June 23rd, 2009, 06:25 PM
|
#4 (permalink)
|
| Anime Otaku
Join Date: Oct 2001 Location: Tampa, FL USA
Posts: 108,970
| Heuristics is probably returning a false positive due to UPX compression of the executable or similar. The manual is hosted on MSI's own servers, so it is doubtful the file has been compromised.
I scanned the executable with ClamWin and found no infection. Extracted the PDF, and loaded it to Abode Reader with no problem.
I also parsed it through VirusTotal to verify against multiple virus scan engines. Only one suspicious hit (by eSafe), and again, likely a false positive. Occasionally happens. No single virus engine is comprehensive, especially when it comes to heuristic analysis. Quote: |
Originally Posted by VirusTotal Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.23 -
AhnLab-V3 5.0.0.2 2009.06.23 -
AntiVir 7.9.0.193 2009.06.23 -
Antiy-AVL 2.0.3.1 2009.06.23 -
Authentium 5.1.2.4 2009.06.23 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.23 -
BitDefender 7.2 2009.06.23 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.23 -
Comodo 1401 2009.06.23 -
DrWeb 5.0.0.12182 2009.06.23 -
eSafe 7.0.17.0 2009.06.23 Suspicious File
eTrust-Vet 31.6.6575 2009.06.23 -
F-Prot 4.4.4.56 2009.06.23 -
F-Secure 8.0.14470.0 2009.06.23 -
Fortinet 3.117.0.0 2009.06.23 -
GData 19 2009.06.23 -
Ikarus T3.1.1.59.0 2009.06.23 -
Jiangmin 11.0.706 2009.06.23 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.23 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.23 -
Microsoft 1.4803 2009.06.23 -
NOD32 4181 2009.06.23 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.23 -
Panda 10.0.0.16 2009.06.23 -
PCTools 4.4.2.0 2009.06.22 -
Prevx 3.0 2009.06.23 -
Rising 21.35.14.00 2009.06.23 -
Sophos 4.42.0 2009.06.23 -
Sunbelt 3.2.1858.2 2009.06.23 -
Symantec 1.4.4.12 2009.06.23 -
TheHacker 6.3.4.3.351 2009.06.22 -
TrendMicro 8.950.0.1094 2009.06.23 -
VBA32 3.12.10.7 2009.06.23 -
ViRobot 2009.6.23.1800 2009.06.23 -
VirusBuster 4.6.5.0 2009.06.23 -
Additional information
File size: 1038247 bytes
MD5...: 0ffb81f1cec4f5af75ba83ebca0c4f4c
SHA1..: aaf37dba9905775bd9964dac32f44e1d8fcb8856
SHA256: e7459f9a0f53c546666ed5343ef5739f977aa18fcd002e3b8b 6d6375ef67247b
ssdeep: 24576:nHoiKqlqHBwolx/uWcSiWjmsAFsziBzAfDr3H3Tef:nHoiKqsHBdxRCFYi
Bsv3A
PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID..: File type identification
WinRAR Self Extracting archive (87.0%)
UPX compressed Win32 Executable (5.1%)
Win32 EXE Yoda's Crypter (4.4%)
Win32 Executable Generic (1.4%)
Win32 Dynamic Link Library (generic) (1.2%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x14870
timedatestamp.....: 0x3a9b8928 (Tue Feb 27 11:02:00 2001)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xf000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x10000 0x5000 0x4a00 7.89 1edeeea30fcf97f86ccc4e1c4bc949f5
.rsrc 0x15000 0x2000 0x1600 4.22 d1b6462c894a17f45e9c92e7aa1bfd6d
( 5 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
> ADVAPI32.DLL: RegCloseKey
> GDI32.DLL: DeleteObject
> SHELL32.DLL: SHGetMalloc
> USER32.DLL: SetFocus
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): UPX
packers (F-Prot): UPX, RAR |
__________________ Robert Richmond | TechIMO Community Relations Director
Infinite perceptions. One reality.
FanFiction.Net - Unleash your imagination. |
|  |