Wireshark-users: Re: [Wireshark-users] Wireshark v1.2.0's msvcp90.dll real or FP?
From: Phillip Pi <ant@xxxxxxxxxx>
Date: Mon, 22 Jun 2009 11:17:39 -0700
On Mon, Jun 22, 2009 at 10:56:12AM -0700, Gerald Combs wrote:

> > Strange. My DiamondCS MD5 v1.4.0.0 tool doesn't match yours from
> > portable Wireshark (after extraction): 7B80921F9F6126F53F4250E2B23E0EA3
> 
> I copied msvcp90.dll to a temp directory and ran "upx -q" on it using
> UPX 3.01w on it. The UPX-ed hashes are:
> 
> MD5(msvcp90.dll)= 7b80921f9f6126f53f4250e2b23e0ea3
> 
> I generated the hashes using "openssl md5", "openssl sha1", and "openssl
> rmd160" respectively.

OK, that's better. So the files aren't tampered. Also, notice more than 
one online scanners detected suspicious beside SuperAntiSpyware?
-- 
"Left right left right we're army ants. We swarm we fight. We have no 
home. We roam. We race. You're lucky if we miss your place." --Douglas 
Florian (The Army Ants Poem)
  /\___/\
 / /\ /\ \          Phil/Ant @ http://antfarm.ma.cx (Personal Web Site)
| |o   o| |         Ant's Quality Foraged Links (AQFL): http://aqfl.net
   \ _ /                 E-mail: philpi@xxxxxxxxxxxxx or ant@xxxxxxxxxx
    ( )