Hallo,
Ich habe von jemandem ein "Bild" geschickt bekommen, als ich es dann aber öffnen wollte sah ich, dass es eine .exe ist...
Daraufhin hab ich es bei Virustotal hochgeladen und das kam raus:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Sven.exe
Submission date:
2011-03-01 15:12:52 (UTC)
Current status:
finished
Result:
12/ 43 (27.9%) VT Community
not reviewed
Safety score: -
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2011.03.02.00 2011.03.01 -
AntiVir 7.11.4.21 2011.03.01 -
Antiy-AVL 2.0.3.7 2011.03.01 -
Avast 4.8.1351.0 2011.02.23 -
Avast5 5.0.677.0 2011.02.23 -
AVG 10.0.0.1190 2011.03.01 Cryptic.BVO
BitDefender 7.2 2011.03.01 Gen:Trojan.Heur.Nm0@sn!KGqhi
CAT-QuickHeal 11.00 2011.03.01 -
ClamAV 0.96.4.0 2011.03.01 -
Commtouch 5.2.11.5 2011.03.01 -
Comodo 7839 2011.03.01 Backdoor.Win32.Delf.~DF
DrWeb 5.0.2.03300 2011.03.01 -
Emsisoft 5.1.0.2 2011.03.01 Trojan.Win32.Llac!IK
eSafe 7.0.17.0 2011.03.01 -
eTrust-Vet 36.1.8190 2011.03.01 -
F-Prot 4.6.2.117 2011.02.28 -
F-Secure 9.0.16160.0 2011.03.01 Gen:Trojan.Heur.Nm0@sn!KGqhi
Fortinet 4.2.254.0 2011.03.01 -
GData 21 2011.03.01 Gen:Trojan.Heur.Nm0@sn!KGqhi
Ikarus T3.1.1.97.0 2011.03.01 Trojan.Win32.Llac
Jiangmin 13.0.900 2011.03.01 -
K7AntiVirus 9.91.3990 2011.03.01 -
Kaspersky 7.0.0.125 2011.03.01 -
McAfee 5.400.0.1158 2011.03.01 -
McAfee-GW-Edition 2010.1C 2011.03.01 -
Microsoft 1.6603 2011.03.01 VirTool:Win32/VBInject.gen!FT
NOD32 5917 2011.03.01 a variant of Win32/Injector.DZQ
Norman 6.07.03 2011.03.01 W32/Obfuscated.I!genr
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.28 Suspicious file
PCTools 7.0.3.5 2011.03.01 -
Prevx 3.0 2011.03.01 -
Rising 23.47.01.06 2011.03.01 -
Sophos 4.61.0 2011.03.01 -
SUPERAntiSpyware 4.40.0.1006 2011.03.01 -
Symantec 20101.3.0.103 2011.03.01 -
TheHacker 6.7.0.1.140 2011.02.28 -
TrendMicro 9.200.0.1012 2011.03.01 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.01 -
VBA32 3.12.14.3 2011.03.01 -
VIPRE 8574 2011.03.01 Trojan.Win32.Generic.pak!cobra
ViRobot 2011.2.28.4333 2011.03.01 -
VirusBuster 13.6.229.0 2011.03.01 -
Additional information
Show all
MD5 : c81c3d46c6782c0fd7b695d05d1bcf12
SHA1 : 191a8868389f64a346da1cf1d71ff4e0afce9626
SHA256: 0fc5359aca9096947602016e67c4851ca798b843454ec51d95ff19ed3c8053df
ssdeep: 12288:ri4rxam8b7nV43yo2PBXKOLWTKH1Ui4yBB/ATL:riGxZwzVwyNPB6mKRg2
File size : 647168 bytes
First seen: 2011-03-01 15:12:52
Last seen : 2011-03-01 15:12:52
TrID:
Win32 Executable Microsoft Visual Basic 6 (68.5%)
Win32 Executable MS Visual C++ (generic) (20.5%)
Win32 Executable Generic (4.6%)
Win32 Dynamic Link Library (generic) (4.1%)
Generic Win/DOS Executable (1.0%)
sigcheck:
publisher....: POfjldCR
copyright....: KFuajk
product......: kRjVazalf
description..: nYQY
original name: s_dy7f0wau89iotg3qagasdg.exe
internal name: s_dy7f0wau89iotg3qagasdg
file version.: 3.31.0097
comments.....: uceybgtEZm
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1AD8
timedatestamp....: 0x4D12491E (Wed Dec 22 18:53:18 2010)
machinetype......: 0x14c (I386)
[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x374D8, 0x38000, 5.64, a0883b066640881b5289156d12fa72e4
.data, 0x39000, 0x4C74, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0x3E000, 0x63C58, 0x64000, 8.00, 169cf92e4ce2feeb530fd404b07f5d91
[[ 1 import(s) ]]
MSVBVM60.DLL: __vbaR8FixI4, __vbaVarSub, __vbaVarTstGt, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, -, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaNextEachVar, __vbaRaiseEvent, __vbaFreeObjList, -, __vbaStrErrVarCopy, -, _adj_fprem1, -, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenVar, -, _adj_fdiv_m32, __vbaAryVar, -, __vbaAryDestruct, __vbaVarIndexLoadRefLock, __vbaVarForInit, __vbaExitProc, -, __vbaStrLike, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaVarIndexLoad, __vbaBoolVar, __vbaStrFixstr, __vbaFpR8, __vbaBoolVarNull, __vbaRefVarAry, _CIsin, -, -, __vbaErase, -, -, __vbaVarZero, __vbaChkstk, __vbaFileClose, -, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaGet3, -, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaObjVar, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaCastObjVar, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaLateIdCallLd, __vbaStrR8, __vbaRedim, __vbaUI1ErrVar, __vbaRecUniToAnsi, EVENT_SINK_Release, -, __vbaUI1I2, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaStr2Vec, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, -, _adj_fprem, _adj_fdivr_m64, -, -, -, -, __vbaFPException, -, __vbaInStrVar, __vbaStrVarVal, __vbaUbound, __vbaVarCat, __vbaLsetFixstrFree, __vbaI2Var, -, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, -, __vbaVarLateMemCallLdRf, -, __vbaVar2Vec, __vbaInStr, __vbaNew2, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, -, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, -, -, -, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaAryLock, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaVarLateMemCallLd, __vbaVarCopy, __vbaFpI4, -, __vbaLateMemCallLd, -, _CIatan, __vbaCastObj, __vbaAryCopy, -, __vbaStrMove, __vbaForEachVar, __vbaStrVarCopy, __vbaR8IntI4, _allmul, __vbaLateIdSt, __vbaVarLateMemCallSt, _CItan, __vbaFPInt, __vbaAryUnlock, __vbaUI1Var, __vbaVarForNext, _CIexp, __vbaI4ErrVar, -, __vbaFreeObj, __vbaFreeStr, -
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 229376
Comments: uceybgtEZm
CompanyName: POfjldCR
EntryPoint: 0x1ad8
FileDescription: nYQY
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 632 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 3.31.0097
FileVersionNumber: 3.31.0.97
ImageVersion: 3.31
InitializedDataSize: 413696
InternalName: s dy7f0wau89iotg3qagasdg
LanguageCode: English (U.S.)
LegalCopyright: KFuajk
LegalTrademarks: LnJ
LinkerVersion: 0.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: s dy7f0wau89iotg3qagasdg.exe
PEType: PE32
ProductName: kRjVazalf
ProductVersion: 3.31.0097
ProductVersionNumber: 3.31.0.97
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:12:22 19:53:18+01:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight
VT Community
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
Goodware
Malware
Spam attachment/link
P2P download
Propagating via IM
Network worm
Drive-by-download
Preview comment
Post comment
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Hab ich jetzt ne Vire?
Ich hoffe ihr könnt mir helfen
PC FREAKY
Ich habe von jemandem ein "Bild" geschickt bekommen, als ich es dann aber öffnen wollte sah ich, dass es eine .exe ist...
Daraufhin hab ich es bei Virustotal hochgeladen und das kam raus:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
Sven.exe
Submission date:
2011-03-01 15:12:52 (UTC)
Current status:
finished
Result:
12/ 43 (27.9%) VT Community
not reviewed
Safety score: -
Compact
Print results Antivirus Version Last Update Result
AhnLab-V3 2011.03.02.00 2011.03.01 -
AntiVir 7.11.4.21 2011.03.01 -
Antiy-AVL 2.0.3.7 2011.03.01 -
Avast 4.8.1351.0 2011.02.23 -
Avast5 5.0.677.0 2011.02.23 -
AVG 10.0.0.1190 2011.03.01 Cryptic.BVO
BitDefender 7.2 2011.03.01 Gen:Trojan.Heur.Nm0@sn!KGqhi
CAT-QuickHeal 11.00 2011.03.01 -
ClamAV 0.96.4.0 2011.03.01 -
Commtouch 5.2.11.5 2011.03.01 -
Comodo 7839 2011.03.01 Backdoor.Win32.Delf.~DF
DrWeb 5.0.2.03300 2011.03.01 -
Emsisoft 5.1.0.2 2011.03.01 Trojan.Win32.Llac!IK
eSafe 7.0.17.0 2011.03.01 -
eTrust-Vet 36.1.8190 2011.03.01 -
F-Prot 4.6.2.117 2011.02.28 -
F-Secure 9.0.16160.0 2011.03.01 Gen:Trojan.Heur.Nm0@sn!KGqhi
Fortinet 4.2.254.0 2011.03.01 -
GData 21 2011.03.01 Gen:Trojan.Heur.Nm0@sn!KGqhi
Ikarus T3.1.1.97.0 2011.03.01 Trojan.Win32.Llac
Jiangmin 13.0.900 2011.03.01 -
K7AntiVirus 9.91.3990 2011.03.01 -
Kaspersky 7.0.0.125 2011.03.01 -
McAfee 5.400.0.1158 2011.03.01 -
McAfee-GW-Edition 2010.1C 2011.03.01 -
Microsoft 1.6603 2011.03.01 VirTool:Win32/VBInject.gen!FT
NOD32 5917 2011.03.01 a variant of Win32/Injector.DZQ
Norman 6.07.03 2011.03.01 W32/Obfuscated.I!genr
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.28 Suspicious file
PCTools 7.0.3.5 2011.03.01 -
Prevx 3.0 2011.03.01 -
Rising 23.47.01.06 2011.03.01 -
Sophos 4.61.0 2011.03.01 -
SUPERAntiSpyware 4.40.0.1006 2011.03.01 -
Symantec 20101.3.0.103 2011.03.01 -
TheHacker 6.7.0.1.140 2011.02.28 -
TrendMicro 9.200.0.1012 2011.03.01 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.01 -
VBA32 3.12.14.3 2011.03.01 -
VIPRE 8574 2011.03.01 Trojan.Win32.Generic.pak!cobra
ViRobot 2011.2.28.4333 2011.03.01 -
VirusBuster 13.6.229.0 2011.03.01 -
Additional information
Show all
MD5 : c81c3d46c6782c0fd7b695d05d1bcf12
SHA1 : 191a8868389f64a346da1cf1d71ff4e0afce9626
SHA256: 0fc5359aca9096947602016e67c4851ca798b843454ec51d95ff19ed3c8053df
ssdeep: 12288:ri4rxam8b7nV43yo2PBXKOLWTKH1Ui4yBB/ATL:riGxZwzVwyNPB6mKRg2
File size : 647168 bytes
First seen: 2011-03-01 15:12:52
Last seen : 2011-03-01 15:12:52
TrID:
Win32 Executable Microsoft Visual Basic 6 (68.5%)
Win32 Executable MS Visual C++ (generic) (20.5%)
Win32 Executable Generic (4.6%)
Win32 Dynamic Link Library (generic) (4.1%)
Generic Win/DOS Executable (1.0%)
sigcheck:
publisher....: POfjldCR
copyright....: KFuajk
product......: kRjVazalf
description..: nYQY
original name: s_dy7f0wau89iotg3qagasdg.exe
internal name: s_dy7f0wau89iotg3qagasdg
file version.: 3.31.0097
comments.....: uceybgtEZm
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x1AD8
timedatestamp....: 0x4D12491E (Wed Dec 22 18:53:18 2010)
machinetype......: 0x14c (I386)
[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x374D8, 0x38000, 5.64, a0883b066640881b5289156d12fa72e4
.data, 0x39000, 0x4C74, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0x3E000, 0x63C58, 0x64000, 8.00, 169cf92e4ce2feeb530fd404b07f5d91
[[ 1 import(s) ]]
MSVBVM60.DLL: __vbaR8FixI4, __vbaVarSub, __vbaVarTstGt, __vbaStrI2, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, -, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaNextEachVar, __vbaRaiseEvent, __vbaFreeObjList, -, __vbaStrErrVarCopy, -, _adj_fprem1, -, __vbaRecAnsiToUni, __vbaCopyBytes, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenVar, -, _adj_fdiv_m32, __vbaAryVar, -, __vbaAryDestruct, __vbaVarIndexLoadRefLock, __vbaVarForInit, __vbaExitProc, -, __vbaStrLike, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, __vbaVarIndexLoad, __vbaBoolVar, __vbaStrFixstr, __vbaFpR8, __vbaBoolVarNull, __vbaRefVarAry, _CIsin, -, -, __vbaErase, -, -, __vbaVarZero, __vbaChkstk, __vbaFileClose, -, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaGet3, -, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaObjVar, __vbaI2I4, DllFunctionCall, __vbaVarLateMemSt, __vbaCastObjVar, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaLateIdCallLd, __vbaStrR8, __vbaRedim, __vbaUI1ErrVar, __vbaRecUniToAnsi, EVENT_SINK_Release, -, __vbaUI1I2, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaStr2Vec, __vbaExceptHandler, -, __vbaPrintFile, __vbaStrToUnicode, -, -, _adj_fprem, _adj_fdivr_m64, -, -, -, -, __vbaFPException, -, __vbaInStrVar, __vbaStrVarVal, __vbaUbound, __vbaVarCat, __vbaLsetFixstrFree, __vbaI2Var, -, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, -, __vbaVarLateMemCallLdRf, -, __vbaVar2Vec, __vbaInStr, __vbaNew2, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, -, __vbaStrCopy, -, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, -, -, -, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaAryLock, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaVarLateMemCallLd, __vbaVarCopy, __vbaFpI4, -, __vbaLateMemCallLd, -, _CIatan, __vbaCastObj, __vbaAryCopy, -, __vbaStrMove, __vbaForEachVar, __vbaStrVarCopy, __vbaR8IntI4, _allmul, __vbaLateIdSt, __vbaVarLateMemCallSt, _CItan, __vbaFPInt, __vbaAryUnlock, __vbaUI1Var, __vbaVarForNext, _CIexp, __vbaI4ErrVar, -, __vbaFreeObj, __vbaFreeStr, -
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 229376
Comments: uceybgtEZm
CompanyName: POfjldCR
EntryPoint: 0x1ad8
FileDescription: nYQY
FileFlagsMask: 0x0000
FileOS: Win32
FileSize: 632 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 3.31.0097
FileVersionNumber: 3.31.0.97
ImageVersion: 3.31
InitializedDataSize: 413696
InternalName: s dy7f0wau89iotg3qagasdg
LanguageCode: English (U.S.)
LegalCopyright: KFuajk
LegalTrademarks: LnJ
LinkerVersion: 0.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: s dy7f0wau89iotg3qagasdg.exe
PEType: PE32
ProductName: kRjVazalf
ProductVersion: 3.31.0097
ProductVersionNumber: 3.31.0.97
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:12:22 19:53:18+01:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight
VT Community
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team
Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?
Goodware
Malware
Spam attachment/link
P2P download
Propagating via IM
Network worm
Drive-by-download
Preview comment
Post comment
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
Hab ich jetzt ne Vire?
Ich hoffe ihr könnt mir helfen
PC FREAKY