Rabu, 17 Februari 2010

Analisa Virus Sabotage

*Nama File : The Next Level.exe
*Sumber : MorphostLab Virus Collection – Januari 2010
*Nama Virus :
- Kudosoft VirLab : Sabotage
- Morphost Expert : Sabotage
- Smadav 2010 Rev 8.0 : n/a
- Ansav 2.035 Upd 106 : n/a
- Pcmav 2.2c Build 4 : n/a
- CMC PH#3-1 : n/a
- EuraAV 1.8.0.6: n/a
*Ukuran : 94.208 bytes [Packed with UPX]
*Compiler : Ms VB 6.0
*Icon : WinRar – SFX File
*Level : -
*Checksum :
CRC32: 674641FF
MD5: 7FC7EAC422370CA97E9B0E3EEB4F41F4
SHA-1: 5775D3E4567533A8FF2193E88765D26689F29E01
*Proses Aktif :
NTDETECT.exe (sesuai file yg dieksekusi)
*Membuat / mengcopy file ke :
- C:\Sab0tagE.exe
– CRC32: D326F9CD
– MD5: D49AA4CD73DB53BC5DD7C9C2C54A3C0C
– SHA-1: 9A7EA636292B5D17791877FAA0011D97FDB4736A
- C:\SABOTAGE.txt
- C:\Windows\desktop.ini [Attribute System]
- C:\Windows\SVCH0ST.exe [Attribute System]
– CRC32: 37047779
– MD5: C03831EDB00361207BCC8EE1099AE81B
– SHA-1: 1D459EBBD1FCF35C39887848A133D8574D9FC814
- C:\Windows\ssms.exe [Attribute System]
– CRC32: FF674641
– MD5: FB6459D509AD4D66BC81828FEE320D9F
– SHA-1: B3504DB8DF5A14D0B3D0F7339E950246227C66F5
- C:\Windows\system32\msvbvm60.10756 [Direname dari file msvbvm60.dll, file yang asli dihapus]
- C:\Windows\Task\SVCH0ST.job [Bertugas menjalankan file C:\Windows\SVCH0ST.exe tiap 1 menit]
- F:\autorun.inf [Untuk menjalankan file rad0D238.exe]
- F:\Facebook Password Cracker.exe
– CRC32: D326F9CD
– MD5: D49AA4CD73DB53BC5DD7C9C2C54A3C0C
– SHA-1: 9A7EA636292B5D17791877FAA0011D97FDB4736A
- F:\Pencuri Login.com
– CRC32: D326F9CD
– MD5: D49AA4CD73DB53BC5DD7C9C2C54A3C0C
– SHA-1: 9A7EA636292B5D17791877FAA0011D97FDB4736A
- F:\rad0D238.exe
– CRC32: D326F9CD
– MD5: D49AA4CD73DB53BC5DD7C9C2C54A3C0C
– SHA-1: 9A7EA636292B5D17791877FAA0011D97FDB4736A
- F:\rundll32.exe shell32.dll,shellexec_rundll rad0d238.exe
*String Ditemukan :
- The   Next   Level  (Ver 5.6)
*Analisa Registry :
Tak ditemukan registri yg dirusak
*Analyzed by:
Muamar Kudo – [Kudosoft Founder] [MorphostLab Independent Team]
Blog: http://www.kudosoft.co.nr http://www.morphostlab.co.nr
Email, FB : muamar.kudo@gmail.com
19:21 Rabu, Februari 03, 2010

Label:

0 Komentar:

Posting Komentar

Ketikkan saran dan komentar anda. Walaupun singkat tetapi saran dan komentar yang anda berikan sangat berarti buat blog ini. Silahkan beri Komentar anda dengan mengisi boxs dibawah ini. Jika tidak mempunyai Akun, pilih ANONIM/ANONYMOUS. Terima Kasih Banyak Telah Mengunjungi Blog ini.

Berlangganan Posting Komentar [Atom]

<< Beranda