728x90
반응형
안티 바이러스 오진 문제는 항상 있었지만 샘플이 많이 증가하면서
상대적으로 샘플을 꼼꼼히 볼 시간이 부족하다보니 타업체의 진단을 참고하는데 한곳에서 오진하면 같이 오진이 나는 경우가 많다.
- 파일길이 : 61440 bytes
- MD5: 3a9bcde21a8d27f0c4b7f43615e0e821
해당 샘플은 안랩으로 2006년 11월 22일에 처음 샘플이 접수되었고 그때 정상파일로 분석되었다.
하지만, 이 샘플에 대한 재분석 요청이 들어왔는데 샘플을 봤는데 마더보드 (Mother Board) 관련 프로그램으로 보인다.
0000B054 0040B054 0 \auto.ini
0000B06C 0040B06C 0 SETUP%d
0000B074 0040B074 0 =============
0000B090 0040B090 0 Driver%d
0000B09C 0040B09C 0 Did not Support this MotherBoard
0000B0C0 0040B0C0 0 Mother Board Message
0000B0D8 0040B0D8 0 SETUP
0000B0E8 0040B0E8 0 NOVALUE
0000B0F0 0040B0F0 0 GROUP%d
0000B0F8 0040B0F8 0 This OS is not supported!!
0000B113 0040B113 0 If you have any question, please contact us!!
0000B144 0040B144 0 Information
0000B154 0040B154 0 BUILDNUMBER
0000B160 0040B160 0 PLATFORMID
0000B16C 0040B16C 0 MINOR
0000B174 0040B174 0 MAJOR
0000B17C 0040B17C 0 SUPPORT%d
0000B188 0040B188 0 SUPPORT
0000B190 0040B190 0 ENGLISH
0000B198 0040B198 0 SETUPFILE
0000B1A4 0040B1A4 0 SETUPKEY
0000B1B0 0040B1B0 0 LANGUAGE%d
0000B1BC 0040B1BC 0 EXTDATADEBUGSTRING%d
0000B1D4 0040B1D4 0 STRING%d
0000B1E0 0040B1E0 0 AVIFRAMEY
0000B1EC 0040B1EC 0 AVIFRAMEX
0000B1F8 0040B1F8 0 ENDAVI
0000B200 0040B200 0 BEGINAVI
0000B20C 0040B20C 0 DEFAULT
0000B214 0040B214 0 LANGUAGE
0000B220 0040B220 0 SETUPNO
0000B228 0040B228 0 EXTDATADEBUGMODE
0000B23C 0040B23C 0 DEBUGVERSION
0000B24C 0040B24C 0 DEBUGMODE
0000B258 0040B258 0 ENDBMP
0000B260 0040B260 0 BEGINBMP
0000B26C 0040B26C 0 BACKGROUND
0000B278 0040B278 0 ENDBMP16
0000B284 0040B284 0 BEGINBMP16
0000B290 0040B290 0 BACKGROUND16
0000B2A0 0040B2A0 0 LOADICON
0000B2AC 0040B2AC 0 CAPTION
0000B2B4 0040B2B4 0 GROUPNO
0000B2BC 0040B2BC 0 SETUPSIZE
0000B2C8 0040B2C8 0 SETUPSCRIPT
0000B2D4 0040B2D4 0 SETUPKIND
0000B2E0 0040B2E0 0 IMGPOSTY
0000B2EC 0040B2EC 0 IMGPOSTX
0000B2F8 0040B2F8 0 RUNSIZE
0000B300 0040B300 0 ACTION
0000B308 0040B308 0 ARGUMENTS
0000B314 0040B314 0 STARTROOT
0000B320 0040B320 0 BUTTONFTEXTCOLOR16
0000B334 0040B334 0 BUTTONUTEXTCOLOR16
0000B348 0040B348 0 BUTTONFTEXTCOLOR
0000B35C 0040B35C 0 BUTTONUTEXTCOLOR
0000B370 0040B370 0 BUTTONFTEXT
0000B37C 0040B37C 0 BUTTONUTEXT
0000B388 0040B388 0 BUTTONF16
0000B394 0040B394 0 BUTTONU16
0000B3A0 0040B3A0 0 BUTTONF
0000B3A8 0040B3A8 0 BUTTONU
0000B3B0 0040B3B0 0 0 0 0
0000B3B8 0040B3B8 0 INSTALLTEXTCOLOR
0000B3CC 0040B3CC 0 INSTALLTEXT
0000B3D8 0040B3D8 0 INSTALLMASK
0000B3E4 0040B3E4 0 INSTALLB
0000B3F4 0040B3F4 0 ,ACTION
0000B3FC 0040B3FC 0 CHECK
0000B404 0040B404 0 DRIVERNAME%s
0000B414 0040B414 0 INSTALL
0000B41C 0040B41C 0 OSSUPPORT
0000B428 0040B428 0 SCRIPT
0000B430 0040B430 0 system\currentcontrolset\services\MapMem
0000B488 0040B488 0 Bits Per Pixel : %d
0000B49C 0040B49C 0 UNKNOWN ACTION!
0000B4AC 0040B4AC 0 Error
0000B4C8 0040B4C8 0 PRINT:
0000B4D4 0040B4D4 0 %d %d %d
0000B4E0 0040B4E0 0 System
0000B4E8 0040B4E8 0 Wrong OS
0000B4FC 0040B4FC 0 STRING
0000B50C 0040B50C 0 Software\Microsoft\Windows\CurrentVersion\Run
0000B53C 0040B53C 0 DIGIT
0000B544 0040B544 0 NUMBER
0000B54C 0040B54C 0 COUNT
0000B558 0040B558 0 CHECKFILE%d
0000B564 0040B564 0 NEXT1
0000B580 0040B580 0 "PATH%d"
0000B58C 0040B58C 0 PATH%d
0000B594 0040B594 0 Are you sure you want to cancel it?
0000B5B8 0040B5B8 0 Warning
0000B5C0 0040B5C0 0 NAME%d
0000B5C8 0040B5C8 0 patch.ini
0000B5D4 0040B5D4 0 After you choose the driver(s) you want and press "OK", it will show device drivers to be installed in sequence.
0000B648 0040B648 0 Soltek
0000B650 0040B650 0 \autorun.exe
0000B660 0040B660 0 \Autorun.ini
0000B670 0040B670 0 \En.ini
0000C004 0045E004 0 SOLTEK
혹시라도 찾기 못한 악의적인 코드가 있는지 모르겠지만 오진일 가능성이 높다.
상대적으로 샘플을 꼼꼼히 볼 시간이 부족하다보니 타업체의 진단을 참고하는데 한곳에서 오진하면 같이 오진이 나는 경우가 많다.
- 파일길이 : 61440 bytes
- MD5: 3a9bcde21a8d27f0c4b7f43615e0e821
해당 샘플은 안랩으로 2006년 11월 22일에 처음 샘플이 접수되었고 그때 정상파일로 분석되었다.
하지만, 이 샘플에 대한 재분석 요청이 들어왔는데 샘플을 봤는데 마더보드 (Mother Board) 관련 프로그램으로 보인다.
0000B054 0040B054 0 \auto.ini
0000B06C 0040B06C 0 SETUP%d
0000B074 0040B074 0 =============
0000B090 0040B090 0 Driver%d
0000B09C 0040B09C 0 Did not Support this MotherBoard
0000B0C0 0040B0C0 0 Mother Board Message
0000B0D8 0040B0D8 0 SETUP
0000B0E8 0040B0E8 0 NOVALUE
0000B0F0 0040B0F0 0 GROUP%d
0000B0F8 0040B0F8 0 This OS is not supported!!
0000B113 0040B113 0 If you have any question, please contact us!!
0000B144 0040B144 0 Information
0000B154 0040B154 0 BUILDNUMBER
0000B160 0040B160 0 PLATFORMID
0000B16C 0040B16C 0 MINOR
0000B174 0040B174 0 MAJOR
0000B17C 0040B17C 0 SUPPORT%d
0000B188 0040B188 0 SUPPORT
0000B190 0040B190 0 ENGLISH
0000B198 0040B198 0 SETUPFILE
0000B1A4 0040B1A4 0 SETUPKEY
0000B1B0 0040B1B0 0 LANGUAGE%d
0000B1BC 0040B1BC 0 EXTDATADEBUGSTRING%d
0000B1D4 0040B1D4 0 STRING%d
0000B1E0 0040B1E0 0 AVIFRAMEY
0000B1EC 0040B1EC 0 AVIFRAMEX
0000B1F8 0040B1F8 0 ENDAVI
0000B200 0040B200 0 BEGINAVI
0000B20C 0040B20C 0 DEFAULT
0000B214 0040B214 0 LANGUAGE
0000B220 0040B220 0 SETUPNO
0000B228 0040B228 0 EXTDATADEBUGMODE
0000B23C 0040B23C 0 DEBUGVERSION
0000B24C 0040B24C 0 DEBUGMODE
0000B258 0040B258 0 ENDBMP
0000B260 0040B260 0 BEGINBMP
0000B26C 0040B26C 0 BACKGROUND
0000B278 0040B278 0 ENDBMP16
0000B284 0040B284 0 BEGINBMP16
0000B290 0040B290 0 BACKGROUND16
0000B2A0 0040B2A0 0 LOADICON
0000B2AC 0040B2AC 0 CAPTION
0000B2B4 0040B2B4 0 GROUPNO
0000B2BC 0040B2BC 0 SETUPSIZE
0000B2C8 0040B2C8 0 SETUPSCRIPT
0000B2D4 0040B2D4 0 SETUPKIND
0000B2E0 0040B2E0 0 IMGPOSTY
0000B2EC 0040B2EC 0 IMGPOSTX
0000B2F8 0040B2F8 0 RUNSIZE
0000B300 0040B300 0 ACTION
0000B308 0040B308 0 ARGUMENTS
0000B314 0040B314 0 STARTROOT
0000B320 0040B320 0 BUTTONFTEXTCOLOR16
0000B334 0040B334 0 BUTTONUTEXTCOLOR16
0000B348 0040B348 0 BUTTONFTEXTCOLOR
0000B35C 0040B35C 0 BUTTONUTEXTCOLOR
0000B370 0040B370 0 BUTTONFTEXT
0000B37C 0040B37C 0 BUTTONUTEXT
0000B388 0040B388 0 BUTTONF16
0000B394 0040B394 0 BUTTONU16
0000B3A0 0040B3A0 0 BUTTONF
0000B3A8 0040B3A8 0 BUTTONU
0000B3B0 0040B3B0 0 0 0 0
0000B3B8 0040B3B8 0 INSTALLTEXTCOLOR
0000B3CC 0040B3CC 0 INSTALLTEXT
0000B3D8 0040B3D8 0 INSTALLMASK
0000B3E4 0040B3E4 0 INSTALLB
0000B3F4 0040B3F4 0 ,ACTION
0000B3FC 0040B3FC 0 CHECK
0000B404 0040B404 0 DRIVERNAME%s
0000B414 0040B414 0 INSTALL
0000B41C 0040B41C 0 OSSUPPORT
0000B428 0040B428 0 SCRIPT
0000B430 0040B430 0 system\currentcontrolset\services\MapMem
0000B488 0040B488 0 Bits Per Pixel : %d
0000B49C 0040B49C 0 UNKNOWN ACTION!
0000B4AC 0040B4AC 0 Error
0000B4C8 0040B4C8 0 PRINT:
0000B4D4 0040B4D4 0 %d %d %d
0000B4E0 0040B4E0 0 System
0000B4E8 0040B4E8 0 Wrong OS
0000B4FC 0040B4FC 0 STRING
0000B50C 0040B50C 0 Software\Microsoft\Windows\CurrentVersion\Run
0000B53C 0040B53C 0 DIGIT
0000B544 0040B544 0 NUMBER
0000B54C 0040B54C 0 COUNT
0000B558 0040B558 0 CHECKFILE%d
0000B564 0040B564 0 NEXT1
0000B580 0040B580 0 "PATH%d"
0000B58C 0040B58C 0 PATH%d
0000B594 0040B594 0 Are you sure you want to cancel it?
0000B5B8 0040B5B8 0 Warning
0000B5C0 0040B5C0 0 NAME%d
0000B5C8 0040B5C8 0 patch.ini
0000B5D4 0040B5D4 0 After you choose the driver(s) you want and press "OK", it will show device drivers to be installed in sequence.
0000B648 0040B648 0 Soltek
0000B650 0040B650 0 \autorun.exe
0000B660 0040B660 0 \Autorun.ini
0000B670 0040B670 0 \En.ini
0000C004 0045E004 0 SOLTEK
혹시라도 찾기 못한 악의적인 코드가 있는지 모르겠지만 오진일 가능성이 높다.
728x90
반응형
'보안위협 (악성코드) > 누구냐 넌 ?' 카테고리의 다른 글
| 다음에서 배포하는 xmaninf.dll (0) | 2007.12.11 |
|---|---|
| 정상 : Reg2Exe (0) | 2007.10.26 |
| MMSadari.EXE - 사다리게임으로 가장한 다운로더 (0) | 2007.09.06 |
| 한글키워드 서비스 업데이트 파일 uID.DLL (0) | 2007.08.09 |
| 안랩 RunSu.exe를 타백신에서 오진 (0) | 2007.05.25 |