와우해커에 오신것을 환영합니다.


이름	엘뤼아르	2008-07-05 21:44:30

제목	[허위] SPR/Fake.XPAnti.E.1

안티바이러스 엔진 버전 정의 날짜 검사 결과 AntiVir 7.8.0.64 2008.07.04 SPR/Fake.XPAnti.E.1 AVG 7.5.0.516 2008.07.05 Downloader.Agent BitDefender 7.2 2008.07.05 Trojan.Dropper.Delf.Crypt.D F-Secure 7.60.13501.0 2008.07.03 Trojan-Downloader.Win32.FraudLoad.gen GData 2.0.7306.1023 2008.07.05 Trojan-Downloader.Win32.FraudLoad.gen Ikarus T3.1.1.26.0 2008.07.05 Trojan-Downloader.Win32.FraudLoad Kaspersky 7.0.0.125 2008.07.05 Trojan-Downloader.Win32.FraudLoad.gen Microsoft 1.3704 2008.07.05 TrojanDownloader:Win32/Renos.gen!AF Sophos 4.31.0 2008.07.05 Mal/EncPk-CZ Webwasher-Gateway 6.6.2 2008.07.05 Riskware.Fake.XPAnti.E.1 ***** PE Structure ************************************************* entrypointaddress.: 0x40130e timedatestamp.....: 0x461d015e (Wed Apr 11 15:40:14 2007) machinetype.......: 0x14c (I386 ***** PE Header **************************************************** Signature: 00004550 Machine: 014C - Intel 386 Number of sections: 0006 Time/Date stamp: 461D015E Pointer to symbol table: 00000000 Number of symbols: 00000000 Size of optional header: 00E0 Characteristics: 010F Magic: 010B Linker version (major): 06 Linker version (minor): 10 Size of code: 00001400 Size of initialized data: 0000AA00 Size of uninitialized data: 00000000 Address of entry point: 0000130E Base of code: 00001000 Base of data: 00003000 Image base: 00400000 Section alignment: 00001000 File alignment: 00000200 OS version (major): 0004 OS version (minor): 0000 Image version (major): 0000 Image version (minor): 0000 Sub system version (major): 0004 Sub system version (minor): 0000 Win32 version: 00000000 Size of image: 0001B000 Size of headers: 00000400 Checksum: 00000000 Sub system: 0002 - Windows graphical user interface (GUI) subsystem DLL characteristics: 0000 Size of stack reserve: 00100000 Size of stack commit: 00001000 Size of heap reserve: 00100000 Size of heap commit: 00001000 Loader flags: 00000000 Number of RVA: 00000010 ***** PE Sections ************************************************** Section VirtSize VirtAddr PhysSize PhysAddr Flags .text 00001326 00001000 00001400 00000400 60000020 .data 0000A952 00003000 0000AA00 00001800 C0000040 .tls 00000030 0000E000 00000200 0000C200 C0000040 .rdata 00000018 0000F000 00000200 0000C400 50000040 .idata 00000141 00010000 00000200 0000C600 40000040 .rsrc 00009805 00011000 00001A00 0000C800 40000040 ***** Import/Export table ****************************************** --- Export table --------------------------------------------------- --- Import table (libraries: 3) ------------------------------------ > kernel32.dll: DeleteFileW, GetConsoleMode > user32.dll: DrawIcon, IsMenu > comctl32.dll: DrawStatusText, ImageList_EndDrag, CreateMappedBitmap Process Details: Process ID 2060 Filename C:\XPantivirus2008_v880234.exe Filesize 57856 bytes MD5 1a347bdf869eea5be316c6ae43230196 Start Reason AnalysisTarget New Files C:\DOCUME~1\Sanbox\LOCALS~1\Temp\f886_appcompat.txt Opened Files: \\.\ProcPanama \\.\PIPE\lsarpc C:\WINDOWS\system32\advapi32.dll C:\WINDOWS\system32\advapi32.dll C:\WINDOWS\system32\gdi32.dll C:\WINDOWS\system32\gdi32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\kernel32.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ntdll.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\ole32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\oleaut32.dll C:\WINDOWS\system32\shell32.dll C:\WINDOWS\system32\shell32.dll C:\WINDOWS\system32\user32.dll C:\WINDOWS\system32\user32.dll C:\WINDOWS\system32\wininet.dll C:\WINDOWS\system32\wininet.dll C:\WINDOWS\system32\winsock.dll C:\WINDOWS\system32\winsock.dll C:\WINDOWS\AppPatch\sysmain.sdb C:\WINDOWS\AppPatch\systest.sdb \Device\NamedPipe\ShimViewer C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\system32\drwtsn32.exe Deleted Files: C:\DOCUME~1\Sanbox\LOCALS~1\Temp\f886_appcompat.txt Registry Reads: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting "" HKEY_LOCAL_MACHINE\SYSTEM\Setup "" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList "" HKEY_LOCAL_MACHINE\SYSTEM\WPA\MediaCenter "" Process Management: Creates Process - Filename: C:\WINDOWS\system32\dwwin.exe -x -s 1348


666	[트로이] Troj/Agent-HIB	K	2008.07.30	19534
665	[트로이] Troj/Agent-HHU	K	2008.07.28	4316
664	[트로이] Troj/FakeAV-AP	K	2008.07.24	6261
663	[트로이] Troj/BHO-GF	K	2008.07.23	20779
662	[트로이] Troj/Agent-HFZ	K	2008.07.22	5440
661	AVG - Downloader.Agent.AG.. [1]	엘뤼아르	2008.07.21	5784
660	[허위] SPR/Fake.XPAnti.E.1	엘뤼아르	2008.07.05	13107
659	[트로이] Troj/DNSCha-B	K	2008.07.04	6178
658	[트로이] Troj/Bdoor-AMI	K	2008.07.02	6528
657	[트로이] Troj/Dloadr-BNI	K	2008.07.01	6890
656	[허위] Adware.XpAntivirus.A..	엘뤼아르	2008.06.30	12486
655	[트로이] Troj/Startp-BJ	K	2008.06.30	81377
654	[트로이] Troj/FakeVir-CG	K	2008.06.27	22235
653	[트로이] Troj/Agent-HDE	K	2008.06.26	6444
652	[바이러스] W32/Vector-A	K	2008.06.25	21766
651	[트로이] Mal/Dbot-D [1]	K	2008.06.24	31795
650	[트로이] Troj/Mdrop-BTI	K	2008.06.23	20688
649	[트로이] Troj/Delf-FAS	K	2008.06.19	5526
648	[트로이] Troj/Bdoor-ALX	K	2008.06.18	5184
647	[ Malicious Behavior] Mal..	K	2008.06.16	5047