1. 설치 후 폴더에 파일
2. 설치 후에 자동 스캔
3. 프로그램에 시스템 확인
4. 프로그램 옵션
5. 프로그램 업데이트
프로그램 및 윈도우 폴더 생성 파일
%CommonDesktopDir%\Antivirus XP 2008.lnk
%CommonPrograms%\Antivirus XP 2008\Antivirus XP 2008.lnk
%CommonPrograms%\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
%CommonPrograms%\Antivirus XP 2008\License Agreement.lnk
%CommonPrograms%\Antivirus XP 2008\Register Antivirus XP 2008.lnk
%CommonPrograms%\Antivirus XP 2008\Uninstall.lnk
%CommonPrograms%\Antivirus XP 2008.lnk
%Temp%\gill.bat
%ProgramFiles%\rhc75dj0erc1\database.dat
%ProgramFiles%\rhc75dj0erc1\license.txt
%ProgramFiles%\rhc75dj0erc1\MFC71.dll
%ProgramFiles%\rhc75dj0erc1\MFC71ENU.DLL
%ProgramFiles%\rhc75dj0erc1\msvcp71.dll
%ProgramFiles%\rhc75dj0erc1\msvcr71.dll
%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe
%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe.local
%System%\6A.tmp
%System%\A0.tmp
%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1Skin.dll
%ProgramFiles%\rhc75dj0erc1\Uninstall.exe
%System%\10.tmp
%System%\11.tmp
%System%\12.tmp
%System%\13.tmp
%System%\14.tmp
%System%\15.tmp
%System%\16.tmp
%System%\17.tmp
%System%\18.tmp
%System%\19.tmp
%System%\1A.tmp
%System%\1B.tmp
%System%\1C.tmp
%System%\1D.tmp
%System%\1E.tmp
%System%\1F.tmp
%System%\20.tmp
%System%\21.tmp
%System%\22.tmp
%System%\23.tmp
%System%\24.tmp
%System%\25.tmp
%System%\26.tmp
%System%\27.tmp
%System%\28.tmp
%System%\29.tmp
%System%\2A.tmp
%System%\2B.tmp
%System%\2C.tmp
%System%\2D.tmp
%System%\2E.tmp
%System%\2F.tmp
%System%\30.tmp
%System%\31.tmp
%System%\32.tmp
%System%\33.tmp
%System%\34.tmp
%System%\35.tmp
%System%\36.tmp
%System%\37.tmp
%System%\38.tmp
%System%\39.tmp
%System%\3A.tmp
%System%\3B.tmp
%System%\3C.tmp
%System%\3D.tmp
%System%\3E.tmp
%System%\3F.tmp
%System%\40.tmp
%System%\41.tmp
%System%\42.tmp
%System%\43.tmp
%System%\44.tmp
%System%\45.tmp
%System%\46.tmp
%System%\47.tmp
%System%\48.tmp
%System%\49.tmp
%System%\4A.tmp
%System%\4B.tmp
%System%\4C.tmp
%System%\4D.tmp
%System%\4E.tmp
%System%\4F.tmp
%System%\5.tmp
%System%\50.tmp
%System%\51.tmp
%System%\53.tmp
%System%\54.tmp
%System%\55.tmp
%System%\56.tmp
%System%\57.tmp
%System%\58.tmp
%System%\59.tmp
%System%\5A.tmp
%System%\5B.tmp
%System%\5C.tmp
%System%\5D.tmp
%System%\5E.tmp
%System%\5F.tmp
%System%\60.tmp
%System%\61.tmp
%System%\62.tmp
%System%\63.tmp
%System%\64.tmp
%System%\65.tmp
%System%\66.tmp
%System%\67.tmp
%System%\68.tmp
%System%\69.tmp
%System%\6B.tmp
%System%\6C.tmp
%System%\6D.tmp
%System%\6E.tmp
%System%\6F.tmp
%System%\7.tmp
%System%\70.tmp
%System%\73.tmp
%System%\74.tmp
%System%\75.tmp
레지스트리 생성
%CommonPrograms%\Antivirus XP 2008
%AppData%\rhc75dj0erc1
%ProgramFiles%\rhc75dj0erc1
%AppData%\rhc75dj0erc1\Quarantine
%AppData%\rhc75dj0erc1\Quarantine\Autorun
%AppData%\rhc75dj0erc1\Quarantine\Autorun\HKCU
%AppData%\rhc75dj0erc1\Quarantine\Autorun\HKCU\RunOnce
%AppData%\rhc75dj0erc1\Quarantine\Autorun\HKLM
%AppData%\rhc75dj0erc1\Quarantine\Autorun\HKLM\RunOnce
%AppData%\rhc75dj0erc1\Quarantine\Autorun\StartMenuAllUsers
%AppData%\rhc75dj0erc1\Quarantine\Autorun\StartMenuCurrentUser
%AppData%\rhc75dj0erc1\Quarantine\BrowserObjects
%AppData%\rhc75dj0erc1\Quarantine\Packages
프로세서 생성
| Process Name |
Process Filename |
Main Module Size |
| rhc75dj0erc1.exe |
%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe |
1,662,976 bytes |
| [filename of the sample #1] |
[file and pathname of the sample #1] |
200,704 bytes |
프로그램 모듈
| Module Name |
Module Filename |
Address Space Details |
MSVCP71.dll |
%ProgramFiles%\rhc75dj0erc1\MSVCP71.dll |
Process name: rhc75dj0erc1.exe
Process filename: %ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe
Address space: 0x7C3A0000 - 0x7C41B000 |
| MSVCR71.dll |
%ProgramFiles%\rhc75dj0erc1\MSVCR71.dll |
Process name: rhc75dj0erc1.exe
Process filename: %ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe
Address space: 0x7C340000 - 0x7C396000 |
| MFC71.DLL |
%ProgramFiles%\rhc75dj0erc1\MFC71.DLL |
Process name: rhc75dj0erc1.exe
Process filename: %ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe
Address space: 0x7C140000 - 0x7C243000 |
| MFC71ENU.DLL |
%ProgramFiles%\rhc75dj0erc1\MFC71ENU.DLL |
Process name: rhc75dj0erc1.exe
Process filename: %ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe
Address space: 0x5D360000 - 0x5D36E000 |
| rhc75dj0erc1Skin.Dll |
%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1Skin.Dll |
Process name: rhc75dj0erc1.exe
Process filename: %ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe
Address space: 0x1810000 - 0x1FED000 |
다음 레지스트리 키가 생성
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc75dj0erc1
HKEY_LOCAL_MACHINE\SOFTWARE\rhc75dj0erc1
HKEY_LOCAL_MACHINE\SOFTWARE\rhc75dj0erc1\Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
rhc75dj0erc1 = 75 C4 68 48
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
AntivirXP08 = "AntivirXP08"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SMrhc75dj0erc1 = "%ProgramFiles%\rhc75dj0erc1\rhc75dj0erc1.exe"
so that rhc75dj0erc1.exe runs every time Windows starts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc75dj0erc1]
DisplayName = "AntivirXP08"
UninstallString = ""%ProgramFiles%\rhc75dj0erc1\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\rhc75dj0erc1]
RegistrationUrl = "http://www.url 삭제/buy/"
RegistrationDiscUrl = "http://www.url 삭제.com/purchase/"
ADVid = ""
(Default) = "%ProgramFiles%\rhc75dj0erc1"
InstallDir = "%ProgramFiles%\rhc75dj0erc1"
domain = "AntivirusXP08.com"
SoftID = "AntivirXP08"
DatabaseVersion = "2.1"
ProgramVersion = "2.1"
EngineVersion = "2.1"
GuiVersion = "2.1"
ProxyName = ""
ProxyPort = 0x00000000
ScanPriority = 0x00000001
DaysInterval = 0x00000007
ScanDepth = 0x00000002
ScanSystemOnStartup = 0x00000001
AutomaticallyUpdates = 0x00000001
Minimizeonstart= 0x00000000
BackgroundScan = 0x00000001
BackgroundScanTimeout = 0x00000001
MGuid = "{782E524E-4174-4E61-A4FA-E8E67FA821FD}"
InstallationID = "{4A877B89-5005-4F5D-A8FE-E39B77360108}"
LastTimeStamp = 0x000000D2
뮤텍스 개체 생성
{CAASD444E-7822-49c1-840A-97A82C3F4D10}
{427dbde0-7799-4611-9789-deb36156d1ad}
| 안티바이러스 |
엔진 버전 |
정의 날짜 |
검사 결과 |
| AhnLab-V3 |
2008.6.27.1 |
2008.06.30 |
|
| AntiVir |
7.8.0.59 |
2008.06.30 |
DR/Dldr.FraudLoad.vadt |
| Authentium |
5.1.0.4 |
2008.06.29 |
|
| Avast |
4.8.1195.0 |
2008.06.28 |
|
| AVG |
7.5.0.516 |
2008.06.30 |
|
| BitDefender |
7.2 |
2008.06.30 |
Adware.XpAntivirus.AA |
| CAT-QuickHeal |
9.50 |
2008.06.28 |
|
| ClamAV |
0.93.1 |
2008.06.30 |
Trojan.Peed.IG |
| DrWeb |
4.44.0.09170 |
2008.06.30 |
|
| eSafe |
7.0.17.0 |
2008.06.29 |
|
| eTrust-Vet |
31.6.5914 |
2008.06.30 |
|
| Ewido |
4.0 |
2008.06.27 |
|
| F-Prot |
4.4.4.56 |
2008.06.29 |
|
| F-Secure |
7.60.13501.0 |
2008.06.26 |
|
| Fortinet |
3.14.0.0 |
2008.06.30 |
|
| GData |
2.0.7306.1023 |
2008.06.30 |
Trojan-Downloader.Win32.FraudLoad.vadt |
| Ikarus |
T3.1.1.26.0 |
2008.06.30 |
Trojan-Downloader.Win32.FraudLoad.vadt |
| Kaspersky |
7.0.0.125 |
2008.06.30 |
Trojan-Downloader.Win32.FraudLoad.vadt |
| McAfee |
5327 |
2008.06.27 |
|
| Microsoft |
1.3704 |
2008.06.30 |
|
| NOD32v2 |
3226 |
2008.06.30 |
error - password-protected file |
| Norman |
5.80.02 |
2008.06.27 |
|
| Panda |
9.0.0.4 |
2008.06.29 |
|
| Prevx1 |
V2 |
2008.06.30 |
Suspicious |
| Rising |
20.51.02.00 |
2008.06.30 |
|
| Sophos |
4.30.0 |
2008.06.30 |
|
| Sunbelt |
3.0.1176.1 |
2008.06.26 |
|
| Symantec |
10 |
2008.06.30 |
|
| TheHacker |
6.2.96.364 |
2008.06.28 |
|
| TrendMicro |
8.700.0.1004 |
2008.06.30 |
TROJ_RENOS.ZQ |
| VBA32 |
3.12.6.8 |
2008.06.30 |
|
| VirusBuster |
4.5.11.0 |
2008.06.30 |
|
| Webwasher-Gateway |
6.6.2 |
2008.06.30 |
Trojan.Dropper.Dldr.FraudLoad.vadt |
|
|
| 추가 정보 |
| File size: 1398817 bytes |
| MD5...: afffd33ee5c74f3e6ff16bb074942fb5 |
| SHA1..: 4463aa7e20e0a6774bcdcf5ec35f0c357031f438 |
| SHA256: 66d9a35c7f99802b8a036930045d67d3a9406ab75cc20ad49a6d177f9d1b383b |
SHA512: a7853c44dbab82c46d3f487df7f4cf13d861d2a180808b26993e5471af9178e3
37b51b353248f52d1a6a9055ce5b22a889ca915206200b7d4343e9cef8e11504 | |
> 바이러스/악성코드 정보
회원정보보기
쪽지보내기