File winhost.exe received on 11.13.2008 04:20:45 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 12/36 (33.34%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.11.13.0 2008.11.13 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 Win32:Rootkit-gen
AVG 8.0.0.199 2008.11.12 Downloader.Generic8.BBT
BitDefender 7.2 2008.11.12 Trojan.Generic.1074129
CAT-QuickHeal 9.50 2008.11.12 Backdoor.Agent.ff
ClamAV 0.94.1 2008.11.12 -
DrWeb 4.44.0.09170 2008.11.13 DLOADER.Trojan
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6203 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
F-Secure 8.0.14332.0 2008.11.13 -
Fortinet 3.117.0.0 2008.11.12 -
GData 19 2008.11.12 Trojan.Generic.1074129
Ikarus T3.1.1.45.0 2008.11.13 -
K7AntiVirus 7.10.523 2008.11.12 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.11.13 -
McAfee 5432 2008.11.13 -
Microsoft 1.4104 2008.11.13 Backdoor:Win32/Agent.FF
NOD32 3608 2008.11.13 -
Norman 5.80.02 2008.11.12 W32/DLoader.KOFS
Panda 9.0.0.4 2008.11.12 Trj/Hosts.AN
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 Worm
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1785.2 2008.11.11 -
Symantec 10 2008.11.13 Trojan.Qhosts
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.12 -
Additional information
File size: 60416 bytes
MD5...: 24be8511d4c643aea81361eafc1f0624
SHA1..: 03df485aa06c19cd54222b586534cef3ba998acf
SHA256: 0470e72f7549286577303c4a306680cfd0fc35a87170e9576a03637758d459db
SHA512: 92a4cdc2149ec5431d72f47b6ca83b310d246fdc48e3c697c224c5cca4120773
a4b54954d5acf59e75bf1d7486681ddb5908fabaa8ce876a28316b4733ce5bae
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x403e22
timedatestamp.....: 0x4901c8a6 (Fri Oct 24 13:07:50 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xa23f 0xa400 6.56 7960ce945c47ebac71b0a5fbf45b3c79
.rdata 0xc000 0x30b4 0x3200 5.33 0a46fcffaaf1fe78cb3bea9a3151f01a
.data 0x10000 0x1e58 0xe00 2.70 08651bc27032c29dd04eb5e8d6d63dcc
.rsrc 0x12000 0x218 0x400 4.17 957bf537ef7ae229f6886a9225b74a1c
( 7 imports )
> KERNEL32.dll: CreateThread, FlushFileBuffers, SetFilePointer, CreateFileW, CloseHandle, DeleteFileW, lstrcpynA, Sleep, SetEndOfFile, CopyFileW, CreateMutexW, ReadFile, GetTempPathW, GetFileTime, GetModuleFileNameW, LocalFree, GetSystemTime, GetLastError, lstrcpyW, lstrcatA, LocalAlloc, lstrcmpiA, MoveFileExW, ReleaseMutex, GetSystemDirectoryW, lstrcmpiW, lstrlenW, CreateProcessW, lstrlenA, GetVolumeInformationW, LCMapStringW, LCMapStringA, GetStringTypeW, GetFileSize, WriteFile, MultiByteToWideChar, LoadResource, FindResourceW, FindResourceExW, SizeofResource, GetStringTypeA, LoadLibraryA, IsValidCodePage, GetOEMCP, GetCPInfo, RtlUnwind, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, GetModuleHandleW, LockResource, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, RaiseException, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleA, GetProcAddress, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, ExitProcess, VirtualFree, VirtualAlloc, HeapCreate, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter
> USER32.dll: TranslateMessage, SetTimer, DispatchMessageW, LoadStringW, UnregisterClassA, GetMessageW, SendMessageW, wsprintfW
> ADVAPI32.dll: RegCreateKeyExW, RegQueryValueExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey
> SHELL32.dll: SHGetSpecialFolderPathW
> SHLWAPI.dll: PathFileExistsW, PathAppendW, StrStrA, PathRemoveFileSpecW, PathRenameExtensionW
> WININET.dll: InternetOpenW, InternetSetFilePointer, HttpQueryInfoW, InternetOpenUrlW, InternetSetOptionW, InternetCloseHandle, InternetReadFile
> IPHLPAPI.DLL: GetAdaptersInfo
( 0 exports )
Prevx info:
http://info.prevx.com/aboutprogramtext.asp?PX5=B996B6A100CFE6A0ECAE00CE9DC10000BD7ACDEBThreatExpert info:
http://www.threatexpert.com/report.aspx?md5=24be8511d4c643aea81361eafc1f0624
