Jump to content

Epsxe.exe


Guest goodjohn1984

Recommended Posts

Guest goodjohn1984

This is probably just a false positive, but just in case.

 

ePSXe.exe

 

http://www.virustotal.com/analisis/333d587...6fc1-1279138101

 

File size: 275456 bytes

MD5...: 961304568d43d6ca2279cd28c7d1dc50

SHA1..: 21e20ee68c8943c36617921b7f86fe35845b1a4a

SHA256: 333d587893e99ae9683c7ca2d6d07c77a156f6590e438db4069018ec0c186fc1

ssdeep: 6144:yJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS:IpqQas47hxKXpTjENH

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x8b3e50

timedatestamp.....: 0x483816fa (Sat May 24 13:24:10 2008)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x872000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x873000 0x42000 0x41200 7.90 5be32b7bfdb9ce49771734d4c99b40fc

.rsrc 0x8b5000 0x2000 0x1e00 3.01 0ddd8aaebea660b855da6ff56765c5a2

 

( 10 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess

> ADVAPI32.dll: RegCloseKey

> burutter.dll: -

> comdlg32.dll: GetOpenFileNameA

> DINPUT.dll: DirectInputCreateA

> DSOUND.dll: -

> GDI32.dll: BitBlt

> SHELL32.dll: ShellExecuteA

> USER32.dll: GetDC

> zlib1.dll: gzopen

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

packers (Kaspersky): PE_Patch.UPX, UPX

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

packers (F-Prot): UPX

Link to comment
Share on other sites

Guest orlando

Hello goodjohn1984,

 

This file may be a worm, more information about epsxe.exe can be found here: http://www.auditmypc.com/process/epsxe.asp

 

It's also true that might be a false positive and what to exclude must parse the file posted. These days I have so much to do and yet I can not help in the analysis. For now I can only say not to run the file and use extreme caution in everyday actions.

 

Orlando

Link to comment
Share on other sites

This is probably just a false positive, but just in case.

 

ePSXe.exe

 

http://www.virustotal.com/analisis/333d587...6fc1-1279138101

 

File size: 275456 bytes

MD5...: 961304568d43d6ca2279cd28c7d1dc50

SHA1..: 21e20ee68c8943c36617921b7f86fe35845b1a4a

SHA256: 333d587893e99ae9683c7ca2d6d07c77a156f6590e438db4069018ec0c186fc1

ssdeep: 6144:yJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS:IpqQas47hxKXpTjENH

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x8b3e50

timedatestamp.....: 0x483816fa (Sat May 24 13:24:10 2008)

machinetype.......: 0x14c (I386)

 

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x872000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x873000 0x42000 0x41200 7.90 5be32b7bfdb9ce49771734d4c99b40fc

.rsrc 0x8b5000 0x2000 0x1e00 3.01 0ddd8aaebea660b855da6ff56765c5a2

 

( 10 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess

> ADVAPI32.dll: RegCloseKey

> burutter.dll: -

> comdlg32.dll: GetOpenFileNameA

> DINPUT.dll: DirectInputCreateA

> DSOUND.dll: -

> GDI32.dll: BitBlt

> SHELL32.dll: ShellExecuteA

> USER32.dll: GetDC

> zlib1.dll: gzopen

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

packers (Kaspersky): PE_Patch.UPX, UPX

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

packers (F-Prot): UPX

 

 

That file is definitely Clean, not a virus.

 

al

Link to comment
Share on other sites

Guest goodjohn1984

Hello goodjohn1984,

 

This file may be a worm, more information about epsxe.exe can be found here: http://www.auditmypc.com/process/epsxe.asp

 

It's also true that might be a false positive and what to exclude must parse the file posted. These days I have so much to do and yet I can not help in the analysis. For now I can only say not to run the file and use extreme caution in everyday actions.

 

Orlando

 

Thank you for the advice.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...