLineGames.GA
NOD32	3525	2008.10.15	probably a variant of Win32/PSW.OnLineGames.NQM
Norman	5.80.02	2008.10.15	W32/OnLineGames.CACO
Panda	9.0.0.4	2008.10.15	-
PCTools	4.4.2.0	2008.10.15	-
Prevx1	V2	2008.10.16	-
Rising	20.66.22.00	2008.10.15	Trojan.PSW.Win32.GameOL.qxh
SecureWeb-Gateway	6.7.6	2008.10.16	-
Sophos	4.34.0	2008.10.16	-
Sunbelt	3.1.1725.1	2008.10.15	-
Symantec	10	2008.10.16	-
TheHacker	6.3.1.0.114	2008.10.15	-
TrendMicro	8.700.0.1004	2008.10.16	-
VBA32	3.12.8.7	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnob
ViRobot	2008.10.15.1421	2008.10.15	-
VirusBuster	4.5.11.0	2008.10.15	Trojan.DL.OnlineGames.Gen.90

附加信息
File size: 2558100 bytes
MD5...: 68fe68afcbbe7566238f06b92cecd887
SHA1..: 654670ca51525b951bfbf0df8458f535acdaf5a7
SHA256: 01e859f37e7c80c16ec5b7deb2f32508e2da937f3cb09b7af9723df6ff9d2d4b
SHA512: 76e51b66a7ec52d4adf39f9bd69427776e182ea10d630bdc47b4c95e8badee8e 0c7a9e4f90e85d45a2aedc8dac9d58bbeb2eefa6234c22543f02cc4ff0dac6d1
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x10003a6a timedatestamp.....: 0x48edb4ad (Thu Oct 09 07:37:17 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2b10 0x2c00 6.13 b58785f208f677d8f9ca9dbbcb654dc4 .rdata 0x4000 0x538 0x600 4.52 230653060299590fe4d05f00713e62a0 .data 0x5000 0x1cc0 0x200 0.42 559cf8e288db86ec5be262b445ef7986 .rsrc 0x7000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x8000 0x52c 0x600 4.56 b64bb50181a1afe8f88ce1fe265b921a ( 3 imports ) > KERNEL32.dll: GetCurrentProcess, Sleep, GetModuleFileNameA, CloseHandle, SetEvent, ExitProcess, GetProcAddress, GetPrivateProfileStringA, GetTickCount, IsBadReadPtr, GetFileSize, ReadFile, SetFilePointer, CreateFileA, HeapAlloc, GetProcessHeap, VirtualProtect, TerminateProcess, GetModuleHandleA, LoadLibraryW, MultiByteToWideChar, LoadLibraryA, OpenEventA, CreateEventA, CreateThread > USER32.dll: SetWindowsHookExA, CallNextHookEx, wvsprintfA, wsprintfA, BroadcastSystemMessageA > MSVCRT.dll: strncat, _strcmpi, _adjust_fdiv, strcpy, strcat, strlen, free, sprintf, strncpy, strchr, abs, memset, strstr, strcmp, malloc, memcpy, _except_handler3, strrchr, realloc, _strlwr, _initterm ( 0 exports )

文件说明符 : C:/WINDOWS/system32/bcejnmfd.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:18:1
修改时间 : 2008-10-13 13:18:3
大小 : 2491820 字节 2.385 MB
MD5 : a352a857716edbca027db31e1f311905
SHA1: 6432E7CBC818FEDB534B138EA96707F9C08B0E7A
CRC32: edabb306

文件 bcejnmfd.dll 接收于 2008.10.16 03:41:14 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.10.16.0	2008.10.15	Win-Trojan/OnlineGameHack
AntiVir	7.9.0.4	2008.10.15	BDS/Agent.D.95
Authentium	5.1.0.4	2008.10.15	W32/Onlinegames.4!Generic
Avast	4.8.1248.0	2008.10.15	Win32:OnLineGames-FAG
AVG	8.0.0.161	2008.10.16	PSW.Generic6.AIKJ
BitDefender	7.2	2008.10.16	-
CAT-QuickHeal	9.50	2008.10.14	-
ClamAV	0.93.1	2008.10.15	-
DrWeb	4.44.0.09170	2008.10.16	Trojan.PWS.Wsgame.7679
eSafe	7.0.17.0	2008.10.15	-
eTrust-Vet	31.6.6150	2008.10.16	Win32/GameStealer!generic
Ewido	4.0	2008.10.15	-
F-Prot	4.4.4.56	2008.10.15	W32/Onlinegames.4!Generic
F-Secure	8.0.14332.0	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnoj
Fortinet	3.113.0.0	2008.10.15	-
GData	19	2008.10.16	Win32:OnLineGames-FAG
Ikarus	T3.1.1.34.0	2008.10.16	Virus.Trojan.GameThief.Win32.OnLineGames.tnoj
K7AntiVirus	7.10.496	2008.10.15	-
Kaspersky	7.0.0.125	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnoj
McAfee	5406	2008.10.16	PWS-OnlineGames.ck
Microsoft	1.4005	2008.10.16	PWS:Win32/OnLineGames.GA
NOD32	3525	2008.10.15	probably a variant of Win32/PSW.OnLineGames.NQM
Norman	5.80.02	2008.10.15	W32/OnLineGames.CACP
Panda	9.0.0.4	2008.10.15	-
PCTools	4.4.2.0	2008.10.15	-
Prevx1	V2	2008.10.16	-
Rising	20.66.22.00	2008.10.15	Trojan.PSW.Win32.GameOL.qxh
SecureWeb-Gateway	6.7.6	2008.10.15	-
Sophos	4.34.0	2008.10.16	-
Sunbelt	3.1.1725.1	2008.10.15	-
Symantec	10	2008.10.16	Infostealer.Gampass
TheHacker	6.3.1.0.114	2008.10.15	-
TrendMicro	8.700.0.1004	2008.10.16	-
VBA32	3.12.8.7	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnoo
ViRobot	2008.10.15.1421	2008.10.15	-
VirusBuster	4.5.11.0	2008.10.15	Trojan.DL.OnlineGames.Gen.90

附加信息
File size: 2491820 bytes
MD5...: a352a857716edbca027db31e1f311905
SHA1..: 6432e7cbc818fedb534b138ea96707f9c08b0e7a
SHA256: 7391d8d770e86832f90f2a5e034164b8f9bb55a61eb7c9cfd63a1f1d2ff0805f
SHA512: c7091d99fc4578b09c1ec52c96fb39bea828b140a7d13975452e7f2866db5d4e 798d14a3a8b6d5cbccfb06bbef7db17688e7991e7b31972208b92fb519c17004
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000366a timedatestamp.....: 0x48edb552 (Thu Oct 09 07:40:02 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2710 0x2800 5.99 0c5be6ac67ddf8463d9a597bf37d2d32 .rdata 0x4000 0x516 0x600 4.40 78eb095c400c84723f845acdf8c6fcaa .data 0x5000 0x688 0x200 0.56 27859577459aee8263d88987c23c415d .rsrc 0x6000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x7000 0x466 0x600 3.80 7550d78428e9ea2e7fa357b284466045 ( 3 imports ) > KERNEL32.dll: GetCurrentProcess, Sleep, GetModuleFileNameA, CloseHandle, SetEvent, ExitProcess, GetPrivateProfileStringA, IsBadReadPtr, GetFileSize, ReadFile, SetFilePointer, CreateFileA, HeapAlloc, GetProcessHeap, VirtualProtect, TerminateProcess, GetProcAddress, GetModuleHandleA, LoadLibraryW, MultiByteToWideChar, LoadLibraryA, OpenEventA, CreateEventA, CreateThread > USER32.dll: SetWindowsHookExA, CallNextHookEx, wvsprintfA, wsprintfA, BroadcastSystemMessageA > MSVCRT.dll: strrchr, _strcmpi, _adjust_fdiv, strcpy, strcat, strlen, free, sprintf, strncpy, strstr, strchr, memset, _strnicmp, malloc, memcpy, _except_handler3, realloc, _strlwr, _initterm ( 0 exports )

文件说明符 : C:/WINDOWS/system32/uhtcnwqw.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:17:19
修改时间 : 2008-10-13 13:17:19
大小 : 2427680 字节 2.322 MB
MD5 : 425c648650869c711438851a8bb35718
SHA1: 7BE598C9508D84DA1F196E6EC57D0AA3A755488A
CRC32: 9aef7868

文件 uhtcnwqw.dll 接收于 2008.10.16 03:57:48 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.10.16.0	2008.10.15	Win-Trojan/OnlineGameHack
AntiVir	7.9.0.4	2008.10.15	TR/PSW.Online.tdy
Authentium	5.1.0.4	2008.10.15	W32/OnlineGames.B.gen!GSA
Avast	4.8.1248.0	2008.10.15	Win32:OnLineGames-FAG
AVG	8.0.0.161	2008.10.16	PSW.OnlineGames.BCLZ
BitDefender	7.2	2008.10.16	-
CAT-QuickHeal	9.50	2008.10.14	-
ClamAV	0.93.1	2008.10.15	-
DrWeb	4.44.0.09170	2008.10.16	Trojan.PWS.Wsgame.7694
eSafe	7.0.17.0	2008.10.15	-
eTrust-Vet	31.6.6150	2008.10.16	Win32/GameStealer!generic
Ewido	4.0	2008.10.15	-
F-Prot	4.4.4.56	2008.10.15	W32/OnlineGames.B.gen!GSA
F-Secure	8.0.14332.0	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnvk
Fortinet	3.113.0.0	2008.10.15	-
GData	19	2008.10.16	Win32:OnLineGames-FAG
Ikarus	T3.1.1.34.0	2008.10.16	Virus.Trojan.GameThief.Win32.OnLineGames.tnvk
K7AntiVirus	7.10.496	2008.10.15	-
Kaspersky	7.0.0.125	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnvk
McAfee	5406	2008.10.16	-
Microsoft	1.4005	2008.10.16	PWS:Win32/OnLineGames.GA
NOD32	3525	2008.10.15	probably a variant of Win32/PSW.OnLineGames.NQM
Norman	5.80.02	2008.10.15	W32/OnLineGames.CAIX
Panda	9.0.0.4	2008.10.15	-
PCTools	4.4.2.0	2008.10.15	-
Prevx1	V2	2008.10.16	-
Rising	20.66.22.00	2008.10.15	Trojan.PSW.Win32.GameOL.qua
SecureWeb-Gateway	6.7.6	2008.10.16	-
Sophos	4.34.0	2008.10.16	-
Sunbelt	3.1.1725.1	2008.10.15	-
Symantec	10	2008.10.16	-
TheHacker	6.3.1.0.114	2008.10.15	-
TrendMicro	8.700.0.1004	2008.10.16	-
VBA32	3.12.8.7	2008.10.16	-
ViRobot	2008.10.15.1421	2008.10.15	-
VirusBuster	4.5.11.0	2008.10.15	-

附加信息
File size: 2427680 bytes
MD5...: 425c648650869c711438851a8bb35718
SHA1..: 7be598c9508d84da1f196e6ec57d0aa3a755488a
SHA256: 490a8e2b42e8b2b3d864e56fe83f68f0b1a9e7af08511c05c4602b3ff3822e88
SHA512: 63da2c77b8a6cbcf863cbcac34f4acadda2728a53ea07500e214976e8447b53f e9de6b047fb35034458520ab8fb8202f0de967def0510236fc3ec531b531d98b
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x1000381a timedatestamp.....: 0x48ef593c (Fri Oct 10 13:31:40 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x28c0 0x2a00 6.05 0fb2d9db108cc26915075eafa393b63f .rdata 0x4000 0x55c 0x600 4.61 6a8f3fe13a3315db842dac4a460e74db .data 0x5000 0x7a0 0x200 0.66 cb4d7a7edba5f53b698fe462d493fed3 .rsrc 0x6000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x7000 0x480 0x600 3.88 040c03c5d18932f4894f33ec52f51c63 ( 3 imports ) > KERNEL32.dll: GetCurrentProcess, Sleep, GetModuleFileNameA, CloseHandle, SetEvent, GetPrivateProfileIntA, GetPrivateProfileStringA, GetTempPathA, DeleteFileA, IsBadReadPtr, GetFileSize, ReadFile, SetFilePointer, CreateFileA, WriteFile, HeapAlloc, GetProcessHeap, VirtualProtect, TerminateProcess, GetProcAddress, GetModuleHandleA, LoadLibraryW, MultiByteToWideChar, LoadLibraryA, OpenEventA, CreateEventA, CreateThread > USER32.dll: SetWindowsHookExA, CallNextHookEx, wvsprintfA, wsprintfA, BroadcastSystemMessageA > MSVCRT.dll: malloc, _strcmpi, _adjust_fdiv, strcpy, strcat, strlen, memset, strncpy, strrchr, atoi, strncmp, free, _strnicmp, memcpy, _except_handler3, realloc, strstr, _strlwr, _initterm ( 0 exports )

文件说明符 : C:/WINDOWS/system32/tpphbrik.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:15:59
修改时间 : 2008-10-13 13:15:59
大小 : 2485164 字节 2.378 MB
MD5 : f41f60d133f9fe579e4cdfa0392f5516
SHA1: F5CAF3CC41A73AD123EA04C6EBF2BC5661AEFEC4
CRC32: 2052eafd

文件 tpphbrik.dll 接收于 2008.10.16 03:52:30 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.10.16.0	2008.10.15	Win-Trojan/OnlineGameHack
AntiVir	7.9.0.4	2008.10.15	TR/PSW.Online.aklr
Authentium	5.1.0.4	2008.10.15	W32/Onlinegames.4!Generic
Avast	4.8.1248.0	2008.10.15	Win32:OnLineGames-FAG
AVG	8.0.0.161	2008.10.16	PSW.OnlineGames.BCHO
BitDefender	7.2	2008.10.16	-
CAT-QuickHeal	9.50	2008.10.14	-
ClamAV	0.93.1	2008.10.15	Trojan.Spy-53858
DrWeb	4.44.0.09170	2008.10.16	Trojan.PWS.Wsgame.7693
eSafe	7.0.17.0	2008.10.15	-
eTrust-Vet	31.6.6150	2008.10.16	Win32/GameStealer!generic
Ewido	4.0	2008.10.15	-
F-Prot	4.4.4.56	2008.10.15	W32/Onlinegames.4!Generic
F-Secure	8.0.14332.0	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tntv
Fortinet	3.113.0.0	2008.10.15	-
GData	19	2008.10.16	Win32:OnLineGames-FAG
Ikarus	T3.1.1.34.0	2008.10.16	Virus.Trojan.GameThief.Win32.OnLineGames.tntv
K7AntiVirus	7.10.496	2008.10.15	-
Kaspersky	7.0.0.125	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tntv
McAfee	5406	2008.10.16	-
Microsoft	1.4005	2008.10.16	PWS:Win32/Lmir.S
NOD32	3525	2008.10.15	probably a variant of Win32/PSW.OnLineGames.NQM
Norman	5.80.02	2008.10.15	W32/OnLineGames.CAGI
Panda	9.0.0.4	2008.10.15	-
PCTools	4.4.2.0	2008.10.15	-
Prevx1	V2	2008.10.16	-
Rising	20.66.22.00	2008.10.15	Trojan.PSW.Win32.GameOL.qtn
SecureWeb-Gateway	6.7.6	2008.10.16	-
Sophos	4.34.0	2008.10.16	-
Sunbelt	3.1.1725.1	2008.10.15	-
Symantec	10	2008.10.16	Infostealer.Gampass
TheHacker	6.3.1.0.114	2008.10.15	-
TrendMicro	8.700.0.1004	2008.10.16	-
VBA32	3.12.8.7	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tntu
ViRobot	2008.10.15.1421	2008.10.15	-
VirusBuster	4.5.11.0	2008.10.15	-

附加信息
File size: 2485164 bytes
MD5...: f41f60d133f9fe579e4cdfa0392f5516
SHA1..: f5caf3cc41a73ad123ea04c6ebf2bc5661aefec4
SHA256: 20e1efaf70d24ffbca1d24b56a6284e13bd71dfd0cd908f9197a0977b14e373c
SHA512: 0834b4a002c13211377975e128b3ac1e749e00f9168ee236cf7f81fd65266bc8 290aefa10446fd20154d42676e86480e32f2ccf1f67faadd65339dc5fd2f6441
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100037da timedatestamp.....: 0x48ef0be7 (Fri Oct 10 08:01:43 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2880 0x2a00 6.09 ebe0f5925e0cd4240139a323cd09eeb8 .rdata 0x4000 0x4d8 0x600 4.20 5d12515fdb43a5e0cc33dc505034607e .data 0x5000 0x1710 0x200 0.81 e1a4caf2559929cceff518b2d00bafe9 .rsrc 0x7000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x8000 0x4e8 0x600 4.37 a28844c4424a133d623e2c7dc782578b ( 3 imports ) > KERNEL32.dll: ReadFile, GetFileSize, CreateFileA, GetProcAddress, CreateEventA, OpenEventA, TerminateProcess, GetCurrentProcess, GetModuleFileNameA, SetEvent, SetFilePointer, HeapAlloc, GetProcessHeap, VirtualProtect, CloseHandle, GetModuleHandleA, LoadLibraryW, MultiByteToWideChar, LoadLibraryA, CreateThread, Sleep, ExitProcess > USER32.dll: SetWindowsHookExA, CallNextHookEx, wvsprintfA, wsprintfA, BroadcastSystemMessageA > MSVCRT.dll: strrchr, _strcmpi, _adjust_fdiv, free, sprintf, strlen, strcpy, strcat, strncpy, strchr, strstr, memset, malloc, strcmp, memcpy, _except_handler3, realloc, _strlwr, _initterm ( 0 exports )

文件说明符 : C:/WINDOWS/system32/flirxttw.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:15:39
修改时间 : 2008-10-13 13:15:39
大小 : 2180524 字节 2.81 MB
MD5 : 47930b9bcfa41c59819e89b9d64b5074
SHA1: E470F87D053D6D7C42DCF70654F8D0B6C299179E
CRC32: 267b5698

文件 flirxttw.dll 接收于 2008.10.16 03:34:46 (CET)

反病毒引擎	版本	最后更新	扫描结果
AhnLab-V3	2008.10.16.0	2008.10.15	Win-Trojan/OnlineGameHack
AntiVir	7.9.0.4	2008.10.15	TR/PSW.Online.aklr
Authentium	5.1.0.4	2008.10.15	W32/OnlineGames.B.gen!GSA
Avast	4.8.1248.0	2008.10.15	Win32:OnLineGames-FAG
AVG	8.0.0.161	2008.10.16	PSW.Generic6.AIKH
BitDefender	7.2	2008.10.16	-
CAT-QuickHeal	9.50	2008.10.14	-
ClamAV	0.93.1	2008.10.15	-
DrWeb	4.44.0.09170	2008.10.16	Trojan.PWS.Wsgame.7678
eSafe	7.0.17.0	2008.10.15	-
eTrust-Vet	31.6.6150	2008.10.16	Win32/GameStealer!generic
Ewido	4.0	2008.10.15	-
F-Prot	4.4.4.56	2008.10.15	W32/OnlineGames.B.gen!GSA
F-Secure	8.0.14332.0	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnmj
Fortinet	3.113.0.0	2008.10.15	-
GData	19	2008.10.16	Win32:OnLineGames-FAG
Ikarus	T3.1.1.34.0	2008.10.16	Virus.Trojan.GameThief.Win32.OnLineGames.tnmj
K7AntiVirus	7.10.496	2008.10.15	-
Kaspersky	7.0.0.125	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnmj
McAfee	5406	2008.10.16	PWS-OnlineGames.ck
Microsoft	1.4005	2008.10.16	PWS:Win32/OnLineGames.GA
NOD32	3525	2008.10.15	probably a variant of Win32/PSW.OnLineGames.NQM
Norman	5.80.02	2008.10.15	W32/OnLineGames.CACG
Panda	9.0.0.4	2008.10.15	-
PCTools	4.4.2.0	2008.10.15	-
Prevx1	V2	2008.10.16	-
Rising	20.66.22.00	2008.10.15	Trojan.PSW.Win32.GameOL.qxh
SecureWeb-Gateway	6.7.6	2008.10.15	-
Sophos	4.34.0	2008.10.16	-
Sunbelt	3.1.1725.1	2008.10.15	-
Symantec	10	2008.10.16	-
TheHacker	6.3.1.0.114	2008.10.15	-
TrendMicro	8.700.0.1004	2008.10.16	-
VBA32	3.12.8.7	2008.10.16	Trojan-GameThief.Win32.OnLineGames.tnlo
ViRobot	2008.10.15.1421	2008.10.15	-
VirusBuster	4.5.11.0	2008.10.15	Trojan.DL.OnlineGames.Gen.90

附加信息
File size: 2180524 bytes
MD5...: 47930b9bcfa41c59819e89b9d64b5074
SHA1..: e470f87d053d6d7c42dcf70654f8d0b6c299179e
SHA256: 24efc3483fe6800cc246341e7b5e84983131317e1d6f97b395cebb9ba306f471
SHA512: 43dff472d04eae9f86c038d5e39b76e3c07436f1d90a8acfe0d5db951c73bc7f f8e03c79777144d7f35c245b3ea161ceffc61f16d96d1320e0268c8b6cbd2560
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x100036ba timedatestamp.....: 0x48ecb7a2 (Wed Oct 08 13:37:38 2008) machinetype.......: 0x14c (I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2760 0x2800 6.11 aff661ddff4f786bdfdce566f5e5113d .rdata 0x4000 0x560 0x600 4.61 7d2e08a4c5b86486751f1cfe598570bc .data 0x5000 0x8b0 0x200 0.42 c7d57133016c8b68b8f48ccbe0d2119e .rsrc 0x6000 0x10 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .reloc 0x7000 0x48c 0x600 3.90 db0e74022b724a7f271bafb3a057ac4d ( 3 imports ) > KERNEL32.dll: GetCurrentProcess, Sleep, GetModuleFileNameA, CloseHandle, SetEvent, ExitProcess, ReadFile, GetFileSize, CreateFileA, GetCommandLineW, GetProcAddress, GetModuleHandleA, IsBadReadPtr, SetFilePointer, HeapAlloc, GetProcessHeap, VirtualProtect, TerminateProcess, LoadLibraryW, MultiByteToWideChar, WideCharToMultiByte, LoadLibraryA, OpenEventA, CreateEventA, CreateThread > USER32.dll: BroadcastSystemMessageA, SetWindowsHookExA, CallNextHookEx, ToAscii, wsprintfA, wvsprintfA, GetKeyboardState, MapVirtualKeyA > MSVCRT.dll: strstr, _strcmpi, _adjust_fdiv, _initterm, _strlwr, realloc, strcpy, strcat, strlen, free, sprintf, strchr, strncpy, isdigit, memset, malloc, memcpy, _except_handler3, strrchr ( 0 exports )

文件说明符 : c:/program files/internet explorer/53u1ttme.2ys
属性 : ASH-
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:22:48
修改时间 : 2008-10-13 13:22:48
大小 : 46205 字节 45.125 KB
MD5 : b155a5df2942200ab083ef7124f1daf1
SHA1: 1389158DB1DE4635FF20A9CEE9AA1F83BD505C8A
CRC32: a4ec314b

卡巴斯基报为：Worm.Win32.AutoRun.qnt，瑞星报为：Worm.Win32.PaBug.ir

文件说明符 : c:/windows/system32/hbso2.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:13:56
修改时间 : 2008-10-13 13:13:56
大小 : 24576 字节 24.0 KB
MD5 : 4de3e578ae1d52947873e3a773a252ec
SHA1: 4BEFC98684939EA360A5052E065C69221D1428E6
CRC32: f0b143da

卡巴斯基报为：Trojan-GameThief.Win32.Soulwork.j，瑞星报为：Trojan.PSW.Win32.XYOnline.ahs

文件说明符 : c:/windows/system32/hbtl.dll
属性 : A---
数字签名:否
PE文件:是
获取文件版本信息大小失败!
创建时间 : 2008-10-13 13:14:38
修改时间 : 2008-10-13 13:14:38
大小 : 16896 字节 16.512 KB
MD5 : d71cd3044e83f2a965e74af7b20d03d0
SHA1: 1E1E545B0639703964D23A0D6119A7840E280CE5
CRC32: 753ce0d8

卡巴斯基报为：Trojan-GameThief.Win32.OnLineGames.tojg，瑞星报为：Trojan.PSW.Win32.GameOL.qxr

iteye_6637

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
遭遇HBKernel32.sys,53u1ttMe.2ys,HBTL.dll,HBSO2.dll,bcejnmfd.dll等2

遭遇HBKernel32.sys,53u1ttMe.2ys,HBTL.dll,HBSO2.dll,bcejnmfd.dll等2endurer 原创2008-10-17 第1版部分文件信息：文件说明符 : C:/WINDOWS/system32/Drivers/Beep.sys属性 : A---数字签名:Microsoft CorporationPE文件:是语言 : 英语(美...
复制链接

扫一扫