Jump to content
Sign in to follow this  
Guest goodjohn1984

Epsxe.exe

Recommended Posts

Guest goodjohn1984

This is probably just a false positive, but just in case.

 

ePSXe.exe

 

http://www.virustotal.com/analisis/333d587...6fc1-1279138101

 

File size: 275456 bytes

MD5...: 961304568d43d6ca2279cd28c7d1dc50

SHA1..: 21e20ee68c8943c36617921b7f86fe35845b1a4a

SHA256: 333d587893e99ae9683c7ca2d6d07c77a156f6590e438db4069018ec0c186fc1

ssdeep: 6144:yJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS:IpqQas47hxKXpTjENH

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x8b3e50

timedatestamp.....: 0x483816fa (Sat May 24 13:24:10 2008)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x872000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x873000 0x42000 0x41200 7.90 5be32b7bfdb9ce49771734d4c99b40fc

.rsrc 0x8b5000 0x2000 0x1e00 3.01 0ddd8aaebea660b855da6ff56765c5a2

 

( 10 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess

> ADVAPI32.dll: RegCloseKey

> burutter.dll: -

> comdlg32.dll: GetOpenFileNameA

> DINPUT.dll: DirectInputCreateA

> DSOUND.dll: -

> GDI32.dll: BitBlt

> SHELL32.dll: ShellExecuteA

> USER32.dll: GetDC

> zlib1.dll: gzopen

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

packers (Kaspersky): PE_Patch.UPX, UPX

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

packers (F-Prot): UPX

Share this post


Link to post
Share on other sites
Guest orlando

Hello goodjohn1984,

 

This file may be a worm, more information about epsxe.exe can be found here: http://www.auditmypc.com/process/epsxe.asp

 

It's also true that might be a false positive and what to exclude must parse the file posted. These days I have so much to do and yet I can not help in the analysis. For now I can only say not to run the file and use extreme caution in everyday actions.

 

Orlando

Share this post


Link to post
Share on other sites

This is probably just a false positive, but just in case.

 

ePSXe.exe

 

http://www.virustotal.com/analisis/333d587...6fc1-1279138101

 

File size: 275456 bytes

MD5...: 961304568d43d6ca2279cd28c7d1dc50

SHA1..: 21e20ee68c8943c36617921b7f86fe35845b1a4a

SHA256: 333d587893e99ae9683c7ca2d6d07c77a156f6590e438db4069018ec0c186fc1

ssdeep: 6144:yJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS:IpqQas47hxKXpTjENH

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x8b3e50

timedatestamp.....: 0x483816fa (Sat May 24 13:24:10 2008)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x872000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x873000 0x42000 0x41200 7.90 5be32b7bfdb9ce49771734d4c99b40fc

.rsrc 0x8b5000 0x2000 0x1e00 3.01 0ddd8aaebea660b855da6ff56765c5a2

 

( 10 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess

> ADVAPI32.dll: RegCloseKey

> burutter.dll: -

> comdlg32.dll: GetOpenFileNameA

> DINPUT.dll: DirectInputCreateA

> DSOUND.dll: -

> GDI32.dll: BitBlt

> SHELL32.dll: ShellExecuteA

> USER32.dll: GetDC

> zlib1.dll: gzopen

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

packers (Kaspersky): PE_Patch.UPX, UPX

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

packers (F-Prot): UPX

 

 

That file is definitely Clean, not a virus.

 

al

Share this post


Link to post
Share on other sites
Guest goodjohn1984

That file is definitely Clean, not a virus.

 

al

 

Thank you for letting me know.

Share this post


Link to post
Share on other sites
Guest goodjohn1984

Hello goodjohn1984,

 

This file may be a worm, more information about epsxe.exe can be found here: http://www.auditmypc.com/process/epsxe.asp

 

It's also true that might be a false positive and what to exclude must parse the file posted. These days I have so much to do and yet I can not help in the analysis. For now I can only say not to run the file and use extreme caution in everyday actions.

 

Orlando

 

Thank you for the advice.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...