메인에서 Top.asp(h**p://6*.6*.2*.3*/t***/Top.asp) 라는 파일이 다운로드 된다고 하네요.
report.mhtml이 파일은 악성코드로 분류될 수 있습니다. 또한, 후에 실행될 경우 D.exe(h**p://6*.6*.2*.3*/t***/d.exe) 라는 악성코드를 다운받도록 되어 있습니다.
Top.asp 파일의 바이러스 토탈 결과
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| AhnLab-V3 | 2008.12.12.2 | 2008.12.14 | - |
| AntiVir | 7.9.0.45 | 2008.12.12 | - |
| Authentium | 5.1.0.4 | 2008.12.13 | - |
| Avast | 4.8.1281.0 | 2008.12.13 | - |
| AVG | 8.0.0.199 | 2008.12.13 | - |
| BitDefender | 7.2 | 2008.12.14 | Trojan.JS.Downloader.BFH |
| CAT-QuickHeal | 10.00 | 2008.12.13 | - |
| ClamAV | 0.94.1 | 2008.12.14 | - |
| Comodo | 749 | 2008.12.13 | - |
| DrWeb | 4.44.0.09170 | 2008.12.14 | - |
| eSafe | 7.0.17.0 | 2008.12.11 | - |
| eTrust-Vet | 31.6.6258 | 2008.12.12 | - |
| Ewido | 4.0 | 2008.12.14 | - |
| F-Prot | 4.4.4.56 | 2008.12.13 | - |
| F-Secure | 8.0.14332.0 | 2008.12.14 | - |
| Fortinet | 3.117.0.0 | 2008.12.14 | - |
| GData | 19 | 2008.12.14 | Trojan.JS.Downloader.BFH |
| Ikarus | T3.1.1.45.0 | 2008.12.14 | - |
| K7AntiVirus | 7.10.553 | 2008.12.13 | - |
| Kaspersky | 7.0.0.125 | 2008.12.14 | - |
| McAfee | 5463 | 2008.12.13 | - |
| McAfee+Artemis | 5463 | 2008.12.13 | - |
| Microsoft | 1.4205 | 2008.12.14 | - |
| NOD32 | 3688 | 2008.12.12 | - |
| Norman | 5.80.02 | 2008.12.12 | - |
| Panda | 9.0.0.4 | 2008.12.13 | - |
| PCTools | 4.4.2.0 | 2008.12.13 | - |
| Prevx1 | V2 | 2008.12.14 | - |
| Rising | 21.07.62.00 | 2008.12.14 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.12 | - |
| Sophos | 4.36.0 | 2008.12.14 | - |
| Sunbelt | 3.2.1801.2 | 2008.12.11 | - |
| Symantec | 10 | 2008.12.14 | - |
| TheHacker | 6.3.1.4.187 | 2008.12.13 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.12 | - |
| VBA32 | 3.12.8.10 | 2008.12.13 | - |
| ViRobot | 2008.12.12.1515 | 2008.12.12 | - |
| VirusBuster | 4.5.11.0 | 2008.12.13 | - |
| Additional information |
|---|
| File size: 6018 bytes |
| MD5...: 24e5b35e9a7739572b5638b35d830171 |
| SHA1..: a16aa38533c5f4b07eb56c4cebf0759bbeaa14f6 |
Top.asp 파일에 의해 다운로드 되는 D.exe 파일의 바이러스 토탈 결과
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| AhnLab-V3 | 2008.12.12.2 | 2008.12.14 | - |
| AntiVir | 7.9.0.45 | 2008.12.12 | TR/Crypt.XPACK.Gen |
| Authentium | 5.1.0.4 | 2008.12.13 | - |
| Avast | 4.8.1281.0 | 2008.12.13 | Win32:Kavos |
| AVG | 8.0.0.199 | 2008.12.13 | - |
| BitDefender | 7.2 | 2008.12.14 | - |
| CAT-QuickHeal | 10.00 | 2008.12.13 | (Suspicious) - DNAScan |
| ClamAV | 0.94.1 | 2008.12.14 | - |
| Comodo | 749 | 2008.12.13 | - |
| DrWeb | 4.44.0.09170 | 2008.12.14 | - |
| eSafe | 7.0.17.0 | 2008.12.11 | - |
| eTrust-Vet | 31.6.6258 | 2008.12.12 | - |
| Ewido | 4.0 | 2008.12.14 | - |
| F-Prot | 4.4.4.56 | 2008.12.12 | - |
| F-Secure | 8.0.14332.0 | 2008.12.14 | Suspicious:W32/Malware!Gemini |
| Fortinet | 3.117.0.0 | 2008.12.14 | - |
| GData | 19 | 2008.12.14 | Win32:Kavos |
| Ikarus | T3.1.1.45.0 | 2008.12.14 | - |
| K7AntiVirus | 7.10.553 | 2008.12.13 | - |
| Kaspersky | 7.0.0.125 | 2008.12.14 | - |
| McAfee | 5463 | 2008.12.13 | - |
| McAfee+Artemis | 5463 | 2008.12.13 | - |
| Microsoft | 1.4205 | 2008.12.14 | TrojanDownloader:Win32/Frethog.C |
| NOD32 | 3688 | 2008.12.12 | - |
| Norman | 5.80.02 | 2008.12.12 | - |
| Panda | 9.0.0.4 | 2008.12.13 | Suspicious file |
| PCTools | 4.4.2.0 | 2008.12.13 | - |
| Prevx1 | V2 | 2008.12.14 | - |
| Rising | 21.07.62.00 | 2008.12.14 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.12 | Trojan.Crypt.XPACK.Gen |
| Sophos | 4.36.0 | 2008.12.14 | - |
| Sunbelt | 3.2.1801.2 | 2008.12.11 | - |
| Symantec | 10 | 2008.12.14 | - |
| TheHacker | 6.3.1.4.187 | 2008.12.13 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.12 | - |
| VBA32 | 3.12.8.10 | 2008.12.13 | - |
| ViRobot | 2008.12.12.1514 | 2008.12.12 | - |
| VirusBuster | 4.5.11.0 | 2008.12.13 | - |
| Additional information |
|---|
| File size: 102970 bytes |
| MD5...: f6dbe4adf2765c1e984ef6f84ee009b7 |
| SHA1..: c1449be076f99ba212253ff8b7f6a0eef048e198 |
하하하 d.exe 파일이 실행되면 또다른 파일을 다운로드합니다.
no1.exe 토탈결과
| 안티바이러스 | 엔진 버전 | 정의 날짜 | 검사 결과 |
|---|---|---|---|
| AhnLab-V3 | 2008.12.12.2 | 2008.12.14 | - |
| AntiVir | 7.9.0.45 | 2008.12.12 | TR/Crypt.XPACK.Gen |
| Authentium | 5.1.0.4 | 2008.12.13 | - |
| Avast | 4.8.1281.0 | 2008.12.13 | Win32:Kavos |
| AVG | 8.0.0.199 | 2008.12.13 | - |
| BitDefender | 7.2 | 2008.12.14 | - |
| CAT-QuickHeal | 10.00 | 2008.12.13 | (Suspicious) - DNAScan |
| ClamAV | 0.94.1 | 2008.12.14 | - |
| Comodo | 749 | 2008.12.13 | - |
| DrWeb | 4.44.0.09170 | 2008.12.14 | - |
| eSafe | 7.0.17.0 | 2008.12.11 | Suspicious File |
| eTrust-Vet | 31.6.6258 | 2008.12.12 | - |
| Ewido | 4.0 | 2008.12.14 | - |
| F-Prot | 4.4.4.56 | 2008.12.13 | - |
| F-Secure | 8.0.14332.0 | 2008.12.14 | - |
| Fortinet | 3.117.0.0 | 2008.12.14 | - |
| GData | 19 | 2008.12.14 | Win32:Kavos |
| Ikarus | T3.1.1.45.0 | 2008.12.14 | Worm.Win32.Viking |
| K7AntiVirus | 7.10.553 | 2008.12.13 | - |
| Kaspersky | 7.0.0.125 | 2008.12.14 | - |
| McAfee | 5463 | 2008.12.13 | New Malware.bl |
| McAfee+Artemis | 5463 | 2008.12.13 | New Malware.bl |
| Microsoft | 1.4205 | 2008.12.14 | PWS:Win32/Frethog.AJ |
| NOD32 | 3689 | 2008.12.14 | - |
| Norman | 5.80.02 | 2008.12.12 | - |
| Panda | 9.0.0.4 | 2008.12.14 | Suspicious file |
| PCTools | 4.4.2.0 | 2008.12.14 | - |
| Prevx1 | V2 | 2008.12.14 | - |
| Rising | 21.07.62.00 | 2008.12.14 | - |
| SecureWeb-Gateway | 6.7.6 | 2008.12.12 | Trojan.Crypt.XPACK.Gen |
| Sophos | 4.36.0 | 2008.12.14 | - |
| Sunbelt | 3.2.1801.2 | 2008.12.11 | - |
| Symantec | 10 | 2008.12.14 | - |
| TheHacker | 6.3.1.4.187 | 2008.12.13 | - |
| TrendMicro | 8.700.0.1004 | 2008.12.12 | - |
| VBA32 | 3.12.8.10 | 2008.12.13 | - |
| ViRobot | 2008.12.12.1515 | 2008.12.12 | - |
| VirusBuster | 4.5.11.0 | 2008.12.13 | - |
| 추가 정보 |
|---|
| File size: 162381 bytes |
| MD5...: 19ae6aed1527b4dbf13e816382094ab4 |
