Is this a real virus or a wrong trigger from the CIS database?
3-10-2009 14:28:57 Quarantaine C:\Program Files\Arovax Shield\ArovaxShield.exe Heur.Suspicious@21431402 Succes
Ok do not really know how to read the outcome but I uploaded the file to all.
MD5: 93ed8c301bcc132b9e4ae2134558bcce
First received: 2008.09.12 11:40:48 UTC
Datum: 2009.09.11 06:34:46 UTC [>22D]
Resultaat: 0/41
Permalink: analisis/ced3a41a66f78d669c68ea6cf3d333286ca8e6ae2553fe8d7385a862d3085ec5-1252650886
Antivirus Versie Laatst geüpdatet Resultaat
a-squared 4.5.0.24 2009.09.11 -
AhnLab-V3 5.0.0.2 2009.09.11 -
AntiVir 7.9.1.14 2009.09.10 -
Antiy-AVL 2.0.3.7 2009.09.11 -
Authentium 5.1.2.4 2009.09.11 -
Avast 4.8.1351.0 2009.09.10 -
AVG 8.5.0.412 2009.09.10 -
BitDefender 7.2 2009.09.11 -
CAT-QuickHeal 10.00 2009.09.11 -
ClamAV 0.94.1 2009.09.11 -
Comodo 2279 2009.09.11 -
DrWeb 5.0.0.12182 2009.09.10 -
eSafe 7.0.17.0 2009.09.10 -
eTrust-Vet 31.6.6731 2009.09.11 -
F-Prot 4.5.1.85 2009.09.10 -
F-Secure 8.0.14470.0 2009.09.11 -
Fortinet 3.120.0.0 2009.09.11 -
GData 19 2009.09.11 -
Ikarus T3.1.1.72.0 2009.09.11 -
Jiangmin 11.0.800 2009.09.11 -
K7AntiVirus 7.10.841 2009.09.10 -
Kaspersky 7.0.0.125 2009.09.11 -
McAfee 5737 2009.09.10 -
McAfee+Artemis 5737 2009.09.10 -
McAfee-GW-Edition 6.8.5 2009.09.11 -
Microsoft 1.5005 2009.09.11 -
NOD32 4415 2009.09.10 -
Norman 6.01.09 2009.09.10 -
nProtect 2009.1.8.0 2009.09.10 -
Panda 10.0.2.2 2009.09.10 -
PCTools 4.4.2.0 2009.09.10 -
Prevx 3.0 2009.09.11 -
Rising 21.46.40.00 2009.09.11 -
Sophos 4.45.0 2009.09.11 -
Sunbelt 3.2.1858.2 2009.09.11 -
Symantec 1.4.4.12 2009.09.11 -
TheHacker 6.3.4.4.400 2009.09.10 -
TrendMicro 8.950.0.1094 2009.09.11 -
VBA32 3.12.10.10 2009.09.11 -
ViRobot 2009.9.11.1929 2009.09.11 -
VirusBuster 4.6.5.0 2009.09.10 -
Extra informatie
File size: 2008184 bytes
MD5 : 93ed8c301bcc132b9e4ae2134558bcce
SHA1 : d628c2633c3e6a861577e904f85c77fe02e7015b
SHA256: ced3a41a66f78d669c68ea6cf3d333286ca8e6ae2553fe8d7385a862d3085ec5
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x313E
timedatestamp…: 0x4409C8D1 (Sat Mar 4 18:05:21 2006)
machinetype…: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x587A 0x5A00 6.39 f8454dd903a7a9ebc5ee7888c9188af2
.rdata 0x7000 0x10EE 0x1200 5.04 f47fe79f4f3cdd662160aa57bd28b002
.data 0x9000 0x1B3D4 0x400 5.06 ffc3dff3be72fa1eaeee3fdf1b6ede1c
.ndata 0x25000 0xA000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2F000 0x2000 0x1E00 4.75 309b9e8afaa3a80aa6a397af3a9edc4a
( 8 imports )
advapi32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
comctl32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
gdi32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
kernel32.dll: CloseHandle, SetFileTime, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, lstrcmpiA, ExitProcess, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, lstrcmpA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, CopyFileA
ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance
shell32.dll: SHGetMalloc, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
user32.dll: ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, DispatchMessageA, PeekMessageA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, TrackPopupMenu, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA
( 0 exports )
TrID : File type identification
60.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.6% (.EXE) Win32 Executable Generic (8527/13/3)
14.7% (.DLL) Win32 Dynamic Link Library (generic) (7583/30/2)
3.9% (.EXE) Generic Win/DOS Executable (2002/3)
3.8% (.EXE) DOS Executable Generic (2000/1)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=93ed8c301bcc132b9e4ae2134558bcce
ssdeep: 49152:Hl4hPtwkwxnrAp8dE+Xf8yEsCwJYOh1Pv0:HlRRAcrhENc1/c
PEiD : -
packers (Kaspersky): Armadillo
packers (F-Prot): NSIS
RDS : NSRL Reference Data Set
Hi Eljo,
We are going to have a look at it and will get back to you after investigation.
Thanks and Regards,
hailong.■■■■
Hi Eljo,
Reported FP has been fixed in DB 2508.Please update and confirm.
Regards,
Haja
Confirmed, thanks