Usenet'te yeni bir virüs: TrustedUDPThread

Usenet'ten ne zaman yeni bir release indirsem içinden program yerine TrustedUDPThread tarafından oluşturulmuş bir virüs çıkıyor. Her dosya boyutunda olan virüsü VirusTotal'de tarattım. Sonuçlar şu şekilde:

https://www.virustotal.com/file/419...fa1931d639e21417178466c7/analysis/1356291719/

Antivirus	Result	Update
Agnitum	-	20121223
AntiVir	TR/Crypt.XPACK.Gen7	20121223
Antiy-AVL	-	20121223
Avast	-	20121223
AVG	-	20121223
BitDefender	-	20121223
CAT-QuickHeal	-	20121223
Commtouch	-	20121223
Comodo	-	20121223
Emsisoft	-	20121223
eSafe	-	20121220
ESET-NOD32	a variant of Win32/Injector.ZLD	20121223
F-Prot	-	20121223
F-Secure	-	20121223
Fortinet	-	20121223
GData	-	20121223
Ikarus	Trojan.SuspectCRC	20121223
Jiangmin	-	20121221
K7AntiVirus	-	20121221
Kaspersky	HEUR:Trojan.Win32.Generic	20121223
Kingsoft	-	20121217
Malwarebytes	-	20121223
McAfee	-	20121223
McAfee-GW-Edition	-	20121223
Microsoft	-	20121223
MicroWorld-eScan	-	20121223
NANO-Antivirus	-	20121223
Norman	-	20121223
nProtect	-	20121223
Panda	-	20121223
PCTools	-	20121223
Rising	-	20121221
Sophos	-	20121223
SUPERAntiSpyware	-	20121223
TheHacker	-	20121223
TotalDefense	-	20121223
TrendMicro	-	20121223
TrendMicro-HouseCall	-	20121223
VIPRE	-	20121223
ViRobot	-	20121223

Exiftool:

Kod:

SubsystemVersion.........: 4.0
InitializedDataSize......: 2744320
ImageVersion.............: 0.0
ProductName..............: TrustedUDPThread
FileVersionNumber........: 6.5.9.5
UninitializedDataSize....: 0
LanguageCode.............: English (British)
FileFlagsMask............: 0x0000
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Win32
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 10.6.9.9
TimeStamp................: 2012:06:09 04:24:23+01:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: TrustedUDPThread
ProductVersion...........: 10.6.9.9
FileDescription..........: TrustedUDPThread
OSVersion................: 4.0
OriginalFilename.........: TrustedUDPThread.exe
LegalCopyright...........: Copyright City Defense Expertise
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: City Defense Expertise
CodeSize.................: 1249280
FileSubtype..............: 0
ProductVersionNumber.....: 0.6.3.1
EntryPoint...............: 0x12b717
ObjectFileType...........: Executable application

Kod:

Compilation timedatestamp.....: 2012-06-09 03:24:23
Target machine................: 0x14C (Intel 386 or later processors and compatible processors)
Entry point address...........: 0x0012B717

PE Sections...................:

Name        Virtual Address  Virtual Size  Raw Size  Entropy  MD5
.text                  4096       1248895   1249280     5.90  fc764d38670c6a6a91a4cb5b9914a901
.rdata              1253376       2127488   2129920     5.15  fdce2412c4c82a554911d210e1ed63e0
.data               3383296        580700    577536     5.13  bbf08886c41983485c12a01695a04b56
.rsrc               3964928         31448     32768     5.52  8f9c4aa0a7dfc5400afd82fb0906accf

PE Imports....................:

[[SHELL32.dll]]
CommandLineToArgvW

[[KERNEL32.dll]]
GetLastError, HeapFree, GetStdHandle, EnterCriticalSection, LCMapStringW, SetHandleCount, GetSystemInfo, GetModuleFileNameW, GetOEMCP, LCMapStringA, HeapDestroy, ExitProcess, TlsAlloc, GetVersionExA, VirtualProtect, FlushFileBuffers, LoadLibraryA, RtlUnwind, GetModuleFileNameA, FreeEnvironmentStringsA, DeleteCriticalSection, GetStartupInfoA, GetEnvironmentStrings, GetLocaleInfoA, GetCurrentProcessId, GetCommandLineW, GetCPInfo, UnhandledExceptionFilter, MultiByteToWideChar, HeapSize, FreeEnvironmentStringsW, GetCommandLineA, GetProcAddress, GetStringTypeA, SetStdHandle, GetModuleHandleA, WideCharToMultiByte, TlsFree, SetFilePointer, InterlockedExchange, WriteFile, GetCurrentProcess, CloseHandle, GetSystemTimeAsFileTime, GetACP, HeapReAlloc, GetStringTypeW, TerminateProcess, QueryPerformanceCounter, InitializeCriticalSection, HeapCreate, VirtualQuery, VirtualFree, GetEnvironmentStringsW, TlsGetValue, Sleep, GetFileType, GetTickCount, TlsSetValue, HeapAlloc, GetCurrentThreadId, VirtualAlloc, SetLastError, LeaveCriticalSection

[[USER32.dll]]
SetFocus, DrawEdge, GetParent, EndDialog, CheckRadioButton, CreateCaret, PostQuitMessage, SetClassLongA, SetWindowPos, CheckMenuItem, SendDlgItemMessageA, IsWindow, EndPaint, SetDlgItemTextA, SetCapture, PeekMessageA, TranslateMessage, GetMessageTime, SetKeyboardState, SetScrollInfo, GetCursorPos, SystemParametersInfoA, ShowCaret, GetQueueStatus, GetWindowPlacement, SendMessageA, GetDlgItem, WinHelpA, IsIconic, TrackPopupMenu, GetKeyboardLayout, DefDlgProcA, ShowCursor, GetSystemMenu, MsgWaitForMultipleObjects, GetWindowTextA

[[GDI32.dll]]
GetDeviceCaps, LineTo, ExtTextOutW, DeleteDC, SelectObject, GetCharWidth32W, GetBkMode, TextOutA, GetCharABCWidthsFloatA, CreateSolidBrush, UpdateColors, GetCharWidthA, CreateCompatibleDC, SetTextColor

PE Resources..................:

Resource type            Number of resources
RT_ICON                  6
RT_VERSION               1
RT_GROUP_ICON            1

Resource language        Number of resources
ENGLISH US               8

SHA256: 419bd7b530a1751bfd33bc6351d56805ed979683fa1931d639e21417178466c7
File name: Xilisoft.Video.Converter.Ultimate.v7.6.0.20121127.Incl.Keygen.REPACK-BRD.exe
Detection ratio: 4 / 40
Analysis date: 2012-12-23 19:41:59 UTC ( 1 dakika ago )

Usenet'te yeni bir virüs: TrustedUDPThread

Yorumlar

Blog girdisi detayları

Genel kategorisindeki diğer girdiler

Recep Baltaş adlı kullanıcının diğer girdileri

Bu girdiyi paylaş

Gizliliğinize önem veriyoruz