악성코드/악성코드 소식

중국 소녀 바이러스 : Win-Trojan/Fakecodecs.331776

쿨캣7 2009. 2. 16. 16:28
728x90
반응형

네이트온 메신저를 통해 전파된 새로운 악성코드가 등장했다.

- MD5 : 5b6e8792f733b4860be6320e1cfeac21
- 파일길이 : 331,776 바이트
- V3 진단명 : Win-Trojan/Fakecodecs.331776  (2009.02.16.01 이후 엔진에서 진단)

실행되면 중국 소녀로 추정되는 사진이 출력된다.

중국 소녀 추정 사진

악성코드 실행 후 보여지는 소녀 사진



역시 국내 환경에 철저하게 맞춰진 악성코드이다.

0000636c        : \Program Files\Virus Chaser
000063a8        : SYSTEM\CurrentControlSet\Services\MpsSvc
00006400        : SYSTEM\CurrentControlSet\Services\WinDefend
0000645c        : SYSTEM\CurrentControlSet\Services\srservice
000064b8        : SYSTEM\CurrentControlSet\Services\npkcmsvc
00006514        : SYSTEM\CurrentControlSet\Services\ALYac_PZSrv

00006db8        : \Program Files\HAURI
00006ee4        : \Program Files\ESTsoft\ALYac
00006f24        : \Program Files\AhnLab
00006f54        : \Program Files\Kaspersky Lab
00006f94        : \Program Files\Geot
00006fc0        : \Program Files\Naver\NaverPCGreen
00007008        : \Program Files\Symantec AntiVirus
00007050        : \Program Files\Norton
00007080        : \Program Files\Symantec
000070b4        : \Program Files\Common Files\Symantec Shared
00007110        : \Program Files\Alwil Software
00007150        : \Program Files\Eset
0000717c        : \Program Files\NoAD2
000071ac        : \Program Files\Digitalonnet
000071e8        : \Program Files\PcdrAntiVirus
00007228        : \Program Files\PCClearPlus
00007264        : \Program Files\PC-Clean
00007298        : \Program Files\PC-CleanV
000072d0        : \Program Files\INCAInternet
0000730c        : \Program Files\PCFree
0000733c        : \Program Files\SpyDoctorPlus
0000737c        : \Program Files\TC-Hacking
000073b4        : \Program Files\ViScanPro
000073ec        : \Program Files\anticlean
00007424        : \Program Files\PatchUp_Plus


[VirusTotal 검사 결과] ---------------------------------------------------

http://www.virustotal.com/ko/analisis/2282dab88a1c641da6c689ebe8bbbe63

- 2009년 2월 16일 오후 4시 20분 검사 결과

안티바이러스 엔진 버전 정의 날짜 검사 결과
a-squared 4.0.0.93 2009.02.16 -
AhnLab-V3 5.0.0.2 2009.02.16 Win-Trojan/Fakecodecs.331776
AntiVir 7.9.0.79 2009.02.15 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.02.15 -
Avast 4.8.1335.0 2009.02.15 -
AVG 8.0.0.237 2009.02.15 Generic12.BPPW
BitDefender 7.2 2009.02.16 -
CAT-QuickHeal 10.00 2009.02.16 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.02.16 -
Comodo 978 2009.02.15 -
DrWeb 4.44.0.09170 2009.02.16 -
eSafe 7.0.17.0 2009.02.15 -
eTrust-Vet 31.6.6358 2009.02.14 -
F-Prot 4.4.4.56 2009.02.15 -
F-Secure 8.0.14470.0 2009.02.16 -
Fortinet 3.117.0.0 2009.02.15 -
GData 19 2009.02.16 -
Ikarus T3.1.1.45.0 2009.02.16 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.16 -
McAfee 5527 2009.02.15 -
McAfee+Artemis 5527 2009.02.15 -
Microsoft 1.4306 2009.02.16 -
NOD32 3855 2009.02.16 probably unknown NewHeur_PE
Norman 6.00.02 2009.02.13 -
nProtect 2009.1.8.0 2009.02.16 Trojan-Dropper/W32.Agent.331776.K
Panda 10.0.0.10 2009.02.15 -
PCTools 4.4.2.0 2009.02.15 -
Prevx1 V2 2009.02.16 -
Rising 21.17.01.00 2009.02.16 -
SecureWeb-Gateway 6.7.6 2009.02.16 Trojan.Crypt.XPACK.Gen
Sophos 4.38.0 2009.02.16 -
Sunbelt 3.2.1851.2 2009.02.12 -
Symantec 10 2009.02.16 -
TheHacker 6.3.2.1.258 2009.02.16 -
TrendMicro 8.700.0.1004 2009.02.16 -
VBA32 3.12.8.12 2009.02.16 -
ViRobot 2009.2.16.1608 2009.02.16 Trojan.Win32.IM-NateOn.331776
VirusBuster 4.5.11.0 2009.02.15 -
728x90
반응형