Guest goodjohn1984 Posted July 15, 2010 Report Share Posted July 15, 2010 This is probably just a false positive, but just in case. ePSXe.exe http://www.virustotal.com/analisis/333d587...6fc1-1279138101 File size: 275456 bytes MD5...: 961304568d43d6ca2279cd28c7d1dc50 SHA1..: 21e20ee68c8943c36617921b7f86fe35845b1a4a SHA256: 333d587893e99ae9683c7ca2d6d07c77a156f6590e438db4069018ec0c186fc1 ssdeep: 6144:yJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS:IpqQas47hxKXpTjENH PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x8b3e50 timedatestamp.....: 0x483816fa (Sat May 24 13:24:10 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x872000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x873000 0x42000 0x41200 7.90 5be32b7bfdb9ce49771734d4c99b40fc .rsrc 0x8b5000 0x2000 0x1e00 3.01 0ddd8aaebea660b855da6ff56765c5a2 ( 10 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > ADVAPI32.dll: RegCloseKey > burutter.dll: - > comdlg32.dll: GetOpenFileNameA > DINPUT.dll: DirectInputCreateA > DSOUND.dll: - > GDI32.dll: BitBlt > SHELL32.dll: ShellExecuteA > USER32.dll: GetDC > zlib1.dll: gzopen ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda's Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) packers (Kaspersky): PE_Patch.UPX, UPX sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned packers (F-Prot): UPX Link to comment Share on other sites More sharing options...
Guest orlando Posted July 15, 2010 Report Share Posted July 15, 2010 Hello goodjohn1984, This file may be a worm, more information about epsxe.exe can be found here: http://www.auditmypc.com/process/epsxe.asp It's also true that might be a false positive and what to exclude must parse the file posted. These days I have so much to do and yet I can not help in the analysis. For now I can only say not to run the file and use extreme caution in everyday actions. Orlando Link to comment Share on other sites More sharing options...
alfred Posted July 15, 2010 Report Share Posted July 15, 2010 This is probably just a false positive, but just in case. ePSXe.exe http://www.virustotal.com/analisis/333d587...6fc1-1279138101 File size: 275456 bytes MD5...: 961304568d43d6ca2279cd28c7d1dc50 SHA1..: 21e20ee68c8943c36617921b7f86fe35845b1a4a SHA256: 333d587893e99ae9683c7ca2d6d07c77a156f6590e438db4069018ec0c186fc1 ssdeep: 6144:yJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS:IpqQas47hxKXpTjENH PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x8b3e50 timedatestamp.....: 0x483816fa (Sat May 24 13:24:10 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x872000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x873000 0x42000 0x41200 7.90 5be32b7bfdb9ce49771734d4c99b40fc .rsrc 0x8b5000 0x2000 0x1e00 3.01 0ddd8aaebea660b855da6ff56765c5a2 ( 10 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > ADVAPI32.dll: RegCloseKey > burutter.dll: - > comdlg32.dll: GetOpenFileNameA > DINPUT.dll: DirectInputCreateA > DSOUND.dll: - > GDI32.dll: BitBlt > SHELL32.dll: ShellExecuteA > USER32.dll: GetDC > zlib1.dll: gzopen ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: UPX compressed Win32 Executable (39.5%) Win32 EXE Yoda's Crypter (34.3%) Win32 Executable Generic (11.0%) Win32 Dynamic Link Library (generic) (9.8%) Generic Win/DOS Executable (2.5%) packers (Kaspersky): PE_Patch.UPX, UPX sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned packers (F-Prot): UPX That file is definitely Clean, not a virus. al Link to comment Share on other sites More sharing options...
Guest goodjohn1984 Posted July 15, 2010 Report Share Posted July 15, 2010 That file is definitely Clean, not a virus. al Thank you for letting me know. Link to comment Share on other sites More sharing options...
Guest goodjohn1984 Posted July 15, 2010 Report Share Posted July 15, 2010 Hello goodjohn1984, This file may be a worm, more information about epsxe.exe can be found here: http://www.auditmypc.com/process/epsxe.asp It's also true that might be a false positive and what to exclude must parse the file posted. These days I have so much to do and yet I can not help in the analysis. For now I can only say not to run the file and use extreme caution in everyday actions. Orlando Thank you for the advice. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.