안티바이러스 엔진 버전 정의 날짜 검사 결과
AntiVir 7.8.0.64 2008.07.04 SPR/Fake.XPAnti.E.1
AVG 7.5.0.516 2008.07.05 Downloader.Agent
BitDefender 7.2 2008.07.05 Trojan.Dropper.Delf.Crypt.D
F-Secure 7.60.13501.0 2008.07.03 Trojan-Downloader.Win32.FraudLoad.gen
GData 2.0.7306.1023 2008.07.05 Trojan-Downloader.Win32.FraudLoad.gen
Ikarus T3.1.1.26.0 2008.07.05 Trojan-Downloader.Win32.FraudLoad
Kaspersky 7.0.0.125 2008.07.05 Trojan-Downloader.Win32.FraudLoad.gen
Microsoft 1.3704 2008.07.05 TrojanDownloader:Win32/Renos.gen!AF
Sophos 4.31.0 2008.07.05 Mal/EncPk-CZ
Webwasher-Gateway 6.6.2 2008.07.05 Riskware.Fake.XPAnti.E.1
***** PE Structure *************************************************
entrypointaddress.: 0x40130e
timedatestamp.....: 0x461d015e (Wed Apr 11 15:40:14 2007)
machinetype.......: 0x14c (I386
***** PE Header ****************************************************
Signature: 00004550
Machine: 014C - Intel 386
Number of sections: 0006
Time/Date stamp: 461D015E
Pointer to symbol table: 00000000
Number of symbols: 00000000
Size of optional header: 00E0
Characteristics: 010F
Magic: 010B
Linker version (major): 06
Linker version (minor): 10
Size of code: 00001400
Size of initialized data: 0000AA00
Size of uninitialized data: 00000000
Address of entry point: 0000130E
Base of code: 00001000
Base of data: 00003000
Image base: 00400000
Section alignment: 00001000
File alignment: 00000200
OS version (major): 0004
OS version (minor): 0000
Image version (major): 0000
Image version (minor): 0000
Sub system version (major): 0004
Sub system version (minor): 0000
Win32 version: 00000000
Size of image: 0001B000
Size of headers: 00000400
Checksum: 00000000
Sub system: 0002 - Windows graphical user interface (GUI) subsystem
DLL characteristics: 0000
Size of stack reserve: 00100000
Size of stack commit: 00001000
Size of heap reserve: 00100000
Size of heap commit: 00001000
Loader flags: 00000000
Number of RVA: 00000010
***** PE Sections **************************************************
Section VirtSize VirtAddr PhysSize PhysAddr Flags
.text 00001326 00001000 00001400 00000400 60000020
.data 0000A952 00003000 0000AA00 00001800 C0000040
.tls 00000030 0000E000 00000200 0000C200 C0000040
.rdata 00000018 0000F000 00000200 0000C400 50000040
.idata 00000141 00010000 00000200 0000C600 40000040
.rsrc 00009805 00011000 00001A00 0000C800 40000040
***** Import/Export table ******************************************
--- Export table ---------------------------------------------------
--- Import table (libraries: 3) ------------------------------------
> kernel32.dll: DeleteFileW, GetConsoleMode
> user32.dll: DrawIcon, IsMenu
> comctl32.dll: DrawStatusText, ImageList_EndDrag, CreateMappedBitmap
Process Details:
Process ID 2060
Filename C:\XPantivirus2008_v880234.exe
Filesize 57856 bytes
MD5 1a347bdf869eea5be316c6ae43230196
Start Reason AnalysisTarget
New Files
C:\DOCUME~1\Sanbox\LOCALS~1\Temp\f886_appcompat.txt
Opened Files:
\\.\ProcPanama
\\.\PIPE\lsarpc
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\advapi32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\gdi32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\user32.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\winsock.dll
C:\WINDOWS\system32\winsock.dll
C:\WINDOWS\AppPatch\sysmain.sdb
C:\WINDOWS\AppPatch\systest.sdb
\Device\NamedPipe\ShimViewer
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\drwtsn32.exe
Deleted Files:
C:\DOCUME~1\Sanbox\LOCALS~1\Temp\f886_appcompat.txt
Registry Reads:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting ""
HKEY_LOCAL_MACHINE\SYSTEM\Setup ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ExclusionList ""
HKEY_LOCAL_MACHINE\SYSTEM\WPA\MediaCenter ""
Process Management:
Creates Process - Filename: C:\WINDOWS\system32\dwwin.exe -x -s 1348
엘뤼아르
