바이러스/악성코드 정보 - AVG

AVG - Downloader.Agent.AGRI

엘뤼아르

2008.07.21 17:01:31

2300

http://wowhacker.com/219450

File scan.exe Scanned on 05.18.2008 03:10:03 (CET)
File size: 46080 bytes
MD5...: 31f84f2e986e50ddb563bee223f45020
SHA1..: 81ece9ae5d1c81c8bcf7a1b92abb8f625c4e72ee
SHA256: 5e98bdbe393b04192cfb94f993a491581827c4487902a6897a0538b58dcb8dfa
SHA512: a90e12dabdd39a42d6166ff071e832aac184410512d07d6b3c78bf0cd1253748
eaef0ad40e64215f748d10fa9ff8b389a8cad44e96f98370569708bda84a1528
Packed: UPX

VT Result: 9/32 (28.12%)
AntiVir 7.8.0.19 2008.05.17 TR/Crypt.ULPM.Gen
AVG 7.5.0.516 2008.05.17 Downloader.Agent.AGRI
BitDefender 7.2 2008.05.17 Trojan.Peed.Gen
eSafe 7.0.15.0 2008.05.16 suspicious Trojan/Worm
F-Secure 6.70.13260.0 2008.05.18 Suspicious:W32/Malware!Gemini
Ikarus T3.1.1.26.0 2008.05.18 Trojan.Peed.JIK
Panda 9.0.0.4 2008.05.17 Suspicious file
Sophos 4.29.0 2008.05.17 Mal/HckPk-A
Webwasher-Gateway 6.6.2 2008.05.18 Trojan.Crypt.ULPM.Gen

PE Structure information

( base data )
entrypointaddress.: 0x40dbdc
timedatestamp.....: 0x47fe2252 (Thu Apr 10 14:21:06 2008)
machinetype.......: 0x14c (I386)

***** Resources ****************************************************
--- Dialog ---------------------------------------------------------
9

***** PE Header ****************************************************
Signature: 00004550
Machine: 014C - Intel 386
Number of sections: 0003
Time/Date stamp: 47FE2252
Pointer to symbol table: 00000000
Number of symbols: 00000000
Size of optional header: 00E0
Characteristics: 010F
Magic: 010B
Linker version (major): 07
Linker version (minor): 0A
Size of code: 00005000
Size of initialized data: 00001000
Size of uninitialized data: 0000A000
Address of entry point: 0000DBDC
Base of code: 0000B000
Base of data: 00010000
Image base: 00400000
Section alignment: 00001000
File alignment: 00000200
OS version (major): 0004
OS version (minor): 0000
Image version (major): 0000
Image version (minor): 0000
Sub system version (major): 0004
Sub system version (minor): 0000
Win32 version: 00000000
Size of image: 00016000
Size of headers: 00001000
Checksum: 0000D919
Sub system: 0002 - Windows graphical user interface (GUI) subsystem
DLL characteristics: 0000
Size of stack reserve: 00100000
Size of stack commit: 00001000
Size of heap reserve: 00100000
Size of heap commit: 00001000
Loader flags: 00000000
Number of RVA: 00000010

***** PE Sections **************************************************
Section VirtSize VirtAddr PhysSize PhysAddr Flags
UPX0 0000A000 00001000 00000000 00000400 E0000080
UPX1 00005000 0000B000 00005000 00000400 E0000040
.rsrc 00006000 00010000 00006000 00005400 E0000040

( 2 imports )
> msvcrt.dll: strstr, strcpy, strlen, memcmp, __2@YAPAXI@Z, memset
> kernel32.dll: CreateFileA, VirtualAlloc, VirtualFree, CloseHandle, ReadFile, WriteFile

이 게시물을..