Jump to content

CNEBJL

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Maniac, This is good news. You have been very helpful. Brad
  2. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: npjpi160_21.dll Submission date: 2010-10-11 19:22:22 (UTC) Current status: queued queued (#4) analysing finished Result: 0/ 43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.10.11.00 2010.10.11 - AntiVir 7.10.12.184 2010.10.11 - Antiy-AVL 2.0.3.7 2010.10.11 - Authentium 5.2.0.5 2010.10.11 - Avast 4.8.1351.0 2010.10.11 - Avast5 5.0.594.0 2010.10.11 - AVG 9.0.0.851 2010.10.11 - BitDefender 7.2 2010.10.11 - CAT-QuickHeal 11.00 2010.10.11 - ClamAV 0.96.2.0-git 2010.10.11 - Comodo 6356 2010.10.11 - DrWeb 5.0.2.03300 2010.10.11 - Emsisoft 5.0.0.50 2010.10.11 - eSafe 7.0.17.0 2010.10.11 - eTrust-Vet 36.1.7905 2010.10.11 - F-Prot 4.6.2.117 2010.10.11 - F-Secure 9.0.15370.0 2010.10.11 - Fortinet 4.2.249.0 2010.10.11 - GData 21 2010.10.11 - Ikarus T3.1.1.90.0 2010.10.11 - Jiangmin 13.0.900 2010.10.11 - K7AntiVirus 9.65.2724 2010.10.11 - Kaspersky 7.0.0.125 2010.10.11 - McAfee 5.400.0.1158 2010.10.11 - McAfee-GW-Edition 2010.1C 2010.10.11 - Microsoft 1.6201 2010.10.11 - NOD32 5521 2010.10.11 - Norman 6.06.07 2010.10.11 - nProtect 2010-10-11.01 2010.10.11 - Panda 10.0.2.7 2010.10.11 - PCTools 7.0.3.5 2010.10.11 - Prevx 3.0 2010.10.11 - Rising 22.69.00.01 2010.10.11 - Sophos 4.58.0 2010.10.11 - Sunbelt 7038 2010.10.11 - SUPERAntiSpyware 4.40.0.1006 2010.10.11 - Symantec 20101.2.0.161 2010.10.11 - TheHacker 6.7.0.1.054 2010.10.10 - TrendMicro 9.120.0.1004 2010.10.11 - TrendMicro-HouseCall 9.120.0.1004 2010.10.11 - VBA32 3.12.14.1 2010.10.11 - ViRobot 2010.10.4.4074 2010.10.11 - VirusBuster 12.67.13.0 2010.10.11 - Additional informationShow all MD5 : 0b3ac6c55a8f57ffeb18a9fc35a5e9cf SHA1 : 841e83d3936d8f9773c6f5a490a21bcbfa65a335 SHA256: 492187dd446140ce08e0f826909ed0dd63849efda1a2b51474ebd8a132dd7862 ssdeep: 1536:pOd/FcOQCVDpjaX8S7VzlddvEBIBeyOdLwYGFYDvMZAlnWPhVYmrL:Md/0cheh7Vz2BuOy SvmAlnWPhqm3 File size : 141088 bytes First seen: 2010-07-26 22:44:06 Last seen : 2010-10-11 19:22:22 TrID: DirectShow filter (52.6%) Windows OCX File (32.2%) Win32 Executable MS Visual C++ (generic) (9.8%) Win32 Executable Generic (2.2%) Win32 Dynamic Link Library (generic) (1.9%) sigcheck: publisher....: Sun Microsystems, Inc. copyright....: Copyright © 2010 product......: Java Platform SE 6 U21 description..: Classic Java Plug-in 1.6.0_21 for Netscape and Mozilla original name: npjpi160_21.dll internal name: Java Plug-in file version.: 6.0.210.7 comments.....: n/a signers......: Sun Microsystems, Inc. VeriSign Class 3 Code Signing 2009 CA Class 3 Public Primary Certification Authority - G2 signing date.: 2:00 PM 7/17/2010 verified.....: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x9EA7 timedatestamp....: 0x4C41A940 (Sat Jul 17 12:59:44 2010) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x100F1, 0x11000, 6.48, 564fffea0f838b9bb65d9c168e33a498 .rdata, 0x12000, 0x4CDE, 0x5000, 5.39, 39705d6a7e545362199733b4e6e24614 .data, 0x17000, 0x28E0, 0x1000, 2.32, 92079dabc6f13786c40d6a60a2fabd57 .rsrc, 0x1A000, 0x6808, 0x7000, 3.89, 0165e0f0942ce420ce3c151a5ab7ed93 .reloc, 0x21000, 0x1C5C, 0x2000, 4.96, a687e43049d04228ebce5530b4ec7b65 [[ 6 import(s) ]] ADVAPI32.dll: RegCloseKey, RegOpenKeyExA, RegQueryValueExA, RegDeleteKeyA, RegDeleteValueA, RegCreateKeyExA, RegSetValueExA, RegEnumKeyExA, RegQueryInfoKeyA KERNEL32.dll: GetProcAddress, MultiByteToWideChar, EnterCriticalSection, LeaveCriticalSection, lstrlenA, CloseHandle, ReleaseMutex, CreateEventA, GetModuleFileNameA, OpenEventA, WaitForSingleObject, CreateMutexA, GetCurrentProcessId, GetModuleHandleA, DisableThreadLibraryCalls, InterlockedIncrement, InterlockedDecrement, MulDiv, WideCharToMultiByte, lstrlenW, CreateProcessA, FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, lstrcmpiA, lstrcpynA, IsDBCSLeadByte, FlushInstructionCache, GetCurrentProcess, GetCurrentThreadId, GetCommandLineA, SetEnvironmentVariableA, GetEnvironmentVariableA, GetShortPathNameA, InterlockedCompareExchange, HeapFree, GetProcessHeap, HeapAlloc, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, lstrcatA, SetStdHandle, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, CompareStringW, CompareStringA, SetFilePointer, GetCPInfo, GetOEMCP, IsBadCodePtr, IsBadReadPtr, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, WriteFile, UnhandledExceptionFilter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, SetUnhandledExceptionFilter, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, HeapSize, TerminateProcess, IsBadWritePtr, HeapCreate, HeapDestroy, ExitProcess, HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualProtect, RtlUnwind, LoadLibraryA, GetLastError, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, FlushFileBuffers USER32.dll: UnregisterClassA, CallWindowProcA, SetWindowLongA, GetDlgItem, SetDlgItemTextA, LoadStringA, EndDialog, DrawTextA, FillRect, MessageBoxA, DestroyWindow, DefWindowProcA, GetActiveWindow, PtInRect, UnionRect, RegisterClassExA, GetClassInfoExA, LoadCursorA, wsprintfA, CreateWindowExA, CharNextA, BeginPaint, EndPaint, DialogBoxParamA, GetKeyState, InvalidateRect, IsWindow, GetParent, GetFocus, IsChild, SetFocus, ShowWindow, GetWindowLongA, GetDC, ReleaseDC, IntersectRect, EqualRect, OffsetRect, SetWindowRgn, SetWindowPos, GetClientRect ole32.dll: CoInitialize, CoCreateInstance, CLSIDFromString, OleRegEnumVerbs, OleRegGetUserType, CreateOleAdviseHolder, OleRegGetMiscStatus, OleLoadFromStream, WriteClassStm, OleSaveToStream, CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, CoUninitialize OLEAUT32.dll: -, -, -, -, -, -, -, - GDI32.dll: RestoreDC, DeleteDC, SetViewportOrgEx, SetWindowOrgEx, SetMapMode, SaveDC, LPtoDP, GetDeviceCaps, CreateDCA, CreateRectRgnIndirect [[ 11 export(s) ]] DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, NP_GetEntryPoints, NP_Initialize, NP_Shutdown, NSCanUnload, NSGetFactory, NSRegisterSelf, NSUnregisterSelf ExifTool: file metadata CharacterSet: Windows, Latin1 CodeSize: 69632 CompanyName: Sun Microsystems, Inc. EntryPoint: 0x9ea7 FileDescription: Classic Java Plug-in 1.6.0_21 for Netscape and Mozilla FileExtents: | FileFlagsMask: 0x003f FileOS: Win32 FileOpenName: Java Applet|JavaBeans FileSize: 138 kB FileSubtype: 0 FileType: Win32 DLL FileVersion: 6.0.210.7 FileVersionNumber: 6.0.210.7 FullVersion: 1.6.0_21-b07 ImageVersion: 0.0 InitializedDataSize: 69632 InternalName: Java Plug-in LanguageCode: English (U.S.) LegalCopyright: Copyright 2010 LinkerVersion: 7.1 MIMEType: application/x-java-applet;jpi-version=1.6.0_21|application/x-java-bean;jpi-version=1.6.0_21|application/x-java-applet;version=1.6|application/x-java-bean;version=1.6|application/x-java-applet;version=1.5|application/x-java-bean;version=1.5|application/x-java-applet;version=1.4|application/x-java-applet;version=1.4.1|application/x-java-applet;version=1.4.2|application/x-java-bean;version=1.4|application/x-java-bean;version=1.4.1|application/x-java-bean;version=1.4.2|application/x-java-applet;version=1.3|application/x-java-applet;version=1.3.1|application/x-java-bean;version=1.3|application/x-java-bean;version=1.3.1|application/x-java-applet;version=1.2|application/x-java-applet;version=1.2.1|application/x-java-applet;version=1.2.2|application/x-java-bean;version=1.2|application/x-java-bean;version=1.2.1|application/x-java-bean;version=1.2.2|application/x-java-applet;version=1.1|application/x-java-applet;version=1.1.1|application/x-java-applet;version=1.1.2|application/x-java-applet;version=1.1.3|application/x-java-bean;version=1.1|application/x-java-bean;version=1.1.1|application/x-java-bean;version=1.1.2|application/x-java-bean;version=1.1.3|application/x-java-applet|application/x-java-bean MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Dynamic link library OriginalFilename: npjpi160_21.dll PEType: PE32 ProductName: Java Platform SE 6 U21 ProductVersion: 6.0.210.7 ProductVersionNumber: 6.0.210.7 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2010:07:17 14:59:44+02:00 UninitializedDataSize: 0 VT Community
  3. The following text resulted from the upload: File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis: MD5: 0b3ac6c55a8f57ffeb18a9fc35a5e9cf Date first seen: 2010-07-26 22:44:06 (UTC) Date last seen: 2010-10-06 15:03:15 (UTC) Detection ratio: 0/43 What do you wish to do? Reanalyse View last report
  4. Below I have posted an entry from my HiJackThis log (reference NeroFilterCheck). My google search for NeroCheck.exe indicated normal path to be in Programs directory. Since this is in the system32 path I suspect this might be a trojan or malware. (?) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:18:54 AM, on 10/9/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe ~~~~~~~~~~~~~~~~~~~~~~ Below are 2 entries from my SpyBot log file. They appears to be the same with the exception of the following text: description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_21 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_21.dll Short name: NPJPI1~1.DLL Date (created): 7/17/2010 2:42:32 AM Date (last access): 10/1/2010 10:01:14 AM Date (last write): 7/17/2010 5:00:06 AM Filesize: 141088 Attributes: MD5: 0B3AC6C55A8F57FFEB18A9FC35A5E9CF CRC32: 1D07915B Version: 6.0.210.7 {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_21 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_21.dll Short name: NPJPI1~1.DLL Date (created): 7/17/2010 2:42:32 AM Date (last access): 10/9/2010 6:45:48 AM Date (last write): 7/17/2010 5:00:06 AM Filesize: 141088 Attributes: MD5: 0B3AC6C55A8F57FFEB18A9FC35A5E9CF CRC32: 1D07915B Version: 6.0.210.7 I am curious to know if this second entry is malware and if so, how to remove.. Any Suggestions would be most appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.