File Name: blackster.scr
Scanned on 05.14.2008 15:38:06 (CET)
VirusTotal Result: 2/32 (6.25%)
Prevx1 V2 2008.05.14 Malicious Software
Webwasher-Gateway 6.6.2 2008.05.14 Win32.Malware.gen!80 (suspicious)
File size: 160256 bytes
MD5...: 2ae3fb159c9778689f54f58dbf6a7de3
SHA1..: 6b64bd21baef8f3d285d33db318bb2f07d57d2ae
SHA256: fb9d6a259978ec4e7aa885c03bc5850403924cce0293ab47971ef6e96514482e
SHA512: 2d70d818a069d97c3f41dbdf3e58fa5d34b0bfca137bc2a4599513221d6b5f3b
f0b5c5228beea1913456741767c1296bc216c09e87a6cf07db61ab7b08c05310
PE Structure information
( base data )
entrypointaddress.: 0x401ac8
timedatestamp.....: 0x3ec2a2ab (Wed May 14 20:10:19 2003)
machinetype.......: 0x14c (I386)
***** PE Header ****************************************************
Signature: 00004550
Machine: 014C - Intel 386
Number of sections: 0005
Time/Date stamp: 3EC2A2AB
Pointer to symbol table: 00000000
Number of symbols: 00000000
Size of optional header: 00E0
Characteristics: 010F
Magic: 010B
Linker version (major): 04
Linker version (minor): 14
Size of code: 00020C00
Size of initialized data: 00008800
Size of uninitialized data: 00000000
Address of entry point: 00001AC8
Base of code: 00001000
Base of data: 00022000
Image base: 00400000
Section alignment: 00001000
File alignment: 00000200
OS version (major): 0004
OS version (minor): 0000
Image version (major): 0002
Image version (minor): 0000
Sub system version (major): 0004
Sub system version (minor): 0000
Win32 version: 00000000
Size of image: 0002C000
Size of headers: 00001000
Checksum: 00000000
Sub system: 0002 - Windows graphical user interface (GUI) subsystem
DLL characteristics: 0000
Size of stack reserve: 00100000
Size of stack commit: 00001000
Size of heap reserve: 00100000
Size of heap commit: 00001000
Loader flags: 00000000
Number of RVA: 00000010
***** PE Sections **************************************************
Section VirtSize VirtAddr PhysSize PhysAddr Flags
.text 00020A14 00001000 00020C00 00000400 60000020
.data 00002740 00022000 00000200 00021000 C0000040
.idata 00000954 00025000 00000A00 00021200 40000040
.rsrc 00002EE4 00026000 00003000 00021C00 40000040
.reloc 0000249E 00029000 00002600 00024C00 42000040
( 1 imports )
> MSVBVM50.DLL: __vbaVarSub, -, __vbaStrI2, -, _CIcos, _adj_fptan, __vbaStrI4, -, __vbaFreeVar, __vbaLateIdCall,
__vbaLenBstr, __vbaStrVarMove, __vbaEnd, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, -, _adj_fprem1, -,
__vbaStrCat, __vbaVarCmpNe, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenVar, _adj_fdiv_m32, __vbaExitProc, -,
-, -, -, -, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, -, -, -, __vbaFpR8,
__vbaBoolVarNull, _CIsin, -, -, -, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError,
__vbaStrCmp, __vbaI2I4, DllFunctionCall, -, __vbaRedimPreserve, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim,
EVENT_SINK_Release, __vbaNew, __vbaUI1I2, _CIsqrt, __vbaVarAnd, EVENT_SINK_QueryInterface, __vbaExceptHandler,
__vbaStrToUnicode, __vbaPrintFile, __vbaInputFile, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaFPException, -, -,
_CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str,
__vbaFreeStrList, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, __vbaI4Var, __vbaAryLock, __vbaVarAdd,
__vbaStrToAnsi, __vbaVarDup, -, __vbaFpI2, -, -, __vbaFpI4, __vbaR8IntI2, -, _CIatan, __vbaStrMove, __vbaCastObj, -,
__vbaR8IntI4, -, _allmul, __vbaLateIdSt, _CItan, __vbaAryUnlock, __vbaFPInt, _CIexp, __vbaI4ErrVar, __vbaFreeObj,
__vbaFreeStr, -
_________________
엘뤼아르
