26.08.2012, 13:18
Witam,
pobrałem z oficjalnego źródła program WinKawaks (
Wynik z virustotal.com
SHA256: 93c3db82acb39e9cf7bf00a391a3ad802dd059651ad051ecb179113aeeb28124
SHA1: 84625b8021985528395d57854180b3f1f5deb328
MD5: 4d36f1b17f55de9026cc0d6624627a7a
File size: 390.1 KB ( 399437 bytes )
File name: WinKawaks.exe
File type: Win32 EXE
Detection ratio: 6 / 42
Analysis date: 2012-08-26 12:04:49 UTC ( 0 minut ago )
Antivirus Result Update
AhnLab-V3 - 20120826
AntiVir - 20120826
Antiy-AVL - 20120824
Avast - 20120826
AVG - 20120826
BitDefender - 20120826
ByteHero - 20120825
CAT-QuickHeal - 20120825
ClamAV - 20120826
Commtouch W32/SuspPack.DF.gen!Eldorado 20120826
Comodo - 20120826
DrWeb Trojan.MulDrop2.14955 20120826
Emsisoft - 20120826
eSafe - 20120823
ESET-NOD32 - 20120825
F-Prot W32/SuspPack.DF.gen!Eldorado 20120825
F-Secure - 20120826
Fortinet - 20120826
GData - 20120826
Ikarus - 20120826
Jiangmin - 20120826
K7AntiVirus Riskware 20120825
Kaspersky - 20120826
McAfee - 20120826
McAfee-GW-Edition - 20120826
Microsoft - 20120826
Norman - 20120826
nProtect - 20120826
Panda - 20120826
PCTools - 20120826
Rising - 20120824
Sophos - 20120826
SUPERAntiSpyware - 20120826
Symantec - 20120826
TheHacker - 20120824
TotalDefense - 20120824
TrendMicro - 20120826
TrendMicro-HouseCall TROJ_GEN.R47H1K8 20120826
VBA32 - 20120824
VIPRE - 20120826
ViRobot - 20120825
VirusBuster Suspicious!SA 20120825
ssdeep
12288:+Jv5Fy7cnt59nirCdrMXTjqZuMBGJ1146fD:+JSCVi0MjjqsDfD
TrID
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda''s Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
F-Prot packer identifier
Yoda, UPX
Command packer identifier
Yoda, UPX
ExifTool
SpecialBuild.............:
CodeSize.................: 389120
SubsystemVersion.........: 4.0
Comments.................:
InitializedDataSize......: 8192
ImageVersion.............: 0.0
ProductName..............: WinKawaks Application
FileVersionNumber........: 1.0.0.1
UninitializedDataSize....: 3379200
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 6.0
OriginalFilename.........: WinKawaks.exe
PrivateBuild.............:
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 1, 0, 0, 1
TimeStamp................: 2010:01:01 01:04:10-08:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: WinKawaks
ProductVersion...........: 1, 0, 0, 1
FileDescription..........: Kawaks
OSVersion................: 4.0
FileOS...................: Win32
LegalCopyright...........: Copyright © 2001
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............:
LegalTrademarks..........:
FileSubtype..............: 0
ProductVersionNumber.....: 1.0.0.1
EntryPoint...............: 0x39b060
ObjectFileType...........: Executable application
Sigcheck
publisher................:
product..................: WinKawaks Application
internal name............: WinKawaks
copyright................: Copyright © 2001
original name............: WinKawaks.exe
comments.................:
file version.............: 1, 0, 0, 1
description..............: Kawaks
Portable Executable structural information
Compilation timedatestamp.....: 2010-01-01 09:04:10
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0039B060
PE Sections...................:
NameVirtual AddressVirtual SizeRaw SizeEntropyMD5
UPX0 4096 3379200 0 0.00d41d8cd98f00b204e9800998ecf8427e
UPX13383296389120388096 8.00b97728b7857d6c75d803f6472f40bf97
.rsrc 377241681927680 4.234b2f2167ef469e34baa02eeb200e2df1
ZC378060881922637 7.848703b7a6612c21b47a3b9de0b60280bd
PE Imports....................:
[[KeRnEl32.dLl] ]
LoadLibraryA, GetProcAddress
PE Resources..................:
Resource typeNumber of resources
RT_DIALOG15
RT_STRING9
RT_BITMAP9
RT_ICON6
RT_GROUP_ICON3
RT_MENU1
RT_ACCELERATOR 1
RT_VERSION 1
Resource languageNumber of resources
FRENCH 25
ENGLISH US 19
ENGLISH UK 1
Więc jest to bezpieczny plik czy nie ?
pobrałem z oficjalnego źródła program WinKawaks (
[Aby zobaczyć linki, zarejestruj się tutaj]
) - emulator NeoGeo i CPS 1/2. Outpost SS Free zgłasza malware w pliku winkawaks.exe,[Aby zobaczyć linki, zarejestruj się tutaj]
Wynik z virustotal.com
SHA256: 93c3db82acb39e9cf7bf00a391a3ad802dd059651ad051ecb179113aeeb28124
SHA1: 84625b8021985528395d57854180b3f1f5deb328
MD5: 4d36f1b17f55de9026cc0d6624627a7a
File size: 390.1 KB ( 399437 bytes )
File name: WinKawaks.exe
File type: Win32 EXE
Detection ratio: 6 / 42
Analysis date: 2012-08-26 12:04:49 UTC ( 0 minut ago )
Antivirus Result Update
AhnLab-V3 - 20120826
AntiVir - 20120826
Antiy-AVL - 20120824
Avast - 20120826
AVG - 20120826
BitDefender - 20120826
ByteHero - 20120825
CAT-QuickHeal - 20120825
ClamAV - 20120826
Commtouch W32/SuspPack.DF.gen!Eldorado 20120826
Comodo - 20120826
DrWeb Trojan.MulDrop2.14955 20120826
Emsisoft - 20120826
eSafe - 20120823
ESET-NOD32 - 20120825
F-Prot W32/SuspPack.DF.gen!Eldorado 20120825
F-Secure - 20120826
Fortinet - 20120826
GData - 20120826
Ikarus - 20120826
Jiangmin - 20120826
K7AntiVirus Riskware 20120825
Kaspersky - 20120826
McAfee - 20120826
McAfee-GW-Edition - 20120826
Microsoft - 20120826
Norman - 20120826
nProtect - 20120826
Panda - 20120826
PCTools - 20120826
Rising - 20120824
Sophos - 20120826
SUPERAntiSpyware - 20120826
Symantec - 20120826
TheHacker - 20120824
TotalDefense - 20120824
TrendMicro - 20120826
TrendMicro-HouseCall TROJ_GEN.R47H1K8 20120826
VBA32 - 20120824
VIPRE - 20120826
ViRobot - 20120825
VirusBuster Suspicious!SA 20120825
ssdeep
12288:+Jv5Fy7cnt59nirCdrMXTjqZuMBGJ1146fD:+JSCVi0MjjqsDfD
TrID
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda''s Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
F-Prot packer identifier
Yoda, UPX
Command packer identifier
Yoda, UPX
ExifTool
SpecialBuild.............:
CodeSize.................: 389120
SubsystemVersion.........: 4.0
Comments.................:
InitializedDataSize......: 8192
ImageVersion.............: 0.0
ProductName..............: WinKawaks Application
FileVersionNumber........: 1.0.0.1
UninitializedDataSize....: 3379200
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
CharacterSet.............: Unicode
LinkerVersion............: 6.0
OriginalFilename.........: WinKawaks.exe
PrivateBuild.............:
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 1, 0, 0, 1
TimeStamp................: 2010:01:01 01:04:10-08:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: WinKawaks
ProductVersion...........: 1, 0, 0, 1
FileDescription..........: Kawaks
OSVersion................: 4.0
FileOS...................: Win32
LegalCopyright...........: Copyright © 2001
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............:
LegalTrademarks..........:
FileSubtype..............: 0
ProductVersionNumber.....: 1.0.0.1
EntryPoint...............: 0x39b060
ObjectFileType...........: Executable application
Sigcheck
publisher................:
product..................: WinKawaks Application
internal name............: WinKawaks
copyright................: Copyright © 2001
original name............: WinKawaks.exe
comments.................:
file version.............: 1, 0, 0, 1
description..............: Kawaks
Portable Executable structural information
Compilation timedatestamp.....: 2010-01-01 09:04:10
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0039B060
PE Sections...................:
NameVirtual AddressVirtual SizeRaw SizeEntropyMD5
UPX0 4096 3379200 0 0.00d41d8cd98f00b204e9800998ecf8427e
UPX13383296389120388096 8.00b97728b7857d6c75d803f6472f40bf97
.rsrc 377241681927680 4.234b2f2167ef469e34baa02eeb200e2df1
ZC378060881922637 7.848703b7a6612c21b47a3b9de0b60280bd
PE Imports....................:
[[KeRnEl32.dLl] ]
LoadLibraryA, GetProcAddress
PE Resources..................:
Resource typeNumber of resources
RT_DIALOG15
RT_STRING9
RT_BITMAP9
RT_ICON6
RT_GROUP_ICON3
RT_MENU1
RT_ACCELERATOR 1
RT_VERSION 1
Resource languageNumber of resources
FRENCH 25
ENGLISH US 19
ENGLISH UK 1
Więc jest to bezpieczny plik czy nie ?