한 악성코드 샘플을 보던중 특별한걸 봐서 이렇게 써본다..
악성코드는 다음과 같은 링크와 포트를 통해서 유포가 된다 !!
http://haxx.dd4747.com:9888/ss.js
http://haxx.dd4747.com:9888/count.html
http://haxx.dd4747.com:9888/music.asp
http://haxx.dd4747.com:9888/toshipark.exe
악성코드는 다음과 같은 링크와 포트를 통해서 유포가 된다 !!
http://haxx.dd4747.com:9888/ss.js
http://haxx.dd4747.com:9888/count.html
http://haxx.dd4747.com:9888/music.asp
http://haxx.dd4747.com:9888/toshipark.exe
Count.html 은 유포 통계를 보기 위해 만들어 진것이고...
Music,asp 는 toshipark.exe 받는 역활을 한다 ....
그중 toshipark.exe 에 해당하는 파일을 봤다.....
기존의 imm32.dll 을 V3 제품군을 쓸 경우 imm32A.dll 로 패치하는것이 보였다.
또한 해당 악성코드는 이것뿐만아니라
AYAgent.aye ALYac.aye SystemMon.exe
SkyMon.exe nsvmon.npc NVC.npc NVCAgent.npc Nsavsvc.npc SeShutdownPrivilege 1 \oldimm32.bak \nt32.dll \dllcache\imm32.dll \imm32.dll V3ClnSrv.exe V3Svc.exe V3LSvc.exe V3LTray.exe V3LSvc.exe V3LSvc.exe
우회시키고 불능화를 만드는 역활을 한다.....
또한 ff2client.exe , dnf.exe , game.exe , heroes.exe , MapleStory.exe 를 해킹하는 역활을 합니다...
근데 의문인건 과연 이것은 무엇일까요??ㅋ
dll.dll CtfAImmActivate imm32A.CtfAImmActivate CtfAImmDeactivate imm32A.CtfAImmDeactivate CtfAImmIsIME imm32A.CtfAImmIsIME CtfImmCoUninitialize imm32A.CtfImmCoUninitialize CtfImmDispatchDefImeMessage imm32A.CtfImmDispatchDefImeMessage CtfImmEnterCoInitCountSkipMode imm32A.CtfImmEnterCoInitCountSkipMode CtfImmGenerateMessage imm32A.CtfImmGenerateMessage CtfImmGetGuidAtom imm32A.CtfImmGetGuidAtom CtfImmHideToolbarWnd imm32A.CtfImmHideToolbarWnd CtfImmIsCiceroEnabled imm32A.CtfImmIsCiceroEnabled CtfImmIsCiceroStartedInThread imm32A.CtfImmIsCiceroStartedInThread CtfImmIsGuidMapEnable imm32A.CtfImmIsGuidMapEnable CtfImmIsTextFrameServiceDisabled imm32A.CtfImmIsTextFrameServiceDisabled CtfImmLastEnabledWndDestroy imm32A.CtfImmLastEnabledWndDestroy CtfImmLeaveCoInitCountSkipMode imm32A.CtfImmLeaveCoInitCountSkipMode CtfImmRestoreToolbarWnd imm32A.CtfImmRestoreToolbarWnd CtfImmSetAppCompatFlags imm32A.CtfImmSetAppCompatFlags CtfImmSetCiceroStartInThread imm32A.CtfImmSetCiceroStartInThread CtfImmTIMActivate imm32A.CtfImmTIMActivate GetKeyboardLayoutCP imm32A.GetKeyboardLayoutCP ImmActivateLayout imm32A.ImmActivateLayout ImmAssociateContext imm32A.ImmAssociateContext ImmAssociateContextEx imm32A.ImmAssociateContextEx ImmCallImeConsoleIME imm32A.ImmCallImeConsoleIME ImmConfigureIMEA imm32A.ImmConfigureIMEA ImmConfigureIMEW imm32A.ImmConfigureIMEW ImmCreateContext imm32A.ImmCreateContext ImmCreateIMCC imm32A.ImmCreateIMCC ImmCreateSoftKeyboard imm32A.ImmCreateSoftKeyboard ImmDestroyContext imm32A.ImmDestroyContext ImmDestroyIMCC imm32A.ImmDestroyIMCC ImmDestroySoftKeyboard imm32A.ImmDestroySoftKeyboard ImmDisableIME imm32A.ImmDisableIME ImmDisableIme imm32A.ImmDisableIme ImmDisableTextFrameService imm32A.ImmDisableTextFrameService ImmEnumInputContext imm32A.ImmEnumInputContext ImmEnumRegisterWordA imm32A.ImmEnumRegisterWordA ImmEnumRegisterWordW imm32A.ImmEnumRegisterWordW ImmEscapeA imm32A.ImmEscapeA ImmEscapeW imm32A.ImmEscapeW ImmFreeLayout imm32A.ImmFreeLayout ImmGenerateMessage imm32A.ImmGenerateMessage ImmGetAppCompatFlags imm32A.ImmGetAppCompatFlags ImmGetCandidateListA imm32A.ImmGetCandidateListA ImmGetCandidateListCountA imm32A.ImmGetCandidateListCountA ImmGetCandidateListCountW imm32A.ImmGetCandidateListCountW ImmGetCandidateListW imm32A.ImmGetCandidateListW ImmGetCandidateWindow imm32A.ImmGetCandidateWindow ImmGetCompositionFontA imm32A.ImmGetCompositionFontA ImmGetCompositionFontW imm32A.ImmGetCompositionFontW ImmGetCompositionStringA imm32A.ImmGetCompositionStringA ImmGetCompositionStringW imm32A.ImmGetCompositionStringW ImmGetCompositionWindow imm32A.ImmGetCompositionWindow ImmGetContext imm32A.ImmGetContext ImmGetConversionListA imm32A.ImmGetConversionListA ImmGetConversionListW imm32A.ImmGetConversionListW ImmGetConversionStatus imm32A.ImmGetConversionStatus ImmGetDefaultIMEWnd imm32A.ImmGetDefaultIMEWnd ImmGetDescriptionA imm32A.ImmGetDescriptionA ImmGetDescriptionW imm32A.ImmGetDescriptionW ImmGetGuideLineA imm32A.ImmGetGuideLineA ImmGetGuideLineW imm32A.ImmGetGuideLineW ImmGetHotKey imm32A.ImmGetHotKey ImmGetIMCCLockCount imm32A.ImmGetIMCCLockCount ImmGetIMCCSize imm32A.ImmGetIMCCSize ImmGetIMCLockCount imm32A.ImmGetIMCLockCount ImmGetIMEFileNameA imm32A.ImmGetIMEFileNameA ImmGetIMEFileNameW imm32A.ImmGetIMEFileNameW ImmGetImeInfoEx imm32A.ImmGetImeInfoEx ImmGetImeMenuItemsA imm32A.ImmGetImeMenuItemsA ImmGetImeMenuItemsW imm32A.ImmGetImeMenuItemsW ImmGetOpenStatus imm32A.ImmGetOpenStatus ImmGetProperty imm32A.ImmGetProperty ImmGetRegisterWordStyleA imm32A.ImmGetRegisterWordStyleA ImmGetRegisterWordStyleW imm32A.ImmGetRegisterWordStyleW ImmGetStatusWindowPos imm32A.ImmGetStatusWindowPos ImmGetVirtualKey imm32A.ImmGetVirtualKey ImmIMPGetIMEA imm32A.ImmIMPGetIMEA ImmIMPGetIMEW imm32A.ImmIMPGetIMEW ImmIMPQueryIMEA imm32A.ImmIMPQueryIMEA ImmIMPQueryIMEW imm32A.ImmIMPQueryIMEW ImmIMPSetIMEA imm32A.ImmIMPSetIMEA ImmIMPSetIMEW imm32A.ImmIMPSetIMEW ImmInstallIMEA imm32A.ImmInstallIMEA ImmInstallIMEW imm32A.ImmInstallIMEW ImmIsIME imm32A.ImmIsIME ImmIsUIMessageA imm32A.ImmIsUIMessageA ImmIsUIMessageW imm32A.ImmIsUIMessageW ImmLoadIME imm32A.ImmLoadIME ImmLoadLayout imm32A.ImmLoadLayout ImmLockClientImc imm32A.ImmLockClientImc ImmLockIMC imm32A.ImmLockIMC ImmLockIMCC imm32A.ImmLockIMCC ImmLockImeDpi imm32A.ImmLockImeDpi ImmNotifyIME imm32A.ImmNotifyIME ImmPenAuxInput imm32A.ImmPenAuxInput ImmProcessKey imm32A.ImmProcessKey ImmPutImeMenuItemsIntoMappedFile imm32A.ImmPutImeMenuItemsIntoMappedFile ImmReSizeIMCC imm32A.ImmReSizeIMCC ImmRegisterClient imm32A.ImmRegisterClient ImmRegisterWordA imm32A.ImmRegisterWordA ImmRegisterWordW imm32A.ImmRegisterWordW ImmReleaseContext imm32A.ImmReleaseContext ImmRequestMessageA imm32A.ImmRequestMessageA ImmRequestMessageW imm32A.ImmRequestMessageW ImmSendIMEMessageExA imm32A.ImmSendIMEMessageExA ImmSendIMEMessageExW imm32A.ImmSendIMEMessageExW ImmSendMessageToActiveDefImeWndW imm32A.ImmSendMessageToActiveDefImeWndW ImmSetActiveContext imm32A.ImmSetActiveContext ImmSetActiveContextConsoleIME imm32A.ImmSetActiveContextConsoleIME ImmSetCandidateWindow imm32A.ImmSetCandidateWindow ImmSetCompositionFontA imm32A.ImmSetCompositionFontA ImmSetCompositionFontW imm32A.ImmSetCompositionFontW ImmSetCompositionStringA imm32A.ImmSetCompositionStringA ImmSetCompositionStringW imm32A.ImmSetCompositionStringW ImmSetCompositionWindow imm32A.ImmSetCompositionWindow ImmSetConversionStatus imm32A.ImmSetConversionStatus ImmSetHotKey imm32A.ImmSetHotKey ImmSetOpenStatus imm32A.ImmSetOpenStatus ImmSetStatusWindowPos imm32A.ImmSetStatusWindowPos ImmShowSoftKeyboard imm32A.ImmShowSoftKeyboard ImmSimulateHotKey imm32A.ImmSimulateHotKey ImmSystemHandler imm32A.ImmSystemHandler ImmTranslateMessage imm32A.ImmTranslateMessage ImmUnlockClientImc imm32A.ImmUnlockClientImc ImmUnlockIMC imm32A.ImmUnlockIMC ImmUnlockIMCC imm32A.ImmUnlockIMCC ImmUnlockImeDpi imm32A.ImmUnlockImeDpi ImmUnregisterWordA imm32A.ImmUnregisterWordA ImmUnregisterWordW imm32A.ImmUnregisterWordW ImmWINNLSEnableIME imm32A.ImmWINNLSEnableIME ImmWINNLSGetEnableStatus imm32A.ImmWINNLSGetEnableStatus ImmWINNLSGetIMEHotkey imm32A.ImmWINNLSGetIMEHotkey
이것은 과연 무엇일까요??
또한 해당 악성코드는 이것뿐만아니라
AYAgent.aye ALYac.aye SystemMon.exe
SkyMon.exe nsvmon.npc NVC.npc NVCAgent.npc Nsavsvc.npc SeShutdownPrivilege 1 \oldimm32.bak \nt32.dll \dllcache\imm32.dll \imm32.dll V3ClnSrv.exe V3Svc.exe V3LSvc.exe V3LTray.exe V3LSvc.exe V3LSvc.exe
우회시키고 불능화를 만드는 역활을 한다.....
또한 ff2client.exe , dnf.exe , game.exe , heroes.exe , MapleStory.exe 를 해킹하는 역활을 합니다...
근데 의문인건 과연 이것은 무엇일까요??ㅋ
dll.dll CtfAImmActivate imm32A.CtfAImmActivate CtfAImmDeactivate imm32A.CtfAImmDeactivate CtfAImmIsIME imm32A.CtfAImmIsIME CtfImmCoUninitialize imm32A.CtfImmCoUninitialize CtfImmDispatchDefImeMessage imm32A.CtfImmDispatchDefImeMessage CtfImmEnterCoInitCountSkipMode imm32A.CtfImmEnterCoInitCountSkipMode CtfImmGenerateMessage imm32A.CtfImmGenerateMessage CtfImmGetGuidAtom imm32A.CtfImmGetGuidAtom CtfImmHideToolbarWnd imm32A.CtfImmHideToolbarWnd CtfImmIsCiceroEnabled imm32A.CtfImmIsCiceroEnabled CtfImmIsCiceroStartedInThread imm32A.CtfImmIsCiceroStartedInThread CtfImmIsGuidMapEnable imm32A.CtfImmIsGuidMapEnable CtfImmIsTextFrameServiceDisabled imm32A.CtfImmIsTextFrameServiceDisabled CtfImmLastEnabledWndDestroy imm32A.CtfImmLastEnabledWndDestroy CtfImmLeaveCoInitCountSkipMode imm32A.CtfImmLeaveCoInitCountSkipMode CtfImmRestoreToolbarWnd imm32A.CtfImmRestoreToolbarWnd CtfImmSetAppCompatFlags imm32A.CtfImmSetAppCompatFlags CtfImmSetCiceroStartInThread imm32A.CtfImmSetCiceroStartInThread CtfImmTIMActivate imm32A.CtfImmTIMActivate GetKeyboardLayoutCP imm32A.GetKeyboardLayoutCP ImmActivateLayout imm32A.ImmActivateLayout ImmAssociateContext imm32A.ImmAssociateContext ImmAssociateContextEx imm32A.ImmAssociateContextEx ImmCallImeConsoleIME imm32A.ImmCallImeConsoleIME ImmConfigureIMEA imm32A.ImmConfigureIMEA ImmConfigureIMEW imm32A.ImmConfigureIMEW ImmCreateContext imm32A.ImmCreateContext ImmCreateIMCC imm32A.ImmCreateIMCC ImmCreateSoftKeyboard imm32A.ImmCreateSoftKeyboard ImmDestroyContext imm32A.ImmDestroyContext ImmDestroyIMCC imm32A.ImmDestroyIMCC ImmDestroySoftKeyboard imm32A.ImmDestroySoftKeyboard ImmDisableIME imm32A.ImmDisableIME ImmDisableIme imm32A.ImmDisableIme ImmDisableTextFrameService imm32A.ImmDisableTextFrameService ImmEnumInputContext imm32A.ImmEnumInputContext ImmEnumRegisterWordA imm32A.ImmEnumRegisterWordA ImmEnumRegisterWordW imm32A.ImmEnumRegisterWordW ImmEscapeA imm32A.ImmEscapeA ImmEscapeW imm32A.ImmEscapeW ImmFreeLayout imm32A.ImmFreeLayout ImmGenerateMessage imm32A.ImmGenerateMessage ImmGetAppCompatFlags imm32A.ImmGetAppCompatFlags ImmGetCandidateListA imm32A.ImmGetCandidateListA ImmGetCandidateListCountA imm32A.ImmGetCandidateListCountA ImmGetCandidateListCountW imm32A.ImmGetCandidateListCountW ImmGetCandidateListW imm32A.ImmGetCandidateListW ImmGetCandidateWindow imm32A.ImmGetCandidateWindow ImmGetCompositionFontA imm32A.ImmGetCompositionFontA ImmGetCompositionFontW imm32A.ImmGetCompositionFontW ImmGetCompositionStringA imm32A.ImmGetCompositionStringA ImmGetCompositionStringW imm32A.ImmGetCompositionStringW ImmGetCompositionWindow imm32A.ImmGetCompositionWindow ImmGetContext imm32A.ImmGetContext ImmGetConversionListA imm32A.ImmGetConversionListA ImmGetConversionListW imm32A.ImmGetConversionListW ImmGetConversionStatus imm32A.ImmGetConversionStatus ImmGetDefaultIMEWnd imm32A.ImmGetDefaultIMEWnd ImmGetDescriptionA imm32A.ImmGetDescriptionA ImmGetDescriptionW imm32A.ImmGetDescriptionW ImmGetGuideLineA imm32A.ImmGetGuideLineA ImmGetGuideLineW imm32A.ImmGetGuideLineW ImmGetHotKey imm32A.ImmGetHotKey ImmGetIMCCLockCount imm32A.ImmGetIMCCLockCount ImmGetIMCCSize imm32A.ImmGetIMCCSize ImmGetIMCLockCount imm32A.ImmGetIMCLockCount ImmGetIMEFileNameA imm32A.ImmGetIMEFileNameA ImmGetIMEFileNameW imm32A.ImmGetIMEFileNameW ImmGetImeInfoEx imm32A.ImmGetImeInfoEx ImmGetImeMenuItemsA imm32A.ImmGetImeMenuItemsA ImmGetImeMenuItemsW imm32A.ImmGetImeMenuItemsW ImmGetOpenStatus imm32A.ImmGetOpenStatus ImmGetProperty imm32A.ImmGetProperty ImmGetRegisterWordStyleA imm32A.ImmGetRegisterWordStyleA ImmGetRegisterWordStyleW imm32A.ImmGetRegisterWordStyleW ImmGetStatusWindowPos imm32A.ImmGetStatusWindowPos ImmGetVirtualKey imm32A.ImmGetVirtualKey ImmIMPGetIMEA imm32A.ImmIMPGetIMEA ImmIMPGetIMEW imm32A.ImmIMPGetIMEW ImmIMPQueryIMEA imm32A.ImmIMPQueryIMEA ImmIMPQueryIMEW imm32A.ImmIMPQueryIMEW ImmIMPSetIMEA imm32A.ImmIMPSetIMEA ImmIMPSetIMEW imm32A.ImmIMPSetIMEW ImmInstallIMEA imm32A.ImmInstallIMEA ImmInstallIMEW imm32A.ImmInstallIMEW ImmIsIME imm32A.ImmIsIME ImmIsUIMessageA imm32A.ImmIsUIMessageA ImmIsUIMessageW imm32A.ImmIsUIMessageW ImmLoadIME imm32A.ImmLoadIME ImmLoadLayout imm32A.ImmLoadLayout ImmLockClientImc imm32A.ImmLockClientImc ImmLockIMC imm32A.ImmLockIMC ImmLockIMCC imm32A.ImmLockIMCC ImmLockImeDpi imm32A.ImmLockImeDpi ImmNotifyIME imm32A.ImmNotifyIME ImmPenAuxInput imm32A.ImmPenAuxInput ImmProcessKey imm32A.ImmProcessKey ImmPutImeMenuItemsIntoMappedFile imm32A.ImmPutImeMenuItemsIntoMappedFile ImmReSizeIMCC imm32A.ImmReSizeIMCC ImmRegisterClient imm32A.ImmRegisterClient ImmRegisterWordA imm32A.ImmRegisterWordA ImmRegisterWordW imm32A.ImmRegisterWordW ImmReleaseContext imm32A.ImmReleaseContext ImmRequestMessageA imm32A.ImmRequestMessageA ImmRequestMessageW imm32A.ImmRequestMessageW ImmSendIMEMessageExA imm32A.ImmSendIMEMessageExA ImmSendIMEMessageExW imm32A.ImmSendIMEMessageExW ImmSendMessageToActiveDefImeWndW imm32A.ImmSendMessageToActiveDefImeWndW ImmSetActiveContext imm32A.ImmSetActiveContext ImmSetActiveContextConsoleIME imm32A.ImmSetActiveContextConsoleIME ImmSetCandidateWindow imm32A.ImmSetCandidateWindow ImmSetCompositionFontA imm32A.ImmSetCompositionFontA ImmSetCompositionFontW imm32A.ImmSetCompositionFontW ImmSetCompositionStringA imm32A.ImmSetCompositionStringA ImmSetCompositionStringW imm32A.ImmSetCompositionStringW ImmSetCompositionWindow imm32A.ImmSetCompositionWindow ImmSetConversionStatus imm32A.ImmSetConversionStatus ImmSetHotKey imm32A.ImmSetHotKey ImmSetOpenStatus imm32A.ImmSetOpenStatus ImmSetStatusWindowPos imm32A.ImmSetStatusWindowPos ImmShowSoftKeyboard imm32A.ImmShowSoftKeyboard ImmSimulateHotKey imm32A.ImmSimulateHotKey ImmSystemHandler imm32A.ImmSystemHandler ImmTranslateMessage imm32A.ImmTranslateMessage ImmUnlockClientImc imm32A.ImmUnlockClientImc ImmUnlockIMC imm32A.ImmUnlockIMC ImmUnlockIMCC imm32A.ImmUnlockIMCC ImmUnlockImeDpi imm32A.ImmUnlockImeDpi ImmUnregisterWordA imm32A.ImmUnregisterWordA ImmUnregisterWordW imm32A.ImmUnregisterWordW ImmWINNLSEnableIME imm32A.ImmWINNLSEnableIME ImmWINNLSGetEnableStatus imm32A.ImmWINNLSGetEnableStatus ImmWINNLSGetIMEHotkey imm32A.ImmWINNLSGetIMEHotkey
이것은 과연 무엇일까요??
toshipark2.exe 는 다음과 같이 진단한다....
File name:
toshipark2.exeSubmission date:
2011-03-03 12:14:30 (UTC)Result:
26/ 43 (60.5%)| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| AhnLab-V3 | 2011.03.03.01 | 2011.03.03 | Dropper/Onlinegamehack.80384.D |
| AntiVir | 7.11.4.51 | 2011.03.03 | TR/Spy.Gen |
| Antiy-AVL | 2.0.3.7 | 2011.03.03 | Trojan/Win32.OnLineGames.gen |
| Avast | 4.8.1351.0 | 2011.02.23 | Win32:Patched-PX |
| Avast5 | 5.0.677.0 | 2011.02.23 | Win32:Patched-PX |
| AVG | 10.0.0.1190 | 2011.03.03 | PSW.OnlineGames3.BDYS |
| BitDefender | 7.2 | 2011.03.03 | Trojan.Generic.5497583 |
| CAT-QuickHeal | 11.00 | 2011.03.03 | - |
| ClamAV | 0.96.4.0 | 2011.03.02 | - |
| Commtouch | 5.2.11.5 | 2011.03.03 | - |
| Comodo | 7860 | 2011.03.03 | TrojWare.Win32.Trojan.Agent.Gen |
| DrWeb | 5.0.2.03300 | 2011.03.03 | - |
| Emsisoft | 5.1.0.2 | 2011.03.03 | Trojan-Spy!IK |
| eSafe | 7.0.17.0 | 2011.03.03 | Win32.TRSpy |
| eTrust-Vet | 36.1.8193 | 2011.03.02 | - |
| F-Prot | 4.6.2.117 | 2011.03.02 | - |
| F-Secure | 9.0.16160.0 | 2011.03.03 | Trojan.Generic.5497583 |
| Fortinet | 4.2.254.0 | 2011.03.03 | - |
| GData | 21 | 2011.03.03 | Trojan.Generic.5497583 |
| Ikarus | T3.1.1.97.0 | 2011.03.03 | Trojan-Spy |
| Jiangmin | 13.0.900 | 2011.03.03 | Heur:Trojan/PSW.WOW |
| K7AntiVirus | 9.91.4006 | 2011.03.02 | - |
| Kaspersky | 7.0.0.125 | 2011.03.03 | - |
| McAfee | 5.400.0.1158 | 2011.03.03 | Generic PWS.y!cyr |
| McAfee-GW-Edition | 2010.1C | 2011.03.02 | Generic PWS.y!cyr |
| Microsoft | 1.6603 | 2011.03.03 | PWS:Win32/OnLineGames.ZDV |
| NOD32 | 5922 | 2011.03.03 | a variant of Win32/PSW.OnLineGames.PGD |
| Norman | 6.07.03 | 2011.03.03 | - |
| nProtect | 2011-02-10.01 | 2011.02.15 | - |
| Panda | 10.0.3.5 | 2011.03.02 | Trj/CI.A |
| PCTools | 7.0.3.5 | 2011.03.02 | - |
| Prevx | 3.0 | 2011.03.03 | - |
| Rising | 23.47.03.03 | 2011.03.03 | Trojan.Win32.Generic.127D778C |
| Sophos | 4.61.0 | 2011.03.03 | Mal/Generic-L |
| SUPERAntiSpyware | 4.40.0.1006 | 2011.03.03 | - |
| Symantec | 20101.3.0.103 | 2011.03.03 | - |
| TheHacker | 6.7.0.1.143 | 2011.03.02 | Trojan/OnLineGames.pgd |
| TrendMicro | 9.200.0.1012 | 2011.03.03 | WORM_ONLINEGA.VN |
| TrendMicro-HouseCall | 9.200.0.1012 | 2011.03.03 | WORM_ONLINEGA.VN |
| VBA32 | 3.12.14.3 | 2011.03.02 | - |
| VIPRE | 8592 | 2011.03.03 | Trojan.Win32.Generic!BT |
| ViRobot | 2011.3.3.4337 | 2011.03.03 | - |
| VirusBuster | 13.6.231.0 | 2011.03.02 | Trojan.PWS.OnLineGames!YdiTvCVXx4s |
|
Additional information
|
|---|
| MD5 : 1f15ade2494727d259137e92c4e37a42 |
| SHA1 : 4b9b3debabb560e9d904984bdd96e148863d0a37 |
| SHA256: f6408f9b329a9db267ad85cf4b5d7790f3d8bb95cf613cfb06e7a9751c3b9e8a |
'security > 악성코드 유포' 카테고리의 다른 글
| 오늘 본 Ad.asp 스크립트 중 발견한 제작자의 의도적 실수 ?? (0) | 2011.03.06 |
|---|---|
| DDos 국내 보안 전용 백신으로 치료 하세요 !! (0) | 2011.03.04 |
| 폴리뉴스 악성코드 유포 스크립트 간단하게 살펴보기.. !! (0) | 2011.02.19 |
| Jpg 파일로 위장한 악성 Script !! (0) | 2011.02.15 |
| 현재 유포되고 있는 네이트온 악성코드 연결 링크 !! (2) | 2011.02.12 |
