Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Europol virus - Hitman Pro kickstart
Message
<blockquote data-quote="debdon" data-source="post: 118699" data-attributes="member: 7715"><p>Virustotal results belw, systemlook txt file to follow</p><p></p><p>Virustotal </p><p>SHA256: 96d84e0416ce5f7daefcb3b047989ef4b6551e619b651e13e9fae93085ecb191 </p><p>SHA1: eeb71cf5a4fe016e6369d2c98a1c6bc9ecc2bcf1 </p><p>MD5: 06c8b39afd2cf1cf6a8fc7352bec7ced </p><p>File size: 288.5 KB ( 295424 bytes ) </p><p>File name: termsrv.exe </p><p>File type: Win32 DLL </p><p>Tags: pedll </p><p>Detection ratio: 0 / 46 </p><p>Analysis date: 2013-05-01 17:07:01 UTC ( 1 minute ago ) </p><p></p><p> 0 0 More details Analysis File detail </p><p>Additional information Comments Votes Antivirus Result Update </p><p>Agnitum 20130501 </p><p>AhnLab-V3 20130501 </p><p>AntiVir 20130501 </p><p>Antiy-AVL 20130501 </p><p>Avast 20130501 </p><p>AVG 20130501 </p><p>BitDefender 20130501 </p><p>ByteHero 20130430 </p><p>CAT-QuickHeal 20130430 </p><p>ClamAV 20130501 </p><p>Commtouch 20130501 </p><p>Comodo 20130501 </p><p>DrWeb 20130501 </p><p>Emsisoft 20130501 </p><p>eSafe 20130501 </p><p>ESET-NOD32 20130501 </p><p>F-Prot 20130501 </p><p>F-Secure 20130501 </p><p>Fortinet 20130501 </p><p>GData 20130501 </p><p>Ikarus 20130501 </p><p>Jiangmin 20130501 </p><p>K7AntiVirus 20130430 </p><p>K7GW 20130430 </p><p>Kaspersky 20130501 </p><p>Kingsoft 20130422 </p><p>Malwarebytes 20130501 </p><p>McAfee 20130501 </p><p>McAfee-GW-Edition 20130501 </p><p>Microsoft 20130501 </p><p>MicroWorld-eScan 20130501 </p><p>NANO-Antivirus 20130501 </p><p>Norman 20130501 </p><p>nProtect 20130501 </p><p>Panda 20130501 </p><p>PCTools 20130501 </p><p>Sophos 20130501 </p><p>SUPERAntiSpyware 20130501 </p><p>Symantec 20130501 </p><p>TheHacker 20130430 </p><p>TotalDefense 20130501 </p><p>TrendMicro 20130501 </p><p>TrendMicro-HouseCall 20130501 </p><p>VBA32 20130430 </p><p>VIPRE 20130501 </p><p>ViRobot 20130501 </p><p></p><p> An error occurred </p><p> An error occurred </p><p> An error occurred ssdeep6144:6Ub4QerW7bcH7bR/FKDag7zednX8kY0cGU4yBnmeB6ULCNe:6U0Qn7bcR0GYednJUhBnRIe </p><p>TrIDWin32 Dynamic Link Library (generic) (38.4%)</p><p>Win32 Executable (generic) (38.0%)</p><p>Generic Win/DOS Executable (11.7%)</p><p>DOS Executable Generic (11.6%)</p><p>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)</p><p> </p><p>ExifToolSubsystemVersion.........: 4.0</p><p>InitializedDataSize......: 69120</p><p>ImageVersion.............: 5.1</p><p>ProductName..............: Microsoft Windows Operating System</p><p>FileVersionNumber........: 5.1.2600.2180</p><p>UninitializedDataSize....: 0</p><p>LanguageCode.............: English (U.S.)</p><p>FileFlagsMask............: 0x003f</p><p>CharacterSet.............: Unicode</p><p>LinkerVersion............: 7.1</p><p>OriginalFilename.........: termsrv.exe</p><p>MIMEType.................: application/octet-stream</p><p>Subsystem................: Windows command line</p><p>FileVersion..............: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)</p><p>TimeStamp................: 2004:08:04 08:56:45+01:00</p><p>FileType.................: Win32 DLL</p><p>PEType...................: PE32</p><p>InternalName.............: termsrv.exe</p><p>FileAccessDate...........: 2013:05:01 18:07:08+01:00</p><p>ProductVersion...........: 5.1.2600.2180</p><p>FileDescription..........: Terminal Server Service</p><p>OSVersion................: 5.1</p><p>FileCreateDate...........: 2013:05:01 18:07:08+01:00</p><p>FileOS...................: Windows NT 32-bit</p><p>LegalCopyright...........: Microsoft Corporation. All rights reserved.</p><p>MachineType..............: Intel 386 or later, and compatibles</p><p>CompanyName..............: Microsoft Corporation</p><p>CodeSize.................: 260096</p><p>FileSubtype..............: 0</p><p>ProductVersionNumber.....: 5.1.2600.2180</p><p>EntryPoint...............: 0x2192e</p><p>ObjectFileType...........: Executable application </p><p>Sigcheckpublisher................: Microsoft Corporation</p><p>product..................: Microsoft_ Windows_ Operating System</p><p>internal name............: termsrv.exe</p><p>copyright................: (c) Microsoft Corporation. All rights reserved.</p><p>original name............: termsrv.exe</p><p>file version.............: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)</p><p>description..............: Terminal Server Service </p><p>Portable Executable structural informationCompilation timedatestamp.....: 2004-08-04 07:56:45</p><p>Target machine................: Intel 386 or later processors and compatible processors</p><p>Entry point address...........: 0x0002192E</p><p></p><p>PE Sections...................:</p><p></p><p>Name Virtual Address Virtual Size Raw Size Entropy MD5</p><p>.text 4096 259690 260096 6.61 571983960a885ab7c451cea5a252310e</p><p>.data 266240 38968 4608 5.41 b6f46a64f3515283049d0afa87288aef</p><p>.rsrc 307200 15968 16384 3.25 39d3d9c93594b5868500536d35c7df36</p><p>.reloc 323584 12992 13312 6.19 12ab2d7046bd30c66e6b657741a2dfce</p><p></p><p>PE Imports....................:</p><p></p><p>[[SHLWAPI.dll]]</p><p>PathAppendA</p><p></p><p>[[AUTHZ.dll]]</p><p>AuthzFreeResourceManager, AuthziInitializeAuditParamsWithRM, AuthzInitializeResourceManager, AuthziInitializeAuditEventType, AuthziFreeAuditParams, AuthzFreeAuditEvent, AuthziAllocateAuditParams, AuthziLogAuditEvent, AuthziFreeAuditEventType, AuthziInitializeAuditEvent</p><p></p><p>[[SETUPAPI.dll]]</p><p>SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList</p><p></p><p>[[ICAAPI.dll]]</p><p>IcaChannelOpen, IcaStackConnectionClose, IcaClose, IcaStackTerminate, IcaChannelClose, IcaChannelIoControl, IcaStackIoControl, IcaOpen, IcaStackConnectionRequest, IcaStackUnlock, IcaStackConnectionWait, IcaStackDisconnect, _IcaStackIoControl, IcaPushConsoleStack, IcaIoControl, IcaStackClose, IcaStackOpen, IcaStackReconnect, IcaStackCallback, IcaStackConnectionAccept</p><p></p><p>[[WINTRUST.dll]]</p><p>CryptCATAdminReleaseCatalogContext, CryptCATCatalogInfoFromContext, WTHelperGetProvSignerFromChain, WinVerifyTrust, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseContext, WTHelperProvDataFromStateData, CryptCATAdminAcquireContext</p><p></p><p>[[SHELL32.dll]]</p><p>SHGetFolderPathA</p><p></p><p>[[KERNEL32.dll]]</p><p>LocalSize, ReleaseMutex, FileTimeToSystemTime, WaitForSingleObject, GetDriveTypeA, DebugBreak, GetLocalTime, DeleteCriticalSection, GetCurrentProcess, OpenFileMappingW, LocalAlloc, GetVolumeInformationW, lstrcatW, WideCharToMultiByte, InterlockedExchange, WriteFile, GetProfileIntW, GetSystemTimeAsFileTime, GetDiskFreeSpaceA, FreeLibrary, LocalFree, FormatMessageW, ResumeThread, GetLogicalDriveStringsA, InitializeCriticalSection, InterlockedDecrement, QueryDosDeviceW, OutputDebugStringA, SetLastError, IsBadWritePtr, GetSystemTime, IsDebuggerPresent, HeapAlloc, lstrcmpiW, GetVolumeInformationA, LoadLibraryExA, SetThreadPriority, DelayLoadFailureHook, GetSystemDefaultLCID, MultiByteToWideChar, VerifyVersionInfoW, GetModuleHandleA, CreateThread, GetSystemDirectoryW, GetExitCodeThread, SetUnhandledExceptionFilter, CreateMutexW, ExitThread, TerminateProcess, GetVersion, SetWaitableTimer, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, LoadLibraryW, GetVersionExW, SetEvent, QueryPerformanceCounter, GetTickCount, DisableThreadLibraryCalls, GetVersionExA, LoadLibraryA, GetWindowsDirectoryW, GetFileSize, OpenProcess, GetDateFormatW, WaitForMultipleObjects, GetProcessHeap, CreateWaitableTimerW, GetProfileStringW, lstrcpyW, lstrcpyA, ResetEvent, GetComputerNameExW, GetComputerNameA, GlobalMemoryStatus, GetProcAddress, GetProcessAffinityMask, CreateEventW, CreateFileW, CreateFileA, InterlockedIncrement, GetLastError, SystemTimeToFileTime, GetComputerNameW, GetSystemInfo, lstrlenA, lstrlenW, UnregisterWait, GetCurrentProcessId, ProcessIdToSessionId, RegisterWaitForSingleObject, SetThreadAffinityMask, InterlockedCompareExchange, GetCurrentThread, lstrcpynW, UnhandledExceptionFilter, MapViewOfFile, SetFilePointer, ReadFile, PulseEvent, CloseHandle, OpenMutexW, GetACP, GetCurrentThreadId, CompareFileTime, UnmapViewOfFile, OpenEventW, CreateProcessW, Sleep, IsBadReadPtr</p><p></p><p>[[msvcrt.dll]]</p><p>strncmp, _purecall, malloc, _wcsupr, _ftol, wcschr, _stricmp, _snwprintf, swprintf, strncpy, _except_handler3, wcscmp, ??2@YAPAXI@Z, qsort, _mbslen, wcslen, mktime, wcsncat, sprintf, _snprintf, mbstowcs, wcsrchr, _adjust_fdiv, __CxxFrameHandler, _wcsicmp, _wcsnicmp, wcsncpy, ??3@YAXPAX@Z, gmtime, free, wcscat, _wtol, memmove, swscanf, wcscpy, iswdigit, wcstok, time, _initterm</p><p></p><p>[[Secur32.dll]]</p><p>GetUserNameExW</p><p></p><p>[[CRYPT32.dll]]</p><p>CertEnumCertificatesInStore, CertOpenStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFreeCertificateContext, CertGetIssuerCertificateFromStore, CertCloseStore, CertFindExtension, CertDuplicateCertificateContext, CertVerifyCertificateChainPolicy, CryptDecodeObject, CertCreateCertificateContext, CryptBinaryToStringW, CertVerifySubjectCertificateContext, CryptVerifyCertificateSignature</p><p></p><p>[[ntdll.dll]]</p><p>RtlConvertSharedToExclusive, RtlCreateSecurityDescriptor, NtRequestPort, RtlSetGroupSecurityDescriptor, NtOpenThreadToken, NtCreateEvent, RtlWriteRegistryValue, RtlInitializeCriticalSection, RtlDeleteAce, RtlAllocateAndInitializeSid, NtDelayExecution, NtOpenSymbolicLinkObject, RtlInsertElementGenericTable, RtlLengthRequiredSid, RtlCreateRegistryKey, RtlAddAccessAllowedAce, NtCreatePort, RtlAllocateHeap, RtlIntegerToUnicodeString, RtlNtStatusToDosError, NtWaitForSingleObject, RtlFreeUnicodeString, RtlAppendUnicodeToString, RtlInitializeSid, NtReplyWaitReceivePort, NtDuplicateToken, RtlLengthSecurityDescriptor, NtSetTimer, RtlpNtEnumerateSubKey, NtSetEvent, NtQueryDirectoryObject, RtlAcquireResourceExclusive, NtQueryValueKey, NtQueryVirtualMemory, VerSetConditionMask, NtCompleteConnectPort, NtResetEvent, NtDeviceIoControlFile, RtlCopySid, NtCreateDirectoryObject, RtlGetAce, NtQuerySystemInformation, RtlDeleteResource, RtlLookupElementGenericTable, NtQuerySystemTime, RtlQueryInformationAcl, NtConnectPort, RtlEnterCriticalSection, RtlDeleteCriticalSection, NtQueryMutant, DbgBreakPoint, RtlSetDaclSecurityDescriptor, RtlFreeSid, NtReleaseMutant, RtlAdjustPrivilege, NtCreateTimer, RtlCompareMemory, RtlInitUnicodeString, RtlSubAuthoritySid, RtlConvertExclusiveToShared, NtReplyPort, NtTerminateProcess, RtlAcquireResourceShared, RtlSetProcessIsCritical, NtSetSecurityObject, NtWaitForMultipleObjects, NtAllocateVirtualMemory, RtlInitializeGenericTable, RtlCreateEnvironment, RtlAnsiStringToUnicodeString, RtlGetDaclSecurityDescriptor, RtlMapGenericMask, RtlExtendedLargeIntegerDivide, NtRequestWaitReplyPort, RtlLeaveCriticalSection, RtlLengthSid, RtlEqualSid, NtCreateSection, RtlInitAnsiString, NtOpenProcessToken, RtlCreateAcl, NtDuplicateObject, NtOpenProcess, NtClose, NtQueryInformationToken, NtSetInformationThread, NtFreeVirtualMemory, DbgPrint, RtlQueryRegistryValues, RtlDeleteElementGenericTable, RtlPrefixUnicodeString, RtlGetOwnerSecurityDescriptor, NtAcceptConnectPort, RtlCreateUserSecurityObject, RtlFreeHeap, RtlGetGroupSecurityDescriptor, NtCreateMutant, NtOpenKey, RtlInitializeResource, NtQuerySecurityObject, RtlReleaseResource, RtlCopySecurityDescriptor, NtQueryInformationProcess</p><p></p><p>[[ADVAPI32.dll]]</p><p>CryptDestroyKey, RegCreateKeyExW, RegCloseKey, LookupAccountSidW, RegQueryValueExA, GetAce, SetServiceBits, CryptVerifySignatureW, LsaNtStatusToWinError, RegOpenKeyExW, RegNotifyChangeKeyValue, OpenThreadToken, CryptHashData, GetAclInformation, RegQueryValueExW, CryptImportKey, CryptCreateHash, SetSecurityDescriptorDacl, GetSidSubAuthorityCount, GetSidSubAuthority, RegisterEventSourceW, OpenProcessToken, DeregisterEventSource, MakeAbsoluteSD, SetServiceStatus, AddAccessAllowedAce, RegEnumKeyW, LsaStorePrivateData, LsaCreateSecret, LsaDelete, RegOpenKeyW, GetSidIdentifierAuthority, RegOpenKeyExA, LsaSetSecret, LsaOpenPolicy, I_ScSendTSMessage, CheckTokenMembership, GetTokenInformation, LsaFreeMemory, CryptReleaseContext, GetUserNameW, IsValidSid, AccessCheckAndAuditAlarmW, RegisterServiceCtrlHandlerW, GetSecurityDescriptorDacl, CryptGenRandom, LsaOpenSecret, CryptAcquireContextW, GetUserNameA, RegEnumKeyExW, GetLengthSid, ElfReportEventW, RegEnumKeyExA, CryptDestroyHash, ElfRegisterEventSourceW, LsaQueryInformationPolicy, SetEntriesInAclW, LogonUserW, RegSetValueExW, RegDeleteValueW, MakeSelfRelativeSD, GetCurrentHwProfileA, ReportEventW, AllocateAndInitializeSid, InitializeSecurityDescriptor, LsaClose, InitializeAcl, EqualSid, IsValidSecurityDescriptor, LsaRetrievePrivateData, LsaQuerySecret, AddAce, GetEventLogInformation</p><p></p><p>[[RPCRT4.dll]]</p><p>I_RpcBindingIsClientLocal, RpcRevertToSelf, NdrServerCall2, RpcServerRegisterIfEx, RpcServerRegisterIf, RpcStringBindingParseW, RpcSsContextLockExclusive, RpcBindingToStringBindingW, RpcImpersonateClient, RpcServerListen, I_RpcBindingInqLocalClientPID, RpcServerRegisterAuthInfoW, RpcRaiseException, RpcStringFreeW, RpcServerInqDefaultPrincNameW, RpcServerUseProtseqEpW</p><p></p><p>[[mstlsapi.dll]]</p><p>Ord(132), Ord(134), Ord(24), Ord(39), Ord(33), Ord(40), Ord(35), Ord(131), Ord(133), Ord(43), Ord(135), Ord(6), Ord(34), Ord(25), Ord(26), Ord(36), Ord(10), Ord(38), Ord(30), Ord(29), Ord(32), Ord(41)</p><p></p><p>[[WS2_32.dll]]</p><p>Ord(12), getaddrinfo, Ord(11), Ord(111), Ord(115), Ord(52)</p><p></p><p>[[USER32.dll]]</p><p>GetCursorPos, wsprintfA, GetSystemMetrics, BroadcastSystemMessageA, LoadStringW, wvsprintfA, wsprintfW, GetMessageTime, MessageBeep, ExitWindowsEx</p><p></p><p>[[OLEAUT32.dll]]</p><p>Ord(24), Ord(149), Ord(23), Ord(6), Ord(16), Ord(4), Ord(15), Ord(8), Ord(2), Ord(9)</p><p></p><p></p><p>PE Exports....................:</p><p></p><p>ServiceMain</p><p></p><p></p><p>PE Resources..................:</p><p></p><p>Resource type Number of resources</p><p>RT_STRING 5</p><p>RT_MESSAGETABLE 1</p><p>RT_VERSION 1</p><p></p><p>Resource language Number of resources</p><p>ENGLISH US 7 </p><p>Symantec ReputationSuspicious.Insight </p><p>ClamAV PUA EnginePossibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en . </p><p>First seen by VirusTotal2010-08-12 16:32:28 UTC ( 2 years, 8 months ago ) </p><p>Last seen by VirusTotal2013-05-01 17:07:01 UTC ( 1 minute ago ) </p><p>File names (max. 25)termsrv.dll 06c8b39afd2cf1cf6a8fc7352bec7ced termsrv.dll termsrv.exe 06c8b39afd2cf1cf6a8fc7352bec7ced 06C8B39AFD2CF1CF6A8FC7352BEC7CED termsrv.dll.tmp </p><p></p><p>No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so! More comments Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ </p><p> Remove Formatting </p><p> </p><p> </p><p> Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! </p><p>Sign in Join the community </p><p>No votes. No one has voted on this item yet, be the first one to do so! More votes Blog | Twitter | contact@virustotal.com| Google groups | ToS | Privacy policy scan results as follows;</p></blockquote><p></p>
[QUOTE="debdon, post: 118699, member: 7715"] Virustotal results belw, systemlook txt file to follow Virustotal SHA256: 96d84e0416ce5f7daefcb3b047989ef4b6551e619b651e13e9fae93085ecb191 SHA1: eeb71cf5a4fe016e6369d2c98a1c6bc9ecc2bcf1 MD5: 06c8b39afd2cf1cf6a8fc7352bec7ced File size: 288.5 KB ( 295424 bytes ) File name: termsrv.exe File type: Win32 DLL Tags: pedll Detection ratio: 0 / 46 Analysis date: 2013-05-01 17:07:01 UTC ( 1 minute ago ) 0 0 More details Analysis File detail Additional information Comments Votes Antivirus Result Update Agnitum 20130501 AhnLab-V3 20130501 AntiVir 20130501 Antiy-AVL 20130501 Avast 20130501 AVG 20130501 BitDefender 20130501 ByteHero 20130430 CAT-QuickHeal 20130430 ClamAV 20130501 Commtouch 20130501 Comodo 20130501 DrWeb 20130501 Emsisoft 20130501 eSafe 20130501 ESET-NOD32 20130501 F-Prot 20130501 F-Secure 20130501 Fortinet 20130501 GData 20130501 Ikarus 20130501 Jiangmin 20130501 K7AntiVirus 20130430 K7GW 20130430 Kaspersky 20130501 Kingsoft 20130422 Malwarebytes 20130501 McAfee 20130501 McAfee-GW-Edition 20130501 Microsoft 20130501 MicroWorld-eScan 20130501 NANO-Antivirus 20130501 Norman 20130501 nProtect 20130501 Panda 20130501 PCTools 20130501 Sophos 20130501 SUPERAntiSpyware 20130501 Symantec 20130501 TheHacker 20130430 TotalDefense 20130501 TrendMicro 20130501 TrendMicro-HouseCall 20130501 VBA32 20130430 VIPRE 20130501 ViRobot 20130501 An error occurred An error occurred An error occurred ssdeep6144:6Ub4QerW7bcH7bR/FKDag7zednX8kY0cGU4yBnmeB6ULCNe:6U0Qn7bcR0GYednJUhBnRIe TrIDWin32 Dynamic Link Library (generic) (38.4%) Win32 Executable (generic) (38.0%) Generic Win/DOS Executable (11.7%) DOS Executable Generic (11.6%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ExifToolSubsystemVersion.........: 4.0 InitializedDataSize......: 69120 ImageVersion.............: 5.1 ProductName..............: Microsoft Windows Operating System FileVersionNumber........: 5.1.2600.2180 UninitializedDataSize....: 0 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f CharacterSet.............: Unicode LinkerVersion............: 7.1 OriginalFilename.........: termsrv.exe MIMEType.................: application/octet-stream Subsystem................: Windows command line FileVersion..............: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) TimeStamp................: 2004:08:04 08:56:45+01:00 FileType.................: Win32 DLL PEType...................: PE32 InternalName.............: termsrv.exe FileAccessDate...........: 2013:05:01 18:07:08+01:00 ProductVersion...........: 5.1.2600.2180 FileDescription..........: Terminal Server Service OSVersion................: 5.1 FileCreateDate...........: 2013:05:01 18:07:08+01:00 FileOS...................: Windows NT 32-bit LegalCopyright...........: Microsoft Corporation. All rights reserved. MachineType..............: Intel 386 or later, and compatibles CompanyName..............: Microsoft Corporation CodeSize.................: 260096 FileSubtype..............: 0 ProductVersionNumber.....: 5.1.2600.2180 EntryPoint...............: 0x2192e ObjectFileType...........: Executable application Sigcheckpublisher................: Microsoft Corporation product..................: Microsoft_ Windows_ Operating System internal name............: termsrv.exe copyright................: (c) Microsoft Corporation. All rights reserved. original name............: termsrv.exe file version.............: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) description..............: Terminal Server Service Portable Executable structural informationCompilation timedatestamp.....: 2004-08-04 07:56:45 Target machine................: Intel 386 or later processors and compatible processors Entry point address...........: 0x0002192E PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 259690 260096 6.61 571983960a885ab7c451cea5a252310e .data 266240 38968 4608 5.41 b6f46a64f3515283049d0afa87288aef .rsrc 307200 15968 16384 3.25 39d3d9c93594b5868500536d35c7df36 .reloc 323584 12992 13312 6.19 12ab2d7046bd30c66e6b657741a2dfce PE Imports....................: [[SHLWAPI.dll]] PathAppendA [[AUTHZ.dll]] AuthzFreeResourceManager, AuthziInitializeAuditParamsWithRM, AuthzInitializeResourceManager, AuthziInitializeAuditEventType, AuthziFreeAuditParams, AuthzFreeAuditEvent, AuthziAllocateAuditParams, AuthziLogAuditEvent, AuthziFreeAuditEventType, AuthziInitializeAuditEvent [[SETUPAPI.dll]] SetupDiGetDeviceRegistryPropertyA, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiDestroyDeviceInfoList [[ICAAPI.dll]] IcaChannelOpen, IcaStackConnectionClose, IcaClose, IcaStackTerminate, IcaChannelClose, IcaChannelIoControl, IcaStackIoControl, IcaOpen, IcaStackConnectionRequest, IcaStackUnlock, IcaStackConnectionWait, IcaStackDisconnect, _IcaStackIoControl, IcaPushConsoleStack, IcaIoControl, IcaStackClose, IcaStackOpen, IcaStackReconnect, IcaStackCallback, IcaStackConnectionAccept [[WINTRUST.dll]] CryptCATAdminReleaseCatalogContext, CryptCATCatalogInfoFromContext, WTHelperGetProvSignerFromChain, WinVerifyTrust, CryptCATAdminCalcHashFromFileHandle, CryptCATAdminEnumCatalogFromHash, CryptCATAdminReleaseContext, WTHelperProvDataFromStateData, CryptCATAdminAcquireContext [[SHELL32.dll]] SHGetFolderPathA [[KERNEL32.dll]] LocalSize, ReleaseMutex, FileTimeToSystemTime, WaitForSingleObject, GetDriveTypeA, DebugBreak, GetLocalTime, DeleteCriticalSection, GetCurrentProcess, OpenFileMappingW, LocalAlloc, GetVolumeInformationW, lstrcatW, WideCharToMultiByte, InterlockedExchange, WriteFile, GetProfileIntW, GetSystemTimeAsFileTime, GetDiskFreeSpaceA, FreeLibrary, LocalFree, FormatMessageW, ResumeThread, GetLogicalDriveStringsA, InitializeCriticalSection, InterlockedDecrement, QueryDosDeviceW, OutputDebugStringA, SetLastError, IsBadWritePtr, GetSystemTime, IsDebuggerPresent, HeapAlloc, lstrcmpiW, GetVolumeInformationA, LoadLibraryExA, SetThreadPriority, DelayLoadFailureHook, GetSystemDefaultLCID, MultiByteToWideChar, VerifyVersionInfoW, GetModuleHandleA, CreateThread, GetSystemDirectoryW, GetExitCodeThread, SetUnhandledExceptionFilter, CreateMutexW, ExitThread, TerminateProcess, GetVersion, SetWaitableTimer, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, LoadLibraryW, GetVersionExW, SetEvent, QueryPerformanceCounter, GetTickCount, DisableThreadLibraryCalls, GetVersionExA, LoadLibraryA, GetWindowsDirectoryW, GetFileSize, OpenProcess, GetDateFormatW, WaitForMultipleObjects, GetProcessHeap, CreateWaitableTimerW, GetProfileStringW, lstrcpyW, lstrcpyA, ResetEvent, GetComputerNameExW, GetComputerNameA, GlobalMemoryStatus, GetProcAddress, GetProcessAffinityMask, CreateEventW, CreateFileW, CreateFileA, InterlockedIncrement, GetLastError, SystemTimeToFileTime, GetComputerNameW, GetSystemInfo, lstrlenA, lstrlenW, UnregisterWait, GetCurrentProcessId, ProcessIdToSessionId, RegisterWaitForSingleObject, SetThreadAffinityMask, InterlockedCompareExchange, GetCurrentThread, lstrcpynW, UnhandledExceptionFilter, MapViewOfFile, SetFilePointer, ReadFile, PulseEvent, CloseHandle, OpenMutexW, GetACP, GetCurrentThreadId, CompareFileTime, UnmapViewOfFile, OpenEventW, CreateProcessW, Sleep, IsBadReadPtr [[msvcrt.dll]] strncmp, _purecall, malloc, _wcsupr, _ftol, wcschr, _stricmp, _snwprintf, swprintf, strncpy, _except_handler3, wcscmp, ??2@YAPAXI@Z, qsort, _mbslen, wcslen, mktime, wcsncat, sprintf, _snprintf, mbstowcs, wcsrchr, _adjust_fdiv, __CxxFrameHandler, _wcsicmp, _wcsnicmp, wcsncpy, ??3@YAXPAX@Z, gmtime, free, wcscat, _wtol, memmove, swscanf, wcscpy, iswdigit, wcstok, time, _initterm [[Secur32.dll]] GetUserNameExW [[CRYPT32.dll]] CertEnumCertificatesInStore, CertOpenStore, CertComparePublicKeyInfo, CryptExportPublicKeyInfo, CertFreeCertificateContext, CertGetIssuerCertificateFromStore, CertCloseStore, CertFindExtension, CertDuplicateCertificateContext, CertVerifyCertificateChainPolicy, CryptDecodeObject, CertCreateCertificateContext, CryptBinaryToStringW, CertVerifySubjectCertificateContext, CryptVerifyCertificateSignature [[ntdll.dll]] RtlConvertSharedToExclusive, RtlCreateSecurityDescriptor, NtRequestPort, RtlSetGroupSecurityDescriptor, NtOpenThreadToken, NtCreateEvent, RtlWriteRegistryValue, RtlInitializeCriticalSection, RtlDeleteAce, RtlAllocateAndInitializeSid, NtDelayExecution, NtOpenSymbolicLinkObject, RtlInsertElementGenericTable, RtlLengthRequiredSid, RtlCreateRegistryKey, RtlAddAccessAllowedAce, NtCreatePort, RtlAllocateHeap, RtlIntegerToUnicodeString, RtlNtStatusToDosError, NtWaitForSingleObject, RtlFreeUnicodeString, RtlAppendUnicodeToString, RtlInitializeSid, NtReplyWaitReceivePort, NtDuplicateToken, RtlLengthSecurityDescriptor, NtSetTimer, RtlpNtEnumerateSubKey, NtSetEvent, NtQueryDirectoryObject, RtlAcquireResourceExclusive, NtQueryValueKey, NtQueryVirtualMemory, VerSetConditionMask, NtCompleteConnectPort, NtResetEvent, NtDeviceIoControlFile, RtlCopySid, NtCreateDirectoryObject, RtlGetAce, NtQuerySystemInformation, RtlDeleteResource, RtlLookupElementGenericTable, NtQuerySystemTime, RtlQueryInformationAcl, NtConnectPort, RtlEnterCriticalSection, RtlDeleteCriticalSection, NtQueryMutant, DbgBreakPoint, RtlSetDaclSecurityDescriptor, RtlFreeSid, NtReleaseMutant, RtlAdjustPrivilege, NtCreateTimer, RtlCompareMemory, RtlInitUnicodeString, RtlSubAuthoritySid, RtlConvertExclusiveToShared, NtReplyPort, NtTerminateProcess, RtlAcquireResourceShared, RtlSetProcessIsCritical, NtSetSecurityObject, NtWaitForMultipleObjects, NtAllocateVirtualMemory, RtlInitializeGenericTable, RtlCreateEnvironment, RtlAnsiStringToUnicodeString, RtlGetDaclSecurityDescriptor, RtlMapGenericMask, RtlExtendedLargeIntegerDivide, NtRequestWaitReplyPort, RtlLeaveCriticalSection, RtlLengthSid, RtlEqualSid, NtCreateSection, RtlInitAnsiString, NtOpenProcessToken, RtlCreateAcl, NtDuplicateObject, NtOpenProcess, NtClose, NtQueryInformationToken, NtSetInformationThread, NtFreeVirtualMemory, DbgPrint, RtlQueryRegistryValues, RtlDeleteElementGenericTable, RtlPrefixUnicodeString, RtlGetOwnerSecurityDescriptor, NtAcceptConnectPort, RtlCreateUserSecurityObject, RtlFreeHeap, RtlGetGroupSecurityDescriptor, NtCreateMutant, NtOpenKey, RtlInitializeResource, NtQuerySecurityObject, RtlReleaseResource, RtlCopySecurityDescriptor, NtQueryInformationProcess [[ADVAPI32.dll]] CryptDestroyKey, RegCreateKeyExW, RegCloseKey, LookupAccountSidW, RegQueryValueExA, GetAce, SetServiceBits, CryptVerifySignatureW, LsaNtStatusToWinError, RegOpenKeyExW, RegNotifyChangeKeyValue, OpenThreadToken, CryptHashData, GetAclInformation, RegQueryValueExW, CryptImportKey, CryptCreateHash, SetSecurityDescriptorDacl, GetSidSubAuthorityCount, GetSidSubAuthority, RegisterEventSourceW, OpenProcessToken, DeregisterEventSource, MakeAbsoluteSD, SetServiceStatus, AddAccessAllowedAce, RegEnumKeyW, LsaStorePrivateData, LsaCreateSecret, LsaDelete, RegOpenKeyW, GetSidIdentifierAuthority, RegOpenKeyExA, LsaSetSecret, LsaOpenPolicy, I_ScSendTSMessage, CheckTokenMembership, GetTokenInformation, LsaFreeMemory, CryptReleaseContext, GetUserNameW, IsValidSid, AccessCheckAndAuditAlarmW, RegisterServiceCtrlHandlerW, GetSecurityDescriptorDacl, CryptGenRandom, LsaOpenSecret, CryptAcquireContextW, GetUserNameA, RegEnumKeyExW, GetLengthSid, ElfReportEventW, RegEnumKeyExA, CryptDestroyHash, ElfRegisterEventSourceW, LsaQueryInformationPolicy, SetEntriesInAclW, LogonUserW, RegSetValueExW, RegDeleteValueW, MakeSelfRelativeSD, GetCurrentHwProfileA, ReportEventW, AllocateAndInitializeSid, InitializeSecurityDescriptor, LsaClose, InitializeAcl, EqualSid, IsValidSecurityDescriptor, LsaRetrievePrivateData, LsaQuerySecret, AddAce, GetEventLogInformation [[RPCRT4.dll]] I_RpcBindingIsClientLocal, RpcRevertToSelf, NdrServerCall2, RpcServerRegisterIfEx, RpcServerRegisterIf, RpcStringBindingParseW, RpcSsContextLockExclusive, RpcBindingToStringBindingW, RpcImpersonateClient, RpcServerListen, I_RpcBindingInqLocalClientPID, RpcServerRegisterAuthInfoW, RpcRaiseException, RpcStringFreeW, RpcServerInqDefaultPrincNameW, RpcServerUseProtseqEpW [[mstlsapi.dll]] Ord(132), Ord(134), Ord(24), Ord(39), Ord(33), Ord(40), Ord(35), Ord(131), Ord(133), Ord(43), Ord(135), Ord(6), Ord(34), Ord(25), Ord(26), Ord(36), Ord(10), Ord(38), Ord(30), Ord(29), Ord(32), Ord(41) [[WS2_32.dll]] Ord(12), getaddrinfo, Ord(11), Ord(111), Ord(115), Ord(52) [[USER32.dll]] GetCursorPos, wsprintfA, GetSystemMetrics, BroadcastSystemMessageA, LoadStringW, wvsprintfA, wsprintfW, GetMessageTime, MessageBeep, ExitWindowsEx [[OLEAUT32.dll]] Ord(24), Ord(149), Ord(23), Ord(6), Ord(16), Ord(4), Ord(15), Ord(8), Ord(2), Ord(9) PE Exports....................: ServiceMain PE Resources..................: Resource type Number of resources RT_STRING 5 RT_MESSAGETABLE 1 RT_VERSION 1 Resource language Number of resources ENGLISH US 7 Symantec ReputationSuspicious.Insight ClamAV PUA EnginePossibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en . First seen by VirusTotal2010-08-12 16:32:28 UTC ( 2 years, 8 months ago ) Last seen by VirusTotal2013-05-01 17:07:01 UTC ( 1 minute ago ) File names (max. 25)termsrv.dll 06c8b39afd2cf1cf6a8fc7352bec7ced termsrv.dll termsrv.exe 06c8b39afd2cf1cf6a8fc7352bec7ced 06C8B39AFD2CF1CF6A8FC7352BEC7CED termsrv.dll.tmp No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so! More comments Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ▼ Remove Formatting Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice! Sign in Join the community No votes. No one has voted on this item yet, be the first one to do so! More votes Blog | Twitter | contact@virustotal.com| Google groups | ToS | Privacy policy scan results as follows; [/QUOTE]
Insert quotes…
Verification
Post reply
Top
