bonsoir,
J'ai fais la copie du fichier dans system 32, je l'ai analysé et d'après le lien donné, voilà le résultat :
Fichier wscript.exe reçu le 2009.06.14 20:17:01 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 1/40 (2.5%)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.14 -
AhnLab-V3 5.0.0.2 2009.06.14 -
AntiVir 7.9.0.187 2009.06.14 -
Antiy-AVL 2.0.3.1 2009.06.12 -
Authentium 5.1.2.4 2009.06.14 -
Avast 4.8.1335.0 2009.06.14 -
AVG 8.5.0.339 2009.06.14 -
BitDefender 7.2 2009.06.14 -
CAT-QuickHeal 10.00 2009.06.13 -
ClamAV 0.94.1 2009.06.14 -
Comodo 1328 2009.06.14 -
DrWeb 5.0.0.12182 2009.06.14 -
eSafe 7.0.17.0 2009.06.11 Win32.Autorun
eTrust-Vet 31.6.6556 2009.06.12 -
F-Prot 4.4.4.56 2009.06.14 -
F-Secure 8.0.14470.0 2009.06.13 -
Fortinet 3.117.0.0 2009.06.14 -
GData 19 2009.06.14 -
Ikarus T3.1.1.59.0 2009.06.14 -
K7AntiVirus 7.10.762 2009.06.12 -
Kaspersky 7.0.0.125 2009.06.14 -
McAfee 5646 2009.06.14 -
McAfee+Artemis 5646 2009.06.14 -
McAfee-GW-Edition 6.7.6 2009.06.14 -
Microsoft 1.4701 2009.06.14 -
NOD32 4153 2009.06.14 -
Norman 6.01.09 2009.06.12 -
nProtect 2009.1.8.0 2009.06.14 -
Panda 10.0.0.14 2009.06.14 -
PCTools 4.4.2.0 2009.06.12 -
Prevx 3.0 2009.06.14 -
Rising 21.33.62.00 2009.06.14 -
Sophos 4.42.0 2009.06.14 -
Sunbelt 3.2.1858.2 2009.06.14 -
Symantec 1.4.4.12 2009.06.14 -
TheHacker 6.3.4.3.345 2009.06.13 -
TrendMicro 8.950.0.1092 2009.06.12 -
VBA32 3.12.10.7 2009.06.14 -
ViRobot 2009.6.13.1785 2009.06.13 -
VirusBuster 4.6.5.0 2009.06.14 -
Information additionnelle
File size: 155648 bytes
MD5...: 1d57f948bd2fa464137165329877732b
SHA1..: 5b1c3174a613f789c01c059670d0c955901dac71
SHA256: 4b8f4746f16e7a91e2406d0b7eace8720b51250e35c7f53132d49606fb6b0460
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (75.0%)
Win32 Executable Generic (16.9%)
Generic Win/DOS Executable (3.9%)
DOS Executable Generic (3.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x2b73
timedatestamp.....: 0x473e4e90 (Sat Nov 17 02:14:40 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x173fc 0x18000 6.24 b502ad54c71a5fdef37f71d85a77889c
.data 0x19000 0x4dc 0x1000 0.33 d3358059beab53a6f00b52a4feb6de42
.rsrc 0x1a000 0x94d0 0xa000 4.01 0218acc184e81cf1b7e6f821df842024
.reloc 0x24000 0x1364 0x2000 4.84 2260febbba90fd4cfc6d88393df8157e
( 7 imports )
> ADVAPI32.dll: RegCreateKeyA, RegCloseKey, RegSetValueA, RegOpenKeyA, RegQueryValueA, RegDeleteKeyA, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, RegCreateKeyExA, RegOpenKeyExW, ImpersonateLoggedOnUser, RegisterEventSourceW, GetUserNameW, LookupAccountNameW, ReportEventW, DeregisterEventSource, IsTextUnicode, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegSetValueExA
> KERNEL32.dll: GetCommandLineA, lstrlenW, GetCommandLineW, HeapAlloc, HeapFree, GetProcessHeap, GetProcAddress, SearchPathW, FindResourceW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetVersionExW, GetLocaleInfoW, CreateFileMappingW, LoadLibraryExW, FindResourceExW, LoadResource, SetLastError, CreateFileW, GetFileSize, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, GetPrivateProfileIntW, GetPrivateProfileIntA, GetPrivateProfileStringW, GetPrivateProfileStringA, GetFullPathNameW, GetFullPathNameA, GetLocaleInfoA, LoadLibraryExA, GetUserDefaultLCID, LoadLibraryW, GetUserDefaultLangID, HeapReAlloc, GetStdHandle, GetConsoleMode, GetSystemDirectoryA, GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, FlushFileBuffers, GetCPInfo, GetFileAttributesW, FindFirstFileW, GetFileAttributesA, FindFirstFileA, FindClose, GetACP, CreateEventA, CreateThread, CloseHandle, SetEvent, FormatMessageW, LocalAlloc, LocalFree, FormatMessageA, GetVersionExA, GetModuleFileNameW, LoadLibraryA, FreeLibrary, lstrlenA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, RtlUnwind, OutputDebugStringA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCurrentThreadId, InterlockedIncrement, InterlockedCompareExchange, InterlockedExchange, InterlockedDecrement, ExitProcess, GetModuleHandleA, GetStartupInfoA, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetModuleFileNameA
> USER32.dll: GetMessageA, DispatchMessageA, GetActiveWindow, MessageBoxW, PostThreadMessageA, GetParent, TranslateMessage, PeekMessageA, MsgWaitForMultipleObjects, SendMessageA, PostMessageA, LoadStringW, LoadStringA, CharNextA, GetClassInfoA, RegisterClassA, CreateWindowExA, GetWindowLongA, SetWindowLongA, SetTimer, DefWindowProcA, PostQuitMessage, KillTimer, EnumThreadWindows, IsWindowVisible, GetClassNameA
> msvcrt.dll: __mb_cur_max, _vsnwprintf, _errno, _vsnprintf, memcpy, memmove, malloc, free, mbtowc, isleadbyte, _snprintf, _itoa, wctomb, ferror, _swab, wcsrchr, _itow, __badioinfo, __pioinfo, _fileno, _lseeki64, _write, _isatty, __3@YAXPAX@Z, wcsncmp, _wcsicmp, _wcsnicmp, _iob, __2@YAPAXI@Z, memset, _endthread, _beginthread, bsearch
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> ole32.dll: CLSIDFromProgID, MkParseDisplayName, CoGetClassObject, CoRegisterMessageFilter, CoInitializeSecurity, CreateFileMoniker, CreateBindCtx, CoMarshalInterThreadInterfaceInStream, CoGetInterfaceAndReleaseStream, CoUninitialize, CoInitialize, CoCreateInstance, CoRevokeClassObject, CoRegisterClassObject, StringFromCLSID, CoGetMalloc, CLSIDFromString
> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoW, GetFileVersionInfoSizeW
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=1d57f948bd2fa464137165329877732b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=1d57f948bd2fa464137165329877732b</a>
C'est grave Docteur?
a+